on 9 March 2011
I bought this title on my Kindle, after reading an extract in Wired magazine.
This book makes hacking thrilling. What I liked was that the author doesn't skip over the technical details of how the hacks work. You zoom right in, and discover how the attacks are accomplished.
For example, reading Kingpin was the first time I actually understood what a SQL injection attack is. If you're interested in technology, or hacking, I highly recommend you read this book - I loved it.
on 4 April 2011
I think that this is a book written without a target audience in mind, just because Poulson felt it needed to be written. If you are already knowledgeable about black hat hacking, you will know a lot of this already. If you are an ordinary computer user, then a lot of the jargon might go over your head.
But it doesn't matter. Poulson writes so engagingly and clearly that, even if some of it is arcane, he can get across the thrill of the chase and into the minds of these amazingly strange and clever people. I had just finished the Millennium trilogy and really didn't believe that the heroine, Salander, could carry out the hacking that she did. Now I know that she could, and how.
The detailed accounts of how the security of banks, national security and retailers were penetrated and data and card details stolen make the hairs on the back of your neck stand up. These are organisations that we deal with and give our cards to, such as restaurants and clothes shops. Poulson explains how a combination of software faults, and human laziness and carelessness, make data theft possible. He describes how, to start with, these thefts were covered up and customers told that they were to blame.
I finished up with a mix of feelings. I could not help admire the hackers as they attacked institutions and each other. At times the story had the complexity of a mix of John le Carre and CSI. But then I reminded myself that when my bank calls me to cancel a card, it is people like these who caused it.
As I put the book down I thought that some of the software described is running on my own computers. So guess what? I put an order in for the most advanced version of the free internet security software that I use. No, they probably aren't interested in me, but who knows? I now have a lot of respect for the hackers' skills.
All-in-all a well-written and fascinating book.
on 4 November 2011
Kingpin is a security book with a difference. Written by senior Wired Magazine editor and `Threat Level' blogger, Kevin Poulsen, this is the true story of the rise to criminal superpower of expert hacker, Max Butler, who single handedly enacted the most audacious hostile takeover of any criminal gang on the planet. However, this is not just a book on computer security; this book will appeal to anyone who enjoys a decent thriller - in fact, Poulsen's style of writing makes this tale more exciting than most of the Clancy and Ludlum books I've read over the past 10 years. Kingpin reads like a novel, using plot-enriching devices, such as cliffhangers and subplots to keep the reader interested, however, what's brilliant is the way Poulsen doesn't skimp on the technical detail. The hacks Butler used to gain access to credit card payment systems and rival gangs' servers, such as zero-day exploits and SQL injection attacks, are explained at code-level, but in a way that makes them accessible to the layman. In fact, I'd go as far as to say that I'd happily pass this book on to my father, knowing full well that he'd understand all of it and come away feeling like he's just watched the latest Hollywood blockbuster.
The premise of Kingpin is simple. It's the story of a disenfranchised computer programming expert who gets victimized by the Federal government in the US for hacking computer systems, even though his intentions were in the main (at least in the beginning) noble and honest. As a result, this incredibly intelligent computer genius takes a new path in life where he slowly spirals down into the depths of the criminal underworld, pitting his wits on one side against the most dangerous criminal gangs in Cyberspace, while on the other side he's fending off the FBI's crack cybercrime unit.
The story starts where all good stories should, right at the beginning. It paints a picture of Butler's youth, elucidating the underlying obsessive nature that fuels him to do what he does and become what he becomes. This early part of the tale shows his contempt for authority as a rebellious teenager, illustrating well the strength of his character and obsessive nature of his relationships. Poulsen does a good job in these early chapters of getting us to like Butler and in a way understand him better; let's face it we've all had a buddy or two over the years with some of these traits.
In a way what's sad about this story is that it shows how Butler tried on numerous occasions to get away from cybercrime and into `white-hat' work, where he could be a force for good in the computer security world. It almost seems that the fact he was so good at discovering security vulnerabilities, and as a result was persecuted by the US government, that he was driven to crime like some kind of alienated superhero (or at least that's the way Poulsen has written it).
The fun real starts halfway through the book when FBI agent, J. Keith Mularski, signs up to the CarderPortal as Master Splyntr (yes, that's right, the old dude from Teenage Mutant Ninja Turtles), and starts the long slow attack to infiltrate the fraudulent credit card underworld. From here the chase really begins. I'm not going to give much more of the plot away since it's such a gripping read it would be a disservice to both you guys and the author to give away any spoilers, however, the highlight for me of the whole book is Chapter 25 which describes in detail the `Hostile Takeover' Butler inflicts on the entire global identify fraud underground. Poulsen goes into detail about Butler's use of clever SQL Injection attacks to take over the other carders' servers, rendering them inoperable, yet at the same time recreating all the user accounts from these other systems on his own. The impact was huge, summed up by, "Ten thousand criminals around the world, me with six-figure deals in the works; wives, children, and mistresses to support; cops to buy off; mortgages to pay; debts to satisfy; and orders to fill, were, in an instant, blind. Adrift. Losing Money." Butler then mas-emailed the entire underground through his own newly populated (and hardened) site, and the dawn of a new era in identity fraud had begun.
This really is a great book and credit to Poulsen for making it such fun as his skill in getting the readers to empathize with the genius antihero, Max Butler. It's a sad indictment on the federal government that they can't embrace these sort of likable rogues and make use of them in a way that is less corrupt.
Two words complete this review and sum up my feelings for this read... BUY IT.[...]
on 24 December 2012
If you have any interest in crime books, technology books, IT security or hacking (black or white) then you will enjoy reading this book. As another reviewers say, it doesnt just mention specific hacks and security loopholes but briefly explains how various hacks actually work. i.e Trojans, SQL injection, network security etc. Also explains how credit card cloning works. It is not a how-to book but an informative read if you have an interest in any of these topics. A good read.
on 5 August 2011
First off this book is brilliant, I would have to say that it is impossible to put down and stop reading. If you have an interest in computer security/computing you will enjoy this book. Unlike other books around similar topics this books delves into some of the technical aspects and if I was to say anything it would be that I would have like a little bit more focus on the technical side and for it to have been a little bit longer. However, that is just me.
on 10 October 2011
I really didn't expect the book to be just as well written as it was, but it is as absorbing as any comparable work - for my money up there with Steven Levy's classic Hackers. Kevin Poulsen combined meticulous research with a gift for story telling, and is technical enough to satisfy readers familiar with the field, and accessible enough to be readable by anyone with an interest in computers. Brilliant stuff.