Mitnick #2: Platt responds to Markoff's rebuttal
Declan B. McCullagh
declan+ at CMU.EDU
Fri Jan 12 08:59:08 PST 1996
Topic 1119 [media]: Media Appearances of WELLperns VI, S.F.Bay Area Division
#190 of 296: Declan McCullagh (declan) Tue Jan 2 '96 (09:38) 212 lines
<hidden>
From cp at panix.com Tue Jan 2 09:26:11 1996
Date: Tue, 2 Jan 1996 03:11:10 -0500 (EST)
From: Charles Platt <cp at panix.com>
To: Declan McCullagh
Cc: Charles Platt <cp at panix.com>
Subject: John Markoff's "rebuttal"
In Computer Underground Digest I wrote a critical review of the recent
book _Takedown_ by Shimomura and Markoff, in which I suggested that John
Markoff had profited handsomely by mythologizing Kevin Mitnick as one of
"America's most wanted computer criminals."
My review was copied to The Well, where JM wrote a rebuttal. I am amused
to fiund that this rebuttal not only fails to answer my rather serious
allegations, but commits exactly the same journalistic sins of vagueness
and hyperbole that I complained about originally.
JM writes: "Just for the record, Katie [Hafner] says that her remarks
were taken out of context here by Charles."
This statement is perhaps intentionally vague, because if I don't know
exactly what I'm being accused of, I can't answer it. *What,* precisely,
was taken out of context? JM doesn't say. All I know is that when Katie
Hafner contacted me directly, she complained that she never branded Kevin
Mitnick a "darkside hacker" in the book _Cyberpunk;_ she merely used the
phrase as the title of the first section of the book. But in fact, the
"darkside hacker" term *is* applied to Mitnick within the text of the
book; and in any case, a section heading obviously sets the tone for
everything that follows. Therefore, I do not believe that I quoted Katie
Hafner out of context--unless JM is talking about something else entirely,
in which case he should say so, instead of attempting to devalue my review
by a generalized accusation.
JM Writes: "The darkside hacker label was created during the late
1980s by the Southern California press. It is a label that I noted,
but I didn't create. However, he's right I don't regret using it. And
also for the record, Kevin Mitnick used to drive around in Las Vegas
with a stack of copies of Cyberpunk in the trunk of his car to give
away to admirers. He is on record as saying the book is '20 percent
inaccurate.'"
JM is confusing the issue. I never suggested he invented the "darkside
hacker" term. This is totally irrelevant. I said, very specifically, that
he was the first to *apply* this label to Mitnick. JM does not actually
deny this, and I believe it is true.
Re my description of his initial article about Mitnick for the NY
Times, JM writes: "This is really inaccurate. Kevin Mitnick had become
notorious nationally in the late 1980s as a result of his being
arrested for attacks on Digital Equipment Computers. A menacing mug
shot? It was the only photo available. No actual news? Not the way I
remember it. The news was that he was being pursued by the FBI (three
agents full time), the California DMV, US Marshalls, telco security,
local police, etc. The further news was that the FBI had told cellular
telephone companies that they believed the fugitive had stolen
software from at least six cellular phone manufacturers. I thought
then, and still think, this merited a story. I also think the story
was a good yarn. Mitnick had succeeded in evading law enforcement for
more than a year - again."
"Notorious" in what sense? This is another of those vague terms that JM
throws around without limiting or defining it. Mitnick may have been
"notorious" in hacker circles, but not in the eyes of the general public.
My point was, and is, that JM converted Mitnick from a relatively obscure
hacker into a public figure. JM tries to evade this point but cannot
specifically deny it. As for Mitnick being "actively pursued," I believe
this is a vast overstatement. As I understand it, law enforcement had
largely lost interest until JM's news item embarrassed them. Even after
that, according to JM's own book _Takedown,_ law enforcement had to be
prodded into taking action. They seemed not to share JM's perception of
Mitnick as a severe threat. They certainly didn't characterize him as one
of "America's most wanted."
In response to my statement that Kevin Mitnick has never been accused
of intentionally damaging a computer, JM writes: "Wrong again. He was
accused of doing more than $100,000 damage at US Leasing, a SF time
sharing company in 1980. Their system was trashed by a group that
Mitnick was a member of. After that, at various other times he cost
companies tens of thousands of dollars trying to close the door on his
attacks. A further point is that I have no control over placement of
my stories in the paper."
With all due respect, this is not fair or accurate journalism. Was Mitnick
*active* in the group that caused the alleged damage? Did he play a
personal role? Does JM know? If not, he's just slinging mud. This is a
smear and should not be presented as if it is a fact. On the other hand,
if there is evidence that Mitnick was indeed actively responsible, I will
gladly admit that I didn't know of this.
As for the money that companies spent fixing the security weaknesses that
allowed Mitnick to gain access, it is grossly unfair and misleading for
JM to throw this into a paragraph discussing "intentional damage." This
is exactly the kind of deliberate blurring of different kinds of computer
misuse that I complained about in my review.
