From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 13 Jan 1996 03:01:45 +0800
To: cypherpunks@toad.com
Subject: Mitnick #3: Markoff responds again to Platt
Message-ID: <kkxcNda00YUqE5_=gs@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain



Topic 1119 [media]:  Media Appearances of WELLperns VI, S.F.Bay Area Division
#212 of 296: john markoff (johnm)      Wed Jan  3 '96 (16:58)   256 lines
   <hidden>
 
 
 My response to Charles Platt's rebuttal.....
 
 
 
 
 
      JM Writes: "The darkside hacker label was created during the late
      1980s by the Southern California press. It is a label that I noted,
      but I didn't create. However, he's right I don't regret using it. And
      also for the record, Kevin Mitnick used to drive around in Las Vegas
      with a stack of copies of Cyberpunk in the trunk of his car to give
      away to admirers.  He is on record as saying the book is '20 percent
      inaccurate.'"
 
  >JM is confusing the issue. I never suggested he invented the "darkside
  >hacker" term. This is totally irrelevant. I said, very specifically, that
  >he was the first to *apply* this label to Mitnick. JM does not actually
  >deny this, and I believe it is true.
 
 Sorry, you're wrong. The "darkside hacker" label was used in the headlines
 of Southern California press coverage of Mitnick in 1987-8, in particular by
 John Johnson, an LA Times metro reporter. I was not the first one to use the
 term with respect to Mitnick.
 
 
 
      Re my description of his initial article about Mitnick for the NY
      Times, JM writes: "This is really inaccurate. Kevin Mitnick had become
      notorious nationally in the late 1980s as a result of his being
      arrested for attacks on Digital Equipment Computers. A menacing mug
      shot? It was the only photo available. No actual news? Not the way I
      remember it. The news was that he was being pursued by the FBI (three
      agents full time), the California DMV, US Marshalls, telco security,
      local police, etc. The further news was that the FBI had told cellular
      telephone companies that they believed the fugitive had stolen
      software from at least six cellular phone manufacturers. I thought
      then, and still think, this merited a story. I also think the story
      was a good yarn. Mitnick had succeeded in evading law enforcement for
      more than a year - again."
 
  >"Notorious" in what sense? This is another of those vague terms that JM
  >throws around without limiting or defining it. Mitnick may have been
  >"notorious" in hacker circles, but not in the eyes of the general public.
  >My point was, and is, that JM converted Mitnick from a relatively obscure
  >hacker into a public figure. JM tries to evade this point but cannot
  >specifically deny it. As for Mitnick being "actively pursued," I believe
  >this is a vast overstatement. As I understand it, law enforcement had
  >largely lost interest until JM's news item embarrassed them. Even after
  >that, according to JM's own book _Takedown,_ law enforcement had to be
  >prodded into taking action. They seemed not to share JM's perception of
  >Mitnick as a severe threat. They certainly didn't characterize him as one
  >of "America's most wanted."
 
  Since when is "notorious" a vague term? The dictionary def. of notorious is
 "generally known and talked of." Kevin Mitnick had national press attention
 in at least two cases (Los Angeles 1981 and Los Angeles 1987) and there were
 a number of articles in the Los Angeles Times, which the last time I checked
 was not a hacker quarterly, before Katie and I wrote about him in Cyberpunk.
 He was notorious.
 
 Charles is just plain wrong about the issue of pursuit: There was a US
 Marshalls search for him for a parole violation, a team of FBI agents in LA
 was detailed to finding Mitnick, telecommunications companies in Seattle and
 Southern California were pursuing him, California DMV had a special
 investigator looking for him. I could go on....Law enforcement did not have
 to be prodded into action. The first thing Tsutomu did when he was invited
 to the Well was meet with a US attorney and FBI agents who had an open case.
 
