September 27, 2011
Atlantic Monthly Press
Ghost in the Wires
I started this book with a fair amount of skepticism, mostly due to the time period the book covers and the fame surrounding its author. However, Ghost in the Wires turned out to be a fast-paced crime thriller, deep dive into the power of social engineering and a critique on our criminal justice system. Through it you follow Mitnick from his early days of phone phreaking to his final days on the run as the FBI’s most wanted hacker. You see him develop a skillset driven by boredom and curiosity as well as a perhaps unhealthy obsession with the thrill of the hunt. Throughout his journey, you encounter all the ingredients of a good crime thriller including undercover spies, backstabbing friends, love gone awry and high stake heists.
From a technical perspective, it was actually pretty interesting diving into the days before Windows 95 had even been released. Mitnick goes into enough technical detail on his attacks for you to understand both the technology and the exploit being used. What was most intriguing, or perhaps disturbing, was that while Mitnick might be a decent hacker, he was a far better social engineer. He’d perform diligent reconnaissance on his targets to develop the perfect con and then used his charm to sweet-talk the information he needed out of his targets. In fact, I would say none of the actual “hacking” he did was that advanced, certainly not by today’s standards. The worst part is a lot of the social engineering techniques used in this book still work just fine today.
Mitnick also spends some time musing on his evolution as the “world’s most wanted hacker”. He claims that while he had broken into numerous systems, his only misuse of the information he accessed was making some free/untraceable phone calls. He had access to sensitive information, from proprietary source code to credit card numbers, and was content to keep them as trophies in his “pwned” collection. However, he was painted by law enforcement as the boogeyman of the internet, capable of launching nuclear missiles by just whistling over the phone. He raises a lot of questions on our criminal justice system and how we treat those who commit small, non-violent crimes. It is evident that there were several points in Mitnick’s life where he might have left hacking behind, instead using his powers for “good”, had he not been labeled a criminal so early in his life.
A lot of Mitnick’s experiences parallel what we are seeing today in an industry struggling with not only how to regulate an infrastructure designed to be both open and dynamic, but also grow a talent pool capable of securing it. Ghost in the Wires gives you a look inside the mindset of hackers driven not by malice, but curiosity. Hackers who if given the chance will become leading security researchers and pen testers in the future (as Mitnick has after his release). If none of that resonates with you, at the very least it provides one of the best hacker crime thriller adventures I’ve encountered and will leave you convinced of (and properly concerned about) the power of social engineering.
Throughout my 10 year career I have worked as a web developer, systems administrator, software engineer, security analyst and now cybersecurity engineer. I currently develop software applications to automate security vulnerability and compliance scanning and reporting for a multinational financial institution.