Monday, February 17, 2014

Review: Ghost in the Wires

Ghost in the Wires is Kevin Mitnick's memoir of his time as a hacker and fugitive from the law. It's great reading and very entertaining, not least because it can be read at several levels.

As a thriller, it's every bit as much fun to read as it was for me to watch Catch Me If You Can. Mitnick (or at least, his co-author) brings in entertaining details about how he socially engineered Novell, Sun, DEC, the various phone companies, and security expert Tsutomu Shimomura. The book's very light on technical details, and it's not clear if Mitnick actually did anything with the gigabytes of source code he downloaded from the various companies he hacked except for VMS, which he did write a number of exploits for. What's clear, however, is that no amount of computer security is going to help if you fall for social engineering, which would be very difficult to inoculate against in any organization with any semblance of cooperation between departments.

Now, if you treat this book as a work of fiction, it's also fascinating because Mitnick's clearly an unreliable narrator with a singular goal: to make you believe that he was doing what he was doing for fun. It's quite clear that he enjoyed duping people (social engineering is just another term for "lying," as he admits in this book), and hacking into police chatter, and his consistent attacks on certain individuals clearly violate their privacy in a way that would repulse most people who stopped to think about it. Given his personality, it's not surprising that it took about 8 years in prison for him to change his ways.

What's amusing to me is that Mitnick himself was socially engineered on numerous occasions, by "friends" and people otherwise close to him. He called these people "betrayers", but the fact that he went back to these "friends" several times after being betrayed showed that he himself was a poor judge of character, largely because lying was so much a part of his personality that he couldn't fault his friends for doing it to him!

Are there any useful bits in the book? Yes. The last section includes a list of tips on improving your personal security. Again, it's pretty amusing, since he claims that Windows is actually more secure than OS X, it's just that Windows is far more popular so there are more people trying to exploit its vulnerabilities. (It's notable that Mitnick never hacked any Windows systems himself, nor does he runs Windows personality) He does note that ChromeOS is very secure by virtue of not having anything to attack.

In any case, I'll recommend this book for anyone interested in any of the topics he discusses, as well as anyone who loves heist movies.

Post a Comment