Kevin Mitnick detained, released after Colombia trip
Famed social engineer-cum-hacker tells a cautionary tale about the dangers of traveling into the U.S. with a laptop, and sending packages back home from Bogota.
Updated at 7:55 a.m. PT on Wednesday to specify that the FBI cleared Mitnick of any wrongdoing in this event.
Since being released from prison eight years ago, Kevin Mitnick's brushes with the law have consisted of a few parking tickets and a citation for driving without a front license plate--that is, until he returned from a trip to Colombia two weeks ago.
After landing at the Atlanta airport for a security conference, Mitnick was detained for four hours for reasons still not fully explained. To make matters worse, while customs officials in Atlanta were busy inspecting his cell phone, laptop, and luggage, police in Bogota were ripping open a package he had mailed to his U.S. address on suspicion that it contained cocaine.
The simultaneous incidents gave Mitnick deja vu of his days as a fugitive pursued by the FBI for breaking into computer networks, only this time, he hadn't broken any laws.
"There was uncertainty, fear, and panic because I didn't know what was going on, and I didn't do anything wrong," he said in a recent telephone interview with CNET News. "In my mind, I thought I was being set up for something."
Here's a rundown of what happened:
Mitnick's Delta Airlines plane landed in Atlanta on September 16 at around 3 p.m. He had flown in from Bogota, where he had gone to give a speech to the newspaper El Tiempo and to visit his girlfriend.
The first sign of trouble was when a U.S. customs agent swiped his passport through the computer system and started staring intently at the screen and typing. "Kevin," the agent said with a big smile on his face. "Guess what? There are some people downstairs who want to have a word with you, but don't worry. Everything will be OK."
As if that wasn't bad enough, while he waited to retrieve his luggage, Mitnick's cell phone rang. It was his girlfriend in Bogota saying she'd just gotten a call from the police there. They wanted permission to open up a package of computer equipment and souvenirs he'd mailed back to the U.S. a few days earlier because they said they found traces of cocaine on the package.
He finished the call and went back to the business at hand, offering his luggage up for inspection. A customs agent asked if he had ever been arrested. "Yes." Had he ever been to jail? "Yes." For how long? "Five years." They knew the answers all too well, of course.
In his luggage, they found a MacBook Pro, a Dell XPS M1210 laptop, an Asus 900 mini-laptop, three or four hard drives, numerous USB storage devices, some Bluetooth dongles, three iPhones, and four Nokia cell phones (with different SIM cards for different countries).
They also found a lock-picking kit and an HID proximity card spoofer that can be used to snag data stored on physical access cards by swiping it in front of them. The data can then be used to enter locked doors without having to make a forged access card. Mitnick says he used the device in a demonstration about security in his speech in Bogota, but that the customs agents' eyes lit up when they saw it, thinking it was a credit card reader.
Mitnick asked if he was under arrest and was told that, no, he was just being detained. He asked if there is a warrant for his arrest and he was told, "We don't know yet." The agents let him call his lawyer and his family.
"I was really nervous because I didn't know what the hell was going on," he said.
Agents from the Immigrations Customs Enforcement (ICE) arrived to question him. They asked why he was in Atlanta and he told them; he was there to moderate a panel at a security conference sponsored by the American Society for Industrial Security (ASIS). Asked for proof, he fired up a laptop to show them the itinerary in his e-mail. But when he clicked "yes" to have Firefox clear his private data--an automatic response to a default setting--the agents snatched the laptop away from him, thinking he was deleting evidence.
"Then I realized I was logged in and I don't want them to have my password," Mitnick said. So, he quickly reached over and hits the power button to "off."
Fortunately for Mitnick, one of the members of the panel he was to moderate works for the FBI, and customs agents were able to reach him to verify Mitnick's story. Meanwhile, ASIS organizers, worried about Mitnick's non-arrival for his awaiting airport ride, had also called the director of security at the airport and helped clear things up. The FBI in Atlanta cleared Mitnick of any wrongdoing, so ICE let him go after apologizing several times. After some more questioning from customs officials, he was released.
But what about the package in Bogota? Police there tore open the box, took the electronic equipment apart, and destroyed the hard drive trying to open it by drilling a hole in it, but didn't find any drugs. The two incidents were, apparently, completely unrelated and coincidental.
"Can you imagine if I had said to the agents 'Does this have to do with the cocaine?'" Mitnick jokes.
He can laugh about it now, but he was willing to share the story as a cautionary tale for anyone traveling into the United States with computer equipment. He was red-flagged for obvious reasons, and someone without his background might be able to stay under the radar. However, scrutiny is at the whim of officials who have been said to target political activists, nuns, and people who just happen to have a last name on no-fly government lists.
And then there is the laptops crossing into the country with no cause whatsoever--though that may change. that would require reasonable suspicion of illegal activity before border agents could search electronic devices of U.S. citizens.customs officials have to seize
"They can detain you for four hours, inspect everything, and put you through the third degree for no reason. It's really a police state," Mitnick said. "I travel in foreign countries that have even more stringent rules, and I never have problems."
To protect his privacy and that of his clients, Mitnick encrypts all the confidential data on his laptops, transmits it over the Internet for storage on servers in the U.S., and wipes it from the computer before returning from any international trips, just in case officials decide to search or seize his equipment. He also encrypts his hard drive. And now, he says he is going to keep a "clone" of his MacBook at home so he will have an exact duplicate of it if it is ever seized.
"I don't harbor any ill feelings toward (customs), but I was really scared because of the circumstances that were happening in Bogota at the same time," he says. "I feel lucky in a sense, and I feel violated in a sense."