Like Mitnick trolled the FBI. Articles on Habr from the camp for schoolchildren

“Mitnik, can you handle phones?” Asked the warden.
“Not really,” I replied, “but I can insert the plug into the outlet. You do not worry, I quickly learn. "
For two days I installed and repaired prison telephones. K.Mitnik "Ghost in the network"

A couple of days ago, I had the idea to instill in schoolchildren a taste for the beautiful and introduce them to reading writing articles on Habré.
It is happening right now, I sit in a camp in the class of robotics (the camp is unusual, and with blackjack and courses on Olympiad programming, application development and robotics) and write these lines.
Discussing the topics of information security, hacking Wi-Fi networks, 3d printers, Arduino, brute force and asymmetric encryption, it turned out that many (schoolchildren, schoolgirls, counselors and teachers) actively read Habr and use it as a reference tool for their projects.
I came up with the idea of ​​co-writing an article when, when discussing the most cool articles lately, the guys referred to an article where “one acquaintance entered the Mitnick conference” . I had to admit that it was about my friend and, in the development of the topic of ethical hacking, I suggested that young people try their hand at writing interesting posts.



The only time that all the camp participants could be found was lunch (they knew a lot at Hogwarts when making speeches), and I announced the recruitment of volunteers. A few guys responded. On the same day on the camp bulletin board for the maintenance of interest I hung ads.
')
Goals:
- incitement of interest to Habr, information security, social engineering;
- show how what was previously considered unreal becomes real (the nearest growth zone);
- inspire young authors to write articles on Habré;
- to inspire / engage Habr's veterans to help beginning authors (Jedi-Padawans).

For a smooth start, I decided to start with translations, then do some interviews with experts in the field (counselors / teachers), and then (already outside the camp) help the authors create self-contained content.

Work plan:
the first stage is the joint writing of an article on Habr, the translation of an article from “Time” and the Mitnick video “How to Troll the FBI” , as well as adding interesting moments from the book about the relationship between Mitnick and the FBI
the second stage - each describes one event for the second part of the article "The history of hacker information system hacks" (the first part is the History of hacker information system hacks (1903-1971) )
the third stage is the independent writing of my article under my supervision (approximate topics: " Google Code Jam . Interview with the finalist - Roman Udovichenko (10th place)", "The future of robotics. Interview with TRIK experts", "Forge of Belarusian programmers" and so on .d.)
UPD 08.28.2014 the first "Sauron" appeared.

The results of the first stage under the cut.

1. How to troll the FBI

When the government pursued me, I wanted to understand how close the FBI was to me, and for me it was a kind of game. Unfortunately, the consequences were real, but I liked being in difficult situations and then finding a way out of them. I do not know why I liked to do it, but I continued to do it. I hacked a cellular provider in Los Angeles serving FBI cell phone agents who were chasing me. In short, I could track the location of the feds and monitor all incoming and outgoing calls on their phones.

On the basis of the location data I had and the analysis of (telephone) traffic, I tracked the movements of the feds. If they came close to me, I could find out about it. From the time when I happened to be in the role of a private detective, I had an early warning system installed, and on the way to work I received a signal from her that the FBI agents were in my apartment. It was obvious that they did not come to arrest me. The only logical explanation is to conduct a search for which they have not yet had a warrant.

During the official search, agents would be required to make an inventory of the premises, so I cleared my apartment in advance of everything that might interest them, then I wrote “Donuts for the FBI” and on a large box of sweets from Winchell's Donuts (“Winchell's Donuts”). put in the fridge. So they could only find out what I have for them delicious donuts.

They searched my apartment the next day, but found nothing. I don’t know if they even looked into the fridge, but they don’t touch donuts. I do not know why.

2. Ten Questions for Kevin Mitnik (New York Times)

Could you hack into the New York Times website and change the rating of your new book Ghost Online?
Maybe. Large companies pay me good money for searching for vulnerabilities in their system. I do not know if I can open the New York Times network, but, in principle, this does not seem to be something impossible.

Your hacking career began with fake bus tickets. Do you think that if you were caught then your fate would change a lot?
I think it all started back in school. Once, in an informatics class, we were given a puzzle where it was necessary to display the first 100 Fibonacci numbers on a computer screen. Instead, I wrote a program that stole student passwords. My teacher gave me a five.

What made you a good hacker? Tell us more about social engineering techniques, which of them do you use?
Social engineering is the manipulation of people, the influence on them, in order to convince them to do something. For example, click on the link in the email. Most of the computer hacks that we know about use the targeted / targeted phishing technique (spear fishing), which allows them to seize key personal computers. To protect against it is not easy.

