Friday, October 07, 2011

Ghost in the Wires

Ghost in the Wires, Mitnick & Simon

Disclaimer: Kevin Mitnick is a personal friend, and this review is based on a late galley copy. I have no financial interest in this book. The above link is an affiliate link.

I have been reading books about Kevin Mitnick for years. Finally, we get to read the best one yet. All of the previous authors worked from information they could glean, and some limited interactions with Kevin himself. The problem is, he was playing most of them a lot of the time. What we have here is Kevin's own version of his story, written himself, along with his collaborator William Simon.

I'll just jump right in; I loved this book. If you have any interest in real-world hacks at all, read it. The other books and news stories didn't cover half of what he did. As I devoured in in two days, I kept turning to people to say "Read this!" or repeating one of his stories for co-workers.

I have some clear favorite stories, but I don't want to give any spoilers. It's that much like reading a thriller. My favorites are how he defeated the radio encryption used by the FBI, and how he would go about obtaining a new identity. Specifically, how and where he researched the identities, and got the appropriate document papers.

The sheer audacity that some of his tricks took is amazing to me. He admits things in the first few pages that surprised me. And after reading about how things went with his friends over the years, I finally have some appreciation for why he has such hatred of snitches.

Let's be clear, this is not a technical book like others I have read. He doesn't cover how to exploit a stack overflow. When he breaks into a Solaris box, he says "I used a Solaris exploit." He says that the reason for that was to make it more readable for the general public. And I don't think he's incorrect in that. The focus is story and history.

But even if you're a hard-core technical security person, I think you'll like the book for what it is. Unless you think that security begins and ends with writing a cool exploit. Do I think Kevin has technical skills? I do. But those aren't his greatest powers. Yes, he's a fantastic social engineer. And using those skills, he owned more things and companies than probably anyone else. A 0-day exploit that lets you break into a source control server is impressive. But I don't think it's quite as cool as calling up and getting them to just mail you a tape with the source. There's no patch for stupid.

You'll also enjoy the book if you have an interest in computer or security history like I do. It spans several decades, from when he was a kid interested in magic up to almost present day. There are the cameos from other well-known hackers that have had books written about them as well. I have enjoyed reading articles and seeing Twitter exchanges with Kevin and some of his old victims. (All amiable so far as I have seen.)

If you want the most accurate version of the Mitnick story available, here you go.