 
 
 
      In response to my statement that Kevin Mitnick has never been accused
      of intentionally damaging a computer, JM writes: "Wrong again. He was
      accused of doing more than $100,000 damage at US Leasing, a SF time
      sharing company in 1980. Their system was trashed by a group that
      Mitnick was a member of. After that, at various other times he cost
      companies tens of thousands of dollars trying to close the door on his
      attacks.
 
  >With all due respect, this is not fair or accurate journalism. Was Mitnick
  >*active* in the group that caused the alleged damage? Did he play a
  >personal role? Does JM know? If not, he's just slinging mud. This is a
  >smear and should not be presented as if it is a fact. On the other hand,
  >if there is evidence that Mitnick was indeed actively responsible, I will
  >gladly admit that I didn't know of this.
 
 
  Kevin was convicted in this case in the Spring of 1982. He spent 90 days in
 juvenile detention, he was given a year's probation.
 
 
  >As for the money that companies spent fixing the security weaknesses that
  >allowed Mitnick to gain access, it is grossly unfair and misleading for
  >JM to throw this into a paragraph discussing "intentional damage." This
  >is exactly the kind of deliberate blurring of different kinds of computer
  >misuse that I complained about in my review.
 
 
  I'm afraid that Charles has confused me here. I simply gave an example
 where intentional damage was done for which Kevin was convicted. I didn't
 say that he always damaged machines, I simply object to the portrayal of him
 as an innocent
 
      Regarding Mitnick's "most wanted" status, JM writes:  "Sorry, but I
      didn't create the character, Kevin did. He has now been arrested six
      times in fifteen years. Each time, except for this last time, he was
      given a second chance to get his act together. He chose not too. It
      seems to me that he is an adult and makes choices. He chose to keep
      breaking in to computers. He knew what the penalty was. So what's the
      problem?"
 
  >Of course Mitnick is responsible for his actions. I never disputed this,
  >and never suggested he was innocent of the crimes for which he was
  >convicted. I merely suggested that the crimes were relatively trivial and
  >were exaggerated out of all proportion by JM's extravagant prose.
  >Exaggeration, imprecision, and innuendo: *that's* the problem, JM.
 
 In a passage above Charles accuses me of being vague, now he says that
 exaggeration, imprecision and innuendo are the problem. Boy, talk about
 being vague. But I guess we've descended to the nyah, nyah level....  8)
 
 
 
      JM writes: "A witch hunt? Give me a break. It was an article
      describing a law enforcement hunt for a fugitive, who had been
      arrested five times previously, convicted at least three times, and
      was known to be attacking the computers of the nation's cellular
      telephone companies."
 
  >My review complained that JM throws around words such as "attack" without
  >ever defining them in computer terms. He's still doing it here in his
  >rebuttal. Kevin Mitnick never attacked any computer, by my understanding
  >of the word.
 
  Mitnick was persistent and frequently arrogant in his break-ins into dozens
 of different computers. Attack is not an exaggeration.
 
 
 
 
      Re Mitnick's dangerousness, JM writes: "This is just not true. Kevin
      Mitnick was actively sharing system vulnerabilities with other people
      on the net. That is about the most damaging thing that could be done
      to the Internet community."
 
  >Is JM aware that some highly respected security experts believe that
  >sharing news of vulnerabilities is the best way to encourage better
  >security?  True, this is a controversial subject; but certainly the
  >sharing of vulnerabilities is NOT "the most damaging thing that could be
  >done to the Internet community." That's just another of those wildly
  >exaggerated phrases that JM throws out for emotional effect. I can think
  >of many politicians--and even a few journalists--who pose a far greater
  >danger to the future of the net than Kevin Mitnick ever did.
 
  Charles probably missed the followup discussion on this point, but I think
 there is a dramatic difference between distributing information publicly and
 sharing it in a clandestine fashion with a small gang of crackers the way
 Mitnick was doing it. I assume from his comments that Charles thinks that
 issues like Internet privacy and security are trivial and don't really
 matter very much. I disagree with him here.
 