Regarding Mitnick's "most wanted" status, JM writes: "Sorry, but I
didn't create the character, Kevin did. He has now been arrested six
times in fifteen years. Each time, except for this last time, he was
given a second chance to get his act together. He chose not too. It
seems to me that he is an adult and makes choices. He chose to keep
breaking in to computers. He knew what the penalty was. So what's the
problem?"
Here again, JM avoids my direct point--that he was the first to categorize
Mitnick as "one of America's most wanted."
Of course Mitnick is responsible for his actions. I never disputed this,
and never suggested he was innocent of the crimes for which he was
convicted. I merely suggested that the crimes were relatively trivial and
were exaggerated out of all proportion by JM's extravagant prose.
Exaggeration, imprecision, and innuendo: *that's* the problem, JM.
JM writes: "A witch hunt? Give me a break. It was an article
describing a law enforcement hunt for a fugitive, who had been
arrested five times previously, convicted at least three times, and
was known to be attacking the computers of the nation's cellular
telephone companies."
My review complained that JM throws around words such as "attack" without
ever defining them in computer terms. He's still doing it here in his
rebuttal. Kevin Mitnick never attacked any computer, by my understanding
of the word.
Re providing advice to the police, JM writes: "I was called by Kent
Walker, the AUSA on the case during a meeting at the Well. He asked me
if I thought Mitnick was dangerous. I responded that everything I knew
about Mitnick had either been in Cyberpunk or my July 4 1994 article,
ie. in the public. I repeated the story of one arrest in which Kevin
ended up handcuffed in tears over the hood of the detective's car. I
gave no other information, nor got any."
Since we will never know the extent to which JM tried to help the FBI, I
guess we'll just have to take his word for this.
Re Mitnick's dangerousness, JM writes: "This is just not true. Kevin
Mitnick was actively sharing system vulnerabilities with other people
on the net. That is about the most damaging thing that could be done
to the Internet community."
Is JM aware that some highly respected security experts believe that
sharing news of vulnerabilities is the best way to encourage better
security? True, this is a controversial subject; but certainly the
sharing of vulnerabilities is NOT "the most damaging thing that could be
done to the Internet community." That's just another of those wildly
exaggerated phrases that JM throws out for emotional effect. I can think
of many politicians--and even a few journalists--who pose a far greater
danger to the future of the net than Kevin Mitnick ever did.
Re the petty gossip in _Takedown,_ JM writes: "The reason we described
what happened at Toad Hall on Xmas was that the attacks first came
from toad.com while Tsutomu and Julia were there. If we hadn't have
been complete in our description someone would have charged us with a
cover up. Please remember that David Bank, a San Jose Mercury
reporter, spent several weeks pursuing the hypothesis that Tsutomu had
attack his own computers."
Uh-huh. And I suppose the rest of the sordid, relentlessly personal thread
in _Takedown,_ describing every little nuance of Shimomura's campaign to
steal someone's long-term girlfriend, was merely included so that no one
could complain that the account was incomplete? Really!
In my review, I complained about pejorative terms (such as "attack")
that JM uses repeatedly. His response: "Perjorative?? Yikes! I mean we
could go to the dictionary....."
Well, I guess JM *should* go to the dictionary. If he does, he will find
that pejorative is a perfectly good word which I spelled correctly. It's
ironic that he seems unaware of it, since it so aptly describes his
own journalistic technique.
Re my assertion that all charges but one against Mitnick have been
dropped, JM replies: "Wrong. Kevin Mitnick is in jail in Los Angeles
facing charges from more than six United States Federal Districts. He
may go on trial or he may plea bargain."
I tried to contact Mitnick's attorney before I wrote my review. He did
not return my calls. I based my statement on information from three other
sources. If it's incorrect, obviously I stand corrected. As I understand
it, though, those charges from other federal districts may not have been
actually filed. Is "facing charges" another of those slightly misleading
terms that makes the situation sound worse than it really is? Are the
charges actual, or potential?
Finally JM writes: "Myth and reality? I have been writing about Kevin
Mitnick for a long time, since 1981 to be precise, but I didn't create
a myth, he created his own story."
In his own rebuttal, JM has already referred to the Mitnick story as a
"good yarn." A yarn, of course, is a richly embroidered, sometimes
fictionalized version of the truth. This is precisely what I believe he
concocted, and it isn't my idea of decent journalism.
----
Lastly, a question which occurred to me after I wrote my original review.
Around the same time that Kevin Mitnick broke into Tsutomo Shimomura's
computer, he also broke into the system of Dan Farmer, another extremely
well known security expert. What did Farmer do? He didn't get
self-righteous about the "invasion of privacy." He didn't start ranting
about the "extreme danger" posed by Mitnick. He certainly didn't take
several weeks from his normal schedule and pursue a personal vendetta. Nor
did he coauthor a book portraying Mitnick as a danger to the net. He
presumably fixed the flaw that had allowed Mitnick to get in, and went on
with his life.
Would JM like to explain how Dan Farmer's perception of "the Mitnick
threat" can be so different from Shimomura's? To the outside observer, it
almost looks as if there wasn't a significant security threat, and
Shimomura must have been motivated by wounded vanity, while John Markoff
was motivated by his desire to tell a "good yarn" and make a lot of money.
Am I wrong?
More information about the cypherpunks-legacy
mailing list