It’s been a long time since he was on the run from the long arm of the law. Now, Kevin Mitnick has found his way back into the media. This time it was because AT&T couldn’t secure there own systems. It turns out that Kevin’s cell phone information was breached and published to the web by parties unknown.
Rather than fix the problem, AT&T opted (potentially) to kick him off the service.
From Kevin’s Twitter feed:
That’s the message from executive management not a customer service representative. And after almost 10 years of customer loyalty.
Ridiculous move on the part of AT&T.
From CNET:
“AT&T wants me off their network because they can’t secure my account, and after being a loyal customer for almost a decade I find that reprehensible,” he told CNET News on Thursday. “It apparently is more cost effective to drop me than to secure their customer’s information.”
“My attorney is going to review my contract to see what, if any, restrictions are in my service agreement,” he said. “I may file a lawsuit for invasion of privacy for the failure to adequately protect my information.”
The irony is that he speculates that whoever is responsible for getting into his account used social engineering to do so.
Hmm, so what did ATT Wireless have to say to that?
ATT Wireless can’t seem to secure my account. My account information was obtained and posted online; ATT tells me their systems are secure
So, I guess someone read his book.
Is that his real SSN on the wanted poster?
@john
You know, very good question. I have no idea.
I think it’s ironic that the hacker has become the hacked. So now he should understand what it must have felt like when he hacked into someone’s database years ago. They say “what comes around goes around”. I just wonder how good it tastes. 🙂
It’s understandable AT&T may like to sever such a cutomer relationship rather than take the high road- however Kevin Mitnick would get even more media attention. Perhaps AT&T in their review could tighten up up the account management change authorization/management protocol to harden against social engineering reoccurances – it would seem there would already be some higher profile customers deserving simliar extra care. If pressed to comment, align this event with other simliar events where personalities are hacked (not using AT&T service) – and how important it is for both organizations and the individuals to help ensure protective measures remain effectively in place.
As Orlando says, he is more interested in getting the media attention. Kevin is basically one of the information security industry ‘charlatans’ living off of a false notoriety generated through media attention. Although not as bad as most charlatans, he doesn’t have anywhere near the technical skill set that even an entry level security professional has these days…..
Now for some ‘enlightenment’ from someone who was there in the mid 90s watching his antics on irc in #hack when his ego was about as big as the moon. He has no respect in any legitimate infosec community, whether it be from whitehat, blackhat or qualified security professionals.
You see the ‘good’ (as in skilled) professional ‘hackers’ (ugly term if there is anyone) don’t get caught only the inept or stupid (in the case of Kevin, an argument can be made that both apply) do. His ineptness is quite obvious from the commands he issued or failure to even attempt to cover his tracks during his little ‘spat’ with Shimomura. Good thing it is all documented on takedown.org so go look for yourself.
Furthermore, his consulting in the security space as a self proclaimed telephony expert is laughable as well. Case in point, when a Las Vegas escort service owner tried to sue Sprint over misrouting of calls, he made the fatal mistake of hiring Mitnick as an expert. The case was quickly dropped after Sprint had a number of ‘real telephony experts’ (who were well versed in the Nortel DMS family of switches) volunteering to provide testimony.
Anyhow, it is pretty sad to see companies get duped but these snake oil salesman, as it gives the real professionals a bad reputation.