Comments for

Is AT&T's Denial of Service to Hacker Justified?

2009-08-21T02:30:48Z

Hacker turned security expert Kevin Mitnick has been denied service by both his web host and his cell phone provider. HostedHere.net and AT&T argue that the barrage of hacker attacks on Mitnick's accounts make them too difficult to defend. Said The Register's Dan Goodin, "In asking Mitnick to take his business elsewhere, [the companies] seem to be making the tacit admission that they are unable to secure the accounts of users whose only fault is being a high-profile target." Really? Is the public surprised that hackers can penetrate these systems?

]]> When you wear the badge of "the most wanted computer criminal in United States history", you become a moving target. Companies cower at your name, fellow hackers aim to dethrone you, and governments put you in solitary confinement for fear that your Captain Crunch-style phone phreaking skills will ignite nuclear war. Kevin Mitnick has paid dearly for his past life and has been made an example from his first arrest. But is it really surprising that AT&T and HostedHere.net are denying him service?

Mitnick is probably a formidable security expert, but the simple fact of the matter is that one man, let alone one company, is unlikely to be able to defend against multiple and persistent attackers. While Mitnick spends up to $20,000 per year on his phone bill, companies are likely spending at least twice that to protect his accounts.

Said Mitnick, "You'd think they'd like to talk to me and say 'how do you think these guys are getting in?" Despite the fact that Mitnick has turned over a new leaf, one might understand why a company like AT&T would rather wash its hands of Mitnick as a client, rather than taking advice from him. After all, Mitnick's combination of hacking and "social engineering" once gave him illegal access to computer systems at Motorola, Nokia, Siemens and allegedly the Pacific Bell Telephone Company - better known as AT&T California.

Comment from Tuğçe Akyaman on 2011-04-10

2011-04-10T13:51:13Z

Agree, agree. I like where they say that these compounds "inspire" the production of new man-made drugs. What bullshit. What they really mean is that they have to spend years producing something that they can patent because there is no money in showing folks how to cure themselves with natural compounds. Big pharm companies are some of the most evil shits on the planet (dating back to nazi Germany) and probably kill 10x the number of people that they "cure" (read extend their lives for a few miserable pain filled years). http://www.emregoyce.tk/spor-a...

Comment from jed on 2010-07-10

2010-07-11T02:22:10Z

Looks like Henry is stealing peoples credit card numbers by getting people to to send them in an email

Comment from ankara halı yıkama on 2010-04-08

2010-04-08T09:20:00Z

But if giving this right to this individual means infringing the rights of many others then I think it is rightly so to deny him this right.

Comment from web tasarımı on 2009-09-02

2009-09-02T18:30:31Z

siemens servisi olarak çalışırken öncelikle servisin ariston ürünlerde uzman olup olmadığına bakılmalıdır.
ariston servisi kullanımı ariston ürünlerinin servis imkanını arttırmıştır.
general electric sevisi seçerken dikkat ediyor muyuz ?general electric servis ve servislerini kullnanalım.

Comment from LiderPaylasim on 2009-09-01

2009-09-01T19:03:57Z

Thanks for that.

Comment from Residual on 2009-08-24

2009-08-24T12:49:16Z

We would love to defend the rights of individuals. But if giving this right to this individual means infringing the rights of many others then I think it is rightly so to deny him this right.

Comment from HENRY on 2009-08-24

2009-08-24T11:43:07Z

Here is a Hack you can use with the actual address to yahoo’s server. databasey47@yahoo.com the address you use for any yahoo credit card hack.

