Ghost in the Wires_ My Adventures as the World's Most Wanted Hacker - Kevin Mitnick [2]
Almost finished, as a last step I go into the registry of his computer and set “last logged-in user” to the engineer’s username so there won’t be any evidence of my entry into the local administrator account. In the morning, the engineer may notice that he’s logged out. No problem: as soon as he logs back in, everything will look just as it should.
I’m ready to leave. By now my buddy has replaced the overhead tiles. On the way out, I reset the lock.
The next morning, the engineer turns on his computer at about 8:30 a.m., and it establishes a connection to my laptop. Because the Trojan is running under his account, I have full domain administrator privileges, and it takes me only a few seconds to identify the domain controller that contains all the account passwords for the entire company. A hacker tool called “fgdump” allows me to dump the hashed (meaning scrambled) passwords for every user.
Within a few hours, I have run the list of hashes through “rainbow tables”—a huge database of precomputed password hashes—recovering the passwords of most of the company’s employees. I eventually find one of the back-end computer servers that process customer transactions but discover the credit card numbers are encrypted. Not a problem: I find the key used to encrypt the card numbers is conveniently hidden in a stored procedure within the database on a computer known as the “SQL server,” accessible to any database administrator.
Millions and millions of credit card numbers. I can make purchases all day long using a different credit card each time, and never run out of numbers.
But I made no purchases. This true story is not a new replay of the hacking that landed me in a lot of hot water. Instead it was something I was hired to do.
It’s what we call a “pen test,” short for “penetration test,” and it’s a large part of what my life consists of these days. I have hacked into some of the largest companies on the planet and penetrated the most resilient computer systems ever developed—hired by the companies themselves, to help them close the gaps and improve their security so they don’t become the next hacking victim. I’m largely self-taught and have spent years studying methods, tactics, and strategies used to circumvent computer security, and to learn more about how computer systems and telecommunication systems work.
My passion for technology and fascination with it have taken me down a bumpy road. My hacking escapades ended up costing me over five years of my life in prison and causing my loved ones tremendous heartache.
Here is my story, every detail as accurate as I can make it from memory, personal notes, public court records, documents obtained through the Freedom of Information Act, FBI wiretap and body-wire recordings, many hours of interviews, and discussions with two government informants.
This is the story of how I became the world’s most wanted computer hacker.
PART ONE
The Making of a Hacker
Rough Start
Yjcv ku vjg pcog qh vjg uauvgo wugf da jco qrgtcvqtu
vq ocmg htgg rjqpg ecnnu?
My instinct for finding a way around barriers and safeguards began very early. At about age one and a half, I found a way to climb out of my crib, crawl to the child gate at the door, and figure out how to open it. For my mom, it was the first wake-up call for all that was to follow.
I grew up as an only child. After my dad left when I was three, my mother, Shelly, and I lived in nice, medium-priced apartments in safe areas of the San Fernando Valley, just over the hill from the city of Los Angeles. My mom supported us with waitressing jobs in one or another of the many delis strung out along Ventura Boulevard, which runs east–west for the length of the valley. My father lived out of state and, though he cared about me, was for the most part only occasionally involved