Kevin Mitnick detained, released after Colombia trip

Updated at 7:55 a.m. PT on Wednesday to specify that the FBI cleared Mitnick of any wrongdoing in this event.

Since being released from prison eight years ago, Kevin Mitnick's brushes with the law have consisted of a few parking tickets and a citation for driving without a front license plate--that is, until he returned from a trip to Colombia two weeks ago.

(Credit: Monty Brinton )

After landing at the Atlanta airport for a security conference, Mitnick was detained for four hours for reasons still not fully explained. To make matters worse, while customs officials in Atlanta were busy inspecting his cell phone, laptop, and luggage, police in Bogota were ripping open a package he had mailed to his U.S. address on suspicion that it contained cocaine.

The simultaneous incidents gave Mitnick deja vu of his days as a fugitive pursued by the FBI for breaking into computer networks, only this time, he hadn't broken any laws.

"There was uncertainty, fear, and panic because I didn't know what was going on, and I didn't do anything wrong," he said in a recent telephone interview with CNET News. "In my mind, I thought I was being set up for something."

Here's a rundown of what happened:

Mitnick's Delta Airlines plane landed in Atlanta on September 16 at around 3 p.m. He had flown in from Bogota, where he had gone to give a speech to the newspaper El Tiempo and to visit his girlfriend.

The first sign of trouble was when a U.S. customs agent swiped his passport through the computer system and started staring intently at the screen and typing. "Kevin," the agent said with a big smile on his face. "Guess what? There are some people downstairs who want to have a word with you, but don't worry. Everything will be OK."

As if that wasn't bad enough, while he waited to retrieve his luggage, Mitnick's cell phone rang. It was his girlfriend in Bogota saying she'd just gotten a call from the police there. They wanted permission to open up a package of computer equipment and souvenirs he'd mailed back to the U.S. a few days earlier because they said they found traces of cocaine on the package.

He finished the call and went back to the business at hand, offering his luggage up for inspection. A customs agent asked if he had ever been arrested. "Yes." Had he ever been to jail? "Yes." For how long? "Five years." They knew the answers all too well, of course.

In his luggage, they found a MacBook Pro, a Dell XPS M1210 laptop, an Asus 900 mini-laptop, three or four hard drives, numerous USB storage devices, some Bluetooth dongles, three iPhones, and four Nokia cell phones (with different SIM cards for different countries).

They also found a lock-picking kit and an HID proximity card spoofer that can be used to snag data stored on physical access cards by swiping it in front of them. The data can then be used to enter locked doors without having to make a forged access card. Mitnick says he used the device in a demonstration about security in his speech in Bogota, but that the customs agents' eyes lit up when they saw it, thinking it was a credit card reader.

Mitnick asked if he was under arrest and was told that, no, he was just being detained. He asked if there is a warrant for his arrest and he was told, "We don't know yet." The agents let him call his lawyer and his family.

"I was really nervous because I didn't know what the hell was going on," he said.

Agents from the Immigrations Customs Enforcement (ICE) arrived to question him. They asked why he was in Atlanta and he told them; he was there to moderate a panel at a security conference sponsored by the American Society for Industrial Security (ASIS). Asked for proof, he fired up a laptop to show them the itinerary in his e-mail. But when he clicked "yes" to have Firefox clear his private data--an automatic response to a default setting--the agents snatched the laptop away from him, thinking he was deleting evidence.

"They can detain you for four hours, inspect everything, and put you through the third degree for no reason...I travel in foreign countries that have even more stringent rules, and I never have problems."

"Then I realized I was logged in and I don't want them to have my password," Mitnick said. So, he quickly reached over and hits the power button to "off."

Fortunately for Mitnick, one of the members of the panel he was to moderate works for the FBI, and customs agents were able to reach him to verify Mitnick's story. Meanwhile, ASIS organizers, worried about Mitnick's non-arrival for his awaiting airport ride, had also called the director of security at the airport and helped clear things up. The FBI in Atlanta cleared Mitnick of any wrongdoing, so ICE let him go after apologizing several times. After some more questioning from customs officials, he was released.

But what about the package in Bogota? Police there tore open the box, took the electronic equipment apart, and destroyed the hard drive trying to open it by drilling a hole in it, but didn't find any drugs. The two incidents were, apparently, completely unrelated and coincidental.

"Can you imagine if I had said to the agents 'Does this have to do with the cocaine?'" Mitnick jokes.

