Podcast 10: The Condor








Welcome to the cutting edge of cybersecurity conversation, where we untangle the complex web of digital protection, particularly when it comes to secure remote work. In an era where our offices extend beyond the four walls to the vastness of the internet, safeguarding our digital footprint isn’t just optional; it’s imperative.

In today’s Digital Desperados podcast recap, we’re not just traversing the shadowy alleys of cybercrime; we’re equipping you with the shield of SaferNet. Imagine a workspace without the lurking dread of digital threats, where each click isn’t a potential misstep into the abyss of cyberattacks. That’s the peace of mind secure remote work can offer.

In this episode, we’re dissecting the tales of online outlaws and the legendary hackers who have danced on the fine line between infamy and ingenuity. But as we do, let’s not forget the heroes of this narrative: the secure solutions like SaferNet that empower us to lock down our virtual fortresses, be it our home offices or coffee shop corners. With tools designed to encase your online environment in a cocoon of security, including VPNs, internet controls, and a robust array of website filters, the narrative shifts from vulnerability to empowerment.

So, buckle up as we dive deep into a dark tale from the web, with a guiding light waiting to lead us back to safety. Let’s explore together how secure remote work doesn’t just protect us; it propels us forward into a future where we command our digital destinies!

Transcript Begins:

Jim Brangenberg: Hey, welcome to the Digital Desperados Podcast featuring Dark Tales from the web. Patrick McMurphy’s here today to tell us our dark tale and he’s joined by Brad Hawkins, founder and CEO of SaferNet. I’m Jim Brangenberg and I’ll serve as your story guide and just remember, this broadcast, this podcast is brought to you by SaferNet online at SaferNet. com.

You know, cyber criminals are trying to get into your computer all the time. All the time. Protect your computer, protect your workplace, your home place effortlessly with SaferNet, cyber security made simple for businesses and families. It includes a VPN, internet controls, virus protection, plus 84 website filters for a focused online experience.

Your safety is SaferNet’s priority. Get secured now. Sign up at SaferNet. com. That’s SaferNet. com. All right, Patrick, which dark tale are you telling us today?

Patrick McMurphy: So today guys, I want to talk about a legendary figure and fugitive in the hacking world. His name is Kevin Mitnick, also known as The Condor. He was extremely skilled at both social engineering and technical hacking. So The Condor Kevin Mitnick, he was born on August 6th, 1963 in California. Kevin had a fairly normal childhood, but he did show a pretty worrying interest in social engineering at a young age. So if you look at Kevin, by age 12, he convinced a bus driver to reveal where he could purchase the ticket punch machines.

He told the bus drivers for his school project. And so he went out and bought one, and this allowed him to ride any bus in the greater Los Angeles area for free. He would use transfer slips he found in dumpsters and punched them, so, just right off the bat, the guy is socially hacking. And so, he went on to attend James Monroe High School in Norris Hills. He was very interested also in licensed amateur radio and so he got a license there and he chose the nickname, The Condor, which is how he got his hacking name, The Condor.

It was because he’d watched a movie. I don’t know. Have you guys seen it, called three days of The Condor? That’s where he got it.

Jim Brangenberg: I missed that one. Must have been asleep that weekend or something Did you want to tell us about that movie, Patrick? I mean three days of The Condor – I don’t don’t know.

Patrick McMurphy: I mean, I mean if paramount will come to me with a check, i’ll talk about their movies, but you know, otherwise…

Jim Brangenberg: Okay. All right. You draw the line there. Okay. Brad did you see that one?

Brad Hawkins: No never have, never even heard of it.

Jim Brangenberg: Bummer. Okay. Sorry. We don’t have the context. So you keep going then.

Patrick McMurphy: So age 16, 1979, this is where The Condor starts technically hacking. And so he gains unauthorized access to something called the Arc.

And so the arc was owned by DC. Now DC are actually not really in business as such anymore. They got absorbed absorbed by HP, and so they were developing an operating system called RSTSE, which is one of the very early operating systems. And so he infiltrated that network through social engineering and technical skill.

