The Fugitive Game: Online With Kevin Mitnick (36 page)

"It sounds like quite a coincidence." Markoff writes a story say-
ing Shimomura is going to catch a mysterious, unnamed intruder,
and the next day, the U.S. Marshal issues a bulletin asking the pub-
lic's help in capturing Mitnick.

"I wonder if I'm a suspect. I hope not," Mitnick stammers. "I
wouldn't do ... that, you know. I'm not that technically minded,
you know. I hope they don't think it's me. I just think it's quite
funny."

"It doesn't mention any agents involved in the case," I comment,
referring back to Markoff's profile of Shimomura. "It says here
there's no monetary loss."

"Oh, I guess they'll have some trillions of dollars of monetary loss,
because they ruined his [Shimomura's] ski vacation," Mitnick says,
chuckling, as he launches into one of his familiar antigovernment
rants. "So now the government has to account for this guy's ski vaca-
tion that was lost so they're gonna have to finance a new ski vacation."

I can hear wind blowing in the background, or is it the waves?

"They might as well send him to fuckin' Calgary because that's
where the best skiing is.. .."

Has Mitnick been in Canada?

■ ■ a

I return to Markoff's profile of Shimomura. "They mention other
known victims. Loyola University of Chicago, the University of
Rochester, and Drexel University."

"Rochester was involved in the Shimomura attack," Mitnick ex-
plains as if it were obvious. "That's apparently where attacks origi-
nated, or files were transferred to . . ." Mitnick continues, giving
more detailed information than the article. "And another system
called
toad.com
was run by one of the founders of Sun."

Mitnick seems to know more about the attack than the
New York
Times.

"So what are they talking about when they're talking about
Loyola?"

"I don't know," Mitnick says. "I guess they were attacked using
the TCP/IP packet sequence prediction as well."

"What about Drexel?"

"Yeah, same thing, Drexel, I believe. You know, the only ones I'd
heard about was Rochester and Shimomura. I haven't heard about
Loyola or Drexel —"

Mitnick's voice fades out suddenly. Is he telling the truth or pre-
tending that he didn't do it, that he just knows of Rochester, the site
revealed in Markoff's original article? Or is he revealing a more tan-
talizing possibility? That there may have been other people involved
in the attack on Shimomura.

■
■
■

"Mr. Jon," Kevin Mitnick welcomes me hours later and we chat
briefly about the Super Bowl. He enjoyed the commercials, partic-
ularly the one with the computerized frogs croaking "Bud-weis-er"
in sequence.

I can hear the first rumblings of a Mitnick belly laugh. "I was
thinking of getting in the P link [one of AT&T's satellite phone
links] and sending, "Hi, Shimomura, die with honor [broadcasting it
worldwide to hundreds of millions of Super Bowl viewers]."

Then, suddenly, Mitnick is pissed. "I read that shit [Markoff's
Times
profile of Shimomura]. He said now he considers it a matter of
honor.... Remember I told you that Markoff has an [e-mail] account
on Shimomura's system? He thinks all his mail is unreadable?"

Weeks ago, Mitnick mentioned Markoff corresponded by e-mail
with Shimomura through a secret account on one of the security ex-
pert's San Diego computers. Why would a
New York Times
reporter
have an account on an NSA hacker's computer? Why would Markoff
want to keep his account on Shimomura's computer a secret? And
wouldn't that mean that Shimomura could read Markoff's e-mail?

"So in other words, it wasn't just this guy's [Shimomura's] stuff
[that was stolen], it was Markoff's stuff?"

"Markoff — well I guess anybody that had an account on Shi-
momura's computer."

"Other people too?" I fish.

"I don't know. I didn't do it," Mitnick answers.

"Did you hear about what your friend did?"

"No."

"He was on [alt.] 2600 [the Usenet newsgroup started by 2600

magazine] and after this happened to Shimomura, he sent a little
message to 2600. He said what a fool Shimomura was, and that
Shimomura sounded like one of these guys who learned security by
listening to 2600 and that if he was such a great security man, why
was it so easy for him to lose everything?"

"Shimomura is not the
idiot!"
Mitnick shrieks. "He's very
smart."

Mitnick's tone shocks me. It's almost as if the hacker is defending
Shimomura's honor.

"But Lewis likes antagonizing everybody," I say. "You know that."

"Maybe he can't get any feedback from Shimomura himself,"
Mitnick sighs. "That's probably it. Well, fine. Maybe Shimomura
will think it's him."

■ ■ ■

It was strange to be the first to read Mitnick the
New York Times profile of Shimomura, especially when it was such an obvious attempt
to provoke the intruder and craft a public persona for Shimomura, a
virtual unknown until last week. But it's easy to see why Shimomura
suddenly merits star treatment in the
New York Times.
He's chal-
lenged Darth Vadar. He's vowed revenge against the very unnamed
intruder who has embarrassed him on his home turf.

I wonder too about the coincidence Mitnick mentioned. Markoff
first wrote of the attack on Shimomura on January 23. Then the U.S.
Marshals issued a release calling for the public's help in capturing
Kevin Mitnick, without ever mentioning Markoff's article. But Mit-
nick's question makes me think of something missing in yesterday's
Shimomura profile. Why didn't Markoff's lengthy article at least
speculate on the identity of Shimomura's attacker?

Why didn't the reporter mention Kevin Mitnick? He's been bold
enough to make accusations without naming government sources
before. Last summer he didn't hesitate to accuse Mitnick of crimes.

Is it all a question of timing?

Maybe it's because Markoff isn't ready to uncover the mystery his
touted samurai has pledged he'll solve. Maybe it's because the re-
porter doesn't want to alert his journalistic competition to the plot's
final twist.

