zlacker

[return to "Kevin Mitnick has died"]
1. josh26+W3[view] [source] 2023-07-20 00:24:24
>>thirty+(OP)
Mitnick was a hacker hero of mine in my youth. I think I’ve understood his role as jester prior to conviction less as I’ve grown older, but there’s something about the boyhood charm of being so divorced from the potential consequences of one’s actions that is almost unique.

Mitnick had so many stories that entranced the people around him. I heard one second hand of Mitnick dealing with a bank who had early voice verification software. Upon meeting the CEO he gave the executive his card and departed for the evening. Arriving back at his hotel, he called the CEO and asked him to read his phone number to him. The phone number contained all ten digits which Mitnick had neatly tape recorded so as to make the CEO’s voice reproducible. He then proceeded to use the bank’s vocal banking system to transfer $1 from the CEO’s account to his as the authentication mechanism was reading out your own account number in your voice.

When Mitnick arrived back in the board room the architect of the voice verification system was crestfallen and the bank CEO delivered a check on a silver platter.

Now how much of that tale is embellished I will never know as it was second hand, but that was the kind of whimsy Mitnick brought to our world.

Rest in Power.

◧◩
2. educti+tb1[view] [source] 2023-07-20 12:52:28
>>josh26+W3
He has the CEO’s number and successfully calls him, and through some miracle gets through directly to ask this trivial question — as opposed to getting the number from the assistant who answers his phone - sure ok but then under what pretense does he then ask him to repeat his phone number? “Please repeat the phone number I just dialed.”

The phone number contains all the digits needed to recreate the bank account number?

He somehow has the bank account number?

He meets the CEO (despite just being a security consultant) and gives his report to the board of directors?! That is not how companies usually work, especially the board part.

Check on a silver platter? architect of the voice system is brought into the room with the board to be humiliated? This reads like something a 13 year old would dream up (nothing against OP maybe someone even Mitnik really did claim this happened).

The tale is absolutely embellished if it has any truth at all.

◧◩◪
3. breeze+oy1[view] [source] 2023-07-20 14:39:19
>>educti+tb1
He was pretty famous when he started doing security consulting so it doesn't seem like a stretch to me.

Bank account numbers are written on the bottom of checks along with the routing code. If you have a check from them, you have their checking account number.

Phone numbers are ten digits long. So a number like (213)485-7690 contains all digits from 0 to 9. Caller ID spoofing is trivial even back then. For example, you could ANI fail to a calling card system which would drop you to an operator. Then you just tell them the number you're "calling from" and that number would show up as your Caller ID and ANI.

Using voice authentication is pretty stupid but, iirc, at least one US bank still does something similar. That said, I imagine part of the authentication was probably caller ID based. This was/is also why voicemail systems don't prompt you for a PIN when you call them from your own phone - they use caller ID for authentication.

[go to top]