Writer offers cash for hacking tales

Computer hacker Kevin Mitnick has offered cash in exchange for tales of hacking escapades to fill a book he is writing.

Computer hacker Kevin Mitnick has offered cash in exchange for tales of hacking escapades to fill a book he is writing.

Mitnick used e-mail messages to online security discussion groups and his web page to issue a call to the hacking community for stories of online derring-do, promising an award of $500 for the "most provocative story".

"I'm putting out a call to all existing and former hackers to tell me about your sexiest hack," Mitnick wrote on his web page, www.freekevin.com.

Mitnick will judge the stories based on their innovation and the ingenuity that hackers used to compromise their targets. Winning stories will involve a combination of technical, physical and social aspects.

The book, which may be released in October or November, is tentatively titled The Art of Intrusion. It will the follow up to Mitnick's first book, The Art of Deception, which focuses on so-called "social engineering", the subtle techniques that computer hackers often use to get computer users and administrators to divulge useful information that can be used in attacks.

The latest book concentrates on "the untold true stories of the most salacious hacks in history", Mitnick said.

Mitnick will look for stories about hacks against high-value targets, such as universities and governments, and will agree to keep the author's identity a secret in exchange for the details about how computer networks were compromised.

Unsophisticated hackers who use automated scanning and hacking programs, commonly referred to as "script kiddies", need not apply.

In addition to publishing the hackers' untold stories, Mitnick and a co-author will analyse the attacks and offer readers suggestions on how to avoid such attacks on their own networks.

The biggest challenge will be verifying the truth of the stories.

Proof of the compromise, such as proprietary information taken from the organisation, could help to establish the veracity of the hacker's tale.

"If receiving [proprietary information] is not legal, I'll have to find some other way to exercise due diligence on the stories.  I don't want the book to be fiction," he said.

Mitnick denied that he was in any way encouraging illegal acts by offering money in exchange for stories.

Paul Roberts writes for IDG News Service

Read more on IT risk management