On January 21st, Kevin Mitnick accessed the Internet for the first time since 1995. The press was watching eagerly, wondering what this notorious hacker would do first. But in a twist that's hardly surprising, a true mark of the occasion has been what other hackers have done with Mitnick's new electronic presence.
Mitnick's new company in Los Angeles, Defensive Thinking, hosts its web site using Microsoft IIS on Windows 2000. It was only a matter of time before the hacker "Bugbear" exploited an IIS vulnerability, using it to add a new page to the web site. "Welcome back to freedom, Mr. Kevin," it read. "[i]t was fun and easy to break into your box."
Next, another hacker exploiting another IIS bug from somewhere in Texas got into Mitnick's site on February 9th. He asked Mitnick to make him the company's Chief Security Officer.
Mitnick hasn't commented on whether he'll hire either of the hopeful hackers, but he clearly takes their actions in stride. He told the Associated Press, "All the hackers out there figure if they can hack Kevin Mitnick's site, they're the king of the hill," and called the incidents "amusing."
The ordeal is, however, somewhat disappointing from a security point of view. After all, Mitnick's is a security company, apparently poised to help other companies keep hackers out. Not to worry, though. "I haven't had any time to play webmaster," Mitnick told the AP. "But it looks like I'll have to look into it."
As Mitnick's hand in the total operation of Defensive Thinking becomes more significant, it will be interesting to watch how his newly re-applied skills will be reflected.