Kevin Mitnick achieved notoriety for his offensive hacking techniques.

When you look at the early pioneers of cyber and information security, there’s no denying that there have been some controversial yet influential people in the field who helped establish many of the strategies that we still see in use today. While the law took some time to catch up to the new technology curious minds would do curious mind things and experiment with the new technology at length.

Kevin Mitnick was one of those controversial figures. An early contributor to the field, who would author several books and run a private company later in his life, he would also serve time in prison for various offences in his youth. The story of which is….quite interesting and the focus of today's article.

A controversial figure, young Kevin used and exploited social engineering quite effectively. That’s him in the middle there. Source: Wikipedia

The Crime

The scene is set in the early 90s when “the internet” was still a playground for both nerds and professionals. Before the story takes off though, it’s worth mentioning that Kevin was already on parole at this point. In 1989 he was charged and convicted of his first cybercrime offences after hacking Digital Equipment Corporation. On bail for the offence, the curious mind couldn’t resist and as such, further trouble would be inbound.

The catalyst for this trouble would come with Pacific Bell’s voicemail system. Using social engineering techniques, he would gain unauthorised access as well as critical information from within the system.


It’s worth pointing out that at the time, this was a crime that would receive a relatively minor consequence should you be a first offender. Having been known to the police and already charged though, this made the offence much more serious. When it was realised that he was under investigation for the offences he’d committed, Kevin elected to go on the run.

Life On The Run

If you’re a critical thinker with an eye for detail and a curious mind, it would be reasonably expected that you’d go on the run with a red-hot chance of getting away with it for a while and Kevin was no different. Realising his connections in California made him vulnerable to capture, he elected to relocate entirely, moving to Denver, Colorado and breaking contact with most of his personal network.

While the technology of the time made it much easier to initiate an escape the FBI was not lacking in resources and implemented an arrest warrant paired with a large-scale search for their offender. Their guy wasn’t making it easy for them though. He used more than a few tricks to stay ahead of his pursuers, including the use of alias names and cloned cell phones to avoid his communications being monitored.

In his own book, Kevin discusses the fact that for him, this was a lonely time. Away from his support network, in a strange place, Kevin moved between locations and stayed in short-term accommodations like motels to stay under the radar.

The Sneaky Twist

A story about hackers wouldn’t be interesting without a few interesting points and for Kevin, one of the most ingenious ones was exactly how he managed to stay one step ahead of his pursuers for as long as he did.

We mentioned before that the initial crime was for hacking Pacific Bell, a provider of telephone services in the United States. Via the Pacific Bell exploits Kevin managed to place the FBI team responsible for his arrest under direct electronic surveillance, using this information to create virtual “tripwires” that would alert him when the FBI started to get too close for comfort.

The FBI is on the list of “People you don’t want pursuing you” Source: Wikipedia

These exploits would be revealed initially in the prosecution brief when he was charged, before being discussed in even more detail through his book “Ghost In The Wires”. As you’d expect, a young hacker using technology to stay ahead of law enforcement garnered a significant amount of media attention in relation to the case.

While on the run, Kevin did a whole bunch more hacking including Sun Microsystems, Motorola and Nokia on each occasion managing to gain access and exfiltrate data or information.

Caught!

After more than two years on the run, the FBI was finally closing in on Kevin and the events leading to his capture would be slightly ironic, all things considered. After abandoning his network and going on the run to avoid capture, in the end, it would be a tip from within that network that would eventuate in his capture.

While he didn’t know it at the time, one of the few associates that he regained contact with had his own troubles with the police at the time that Kevin was gone. As such, when Kevin made contact, the associate turned informer and passed information to the authorities.

This would all come to a head in 1995 when Kevin would be arrested based on information gained from the informer. Arrested in an apartment in North Carolina, in his possession at the time of his arrest were confidential commercial documents, cloned cell phones and other useful hacking tools. The game was finally up.

A New Career

As you’d imagine, due to his exploits and prior activities when he was finally caught, the legal system was not kind to him. As you’d imagine, the FBI was pretty keen to convict and make an example of the guy who once left a plate of doughnuts in his apartment with the note “Sorry I missed you”. Due to his time on the run though, Kevin had received plenty of media attention.

As such, his trial received extensive coverage and much better-than-expected public support.
While the government tried to paint him as a legitimate threat to national security, the lawyers painted a picture of a curious mind that did little more than exploit bad security practices already in use.

The free Kevin campaign gathered plenty of momentum

There was no chance of a not guilty, but when it was all said and done Kevin received a reasonably mild sentence (46 months) for a federal fugitive who spent years on the run. Upon his release, he would gain a new career acting as an ethical hacker, helping companies and individuals manage their own private security.

In the History Books

There’s no denying that some saw Kevin and types like him as legitimate security threats. And to be fair, they probably were at points. However, these incidents helped spark important discussion, not just about cybersecurity but about the role we humans play in it.

While human factors and their influence are extensively studied in fields like aviation, the fact is that we do little to mitigate factors like these over the long term. Even today, social engineering strategies remain a key risk to both companies and individuals.

It’s clear that the lessons of the past still have much information to offer when we consider how they may work into future problems.

If you found this article insightful, informative, or entertaining, we kindly encourage you to show your support. Clapping for this article not only lets the author know that their work is appreciated but also helps boost its visibility to others who might benefit from it.

🌟 Enjoyed this article? Join the community! 🌟

📢 Join our OSINT Telegram channel for exclusive updates or

📢 Follow our crypto Telegram for the latest giveaways

🐦 Follow us on Twitter and

🟦 We’re now on Bluesky!

🔗 Articles we think you’ll like:

1. What The Tech?! Space Shuttles
2. Shodan: A Map of the Internet

✉️ Want more content like this? Sign up for email updates