Top 88 Kevin Mitnick Quotes

I trust online banking. You know why? Because if somebody hacks into my account and defrauds my credit card company, or my online bank account, guess who takes the loss? The bank, not me.

I think malware is a significant threat because the mitigation, like antivirus software, hasn’t evolved to a point to really mitigate the risk to a reasonable degree.

The hacker mindset doesn’t actually see what happens on the other side, to the victim.

Steve Wozniak and Steve Jobs founded Apple Inc, which set the computing world on its ear with the Macintosh in 1984.

Of course I’m sure half the people there hate me and half the people like me.

Some people think technology has the answers.

My hacking was all about becoming the best at circumventing security. So when I was a fugitive, I worked systems administrator jobs to make money. I wasn’t stealing money or using other people’s credit cards. I was doing a 9-to-5 job.

I could pose as a Yahoo rep claiming that there’s been some sort of fault, and somebody else is getting your e-mail, and we’re going to have to remove your account and reinstall it. So what we’ll do is reset the current password that you have – and by the way, what is it?

For a long time, I was portrayed as the Osama bin Laden of the Internet, and I really wanted to be able to tell my side of the story. I wanted to be able to explain exactly what I did and what I didn’t do to people who thought they knew me.

For the average home-user, anti-virus software is a must.

If I needed to know about a security exploit, I preferred to get the information by accessing the companies’ security teams’ files, rather than poring over lines of code to find it on my own. It’s just more efficient.

Anything out there is vulnerable to attack given enough time and resources.

No company that I ever hacked into reported any damages, which they were required to do for significant losses.

As a young boy, I was taught in high school that hacking was cool.

The hacking trend has definitely turned criminal because of e-commerce.

I have done a lot to rehabilitate my reputation.

Social engineering is using manipulation, influence and deception to get a person, a trusted insider within an organization, to comply with a request, and the request is usually to release information or to perform some sort of action item that benefits that attacker.

I believe in having each device secured and monitoring each device, rather than just monitoring holistically on the network, and then responding in short enough time for damage control.

I use Spam Arrest because of the amount of junk mail I get. Any legitimate person who wants to send me a message has to jump through hoops before they can be added to my opt-in list.

Are hackers a threat? The degree of threat presented by any conduct, whether legal or illegal, depends on the actions and intent of the individual and the harm they cause.

I was fascinated with the phone system and how it worked; I became a hacker to get better control over the phone company.

Our Constitution requires that the accused be presumed innocent before trial, thus granting all citizens the right to a bail hearing, where the accused has the opportunity to be represented by counsel, present evidence, and cross-examine witnesses.

Back in my day, I would probe by hand. Now you can get commercial software that does the job for you.

I characterize myself as a retired hacker. I’m applying what I know to improve security at companies.

Protecting yourself is very challenging in the hostile environment of the Internet. Imagine a global environment where an unscrupulous person from the other side of the planet can probe your computer for weaknesses and exploit them to gain access to your most sensitive secrets.

I wasn’t a hacker for the money, and it wasn’t to cause damage.

It doesn’t work the same way everywhere. The Americans are the most gullible, because they don’t like to deny co-workers’ requests. People in the former Soviet bloc countries are less trusting, perhaps because of their previous experiences with their countries’ secret services.

Oracle, for example, has even hired people to dumpster dive for information about its competitor, Microsoft. It’s not even illegal, because trash isn’t covered by data secrecy laws.

The first programming assignment I had in high school was to find the first 100 Fibonacci numbers. Instead, I thought it would be cooler to write a program to get the teacher’s password and all the other students’ passwords. And the teacher gave me an A and told the class how smart I was.

I could have evaded the FBI a lot longer if I had been able to control my passion for hacking.

Most of the computer compromises that we hear about use a technique called spear phishing, which allows an attacker access to a key person’s workstation. It’s extremely difficult to defend against.

Should we fear hackers? Intention is at the heart of this discussion.

All they need to do is to set up some website somewhere selling some bogus product at twenty percent of the normal market prices and people are going to be tricked into providing their credit card numbers.

Sometimes I get a call from my bank, and the first thing they ask is, ‘Mr. Mitnick, may I get your account number?’ And I’ll say, ‘You called me! I’m not giving you my account number!’

New security loopholes are constantly popping up because of wireless networking. The cat-and-mouse game between hackers and system administrators is still in full swing.

Back up everything! You are not invulnerable. Catastrophic data loss can happen to you – one worm or Trojan is all it takes.

The Internet is like the phone. To be without it is ridiculous.

I think a cyber-terrorism attack is overblown, though the threat exists. I think al Qaeda and other groups are more interested in symbolic terrorism, like what they did to the World Trade Center – suicide bombers or something that really has an effect and is meaningful to people.

Usually companies hire me, and they know full well who I am, and that’s one of the reasons they want to hire me.

So what I was essentially doing was, I compromised the confidentiality of their proprietary software to advance my agenda of becoming the best at breaking through the lock.

When I read about myself in the media, even I don’t recognize me. The myth of Kevin Mitnick is much more interesting than the reality of Kevin Mitnick. If they told the reality, no one would care.

Then again, my case was all about the misappropriation of source code because I wanted to become the best hacker in the world and I enjoyed beating the security mechanisms.

Once when I was a fugitive, I was working for a law firm in Denver.

I was hooked in before hacking was even illegal.

It’s kind of interesting, because hacking is a skill that could be used for criminal purposes or legitimate purposes, and so even though in the past I was hacking for the curiosity, and the thrill, to get a bite of the forbidden fruit of knowledge, I’m now working in the security field as a public speaker.

There’s a feature on Facebook where you can enable security that checks the device you’re coming from. By default these features are likely off, but as a consumer, you can enable them.

I was addicted to hacking, more for the intellectual challenge, the curiosity, the seduction of adventure; not for stealing, or causing damage or writing computer viruses.

When somebody asks for a favor involving information, if you don’t know him or can’t verify his identity, just say no.

Both social engineering and technical attacks played a big part in what I was able to do. It was a hybrid. I used social engineering when it was appropriate, and exploited technical vulnerabilities when it was appropriate.

Hackers are becoming more sophisticated in conjuring up new ways to hijack your system by exploiting technical vulnerabilities or human nature. Don’t become the next victim of unscrupulous cyberspace intruders.

Companies spend millions of dollars on firewalls, encryption, and secure access devices and it’s money wasted because none of these measures address the weakest link in the security chain: the people who use, administer, operate and account for computer systems that contain protected information.

To some people I’ll always be the bad guy.

Businesses should absolutely set aside funding in their budgets for security consultants. Unless there is an expert on staff, and there usually is not, it needs to be outsourced.

I saw myself as an electronic joy rider. I was like James Bond behind the computer. I was just having a blast.

I don’t condone anyone causing damage in my name, or doing anything malicious in support of my plight. There are more productive ways to help me. As a hacker myself, I never intentionally damaged anything.

So the ethic I was taught in school resulted in the path I chose in my life following school.

A hacker doesn’t deliberately destroy data or profit from his activities.

It’s true, I had hacked into a lot of companies, and took copies of the source code to analyze it for security bugs. If I could locate security bugs, I could become better at hacking into their systems. It was all towards becoming a better hacker.