From: "Declan B. McCullagh" <declan+@CMU.EDU>
Date: Sat, 13 Jan 1996 00:59:08 +0800
To: cypherpunks@toad.com
Subject: Mitnick #2: Platt responds to Markoff's rebuttal
Message-ID: <AkxcMg200YUqA5_=0A@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Topic 1119 [media]:  Media Appearances of WELLperns VI, S.F.Bay Area Division
#190 of 296: Declan McCullagh (declan)      Tue Jan  2 '96 (09:38)   212 lines
   <hidden>
 From cp@panix.com Tue Jan  2 09:26:11 1996
 Date: Tue, 2 Jan 1996 03:11:10 -0500 (EST)
 From: Charles Platt <cp@panix.com>
 To: Declan McCullagh
 Cc: Charles Platt <cp@panix.com>
 Subject: John Markoff's "rebuttal"
 
 
 In Computer Underground Digest I wrote a critical review of the recent
 book _Takedown_ by Shimomura and Markoff, in which I suggested that John
 Markoff had profited handsomely by mythologizing Kevin Mitnick as one of
 "America's most wanted computer criminals."
 
 My review was copied to The Well, where JM wrote a rebuttal. I am amused
 to fiund that this rebuttal not only fails to answer my rather serious
 allegations, but commits exactly the same journalistic sins of vagueness
 and hyperbole that I complained about originally. 
 
     JM writes: "Just for the record, Katie [Hafner] says that her remarks 
     were taken out of context here by Charles."
 
 This statement is perhaps intentionally vague, because if I don't know
 exactly what I'm being accused of, I can't answer it. *What,* precisely,
 was taken out of context? JM doesn't say. All I know is that when Katie
 Hafner contacted me directly, she complained that she never branded Kevin
 Mitnick a "darkside hacker" in the book _Cyberpunk;_ she merely used the
 phrase as the title of the first section of the book. But in fact, the
 "darkside hacker" term *is* applied to Mitnick within the text of the
 book; and in any case, a section heading obviously sets the tone for
 everything that follows. Therefore, I do not believe that I quoted Katie
 Hafner out of context--unless JM is talking about something else entirely,
 in which case he should say so, instead of attempting to devalue my review
 by a generalized accusation. 
 
     JM Writes: "The darkside hacker label was created during the late
     1980s by the Southern California press. It is a label that I noted,
     but I didn't create. However, he's right I don't regret using it. And
     also for the record, Kevin Mitnick used to drive around in Las Vegas
     with a stack of copies of Cyberpunk in the trunk of his car to give
     away to admirers.  He is on record as saying the book is '20 percent
     inaccurate.'" 
 
 JM is confusing the issue. I never suggested he invented the "darkside
 hacker" term. This is totally irrelevant. I said, very specifically, that
 he was the first to *apply* this label to Mitnick. JM does not actually 
 deny this, and I believe it is true.
 
     Re my description of his initial article about Mitnick for the NY
     Times, JM writes: "This is really inaccurate. Kevin Mitnick had become
     notorious nationally in the late 1980s as a result of his being
     arrested for attacks on Digital Equipment Computers. A menacing mug
     shot? It was the only photo available. No actual news? Not the way I
     remember it. The news was that he was being pursued by the FBI (three
     agents full time), the California DMV, US Marshalls, telco security,
     local police, etc. The further news was that the FBI had told cellular
     telephone companies that they believed the fugitive had stolen
     software from at least six cellular phone manufacturers. I thought
     then, and still think, this merited a story. I also think the story
     was a good yarn. Mitnick had succeeded in evading law enforcement for
     more than a year - again." 
 
 "Notorious" in what sense? This is another of those vague terms that JM
 throws around without limiting or defining it. Mitnick may have been
 "notorious" in hacker circles, but not in the eyes of the general public.
 My point was, and is, that JM converted Mitnick from a relatively obscure
 hacker into a public figure. JM tries to evade this point but cannot
 specifically deny it. As for Mitnick being "actively pursued," I believe
 this is a vast overstatement. As I understand it, law enforcement had
 largely lost interest until JM's news item embarrassed them. Even after
 that, according to JM's own book _Takedown,_ law enforcement had to be
 prodded into taking action. They seemed not to share JM's perception of 
 Mitnick as a severe threat. They certainly didn't characterize him as one 
 of "America's most wanted."
 
     In response to my statement that Kevin Mitnick has never been accused
     of intentionally damaging a computer, JM writes: "Wrong again. He was
     accused of doing more than $100,000 damage at US Leasing, a SF time
     sharing company in 1980. Their system was trashed by a group that
     Mitnick was a member of. After that, at various other times he cost
     companies tens of thousands of dollars trying to close the door on his
     attacks. A further point is that I have no control over placement of
     my stories in the paper." 
 
 With all due respect, this is not fair or accurate journalism. Was Mitnick
 *active* in the group that caused the alleged damage? Did he play a
 personal role? Does JM know? If not, he's just slinging mud. This is a
 smear and should not be presented as if it is a fact. On the other hand,
 if there is evidence that Mitnick was indeed actively responsible, I will
 gladly admit that I didn't know of this.
 
 As for the money that companies spent fixing the security weaknesses that 
 allowed Mitnick to gain access, it is grossly unfair and misleading for 
 JM to throw this into a paragraph discussing "intentional damage." This 
 is exactly the kind of deliberate blurring of different kinds of computer 
 misuse that I complained about in my review.
 
