Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Kevin Poulsen
My rating: 5 of 5 stars
Kingpin is a fascinating and utterly frightening account of one hacker/carder who essentially took on the world and took over the billion dollar carding empire — until the FBI finally got him. Max “Vision” Butler was a giant self taught computer genius from Idaho who settled in San Francisco and met another guy named Chris and found they had some things in common, like making money and hacking. Max had already been in prison for hacking and had a vendetta against authority and society even while at the same time viewing himself as a “white hacker,” hacking for society’s good. He was a walking dichotomy. They set up a carding scheme with Max as the hacker/carder, hacking at first into restaurant point of sales machines and getting credit card data from them, and later into a zillion “secure” computers and servers of banks and companies (and individuals too) around the world. He gave the card data to Chris who built a card making factory in Orange County and soon he was making millions, while paying Max next to nothing. But Max enjoyed the challenge of hacking and carding. And he was the best, or at least one of the very best. There was a Ukrainian who could have challenged him for that title, apparently. Going by the name of “Iceman,” Max destroyed all of the English speaking carding boards on the web one night and transferred all of their members to his new board, Carders Market. There, people exchanged ads and sales of stolen credit card numbers, by the millions at times, and other card and ID making odds and ends. Until one FBI agent infiltrated a competing board that Max had taken down. It was brought back and this agent was made an admin there. He was getting tons of info, but he was after Iceman. Trouble was Iceman found him first and tried to out him. The irony was, this FBI agent was so good that as soon as he was outed, he made some major online changes and defended himself successfully and pointed people in other directions. Another irony is that so many carders and admins were actually FBI informants. The story of how Max was ultimately caught and brought to justice was pretty exciting, like an action novel and again, the irony was it occurred immediately after he decided to quit carding and go legit and he had deleted his account from the board and was saying his goodbyes, even as the FBI came storming through his door.
This book is especially good because it’s well written and written with authority, as the author, Kevin Poulsen is a well known former “dark hat” hacker from before Iceman’s time, and is now a Wired editor. He writes quite well and while explaining technical things like Sequel hack attacks in Internet Explorer, it never feels like he’s talking down to you. Indeed, he even shows some lines of code at various places in the book so you get a feel of what some of the hacks looked like. I’ve got to say, though, that I’m damn glad I use a Mac. Virtually all of the hacking/carding is done to and with Windows machines and can’t be done on Macs. And since 95% of all computers and servers are running Windows commercially, it’s scary as hell, but at least I don’t have to worry about anything here at home. I hope. Still, the scary thing to learn was that online transactions are actually much more secure than live credit card transactions and that restaurants are the absolute worst. Followed by retail stores and gas stations, etc. The primary reason it’s so bad in America, and trust me, we’re not told just how bad it is, is because our credit cards still use those magnetic strips, which are completely hackable. The rest of the world has gone to unhackable chips and while some banks in America are making that transition — I have two credit cards with chips — most places won’t because of the expense. They’d rather pay for stolen money and credit than to upgrade their systems. How screwed up is that? People’s lives are totally ruined. Their social security numbers are stolen and sold, their driver’s licenses are stolen and sold, their credit and debit cards and PINS are stolen and sold and the banks and companies don’t want to make changes cause it’s easier and cheaper to reimburse people. Great. Makes me want to never use a credit card again. And of course, that’s impossible. Oh, never use a credit card via public wi fi. Never.
So I wasn’t sure if this was actually a five star book or not, but I can’t think of any reason not to give it five stars, so I am. Definitely recommended.