While attending the RSA show in February, I met Kevin (@KevinMitnick
) and obtained a copy of The Art of Invisibility
, which I immediately read. Due to the great many references to Kevin’s past, I thought it would be informative and worthwhile to read Ghost in the Wires
. It’s also listed on the Tripwire 10 must-read books for information security professionals
This book was written in 2011 with assistance from William L. Simon. It’s a historical account of Kevin’s life from his early childhood through his incarceration in federal prison and beyond.
The story begins with Kevin describing his propensity for being an early childhood escape artist. He provides a bit of insight into the early childhood influences that inspired his curiosity and introduced him to the world of hacking.
The first hack he details involved punching his own bus transfers, so he could ride the bus around Los Angeles for free. His idols include Bruce Lee, Harry Houdini and Jim Rockford, the fictional detective played by James Garner in “The Rockford Files.”
Kevin spent much of his time reading at the Survival Bookstore learning things that most people aren’t supposed to know. Two of his big influencers were The Paper Trip
by Barry Reid and The Big Brother Game
by Scott French. These books, combined with Kevin’s “urge to take a bite of knowledge from the forbidden apple,” set the groundwork for his lifetime of exploits and social engineering
Kevin’s curiosity quickly expanded into the world of phreaking, lock picking, computer hacking, and social engineering. Over time, he sharpened his skills, expanded his computer savvy, and tackled large and seemingly impossible targets. His story provides a great insight into the mind and motivation of what the world calls "hackers."
Even though he could have realized great financial benefit from the exploits he perpetrated, he didn’t. His real motivation time and time again was the sheer thrill of the chase and the satisfaction of a difficult mission accomplished.
As time passes, Kevin’s addiction to his craft deepened until the craft became the master and he the slave. He became a skilled and adept social engineer using those skills to obtain some of the most valuable corporate secrets imaginable and live on the run for many years.
As you read his adventures, you will understand more about the delicate balance between conscience and addiction. Kevin’s “need for speed” became his undoing, ultimately making him one of the FBI’s most wanted men.
His book describes in great deal the many breaches he conducted along with the story behind the techniques he used to attain his goals. He also describes his years on the run and the steps he took to avoid being caught. His inability to control his need to hack led to his capture and eventual jail time.
Throughout the book, Kevin points out some of the misconceptions and prejudices held by the public and law enforcement as it relates to the penalties imposed on those who get caught. Definitely food for thought.
You all have heard Sun Tzu’s quote about knowing your enemy and yourself. Ghost in the Wires
offers a rare opportunity for us to dig into the mind of someone most in our field would consider the enemy. To protect, you need to focus on the vulnerabilities the bad guys target. This is an account worth reading.
If you are so inclined, each chapter begins with a challenge that requires a bit of skill to decipher. You can find the answers easily enough online, but working the challenges helps prepare your mind for what’s to come.
About the Author: Jim Nitterauer, CISSP is currently a Senior Security Specialist at AppRiver, LLC. His team is responsible for global network deployments and manages the SecureSurf global DNS infrastructure and SecureTide global SPAM & Virus filtering infrastructure as well as all internal applications and helps manage security operations for the entire company. He is also well-versed in ethical hacking and penetration testing techniques and has been involved in technology for more than 20 years.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.