08.08.2025
13 min
975
In memory of Kevin Mitnick, the most famous hacker of his time, whose story has become a legend of the digital age. Part 12 tells the story of the final days of his escape, when the circle of pursuers was rapidly closing in. After a daring attack on Tsutomu Shimomura, Mitnick finds himself under the sights of not only the FBI, but also a personal vendetta of a cyber expert. Using radio direction finding, eavesdropping and surveillance technology, Shimomura’s team calculates the hacker’s location in Raleigh, North Carolina. This part is about the high-tech hunt that ended with his arrest and put an end to his years of hide-and-seek with the law.
The last days of January 1995 were some of the most unpleasant in Mytnik’s life. The malicious hack of the famous computer security expert Tsutomu Shimomura, which leaked all his data, including personal correspondence, turned out to be a very bad idea. The ambitious Japanese was deeply offended and threw all his strength into catching the hacker in the name of revenge – and his connections in the American intelligence services and the hacker community turned out to be a very serious resource. By the beginning of 1995, Mytnik was wanted, and almost caught by the police in Seattle – but there was no targeted hunt for him. Behave yourself more carefully, and you could well live out the rest of your days under one of the fake identities that he learned to create skillfully and convincingly. Unfortunately, Kevin could not refrain from hacking at all – and one of them, in December 1994, turned out to be unnecessary. The enraged “cyber samurai” Tsutomu established ties with the NSA and FBI, managed to disrupt the system, and the search for Mytnik began in earnest.
Gloomy news in the form of a back-to-back article by John Markoff in The New York Times with a story about Simumura’s hacking with a “declaration of war” and a press release from the US Department of Justice about the beginning of an active search for “dangerous hacker Kevin Mitnick” found our hero in South Carolina – where he had a meeting with his cousin Mark Mitnick and his father, his own uncle.
Cousin Mark decided to try to help his poor cousin enter his business of placing advertising on store receipts under a different name, at the same time creating a branch on the East Coast. This wasn’t the first bad call recently – having just arrived in Raleigh, North Carolina, and rented an apartment under a new name, Mitnik came across a very quick recognition of the fakeness of his next persona, and he had to urgently run again, literally creating another identity for himself on the run.
There he contacted journalist Jonathan Littman, who sympathized with him, using his specially modified phone from surveillance. He didn’t trust Littman at all – but he really wanted to talk it out and share with someone what had hit him like a butt on the head, and to express his suspicions that it was all for a reason. Mytnik was particularly outraged by the fact that the press release again mentioned hacking the strategic computers of the NORAD missile defense system among his sins – something Kevin fiercely denied until the end of his days and called a duck invented by Markoff for a red word and an analogy with the plot of the popular film. war hackers.
However, for the sake of conspiracy, Mitnik did not try to convince Littman that he was hiding somewhere in the Midwest — especially since this assumption was made by Markoff, who was friends with Shimomura, with whom Littman was also in contact. Kevin assumed that now the secret services would definitely take control of the phones through which he constantly communicated with his mother and grandmother, who lived in Vegas, while on the run — and his premonition did not deceive him. Social engineering methods came in handy again: an employee of the telephone company kindly explained to a “colleague from another department” that the specified numbers had been wiretapped by the company’s security service a few days ago on the instructions of the security forces. On February 2, Mitnik was again in Raleigh — where he received a driver’s license under another fake name, this time in the name of J. Thomas Case. He literally felt the very unkind attention of those who set out to catch him.
Five days later, on February 7, 1995, a special task force was formed to hunt Mitnik, led by Assistant U.S. Attorney Kent Walker. It consisted of a hodgepodge of law enforcement officers and civilians, including Tsutomu Shimomura. Moreover, Walker informally made Shimomura his colleague in the leadership of the group – and even provided him with some classified information and capabilities from the FBI, not entirely according to protocol. Moreover, since the task force was informal, Tsutomu received carte blanche to conduct any measures to wiretap Mitnik without a court warrant, which was a direct violation of U.S. and individual state laws. Why? Because Walker and his colleagues believed that only Shimomura’s advanced knowledge and skills, combined with his personal interest, would allow them to quickly and effectively calculate Mitnik’s location and detain him.
