THE WALL STREET JOURNAL. **** Saturday/Sunday, August 17 - 18, 2019 |A
T
hree luxury brands—Versace,
Coach and Givenchy—apolo-
gized to Beijing last weekend
for having labeled Taiwan, as well as
Hong Kong and Macau, as separate
from China. It has become a ritual: A
hapless Western web designer in-
cludes Taiwan—correctly—in a list of
countries, an army of Chinese trolls,
paid and unpaid, claim offense, and
the Western company capitulates to
their demands.
Fashion houses, airlines, hotel
chains, car makers and sporting-
goods companies have all found
themselves on the receiving end of
Beijing’s wrath over the past few
years. Eyeing China’s immense poten-
tial market, these multinationals
seem to believe they have no choice
but to toe the line of Chinese Com-
munist Party. Their apologies sound
like party propaganda: “The Givenchy
brand has always respected China’sLas VegasY
ou probably know better
than to plug a USB flash
drive from an unknown
source into your com-
puter. It could infect your
machine with malicious code. But
would you think twice about a
cord? You should.
Kevin Mitnick hands me an
iPhone charging cable. Like a magi-
cian, he asks me to inspect it. It
looks kosher. He plugs it into a lap-
top. Then he picks up a different
computer and commandeers the
laptop, including its web camera.
Unlike a magician, he shows me
how he did it. The USB end of the
cable has been retrofitted with a
tiny hardware implant. With a Blu-
etooth transmitter in his hand, he
injected keystrokes into the “vic-
tim’s” computer, which downloaded
and installed malware from the in-
ternet.
Mr. Mitnick, 56, calls himself
“the world’s most famous hacker.”
Headlines in February 1995, when
the Federal Bureau of Investigation
arrested him after a two-year on-
line manhunt, called him the “most
wanted hacker.” He spent nearly
five years in prison—not his first
stint behind bars—but now he’s a
“white hat,” a hacker who abides
by the law.
After his release in 2000, he tells
me over dinner at the Trump Inter-
national Hotel here, he decided to
use his skills to “help people and
help companies protect them-
selves.” Two months later he was
invited to testify at a Senate Gov-
ernmental Affairs Committee hear-
ing on computer security. He had to
get permission from the probation
office to travel to Washington.
Mr. Mitnick says he urged law-
makers to make it “a priority to help
internal government agencies and
the general populace understand the
threat.” He shrugs: “I tried to warn
them back then, 19 years ago, but
they didn’t do anything.”
Today cybersecurity—and inse-
curity—is in the news constantly.
“The hackers are ahead, and the se-
curity people are always trying to
catch up,” Mr. Mitnick says. A week
after we met in July, Capital One
Financial Corp. announced that a
cybercriminal had gained access to
the personal information of 106
million credit-card customers and
applicants. In a follow-up phone
conversation, Mr. Mitnick called
the data breach a “wake-up call to
enterprises, and even small busi-
ness, that you have to thoroughly
take a look at the threats out
there.”
In another highly publicized inci-
dent this spring, the city of Balti-
more was targeted by an attack
that crippled government comput-
ers for weeks. There have been 22
such “ransomware” incidents
against cities nationwide so far in
2019, according to the U.S. Confer-
ence of Mayors, which last month
passed a resolution against paying
off cybercriminals.
That’s a foolish policy, in Mr.
Mitnick’s view. “These mayors just
focus on ‘It’s the wrong thing to do
because it supports the criminals’
or ‘Then crime pays.’ But, as a busi-
ness owner, I wouldn’t give a crap
whether crime pays. I just want to
get my data back and my business
back in operation.”
He says victims should ask in-
stead: “Is this ‘fee’ substantially
less than trying to recover [the
data] in other ways?” In Balti-
more’s case, the answer was yes:
The ransom was 13 bitcoins, or
about $76,000. The attack report-
edly cost at least $18 million, be-
tween restoring its systems and
lost revenue.
What about election hacking?
“Anything can be compromised
when your adversary has unlimited
time, money, resources and pa-
tience,” Mr. Mitnick says—and na-
tion-states have all four. He worked
as a subcontractor for Ecuador’s
government to secure the South
American nation’s 2013 presidential
election from hackers trying to
gain access to the vote-tallying
through the internet. “There were
definitely attackers,” he says, “but
they didn’t get in.”
