Book Review: 'Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground' by Kevin Poulsen
In these pages, we are ushered into vast online-fraud supermarkets stocked with credit card numbers, counterfeit checks, hacked bank accounts, dead drops, and fake passports.
Hello everyone, this is Jared, this time I’m here on Vocal to talk about a book entitled Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Kevin Poulsen as I’ve recently read it as of late.
I found this book via a service for the blind called Bookshare and it is also available through the National Library Service Library of Congress service for the blind as well. This book talks about what is now known as a real problem in the security field, but this predates the real time breaches we’re seeing on a regular basis.
When I started on the Internet in the early 90s, we did not have anything to worry about in regards to all of what's happening. I can’t believe how bad the Internet can be, and the continuing article listings of breach notifications that the public can read at any given moment.
Former hacker Kevin Poulsen has, over the past decade, built a reputation as one of the top investigative reporters on the cybercrime beat. In Kingpin, he pours his unmatched access and expertise into book form for the first time, delivering a gripping cat-and-mouse narrative—and an unprecedented view into the twenty-first century's signature form of organized crime. The word spread through the hacking underground like some unstoppable new virus: Someone—some brilliant, audacious crook—had just staged a hostile takeover of an online criminal network that siphoned billions of dollars from the US economy. The FBI rushed to launch an ambitious undercover operation aimed at tracking down this new kingpin; other agencies around the world deployed dozens of moles and double agents. Together, the cybercops lured numerous unsuspecting hackers into their clutches... Yet at every turn, their main quarry displayed an uncanny ability to sniff out their snitches and see through their plots. The culprit they sought was the most unlikely of criminals: a brilliant programmer with a hippie ethic and a supervillain's double identity. As prominent "white-hat" hacker Max "Vision" Butler, he was a celebrity throughout the programming world, even serving as a consultant to the FBI. But as the black-hat "Iceman," he found in the world of data theft an irresistible opportunity to test his outsized abilities. He infiltrated thousands of computers around the country, sucking down millions of credit card numbers at will. He effortlessly hacked his fellow hackers, stealing their ill-gotten gains from under their noses. Together with a smooth-talking con artist, he ran a massive real-world crime ring. And for years, he did it all with seeming impunity, even as countless rivals ran afoul of police. Yet as he watched the fraudsters around him squabble, their ranks riddled with infiltrators, their methods inefficient, he began to see in their dysfunction the ultimate challenge: He would stage his coup and fix what was broken, run things as they should be run--even if it meant painting a bull's-eye on his forehead. Through the story of this criminal's remarkable rise, and of law enforcement's quest to track him down, Kingpin lays bare the workings of a silent crime wave still affecting millions of Americans.
In these pages, we are ushered into vast online-fraud supermarkets stocked with credit card numbers, counterfeit checks, hacked bank accounts, dead drops, and fake passports. We learn the workings of the numerous hacks—browser exploits, phishing attacks, Trojan horses, and much more—these fraudsters use to ply their trade, and trace the complex routes by which they turn stolen data into millions of dollars. And thanks to Poulsen's remarkable access to both cops and criminals, we step inside the quiet, desperate arms race that law enforcement continues to fight with these scammers today. Ultimately, Kingpinis a journey into an underworld of startling scope and power, one in which ordinary American teenagers work hand in hand with murderous Russian mobsters and where a simple Wi-Fi connection can unleash a torrent of gold worth millions.
This book really tells a great story in my opinion. Chapter 36 tells the story of what happens to each particular individual that that time and their fait with the justice system.
The culprit who was really the brains behind this book is none other than Max Butler. He’s currently serving a number of years behind bars, and he is to be released at the end of this year. He started his crime spree when he was a Juvenile, and he was warned that if he didn’t stop, he would end up getting picked up. He thought that since he was also fixing things after the hack, that he was a white hacker. A white hacker in today's terms tells the company about the vulnerability When he gets out, he is going to need to learn that he got very lucky when he got picked up, unless he likes where he is now.
Some of the other characters in this book are women, one of whom became Max’s wife, and these women had no idea what they really were getting in to, especially when Max had some brilliant idea.
One of his ideas was getting in to networks through phishing attacks and getting the data directly. One company which was hit with a targeted attack was Capital One, based in Virginia. Someone within the company clicked on a link in an email, and that's all it took. I remember this breach well, because I got an email about it. It was nice to learn that Max and some of his people were responsible for this attack of millions of personal information that could have been used for the worse. I’m sure that my info was never used, they were looking for high profile people they could target and take advantage for their hard earned money.
Some of the other breaches include T.J. Max, and a not so well known pizza joint where they had their credit card data in the clear and Max and his people got the data before it was sent for processing every day. T.J. Max, we learn ended up settling and paid quite a large amount of money.
If you think you’re safe now, Max and the people mentioned in this book are the beginning of what is now the biggest crime spree of people taking our data and doing whatever they want with it. On my podcast number 280, I did an audio review, and I talk about and take sections of chapter 36 to illustrate the fact that the crime does not pay. The FBI did a great job in setting up stings to catch people, and some of these people lived double lives, agents and crime organizers. Can you imagine living a double life? Some of these guys lived that way, and that proved to be quite interesting as the book progressed.
I was recommended this book from Amazon because I read Brian Krebs book Spam Nation which also tells the story of Russian hackers and crime organizers who were involved in the pharma wars as it was called then. Those wars are over, it's now about our data. Can you imagine what they are doing with those pieces of information they’ve held on to for all these years on you, me, and any other person that has either been notified or not about the issue? They can surprise us with things we are not prepared for in life. It's not about the credit card fraud. They know now that we can spot and fix the issue until the next time. It's about the more sensitive pieces of data that we can’t change.
Overall, I give the book a 10 out of 10 stars. Kevin did a great job opening this narrative, and painting a picture, some of which I was not surprised to hear, and glad to hear what ended up happening in those cases. I’m interested in more books by Kevin, and may they be good books.
One particular article that comes to mind is one entitled "Human Resources Firm ComplyRight Breached" and it was posted to Krebs on Security on the 19th of July. While Max and his people were not responsible for this directly, this book and others in this type of series illustrate the type of pattern that starts and continues to make way for breaches like the human resources story. This is not going to go away any time soon, and it is almost certainly going to get worse. We have seen articles that give us good news in regards to cybercrime. One is "‘LuminosityLink RAT’ Author Pleads Guilty" and it was posted on the 16th of July to Krebs. I always like seeing stories like this one, because it gives us some glimmer of hope, just like the book that I’ve talked about.
There is only one way to win, and that is to continue to fight and talk about what’s happening. Continue to learn how we can protect ourselves, and read the books like the one here that talk about this type of activity and what law enforcement is doing to curb this type of activity. The book here talks about both, and its a great read, and I really admire what is happening with how they took these people down. Give it a read, today.
Thanks for reading.