The justification in case of publicity was that Shimomura allegedly did all this himself with the assistance of some people from the telephone companies, and the hands of the prosecutor’s office and the FBI – they were not at work at all and did not notice anything. Including that, according to the Customs, the hacking of Tsutomu’s computers will never be brought against Kevin as part of the official charges. He could have pulled in those details that the “hunters” preferred to leave out of the court’s attention. Shimomura was extremely satisfied with such conditions: literally within the canons of typical Japanese cyberpunk, he really liked working “with the system” and using the accompanying opportunities and privileges, but he could not stand adhering to formal rules and restrictions. Actually, he needed special relations with the special services in many ways in order to be able to impose any different on some part of the rules, in particular publicly and in front of congressmen.
Meanwhile, Kevin himself understood that it would be extremely useful for him to penetrate the knowledge and plans of the hunters. He had no particular illusions about being able to hack Shimomura himself again – but John Markoff, who is far from advanced in cybersecurity issues, was clearly also involved in the hunt. The customs officer managed to hack his mail without any special problems, but there he discovered that, apparently on Shimomura’s advice, he was deleting all important correspondence from the mailbox and copying the texts somewhere else, probably to a computer without a network connection. Then Kevin set up the interception of his correspondence and was very pleased.
However, he did not know that Tsutomu had already calculated this move of his. He carefully monitored Markoff’s mailbox, perfectly saw all the manipulations of the customs officer and was additionally convinced of who his opponent was, seeing how the hacker was searching the mail for texts with the query *itni*. Worse, Shimomura quickly figured out that the hacker had repeatedly accessed the network via modems from Raleigh and Denver, and he immediately reported this to Task Force Leader Walker. Walker alerted the FBI’s Colorado and North Carolina divisions, as well as local telecommunications companies. They were able to quickly figure out the number Mytnik was using—but there was a problem: his OKI phone had been modified to access the network from multiple numbers.
But Simomura was simultaneously working out various options for how to get to Mytnik. Soon Kevin discovered that someone was already sitting under his account marty on the hacker website escape.com – where he communicated with other hackers via supposedly closed and secure communication channels, and also stored various previously extracted files and databases. Mytnik logged out of the account in a cold sweat and tried to find traces of the hack, but could not. He tried to find help from his Israeli friend and colleague in hacking JSZ, with whom they had broken Simomura’s machines – but at that very moment his father was hospitalized with a severe heart attack, and he was offline almost the entire time.
In parallel, Simomura and the security officers of the telephone company General Telephone, mobilized by the FBI to catch Mytnik, had already realized that the number they had discovered was fake – and were looking for ways to still get at least some useful information through it. Soon they were struck by a simple and logical idea: they needed to track the phones from which they called this number. The idea turned out to be correct, and Mitnik clearly neglected the need to change the numbers on his phone more often: it turned out that he was repeatedly called from different numbers from the city of Raleigh, North Carolina, where Kevin was running around and organizing a new identity for himself, why do you need paperwork – and contact.
So, the location of the hacker’s location was determined by the hunters. Having received this information, Shimomura and Markoff immediately took the nearest flights and flew to Raleigh. Well, Mytnik, once again trying to get online, discovered that call tracing was installed on the modem number he was using. Kevin tried to apply the usual methods of social engineering, dialed General Telephone under the guise of an investigator who was working on a murder case, and asked the employee to specify the date and time of the tracing installation on his number 558-89-00. Unfortunately for Mytnik, the employee had clearly already been instructed by the security service and did not provide him with any information. On the contrary, she politely but persistently tried to find out as much information as possible about the caller. Kevin understood everything and hung up. Only now he transferred his cunning phone to another number of another mobile operator Cellular One.
But by that time, Shimomura and Markoff had already arrived in Raleigh. Tsutomu, acting almost like a commissioner, stormed into the Sprint office. He took a couple of engineers with him, and they installed a Cellscope 2000 radio direction finding device on the city’s cellular communications node. Employees of all cellular operators working in Raleigh and the surrounding area, including Cellular One, were instructed to immediately notify Shimomura of any anomalies in the network. As soon as Mitnik appeared on the Cellular One network with a new number and began to connect to Netcom, this was detected and Tsutomu immediately received all the information he needed.