Although he doesn’t rule out
that hackers could tamper with
voting machines, he says it would
be technically challenging. It could
require physical proximity to the
device, which entails a high risk of
detection. He concludes that the
easiest way to interfere in an elec-
tion would be a simple approach—
the one Russians allegedly used in
2016 against Hillary Clinton’s cam-
paign chairman, John Podesta. Mr.
Podesta received a “spearphishing”
email, telling him Google was try-
ing to reset his password. The
hackers gained access to his Gmail
account and published messages
embarrassing to the campaign.
Mr. Mitnick’s road to a U.S. Mar-
shals wanted poster began inno-
cently enough. He was born and
reared in Los Angeles. “When I was
a young kid, I was fascinated with
magic,” he says. Tricks escalated
into pranks: After teaching himself
radio transmission, he comman-
deered a McDonald’s drive-through
intercom and used it to say sopho-
moric things to customers. His fa-
vorite, he recalls with a laugh, was
frantically shouting “Hide the co-
caine!” as a police car pulled up.
By the time he was in high
school, Mr. Mitnick was committing
more-serious offenses. “I would
hack the phone company to pull
pranks and do tricks on the phone
to have fun with my friends andfamily,” he recalls. That was known
as “phone phreaking.” A favorite
trick was to alter the phone com-
pany’s records to turn his friends’
home phones into pay phones.
When they tried to make a call, a
recorded voice would tell them to
deposit a dime.
In 1981 Mr. Mitnick went to jail
for the first time, for entering a Pa-
cific Telephone building to steal
manuals on phone-system opera-
tions. Then 17, he spent 90 days in
juvenile hall. But he says he
couldn’t stop hacking: “It was an
obsession, an addiction.” In 1989 he
pleaded guilty to two federal
counts for hacking into Digital
Equipment Corp. to purloin source
code for an operating system. He
spent nearly a year in prison.
He then turned to hacking cell-
phone companies to learn about
the internal workings of their latest
products. His targets included Mo-
torola, Nokia and NEC, and the FBI
took notice. Mr. Mitnick knew it—
he was illegally monitoring the
feds’ phone activity—and went on
the run. After 26 months as a fugi-
tive living under assumed names—
including Eric Weiss, an Anglicized
version of Harry Houdini’s given
name—he was caught in a middle-
of-the-night raid of his apartment
in Raleigh, N.C. Agents escorted
him out in handcuffs, a belly chain
and leg irons. A grand jury handed
up indictments on an assortment of
wire- and computer-fraud charges,
and he pleaded guilty.T
oday Mr. Mitnick runs his
own consulting firm. Organi-
zations pay him to break into
their systems and identify vulnera-
bilities that criminals could exploit.
He says he’s never encountered a
system he couldn’t infiltrate. He
also speaks on computer security
at dozens of conferences a year and
is chief hacking officer—yes, that’s
his real title—of KnowBe4, a secu-
rity company that describes itself
as “a team of free-thinking
techies.”
Although he hung up his blackhat and renounced crime some two
decades ago, Mr. Mitnick distin-
guishes his offenses from those of
today’s hackers. Hacking for him
was a “puzzle to be solved,” he
says. Even though he possessed
credit-card information and valu-
able source code, “I could care less
about making money. It was about
the adventure and the pursuit of
knowledge.” He frequently uses the
word “trophy” to describe the pro-
prietary information he unlawfully
obtained.
Mr. Mitnick is wistful for the
days of “old-school hackers,” whose
“ethical code” said “you don’t hack
to cause damage to others or to
make money.” Things changed, he
says, when companies started to do
business over the internet. “I think
it’s more like criminals learned
hacking tradecraft to better com-
mit fraud and theft. I don’t think
hackers turned to be criminals.”
Computer crime became easier,
too. You “do not have to be techni-
cally astute to do it,” Mr. Mitnick
says. Today criminals offer what
they call “ransomware as a ser-
vice”—a sort of franchise model for
high-tech extortion. Sellers on the
dark web—anonymous sites
shielded from search engines—of-
fer the malicious code for sale or
rent. The client sends phishing
emails and induces victims to click
a link that installs paralyzing code
on their systems. The client makes
a ransom demand. If the victim
pays, the client shares the proceeds
with the malware supplier. Cove-
ware, a cybersecurity firm that
helps companies respond to at-
tacks, reports the average ransom
demand in the first quarter of 2019
was nearly $13,000.