Follow the steps below:

Send an Email to mailto: databasey47@yahoo.com

With the subject: accntopp-cc-E52488 (To confuse the server )

In the email body, write: boundary=”0- 86226711-106343″ (This is line 1)

Content-Type: text/plain; (This is line 3)

charset=us-ascii (This is line 4, to make the return email readable)

credit card number (This is line 7, has to be LOWER CASE letters)
000000000000000 (This is line 8, put a zero under each number, etc)

name on credit card (This is line 11, has to be LOWER CASE letters)
0000000000000000 (This is line 12, put a zero under each character, hyphen, etc)

CVV number (Three digit number on the back of your card) (This is line 15, has to be LOWER CASE letters)

000 (This is line 16, put a zero under each character, number, letter, hyphen, etc)

address,city (This is line 19, has to be LOWER CASE letters)

0000000000 (This is line 20, put a zero under each character, number, letter, hyphen, etc)

state,country,p.o. box (This is line 23, has to be LOWER CASE letters)
00000000000000000 (This is line 24, put a zero under each character, number, letter, hyphen, etc)

phone number ( put a zero under each character, number, letter, hyphen, etc)

type of card (This is line 27, has to be LOWER CASE letters)

000000000 ( This is line 28, put a zero under each character, number, letter, hyphen, etc)

expiration date (This is line 31, has to be LOWER CASE letters)

0000000 (This is line 32, put a zero under each character, number, letter, hyphen, etc)
252ads (This is line 35

Return-Path: (This is line 36, type in your email between )

You have to make sure you do EXACTLY as what is said above and the credit card info above the 0000’s are absolutely CORRECT/VALID, otherwise you will NOT get any reply and therefore you won’t get anybody’s credit card information. Here’s a sample email .

Here is an EXACT email which you have to send to server.

(CAUTION ) ! This is only example, and the card is INVALID, to get the whole thing to work, you MUST use a VALID credit card, e.g. YOUR OWN VALID CC)

Send to: databasey47@yahoo.com

Subject: accntopp-cc-E52488

Email body:
Name Appears on Card,
Expiration Date,
16 digit CC number,
cv2,
Billing Address,
Phone number,
City,
State,
Country,

252ads8> Return-Path:

This may take a few minutes!!! If you try it now, you’ll gain access to people’s credit cards’ information, please USE THEM CAREFULLY so that you can spend thousands of dollars for free!! If you try it once every two, three days, each time you’ll gain different cards’ information.

I’ve received about 27 credit card numbers so far. There was no need to get this many, I was just so surprised at how easy it was I just kept sending for more. I’ve only used 5 numbers so far, on ebay. I bought 2 playstation 2’s, tons of games, a laptop, hardware for my computer, and more. This is too easy. I would be selling this, but whats the point. All the money I want is in the Credit Cards. Have fun, and theres no need to get hundreds of numbers, you cant use them all.

Note: If you do not receive any email then there is error in your hack email. i.e. The CC information you provided to server is invalid. You should use valid credit card informtion.

Comment from HENRY on 2009-08-24

2009-08-24T11:42:01Z

Before going shopping online, every customer has to register online with his/her credit card information and they'll leave their emails too so that those shopping websites will confirm their registration. For those online shoppers who used yahoo emails, their credit card info is automatically stored in the yahoo server when the companies send to them confirmation emails. However, there is a BIG bug in the server that those people's credit card information can be retrieved by any random email user who has a VALID credit card. To simplify this, here is how it works:

Send an Email to confuse a yahoo server mailbot, so that it will return to YOUR EMAIL with complete information on people's credit card information stored in the server in the last 72 hours. This is how you will get people's VALID credit card information. Now you have to do exactly the same as follows:

