Random Access - Monday, September 17, 2001

The Kevin Mitnick/Tsutomu Shimomura affair

Compiled by Chris Gulker

A splendidly tangled tale of intrigue, darkside hacking and skewed human relationships - the Kevin Mitnick/Tsutomu Shimomura affair is an incredible story that is still unwinding. The story riveted Americans when it broke early in 1995, and continues to play out today.

Mitnick was released on January 21, 2000 (having spent 5 years in jail) and Shimomura and John Markoff have reportedly profited handsomely from respectively apprehending him and telling the tale in a book and screenplay. Is Kevin Mitnick a dangerous criminal apprehended by an ingenious high-tech detective? Or a sad, if annoying, loner who was set up by shrewd manipulators cashing in on Internet hype?

Random Access offers this page of resources, including reviews (Takedown, The Fugitive Game, The Cyberthief and The Samurai) and links pertaining to the now-famous hack of Tsutomu Shimomura's computers and the subsequent pursuit and capture of Kevin Mitnick. Aside from the often-compelling reading offered by the 3 books on the subject and other documents, the whole incident serves to highlight the Pandora's box of issues surrounding security and privacy in cyberspace.

On September 13, 1998, hackers identifying themselves as HFG ("Hacking For Girlies") hacked the New York Times home page, citing Kevin Mitnick's plight. The story continues to unfold - this page is in progress and will continue to update.

The Attack

On Christmas Day, 1994, a hacker launched a sophisticated "IP spoofing" attack against Tsutomu Shimomura's computers in San Diego. The attack was launched from toad.com in San Francisco, the Toad Hall computer owned by John Gilmore, a founding employee of Sun Microsystems. By an uncanny coincidence, Shimomura spent the day at Toad Hall with his friend Julia Menapace. Shimomura's pursuit of the hacker led to computers in Marin County where Shimomura's stolen files were found on The Well, Denver, San Jose and finally to Kevin Mitnick, the fugitive hacker, in Raleigh, North Carolina.

Shimomura's description of the attack
Taunting voice mail left for Shimomura on Dec. 27 and Dec. 30
The attack on The Well

The Capture

"At 1:30 a.m., today, February 15, 1995, agents of the FBI arrested KEVIN MITNICK, a well-known computer hacker and federal fugitive. The arrest occurred after an intensive two-weak (sic) electronic manhunt led law enforcement agents to MITNICK's apartment in Raleigh, North Carolina." - from the FBI press release

N.B. In June of 1995, the Feds seemed to be backtracking on whether Mitnick was actually a Federal fugitive as described above. Details.

Markoff's NY Times news account of Mitnick's capture
Markoff's long Sunday NYT piece about Shimomura's pursuit
(The Takedown site has copies of most of Markoff's coverage of the whole saga. Takedown features a Mitnick timeline as well)
LA Times story
The FBI press release
San Diego Supercomputer Center press release

The Players

Kevin D. Mitnick
Tsutomu Shimomura
John Markoff
John Gilmore
Bruce R. Koball
Mark Lottor

The Books

Takedown by Tsutomu Shimomura with John Markoff
The Fugitive Game by Jonathan Littman
The Cyberthief and The Samurai by Jeff Goodell

The computers

These are some of the machines that figured in Mitnick's hacking and Shimomura's pursuit. For those who don't know, Telnet is a UNIX process that allows remote log-in to a networked computer, and is one of the main tools a hacker uses on the Net: http is the protocol for serving World Wide Web pages. Your browser may require that you have a Telnet helper app on your machine in order to Telnet in to machines listed below. Secure systems may drop you quickly if it doesn't recognize your ID, or the machine in question may not be running Telnet. (Wilson Cheung, an admin at UCSD offers this note correcting Shimomura's machines' addresses)

Shimomura's Computers: Ariel and Osiris (via Telnet). The "victims".

toad.com via Telnet, via http. The attack was mounted from this machine.

apollo.it.luc.edu A Loyola U. computer that also figured in the attack.

The Well: via Telnet, via http. Where Shimomura's stolen files wound up.

Netcom: via Telnet, via http. Their access points and computers figured in the pursuit.

Colorado SuperNet: via http . Ditto.
(Colorado SuperNet has since been acquired by Qwest Communications)

InterNex: via http. Home of John Markoff's hacked email account.
(InterNex has since been acquired by Concentric Networks)

Nyx: A public Internet access site, often used by Mitnick. (Nyx, once a machine in the computer science dept. at University of Denver, is now a public access UNIX server supported by volunteers).

Network Wizards: via http. Mark Lottor's business computer.

The reviews

San Jose Mercury News
Random Access - Takedown, The Fugitive Game, The Cyberthief and The Samurai
New York Times review of all 3 books

Web pages about Mitnick and hacking
(please note that the hacking pages come, go and change URL frequently)

Wired News update on Kevin, still in jail after 3 1/2 years (September 1998).

Archived copy of Hacked NY Times Home Page which cites John Markoff's behavior and Mitnick's predicament as a reason for the hack. Like many hacker (and other) Web pages there are comments in the page's source HTML that some may find worthy of note (September 13, 1998).

Where's Kevin? most recent news and archive on www.giveup.com

Kevin Mitnick legal defense pages - communications from Kevin from jail in L.A.

Kevin Mitnick page at Georgia Tech

Rogue's Gallery of Hackers and their fates, from Wired News.


L0pht Heavy Industries

2600 - The Hacker Quarterly


Random Access | www.gulker.com | Help/Info

editor@gulker.com This page was last built with Frontier on a Macintosh on Mon, Sep 17, 2001 at 9:19:59 AM.