Anyone who is old enough to remember the heady days of the formation of what we recognize as today’s Internet knows the name Kevin Mitnick. Depending on who you ask, Mitnick is either a curious computer user that was wrongfully accused of horrendous crimes or he’s the most evil person to ever sit behind a keyboard and is capable of causing Armageddon with nothing more than a telephone. Of course, the truth lies somewhere in the middle.
Mitnick has written books before that discuss social engineering. The Art of Intrusion and The Art of Deception are both interesting books for security professionals that talk about the myriad of ways that hackers can exploit trust and other factors to compromise networks and systems. However, both books lack something. Deception is written as a series of “what if” methods of social engineering. Intrusion uses real examples from a variety of sources, but not from Mitnick. I’m sure there were lots of things that prevented him from talking about his past in these two books. What people have really waited for though is the story of the World’s Most Wanted Hacker. Well, wait no longer:
Ghost in the Wires is the autobiography of Kevin Mitnick. Now that I’ve finished my CCIE studies, I have a couple of hours of free time to enjoy reading something that isn’t a whitepaper or a lab workbook. I picked this up as soon as it was available on Amazon and cracked it open right away. I took my time going through it, enjoying each chapter as it built up the story of Mitnick from his early years onward. As the story progressed more into his social engineering stories and hacking exploits, I found myself spending more and more time reading about them. I was drawn into the book not only because of the content, but the writing style as well. Mitnick and his co-author William Simon decided to keep the content at a fairly non-technical level. Other than a couple of expositions about gaining access via .rhosts files or spoofing IPs, the book as a whole doesn’t really go much deeper than programming a VCR.
What you do get from this book is a sense of what drives Mitnick. It’s not wealth or fame or anarchy. It’s the pursuit of knowledge. Unlike the fame seeking kids today, Mitnick outlines that he only went after the targets he did because of the challenge of breaking into the them. He didn’t do it to steal credit card numbers or to hold computers for ransom in some strange blackmail scheme. Sure, he gained from his knowledge by virtue of his unfettered access to the phone company or his ability to clone his cell phone’s ESN whenever he wished. However, rather than exploit this on a grand scale or sell his access privileges on the Internet, he held on to them and used them as capital only for bragging rights to other hackers.
Mitnick also takes some time to address the “Myth of Kevin Mitnick”, the legend that has grown up and been propagated about his crimes. Stories of his flight from early prosecution to another country of his “ability” to whistle launch codes into pay phones elicit laughter but also show how the legal system in the early days of person computing was ill-equipped to deal with people like Mitnick that pushed systems to their boundaries and used them for their own purposes. At times, it seems like the legal system in this book is run by a collection of scare mongers, ready at a moment’s notice to say whatever it takes to keep their suspects locked in solitary confinement and safely away from any form of communication, electronic or otherwise. The second half of the book details his flight from the federal authorities and the ease with which Mitnick was able to create a new identity for himself. Back in 1993 he was able to create a string of identities to elude his pursuers. Today, however, I wonder if it would be as easy as before with all the linking of databases and sharing of information among all the different departments that Mitnick used to set himself up and someone else. I’m sure it would be a very difficult challenge, which is just the kind Mitnick admits he loves.
I loved this book. I’m a sucker for computer history, especially from someone as famous as Kevin Mitnick. Yes, he violated laws and treated security procedures like recommendations instead of guidelines. In truth, his crimes consisted of theft of things like source code or free telephone calls. He did it because he liked the challenge of getting things he wasn’t supposed to have. He was like a kid that would take his toys apart as a child to see how they worked. I can identify with this kind of mentality, as I’m sure many of you can. Mitnick chose to express this desire in ways that ended up bringing him into conflict with law and order. In the end, he paid for his crimes. However, he has paid us all back with the wealth of knowledge that he has shared about his methods of social engineering and computer hacking. I recommend this book not only to those that are interested in the history of hacking but also to anyone that might ever take a telephone call or use a computer. A little education about how easily Mitnick was able to gain the trust of unsuspecting people and get them to give him whatever info he wanted is worth the ounce of prevention that it will provide. If nothing else, you’ll know what a nuclear launch code sounds like when it’s whistled in your general direction.