1/16

Kevin Mitnick

I First hacker on the FBI’s Most Wanted list.

I ”Anything out there is vulnerable to attack given enough timeand resources.”

2/16

Kevin Mitnick

I Was a hacker, is a computer security consultant.

I https://en.wikipedia.org/wiki/Kevin_Mitnick

I Never stole or profited from any information he hacked into

I Follow him on twitter: @kevinmitnickhttps://twitter.com/kevinmitnick (as of spring 2021,256K followers)

3/16

The Kevin Mitnick Attack

Who: Kevin Mitnick (The Attacker); Tsutomu Shimomura (TheVictim)When: December 25, 1994Where: San DiegoWhat: Shimomura’s computer was hacked by Kevin MitnickHow: ??

4/16

The Kevin Mitnick Attack

Attack against the TCP 3-way handshake.Attacking mechanisms used:

I IP spoofing

I SYN flood

I TCP sequence number prediction

5/16

TCP 3-way Handshake

6/16

TCP Header

7/16

TCP Header

8/16

TCP 3-way Handshake

9/16

IP Spoofing

A technique in which an attacker creates IP packets with a falsesource IP address, so as to conceal its identity or impersonateanother computer system.

10/16

IP Spoofing

11/16

SYN Flood

12/16

TCP Sequence Number Prediction

Mitnick sent SYN request to the Target and received SYN/ACKresponse. Then he sent RESET response to keep the Target frombeing filled up. He repeated this for twenty times. He found thereis a pattern between two successive TCP (initial) sequencenumbers. It turned out that the numbers were not random at all.The latter number was greater than the previous one by 128000.

13/16

The Kevin Mitnick Attack

14/16

Consequence

I Caught in 1995

I Charged with wire fraud (14 counts), possession ofunauthorized access devices (8 counts), interception of wire orelectronic communications, unauthorized access to a federalcomputer, and causing damage to a computer

I 46 months and 3 years probation

I Released 21 Jan 2000

I Could not have anything to do with a PC until 20 Jan 2003

15/16

Interesting Resources

Takedown: also known as trackdown, a movie based on KevinMitnick’s story, released on 2000.

Freedom Downtime: A documentary produced by 2600: The

Hacker Quarterly in response to Track Down. (Available onyoutube.)

The Art of Deception: A book written by Kevin Mitnick in2002, explains how social engineering can be combined withhacking.

16/16

Question

Why the attack happened on Christmas Day?

Shimomura’s machine has to be idle for the attack to succeed.New Internet connections would change the initial sequencenumber and make it more difficult to predict the sequence number.

16/16

Question

Why the attack happened on Christmas Day?

Shimomura’s machine has to be idle for the attack to succeed.New Internet connections would change the initial sequencenumber and make it more difficult to predict the sequence number.