Research Paper

Kevin Mitnick: Malevolent Creativity in Hacking

Moureen Abd El Shahid

900-08-0774

Research Writing 201: Section 27

Fall ’09 Semester

Professor Doris Jones

Abd El Shahid 1

Abstract

This research paper examines the actions of the most infamous computer hacker in the late

20thcentury, Kevin Mitnick, to prove to his supporters that he deserved the five year prison

sentence he received. Some people argue that Mitnick’s punishment was too harsh, on the other

hand this research paper proves that he did violate several federal laws and made hacking tools

available online and easily accessed by everyone. That is why we need a law that should prevent

the distribution of tools used to hack systems. The paper also analyzes Mitnick’s actions and the

amount of damage they caused to huge companies to strengthen the argument against those who

contend that Mitnick done nothing wrong. Finally the paper claims that computer crime is

becoming a threat to everyone not only to companies. Therefore it is important to raise the public

awareness of the negative consequences that hacking could lead to and that is why Mitnick’s

punishment was necessary.

Abd El Shahid 2

Outline

Thesis Statement: While some claim that Mitnick’s punishment for committing computer

or cyber-related crimes were deemed too harsh, he did violate several federal laws prohibiting

the invasion of private computer databases, which further warrants the need to outlaw and deter

the distribution of tools used to hack these systems.

Introduction

Background

A. The life of Mitnick.

B. The damage he caused to huge corporations.

C. Thesis statement.

Psychology of the hacker

A. Hackers justifying their actions.

B. Invasion of Privacy.

C. Fallacious arguments provided by hackers.

Hacking as an unethical behavior

A. Hacking is an unethical activity.

B. Malevolent hacking inspires further malevolent actions.

C. Creative hackers are the ones responsible for making hacking programs

available and easily accessed by everyone.

D. Survey on teenagers.

According to The California Penal Code Mitnick is found guilty

Abd El Shahid 3

A. Copying software and using it is considered a theft.

B. Mitnick caused huge corporations and institutions great damage.

C. The unconvincing claim of some authors that Mitnick’s actions were

unharmful.

Hacking is becoming a threat to everyone

A. Raise public awareness.

B. Teenagers hacking school servers.

Conclusion

Malevolent Creativity

Introduction

Nowadays systems of large corporations are increasingly getting attacked by professional

hackers. In a survey made by the FBI in the States they found that 87 percent from over a total of

2000 companies reported that their systems had been attacked. From those 87 percent, 20 percent

stated that their systems had been attacked 20 or more times. The damage caused by these

attacks costs each company an average of 24,000 dollars. That is why the activity of ethical

hacking has become so important to most companies. Ethical hackers are computer and network

experts hired by companies to attack their systems to find vulnerabilities that malevolent hackers

could take advantage of. Researchers found that companies with an ethical hacking budget

reduce their chance of being hacked by nearly one-third. “Identifying vulnerabilities in networks,

applications and systems before they can be exploited is a critical step in preventing exposure of

sensitive data, which can severely damage a corporation’s reputation” (Blum). Ethical hacking

helps in protecting systems against theft of intellectual property and improving the overall

Abd El Shahid 4

security but the problem is that some companies could not afford to have an ethical hacking

budget. How would these companies be able to protect their systems from this unethical activity?

That is why Kevin Mitnick, the most infamous computer hacker in the late 20th century, deserved

the excessive punishment he received. Mitnick served a five year prison sentence for committing

various illegal actions like gaining access to various computer networks, used cloned cellular

phones to hide his position and copying softwares. Professional hackers like Mitnick are the ones

that made the activity of ethical hacking necessary for every corporation to protect their systems

against hacking attacks.

Background

Mitnick developed from a child who loved to perform magic tricks and to gain secret

knowledge as much as he can to a dangerous computer hacker who illegally accessed numerous

computer networks, copied software, stole passwords and read private e-mails. He broke into

computer systems of huge corporations such as NEC, Motorola, Nokia, and Sun Microsystems.

He made these companies pay three hundred million US dollars to repair the damage caused by

his attacks. He was the reason that forced these companies later to hire ethical hackers to protect

their systems. Mitnick’s case raised public awareness of the security of computer systems. His

punishment was not excessive as his supporters argue; his punishment will make various hackers

think a lot before invading a private system. “Our vigorous prosecution of Kevin Mitnick sends a

message to anyone else who believes that the new technological frontier can be abused for

criminal purposes” (Mayorkas). While some claim that Mitnick’s punishment for committing

computer or cyber-related crimes were deemed too harsh, he did violate several federal laws

prohibiting the invasion of private computer databases, which further warrants the need to outlaw

and deter the distribution of tools used to hack these systems.

