Kevin Mitnick is one of the most well-known figures in the history of hacking and cybersecurity. His life story reads like a cyber-thriller, and he influenced how the public and government perceive hackers. From an elusive fugitive to a CHO (Chief Hacking Officer), this is the fascinating life story of the world’s most wanted hacker in the Nineties.
Meet Kevin Mitnick
"I’ve never met a system I couldn’t hack."
Kevin Mitnick is one of the most fascinating figures in the history of cybersecurity, almost legendary.
His hacking career began as a teenager in Los Angeles. He was a self-taught social engineer and phone phreaker who manipulated phone systems, often using social engineering to bypass controls. Mitnick had infiltrated major corporations by the 1980s and early 1990s, including DEC, Motorola, Nokia, Fujitsu, and Sun Microsystems.
After evading authorities for several years, he was arrested by the FBI in 1995 following a highly publicized chase. He was charged with multiple counts of computer fraud, wire fraud, and illegal interception of communications. He served five years in prison, including eight months in solitary confinement. Allegedly, prosecutors convinced a judge that Mitnick could start a nuclear war by whistling codes into a phone (an exaggeration, but one that added to his mythos).
After his release in 2000, Mitnick reinvented himself. He became a white-hat hacker and cybersecurity consultant, founded Mitnick Security Consulting, LLC and served as Chief Hacking Officer at KnowBe4 (a company specializing in social engineering security training).
He also co-authored several best-selling books on hacking, social engineering, and cybersecurity:
- The Art of Deception – Focused on social engineering techniques
- The Art of Intrusion – Detailed real-world hacking stories
- Ghost in the Wires – His autobiography
- The Art of Invisibility – About privacy in the digital world
Mitnick passed away on July 16, 2023, from complications related to pancreatic cancer. At the time of his death, he was 59 years old.
A master in social engineering
"You could spend a fortune purchasing technology and services, and your network infrastructure could still remain vulnerable to old-fashioned manipulation."
Kevin David Mitnick was born in Los Angeles, California, on August 6, 1963, into a working-class family. As a child, he was fascinated by magic tricks, misdirection, and puzzles, all of which became precursors to his social engineering skills.
At age 12, he pulled off his first con using social engineering: he convinced a bus driver to tell him how to punch a transfer ticket, allowing him to ride LA buses for free. This is often cited as his first known social engineering exploit — manipulating someone with trust and persuasion to access a system.
During his high-school years (the 70s), he joined a hacker subculture known as phone phreakers — people who manipulated the phone network to make free long-distance calls. With this group, he learned about “blue boxes” that emulated telephone routing tones. He listened to telecom technicians and obtained manuals by calling and impersonating employees. He used pretexting (posing as someone else) to gain access to proprietary phone switches and information.
Graduating to hacker
"Companies spend millions of dollars on firewalls, encryption, and secure access devices, and it's money wasted; none of these measures address the weakest link in the security chain – the people who use, administer, operate, and account for computer systems that contain protected information."
In 1981, at age 17, Mitnick and a friend broke into Digital Equipment Corporation’s (DEC) systems and stole software. He was caught and sentenced to probation.
To pull off his hack, Mitnick posed as a system administrator or employee of a company. He called customer service departments or internal help desks and spoke confidently using insider lingo to lower suspicion. He tricked employees into giving passwords, modem numbers, source code locations, and more.
This episode made it clear that Mitnick didn’t exploit systems – he exploited people.
Social Engineering as an art: His MO
"I was just looking for knowledge, for a challenge."
Between the Eighties and the Nineties, Mitnick elevated social engineering to an art form. He didn’t just rely on technical prowess. He spoofed caller IDs, interrogated voicemails, and used dumpster diving to retrieve passwords, access codes, and corporate directories. He accessed voicemail systems, PBXs, and source code repositories. He even infiltrated Netcom and Pacific Bell.
He often gained access to restricted systems by calling tech support and claiming to be a panicked employee or executive needing urgent help. He would usually request a password reset or modem dial-in number, and leveraged public information and internal jargon to sound credible.
When he pretended to be an employee of the company he wanted to hack, he often used the names of real employees or fake identities. One of his favourites was Eric Weiss, the real name of Harry Houdini.
On the run
"I broke the law, but I never stole a dime, nor did I harm anyone or damage any systems. I was a digital explorer."
After violating parole and continuing his hacking, Mitnick became a fugitive. He continued to break into phone companies and tech giants using modems, stolen source code, and spoofed credentials. Allegedly, he hacked into computers belonging to Tsutomu Shimomura, a security researcher. This led to his eventual capture.
Mitnick was caught in Raleigh, North Carolina, by the FBI. He was indicted on numerous counts, including wire fraud and unauthorized access to computer networks. He reportedly had access to millions of dollars’ worth of intellectual property, but no evidence he profited from it. Prosecutors emphasized his use of manipulation and social engineering, claiming he was a severe national security risk.
A myth in cybersecurity
Kevin Mitnick was associated with several nicknames and aliases over the years, both self-chosen and assigned by others (law enforcement, media, or hacker culture).
On Bulletin Board Systems (BBS) and phreaking communities, he was known as “the Condor.” The nickname was inspired by the 1975 espionage film Three Days of the Condor, in which the main character is on the run from the CIA.
When he transitioned from gray-hat to full-blown hacker, some media outlets called him “the dark side hacker.”
During his early years as a fugitive, the FBI called him “the world’s most wanted hacker.” This phrase cemented Mitnick’s legendary status in the public imagination, turning him into a folk antihero for some and a cyber boogeyman for others.