On January 21st, Kevin Mitnick accessed the Internet for the first time
since 1995. The press was watching eagerly,
wondering what this notorious hacker would do first. But
in a twist that's hardly surprising, a true mark of the occasion has been
what other hackers have done with Mitnick's new electronic presence.
Mitnick's new company in Los Angeles, Defensive Thinking, hosts its web
site using Microsoft IIS on Windows 2000. It was only a matter of time
before the hacker "Bugbear" exploited an IIS vulnerability, using it to
add a new page to the web site. "Welcome back to freedom, Mr. Kevin," it
read. "[I]t was fun and easy to break into your box."
Next, another hacker exploiting another IIS bug from somewhere in Texas
got into Mitnick's site on February 9th. He asked Mitnick to make him the
company's Chief Security Officer.
Mitnick hasn't commented on whether he'll hire either of the hopeful
hackers, but he clearly takes their actions in stride. He told
the Associated Press, "All the hackers out there figure if they can hack
Kevin Mitnick's site, they're the king of the hill," and called the
The ordeal is, however, somewhat disappointing from a security point of
view. After all, Mitnick's is a security company, apparently poised to
help other companies keep hackers out. Not to worry, though. "I
haven't had any time to play webmaster," Mitnick told the AP. "But it looks
like I'll have to look into it."
As Mitnick's hand in the total operation of Defensive Thinking becomes more
significant, it will be interesting to watch how his newly re-applied
skills will be reflected.