Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

HE’S BAAACK! MITNICK DETAINED BY FEDS

October 3, 2008

On September 16th, former famed hacker and social engineer Kevin Mitnick was detained by customs agents in Atlanta after returning from a trip to Columbia. Since his release from prison eight years ago, Kevin has been squeaky clean, but for a few parking tickets and driving without a front license plate.

You know you’re in trouble when the customs agent swipes your passport, turns to you smiling, and says "Kevin, guess what? There are some people downstairs who want to have a word with you, but don’t worry. Everything will be OK." Mitnick, no stranger to the ways of law enforcement, believed he was being set up for something.

Now Kevin doesn’t carry around the ordinary sort of luggage. He speaks at security conferences a lot (who knows security better than one skilled at breaching it?) and had in fact landed in Atlanta for a security conference. In his luggage, agents found a MacBook Pro, a Dell XPS M1210 laptop, an Asus 900 mini-laptop, three or four hard drives, numerous USB storage devices, some Bluetooth dongles, three iPhones, and four Nokia cell phones (with different SIM cards for different countries).

They also found a lock-picking kit and an HID proximity card spoofer that can be used to snag data stored on physical access cards by swiping it in front of them. The data can then be used to enter locked doors without having to make a forged access card. Mitnick says he used the device in a demonstration about security in his speech in Bogota, but that the customs agents’ eyes lit up when they saw it, thinking it was a credit card reader.

So the agents had a field day inspecting his laptop, cell phone, etc. In case Kevin thought his day couldn’t get worse, his girlfriend in Bogota called saying that the police there wanted permission to open up a package of computer equipment and souvenirs he’d mailed back to the U.S. a few days earlier because they said they found traces of cocaine on the package.

Mitnick told the agents why he was in Atlanta, to moderate a panel at the security conference. Asked for proof, he fired up a laptop to show them the itinerary in his e-mail. But when he clicked "yes" to have Firefox clear his private data–an automatic response to a default setting–the agents grabbed the laptop away from him, thinking he was deleting evidence. In a move that certainly must have irked the agents, Mitnick reached over and powered off his machine, not wanting the agents to have his password.

Fortunately for Kevin, one of the members of the panel he was to moderate works for the FBI, and customs agents were able to reach him to verify Kevin’s story. Meanwhile, conference organizers, worried about Mitnick’s non-arrival for his waiting airport ride, had also called the director of security at the airport and helped straighten things out. The FBI in Atlanta cleared Mitnick of any wrongdoing, and he was finally released with apologies.

And what about the Bogota package? Police there tore open the box, took the electronic equipment apart, and destroyed the hard drive trying to open it by drilling a hole in it, but didn’t find any drugs. The two incidents were, apparently, completely unrelated and coincidental. Sometimes everything goes wrong everywhere, all at once.

Kevin shared his story with the press as a cautionary tale for anyone coming through Customs with computer equipment. The government can, and does, detain anyone (and their equipment) at will. Even if someone is detained and released, the government currently asserts that it has right to hold on to electronic media to investigate what is on it.

To protect his privacy and that of his clients, Mitnick routinely encrypts all the confidential data on his laptops, transmits it over the Internet for storage on servers in the U.S., and wipes it from the computer before returning from any international trips, just in case officials decide to search or seize his equipment. He also encrypts his hard drive. And now, he says he is going to keep a "clone" of his MacBook at home so he will have an exact duplicate of it if it is ever seized.

So, for those of you who have queried whether John and I are “over-reacting” when we preach taking some of the steps that Mitnick takes regularly, re-read this posting. It can happen to anyone. George Orwell is no doubt nodding vigorously. Don’t say he – and we – didn’t warn you.

E-mail: Phone: 703-359-0700

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

HE’S BAAACK! MITNICK DETAINED BY FEDS

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer