http://www.theage.com.au/news/Next/Done-the-crime-now-its-Mitnicks-time/2004... By Patrick Gray December 14, 2004 Next After a five-month delay, the Department of Immigration has granted the world's most notorious convicted cyber-criminal, Kevin Mitnick, a visa to travel to Australia next year to consult to local companies, accept speaking engagements and promote his new book, scheduled for release in March. It will be Mitnick's first visit to Australia and one of his few trips outside the US and Europe. Mitnick spent more than five years in jail for his exploits, which included hacking into Motorola, Novell, Fujitsu, Sun Microsystems and Nokia to steal software code. Since his release in 2000, he has worked as a security consultant and written two books, The Art of Deception [1] and The Art of Intrusion [2]. Mitnick will fly to Melbourne on March 2 to deliver a keynote speech to an as yet unnamed company. He will fly back to the US the following week to start a book tour, returning to Australia in April to conduct a workshop. Mitnick is best known for his uncanny ability to trick employees into revealing sensitive information, a technique called "social engineering". He cites the theft of two customs computers from Sydney International Airport by three men in August last year as one example of a social engineering attack in Australia. "A lot of companies in Australia are vulnerable," Mitnick says. "That was a pure social engineering attack. We all know they weren't after the hardware, they were after the data." Both of Mitnick's books are about security but many people will be more eager to read the one he plans to start writing on January 21, 2007, when a court order that stops him from profiting from his crimes expires. "I'm definitely doing an autobiography," he says. "It's going to focus on the adventure, the things I did when I was a fugitive, how I lived my life and what was going through my head, the close calls nobody knows about. It will be the Catch Me If You Can of cyberspace." Catch Me If You Can [3] was an autobiography written in 1980 by Frank Abagnale jnr, a con man who passed himself off as a Pan Am pilot while forging $US2.5 million in fake cheques. There have been books written about Mitnick's exploits, most famously Takedown, written by New York Times journalist John Markoff and Tsutomo Shimomura, one of Mitnick's victims, which was made into a movie. But Mitnick says the real story hasn't been told. He has been portrayed as the "Osama bin-Mitnick of the internet", he says, and he wants to set the record straight. Mitnick launched a legal action against the producers of the Takedown movie, which was settled out of court. Although Mitnick spent two years on the run from the FBI in the US living under assumed names, he doesn't expect law enforcement to take much interest in his travels these days. "The only time they call me is when they need my help," Mitnick says. "They don't contact me because they're suspicious I'm doing anything wrong." Mitnick has just finished a vulnerability assessment of a US credit union. Much of his work involves technical testing and doesn't rely on his mastery of social engineering. "I'm doing vulnerability penetration tests, I'm going into companies and hardening their systems and network," he says. "It's all technical, no social engineering." A penetration test is work well suited to Mitnick's talents. Similar to the fictional hackers in the 1992 movie, Sneakers, for a fee, he breaks into companies' networks, submitting a report detailing security weaknesses and vulnerabilities. Before his release, Mitnick had never been out of the US, with the exception of Canada and Mexico. As much as he enjoys seeing the world, Mitnick confesses he is afraid of flying. "I hate to fly, man, I hate it. I have to get some sleeping pills to knock me out." [1] http://www.amazon.com/exec/obidos/ASIN/076454280X/c4iorg [2] http://www.amazon.com/exec/obidos/ASIN/0764569597/c4iorg [3] http://www.amazon.com/exec/obidos/ASIN/0767905385/c4iorg _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/ --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'