I wrote this review back in November of 2011. While cleaning out my blog’s draft folder I realized I’d never gotten around to posting it. Since it’s a good tech/geek read, I figured it was better late than never.
I went on vacation recently and needed a book for the rather long plane ride. After reading a sample chapter of Kevin Mitnick’s new autobiography, my interest was piqued. I had remembered reading about him and the “Free Kevin” movement back in ’98, and at the time I didn’t understand why people were getting behind this guy. He did a bunch of bad stuff, why should he be free? Since it’d also probably cover some interesting computer security topics, I figured it be both educational and entertaining. I picked up a copy and by the time I was arriving home, my hopes had been met.
Mitnick gained massive media attention in the mid-to-late 90’s when he was on the run from the FBI for various hacking related offenses. He was eventually captured, and spent 5 years in prison. In his new autobiography, “Ghost in the Wires”, he chronicles his escapades and details how he compromised so many systems. Surprisingly, it mostly through something called Social Engineering, which can loosely be defined as “the manipulation of people to get them to do what you want”.
Mitnick’s tales typically involve him just calling up his target, and simply convincing them to give him certain information or do certain things for him. For example, he was able to compromise the Social Security Administration by pretending to be an investigator from the Inspector General’s Office. He convinced a staff member there of his status, and for several years was able to use her to get privileged information. Here’s an excerpt of where he discusses the ruse:
I said, “We’re going to be needing assistance on a continuing basis,” explaining that while our office was working on a number of fraud investigations, we didn’t have access to MCS — short for “Modernized Claims System,” the amusingly clumsy name for their centralized computer system.
From the time of that initial conversation, we became telephone buddies. I was able to call Ann and have her look up whatever I wanted — Social Security numbers, dates and places of birth, mother’s maiden names, disability benefits, wages, and so on. Whenever I phoned, she would drop whatever she was doing to look up anything I asked for.
Mitnick comes off as smart and very curious, and a lot of his stories are very interesting, but it’s hard to like the guy. He ends up causing a lot of people grief and some of the decisions he makes made me want to facepalm. He continues to hang out with his best friend after the guy steals his wife (this same friend later tries to offer him up to the FBI), he strings along “Eric” even though he suspects the guy is working for the FBI, and he continues to do high profile system break-ins while he’s on the run. Though then again, if he hadn’t made these nutty decisions, there probably wouldn’t be a book to read.
The book starts off a little slow, but takes off once Mitnick goes on the run from the FBI for 2 years. During this time he assumes several identities, lives in a hand full of cities, and breaks into numerous systems. He gleefully details the social engineering tactics he used to do all of this, but when it comes to the technical aspects of his crimes, the book does a little bit of hand waving. The lack of detail in this department was apparently due to a disagreement between Mitnick and his co-writer. Mitnick wanted more detail, while his co-writer wanted to keep the story moving. They comprised, so there are a few side boxes for the more technically inclined, but you typically just get the general idea of what happened.
Overall I thought the book was a fascinating read and a valuable look into how a very successful individual was able to break into many different systems. If you’re into computer security, or looking for a non-fiction thriller, this is something to check out.