about his hacking exploits, and subsequent jail time, won’t be out for a year. But we expect he’ll be offering a lot of previews before that. Today, for instance, Forbes.com has an interesting chat with him, in which he tries to clear up some misconceptions — and points out one of the downsides of the Web 2.0/Cloud movement.
What are some of the myths about Kevin Mitnick that just aren’t true?
I never wiretapped the FBI, though I did wiretap an informant who was working with the FBI and chasing me for the bureau. Some other myths: that I hacked into the National Security Agency, that I hacked into NORAD.
And some things you did do?
Well, I compromised all the phone companies, essentially. Even when I was a kid I had the capability to disrupt the telephone systems for entire states. I hacked into the systems of all the major software companies at the time: Digital Equipment, Sun Microsystems, IBM, Silicon Graphics. Also most of the companies that made cellular phones at the time, like Nokia, Motorola, Fujitsu.
So do you look for hackers with when you’re hiring?
I look at a potential employee’s skill set in general. But for almost anyone who’s very skilled, they’d be lying if they said they’d never broken into a system without permission
On the flip side, do you lose business because of your history as a criminal hacker?
It’s hard to say, because I don’t get calls from people who tell me they’re not hiring me because they don’t trust. I’m sure that I’m not called in some cases because of my history. But of course no one ever calls me to say they’re not hiring me. Fortunately there are companies that do trust me to do work. I’ve even worked for the FAA [Federal Aviation Administration] and for other government agencies that I can’t disclose. In general, I’ve gained more business than I’ve lost because of the notoriety given to me by the U.S. government, because of the way my case was blown out of proportion by prosecutors and the media. I don’t have to search for business.
What do you see as the biggest threats to cybersecurity today?
Cybersecurity used to be about the network or operating system. Now it’s more at the application layer. Companies and their contractors build their own applications hosted on a public Web site, and the people who write them aren’t trained in secure coding. The mistakes they make can be leveraged to break the system.
Business Insider Emails & Alerts
Site highlights each day to your inbox.