Mitnick on Mitnick: Why I'm going legit

Kevin Mitnick is ready to get on with his life. While still under court supervision for the next few months, Mitnick is publishing a book and starting a new security company. Dan Farber, of silicon.com's sister site ZDNet, spoke with Mitnick earlier this week about his new ventures and his expectations for the future.

Farber: In addition to the publication of The Art of Deception, you are also starting a company called Defensive Thinking, Inc. What is the goal of the company - besides to make a living?

Mitnick: We want to take the ideas from the last part of the book and to provide a world-class security consulting service, focusing on awareness training, seminars, videos, film, and web-based content. We will also have a vulnerability assessment side of the business, looking at weaknesses in technology as well as in business processes. We will do penetration testing to look at the network from outside and the inside to look for weakness in both technology and operations.

The key is to find out what would be the most cost-effective safeguards to mitigate security risks. There is always a certain level of risk. Our company will look to find an acceptable level of risk and the appropriate response.

Farber: What is your role in the new company?

Mitnick: I will be managing the company. We will retain professional testers using my methodology along with their own [methodologies] to look for weak points in networks. I will work more hands-on when my supervised release conditions expire in four months. We currently have one corporate client for whom we will be doing a security assessment of a USB drive that uses encryption and has built-in email and a web-based client.

Farber: How many people are in the company?

Mitnick: We are just starting to build the company. We are currently two people, including myself. I have talked to several other people to be involved on contractor basis. On the training side of the company, we have developed a screenplay for a training video. We need to raise funds - about $250,000 to develop the product. We hope to get sponsors like Microsoft for the project, and we will offer pre-orders of the film on our website. We've looked at competitors in the market and the amount of dollars that companies budget for security and awareness training, and we expect it to be successful venture.

Farber: The book jacket says that you are redeeming your former life of crime by providing specific guidelines for helping companies become more secure. What makes you think that your customers will trust someone who has been called the most feared hacker by the US Department of Justice?

Mitnick: The point is now I am taking my knowledge and experience to help educate government and industry on how to protect their assets, instead of using my former hobby to create grief. Hacking is now looked at as a serious crime. I want to be a successful person and to help people, so it is a natural area for me to be involved with. I know there will be a lot of critics. All I can really say is that I am older and wiser, and hopefully people can forgive me for my past transgressions.

Farber: How do you respond to the notion that your book is not just a practical guide for corporations, but also a manual for budding hackers?

Mitnick: It's the same issue with full disclosure around security vulnerabilities. When you find a flaw, do you disclose it or keep a secret? I am a proponent of exposing the vulnerabilities rather than keeping them secret. Social engineering exploits people's poor awareness. People become more sceptical of cons and swindles because they are made more aware through media, family or friends. My book is designed to raise awareness by showing them how it's done, so they can recognise different tactics and methods.

For the rest of the interview, in which Mitnick talks about his relationship with the hacker underground and his favourite con, read on... http://www.silicon.com/a55864