Kevin's parole officer liked him and knew that his superiors in an overworked system wouldn't bat an eye at his wrong interpretation of the law. So he played along, and his superiors didn't ask any questions. One less kid to keep up with (and a nonviolent one at that).
If on the other hand Kevin's parole officer had been a dick, he would have told Kevin he wasn't allowed to do this. And when Kevin did it anyway, he would have brought it to the attention of his supervisors who would use the right interpretation of the law to hold him accountable and keep the warrant out for some longer amount of time.
Since there isn't a series of human-based gates running inside Chromium, this has very little if anything to do with finding exploits in software.
Juvenile courts (in CA) only have exclusive jurisdiction over crimes committed while a defendant was under 18 (except for those enumerated crimes for which juvies can be tried as adults), and maintain that jurisdiction for all proceedings related to that crime until the defendant turns 21, at which point the juvenile court proceedings terminate by law.
Adult courts have jurisdiction over defendants for crimes committed as an adult (generally 18, though as young as 16 for specific crimes).
The arrest warrant was issued when Mitnick was 21 and on parole, or in other words, for a violation committed as an adult. While the arrest warrant was issued by the juvie court, it could have been issued by the adult court, as both courts would have had jurisdiction over the crime for which the arrest warranted was issued.
So the lawyer was right, because the statute of limitations for the adult court was tolled while Mitnick fled the jurisdiction. And the parole officer was also right, because the juvie court which issued the warrant would have lost jurisdiction over Mitnick once he turned 21.
Juvie court is way nicer than adult court. Mitnick "hacked" the system and only got away with it because prosecutors decided to focus their efforts on more serious crimes. But he could easily have ended up in prison for a few years.
If the description in the article is correct (I don’t know much about US law), it seems like a pretty solid argument and technicality. If the jurisdiction of the Youth Authority expires, there doesn’t seem to be much they can do.
The gamble is whether the regular prosecutor could charged him afterwards for something given what he did, and whether they would bother.
Ghost in the Wires is a great book. It's full of fabulous stories like this, all true.
Upon reading it years ago, I finally learned the explanation for why Netcom never billed me for years of continuous dial-up CSLIP service. Kevin had hacked Netcom and deleted their accounting records.
wow, would that have been 90/91? while at UK uni a few of us had a shell account at Netcom. we'd X25 from our uni to a telnet relay in london and used netcom for unix/shell access. we did not get reliably billed for a long time! thought at the time it was just UK/US banking issues. i wonder if Mitnick was why! will have to re-read the book. thanks for the memory!
Not sure if Kevin's Netcom escapades are responsible for you not getting billed for a shell account. I had two Netcom accounts (actually one account with two services). I was continuously billed ($19/mo?) for the shell account, but I was never billed ($6/hr) for the CSLIP account. Somewhere I read that Kevin had wiped the accounting records for CSLIP. I'm not sure of the level of detail described in his book. Maybe I'll read it again.
I ran that CSLIP connection continuously for many years. I would have paid them if they had ever billed me.
As someone with a software development background, I always found legal language very interesting. It is like a very verbose, programming language. All sorts of words and phrases have very specific meanings that, when arranged in a certain order, produce specific, reproducible outcomes. Sections of contracts and laws reference other sections by name and reference, and the whole document (or set of documents) gets interpreted in a semi-rigid way.
Just like computer programs, mistakes happen with legal languages, and when they do, they are typically have unintended consequences.
(edited for a couple of missing words in the last sentence)
Several years ago I was chatting with a patent lawyer who belonged to my electronics hobby group, and it struck me in the middle of the conversation that Lawyers are hackers of the Law. Folks who find the system interesting and (in some cases) enjoy finding and understanding the attack surface and vulnerabilities.
I think the biggest difference they face is that the interpreter is another reasoning human, and not just a functional part of the machine.
There are tons of ambiguities and other problems in issued patents!