He basically would kind of call in as a network administrator, even though he wasn’t. He was a 16 year old kid. And so he copied the company’s software and started selling it on the site. Now this is obviously, you know, the 80s, not a lot of computer crime. The FBI got involved. And so, he was convicted for that crime in 1988, and he was sentenced to 12 months in prison, followed by 3 years of supervised release.

And so, once the Condor got out of

Brad Hawkins: How old was he then?

Patrick McMurphy: He, he would have been between anywhere around between 16 and 20, I believe. So a kid, really. A kid.

Jim Brangenberg: Yeah, seriously, yeah. Not to correct you, because you’re telling the story, but if he was 16 got convicted in 1988, he would have been 25.

Patrick McMurphy: Oh, yeah. My apologies.

You’re correct. You’re correct. That’s, that’s how good at mathematics I am, obviously.

Brad Hawkins: He’s, he’s on top of it. Yeah. So there’s, there’s real punishment at that point.

Patrick McMurphy: So, yeah, yeah, exactly. And so once he gets out of prison and he’s on supervised released, he’s not initially doing anything, but toward the end, he decides he’s going to start hacking again. And so his first target is Pacific Bells voicemail computers.

Jim Brangenberg: You guys remember those? I can remember the voices on Pacific Bells voicemail when you listen to it. She had a great voice. I always want to meet the lady that did that stuff.

You know, we just need to remind everybody, Hey, this podcast is brought to you by SaferNet. We really encourage you to go online to SaferNet.com, check out all the different things they can do for you. I personally have been using SaferNet for months for not only for our businesses but personally. What I love is that when I tell SaferNet that I don’t want to go to a website because I just don’t think I should be going to that website, it blocks it. I can program it to block it and and the other day I was clicking on a link that I thought was a legitimate link and SaferNet says yeah, I don’t think you want to go there and it says Don’t go there. This is dangerous. I love that about SaferNet. Check it out online. SaferNet. com. Patrick, back to you.

Patrick McMurphy: So yeah, after this hack anyway, he gets a warrant issued for his arrest again, but Condor says, not this time guys. So he flees, he becomes a fugitive and he remains a fugitive from 92 to 95. And so this is really where

Brad Hawkins: So Patrick, help me understand. You know, everybody seems to have reasons for what they’re doing. And we’ve talked about that on, on other stories that you’ve so eloquently brought to us. What is it that, that you think he was trying to get to in hacking the voicemails? Is he, is he just trying to, to hear what other people are up to or, or economic value to him?

Patrick McMurphy: I think it’s a mix. So it’s not just voicemails. He, he was hacking into a lot of stuff at this time, but it’s a mix of – he just wants that, you know, that knowledge is power idea. He wants to kind of spread his legend as this hacker. And yeah, there’s definitely a financial side to it as well. You’ll see later, he gets into a lot more financial stuff, but

Brad Hawkins: So a lot of, at least his starting was trying to get a name for himself and maybe a little bit of economic value, but trying to get accolades from his hacking community.

And I find that fascinating that that’s how a lot of a lot of these people get started is just trying to get, get known for themselves in the hacking community. It’s like a community of, not buddies, but you know, rivals, but you get, you get accolades for doing it. So anyway…

Patrick McMurphy: Yeah, I mean, it’s like that in the hacking community. It’s kind of your name is your currency. So how much is the name of The Condor worth in terms of notoriety? And it’s trying to build up that reputation within the cyber underworld, I suppose. And so, as I said, yeah, so he’s fled and he’s on the run for nearly three years, but this is really, this is where it gets very interesting to me.

So as a fugitive, he started basically, he started using false identities. He would create counterfeit IDs, counterfeit social security numbers. He kept hacking during the whole time he was on the run. He was involved in wire fraud. He would sell Dublin company software, like he would have started out with.

He never left electronic traces. He would never use credit cards or cell phones. So the guy was just, he was completely clued in. And this is where the hacking community really started to notice, because the FBI’s pursuit intensified, and he became one of the most wanted criminals in the U. S. at the time.

