Mitnick: All my identification information is public record, like my social
security number -- you can probably find it on the Web because somebody put it in the
book. Anybody could pretty much apply for my birth certificate and probably get away
with it because the information is readily available. If they want to do that, that's
fine. They'll probably bite off more than they can chew. With the average person,
usually if somebody has some fraudulent intentions, it's for financial gain. So what
[criminals] are going to want to do is establish credit under [a stolen] name. They can
basically adopt your credit profile. I [also] know a lot of people that haven't been
accused of any criminal activities [because they] were really privacy advocates. They
establish a new identity, not for fraudulent purposes to deceive or steal money or
property, but for the process of protecting one's own property. People have multiple
identities for that reason.
InfoWorld: What's your opinion of the state of privacy and personal identification
Mitnick: I think there's vulnerability there. Authentication these daays is
basically based on something you know, like a password or something you have or an
access device or biometrics, and I guess what protects the confidentiality of
information now is cryptography. One of the weaknesses that is easy to take to the
physical space is how does the certificate authority -- when you obtain a certificate --
really know that you are who you say you are?
InfoWorld: What do you think about some of the security breaches that have happened
in the last eight months to a year, such as the "I Love You" virus?
Mitnick: I don't really consider that a security breach. "I Love You" is just
online vandalism in my mind. Hacking in my mind is a skill set. People can take that
skill and use it in any way that their conscience lets them use it. People can use it
to do good things or bad things.
InfoWorld: As you know, there is conflicting public opinion on the state of hacking
today -- are hackers rogues or cavaliers?
Mitnick: I think what's happening is the public [thinks], because of how the media
reports all these bad things, [that] only bad things are being done by hackers and that
it's a bad thing to be labeled as a hacker. But it was honorable back when I was
started. When I was hacking myself, it was kind of like an OK thing. And then what
happened was society changed around me, and it became not OK.
InfoWorld: So, in the past, the skill was appreciated rather than seen as malicious?