Could you hack into the New York Times best-seller list and change the ranking of your new book, Ghost in the Wires?
Probably. These days companies hire me to break into their systems to find their security vulnerabilities. I don't know if I could compromise the New York Times network, but I think it's likely. Of course, I would only do it with authorization.
Your first crime involved fake bus transfers. Do you think if somebody had cracked down on you earlier, your life might have gone a different way?
I think it goes back to my high school days. In computer class, the first assignment was to write a program to print the first 100 Fibonacci numbers. Instead, I wrote a program that would steal passwords of students. My teacher gave me an A.
What made you a good hacker was less the coding skills and more the social-engineering skills. What were they?
Social engineering is using deception, manipulation and influence to convince a human who has access to a computer system to do something, like click on an attachment in an e-mail. Most of the computer compromises that we hear about use a technique called spear phishing, which allows an attacker access to a key person's workstation. It's extremely difficult to defend against.
Has social networking changed hacking?
Made it easier. I can go into LinkedIn and search for network engineers and come up with a list of great spear-phishing targets because they usually have administrator rights over the network. Then I go onto Twitter or Facebook and trick them into doing something, and I have privileged access. If I know you love Angry Birds, maybe I would send you an e-mail purporting to be from Angry Birds with a new pro version. Once you download it, I could have complete access to everything on your phone.
How easy was it for those tabloid reporters to hack into celebrities' phones?
This kind of boggles my mind. A lot of the cellular operators would create a default PIN for people's voice mail as 1111 or 1234. It doesn't take a hacker to guess a PIN like that.
What is the perfect PIN then?
The perfect PIN is not four digits and not associated with your life, like an old telephone number. It's something easy for you to remember and hard for other people to guess.
What do you think of people like Julian Assange and the WikiLeaks crowd?
It's more Bradley Manning who was responsible for all of that. Here's an enlisted guy who's able to dump secret documents from SIPRNet to CDs. It is a huge security failure on the part of the U.S. government--the worst that I know of.
Which of your hacks are you most proud of?
I think when I hacked into Pac Bell Cellular to do traffic analysis on the FBI agents who were tasked with capturing me--not for hacking into Pac Bell but for how I leveraged that information to stay one step ahead of the government.
You used Money's rankings of the 10 most livable cities to find places to hide. Should the FBI monitor that list?
No, it was just allowing Money to randomize my choice. If I had my own choice, somebody might have figured it out.
You served five years. How do hackers get treated in prison?