He was already meeting with the CEO in some capacity, so it's very clear he had access to the CEO, maybe as a security consultant. Then getting him to read the number is easy, "Hey, I just got a new cell, but I might have given you my old card, can you read the number back to me?"
Getting a phone number with all the necessary digits is a bit of a stretch, but not impossible. And I would suspect, because this is the way phone systems generally work, that there was no bound on the number of attempts to enter the account number. Account numbers are all the same length, so you know exactly how many characters to input, it's just a matter of brute forcing the number--and for all I know, there may be some kind of structure that Mitnick found out.
Meeting with the board sounds like an embellishment for sure, especially for Mitnick's initial report, but I could definitely see--especially if someone was looking for a big chunk of money to strengthen the system--the report eventually being given to them.
The check on the silver platter is the most believable part of the story. Have you ever met a CEO? And why wouldn't the architect of the system be there to receive the report on the security of the system? Who else should be there?
For me, the only truly unbelievable part of this story is that he needed the CEO's voice at all. And for all we know, he just said he recorded the CEO's voice for a laugh.
Getting a phone number with all the necessary digits is a bit of a stretch, but not impossible. And I would suspect, because this is the way phone systems generally work, that there was no bound on the number of attempts to enter the account number. Account numbers are all the same length, so you know exactly how many characters to input, it's just a matter of brute forcing the number--and for all I know, there may be some kind of structure that Mitnick found out.
Meeting with the board sounds like an embellishment for sure, especially for Mitnick's initial report, but I could definitely see--especially if someone was looking for a big chunk of money to strengthen the system--the report eventually being given to them.
The check on the silver platter is the most believable part of the story. Have you ever met a CEO? And why wouldn't the architect of the system be there to receive the report on the security of the system? Who else should be there?
For me, the only truly unbelievable part of this story is that he needed the CEO's voice at all. And for all we know, he just said he recorded the CEO's voice for a laugh.