 
 
      Re the petty gossip in _Takedown,_ JM writes: "The reason we described
      what happened at Toad Hall on Xmas was that the attacks first came
      from toad.com while Tsutomu and Julia were there. If we hadn't have
      been complete in our description someone would have charged us with a
      cover up. Please remember that David Bank, a San Jose Mercury
      reporter, spent several weeks pursuing the hypothesis that Tsutomu had
      attack his own computers."
 
  >Uh-huh. And I suppose the rest of the sordid, relentlessly personal thread
  >in _Takedown,_ describing every little nuance of Shimomura's campaign to
  >steal someone's long-term girlfriend, was merely included so that no one
  >could complain that the account was incomplete? Really!
 
 Sharon Fisher had a good response to the notion of girlfriend as property.
 Charles is being viciously innaccurate here.
 
 
      In my review, I complained about pejorative terms (such as "attack")
      that JM uses repeatedly. His response: "Perjorative?? Yikes! I mean we
      could go to the dictionary....."
 
  >Well, I guess JM *should* go to the dictionary. If he does, he will find
  >that pejorative is a perfectly good word which I spelled correctly. It's
  >ironic that he seems unaware of it, since it so aptly describes his
  >own journalistic technique.
 
  This is getting weird again. I still don't have any problem with using the
 word "attack" and would use it again. I think Charles has sort of run out of
 gas trying to mount a defense against something that is basicly
 indefensible. It's just not ok to read other people's mail, steal commercial
 software, leave trojan horses scattered around, and systematically alter
 system software. No matter how you dress it up, its criminal activity.
 
 
      Re my assertion that all charges but one against Mitnick have been
      dropped, JM replies: "Wrong. Kevin Mitnick is in jail in Los Angeles
      facing charges from more than six United States Federal Districts. He
      may go on trial or he may plea bargain."
 
  >I tried to contact Mitnick's attorney before I wrote my review. He did
  >not return my calls. I based my statement on information from three other
  >sources. If it's incorrect, obviously I stand corrected. As I understand
  >it, though, those charges from other federal districts may not have been
  >actually filed. Is "facing charges" another of those slightly misleading
  >terms that makes the situation sound worse than it really is? Are the
  >charges actual, or potential?
 
 Why didn't Charles think to give any of half a dozen US District Attorney's
 a call and chat with them about the charges that are being brought against
 Kevin Mitncik. For those who are curious there is a plea bargaining process
 going on now and Mitnick has a scheduled court date for January 29.
 
 
 
      Finally JM writes: "Myth and reality? I have been writing about Kevin
      Mitnick for a long time, since 1981 to be precise, but I didn't create
      a myth, he created his own story."
 
  >In his own rebuttal, JM has already referred to the Mitnick story as a
  >"good yarn." A yarn, of course, is a richly embroidered, sometimes
  >fictionalized version of the truth. This is precisely what I believe he
  >concocted, and it isn't my idea of decent journalism.
 
 
 
 Please Charles, which part is concocted? The part about Kevin being a
 criminal who was a fugitive and who was caught while he was breaking in to
 computers?
 
 
 
 
  >Would JM like to explain how Dan Farmer's perception of "the Mitnick
  >threat" can be so different from Shimomura's? To the outside observer, it
  >almost looks as if there wasn't a significant security threat, and
  >Shimomura must have been motivated by wounded vanity, while John Markoff
  >was motivated by his desire to tell a "good yarn" and make a lot of money.
  >Am I wrong?
 
  Yes you're wrong. I can't speak for Dan, but Tsutomu was invited by both
 the Well and Netcom to help them solve a persistent computer security
 problem. His advice to the Well was that they would never be secure unless
 the person who was attacking their computers was apprehended. The Well had
 no viable way to lock Kevin Mitnick out. Tsutomu's solution to actively
 pursue Mitnick was the only reasonable option, one which the Well management
 agreed with. There are several philosophies in the computer security world.
 One view is that rather than hiding in your shell it is necessary to track
 down offenders who have broken the law. I really don't see what's wrong with
 that approach. Do you Charles?