Kingpin: How One Hacker Took Over The Billion-Dollar Cybercrime Underground (2011)
Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground (2011)
Author
Rating
4.01 of 5 Votes: 1
ISBN
0307588688 (ISBN13: 9780307588685)
languge
English
publisher
Crown
Rate book
Not for nothing is the author the news editor of Wired.com. He took on a fiendishly difficult topic and delivered, with great clarity, a fast-paced account of a topic that I suspect would send most writers running to hills for cover.Most impressive of all he does not get bogged down in detail yet still manages to convey how security weaknesses in both software and human behaviour can result in massive breaches of data. The book has a useful quick reference list of characters and fully referenced notes but, weirdly, does not have an index which surely would have ben a great help to any reader worried by their lack of tech savvy. Five stars with the index, four stars without. Inside look at the cybercrime underworld, specifically carders (people who steal credit card information). Book is really well written and hard to put down, and additionally it actually manages to cover the technical parts in enough detail to be interesting without being boring. Book follows the life of Max Burton and how he came to rule the carding world. Interestingly, he started out with light stuff, got in trouble, and went white hat for a while. But when the FBI wanted him to inform on one of his friends, he refused and got put in the slammer. It was there that he turned black hat once more, and once out of jail started getting into carding.It was surprising how technically inept the supposed other hackers who made up the carding population were. Most were running skimming operations (stealing magstripe data by literally swiping cards, usually with an inside person at a restaurant), but otherwise were not skilled at computers. Max was able to easily hack those people and steal their card information before they could resell it. Even the guys who were running the carding forums where all these people met were no better. After Max was able to hack into some of their computers/accounts, it was pretty easy for him to take over their forums as well. In fact, of all the characters in the book, only a couple of people, Max included, actually sounded like they could legitimately break into other peoples computers.It was also pretty alarming how widespread this kind of crime seems. There are break-ins and thefts of credit card data all the time. The people who buy the stolen credit card information then buy lots of goods at stores, and resell them on eBay in order to make a profit. Their favorite items are things like expensive handbags and electronics - basically big ticket items. So now I wonder how many outrageous deals I see on Craigslist or eBay are actually just carded goods. It’s also sad how many break-ins and thefts of credit card data happen. Most of it is just due to how poorly secured most corporations are (even some big ones), that once you break into their corporate network (and many have B&M branches that are wired into that network) it’s possible to steal credit card data. I guess it’s just insane to me that they have credit card data in the clear, stored on their network. That should never happen.But it was due to poor security practices that Max was able to find most of his card data. The main exploit the book details is how small restaurants like pizza places, who really can’t afford to hire anyone technical, use a POS that stores credit card information accumulated during the day, and waits to transmit it all at night to the processing center. The full magstripe data is stored in the clear in text files on those computers. Many of them also do not delete old text files after they’re no longer needed. Max was able to find and break into these computers, giving him lots of fresh card information. Part of the exploit detailed was a VNC vulnerability that sounds so silly it’s hard to believe anyone could be so incompetent to actually have implemented it. Basically, the handshake between a VNC server and client involves the server telling the client what protocols it wants, and the client picking one of those protocols to actually use. However, the implementation used on most of the POS’s (VNC was installed to allow remote administration) didn’t check that the protocol the client passed back was actually on its list of accepted protocols. Therefore, you could hack a client to pass back protocol 1, which requires no authentication, and the server would gladly open a password-less connection. One other thing from the book that stood out to me was how vulnerable client machines are to being hacked. There were multiple exploits detailed in the book, mostly on old Windows software, that would allow an attacker to take control of a machine, and all that was required was that it visit a compromised webpage. There are lots more details in the book about Max’s multiple identities, different vulnerabilities, and just loads more detail, but it’d be too much to try and capture here. Needless to say, this was an easy read and a really enjoyable book.
Reviews
cporras1
Good read. Solid technical explanations, and great background.
paula
Fascinating profile of the underground carding community.
awesome
Slow at first, but eventually became pretty intriguing.
redibrd
loved it
Review will shown on site after approval.
(Review will shown on site after approval)