Ransomware perpetrators usu-
ally operate with near-impunity out
of foreign countries. Thus Mr. Mit-
nick says, “Every company has to
take control of the situation and
analyze the risk and deploy ‘people,
processes and technology’ to miti-
gate the chance that they are going
to be infected.” In case prevention
fails, they also need “an incident-response plan in place to restore as
quickly as possible.” That includes
having “proper backups, and not
having those backups connected to
the network.”
The key to prevention is train-
ing. After employees see examples
of phishing, their “critical thinking
has just shot up,” Mr. Mitnick says.
But “training alone does not work.”
Resistance requires practice. He
urges companies to phish their own
employees. He dismisses the sug-
gestion that this reduces employee
morale—as long as managers ex-
plain in advance that the purpose is
to “increase the abilities of the ‘hu-
man firewall.’ ” An employee
caught by a simulated attack is pro-
vided a training video.
Mr. Mitnick says small and me-
dium-size businesses are the most
vulnerable to ransomware attacks:
“They don’t have security staff.
What they have is an on-call IT
person, and usually they are calling
that person when it’s too late.” Yet
even companies with unlimited re-
sources for security are still at the
mercy of the weakest link in their
chain—“the human element.”
Employees are vulnerable to
what hackers call “social engineer-
ing”: “You can have the best tech-
nology in the world,” Mr. Mitnick
says, “but if I can call or email or
somehow communicate with a tar-
get in your company, I can usually
bypass all of that technology by
manipulating the target.”M
r. Mitnick speaks from ex-
perience. As a teenager and
a young adult, he was
skilled at calling companies and
convincing an unwitting “fellow
employee” to provide him with all
manner of passwords and other
proprietary information to hack
into their systems.
Today he can do that without so-
cial engineering. To demonstrate,
he asks me for my email address
and those of some people I know.
With a few keystrokes on his lap-
top, he finds one of my passwords.
My stomach turns. He points to
someone else’s password, which is
“lawyer1.” It’s probably outdated,
Mr. Mitnick says, but that doesn’t
mean it has no value: “If I was a
threat actor, I’d try ‘lawyer2,’
‘lawyer3,’ ‘lawyer4,’ ‘lawyer5.’ ”
It’s important, he says, to have
websites generate lengthy random
passwords, then store them in a
password manager protected with
a “pass phrase”—a sentence that
could never be guessed—instead of
simply a traditional password.
Impressed by his wizardry, I
can’t resist asking: Could Mr. Mit-
nick hack into my law school and
change my C in Elder Law to the A
that I deserved? He laughs: “I get
requests for that all the time.”Mr. Maniloff is an attorney at
White and Williams LLP in Phila-
delphia and an adjunct professor at
Temple University’s Beasley School
of Law.An ‘Old-School Hacker’ Fights Cybercrime
KEN FALLINAfter five years in prison,
he put on a ‘white hat.’
Now he has advice for
companies—and for you—
about staying safe online.
THE WEEKEND INTERVIEW with Kevin Mitnick| By Randy Maniloff
OPINION
California’s Biggest Cities Confront a ‘Defecation Crisis’
They say there’s a
smartphone app for
everything, and
doubters should
know there are now
at least two dealing
with excrement on
the sidewalks of San
Francisco. The city
has its official SF
app, part of its “San
Francisco at your
Service” program, and last year a
private developer introduced Snap-
crap, which allows residents to up-
load a photo of an offending speci-
men directly to the SF311 website.
This alerts the city’s new five-person
“poop patrol,” which will follow up,
presumably, with a smile.
Then there are the maps. At least
three maps charting the location of
“poop complaints” in the city have
been assembled, the latest and best
by the nonprofit Open the Books.
Their map shows most of the city
covered by brown pin dots, each
marking a report to the Department
of Public Works.
The website RealtyHop.com dubs
San Francisco “the doo-doo capital
of the U.S.” They noted that the
city’s poop reports almost tripled
between 2011 and 2017.
The problem draws attention be-
cause the poop increasingly comes
not from dogs but from humans. In
partial defense of his city, Curbed
SF’s Adam Brinklow explains that
the reports submitted to the city
didn’t distinguish between human
and dog excrement, and that there
were 150,000 dogs and fewer than
10,000 homeless people within city
limits. But he admits that homeless-
ness was probably the leading edge
of the problem in San Francisco as
well as Los Angeles, where 36,
people live on the streets, and many
do their business there.