Abd El Shahid 5

The psychology of the hackers is what makes them believe that there is nothing wrong

with hacking. Freeman explained the psychology of the hacker and how a hacker justifies his

malevolent actions by saying that he always uses his talents to break into a system with no

harmful intention. “He justifies his actions by claiming that anything a computer operator can do

should be permitted legally, with no regard for the privacy, property, and other interests of the

owner of a system” (Freeman 4). Freeman believes that these arguments that are provided by

most hackers are false and only stated to defend themselves. Mitnick argued that he does not

consider himself a thief as he did not deprive the companies he hacked from their software he

just copied it without damage. “I've always looked at it as, what I did was wrong and I should

have been punished, but the punishment didn't fit the crime” (Mitnick). These arguments

provided by Mitnick are fallacious because copying software which is worth thousands of dollars

for free is in fact stealing it. Penenberg quoted one of Mitnick’s lawyers who said “If he never

redistributed the information, and never used it or profited from it in any way, how does the act

that he merely copied it deprive the owner of its full value?" He also stated that for such an

abstract kind of crime the punishment Mitnick received was severe. Also some of Mitnick’s

supporters argued that Mitnick’s actions were driven by his curiosity and love of knowledge.

These arguments are also fallacious because if Mitnick hacked into computer systems of large

corporations just because of his curiosity why did he copy their software? He did not just break

“the code of secrecy” of these computer networks; he made the value of these companies’

products worthless.

Because hacking has become so popular and hackers are increasing in size each day from

teenage hackers who hacks their friends’ instant messaging or social networking accounts to

professional hackers who hacks systems of large corporations, Mitnick’s punishment was

Abd El Shahid 6

necessary to reduce this unethical behavior. “Hacking is an unethical activity as it is breaking

into somebody else’s private environment even when it is done without the intention of damage”

(Freeman). Mitnick’s supporters argued that the charges made against him were not based on

actual losses but they did not take it account the tremendous amount of money corporations paid

to ethical hackers to stop malevolent hackers like Mitnick from taking advantage of their

systems. Even if Mitnick did not cause these corporations any damage, he invaded their privacy

which could negatively affect their reputation.

In addition to invasion of privacy, Leeson and Coyne argued that Mitnick was a bad

hacker whose notoriety made him a superstar in the community of hacking and inspired many

other hackers to imitate him and make him their role model. They stated that his malevolent

creativity inspired many people to the extent that his followers protested his trial and broke into

the New York Times web page and wrote a message for the readers to persuade everyone to

forgive Mitnick. They stated that creative hackers like Mitnick are the ones responsible for

making hacking programs available and easily accessed by everyone. Hacking tools have

become easily accessed on the internet by everyone and that is what makes hacking very popular

these days. In a survey made with 4,000 teenagers between the ages of 15 and 18 they found that

17 percent stated that they have advanced technical knowledge and can find hacking tools

available on the internet. Therefore based on the results of this survey the activity of hacking is

becoming very popular and there should be a severe punishment for that to prevent people from

getting into it.

Mitnick argued that he is not a thief while on the other hand according to the California

Penal Code he is certainly a thief. The California Penal Code states that “Every person who shall

feloniously steal, take, carry, lead, or drive away the personal property of another, or who shall

Abd El Shahid 7

fraudulently appropriate property which has been entrusted to him or her, or who shall

knowingly and designedly, by any false or fraudulent representation or pretense, defraud any

other person of money, labor or real or personal property, or who causes or procures others to

report falsely of his or her wealth or mercantile character and by thus imposing upon any person,

obtains credit and thereby fraudulently gets or obtains possession of money, or property or

obtains the labor or service of another, is guilty of theft.” Mitnick violated federal law not by

copying or damaging software but because he “broke the code of secrecy” which as stated by

corporations made the information worthless.

How could Mitnick’s supporters argue that his actions were not based on actual losses if

he caused huge damage to companies such as NEC, Motorola, Nokia, and Sun Microsystems

which cost them three hundred million US dollars. “Sun estimated its damages at $80 million,

the price it paid to acquire Solaris -- the Unix-based operating system -- from AT&T in 1994,

2600 reported. Nokia's damages included development costs as well as $7.5 million for testing

and "$120 million in lost revenue due to new developments being delayed in reaching the

market” (Thomas). This is a clear evidence that Mitnick’s actions caused actual losses to

companies.

Nowadays hacking is not only a threat to companies, it is becoming a threat to everyone.