He can laugh about it now, but he was willing to share the story as a cautionary tale for anyone traveling into the United States with computer equipment. He was red-flagged for obvious reasons, and someone without his background might be able to stay under the radar. However, scrutiny is at the whim of officials who have been said to target political activists, nuns, and people who just happen to have a last name on no-fly government lists.

And then there is the recently bestowed right customs officials have to seize laptops crossing into the country with no cause whatsoever--though that may change. Legislation was recently introduced that would require reasonable suspicion of illegal activity before border agents could search electronic devices of U.S. citizens.

"They can detain you for four hours, inspect everything, and put you through the third degree for no reason. It's really a police state," Mitnick said. "I travel in foreign countries that have even more stringent rules, and I never have problems."

To protect his privacy and that of his clients, Mitnick encrypts all the confidential data on his laptops, transmits it over the Internet for storage on servers in the U.S., and wipes it from the computer before returning from any international trips, just in case officials decide to search or seize his equipment. He also encrypts his hard drive. And now, he says he is going to keep a "clone" of his MacBook at home so he will have an exact duplicate of it if it is ever seized.

"I don't harbor any ill feelings toward (customs), but I was really scared because of the circumstances that were happening in Bogota at the same time," he says. "I feel lucky in a sense, and I feel violated in a sense."

[macuenca]

The note's title has a second intention. Like all news headlines is trying to get the audience attention's insinuating that the arrest was because he arrived from Colombia. It was a coincidence and it could happen to Mr. Mitnick coming from any other place in the world.

[zboot]

riight, that's why they drilled into a hard drive of his searching for cocaine.

[ferretboy88]

This is why I would never go out of the country. I don't want any dipwads checking my stuff. I would never go to a 3rd world dive.

[pjhenry1216]

It's not a matter of leaving the country that's a problem. It's just coming back in. Like he said, the US really is becoming a police state.

[wangbang]

And that's why you're a rube because you never leave your trailer park.

[ferretboy88]

On a visit to China my friend had his laptop hard drive copied. That was going into a country not coming back. I will stick with Canada and the U.S.A. I don't want to visit anywhere. Go to Cuba and have fun.

[farker1]

so your idea of liberty is being afraid to leave home?

[ktappe]

And yet you'll probably defend the U.S. as "the greatest nation on earth" and make fun of the French. Hint: they aren't afraid to leave their homeland and return.
No other country on the planet of the many I've been to has the clusterf--- that is U.S. customs. The customs lines and interrogation here are much, much worse than they have to be.

[inachu]

Wow Kevin lost weight!
This might inspire me to do the same.

[n3td3v]

its good to know their keeping tabs on this person, it makes me feel safe. good work cops!!

[pjhenry1216]

I hope you're being sarcastic. If not, it makes me feel unsafe that no one is keeping tabs on you.

[bemenaker]

Good work? For detaining someone for NO REASON, what a tool.

[n3td3v]

@pjhenry1216

Yes please keep tabs on me, good idea!!

[GhostAlph]

Is it just me or do most of these people have NO idea who Mitnick is outside of that "Hacker Crackdown" book?

[mikeburek]

Wow, Mr. Big Ego. You really think Kevin Mitnick, if he were trying to hack into huge government accounts, would be trying to track you down? Ha ha.

Please update your post if you ever get detained for no reason about how it gives you that warm fuzzy feeling of being safe.

[Jack K1]

Metnick feels violated because the feds did to him what he did to us. Delightful irony.

[ralfthedog]

The Feds recorded the sound a payphone makes when you drop in quarters so they can make a free call and they pulled the batteries out of a Radio Shack acoustic dialer?

[Thomas, David]

Did to us? Please, enlighten us about your security breach, identify fraud, or anything that Mitnick did that affected you, or the majority of us.

I bet you think he was selling secrets abroad.

Read about all the equipment he was carrying. Duh... I think the agents wouldn't be doing their jobs if they didn't search him. And erasing history in front of them and pressing the power button, that should have gotten him arrested. I am glad to have these agents protecting the border as they do.

[GhostAlph]

Um yeah. He carries that equipment b/c that's part of his job. And last I knew pressing a power button isn't nearly close to "arrestable".