Jim Brangenberg: That’s back when the FBI used to pursue criminals, you mean.

Patrick McMurphy: Exactly. Ah, yeah.

Jim Brangenberg: Okay, got it.

Patrick McMurphy: But I mean, if you think about it, how can you, you know, it was their early cyber crime division trying to pursue this guy who doesn’t leave an electrical trace. You know, it’s nearly impossible.

Brad Hawkins: And think about, you know, even now or today doing that without a cell phone. I mean, we live on our cell phones, and he’s out there just bouncing around, probably public Wi Fi’s and a laptop or something.

Jim Brangenberg: Well, in the mid 90s, there were still pay phones.

Patrick McMurphy: Yeah, just trying to plug it to a cable wherever he could find it, you know, real urban hacking stuff. But his hubris kind of does get the better of him because at the time there’s this pretty famous cyber security researcher called Tsutomu Shimomura.

And so he’s Japanese American. He’s a very well known name in the white hat hacker community. He’s a good guy. And so The Condor, he wants to clown him. That’s what I’m going to say. He wants to embarrass Shimomura. So what he does is that he hacks into Shimomura’s personal computer. And for no other reason than just to say, I hacked into this guy’s computer.

And so Shimomura takes this with great offense. As you can imagine, I mean, these guys, this is a battle of titans here. You have one of the most notorious hackers at the time and one of the most notorious well, yeah, notorious security guys at the time. And so, Shimomura immediately goes to the FBI and says to the FBI I’m going to assist you in tracking him down.

We are going to track down this guy. So Shimomura just has this righteous indignation about him. He’s going to track him down. And so eventually he does. He captures him. The FBI with Shimomura on February 15th, 1995.

Jim Brangenberg: So they let him have his Valentine’s date with his girlfriend before they arrested him. Got it. That was nice. I mean, it’s good that they did that. I mean, you know, Hey, we’ll let him have his date tonight. We’ll get him tomorrow.

All right. It’s important to understand businesses and families, you need to stay secure when you’re in the internet. And SaferNet can provide that security. It’s so important that you are protecting those that you love and those that you work with.

The cloud connected cyber security app SaferNet will defend against online security threats effortlessly with their 84 internet filters, and they can help safeguard your data, your devices, and your loved ones. Everywhere I go, I got SaferNet walking with me. Get peace of mind with SaferNet VPN, simplifying your cybersecurity for all of your people, for all of your devices.

Sign up at SaferNet. com. That’s SaferNet. com.

Brad Hawkins: Nice.

Patrick McMurphy: So rolling around to 1998, he was, you know, he’s captured at this point and he’s facing a lot of charges, charges like wire fraud, unauthorized access to computers. Eventually he gets about, he gets sentenced to about five years in prison. However, he, at this time, has the entire hacking community on his side.

He’s become, as I said earlier, this legend in the hacking community. So there’s a huge amount of hacking incidents around the time of his arrest all related to, we’ll say, cyber vandalism. So, they hacked, for example, Yahoo. And replace all the banners with the banners that just says Free The Condor. So in 1997 you will go around to various websites and all the banners you would see are Free The Condor.

Jim Brangenberg: Did you check that? Did you verify that point? Did you go out and try to find one of those to see what it looked like?

Patrick McMurphy: Yeah, but I broke the time machine on the way back, you know. So, and here’s the thing I’m just going to just cast light on how little authorities really understood about cybersecurity at the time.

So, The Condor is sent to 8 months in solitary confinement, initially. This is because the law enforcement officials thought that he could start a nuclear war by whistling into a payphone. This is how big this guy’s mythos had grown out of that. He could launch nukes with a whistle if there was a payphone on him somewhere.

So it was, I mean, if you think about it, this is just kind of around Y2K, so that’s the kind of mindset of people you’re dealing with, you know, it was, it was panic.

Brad Hawkins: Now Patrick, was he really that good or did he just create this persona around him that kind of freak people out?

