Kevin Mitnick, who turned legendary hacking exploits and two prison terms into a career as an esteemed cybersecurity leader, died Sunday at age 59 after a 14-month battle with pancreatic cancer, KnowBe4 revealed today. A memorial will be held August 1 in Las Vegas.
Once dubbed “the world’s most wanted hacker” after his youthful exploits attacking Digital Equipment Corporation and Pacific Bell, Mitnick completed his decade-long transition to cybersecurity luminary when he joined KnowBe4 as Chief Hacking Officer and part owner in 2011.
Mitnick and KnowBe4
As an early expert in social engineering and hacking, Mitnick provided valuable first-hand knowledge when he joined KnowBe4. He helped design KnowBe4’s training based on his social engineering tactics, and he became a partial owner of KnowBe4 in November 2011. Mitnick often represented the company at conferences and discussed his experience in KnowBe4 training videos.
Mitnick’s close friend and founder of KnowBe4, Stu Sjouwerman, remembers Mitnick as “a dear friend to me and many of us here at KnowBe4. He is truly a luminary in the development of the cybersecurity industry, but mostly, Kevin was just a wonderful human being and he will be dearly missed.”
With Mitnick as the public face of the company, KnowBe4 rocketed to the top of the nascent market for employee cybersecurity training. The company raised more than $300 million in venture funding and went public before being acquired for $4.6 billion last year by Vista Equity Partners. KnowBe4 has been ranked in the top 20 on our list of the top cybersecurity companies for several years.
KnowBe4’s statement said Mitnick “will always remain ‘the world’s most famous hacker’ and was renowned for his intelligence, humor and extraordinary skill with technology, surpassed only by his talent as the original ‘social engineer.’ More importantly, Kevin was a loving and devoted husband to his wife, Kimberley, who diligently stood beside him during his battle with cancer. Kimberley is expecting the arrival of the couple’s first child later this year.”
Mitnick’s Rise to Infamy
Mitnick initially used his knowledge of telecommunications to hack Digital Equipment Corporation at age 16, when he copied DEC’s operating system software. He initially served a year in prison followed by three years of supervised release for this offense.
As detailed in court documents and Mitnick’s 2011 memoir, Ghost in the Wires, Mitnick’s notoriety grew after he hacked into Pacific Bell to monitor how the phone company had been monitoring him while on supervised release. This violated the terms of parole and a warrant was issued for his arrest.
A two-year manhunt followed in which Mitnick was declared the most wanted computer hacker in the world. Mitnick was captured in 1995 by the FBI.
In a 2003 interview Mitnick claimed he never used stolen information or destroyed data during his hacks. Many hackers supported Mitnick and alleged that many of the charges against him were exaggerated or even false.
Some support for claims of overzealous prosecution can be found in court records. For example, Mitnik received eight months in solitary confinement because a federal judge was convinced that Mitnick could hack into U.S. military systems and launch nuclear missiles through mere whistling.
Mitnik claimed that the government was less worried about the accuracy of the charges and more worried about making an example of Mitnik to discourage other hackers. Mitnick eventually pleaded guilty and received a 22-month jail sentence for violating parole, 46 months for the additional charges, and additional supervised parole.
Mitnick’s Legacy
The U.S. government’s reaction to Mitnik’s activities lives on in the attitudes of many government, corporate, and even non-profit organizations today. Instead of trying to address risks, it was easier to try to punish the person exposing them.
Most organizations don’t have the power of the U.S. government to track down offenders or impose punishments. Thus, many cyberattacks, such as ransomware, continue to occur.
Mitnick understood where the greatest cybersecurity dangers were, and he used his platform at KnowBe4 to promote training all employees to be aware of attack vectors and to educate organizations worldwide. He understood from his own experience that ignoring problems will not solve anything. Instead, organizations of all sizes need to take steps to educate themselves and to take action to improve their defenses against the inevitable attacks.
Mitnick used phone phreaking attacks for his early exploits and watched technology evolve to render that attack obsolete. However, he also knew that there will always be new attacks, and he dedicated his career to educate us all to be less vulnerable.
Read next:
