Ghost in the Wires: The World's Most Wanted Hacker

Thursday, August 11, 2011

Ben Rothke

3e35900ae6facc6c146a85c435c71d82

Ghost in the Wires: My Adventures as the World's Most Wanted Hacker

This guest review of Ghost in the Wires: My Adventures as the World's Most Wanted Hacker by Kevin Mitnick was written by Steve Hunt at SecurityDreamer.

Kevin Mitnick’s story will give new meaning to your understanding of security & business – Book Review

Kevin Mitnick taught me how to play blackjack in Las Vegas. He sat next to me at the Golden Nugget and coached me while I played. I won several times and walked away $400 ahead. He lost about that much. He just didn’t know when to quit. As I read his memoir, I would sometimes shout out loud at the pages. “Kevin, what are you doing?! It’s time to quit!”

Ghost in the Wires: My Adventures as the World's Most Wanted Hacker is the complete story from Kevin’s point of view about his life of hacking and running from the law.

In the book, Kevin speaks with disarming frankness about his parents, his home life, his girlfriends and friends. He makes no excuses – leaving the reader free to assume root causes of his’ behavior. Maybe it was the parents’ messy divorce, Kevin’s strained relationship with his father, the abuse he suffered from Mom’s boyfriends, betrayal by his friends.

However, one thing shows Kevin’s character more than any other. He does not blame anyone. He takes full responsibility for his actions and obviously sees things from others’ points of view.

That clarity and ability to connect with people is doubtless one of the reasons he was so successful deceiving people using a technique known as social engineering. Law enforcement and the press absurdly painted him as a monster with magical, diabolical skills.

But ultimately it was his humanity that allowed him to connect to people and get what he wanted. He deceived people, to be sure. It was his stock and trade as a hacker, but also yielded many insights he shared with us in his best-selling book The Art of Deception.

When I met Kevin Mitnick for the first time, he struck me as nervous, humble and self-deprecating. He had just been released from prison and was still under very tight probation in Las Vegas. I was hosting a conference on behalf of my employer, Giga Information Group. Kevin was our keynote speaker – his first speech in public ever. As I got to know him, I saw he was very bright, funny and forever playful.

A year or two later, I arrived in Athens Greece to speak at a conference where Kevin was the keynote speaker. I checked into my hotel that evening, exhausted from a full day of traveling, and fell right to sleep. At about 2 am my room phone rang.

I grabbed it and mumble, “hullo?” The voice at the other end said “This is the front desk. There is a problem with your credit card. You need to come down right now and see the manager.” I said, “It’s the middle of the night! I’ll come down in the morning.”

The voice said very firmly, “Sir, you must come right now and re-process your card. The hotel is very full and if you cannot pay we have to make the room available for others waiting in line.” “That’s outrageous!” I said, now finally waking up and getting mad. Softening a bit, the voice said, “I understand sir, perhaps you could just read your card number over the phone.” I grunted, grabbed my wallet and started reading the number, “3715 4118 6…KEVIN!!!!!” That’s when he broke character and busted out giggling.

His skill at manipulating people and computer systems made him a great hacker. By that, I mean “hacker” in the original sense of someone seeking the limits of a system. His inability to stop made him a great criminal.

By that I mean his crimes became a great challenge to a law enforcement infrastructure, including the FBI, poorly prepared to understand his crimes. His years as a fugitive made him a great story. Meaning he became both a folk hero to legions of computer experts and hackers who understood him and an arch villain in newspaper articles, in the New York times and elsewhere, determined to sensationalize him and his crimes.

The story of Kevin Mitnick as the world’s most wanted hacker is funny, exciting, sad, and sometimes horrifying – especially as we read how the courts so grossly misunderstood his crimes and thereby punished him in some ways worse than the most heinous mass murderers of recent memory.

Here lies the critical aspect of Kevin Mitnick’s story. Computers, networks and the Internet were so mysterious to people outside of the geek or IT subculture when Kevin was hacking that people were afraid of the unknown and needed someone or something to take their fear away. Kevin was a sacrificial lamb to his accusers, many of whom needed to defend their pride, and to the public, who loved seeing a villain take a fall.

Like other sacrificial lambs, Kevin Mitnick also became a symbol. To the hacking underground he was a freedom fighter. To us in the security profession, he was a manifestation of the enemy, the “threat.” To law enforcement he was a catalyst for changes in law and improvements in technological savvy. For all of us, though, he elevated the conversation about risk management.

Before Kevin, data security was all about control. If we ever lost “control” of data, we felt as though we “lost” it altogether. That mentality still exists and is common in discussions of data leakage, today. The lessons we learned since Kevin’s adventures on the wires, however, bring us to a much more useful and business-oriented view of security and risk management.

Security — control — is not the point. No business executive wants security. He or she wants business to run efficiently and effectively, no matter what else is going on. This idea of robust business process is the new view of security and one built firmly on the foundation of Kevin Mitnick’s hacking.

Kevin proved to us that “control” of data is not the point. “Securing” the network is not the point. Resiliency is the point. Securing the “business” is the point.

The myth of Kevin still haunts many people in technology, business and law enforcement. But the myth is all we’ve had till now. This memoir gives us finally the man, Kevin Mitnick, whose adventures as the worlds most wanted hacker, bring us to a very human view of the intersection of technology, business, law and security.

Cross-posted from RSA

Possibly Related Articles:
8665
Network->General
Information Security
Social Engineering Network Security hackers Book Review Information Security Kevin Mitnick
Post Rating I Like this!
82bc0ccf221411fe06c6db933cc1da42
Paul McCormack Rarely have I read a book review where the reviewer has met the subject of the book. Your review is very well written and enlightening. Until now, I had a very different opinion of Kevin. Thanks for providing the "human view".
1313269921
B6f0893230292b638a6419bf566dbda6
cliff sull An amazing book - the first two chapters had me in fits of giggles and the insights Kevin provides into early phreaking are priceless.
Certain pieces in the book also point out loudly that Social Engineering is the biggest glaring Security Risk for any Business ...this book is a must read for all business owners - because the lessons are there and can be applied across the spectrum ...
1317763527
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.