How have social networks changed the hacking process?
They substantially simplified it. I can go to LinkedIN, search for system administrators and voila: I have a whole list of phishing goals, because, as a rule, they have all the rights in the enterprise network. Then I go to Twitter or Facebook, I ask them to do a few manipulations and that's it, I have full access. If you like Angry Birds, then maybe I will send you information about the new version of the game. Once you download it and I will have all access to your device.

How do yellow press reporters crack celebrity phones?
I think this is not hacking. Many mobile operators set 1111 or 1234 as the default PIN for voice mail. Agree, you do not need to be a hacker to pick up such a PIN.

What then is the “perfect” PIN?
An ideal PIN is certainly not four characters long and should not be related to your past, for example, it should not be an old phone number. This is something that only you and no one else should know.

What do you think of Julian Assandje and WikiLeaks?
I think most of the responsibility lies with Bradley Manning. This is a soldier who could really declassify information from SIPRNet. There were serious leaks in the US government, this is the little that I know.

What was your most amazing hacking?
I think when I monitored Pac Bell Cellular traffic to listen to the FBI agents who were hunting me at the time. I stood on the edge of a knife, but always kept half a step ahead of the government.

You used Money.com's ranking of the most conducive cities to hide. Did the FBI monitor this list?
Not. I just used this list to randomize my choice. If I made the choice on my own, someone could figure it out.

You got 5 years. What is the attitude of hackers in prison?
Very bad. A Colombian drug dealer offered me 5 million for breaking into the Prison Agency network to arrange his early release, to which I replied to him: "Let's discuss."

3. Mitnick and the FBI (based on materials from the book "Ghost in the network")

Mitnick annoyed the FBI so much that he was soldered to 460 years in prison and fined $ 300 million. What else besides donuts did Mitnick do against the FBI?
Below are a few lifehacks and examples of social engineering from Kevin Mitnick.

In the course of his own investigation of who his “new friend” Eric Heinz is, Mitnick came across Mike Martinez's profile. How to find out who this person is?
The security services themselves poured all personal data about themselves.
Kevin Mitnick built an early warning system that made an alarm signal if there were feds around.
From time to time, Mitnick listened to the telephone company’s security manager’s conversations, and one day he heard a mention of his name.
When Kevin was asked to “speed up” the release on bail of a friend, Kevin readily agreed: “No problem. Let me know when you pay. One has only to pay a deposit, and I will pull him out in 15 minutes. ”
Mitnick and Lewis used a scanner to track the activity of the FBI negotiations in their immediate vicinity.
To detect activity on the air is half the battle, how to find out the content of the negotiations? Mitnick elegantly solves this problem.
Even during the search and arrest, Mitnick didn’t cease to troll the security services officers:


My intervention and editing was minimal, I would like beginning authors to get feedback not only from me, but also from the media community.

Text translation - securityqq (Sasha), ottenok_leshi (Lesha), Raccooner (Dima), DDragones (Oleg)
Finding information in the book Mitnick "Ghost in the network" - ottenok_leshi (Lesha), Bio_Wolf (Pasha)
Record holder for finding errors in the text - Trephs (Lesha)
Development of a 3d model of business card master keys , printing on a 3d printer, loading a model on thingiverse.com - DDragones (Oleg)


http://www.thingiverse.com/thing:434534







Why Mitnick, not Schneier (Poulsen, Lamo, Koch, Tenenbaum, Assange, Schwartz)?
I was guided by the following considerations when choosing Mitnick as an example for research.

First: Mitnick has aura of adventures and romance (secrets, penetrations, multiple moves, harassment, searches, daring behavior with the FBI and security guards). He was both a hacker and a hacker catcher.

Second: He did not harm (did not use stolen credit cards, did not publish the sources of the programs received, etc.). His story with happy ending - going to a socially acceptable position. (Plus Mitnick is out of politics, unlike Assange and Schwartz).

Third: The range of topics covered in the book about Mitnick and other publications is very wide: telephony (wired and cellular), computers, programs and his fad - social engineering. This allows us to talk about information security on numerous real-life examples, constantly maintaining the attention and interest of the young audience (this is a small stone in the garden of lecturer Natalia).

Fourth: There are three books and one film in Russian for further study and inspiration to improve their skills. Schneier is good, but academic and he has no “adventure component”. Poulsen has several books that seem to be excellent, but, alas, there are no translations into Russian (can he organize a translation?).

Fifth: Mitnick - a cool guy and a pleasant companion. He willingly responded to the invitation to talk with Hackspace members (I hope that in his next visit we can organize a meeting with schoolchildren / students).

I invite the community to give feedback to novice authors and participate in the discussion of the educational process of information security (how to inspire young people to study the subject area, how to organize a boring process, what examples to teach, what books to read, how to explain Torrent , Tor and Bitcoin, etc.).