Patrick McMurphy: He was incredibly gifted and he was also gifted in creating that persona. So yeah, to your latter points, he was amazingly talented, but no one, I don’t think anyone’s that good. You can’t start a war with an icon.

Brad Hawkins: So not only is he good at hacking, but he’s also very good at marketing, which probably would have been a better career choice.

Patrick McMurphy: Absolutely, 100 percent better career choice, I think.

Jim Brangenberg: Which one pays better though? But when you look at what he really was, he was a great relationship guy.

Patrick McMurphy: Exactly. social engineer. Yeah. Yeah. Yeah. He knew, he knew people. He knew, knew how to work people and he knew how to kind of, you know, change people’s views. And so, eventually the Condor does get released from prison and then, during his supervised release for the first three years, he’s only allowed to use a landline telephone.

So, at this point, they’re now aware that he can’t start a nuclear war by whistling into a telephone, which is, which is something. So, I think, at this point, Condor is, I don’t know, has he seen, you know, the damage his crimes have done, but he’s kind of sick of prison at this point, so, he decides to flip.

He starts his own company basically called Mitnick Security Consulting. And they kind of want to shine the light on his own case. So, you know, how it tested new computer laws, how it raised public awareness of networks and computer security, things like that. He becomes a cybersecurity consultant as well, public speaker, an author.

He founds another company called KnowBe4 and he was a frequent guest at both White Hat and Black Hat conventions. So it’s very funny if you’re looking at photos of The Condor online, he’s often with these guys smiling who are on like the fbi’s most wanted list.

Brad Hawkins: So wait a minute. They actually have real live in person black hat hacking conventions?

Patrick McMurphy: Yeah, defcon is the biggest one and it goes on in las vegas every year. It’s very funny. You’re told not to bring your atm card to it because it’s nearly immediately you lose your money, immediately walking into the arena. So it’s cash only. And people bring burner phones and everything. I would never go. It just sounds like a disaster

Jim Brangenberg: I’m just trying to think, I’m guessing that may be infiltrated by some security officials.

Patrick McMurphy: Oh, yeah. Entirely. Entirely. But yeah, so, I mean, this guy still is, at this point, is still just such a legend that people in the white hat community love him because of all the information he’s bringing. And people in the black hat community know him as the Fugitive Condor and they look up to him as a legend.

And in fact, his legend was so inspiring to a lot of people that they actually made a movie about it called Trackdown, which is about the change between him and Shimomura. And now him and Shimomura have actually met since. They became pretty good friends after his release. I’m sure he apologized for hacking his computer and Etc.

Brad Hawkins: Jim, did you catch that movie?

Jim Brangenberg: I missed that one too.

Patrick McMurphy: I’ll have to say guys. It’s not great. It’s it’s not great.

Jim Brangenberg: Oh, well, it’s good Patrick watched it. So that’s, we’re okay.

Patrick McMurphy: Yeah, it was for research purposes. But yeah, it’s interesting, historically speaking, but you know, it’s a little bit dramatic. It’s a bit like that fugitive film with Harrison Ford, you know, maybe.

Jim Brangenberg: Oh, I have seen that one multiple times.

Patrick McMurphy: Yeah, like there is no, there is no scene with Kevin Mitnick jumping out of a dam or anything like that, but you know, they get pretty close. Now, sadly, the story doesn’t end too well. So, you know, The Condor, he did contribute great things to the white hat community, but sadly, July 16th, last year, he actually passed away at the age of 59 due to pancreatic cancer.

At the time of his death, he was married, and his wife was pregnant with their first child. But yeah, it was a really short but very interesting life for probably the only figure that I know of who has endeared both the white and black hat hacking communities.

Brad Hawkins: So going back to his, his style of hacking you know, we talked a little bit about his desire to become a well known hacker. How did he end up making money through his hacking? What was he doing to generate a cash flow?

