Mitnick gains access to DEC computers after social engineering himself a developer's account

Incident Date: 1979
Incident Location: Los Angeles CA USA

Late in the year 1979, Kevin Mitnick was dared by a group of fellow hackers to hack into a computer system named "The Ark" at Digital Equipment Corporation (DEC). This system was used to maintain the source code for DECís RSTS/E operating system software. Provided with only the computerís modem dial-up number, Mr. Mitnick knew he would need more to win the dare.

After finding out the name and phone number of The Arkís system administrator, Mr. Mitnick gave him a call. Posing as Anton Chernoff, one of the lead developers at DEC, Mr. Mitnick claimed he couldnít log into his account. Convinced that he really was Mr. Chernoff, the system administrator created an account and password for him. The Ark also required a separate dial-up password, "buffoon", which was provided to Mr. Mitnick as well.

Mr. Mitnick demonstrated his new access to members of the hacker group, who were apparently quite surprised at his accomplishment. At least one member of this group reportedly took the credentials supplied by Mr. Mitnick, logged into The Ark with them, and began copying DEC source code. Ironically, once they had downloaded what they wanted, they called the corporate security department at DEC and informed them of Mr. Mitnickís hack.

DEC initially charged Mr. Mitnick with $4 million in damages related to the crime, but U.S. Attorney James Sanders later admitted the real cost of fixing the security holes was closer to $160,000.


Story Sources

Title: Missing Chapter from The Art of Deception book
Author: Kevin Mitnick
Date:
Publication:
2002
Publication Location: USA
Publication URL: http://www.thememoryhole.org/lit/deception-ch1.htm


Do you have additional information to contribute regarding this story? If so, please email siteupdates@passwordresearch.com with the details and source.

<-- Back to Authentication Story Index





[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com