[drfrost]

It's the "erase personal history" option that always comes up when firefox exits (if you have inclination towards security you will have it configured so). The only history it would be erasing would be the website he visited with the browser to access his mail. Something he was cooperating in showing them and certainly didn't have to do, because, as a US citizen, he needs NO reason to visit Atlanta. And he certainly is under NO compulsion to prove anything. INNOCENT until PROVEN guilty.

Lessons to be learned:

Never log into your laptop for any reason in such a situation. Period. End of discussion.

[macoafi]

Uh, since when is having 3 laptops a crime? I have 3 laptops. My roommate has 3 laptops. My boyfriend has 3 laptops. In fact, most of the geeks I know have at least 2 laptops. I've also flown with lockpicks--Kevin's business card's is made of lockpicks, and I had it in my wallet. I've got two more sets...one's in my laptop bag all the time. Then the cell phones, hard drives, flash drives...not unusual.

And um, clearing your Firefox history? Come on. That's basic security (good step to protect against tracking cookies). My Firefox clears history automatically every time I close it.

[czmyt]

It is probably not a good idea to fire up your hard drive encrypted notebook in front of federal agents, and also probably not a good idea to travel through customs with a notebook that is has not been backed up and that you are unwilling to sacrifice.

[GhostAlph]

I'm going to guess they ASKED him to "fire it up"....but that wouldn't allow you to try to say how stupid Kevin is, would it?

[drfrost]

I do indeed, wholeheartedly, concur.

[zboot]

how is this a bad idea?

So, you're telling me that I should not travel if I'll be carrying sensitive or confidential data?

Bullsh*t

[Dr_Zinj]

That legislative requirement for reasonable suspicion of illegal activity before searchign and seizing needs to pass.

[bottomline]

In a foreign country this guy would still be in jail. In America he gets out of jail and we give him a job. This guy should never be allowed to possess an active HID proximity card spoofer. He can just as well demonstrate a gutted HID, showing what the device looks like and its capability without having an active one. He is afraid of ICE getting ?his? password, so he reaches over and shuts down his laptop? And he can?t imagine why those actions would illicit suspicion?
Pal, your past SHOULD stay with you. YOU are the one that has caused these types of security inspections and suspicions. Get over it.

[unknown unknown]

I don't know what you're smoking, but Mitnick was not the reason we have to go through all this rigmarole at airports, it was because guys like the shoe bomber and various smugglers. Customs has had the power to detain people and search and copy papers etc for quite awhile, they just extended it to note books, cellphones, portable music player, and other electronic storage as they've become more pervasive.

[GhostAlph]

What? Mitnik "caused these types of security inspections and suspicions"? Wow, and here I thought that was Al-Qaida's fault. I guess you and I don't read the same newspapers or maybe we didn't live on the same planet for the past 20 years.
"This guy should never be allowed to possess an active HID proximity card spoofer" you say. Are you sure you even know what one is or are you just saying that to make yourself sound smarter?
And no one said that he "can't imagine why those actions would illicit suspicion". In fact, I don't think anyone was saying that at all. But, what WAS being said was that those doing the investigation of his equipment didn't have one clue about what it was they were looking through nor do they seem to have any idea what they were lookinig for. That's the problem with this scenario. The people you praise for "protecting us from Kevin" (which, I don't get) have NO TECHNOLOGICAL CLUE WHATSOEVER. To them, an unfamiliar-looking MP3 player is "proof" you're a terrorist.

[Thomas, David]

Re-read the article, and followup with a read in other trade journals you bonehead

[afdsk]

to those of you who praise the "good" work of our poorly trained border guards, just wait until it's you on the other side of the fence. I understand security is necessary, but if you don't find somethings wrong with this scenario, i hope you get to experience it first hand, just to get an epiphany of how your rights and privacy don't really mean much of anything as a US citizen.

homeland security has been documenting and retaining information on all US citizens crossing the border. they retain these documents no less than 7 years. they have the power to detain you before crossing to US soil, and it doesn't matter if you are a citizen, naturalized or born here, you have absolutely no rights until you get to US soil. so what does that mean?? you figure it out. electronic seizures have become a daily routine and if you value your privacy or those of your clients, it would do you some good to backup and encrypt your data. by the way, they don't have to give back these electronic goods....... so now you've also lost property. loss of rights, privacy, and property...... what does that mean for you and me?