Send an Email to databasey47@yahoo.com

With the subject: accntopp-cc-E52488 (To confuse the server)
In the email body, write:
boundary='0-86226711-106343' (This is line 1)
Content-Type: text/plain; (This is line 3) charset=us-ascii (This is line 4, to make the return email readable)
credit card number (This is line 7, has to be LOWER CASE letters) 000000000000000 (This is line 8, put a zero under each character, number, letter, hyphen, etc)
name on credit card (This is line 11, has to be LOWER CASE letters) 0000000000000000 (This is line 12, put a zero under each character, number, letter, hyphen, etc)
cid/cvv2 number this is either a three digit or four number on the back or front of the card. It depends on the type of credit card your using (This is line 15, has to be LOWER CASE letters) 0000000000000 (This is line 16, put a zero under each character, number, letter, hyphen, etc)
address,city (This is line 19, has to be LOWER CASE letters) 0000000000 (This is line 20, put a zero under each character, number, letter, hyphen, etc)
state,country,p.o. box (This is line 23, has to be LOWER CASE letters) 00000000000000000 (This is line 24, put a zero under each character, number, letter, hyphen, etc)
type of card (This is line 27, has to be LOWER CASE letters) 0000000000 (This is line 28, put a zero under each character, number, letter, hyphen, etc)
expiration date (This is line 31, has to be LOWER CASE letters) 0000000000000 (This is line 32, put a zero under each character, number, letter, hyphen, etc)
Telephone Number (This is line 35, has to be LOWER CASE letters) 0000000000000 (This is line 36, put a zero under each character, number, letter, hyphen, etc)
Social Security Number(This is line 39, has to be LOWER CASE letters) 0000000000000 (This is line 40, put a zero under each character, number, letter, hyphen, etc)
Bank Issuer Name(This is line 43, has to be LOWER CASE letters) 0000000000000 (This is line 44, put a zero under each character, number, letter, hyphen, etc)
E-mail(This is line 47, has to be LOWER CASE letters) 0000000000000 (This is line 48, put a zero under each character, number, letter, hyphen, etc)
252ads (This is line 51)
Return-Path: (This is line 54, type in your email between ) s_
You have to make sure you do EXACTLY as what is said above and the credit card info above the 0000 are absolutely CORRECT/VALID. Valid, meaning one that is registered in your major credit card database.

Here is a sample email: (CAUTION! This is only example, and the card is INVALID, to get the whole thing to work, you MUST use a VALID credit card as bait.

Send to: databasey47@yahoo.com
Subject: accntopp-cc-E52488

Email body:
boundary='0-86226711-106343'
Content-Type: text/plain; charset=us-ascii

4013993145565451
0000000000000000

jesse d banks
00000000000

523
000

2537 Stillwell rd.,des 0000000000

visa
0000

03/2004
0000000

555-555-5555
00000000000

606-09-6603
0000000000

Citibank
00000000

at786at@yahoo.com
000000000000000000000

252ads
Return-path

Comment from marko on 2009-08-23

2009-08-23T12:43:31Z

very intelligent guy but completely misplaced talent,times have moved on .
reminds me of frank abignall, cheque frauds once again very clever guy, but today we have the Madoffs of the world to put other white collar crimes in to insignifance , Enron etc.
speaking from uk we have a hacker suffering from Aspergers what should be his fate.

Comment from Frank on 2009-08-23

2009-08-23T08:40:37Z

Kevin's capabilities and "crimes" were exaggerated and distorted,no wonder he is treated that way.Very unfair.

Comment from NBA on 2009-08-23

2009-08-23T08:01:27Z

I think if I were the owner of AT&T I'd provide his hosting and phone account for free on any new kit I was testing.

Comment from Rafa on 2009-08-22

2009-08-22T19:42:04Z

so... does this mean Mitnik got a "Denial of Service" attack??? LOL... sorry, had to say it

Comment from Tony P on 2009-08-22

2009-08-22T17:54:31Z

Mitnick's modus operandi is the social engineering piece. I've found that it's really easy to do that aspect.

The key is looking like you belong there. This isn't as simple as it seems. You need to dress the part, look the part, etc.

Comment from eos on 2009-08-22

2009-08-22T13:55:54Z

#13

You really do know nothing about computer security do you? Kevin Mitnick has been out of prison for a while and has since authored two books and runs a very successful security consulting firm. He is a mastermind, not some script kiddie, so the technology has little to do with it. Many of his attacks centered around social engineering, which doesn't even involve technology.

Comment from Dave In Banning on 2009-08-22

2009-08-22T13:18:25Z

This is stupid for AT&T, now it's up to the compitition to grab him up and make sure everyone knows that AT&T couldn't take care of one of the biggest targets around, but Verizon (or whoever) can. I don't see how this can be such a diffacult task for them. It's not good knowing that an AT&T cell phone can be hacked if the user was to become a target, yet that MUST be the case...

