Ghost in the Wires: My Adventures as the Worlds Most Wanted Hacker
Table of Contents
Introduction
I started reading Mitnick’s Ghost in the Wires: My Adventures as the Worlds Most Wanted Hacker, almost a month after finishing Menns’s exceptional Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World. Having liked it so much and still intrigued in the history of the field, I chose to dive in it a little bit more.
It surely did not disappoint me.
Mitnick’s Adventures
Kevin Mitnick is one of the worlds most famous (and at a given time in history infamous) hackers to ever exist. He was only a young boy, an actual teenager, when he first started experimenting and getting unauthorized access to systems he was not supposed to touch and this passion never left him. He kept doing it, no matter how difficult his life had gotten to be because of this obsession.1
A master of social engineering Mitnick, with the help of his coauthor, Bill Simons, sheds light on his extraordinary life, covering many of his adventures. We can see him evolving from a boy that moved around with his own bus tickets and lurking in his favourite underground bookstore, to a world class hacker, escaping the F.B.I. with relative ease and leading a normal life.
More specifically, page by page, the reader gets to see lots of phreaking, hacking, jail time, questionable legal practices by his adversaries and exceptional social engineering, by the greatest to ever do it.
Social Engineering
Social Enginering is a prevalent theme of the book and everyone who has ever heard of Mitnick can easily understand why. Under no circumstances can the book be considered a guide on this field’s techniques, but it offers some tips, always based on the protagonist’s own actions:
Heavy research before contact
It is important to use whatever data available to us to gain the SE target’s trust and avoid raising any suspicions. To do that one needs to learn as much as he can about the company as an organization, the relations between its departments, the standards/processes followed in the targeted department and of course, about the way they communicate.
Further points of interest may be the targets’ access to certain information and the coworkers they interact the most with. Lastly, if you are after a certain piece of information: under what circumstances are they allowed to share it with you?
The social-engineering techniques work simply because people are very trusting of anyone who establishes credibility,
Instead of asking for something, give it a wrong value
If you ask for a piece of sensitive information, people naturally grow immediately suspicious. If you pretend you already have the information and give them something that’s wrong, they’ll frequently correct you—rewarding you with the piece of information you were looking for.
Try to small-talk after getting what you want
This helps the attacker hide their tracks, making the victim feel safe and cast away any doubts they may have had about the interaction.
The F.B.I.
An aspect of the book that made me feel unease were the policies that Kevin’s pursuers had, at times, enforced. Obviously, this can not be considered an objective source to gain information on what happenned but, since I found numerous reports aligning with Kevin on the matter, I feel that his was, once again, a case that was heavily affected by the media, who focusing on entertainment overstated Kevin’s abilities, stating, for example, that he had repeatedly hacked into NORAD. These kind of absurd claims were later on also used by the prosecution on trial.
Impressive Balance
An interesting aspect of the book is the balance between technical details and thriller-like story-telling. You can not help but smile about the innocence portrayed in it, get angry at some people’s betrayal and in at the same time, feel inspired by others. It is not a technical read, as it focuses more on the story than the actual techniques Mitnick used. At the same time, however, the authors included enough details to make the technical reader happy; filling the older ones with nostalgia and helping the younger ones, such as myself, gain a better understanding of how the world worked back then. There are lots of sources, to go after in your own.
Interestingly, even though I claim it to be a non-technical read without many
details, it was in this book’s pages that I first read about the finger
command. I had never heard of it before.
My first book review
This happens to be my first book review (or at least, the first in quite some time…). And I would like to thank whoever is reading this for their support. I plan to write an article on most of the books that I read and find interesting, so if you liked it … wait for me to implement an rss feed :)
Why am I doing it?
It sounds really weird saying it out loud (?) but it relaxes me and also helps me put my Zettelkasten notes in good (theoretically) usage and test them at the same time. I truly believe
Footnotes:
For those interested in Kevin’s story here is wikipedia’s article on Kevin Mitnick