He, Markoff, and one of the engineers, who played the role of the operator of the portable unit of the direction finding system, jumped into the car and rushed to calculate the exact location of Mitnik on the streets of the city. The increasing signal level led them to the outskirts of Raleigh, to the buildings of the Players Club housing complex near a large wasteland that ran towards farmland. Tsutomu recalled that he appreciated Mytnik’s cunning: through this wasteland, if necessary, it was possible to slip away unnoticed and literally go into the greenery of the gardens. It was an early winter morning, and not many windows were lit in the buildings. Behind one of them, they judged, the elusive Mytnik must be.
Luck favored the hunters again. The radio intercept recorded a telephone conversation from an anomalous number. Markoff recognized one of the voices through the noise of interference: it belonged to the hacker Eric Corley, widely known in not so narrow circles, the founder of the specialized magazine “2600: The Hacker Quarterly”, better known under the pseudonym Emmanuel Goldstein in honor of the hero of Orwell’s novel “1984”. And then he recognized the voice of the second interlocutor: of course, it turned out to be Kevin Mitnick.
Shortly after midnight the next day, February 15, 1995, Kevin went up to his room after the gym and sat down at his computer. He knew perfectly well that the ring was closing in — but he assumed that the FBI and the Marshals Service, as bureaucratic organizations, were somewhat slow, and it would take them some time to prepare the arrest legally and protocolically. During that time, he intended to prepare everything, clean up the network, and dump it. However, when he went to his main file storage in the network community The WELL, he discovered more oddities: some of his backdoors had disappeared somewhere, and everything was wrong again. Kevin’s whole nature literally screamed with anxiety and paranoia, although there was no formal reason yet. He looked out the window, looked around, but did not notice anything strange, and sat down back at his computer.
And then, while he was making sense of what was happening, trying to cope with his emotions and changing the passwords on his accounts, at half past one in the morning there was a knock on the door.
– Who’s there?
– Open it, FBI!
Kevin froze. Overcoming panic, he tried to calm his voice and asked:
– Who are you looking for?
– Kevin Mitnick. Are you Kevin Mitnick?
– No! – desperately trying to portray the indignation of an inappropriately alarmed unrelated person, he spoke up. – You can check my mailbox!
It was quiet outside the door. Kevin rushed to the window and tried to figure out whether he would be able to get out safely. The height did not allow this, and even if he made an obvious attempt to escape, he could have been shot. The customs officer called his mother directly and told her in plain text where he was, that the FBI had come for him and he didn’t know where they were taking him. But through a relative, she gave him the number of lawyer John Izurdiaga, who had already worked with Kevin. The knocking on the door became much more insistent – and the hacker thought it best to open it. Behind it stood a very angry forty-year-old black man with a gray beard, an FBI agent named LeVard Burns, who was in charge of the arrest operation.
What followed was a sad comedy of errors. The Customs Officer desperately tried to convince the FBI that he was not Customs Officer at all, but rather Thomas Case, his new alias—but they wouldn’t believe him, enthusiastically and professionally interrupting his proceedings. Kevin tried to get to the bottom of the law, pointing out that the search warrant didn’t specify a specific address—but the agents, without interrupting the search, delivered a new warrant with the correct address within half an hour.
With each passing hour, the evidence grew: a suitcase with blank forms that he had stolen from South Dakota was found (it was locked, and one of the agents, out of anger at the suspect’s refusal to open it, almost opened it with a knife – but, to Mitnick’s disappointment, they did it in time. in court), and documents in different names that he had used before, and a number of cell phones that were clearly excessive for an ordinary American in the 90s. And the final touch was an old ski suit. In one of its many pockets was an old receipt for payment in the name of Kevin Mitnick.
The customs officer was happily told that he was under arrest—and they didn’t even read him his Miranda statement, which is required by protocol. He was not only handcuffed, but also shackled, and taken outside. Kevin’s more than two-year escape was over. A new and very unhappy era in his life was beginning.
