Ghost in the Wires: My Adventures as the World's Most Wanted Hacker

by Kevin D. Mitnick

The guy ahead of me reaches the door, notices there’s someone behind him, takes a quick glance to make sure I’m wearing a company badge, and holds the door open for me. I nod a thanks. This technique is called “tailgating.”

A hacker tool called “fgdump” allows me to dump the hashed (meaning scrambled) passwords for every user.

“social engineering”—the casual or calculated manipulation of people to influence them to do things they would not ordinarily do.

Before you start social engineering for some particular goal, you do your reconnaissance. You piece together information about the company, including how that department or business unit operates, what its function is, what information the employees have access to, the standard procedure for making requests, whom they routinely get requests from, under what conditions they release the desired information, and the lingo and terminology used in the company.

The social-engineering techniques work simply because people are very trusting of anyone who establishes credibility, such as an authorized employee of the company.

Calling the Van Nuys LAPD station, I claimed to be from the DMV and said I was compiling a new database. “Is your Requester Code 36472?” “No, it’s 62883.” (That’s a trick I’ve discovered very often works. If you ask for a piece of sensitive information, people naturally grow immediately suspicious. If you pretend you already have the information and give them something that’s wrong, they’ll frequently correct you—rewarding you with the piece of information you were looking for.)

I really enjoyed programming in “assembler language,” more challenging because the programmer has to master many technical details, but yielding much more efficient code that uses a much smaller memory footprint. Coding in this lower-level language was fun. It felt like I had more control over my applications: I was coding much closer to the machine level than using a higher-level programming language such as COBOL.

My plan was based on a trick involving the phone’s electronic serial number, or “ESN.” As every phone hacker knows, each cell phone has a unique ESN, which gets transmitted along with the mobile phone number, or MIN, to the nearest cell tower. It’s part of how the cell phone company validates that a caller is a legitimate subscriber, and part of how it knows whom to charge calls to.

A phone’s “firmware” is its operating system, embedded on a special kind of computer chip called an EPROM.

Chatting is the kind of extra little friendly touch that leaves people with a good feeling and makes after-the-fact suspicions that much less likely.

When you know the lingo and terminology, it establishes credibility—you’re legit, a coworker slogging in the trenches just like your targets, and they almost never question your authority.

Robert T. Morris, a computer prodigy, had found a clever security flaw that could be exploited using a technique called “IP spoofing” to bypass authentication that relied on the remote user’s IP address. Ten years after Morris published his paper, a group of hackers, including JSZ in Israel, had created a tool for it. Since it was only theoretical up to that time, nobody had thought to protect against it.