The majority of the nation’s
homeless people now live in Califor-
nia. There are myriad causes at
work, no doubt. But there was no
“defecation crisis”—a term usually
associated with rural India—in the
1930s, even with unemployment at
25%, vagabonds roaming the coun-
try, and shantytowns and “Hoover-
villes” springing up everywhere. To-
day’s homeless and the hobos of the
Great Depression are different in
many ways. The triple scourges of
drug abuse, mental illness and fam-
ily breakdown have produced anomie
and derangements far deeper than
those seen in the 1930s, when the
widely shared nature of the eco-
nomic and psychological distress
provided its own grim comfort.
In California at least, one is
struck by the contrast between the
fastidious attention paid to the so-
cial duty of scooping up and dispos-
ing of dog feces, and the rather more
paralyzed and guilty reaction to the
plague of human feces. The former is
treated as a moral imperative among
the enlightened—and the thin plastic
bags used as the means to this moral
end have so far escaped the fate of
plastic straws, well on their way to
being outlawed as an environmental
outrage. Even social-justice warriors
don’t consider it their personal duty,
however, to tidy up after their fellowhuman beings on the streets.
Confronted on the sidewalk with
a nasty fait accompli, most people
are indignant. But the questions they
then ask often diverge. Those of a
more traditional disposition might
wonder, “What is wrong with these
people?” Those of a more progres-
sive mind-set might exclaim, “Why
hasn’t the government designed a
program to solve this?”
Each is sincere, and society will
have to try to answer both to make
things better. But it’s the former in-
quiry, prepared to make some diffi-
cult and unfashionable moral dis-
tinctions, that needs encouragementin deep-blue California. “Homeless”
was originally an adjective. It be-
came a collective noun, denoting the
victims of homelessness, only later,
under the influence of the 20th cen-
tury’s confidence that the first step
in solving a social problem is to
name it. Not all problems are social,
however, and few if any social prob-
lems can be “solved,” in the strong
sense of the term.
Without wishing to return to the
Elizabethan Poor Laws, we ought to
consider what was lost when the
courts discouraged Americans from
thinking of “homelessness” in light
of the old laws against vagrancy. Un-der that understanding, no one had
a right to camp out indefinitely on
public property, much less to defe-
cate on it. Public property belonged
to the public—to everyone—and
couldn’t be privatized for the benefit
of one or more vagrants, however
poor or sick. Though that principle
would need to be applied to modern
circumstances, it is the indispens-
able starting point for thinking
about the shocking problems of the
Golden State.Mr. Kesler is editor of the Clare-
mont Review of Books, from whose
summer issue this is adapted.Lawmakers ban plastic
straws as a far worse kind
of waste covers the streets
of San Francisco and L.A.
CROSS
COUNTRY
By Charles
Kesler
Kowtowing Comes Into Fashion
sovereignty and firmly adhered to
the One China principle.”
In fact, Taiwan has never been
part of the People’s Republic of
China, and neither government has
jurisdiction over the other. Those
who have visited or done business
with Taiwan know it’s not part of
China. Taiwan is its own country.Taiwan is a nation in every mea-
surable sense. Its 23 million people
are dismayed that the Western
world—which takes pride in valuing
freedom and human rights—is willing
to bend the knee to an authoritarian
government with expansionist aspira-tions, one that puts religious minori-
ties into “re-education” camps.
Markets are important, especially
for luxury brands that depend on
wealthy Chinese for their growth.
These private companies do business
with people from Taiwan, too, but that
market is a drop in the bucket, com-
paratively speaking. Consequently, it
may seem to make financial sense to
kowtow to Beijing and repeat the false
narrative that Taiwan is a province of
China. But one hopes business acumen
would dictate that overreliance on a
single market is a bad idea.
Democratic countries, and compa-
nies that claim to believe in corpo-
rate social responsibility, should band
together to ignore the whimpering of
China’s internet army. That would
give hope to those who cherish de-
mocracy, freedom and reality.Ms. Lu is press director at the Tai-
pei Economic and Cultural Office in
New York.By Myra LuVersace, Givenchy and
Coach grovel to Beijing
for acknowledging the
truth about Taiwan.