Kevin Mitnic the "Darkside Hacker"?

[3mrgnc3]

I don't know about other people here, but back when I was starting out getting interested in security, Kevin Mitnik's books inspired me to believe in 'hacking' as a noble cause.

He compellingly made the case for following our curiosity towards the side of openness and fairness.

Ultimately we could use our passion for looking where the masses dare not, and make the future safer than yesterday.

....

But now I see my hacking hero of yesterday just wants to get paid today at the expense of tomorrow.

https://www.mitnicksecurity.com/shopping/absolute-zero-day-exploit-exchange

I guess the journo's nailed it a long time ago when they labeled him with the "Darkside Hacker" moniker.

I guess he just couldn't resist the emperor any longer.

[3mrgnc3]

Aww man... before anyone says it. Yes I now see I missed the 'k' off the end of his name it the title of the thread.

[cooper]

To be honest, Mitnick wasn't a personal hero of mine. Back in the day when I read about him I always got the impression of a child throwing a tantrum. These days he's running a security firm and guess what? They need to make money. Much like everybody else that wants to eek out a living.

The Hak5 crew gets paid for making this show (although I have no idea if they even manage to break even - I'm sure the shop isn't just there to provide an additional service to the viewer). Did they sell out? I don't think so. Back to Mitnick. He needs to eat too, and so he milks his hacker reputation for all its worth by starting his own security company and providing paid services. Fast forward to round about now and he starts what effectively amounts to 'eBay for 0-day', where he/his company takes a cut of every transaction... just like eBay. The fun for him I'm sure lies in the fact that this 0-day gets to be 'verified' by him/his company. That means that aside from the seller and the potential buyer who pays top dollar for 'exclusive' use of an exploit, Mitnick & co now ALSO have that exploit. And they got paid for the privillege. You could argue based on that that not much has changed for Kevin, except for him now socially engineering security researchers specifically.

You already had seedy online forums where EEEEVIL hackers sell (0-day and other) exploits to the highest bidder. This simply cleans things up a bit and supposedly verifies the validity of an exploit before bothing the buyer, providing him/her/it the 'no cure no pay' assurance. That apparently provides sufficient service to any buyer that he/she/it is willing to pay for it. It's capitalism at its best - his fellow Americans would be proud of him.

Edited October 4, 2014 by Cooper

[Swamppifi]

Well I see it as a positive, making the latest exploit available, not to just anybody, but trusted security and businesses that need to keep one step ahead of the hacking undergound that is out to do harm.

And if he is setting up as a business to do that, then it is only fair that he gets paid.

If you had been following his past, then you would understand that he has been in a lot of trouble with his exploits breaking the law in the past, so if he is doing a legal security service to benifit the industy, then good.

you either keep it legal and in the light, or illegal and in the dark, you can't do both..

[3mrgnc3]

Thanks for each of your responses. It gave me pause for thought.

You both have made very good points and I may have jumped to conclusions on this one.

Damn! I hate realising I'm doing that.

Cheers,

[Mr-Protocol]

I should have asked him about it all at DerbyCon. But I didn't want to interrupt his dinner on Sunday :P. He was just chillin in the hotel bar/restaurant.

[3mrgnc3]

I should have asked him about it all at DerbyCon. But I didn't want to interrupt his dinner on Sunday :P. He was just chillin in the hotel bar/restaurant.

?

[ZaraByte]

I'm late on this post but Kevin Mitnick claims to be a security expert his website has been r00ted more times then any of my websites i'll give you that im not anything as popular as he is but its a laugh in his face to claim to be an expert and you can't even keep your own server from getting hacked or fix basic xss holes in your site.

[liv3vil]

speaking of Kevin Mitnick, has anybody read "the art of deception: Controlling the Human Element of Security" by him and William L. Simon.? i was looking into social engineering books and happened to come a cross this book, i recognized the name, didnt know he wrote a book though, anyway just wanted to know if it was worth the $14.50 cdn for it or not

[THCMinister]

Good read, also check out Art of Intrusion and Ghost In The Wires by him.

[liv3vil]

Good read, also check out Art of Intrusion and Ghost In The Wires by him.

thanks, i will give them a look.

[Computer_Security]

speaking of Kevin Mitnick, has anybody read "the art of deception: Controlling the Human Element of Security" by him and William L. Simon.? i was looking into social engineering books and happened to come a cross this book, i recognized the name, didnt know he wrote a book though, anyway just wanted to know if it was worth the $14.50 cdn for it or not

Good read, also check out Art of Intrusion and Ghost In The Wires by him.

I am in the middle of ghost in the wires and I have to tell you so far it is a interesting book that really changes your view towards Kevin and it enlightens you to what his motives were!

[liv3vil]

I am in the middle of ghost in the wires and I have to tell you so far it is a interesting book that really changes your view towards Kevin and it enlightens you to what his motives were!

currently i have no views of him. all ive seen are what people have said, both positive and negative. i have yet to decide what my views on him are, i asked if the book was good, so far i have had mixed reviews but most lean towards a good read. i will definitely give it a read and form my own opinion on him though. thank you for your opinion as well.