bottomline, if you don't know anything about computer security, don't talk, do some research first. security conferences are there to educate, enlighten and show the security world of the new technology out there. also, there are different learning styles and Mitnik having a functioning HID proximity card visually aids those who learn visually. i'm one of those and also a skeptic of technology unless i see it working.
<snip> "YOU are the one that has caused these types of security inspections and suspicions. Get over it." -----> you need to read more and educate yourself before spouting off. you need to ask yourself what is the root cause of stricter border crossings. why is it that i can no longer take my finger nail clippers on the plane. why is it that i can only have so many ounces of any type of liquid with me. why, if i come back from a foreign country, any foreign country with suspicions of terrorist activity or otherwise, i get more scrutiny in customs. if you can answer those for me, i would publicly validate that Mitnik is the one that caused these types of security inspections and suspicions.

computer security, as edgy as it can be, is a necessary evil. those who do it legitemately expose a lot of vulnerabilities that none of us see. they threaten our privacy, safety, and security. people who want to do harm to the united states and to us in general all have things in common and one of those is time. these people are innovative, intelligent, and sometimes undetectable.

[thiefhunter]

Bob Arno and I were with Kevin that day. What he stressed to us, immediately after his "release," was how inept the customs agents were. How little they knew about the items they "discovered," and how they were brimming with a "gotcha!" attitude.

Anyway, have a peek at one of the mysterious items Kevin had in his luggage here, at Thiefhunters in Paradise: http://bobarno.com/thiefhunters/2008/09/kevin-mitnick-redflagged/ and more about redflagging here: http://bobarno.com/thiefhunters/2008/09/redflagging/

[afdsk]

quoted from http://bobarno.com/thiefhunters/2008/09/kevin-mitnick-redflagged

Everyone in the field of information security knows the Department of Homeland Security?s new policy:

Federal agents may take a traveler?s laptop or other electronic device to an off-site location for an unspecified period of time without any suspicion of wrongdoing, as part of border search policies?

[GhostAlph]

Yeah - but that policy's been in place with the feds long before Homeland Security.

[nasserd]

@afdsk, the blind shouldn't be leading the blind.

Re: DHS's policy, the rationale is the same as the liquid limitation. Should an electronic device be seized on suspicion of being a small bomb of some sort, then OBVIOUSLY the DHS would rather inspect the device AWAY from the airport... duh. As for period of time, that's because the inspectors may have to review objects from a fully-loaded 747 aircraft... so they won't excuse security because there is potentially lots of suspicious items requiring scrutiny. As for suspicion of wrongdoing, it's usually "too late" when the suspicion is blatantly obvious! A traveler does not have to be suspicious of wrongdoing THAT MOMENT to validate a thorough inspection; they may either have a history of wrongdoing or have a relationship to someone who may.

Re: your rant about understanding security and blaming Mitnick for all ills. Wow, an in-depth course of global security (foreign policy) and a review of major security-related current events is necessary. Firstly, terrorist activities related to air travel have existed before Kevin was even born. Secondly, I have travel to many countries by air and have not been subject to as much scrutiny (on such a regular basis) as Kevin has; I have been thoroughly inspected in the past, but with nothing to hide there was no reason for me to get upset... airport security in places like Moscow and Jerusalem makes US airport security seem rather quaint. Third, travelers with malicious intents today are not basing their actions on Kevin's actions (past or present); rather, they have a history of conflict older than the US.

@ferretboy88, isolationism does not make you a more "well-rounded, globally-aware, experienced" person. Sadly, it hardly makes you any sort of exemplary model.

[abubakarx]

this was really interesting and enlightening... i say Kevin should write a book/novel or something, its going to be really a hit !!!!

[afdsk]

@nasserd
<snip> Should an electronic device be seized on suspicion of being a small bomb of some sort, then OBVIOUSLY the DHS would rather inspect the device AWAY from the airport... duh.

i would assume that you are referring to inspections prior to boarding the plane, which would make sense, not arriving. Mitnik in this case, if i understood it correctly, had just landed back to the states and waiting to travel by car. which brings me to the next point in your argument:

"As for period of time, that's because the inspectors may have to review objects from a fully-loaded 747 aircraft... so they won't excuse security because there is potentially lots of suspicious items requiring scrutiny."

the deed has been done, the traveler (Mitnik), has already arrived and was processing through. if DHS needed to inspect an aircraft coming into the US for suspected contrabands, it should have been done prior to the aircraft touching US soil. that aircraft being in the air is a potential candidate for another 9/11 incident. what happened during 9/11 didn't have to originate from the inside the US. i would assume that a "trained" DHS agent specializing in contrabands would recognize items potentially harmful coming onto an aircraft and not out of it.

