Once Prosecuted by Government,
Infamous Hacker Sought for Advice
10:01 a.m. ET (1501 GMT) March 2, 2000 By Ted Bridis
WASHINGTON � The government is seeking advice from the world's most infamous computer hacker, just weeks after his release from federal prison, about keeping its own electronic networks safe from intruders.
Mitnick is prohibited from using any computer or even a cellular telephone for the next three years
In a bizarre twist to the federal prosecution of Kevin Mitnick, a Senate panel Thursday asked him to explain ways hackers infiltrate sensitive computer systems, and to suggest solutions to lawmakers.
"I have gained unauthorized access to computer systems at some of the largest corporations on the planet and have successfully penetrated some of the most resilient computer systems ever developed," Mitnick said in prepared remarks.
Mitnick, 36, also boasted that over 20 years, he broke into all but one computer system he targeted � including a California college he victimized that eventually paid him as its consultant in an unusual arrangement he called "hire the hacker."
Mitnick, who is prohibited from using any computer or even a cellular telephone for the next three years, was released from prison Jan. 21 after almost five years. He became an underground cause celebre after leading the FBI on a three-year manhunt that ended when investigators traced his electronic signals to an apartment in 1995.
The Senate Governmental Affairs Committee is considering a wide-ranging bill to require agencies to create anti-hacker programs and seek approval from the Office of Management and Budget that such plans are adequate.
Mitnick called the legislation "a good first step" and offered a half-dozen suggestions � such as requiring agencies to assess what data is most valuable and training employees to recognize attacks under way.
Sen. Joe Lieberman, D-Conn., the bill's co-sponsor, said previously "it's only a matter of time" before an intruder into government computers commits serious damage.
Another expert, Jack L. Brock Jr. of the General Accounting Office, said nearly all government agencies "are plagued by poor computer security," and cited recent audits that 22 of the largest ones were "not adequately protecting critical federal operations and assets from computer-based attacks." The Environmental Protection Agency temporarily closed its Internet connection weeks ago after GAO found serious risks.
The interest from the Senate comes on the heels of sensational electronic attacks against some of the Internet's flagship Web sites. Those attacks didn't compromise the security of the companies, just overwhelmed their services for hours. James Adams, head of Infrastructure Defense Inc., called them "mere pinpricks on the body of e-commerce" and warned that worse � much worse � was possible. He urged Congress to create a new "Office of Business Assurance."
The hearing also comes amid a fledgling effort by the government to encourage private companies to collectively share information about computer attacks. Mitnick recently acknowledged that, "I would have never been found or arrested unless several � not only the federal government but several Internet service providers and telephone companies cooperated together to track my location."
But Mitnick also suggested that computer security must include more than updated software or firewalls to keep hackers out. He described in detail his successful efforts to break into AT&T Corp.'s worldwide network: He posed as an executive, he recounted, and called a receptionist, convincing her to fax to him an important password
http://www.foxnews.com/vtech/030200/hack.sml
-- Martin Thompson (mthom1927@aol.com), March 02, 2000