Q: What was your motivation for hacking into phone systems and computer systems?
A: Pranskterism. It was fun. I was curious. I wanted to know how things worked, especially operating systems. I read the source code. I didn’t sell it or distribute it.
You’d think that someone who hacks into a major company would actually steal something, even if to expose it to the world. Not so with Kevin. He just wanted to read the code and understand how it worked. Apparently, the FBI placed a value on that learning exercise that was higher than his freedom.
“No company that I ever hacked into reported any damages, which they were required to do for significant losses. Sun didn’t stop using Solaris and DEC didn’t stop using VMS.”
Instead, the FBI estimated Kevin’s hacks and code reading into the $300 million range, which accounted not only for any break-in mitigation but also for the entire cost of operating system research and development. It was extreme and unfair but it was to send a message to Kevin and others like him that such actions would not be tolerated.
The punishment became more about the message rather than any actual damages. No one, not even Kevin himself, is saying that what he did was OK, but the punishment should fit the crime.
“What I did was illegal and I should have been punished. But, the punishment should have been for any real damages that I caused.”
Q: What is the purpose of Ghost in the Wires? What do you hope to accomplish with it?
A: It’s my story. And I want to get my story out. I want people to know the true story. There’s a lot of myth and false information about me out there.
Q: Was the Free Kevin campaign to help you with attorney’s fees?
A: No, it was to educate people about the unfair treatment I was receiving: solitary confinement, exaggerated claims, poor representation, and outlandish damage estimates.
Q: How did you pay for your attorney’s fees? The cost must have been overwhelming.
A: I had a court-appointed attorney. And the court didn’t want to spend a lot of money defending me, so I sat in prison for more than four years without a trial. About one year of that was in solitary confinement.
Q: I’ve heard that a lot of hackers, including you, have been diagnosed with Asperger’s Syndrome. What do you think of that?
A: I was diagnosed with it but I think it was my attorney’s effort to help my defense. It was never used in the case. I don’t think I have it. I’ve heard that Adrian Lamo, Gary McKinnon, and John Draper have it. I might believe that Draper has it. I don’t know about the others or the Lulz guys.
Q: Can you really whistle the launch codes to our nuclear arsenal?
A: No, that is a gross exaggeration and part of what got me placed in solitary confinement. They wouldn’t allow me to have access to a telephone because of accusations like that.
Q: Do you have a favorite hack?
A: Hacking into the communications at McDonald’s. That was a lot of fun.
How it works: Customers pull up to the drive-through box to place an order and instead of hearing the employee inside, they hear your greeting. The employees can also hear you and the reactions of the customers. Hackers who do this use some form of modified CB radio or telephonic device to tune into the frequency used by the wireless sets in fast food restaurants.
“One guy was so frustrated that he went out and looked into the drive-through box to see if he could find something in it. Of course, I was across the street watching it all.”
Q: What kind of threats are big right now? It seems that full frontal attacks are down.
A: Successful attacks these days are hybrid. Attackers use a combination of social engineering and spear phishing to compromise systems and networks.
One example of this hybrid technique is that a “vendor representative” will call an unsuspecting person in a company and ask which software versions they’re using. They would ask for an email address along with that information. The hacker will then send an email with malicious code attached to deliver a payload that gets the hacker inside the company’s network.
Q: From our conversation, it seems that there’s no way to fully protect ourselves from hacks. Is that true?
A: It is. You can never protect yourself 100 percent. What you do is protect yourself as much as possible and mitigate risk to an acceptable degree. You can never remove all risk. For example, if you accept email attachments as part of your business, you’re introducing risk. But if your customers need to send attachments, you have to accept that risk.
Q: What do you do now?
A: I’m still a hacker. I get paid for it now. I never received any monetary gain from the hacking I did before. The main difference in what I do now compared to what I did then is that I now do it with authorization.
Q: Which operating system do you use?
A: I use Mac. Not because it’s more secure than everything else—because it is actually less secure than Windows—but I use it because it is still under the radar. People who write malicious code want the greatest return on their investment, so they target Windows systems. I still work with Windows in virtual machines.
Q: What is your favorite OS?
A: VMS. I’ve always liked it.
Q: What’s the most secure OS? Is there one that you can recommend?
A: I don’t know of any secure OS. In the past eight years, I’ve had 100 percent success at penetration testing on all of them. Wait, ChromeOS, ChromeOS is the most secure because of its very limited attack vector—there’s just nothing to exploit.
Q: What else can you tell me about Ghost in the Wires? Are there any secrets that you haven’t revealed?
A: Yes, at the beginning of each chapter, I’ve placed cryptograms for readers to solve. If you solve all of them, then I’m going to draw names of the winners and give a piece of evidence from my case in the actual FBI bags. It would be a cool piece of memorabilia for people interested in the case or hacking. You can answer the questions by reading the book. I’m currently setting up the website for this.
Q: Do you have any recourse or do you want any vengeance against anyone for the wrongs that were done to you?
A: No. None. The best vengeance for me is that my book is number eight on the bestseller list right now, my business is successful, and I have my family.
Q: It’s better that you feel that way. Unfortunately, I am neither so wise nor so forgiving. I’m glad you’re on our side and using your powers for good.
Interview used with permission of ZDNET.com, copyright © 2011. All rights reserved.