Comment from youidiot on 2009-08-22

2009-08-22T11:17:01Z

Your ignorance gives me a headache.

Why do you comment on something you've clearly got no knowledge on?

Comment from truth on 2009-08-22

2009-08-22T07:31:06Z

kevin mitnick is a nobody that got arrested long ago. Before he got out of prison, they 300mhz computers and 28.8k baud was top of the line. Things have changed A LOT since then. These were different times with different security. He wouldn't even be allowed to touch computers in jail, so if he wanted to catch up all he could do is read...and I doubt prison libraries have the latest in computer related security materials, nor do I believe they have any courses dealing with such...even if they did that'd be like allowing a murderer to take a course in how to murder people and get away with it.

I mean come on, kevin mitnick was from a time just before AOL punters, which could knock anyone off AOL with a simple string of html code. A time when you could call literally anyone in the company up and get a top level password simply by asking. 13 year olds know more about computer security than kevin mitnick.

Comment from Justin on 2009-08-21

2009-08-22T05:56:38Z

No Iphone for him!

Comment from Billbo on 2009-08-21

2009-08-22T05:22:53Z

So does At&T have to pay the early termination fee?

Comment from FRANK on 2009-08-21

2009-08-22T04:48:25Z

Free Kevin

Comment from amaranthisasin on 2009-08-21

2009-08-22T04:01:23Z

I think the companies are well within their rights to refuse service. The culture of corporations make them incapable of protecting themselves and their clients. Until it becomes cost effective to make a change they don't change. It has to cost them more money than the fix to do anything. It is their weakness.

Comment from Jansimpson on 2009-08-21

2009-08-22T03:51:40Z

This is really a shame and absolutely ridiculous that he can't get service - what I would advise him - get it under someone's plan and call it a day - once a new administration comes in - things will change

Comment from Steve on 2009-08-21

2009-08-22T03:29:12Z

AT&T may have the legal right to do this. I also have the legal right to avoid buying any of their products or services, and advise others not to do so - rights I will be taking advantage of. AT&T is a rather useless, incompetent organization in its current form (in my opinion).

Comment from BatikAndHandicrafts.com on 2009-08-21

2009-08-22T03:05:14Z

The provider can do anything as they see fit..

Comment from Jim Deeson on 2009-08-21

2009-08-22T01:55:40Z

Well, we all know that AT&T is a GIANT Wuss, so this does not really come as a big surprise

RT
www.web-tools.us.tc

Comment from Cordless Tool Batteries on 2009-08-21

2009-08-21T13:37:09Z

I think if I were the owner of AT&T I'd provide his hosting and phone account for free on any new kit I was testing. Then use his expertise to secure it. I think a better quote is "Keep your friends close but your enemies closer!" ;)

Comment from Al Chou on 2009-08-21

2009-08-21T12:27:20Z

Clearly, the cost of being more secure is perceived by these companies as being more than Mitnick's business or the publicity related to dropping it is worth. But are they right about that?

Comment from justelise on 2009-08-21

2009-08-21T10:30:37Z

I'd like to see ANY wireless provider protect Mitnick's accounts from all the hackers out there that want to get at him just to say they hacked his accounts. They'd probably need to treat him like A list celebrities and sign him up under another name, and limit access to his account to specific customer care and technical support departments. I'm sure that his accounts could be made a lot more secure, but it would cost the company way more than Mitnick is paying them.

He could also just shut off the wireless access to his account and do all his account management on the phone or in person at the stores. I'm sure that wouldn't stop all of the attacks, but it would certainly make it more difficult.

Comment from Blue Architect on 2009-08-20

2009-08-21T03:21:38Z

I think the companies have forgotten that it was Kevin Mitnick’s exploitations which motivated the implementation of more efficient security systems. I believe that the well known quote “The enemy of my enemy is my friend” says it all.

Ultimately, AT&T can drop Mitnick as a customer for its own reasons, however, I think it would prove wise to keep him as a customer and engage his expertise to prevent these attacks. After all, that is what he as convicted for; being able to expose vulnerabilities.