     Regarding Mitnick's "most wanted" status, JM writes:  "Sorry, but I
     didn't create the character, Kevin did. He has now been arrested six
     times in fifteen years. Each time, except for this last time, he was
     given a second chance to get his act together. He chose not too. It
     seems to me that he is an adult and makes choices. He chose to keep
     breaking in to computers. He knew what the penalty was. So what's the
     problem?" 
 
 Here again, JM avoids my direct point--that he was the first to categorize 
 Mitnick as "one of America's most wanted."
 
 Of course Mitnick is responsible for his actions. I never disputed this,
 and never suggested he was innocent of the crimes for which he was
 convicted. I merely suggested that the crimes were relatively trivial and
 were exaggerated out of all proportion by JM's extravagant prose.
 Exaggeration, imprecision, and innuendo: *that's* the problem, JM. 
 
     JM writes: "A witch hunt? Give me a break. It was an article
     describing a law enforcement hunt for a fugitive, who had been
     arrested five times previously, convicted at least three times, and
     was known to be attacking the computers of the nation's cellular
     telephone companies." 
 
 My review complained that JM throws around words such as "attack" without
 ever defining them in computer terms. He's still doing it here in his
 rebuttal. Kevin Mitnick never attacked any computer, by my understanding
 of the word. 
 
     Re providing advice to the police, JM writes: "I was called by Kent 
     Walker, the AUSA on the case during a meeting at the Well. He asked me
     if I thought Mitnick was dangerous. I responded that everything I knew
     about Mitnick had either been in Cyberpunk or my July 4 1994 article,
     ie. in the public. I repeated the story of one arrest in which Kevin 
     ended up handcuffed in tears over the hood of the detective's car. I
     gave no other information, nor got any." 
 
 Since we will never know the extent to which JM tried to help the FBI, I 
 guess we'll just have to take his word for this.
 
     Re Mitnick's dangerousness, JM writes: "This is just not true. Kevin
     Mitnick was actively sharing system vulnerabilities with other people
     on the net. That is about the most damaging thing that could be done
     to the Internet community." 
 
 Is JM aware that some highly respected security experts believe that
 sharing news of vulnerabilities is the best way to encourage better
 security?  True, this is a controversial subject; but certainly the
 sharing of vulnerabilities is NOT "the most damaging thing that could be
 done to the Internet community." That's just another of those wildly
 exaggerated phrases that JM throws out for emotional effect. I can think
 of many politicians--and even a few journalists--who pose a far greater
 danger to the future of the net than Kevin Mitnick ever did.
 
     Re the petty gossip in _Takedown,_ JM writes: "The reason we described
     what happened at Toad Hall on Xmas was that the attacks first came
     from toad.com while Tsutomu and Julia were there. If we hadn't have
     been complete in our description someone would have charged us with a
     cover up. Please remember that David Bank, a San Jose Mercury
     reporter, spent several weeks pursuing the hypothesis that Tsutomu had
     attack his own computers." 
 
 Uh-huh. And I suppose the rest of the sordid, relentlessly personal thread
 in _Takedown,_ describing every little nuance of Shimomura's campaign to
 steal someone's long-term girlfriend, was merely included so that no one
 could complain that the account was incomplete? Really! 
 
     In my review, I complained about pejorative terms (such as "attack")
     that JM uses repeatedly. His response: "Perjorative?? Yikes! I mean we
     could go to the dictionary....." 
 
 Well, I guess JM *should* go to the dictionary. If he does, he will find
 that pejorative is a perfectly good word which I spelled correctly. It's
 ironic that he seems unaware of it, since it so aptly describes his
 own journalistic technique. 
 
     Re my assertion that all charges but one against Mitnick have been
     dropped, JM replies: "Wrong. Kevin Mitnick is in jail in Los Angeles
     facing charges from more than six United States Federal Districts. He
     may go on trial or he may plea bargain." 
 
 I tried to contact Mitnick's attorney before I wrote my review. He did 
 not return my calls. I based my statement on information from three other 
 sources. If it's incorrect, obviously I stand corrected. As I understand 
 it, though, those charges from other federal districts may not have been 
 actually filed. Is "facing charges" another of those slightly misleading 
 terms that makes the situation sound worse than it really is? Are the 
 charges actual, or potential?
 
     Finally JM writes: "Myth and reality? I have been writing about Kevin
     Mitnick for a long time, since 1981 to be precise, but I didn't create
     a myth, he created his own story." 
 
 In his own rebuttal, JM has already referred to the Mitnick story as a
 "good yarn." A yarn, of course, is a richly embroidered, sometimes
 fictionalized version of the truth. This is precisely what I believe he
 concocted, and it isn't my idea of decent journalism.
 
 ----
 
 Lastly, a question which occurred to me after I wrote my original review.
 Around the same time that Kevin Mitnick broke into Tsutomo Shimomura's
 computer, he also broke into the system of Dan Farmer, another extremely
 well known security expert. What did Farmer do? He didn't get
 self-righteous about the "invasion of privacy." He didn't start ranting
 about the "extreme danger" posed by Mitnick. He certainly didn't take
 several weeks from his normal schedule and pursue a personal vendetta. Nor
 did he coauthor a book portraying Mitnick as a danger to the net. He 
 presumably fixed the flaw that had allowed Mitnick to get in, and went on 
 with his life.
 
 Would JM like to explain how Dan Farmer's perception of "the Mitnick
 threat" can be so different from Shimomura's? To the outside observer, it
 almost looks as if there wasn't a significant security threat, and
 Shimomura must have been motivated by wounded vanity, while John Markoff
 was motivated by his desire to tell a "good yarn" and make a lot of money.
 Am I wrong?