When I get the time, I intend to rewrite a significant amount of the code in an object-oriented style. (Basically, making a class for a patent claim and having a ton of methods for that.) The code right now is a mostly untested mess that seems to produce decent results but is not pleasant to work with.
I attended a computing conference in LA a few years ago where someone presented a paper that turned legal phrases into code, and was able prove theorems from it. She suggested it was a way to mathematically look for "bugs" in the legal documents.
I thought it was the most fascinating talk in the conference.
I remember this talk! The speaker recommended doing this with the tax code because it was one of the most mechanical -- very little inherent ambiguity, there's just a lot of surface area to cover, so it's a great candidate for actually applying formal methods to.
I have felt this way as well and wonder why we can't encode laws into some sort of machine code and study it, test it, iterate it, debug it, and optimize it like we do with computer programs.
People tried that. Unfortunately, it was immediately doomed because it was a blockchain thing.
More seriously, this means you also have to accurately encode all the things the laws refer to, even when those things are vague judgement calls. It's easy to say "you can only have a noncompete agreement if it doesn't make it unreasonably difficult to find another job in the same industry", but hard to express "unreasonably difficult" or "same industry" with the kind of precision we expect from code. A sufficiently evil company would just pay a lawyer for a few days to find a loophole in whatever definitions you can think of.
There's a reason the primary use of this is cryptocurrency conversion - it's a lot easier to enumerate all the failure modes in "give me n of A and I will give you m of B".
Thank you for this. I went down a 3 day rabbit hole learning about return oriented programming and finding this awesome seemingly open courseware class called CS 4630 Defense Against the Dark Arts [0], which eventually led to me signing up for this x86-64 assembly thing [1] when I had absolutely no idea what they were talking about by the third class.
Great story but ultimately Kevin Mitnick got fucked by the law and unjustly served years in jail. They made ridiculous statements like he could start a nuclear war by using a telephone. I think he's unfortunately an example of what happens when you push too far, a.k.a. FAFO.
idk about black hat stuff but I owe a huge amount of gratitude to the freenode (now irc.libera.chat) community that helped me learn C++ 12 years ago and to the #linux / #debian / #arch-linux channels to which I go for help even to this day.
2600 is still around, I believe[0]. The PO Box Address at the bottom of that page matches a paper copy of the summer 93 issue I have around here somewhere.
2600 is alive through I don’t know how well lol. One of my favorite tshirts is the one they made with blue box schematics on the front and various Free Kevin news snippets on the back.
2600 is alive and well. I've been reading it for around 10 years and the quality has remained exceptional. It's very community oriented, welcoming new authors while also maintaining very high-quality regular columns. I find myself consistently surprised with what they get away with publishing. A lot of people arrested for hacking get limited access to the internet, so writing articles for a print zine like 2600 is the only way to get their stories out there. lots of really interesting tales of ingenious hacks, both in and out of jail. It's a great example of why we should fight to preserve the first amendment rights of prisoners which so often are being infringed these days. The classified section is also actually worth reading through, there's always some interesting new gadgets or devices and services.
The hacker perspective, that's what it's all about.
Registered a throwaway over Tor just for this thread.
Kevin shouldn't be in prison, because prisons should be abolished, but be careful where you put... that. There's a notorious story about him being physically ejected from a fundraiser for refusing to pay the entry. (Redacting some details to stick to the fun parts)
On my end, I was working my way up to maybe flirting with someone I'd had a crush on for years, because I was a widdle baby hacker at my first... con... and off in the corner there's some kind of disturbance. "What was that?!" I sputter, straining to see across the smoky room, and some multicolored cyberpunk dryly drops "Oh, some asshole getting bounced"
If my timelines are correct, "some asshole" was Kevin Freaking Mitnick being physically ejected because when repeatedly asked to pay the door fee kept reiterating "I'm Kevin Mitnick!" and being repeatedly told "We know!" until one of the goons just... picked him up and carried him out into the hall.
