Hacker’s memoir fascinates, frustrates
In the public’s imagination, the hacker is simultaneously denigrated and worshipped. He (and it’s almost always a he) is a fat slob hunched over a computer screen, Cheetos residue smeared across his unshaved face. But he can also get into your e-mail account. Or the US military’s.
As with most caricatures, there are elements of truth to this, but also gross exaggerations. For those interested in the subject, “Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker’’ by Kevin Mitnick (with William L. Simon), is a fascinating - if uneven - corrective to stereotypes about hackers.
Mitnick is currently a security consultant, but he spent most of the 1980s and 1990s as one of the world’s top hackers. From hacking the West Coast’s phone system to learning the ins and outs of the DMV, he was a formidable adversary for a law enforcement system that, at least when he started, didn’t have substantive anti-hacking laws on the books.
Eventually, Mitnick had to go on the lam to avoid serious (and, he argues, trumped-up) federal charges, and his hacking skills were invaluable in helping him develop new, fake identities and stay one step ahead of the feds. A particularly cool example comes when, in order to set up an early-warning system for himself, Mitnick figured out how to interfere with nearby encrypted radio transmissions, forcing the feds to switch to an open band he was listening in on and therefore reveal that they were closing in.
It’s certainly a gripping story, and the most interesting parts have more to do with psychology than technology. During his peak hacking years Mitnick was constantly engaging in what he refers to as “social engineering’’ - in short, convincing people to give up information they shouldn’t. It turns out that if you call into a big company claiming to be from one of its branches on the other side of the country, and you can name-drop a few people within that company and use its internal lingo, people will believe you when you say you’re out in the field and need access to a password that’s sitting back on your desk at the office. Mitnick did this endlessly, which helped him get his hands on everything from birth certificates to top-secret source code for then-cutting-edge cellphones.
But the focus on social engineering is part of the reason the book isn’t always as readable as it should be. One can only read so many detailed iterations of “I contacted X claiming to be Y in order to get Z’’ before it gets old. That’s not to say that some of Mitnick’s more dexterous social-engineering feats aren’t pretty remarkable, but the same basic series of events happens over and over, and the reader is spared no detail in each retelling.
It’s also curious that “Ghost in the Wires’’ has so little to say about how security practices have changed. After all, in the last 20 years online security has gone from a concern held only by certain companies to one held, in some form or another, by the vast majority of Americans. But Mitnick remains mostly silent about the changing landscape. Sure, the book is a memoir and it’s understandable that most of it would be dedicated to telling Mitnick’s story, but some context would have enriched the book.
Overall, “Ghost in the Wires’’ is probably a lot like hackers themselves: fascinating and filled with insights, but a little too obsessed with technical details.