Patrick McMurphy: The biggest thing during his, especially on the run years, was wire fraud. And secondary to that he would break into, we’ll say companies that were selling software. SaaS companies basically. He would break into their systems, steal their software and then sell it on the black market or kind of legitimately at a discount.

Brad Hawkins: So he was just getting access to code and selling the code.

Patrick McMurphy: He would. He would get into their database and then, you know, find the compiling code, take it, and then, you know, sell it as, as a finished product.

Jim Brangenberg: So he was a wholesaler and a retailer.

Patrick McMurphy: Excellent.

Brad Hawkins: Maybe not a wholesaler, but a retailer.

Jim Brangenberg: And he didn’t get a chance to be a dad. That’s just sad. I’m guessing his wife was younger than him when he died.

Patrick McMurphy: Surely,

Jim Brangenberg: Which means he had some money.

Patrick McMurphy: Oh, for sure. Come on. Who wouldn’t want to date the legendary fugitive? You know, come on.


Jim Brangenberg: So Brad, when you think about how SaferNet would have helped in any of these areas, could SaferNet have helped Simamura, the Japanese guy that he attacked? How would SaferNet have helped prevent half of these disasters that that Condor wreaked on other people?

Brad Hawkins: Well, it really depends on how he was getting into the businesses. And, you know, in, in most cases, somebody will find a weak link with a business, you know. A sales guy that goes to Starbucks and uses his laptop to, to access the network and never turns on a VPN and never protects himself from the network and those are easy ways of getting into a network so that then you can crawl through the network and, find whatever you want to find.

And so it really depends on how they were breaking in. But yes, if somebody, if a business owner made sure that all of their employees were operating with the proper cybersecurity on every endpoint device or every computer, cell phone, whatever it is yeah, you’re, you’re going to be much safer than if you’re just

going rogue and and believing that your virus protection is somehow everything you need. So yes.

Jim Brangenberg: You heard it there from the founder of SaferNet! If you had SaferNet The Condor would have had a lot more difficulty. Maybe that Japanese guy – say his name again for me.

Patrick McMurphy: Shimomura.

Jim Brangenberg: He should have had SaferNet on his computer.

Patrick McMurphy: Absolutely.

Jim Brangenberg: Well, you heard it here. The Internet and everything digital can have a dark side, but also a bright side because it seems like these guys play both side of the aisle. Many dark players out there. It’s why you need SaferNet by your side – VPN, antivirus, 84 website filters, and so much more. The ability to track, block, allow. It’s power at your fingertips and safety everywhere you go.

Thanks to SaferNet for supporting our efforts to bring these stories to your ears and giving them the exposure that they need. It’s also a lot of fun to talk about them and for your own security and the security of those you love and those you work with, check out SaferNet. com and get secured today. Till next time, click only on the links that people send you that you trust and delete the rest, or you may become the next victim of a digital desperado.

Transcript Ends.

And just like that, we close the chapter on another enthralling saga from the cyber frontier. While the story of The Condor, Kevin Mitnick, is a captivating journey through the twists and turns of early cybercrime, it’s also a powerful reminder of the ever-evolving challenge of securing our digital lives, particularly in the realm of remote work.

As we sign off today, let’s take a moment to reflect on the resilience we can forge through secure remote work practices. SaferNet isn’t just a service; it’s a sentinel in our pursuit to remain both vigilant and victorious against the backdrop of digital desperados. The internet is our office, and we must defend it with the most robust tools at our disposal.

Remember, whether you’re diving into databases or simply sending emails from your kitchen table, the mantle of security is yours to don. With the right protections in place, like those offered by SaferNet, we’re not only shielding our work; we’re safeguarding our future.

Until next time, keep your connections secure, your data protected, and your digital life safeguarded. Here’s to mastering secure remote work and remaining steadfast in the face of the virtual unknown. Stay safe, stay connected, and most importantly, stay secure.

For more tips, tricks, and tales from the digital age, keep tuning in to Digital Desperados. And for peace of mind as you navigate the internet, check out SaferNet.com and step into a more secure tomorrow.