In his new book, former hacker Kevin Mitnick says security experts often fail to account for the human element. (Photo by Monty Brinton - John Wiley & Sons) _____Web Special_____ • Transcript: Kevin Mitnick took questions during a one-hour discussion moderated by washingtonpost.com's Brian Krebs. _____Mitnick Background_____ • Hacker Gives a Hill How-To (The Washington Post, Mar 3, 2000) • Book Review: On the Track of the Hacker (The Washington Post, Jan 21, 1996) • Computer Hacker Agrees to Plea Bargain (The Washington Post, Jul 2, 1995) • Chipping in to Curb Computer Crime (The Washington Post, Feb 19, 1995) • Computer Hacker Caught (The Washington Post, Feb 16, 1995) _____Cybersecurity_____ • Firms Respond to White House Cybersecurity Call (TechNews.com, Oct 1, 2002) • The Slow and Steady Path to Online Security (TechNews.com, Sep 26, 2002) • Cybersecurity Draft Plan Soft on Business, Observers Say (TechNews.com, Sep 19, 2002) • More Security News _____OnPolitics_____ • Today's Political News • Elections 2002 Coverage • Daily E-mail Updates _____TechNews.com_____ • Sign-up for the weekly tech policy e-letter (Delivered every Monday). E-Mail This Article Printer-Friendly Version Subscribe to print edition

By Brian Krebs
washingtonpost.com Staff Writer
Wednesday, October 2, 2002; 6:15 PM

The average U.S. corporation spends a small fortune each year constructing a virtual fortress around its information assets, but no security technology can prevent an unsuspecting employee from being duped into letting the enemy in through the front gate.

In their new book, "The Art of Deception," legendary hacker Kevin Mitnick and co-author William Simon explore the vulnerabilities companies forget to guard against in their race to protect their networks against hackers.

Mitnick is a master of the territory. He has about four months left of a three-year probation that prevents him from using e-mail or the Internet. He went to jail in 1995 for hacking into telephone companies and stealing secret code from software industry titans.

The 38-year-old Mitnick -- who has reinvented himself as a security consultant -- rarely targeted computer systems during his days as a hacker. Insteaad, he broke into networks by tricking their users into divulging key information. Mitnick now teaches companies how to spot gifted information thieves and their clever cons.

In his heyday, Mitnick usually could get the information he wanted simply by asking for it, he said. Armed with the proper lingo, knowledge of internal procedures, or data only employees would know, he would assume the identity of an insider making routine inquiries, and he warns that this type of human threat is often overlooked.

"Most people are basically trusting and can be manipulated based on their curiosity and their willingness to be liked and helpful," Mitnick said in an interview.

Mitnick says he's looking forward to finally being off probation, but admits he doesn't really know what he's missing when it comes to the World Wide Web. At the time of his incarceration seven years ago, Netscape's Internet browser had only just been introduced.

"I never knew the Internet as it exists today, so it's not like I had a taste of it and wanted to go back," he said. "But it would be nice to use e-mail normally."

He writes and reads e-mails, but he doesn't hit the "send" button himself. Instead, an associate in his office acts as an e-mail intermediary.

As he awaits the end of his probation, Mitnick is trying to stave off legal bills with his new business -- and maybe a Hollywood movie deal. He's also using eBay.

Mitnick is using eBay to auction an old Toshiba laptop that was seized by the FBI in 1995. The autographed laptop -- relieved of its former contents and sporting a brand new copy of Windows 95 -- has received bids as high as $9,200.

The reserve price has not yet been met.