This is talking about individuals being red flagged for some reason or another. I've been red flagged, detained, and questioned for several hours for traveling to middle eastern countries. i am a contractor with clients globally, does that validate a thorough inspection? how do you verify at that moment that i have or have not had dealings with people that have suspicions of or have committed any wrong doings. this was profiling in one sense or another. i have "seen" the scrutiny at other air ports, and i would expect them there, especially as a foreigner coming in, not as a US citizen coming home. the reason i live in the US is because of my rights and priveledges.

"...laptop or other electronic device to an off-site location for an unspecified period of time without any suspicion of wrongdoing..." should not happen. if found innocent of ANYTHING, should not be subject to this.

let's think about this...... if i were found innocent and had confidential documents regarding my clients on that laptop or electronic device and they take that device to an off-site location for an unspecified period of time, what are the probable consequences to myself and my clients?

<snip>Re: your rant about understanding security and blaming Mitnick for all ills.

you may have misunderstood me.... i epathize and sympathize for Mitnick and not blame him. i was referring to <snip>YOU are the one that has caused these types of security inspections and suspicions. Get over it. @bottomline.

and i totally agree with you regarding

<snip> travelers with malicious intents today are not basing their actions on Kevin's actions (past or present); rather, they have a history of conflict older than the US.

again, my statements from the previous post regarding the rants from bottomline.

[bottomline]

Dear afdsk, thank you so much for enlightening me. I feel so much better now.
I actually am in the field and fly two days a week in and out of the country with a carry on full of laptops, PDA?s, cell phones and USB drives. I have never had a problem. Apparently when they swipe my passport, FELON does not show on the screen.
Let me clairify my statement for you. Mr. Mitnik because of your own actions in the past, YOU have brought greater security and scrutiny on yourself. Get over it.
I?ll look for you on the plane afdsk, you?ll be the one with long fingernails and greasy hair.

[Lerianis]

No, he hasn't. Frankly, if I was Mitnick, I would file to have those arrests expunged from my record, because there is no reason why they should stay on his record. He has been 'straight' for a long time in regard to things connected to those crimes, time to make them disappear from his record.

[aero25sk]

This sucks.I mean common people leave the guy alone. He didn`t do anything wrong yet he served the sentence, got everything that he didn`t deserve and yet again you are still bothering him.Why? Just him be.

[cjwall67]

Hackers, street racers, base jumpers all the same. It's the THREAT of getting caught that seems to drive some personality types to attempt ever riskier behaviors and activities. Sure sucks big when they get caught , though. Then its all "No harm done!" Nobody got hurt!". For the hackers, they get a security consultant job after getting out of stir, the other guys? Well, at least they can watch the video on YouTube. Nobody thinks long-term about that little record that will follow you around. You play, you pay. TFB for you, Mr. Mitnik.

[afdsk]

@ bottomline.
<snip>Mr. Mitnik because of your own actions in the past, YOU have brought greater security and scrutiny on yourself.
thanks for the clarification.
"you?ll be the one with long fingernails and greasy hair"
actually, clean cut, lightly trimmed beard and mustache, casual attire, 5' 8" 210... you can probably find me in one of the flights. i fly 4-5 days a week :) luggage usually shipped to location.

[raywkirk]

He already HAS written a book.
And as for the equipment, some of it, for a computer geek is similar to a convicted burglar in
possession of burglar tools.
And, since when does a convicted felon get a passport?

[kkweaver]

You ask how was it that he get's a Passport ? FBI cleared it.

And not all felon's are striped of there passport.

[Lerianis]

Bingo, kkweaver. The fact is that even MURDERERS can get passports. The only people who can't (who are usually not dangerous at all): pedosexuals. Heck, even people who RAPE ADULTS can get passports, but no, not someone who 'touches a child and 'defiles' them'.... I swear, the stupidity of this country is showing, big time!

[rewerked]

Your privacy is in a LOT better hands crossing the Thai, Chinese or any European border than the US border these days. It is shameful. The price of oppression abroad is the loss of freedom at home.

[ferretboy88]

Not true. China took my friends laptop for 20 minutes and when he got it back he could tell they removed it. I'm sure they copied it to see what Business he was doing. The same friend stayed in Korea for 4 years and the govt there wiretapped his room. He worked for Kodak, what were they trying to get.