Kevin Mitnick
America's most-wanted hacker was caught not by better code but by a rival who took his intrusion personally — and the legend outlived the facts.
By the early 1990s, Kevin Mitnick had become the United States' archetypal hacker — a figure as much of media construction as of fact. He had a long history of unauthorized access to telephone-company and corporate systems, much of it accomplished less through technical exploits than through social engineering: convincing employees, over the phone, to hand him exactly the access he needed.
The pursuit
Mitnick spent much of 1994 as a fugitive, continuing to break into systems while evading the FBI. His undoing came after he intruded into machines belonging to Tsutomu Shimomura, a computer-security researcher at the San Diego Supercomputer Center. Shimomura took the intrusion personally and joined the technical pursuit, helping trace Mitnick's connections to a cell network in Raleigh, North Carolina, where the FBI arrested him in February 1995.
The legend versus the record
The press, led by sensational coverage, painted Mitnick as a near-omnipotent threat — capable, in one widely repeated and false claim, of launching nuclear missiles by whistling into a phone. He was held for years, much of it in pretrial detention and a period in solitary confinement, on charges disproportionate to the demonstrable financial harm. After his release he became a security consultant and author, and a central voice arguing that the human, not the firewall, is the real attack surface.
What the chronicle remembers
Mitnick is the case where the myth and the facts diverged so widely that the divergence itself became the lesson. His real legacy is the mainstreaming of social engineering as the dominant intrusion technique — and a cautionary example of how moral panic shapes the law that follows a hacking case.