If you are into this topic, read as many point of view as possible and take a look at http://www.takedown.com/ (Tsutomu Shimomura's side of the story).
I think a lot of this was social engineering, but at one time the fbi considered mitnik some kind of super hacker. How did that disconnect happen? I imagine because his targets didn’t want to admit to the fbi how crappy their security was, so they would just say omg! We got hacked!
Big moments I remember from his book.
1. Gaining access to a telco C/O and social engineering his way out after being caught
2. Ultimately being caught by sloppy practices himself, logging into systems he was comfortable with and getting traced, and then forgetting some sort of identification in a ski jacket he hadn’t used in a long time, which was in his closet in a place he was living under a new identity.
It’s been awhile so I could be partly off on those details. But I’d say at least those pieces are very believable.
It should be illegal for the government to keep redactions in anything made public/declassified. It's a slap in the face to see entire sections of text (that most certainly contain important context) blocked out with a white blob.
Why do we need to have the names of people like a random security guard that was duped by social engineering? To make sure he pays for a mistake or something? What is the reason for not reacting his name?
There may be a middle ground where, with some effort effort, a watered down summary of the redacted information could be given (e.g. if a name of a person is redacted, replace it with some sort of unique handle). As long as this is done as an annotations for the visibly marked redaction, I see no problem. The reader may choose to trust those annotations or not.
I write a lot about history, and as part of that work I occasionally file FOIA requests. There was one occasion where the FBI's response contained dozens of pages that were typewritten memos consisting of:
To: [recipient name]
From: [sender name]
Date: [date]
[Multiple paragraphs of redacted text]
...and that was basically it. It was funny, but frustrating (funstrating?).
Also, the human effort required to make the redactions is high.
That means records cannot be automatically declassified after N years because the effort to redact every document created N years ago would be extreme.
This is pretty damn interesting, it's definitely the earliest example of a computer intrusion incident response report that I've ever seen. These reports detail stuff he was doing in 1980/1981 at the earliest I can see just skimming the top few pages. His own side of this particular chapter of his history is maybe worth a read, maybe not - he was known for embellishments:
Other people have mentioned this… but it’s been established in policy that the SSN of a deceased person is not PII. There are a ton of different ways to get the SSN of someone who is deceased.
But they clearly left the year visible so blocking out the AUSA's name seems dumb too as it wouldn't be hard to look up who were the AUSAs to narrow down who was named in the file.
I guess thats why Matthew Broderick's character had a script which dialed random numbers in a target area code (I think he used Sunnyvale, CA in the movie)
I wonder if anyone did that back in the day. Not sure how much the telco would have appreciated it ...
LorenDB|1 year ago
fabiensanglard|1 year ago
freedomben|1 year ago
[1] Available DRM-free at Downpour (https://www.downpour.com/ghost-in-the-wires?sp=19991) and at Libro.fm (https://libro.fm/audiobooks/9781483067216-ghost-in-the-wires)
486sx33|1 year ago
Big moments I remember from his book.
1. Gaining access to a telco C/O and social engineering his way out after being caught
2. Ultimately being caught by sloppy practices himself, logging into systems he was comfortable with and getting traced, and then forgetting some sort of identification in a ski jacket he hadn’t used in a long time, which was in his closet in a place he was living under a new identity.
It’s been awhile so I could be partly off on those details. But I’d say at least those pieces are very believable.
rglover|1 year ago
Latty|1 year ago
toast0|1 year ago
In many cases, a partial public document is better than no public document.
palijer|1 year ago
ocschwar|1 year ago
runjake|1 year ago
Anyway, each redaction has a usually-legible Exemption code next to it that tells you why it's redacted. You can find out what those are here:
https://foia.wiki/wiki/Exemptions
For example, you see 7c/b7c in the document a lot:
"could reasonably be expected to constitute an unwarranted invasion of personal privacy"
gmueckl|1 year ago
DamnInteresting|1 year ago
To: [recipient name]
From: [sender name]
Date: [date]
[Multiple paragraphs of redacted text]
...and that was basically it. It was funny, but frustrating (funstrating?).
Example: https://www.damninteresting.com/temp/memo.jpg
londons_explore|1 year ago
That means records cannot be automatically declassified after N years because the effort to redact every document created N years ago would be extreme.
jamal-kumar|1 year ago
https://web.archive.org/web/20090317050834/http://www.themem...
Helithumper|1 year ago
klodolph|1 year ago
dgacmu|1 year ago
joering2|1 year ago
cap11235|1 year ago
dylan604|1 year ago
The entire redacting seems just so superficial
toomuchtodo|1 year ago
jonstewart|1 year ago
CodeWriter23|1 year ago
SJC_Hacker|1 year ago
I wonder if anyone did that back in the day. Not sure how much the telco would have appreciated it ...
taylorbuley|1 year ago
TimC123456|1 year ago
mrsburis|1 year ago
[deleted]
mrsburis|1 year ago
[deleted]
Peacefulz|1 year ago
sunjester|1 year ago
[deleted]
thembones|1 year ago
[deleted]
867-5309|1 year ago
daft_pink|1 year ago
gwbas1c|1 year ago
NikolaNovak|1 year ago
"The image quality contained within this site is subject to the condition of the original documents and original scanning efforts."
Hope that helps! :)