Wednesday, November 23, 2011

Ghost In The Wires

- Kevin Mitnick -

This books makes computer hacking sound super cool & full of action packed adventure (both in the virtual world and the real world). It is a mix between a crime novel and a computer hacker how to guide - great for a geek wannabe like myself.

This is a biography, which means it's laid out from Mitnick's point of view and chronicles his life, obviously paying special attention to the computer hacking parts...which you will find out made up about 110% of his life anyway. It starts out with Kevin's boyhood, which sounded pretty typical for a 'tech-hall' resident - learning the ins and outs of the telephone system to make free calls, modifying your HAM radio to jam the local McDonald's drive thru speakers, driving your computer science teacher nuts by constantly breaking his passwords.

These stories made me root for him to succeed. It was like him against the system, the man, the world...whatever term you use. Using his wits, and dorky knowledge, he managed to pull off lots of small pranks that would never really hurt anyone. Soon it seemed like all Kevin was doing was trying to find ways to get free phone calls, get free Internet, and hack into restricted files. Again, still nothing earthshattering. But, he was getting caught, kicked out of schools, off college campuses yet still he would try to find ways around this - he would just never follow the rules.

Eventually, he went just a bit too far and was rounded up by the FBI and tossed into jail. Since he had been doing this hacking thing for awhile and was very very successful at it he had gained a bit of a reputation. However, his reputation was getting him pinned for crimes he didn't commit. Every big hack the FBI would suspect Mitnick. This rep ended up putting him away for a lot longer than he really should have, had it been another person...oh well, that is how it works sometime right?

So, when he is released do you think he learned his lesson? No, of course not. He continues to hack until he is caught in dramatic fashion and put behind bars for another few years.

The best part of the book was Mitnick explaining exactly how he managed to hack into apparently secure systems. He wouldn't use just his computer, as I would have thought. Most of the time he 'social engineered' (his term) people, i.e. he tricked them into giving him information or access. He had many tricks. It would start by finding out tons of info on whatever company he was going to hack. He'd call and gather a few bits of jargon he could use, or a name of someone important he could use later. Then he'd keep calling different people and trick them into giving passwords. For eg, he'd call someone and say he was from the IT dept, throw in a bunch of internal jargon, mention a name, and find out whatever he needed. "Hey it's Bob from ESIT, the BPS is down and we need to run the BOPS. John Doe (a Sr. Executive) needs the system up for an big client meeting. I see your BOPSS system is running, but I'm getting an error while trying to patch in a fix. Is your password still 1234? Ok, let me know what it is and I'll patch in the fix and call you back". Mitnick had this whole ingenious system for tricking people, oh sorry 'socially engineering'.

The overarching story was the whole FBI tracking him and trying to arrest him. Mitnick keeps coming across bits of info that eventually lead him to the FBI. He finds out they are about to arrest him so he runs for it, changes identities and stays on the run for years. The whole story is almost too surreal to believe, which of course makes for great reading!

Overall, a great geeky read.


No comments:

Post a Comment