Noted computer hacker Kevin Mitnick is offering cash in exchange for tales of hacking escapades to fill a new book he is writing for publisher John Wiley & Sons Inc.
Mitnick used e-mail messages to online security discussion groups and his Web page to issue a call to the hacking community for stories of online derring-do, promising an award of US$500 for the “most provocative story,” according to Mitnick.
“I’m putting out a call to all current and former hackers to tell me about your sexiest hack,” Mitnick wrote on his Web page, www.freekevin.com, which also provided a phone number and e-mail address for submitting hacking stories.
Mitnick will judge the stories based on their innovation and the ingenuity that hackers used to compromise their targets. Winning stories will involve a combination of technical, physical and social aspects, Mitnick wrote.
The new book, which may be released as early as October or November of 2004, is tentatively titled “The Art of Intrusion.” It is a follow-up to Mitnick’s first book, “The Art of Deception.” That book focused on so-called “social engineering,” the subtle techniques that computer hackers often use to get computer users and administrators to divulge useful information that can be used in attacks.
The new book concentrates on “the untold true stories of the most salacious hacks in history,” Mitnick said on Monday.
Mitnick will look for stories about hacks against high-value targets such as universities and governments and will agree to keep the author’s identity a secret in exchange for the details about how computer networks were compromised, he said.
Unsophisticated hackers who use automated scanning and hacking programs, commonly referred to as “script kiddies,” need not apply, Mitnick said.
“I’m looking more for attacks that have an industrial espionage flavour to them,” he said. “I look at hacking like a chess game, and I’m looking for stories that are ‘Bobbie Fischer-like,'” he said, referring to the American chess grandmaster and 1972 world champion.
In addition to publishing the hackers’ untold stories, Mitnick and a co-author will analyze the attacks and offer readers suggestions on how to avoid such attacks on their own networks, he said.
The biggest challenge will be verifying the truth of the stories, Mitnick said.
Proof of the compromise, such as proprietary information taken from the organization, could help to establish the veracity of the hacker’s tale. However, Mitnick is wary of receiving such information and finding himself on the wrong side of the U.S. Justice Department, and he would speak with his lawyers about the legality of receiving such information first, he said.
“If receiving (proprietary information) is not legal, I’ll have to find some other way to exercise due diligence on the stories. I don’t want the book to be fiction,” he said.
Mitnick denied that he was in any way encouraging illegal acts by offering money in exchange for stories.
“I certainly don’t want to encourage people to go out and do a hack just to tell me the story,” he said.
The escapades of one famous hacker will be absent from the new book: Mitnick himself.
A plea agreement with the U.S. government restricts Mitnick from telling stories about his own hacking until January of 2010, he said.