And me? I was in the corner being aggressively hit on by John "Cap N Crunch" Draper, who seemed annoyed I kept refusing to drink from his flask. I told him dude, I'm 21 I can just buy booze at the bar and he angrily spat back "Why would I tell you if she's single, then you won't ever let me give you a massage!" and stormed off to find someone dumber and younger than me to ply.
(It was my first hacker convention, and it fully lived up to my expectations even if I didn't end up on the roof that year, lolllll)
He was banned ten years after I interacted with him. I actually was asked to leave a vendor party I was trying to network at for "starting drama" when I told others not to be alone with him. (Fuck you, Duo.)
Defcon is basically run by a gang that values loyalty and dedication above most things.. which has historically low standards of ethics for their goons and attendees (albeit has improved somewhat over the years)
No, Derby was run by a gang. (The 303 could probably be RICO'd)
I cannot confirm or deny that Defcon is where the event occured, especially since it was technically just an event at a casino, as many things occuring on the same days as Defcon occur.
>a gang that values loyalty and dedication above most things.. which has historically low standards of ethics for their goons and attendees
I actually was told by someone at my last Defcon they were boycotting CCC because they allowed Nazi imagery or something to that effect, which surprisede me given... you know... Germany.
I've never been to CCC.
I can tell you that Defcon is changing though. I volunteered with a village rather than as a goon since I don't want to kiss ass to war criminals.
(A lot of their security is ex Navy Seals. I will hold the goddamn door open when it comes time to batman people to the Hague, I don't like people who volunteered to do war crimes then walk around Las Vegas with a gun on their hip whining about weed.)
Anyways... I never felt welcome at Defcon, it was like being in high school at the pool table -- you can pay like anyone else to play, but... there's a line... for lack of a better analogy.
Maybe I should check out CCC but part of the appeal of Defcon was cost... for an American, it's pretty cheap for a hotel and airfare compared to going to Europe, a place I may never return to since standing up for folks in the Me Too era + standing against white nationalism has resulted in me being blacklisted from infosec.
CCC was a lot of fun. At the time there was a special package for people from the US for hostel+admission so that no one would be stuck with airfare and no ticket. Had a great time, ended up talking the night away at the hostel bar with the keynote speaker and didn't realize who it was. (not creepy, just fun hacker talk)
>I never felt welcome at Defcon, it was like being in high school at the pool table
They are like any clique but taken to the extreme. To me what's interesting is seeing how people change over time as they get older. What is old is new again, until you get married and have kids. A lot of white knights in the community as well who hide dirty secrets and make big noise about other people to deflect attention from themselves.
I've had someone legit tell me they didn't want to associate with me implying that it was bad for business despite the fact they helped me personally financially. The message between the lines was that somehow, they thought I was going to cause issues with attendance in their classes or association. Meanwhile, they are probably the most prominent member of the community. Absolutely ridiculous grandstanding.
Iraq was a war crime and CMU doesn't have any distinction between the FFRDC and the uni. And the security staff at Defcon, a lot are ex CIA or special forces.
>I've had someone legit tell me they didn't want to associate with me implying that it was bad for business despite the fact they helped me personally financially. The message between the lines was that somehow, they thought I was going to cause issues with attendance in their classes or association. Meanwhile, they are probably the most prominent member of the community. Absolutely ridiculous grandstanding.
No one from the so called hacker community has given me so much as a couch to crash on, I don't feel welcome in it.
I used to travel more, the "hostel people" were quite kind, but that's nothing to do with hacking per se and I'm at an age I'd be intruding if I got a bed in a dorm. (People don't use them like they used to, everything is a party now it seems -- the last place I stayed that threw people out for making noise in the sleeping areas and the like went out of business.)
> A lot of white knights in the community as well who hide dirty secrets and make big noise about other people to deflect attention from themselves.
Yeah I knew at least one guy who handed out a lot of unwanted hugs who now rolls with the so called badass army. People are performative.
Last time I went to CCC I was greeted with a giant Antifaschistische Aktion banner at the entrance. That made me feel pretty safe about the event (unironically).
> I actually was told by someone at my last Defcon they were boycotting CCC because they allowed Nazi imagery or something to that effect, which surprisede me given... you know... Germany.
Yeah, there's no way that is true. I could easily see it happen the other way round, some edgy American kid turning up with a swastika shirt, getting thrown out, and throwing a tantrum because muh free speech, when he should be happy he wasn't arrested by the police.
Maybe I'm conflating being supportive of Trump / Trump hats at cons with literal swastikas.
(The few who donned them at Defcon were not given a warm welcome, to put it mildly.)
I was very jet lagged and had self medicated a lot due to death threats plus being in an abusive living situation (so desparately seeking employment to take me out of precarity) -- I wasn't taking detailed notes.
But it was a prominent person who made the claim, maybe they were inventing a reason to avoid DE, who knows.
If you send him $10 cash in the mail with a self-addressed stamped envelope, he will send you back one of his business cards, which is a lock pick set. One of my most prized possessions.
One of my former co-workers had one of those business cards as our company had used Mitnick Security to evaluate our processes. I can confirm it's a really cool business card.
I also have that business card and also it is a prized possession haha. I met him at The Last HOPE in nyc about 10 years ago ( it wasn’t the last hope in the end) and got one there.
Almost lost it at airport security once so I keep it at home now.
I disagree. If you're a fan of Mitnick, or know a lot of his story, I think it's a perfectly reasonable fee. It costs money to make them, they are metal by the way. You can either meet him in person, pay for his services, or buy a business card. I love it.
> Belderrain cited Kalt's paper "The Perfect Crime" to explain why he believed it was illegal to have his trial with a jury from a state other than where the crime was committed. The court dismissed this argument.
There's a lot of argument going on about what side of the line this is on, but in the end it seems like courts can just say "we don't care" and do whatever they want?
Well, yes and no. The Supreme Court gets final say should it be appealed that far and they agree to hear the appeal. I am no legal expert, but I think they would hear this case if it got to them.
It's been fascinating to see the collision of security and smart contracts. Smart contracts in some ways represent an idealized view of the law, of law as code divorced from the messiness of reality, and security and hacking has a way of circumventing and/or dismantling such constructs via unknown unknowns. This post is a reminder that legal hacking has probably always been a thing even if it wasn't called that.
Well mobs had always their lawyers. Which were not like your regular lawyer “off the street” these were always “hackers” that would count minutes or specific holes to get their clients off the hook. I don’t think Mitnick was ever able to get such a lawyer because if he did, he would not be a hacker he would be just another gangster.
I'm pretty sure it still is, I saw a variation of it with the KnowBe4 branding a few years after I snagged the first one. Kevin is a bit of a polarizing figure in the "scene" more so now than he used to be, still he was one of the first people I saw with this unique card (though it's since been replicated).
“Sovereign citizens” at least at the moment mostly seem to be basing their arguments on false and ridiculous ideas like “the country has been secretly turned into a corporation so can’t legally enforce the law” or “An agreement between King John of England and some rebel barons in 1215 overrides the law in the US or Australia etc.”
Exploiting a technicality in the actual, existing, applicable law is very different from basically trying to completely make up your own laws…
Kevin's parole officer liked him and knew that his superiors in an overworked system wouldn't bat an eye at his wrong interpretation of the law. So he played along, and his superiors didn't ask any questions. One less kid to keep up with (and a nonviolent one at that).
If on the other hand Kevin's parole officer had been a dick, he would have told Kevin he wasn't allowed to do this. And when Kevin did it anyway, he would have brought it to the attention of his supervisors who would use the right interpretation of the law to hold him accountable and keep the warrant out for some longer amount of time.
Since there isn't a series of human-based gates running inside Chromium, this has very little if anything to do with finding exploits in software.
Edit: clarification