Takedown

alt="Kevin Mitnick is probably the world’s most famous cracker" align="right"> color="#FF0000">Christmas day, 1994.

An unknown attacker spends hours rifling

through one of Shimomura’s computers, and electronically stealing hundreds of

megabytes of software and electronic mail.

December 26.

The attack is noticed by Andrew Gross,

a graduate student at the University of California, San Diego, who works with Tsutomu. He

detects that someone has edited log records in an effort to hide their presence.

After working virtually around the clock for several days, the small team is able to

piece together the method of the attack. The intruder or intruders have taken advantage of

the Internet’s basic protocols by spoofing one of Tsutomu’s computers, fooling

it into believing that messages were being sent from a trusted source.

January 27, 1995.

Bruce Koball, a Berkeley,

California software designer, finds hundreds of megabytes of software in an account he has

been using infrequently on the Well, a Sausalito, California online service.

February 7.

Tsutomu sets up additional monitoring

gear and finds that the intruder is using the Well as a staging base for attacks on

corporate and university computers all over the Internet. The attacker keeps his tools at

the Well and then uses them to break in to a succession of systems. He finds a series of

clues that the attacker may be Kevin Mitnick, a well-known computer criminal, who is a

fugitive for a parole violation and is suspected in a number of computer break-ins.

alt="US-based Tsutomu Shimomura is a leading authority on computer security" align="left"

hspace="5" vspace="5">February 9.

The trail from the Well

leads to Netcom Online Communications Services, a US Internet services provider based in

San Jose, California. Tsutomu drives to San Jose in the evening and begins setting up a

monitoring system there. The effort is complicated by the torrent of data that is passing

through the Netcom network. Special tools are required to set up a monitoring operation

and Tsutomu works through the night to have monitoring set up by the next morning, when

the attacker usually comes online.

February 10.

Monitoring at Netcom, Tsutomu is able

to determine the attacker’s identity when–in a keyboard session with a

confederate in Israel–the intruder complains that his picture has appeared on the

front page of the New York Times. Mitnick and the Israeli are systematically

breaking in to the machines of computer security experts hunting for information on system

vulnerabilities. Mitnick is trying to mask his location by connecting to the Internet via

different Netcom local telephone numbers around the country, but he appears to be coming

from Raleigh, North Carolina, most frequently.

February 11.

Working with an engineer from

SprintSprint Cellular, Tsutomu is able to determine that Mitnick has tampered with a GTE

telephone switching system in Raleigh to mask his location. The fugitive is using a

cellular telephone and a modem to try to hide himself. However by comparing database

records from Netcom with phone calls made from the cellular system, Tsutomu and the

engineer are able to pin down Mitnick’s location to a particular cellular telephone

site in Raleigh.

February 13.

In the evening, an FBI radio

surveillance team arrives from Quantico, Virginia. They spend the night on a stakeout and

narrow the computer outlaw’s location down to a small group of apartments.

February 15.

After midnight, in the early morning

of the 15th, FBI agents arrest Kevin Mitnick. The fugitive had been on the run for more

than two years.