Each day more and more teenagers discover hacking tools on the internet and they hack into their

friend’s Instant Messaging or social networking accounts. According to a survey by Panda

Security 67 percent of the teenagers claimed that they have hacked into the Instant Messaging or

social networking accounts of friends. This is a big problem because people are not realizing that

hacking is a serious crime that cannot be justified by curiosity. “The advanced knowledge that

many adolescents acquire through free tools and content available on the Web can often lead

Abd El Shahid 8

them to engage in illegal online activities," said Luis Corrons, technical director of Panda Labs,

the center of Panda Security's technical support services (Xinhuanet). This is another problem

because as teenagers get more and more involved with hacking they could be involved in illegal

activities without being aware. "We have found cases of teenagers using Trojans to spy on their

partners, hacking school servers to see exam papers or even stealing the identity of friends or

colleagues on social networks" (Xinhuanet). Last year Omar Khan, 18 years old, a senior at

Tesoro High School in Orange County, was accused of hacking into his school’s computers and

changing his grades. “Khan broke into the school on numerous occasions at night and on

weekends using a stolen master key. He then allegedly attempted to steal his teachers' login

credentials and passwords to change his C, D and F grades to As and Bs. Khan also allegedly

planted spyware on his teachers computers to access the school network remotely” (Hoffman).

Khan did not only change his grades but he changed the grades of 12 other students. Khan will

face 38 years in prison while another student named Tanvir Singh who helped Khan will face

three years if found guilty. The hacking tools available on the internet made it relatively easy for

teenagers to hack anything they want. As Leeson and Coyne argued creative hackers like

Mitnick are the ones responsible for making hacking programs available and easily accessed by

everyone. A teenager was really amazed at how fast and easy his friend hacked into his e-mail

and changed his password. “The power of hacking didn't really hit me until a few weeks ago. We

were in the school library working on the computers and one of my friends asked me for my e-

mail address so I gave it to him. By the end of the class period he had somehow logged in to my

e-mail and changed my password, though he did tell me what he changed it to and how to change

it back. The thing that really made me rethink the safety of the Internet wasn't the act itself, it

was how fast and easy it was for him to do it” (Jonathan).

Abd El Shahid 9

Hacking tools are becoming easily accessed by everyone these days and that is why the

punishment Mitnick received was severe to teach everyone that hacking is a serious crime that

they should avoid. It is important to raise the public awareness of the negative consequences that

hacking could lead to. “It is important to help them avoid participating in dubious activities

which are made all the easier thanks to the anonymity afforded by the web. Those who are drawn

into hacking out of curiosity, may well end up discovering the financial potential of this activity,

and becoming criminals themselves," said Corrons (Xinhuanet). Hacking tools nowadays are

indistinguishable from essential tools that are used for finding vulnerabilities in computer

systems. They are illegal when hackers misuse them to break into computer systems. That is why

there should be a law to criminalize hacking tools to discourage people to use them.

Abd El Shahid 10

Works Cited

Blum, Rick. “Ethical Hacking.” British Telecommunications. May 2009. Web. 3 Dec. 2009.

Freeman, Edward H. "The Legend and Legacy of Kevin Mitnick." Information Systems Security

10.2 (2001): 5. Academic Search Complete. EBSCO. Web. 19 Oct. 2009.

Gardner, Jason. “Computer Hacking and Unauthorized Access Laws.” National Conference of

State Legislatures. May 2009. Web. 6 Nov. 2009.

Hoffman, Stefanie. “Teen Faces 38 Years In Prison For Hacking School Computers.” The

Channel Wire. June 2008. Web. 3 Dec. 2009.

“Interview with Kevin Mitnick.” 2006. Online video clip. YouTube. Accessed on 19 Oct. 2009.

<http://www.youtube.com/watch?v=8_VYWefmy34>

Jonathan. “WhyHack?” News Hour. Web. 3 Dec. 2009.

Leeson, Peter, and Coyne, Christopher. The Economics of Computer Hacking. Cald, 2008. Web.

16 Oct. 2009.

Mayorkas, Alejandro. “Kevin Mitnick sentenced to nearly four years in prison; computer hacker

ordered to pay restitution to victim companies whose systems were compromised.” U.S.

Department of Justice. July 2000. Web. 8 Nov. 2009.

Millard, Elizabeth. “FBI: Most Companies Get Hacked.” NewsFactor. 20 Jan. 2006. Web. 3 Dec.

Abd El Shahid 11

2009.

Mitnick, Kevin, and Simon, William. The Art of Deception: controlling the human element of

security. Wiley, 2002. Web. 19 Oct. 2009.

Penenberg, Adam L. "The demonizing of a hacker." Forbes 163.8 (1999): 50-51. Academic

Search Complete. EBSCO. Web. 19 Oct. 2009.

Thomas, Douglas. Hacker Culture. University of Minnesota Press, 2002. Web. 19 Oct. 2009.

Thomas, Douglas. “How much damage did Mitnick do?” Wired. May. 1999. Web. 19 Oct. 2009.

Xinhuanet.“Survey: Internet hacking popular among teenagers.” 14 May 2009. Web. 3 Dec.

2009.