Friday, January 6, 2012

Ghost in the Wires

Just finished Ghost in the Wires: My Adventures as the World's Most Wanted Hacker by Kevin Mitnick (2011, Little, Brown and Company).

Kevin Mitnick is a well-known computer hacker, now making money as a computer security professional, who was once the subject of an intense manhunt from the FBI and US Marshals for his hacking activities against the phone ("phone phreaking") and computer companies.  He spent several years in prison for his felony crimes.

On one level, I found the book to be an interesting read.  I'm about the same age as Mitnick and if my parents had more money when I was growing up I probably would have made some forays into computer hacking myself.  I was an avid electronics hobbyist and remember lusting after the Altair 8800 when I saw it in Popular Electronics as a teenager but couldn't afford it.

It wasn't until I went to college that I started using computers.  I found myself hanging out with the computer geeks and learned the UNIX system (remember emacs?), C, and even did some simple hacking on the school's VAX/VMS system.  I could have gone to the dark side if I had gotten into all of that a decade earlier.

Anyway, I do understand the appeal of hacking.  The thrill of learning how to beat the system, snoop around where you shouldn't be, the adrenaline rush of risking getting caught.  Most people outgrow it and go on to do something useful in life.  Other people, however, seem to get addicted to it all and Mitnick was one of them.

While Mitnick undoubtedly had technical skills honed by hours on the computer, his real skill was what he called "social engineering" - something other people would call "lying" and "grifting".  He would research a company and then call some poor low-level employee with access to their computer system and say something like "This is Bill in engineering and I'm having trouble with the xxx system.  Can you help me by checking a few things on your machine?"  Then he'd have the poor sap employee  run a series of cryptic commands that would give Mitnick access to the system with administrative rights.

Most of Mitnick's virtual break-ins were the result of him conning people over the phone.  Since he started his "career" by hacking the phone company, he was able to get callbacks to his cell phone with a phone number that looked as if it was an internal phone number for the company he was hacking.

Mitnick was clearly an addict when it came to hacking.  He did it even knowing it hurt people close to him - he claimed to be close to his mother and grandmother but he was always calling and telling them the FBI was on to him, he had to run, or he had been arrested.  I felt sorry for them - he must have really broken their hearts.  He also persisted in his hacking even when he knew he was being investigated by multiple local and federal law enforcement agencies and even when he had to move from L.A. to Vegas to Denver to Rayleigh to try and keep one step ahead of them (even while on probation for hacking).

Mitnick also comes across in the book as being a complete sociopath.  Besides the harm he was constantly doing to his loved ones by his illegal activities, he also had no qualms about his computer hacking activities.  He claimed to just be doing it because he enjoyed the challenge.  Problem is that he caused real harm to real people.  He hacked phones to make thousands of hours of free calls that were then billed to random people.  Real people getting real bills who then had to spend hours dealing with the phone company to get straightened out.  He broke into companies and stole lists of credit card numbers which he thought was OK since he never used them for anything.  Still a crime dude!   Again, real people had their credit card numbers stolen and needed to go to their banks to get new cards, etc.  He lied to people and tricked them into giving him access into corporate computer systems.  No harm?  Ask the people who were then talked to, disciplined, or perhaps fired to allowing Mitnick to trick them into getting into the company's computers.  He broke into corporate computers and stole source code for operating systems for phones and computers.  Proprietary corporate source code that cost millions to develop and that allowed Mitnick to exploit any weaknesses to hack even more.  Then he wondered why they got so upset and got the Feds after him.  He was upset that the Feds were tapping his mom's phone, his friend's phones, etc. yet used his phone hacking skills to tap and listed to other people's conversations and read their private email.

After all his years of serious hacking, stealing services from phone and computer companies, breaking into corporate computer systems, conning people, stealing proprietary source code, tapping people's phones, reading people's private emails, etc. etc. etc., he's mystified as to why the Feds spent so much time and energy tracking him down and why they wanted him in prison with no access to computers or phones.  Quite frankly, if I had been the target of Mitnick's hacks, I'd probably want to beat the guy with a baseball bat.  He's completely clueless for a smart guy - something's obviously a bit off in his brain wiring.

In sum, while an interesting book, Mitnick comes across as a real asshole.  I would recommend this book not just to people interested in hacking but to any mental health professionals interested in addictive and sociopathic personalities.

No comments:

Post a Comment