Once the most-wanted hacker in the US, Kevin Mitnick, the cracker extraordinaire and virtual ghost in the wires, spoke with RT about NSA snooping, Snowden’s status as a whistleblower or traitor and the virtues of VPNs in our surveillance saturated world.
RT: You actually broke into National Security Agency. Why did you do it, when did you do it, how did you do it; did you do it for fun?
Kevin Mitnick: I didn’t actually break into the NSA. When I was a juvenile, I was interested in hacking the telephone switches, so I thought, what would be the most interesting thing to wiretap as a kid? And I thought that would be the NSA. So I hacked into a telephone switch in Laurel, Maryland and this was actually the phone company. And then I was able, through hacking that switch, to be able to intercept an ongoing call between somebody in the National Security Agency. But I only wanted to see if I was able to do it. So as soon as I heard a conversation, it was some man and woman talking, I listened for like 5 or 10 seconds and then I hung up and never did it again.
RT: The NSA’s actually hiring code crackers. Why do they need them?
KM: Well, they need to hire code crackers to increase their capabilities. That’s the job of the National Security Agency, to break codes, so they want to get the best people in the world to help do that.
RT: According to Edward Snowden’s revelations, e-mails, phone calls, messages are all being tracked. How far can the government go?
KM: I think they have access to everything, at least in the United States and probably Great Britain. I believe they have access to everything because they basically could intercept all the packets going through the backbone of everything. Now there’ve been revelations that they’re pretty resourceful at breaking crypto so now I think they have access to a ton of stuff.
I believe it’s all about, as Scott McNealy said about 15 years ago, ‘you have no privacy, get over it.’ And that was the ex-CEO of Sun Microsystems. And I think that quote really holds true today.
‘Like the Pablo Escobar of pharmacy’
RT: You went to jail for some high-profile hacking. Do you think the government is still tracking you after all these years?
KM: Maybe only the Russian government since I’m here in Moscow. I doubt it. You know something comes up when they think I could have some involvement maybe, but I’m on the other side. I help companies protect their systems. I still hack today every day. Companies actually hire me to break into their systems, find their vulnerabilities, so I can tell them what the vulnerabilities are so they can fix them. So it’s kind of like Pablo Escobar becoming a pharmacist.
RT: Let’s now go back to the Snowden revelations. How do these leaks affect America’s national security?
KM: It’s very damaging, right? It’s kind of like how I felt and a lot of colleagues felt in the information security world felt; we already felt this was being done but there was actually no confirmation. But now there is definite confirmation, the cat is out of the bag, and it surely damages national security because now our adversaries, now potentially terrorists know our methods of operation or at least have it confirmed, so that they can change the way they communicate.
RT: And talking about Edward Snowden, is he a hero or a traitor from your point of view?
KM: I think he’s a whistleblower, I don’t look at him as a traitor. I’m actually glad that he revealed what the National Security Agency did, at least against Americans by violating our constitutional rights to privacy. But I have some mixed feelings that he did cross the line when he revealed NSA operations that we have against other countries, because as we all know, all countries spy on each other. So no matter who goes rogue, when they start publicizing operations against other countries, for example, if a [Russian] FSB [Federal Security Service] agent went rogue, and the FSB was doing an operation in Afghanistan, and he published it, it would be bad for Russia. So I have mixed feelings about it, but I wouldn’t classify him as a traitor.
RT: We’ve got hundreds of people writing you on Twitter, and the most popular question is, ‘how can citizens protect data and communications while still using popular corporate software and services.
KM: Well it’s pretty scary, because now, with the revelations from Snowden, that allegedly the NSA has approached and partnered with a lot of companies to develop security software, to develop VPN [virtual private network] technology, they might have intentionally weakened this technology so they can intercept communications. But an average citizen, if they are not a terrorist, they are really not concerned about an intelligence agency intercepting communications, but more a criminal organization. So the first thing I’d recommend to the average person on the street is, whenever you’re out in the public, or you’re in a hotel like I’m in a hotel in Moscow, or using public wi-fi, is use a VPN service. Because what that immediately does is, it takes your data and it kind of puts it in an encrypted envelope so that people can’t really intercept and spy on that. So as a consumer I would think about using a VPN service, and they’re pretty cheap.
RT: But anything can basically be hacked.
KM: Everything can be hacked if your adversary has enough time, money and resources. And of course intelligence agencies have unlimited budgets.
RT: Is there any way to stop hackers, like making strict laws or a governmental department that will follow them? Is that possible?
KM: I don’t think so. Hacking has been going on since the 1960s and it hasn’t stopped yet. I mean I started hacking in the early 90s and it’s only gotten worse; it hasn’t gotten better.
RT: Another popular question on Twitter: Is it okay to bank online?
KM: Well, I look at it this way, like using my credit card over the Internet, I do it all of the time and at least I don’t really care if somebody steals my credit card number. Do you know why? Because at least in America, if there is any fraud on the account, I simply call up the bank and they take the charge off. I have to basically sign a letter, an affidavit that it wasn’t me, and the problem goes away. Now in some countries that might be different, where the consumer has the burden of proof, then I’d be a little bit concerned, but it’s really where does the liability lie? Does it lie with the consumer, does it lie with the merchant, does it lie with the bank?