Home

Bulletins

Upcoming
Events

Posters

Recent Newsletters

Past Articles
*  Computer Security
*  Foreign Espionage
*  Industrial Espionage
*  Personal Security
*  Personnel Security
*  Physical Security
*  Security Management

VSAC Desktop
Guide

Security Books
On-Line

Other Security Links

About Us
*  ASIS
*  NCMS
*  VSAC

E-Mail Us
*  ASIS
*  NCMS
*  VSAC
*  Webmaster

We join with those who mourn the loss of life,  the injuries, and the disruption of lives caused  by the attacks  against Washington,  DC, and  New York, N.Y.    All those effected -- the brave people who helped in rescue efforts, those involved in America's response to terror and in the war with Iraq-- are in our thoughts and prayers.

Computer criminals are not easily caught.  If I ever doubted that, reading the newly published Takedown enlightened me.

Takedown: The Pursuit and Capture of Kevin Mitnick, America’s Most Wanted Computer Outlaw—By the Man Who Did It, chronicles computer security expert Tsutomo Shimomura’s efforts to locate fugitive hacker Kevin D. Mitnick.  As you may recall, newspapers throughout the country covered the arrest in February 1995.

The frantic chase began in December 1994, while Shimomura was in northern California, hoping for a skiing vacation.  After meeting a friend at San Francisco International Airport, they spent a couple of days at another friend’s nearby home.  Unknown to Shimomura, that friend’s Internet server downstairs had been penetrated by Mitnick.  It was one step in Mitnick’s attack against many computers, including those in Shimomura’s San Diego home and office.  (Because of the coincidence, one reporter investigated the possibility that Shimomura staged the break-in himself to gain fame by “discovering” and lecturing about it.)

After his grad assistant discovered the break-in, Shimomura began an intense effort to identify and locate the culprit.  While this detective story is reminiscent of Cliff Stoll’s search for hackers in The Cuckoo’s Egg, it shows what a difference a decade can make.  Stoll began searching to explain a 75¢ accounting discrepancy.  Only later did he realize he was chasing hackers from W. Germany who were selling their take to the KGB.  Most of the federal agencies Stoll briefed were uninterested in the developing case, even when he showed them the hacker was trying to get into computers containing military information.  A computer novice, he had to scrounge hardware, work virtually alone, and discover techniques as he went.

Shimomura, on the other hand, was already a computer security expert.  He kept up to a dozen networked computers at his home.  (One, by his bedside, routinely displayed the weather at the University of Illinois at Champaign-Urbana, IL.)  Although not everyone he reached to for help shared his sense of urgency, he quickly received support from both private companies and law enforcement.  During the chase he borrowed computer hardware and software worth “many thousands of dollars” from friends.

Because the book so tightly focuses on his account of those hectic six weeks, we glean only a sketchy portrait of Mitnick.  Toward the end of the chase, Shimomura describes him as “pretty cocky, a bit sloppy, and a creature of habit.  And from what I’d seen so far he didn’t seem to be as brilliant a hacker as legend claimed.”

Earlier, however, Shimomura credits Mitnick with the first successful hostile “IP spoofing” attack of a networked computer.  The dust jacket for the book touts him as the “Dark Side Hacker,” “America’s most wanted computer outlaw . . . who stole millions of dollars worth of information from government, corporate, and university computer systems and had successfully outwitted Federal authorities for more than two years.”  Neither Shimomura nor his collaborator, John Markoff, report any substantial conversations with Mitnick, so we are left unsure of his motives, character, and real capabilities.

Brilliant and skillful (a computational physicist, he was hired as a senior research fellow at Los Alamos Laboratory and San Diego State University even though he lacked the patience to earn a formal college degree), Shimomura frequently complains about others who fail to share his concern.  He writes disdainfully of government bureaucrats (including those trying to fund his computer security research), FBI agents, and at times even his graduate assistant (who makes several mistakes during the chase).

Shimomura occasionally provides other interesting insights.  He explains that no computer on the Internet can ever be safe, and that he uses the principles of risk management in deciding how to protect his machines at his office, at home, and on the road.  While he supports security software, he emphasizes monitoring traffic rather than complacently assuming those programs have stopped potential hackers.  Shimomura also describes spotting a Dutch hacker breaking into PACFLEETCOM computers to read the Navy’s e-mail during the Persian Gulf War.

Befitting a book about the Internet, Takedown is featured on two World Wide Web sites.  They boast extracts from the book, photos, and links to related newspaper articles and Web sites.  Point your browser to either http://hyperionbooks.com or http://takedown.com.

Assisting Shimomura, both in the hunt for Mitnick and in writing the book was John Markoff, a reporter for the New York Times.  Markoff had written about Mitnick in his earlier book, Cyberpunk, and Mitnick penetrated Markoff’s e-mail account.  The collaboration has three interesting effects.  First, it is eerie to read of Markoff’s involvement as if he were not a co-author.  Second, some Internet users and media professionals have criticized Markoff’s participation, concerned he used the New York Times to hype Mitnick’s name and later cash in on this lucrative book deal.

Finally, Takedown is a very easy read, even for people not schooled in UNIX computers and the Internet.  It makes an excellent introduction to some of the security issues surrounding the computer networks and cellular phones we are all becoming so dependent upon.

Reviewed:  Takedown: The Pursuit and Capture of Kevin Mitnick, America’s Most Wanted Computer Outlaw—By the Man Who Did It by Tsutomo Shimomura with John Markoff, New York: Hyperion, 1996, 314 pages, $24.95.

[Webmaster's note: This article was originally written in April 1996 for the VSAC News & NCMS Channel Islands Newsletter.]