February 1-2,1995

"Stop! Cyberthief!"

technology: don't be alarmed, but the law can't cope
with computer crime.

The
Newsweek
headline blares above a photo illustration of a gun-
toting burglar hoisting a bag of loot over his shoulder with what
looks like a wall of microchips in the background. It's the usual
overblown warning about the dangers of cybercrime, but the last
paragraph has an interesting revelation,

... Last week brought word that high-tech crooks have developed a
new way of "spoofing" their way into even well defended com-
puters. . .. The target was Tsutomu Shimomura. ... At least one
thief succeeded in stealing a number of sophisticated programs,
some potentially useful in unscrambling cellular-telephone codes.
Shimomura fears they could be used to break into yet more
computers — not for fun, as most hackers do, but for financial
gain-----

The cellular phone reference surprises me. Markoff never mentioned
cellular phones in his recent Shimomura article. It's the first clue that
Mitnick might be involved, since Markoff's front-page article last

summer broadcast Mitnick's obsession with cellular phones. But
there's a more important question. What are programs "useful in
unscrambling cellular telephone codes" doing on Shimomura's com-
puter?

I flip the page to "The Greatest Hits of Hacking," photos of six of
the most famous hackers of all time, Mitnick, Poulsen, Morris, and
others.

But that's just part of
Newsweek's
hacker coverage for the week.
On the facing page is an article by Steven Levy, the author of
Hackers.
It's the photo that catches my eye, an inspired, superim-
posed cybermontage, a giant close-up of Shimomura's intense face
glowing with magenta and fluorescent green light. Above his flowing
black locks floats a miniature ghost of the warrior in Buddha pose,
hands poised on the keyboard, and at his side, what looks like the
sword of a samurai.

Levy shares the opinion of his friends, Markoff and Shimomura.
In his column he writes,

.. . Shimomura doesn't resemble your typical cybercop. With his
shoulder-length hair, wraparound sunglasses and rollerblades, he's
as creative in building and maintaining security as dark-side
hackers are in breaking it. Cracking Shimomura's machine is like
murdering Columbo's wife, a crime fueled more by chutzpah than
cold profit....

* ■ ■

It's a little after 8:30 a.m., Wednesday, February 1. Things are hap-
pening fast. Yesterday the
Los Angeles Times Magazine
asked me to
write a cover story on Shimomura. Today, I'm talking with the As-
sistant U.S. Attorney in San Francisco heading up the Poulsen case,
trying to get a sense of whether the government is going to try the
hacker on espionage. My call waiting beeps.

"Rob, I'm sorry," I say. "Can you hold on for a minute?"

"No problem, Jon."

"Hey," Mitnick greets me.

"Hey, can you hold on a second? I just need to get rid of this other
call."

"Sure."

"Hey, Rob, I'm sorry. Can I give you a call back?"

What an amusing way to start the day, putting a federal prosecu-
tor on hold to talk to the world's most wanted computer hacker.

"Well, did you see that article in
Newsweek}"
I ask Mitnick, having
dropped the prosecutor off the line. "The reporter brought up cellular
stuff in Shimomura's stuff. Who told him [the reporter] that?"

"I dunno."

"Shimomura is not supposed to be involved in cellular." I'm talk-
ing about illicit cellular activity.

"I told you what he was doing. He was working with Mark
Lottor."

"Why is a guy who is supposed to be a security expert —"

"Because he was doing it himself!" Mitnick shouts. "He was
planning his own fun. Of course he'll lie. I don't know if he might
have another purpose."

"They point out this [IP spoofing] was first discovered by Robert
Morris. Did you know that? In 1985?"

"Well, the guy that actually discovered TCP/IP packet
prediction — You might wanna call Steve Bellovin at AT&T."

"He's the one who wrote the 1989 paper?"

"Yeah. From his research and his paper, there might be references
to where he researched that information."

Kevin Mitnick sounds like a professsor. What other criminal
would be providing the historical precedents for a crime in which he's
the prime suspect?

"Shimomura claims he could fix it," I say.

"They don't even have the theory right. I mean Shimomura himself
couldn't code the program to do it with what he knows now."

So Kevin Mitnick knows precisely how the spoof is coded, and that
Tsutomu Shimomura remains in the dark?

"There's some intricacies he doesn't know. He knows the theory,
but to actually put the thing into practice — to code the code that
does the work — there's changes that have to be accounted for."

"To do it or to protect against it?"

"To actually do the attack. He doesn't have it down perfectly
correct."

How could Mitnick know this level of detail? How could he know
what Shimomura knows and doesn't know?

"And if he doesn't have the code down he can't protect against it?"
I ask.

"No, he could protect against it, but if he wanted to code the attack
himself ... Apparently he's pissed off about something that was
taken that allows some type of spoofing attacks, too. Now there is
some other mail which someone told me about, and one thing he
didn't want to get out."

Mitnick is hinting that Shimomura had his own spoof attack
software. And that maybe Shimomura let something dangerous get
out.

■ ■ ■

"But I still don't understand why Shimomura didn't try to protect
himself a month ago or a year ago."

"Because he probably didn't think someone would launch that
type of attack. He underestimated his opposition. It's like the White
House isn't going to protect against a nuclear warhead coming down
on top of it because they don't expect that to happen. It's the unex-
pected, and the unexpected works sometimes pretty well. He knew
that the attack was possible. The theory was out there for a while.
Nobody else went to the trouble of coding it because it was tedious
and it was theory."

"How many man-hours could it possibly take to do this?"

"I dunno. Maybe two weeks."

Markoff claimed last summer in his front page
Times
article that
Mitnick was an average programmer. But if Mitnick didn't write the
program, who did?