When I was in high school, I wouldn’t say I was an avid reader, but I definitely tackled some novels. When I got to college (back in 2003), reading books (that weren’t textbooks) kind of faded away, which is ironic, you would think college would have the opposite effect …
Recently, I gave the kindle a try, to see if I could really get back into reading books. Even though I’m a huge supporter and overzealous user of technology, I was wary of the kindle at first. I didn’t like the thought of not being able to flip pages, not being able to dog-ear pages and write notes in the book. It really bothered me that when I finished dedicating all that time to a novel, I wouldn’t have a paper back trophy to add to the collection. Then I actually gave it a try …
Kevin Mitnick’s autobiography, “Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker“, instantly interested me as I had read “Takedown: The Pursuit and Capture of Kevin Mitnick, America’s Most Wanted Computer Outlaw-By the Man Who Did It” by Tsutomu Shimomura and John Markoff in highschool.
In this spare-no-details first hand account, Mitnick takes us through his rise to become the FBI’s most wanted target, detailing his steps in creating new identities to allude the law enforcement manhunt while (quite successfully) staging a counter snooping operation that kept him one step ahead of his pursuers for years.
Many of Mitnick’s exploits are based on an attack vector known as Social Engineering. He outlines the three steps to successful social engineering as:
1) Assume a position of authority
2) Convince the victim that you are supposed to be doing what you are asking them to do
3) Convince the victim that you are unable to do it yourself, and you need their help
These three steps, if performed properly, almost always result in the victim doing something for you that you shouldn’t be able to do yourself. Mitnick, by simply talking to people on the phone, was incredibly skilled in getting people to grant him access to restricted information and change systems that he didn’t have the permission to change himself.
Overall, this book assumes you have some background understanding of how a Telco operates, and is not for the technically challenged, although it rarely goes into great technical detail.
What I found most interesting was Mitnick’s thoughts on solitary confinement, a topic he became quite familiar with through first hand experience. Spending 8 months in solitary confinement for non-violent crimes seems a little harsh, and Mitnick constantly describes the damaging psychological impact that it can have on a human being.
At one point, Mitnick describes being diagnosed as having an “addiction to hacking” in the same sense as an addiction to smoking or drinking. This is easily justified given his lack of “for profit” exploits in lieu of a constantly exploiting Telcos on the quest for knowledge.
The truly shocking thing about this book is not Mitnick’s exploits, but the vulnerabilities in the Telco’s themselves, something I have been conscious of for years. Most of his code based exploits were piggybacked on Social Engineering attacks against the Telcos. The biggest vulnerability in the phone companies are the Operators, Service Technicians and general staff who are willing to break security protocol (or even completely disregard it) for someone who speaks their rare and unique, highly technical language. This is a terrifying reality considering the power one can wield by simply convincing people over the phone to do something.
I highly recommend this book to other tech junkies looking for a good read, and am looking forward to reading some of his other books.