hankrules2011

Book reviews, health, hockey, publishing, music, tech

Posts Tagged ‘hacking’

Amazon: 25 Years Of Loyalty Down The Drain

Posted by Scott Holstad on March 18, 2020

For the moment, I only have the time to copy and paste a very short post I published on LinkedIn today, but I hope to return to this topic later with a lot more to say, including specifics, details, statistics, and commentary. All I know is I have been more loyal to Amazon as one of its earlier customers for the past 25 years than nearly any other company, but after a number of events over the past few months, they are now permanently on my SHIT LIST from hell, I feel betrayed and I want them — and everyone else — to know about it. Apparently they’ve gotten so big, they don’t and won’t give a shit, but I still have a right to speak my mind, so I will…

From my LinkedIn post today: https://www.linkedin.com/feed/update/urn:li:activity:6646086971418566656/.

 

After 25 years as a loyal customer, Amazon has made it to my shit list & it’s sad. I’m so ticked. Lately, when I have the gall to order things & give them $, they’re screwing me by declining legit orders, terminating my password & ALL recent orders – for no good reason. It’s INSANE! Today, I spent 3 hours finding items, ordered dozens for $$ & they shut me down for the 2nd time in 3 days. They no longer like it when I order 100 items or $1000, though they liked it for 24 years. (Also shut me down for 2 Kindle books!) There’s no $ problem, I’m NEVER close to credit limits, not late on payments, but now twice in 3 days, the 5th in 6 weeks-I can’t reset my password, have to CALL IN (prehistoric). The 3 times I’ve done so, I average 2 hours & 4 reps per call due to alleged “unauthorized party access.” I’ve said if true, my banks would be calling within minutes: they don’t. No one else has this problem with me. ALSO, there isn’t a black market for $4 Kindle books; they’d get gift cards to sell instead. I’ve spent $2.5 MILLION+ personally & $4 MILLION+ professionally with them & this is what I get? They’re stupidly throwing away a $7+ Million customer?? I’m going elsewhere. Others want my $$….

 

[To be continued…]

I can’t believe @JeffBezos would endorse or approve of this. If so, his principles have taken a big hit & he’s joined the legion of other Internet greats who had awesome ideas, built something wonderful, grew a great customer base (with myself as one of them), only to abandon a number of customers by apparently thinking he’s too big or good for them now or they don’t matter anymore. I really have no idea what else it would be because idiocy of this magnitude would have to come from the top. I really have had so much respect for him for over two and a half decades. This is massively disillusioning. There’s a reason that moron in the White House got voted in with his transparent crappy statements about “making America great again,” because while neither he nor his followers are the ones who can or will do that, he’s actually right in the sense that most Americans no longer have the work ethic, principles, common sense, business sense, intelligence, dedication to service or quality we did as a nation for so very long. There’s a reason the US has dropped in nearly every field and category that exists. I thought Bezos was one of the few left who still had some of those qualities. Apparently I was mistaken. Pity…

 

Posted in Uncategorized | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a Comment »

A Review of The Watchman

Posted by Scott Holstad on December 29, 2015

The Watchman: The Twisted Life and Crimes of Serial Hacker Kevin PoulsenThe Watchman: The Twisted Life and Crimes of Serial Hacker Kevin Poulsen by Jonathan Littman
My rating: 5 of 5 stars

I’ve long heard about Kevin Poulsen, but didn’t know as much about him as I did about another early hacker, Kevin Mitnick, and I wanted to learn more, so this book was great. And it just so happened that it was by one of my favorite technology nonfiction authors, Jonathan Littman, who also wrote a book on Mitnick that is also quite good. Mitnick may be more infamous, but Poulsen was possibly better. It’s debatable, but regardless, Poulsen was one of the early old school hackers to take complete control of the phone system and change the way America and law enforcement looked at hackers.

Poulsen started out, like so many of the early ones, phone phreaking in his early teens and graduated into hacking. He early on learned the innards of Pac Bell, first by dumpster diving, then by social engineering, then by phreaking. By his late teens, he probably knew more about the phone system than any non-phone employee in the world, and more than many phone employees themselves. Unfortunately, he of course, got into legal trouble and had to get a “real” job, so ironically, he got a job with SRI, a major defense contractor, where he got a security clearance and worked with top secret military information. Also, ironically, his young boss was another (former) phreaker who started to encourage Kevin to resume phreaking and hacking and together they started engaging in criminal activity, going to Pac Bell switching centers and picking locks and breaking in, stealing manuals, passwords, souvenirs, phones, accessories, switches, and everything else. Kevin eventually got COSMOS manuals, which gave him total access to everything in Pac Bell’s systems, so that he could create new phone lines, new switches, could wiretap anyone he wanted from anywhere, could place calls from dozens or hundreds of untraceable locations, etc. He broken into TRW to scam credit reports, the DVM, the FBI, Pac Bell Security, etc. His buddy Ron, who’d already been busted for hacking/phreaking, grudgingly helped him at times. However, he started spending so much time at night out doing criminal activity that he was neglecting his really important defense job, that they fired him. However, he landed at Sun Microsystems, which would have been really cool if he could have stayed there. Except he got arrested. And released on bail. And went from Northern California to L.A. There, he and Ron met a strange so-called hacker named Eric Heinz, among many other names (Justin Peterson was another). He figures prominently in the Mitnick book. He was an older hacker who looked and acted like a celebrity rocker, hanging out in Hollywood clubs, driving a Porsche, having sex with different girls, usually strippers, every night, recording the acts, usually bondage, and he was a violent criminal – who also knew how to hack, to a certain degree. He wasn’t as good as Kevin, but he wanted to learn and he was eager to help Kevin, so they formed an uneasy partnership and off they went breaking into Pac Bell switches at night. By this point, Kevin was so brazen that he made himself Pac Bell IDs, uniforms, stole a Pac Bell van, drove to their headquarters in LA, walked in, knowing he was wanted, signed himself in, walked to the Security department after hours, broke in, and made copies of all of the memos and documents about him and his partners, hundreds of pages, and walked back out. When the Pac Bell security personnel finally tracked him down with the police and the FBI some time later, they were shocked at finding their own “secure” documents in his place. He also found out who they were wiretapping and wiretapped them back.

Here’s something he did that was a little sleazy. He had always justified his actions as simply innocent old school hacking, harming no one, searching for information and knowledge. However, at some point, he became aware of a group of 50 dead phone lines and voicemail boxes attached to LA escort Yellow Page ads. He went into COSMOS, snagged all the lines for himself, making them untraceable, set up the mailboxes, found a pimp/partner who had the girls, set up an escort ring, and became an digital pimp. He never saw the girls or the pimp. He just liked the challenge and I guess he made a few bucks from it too. However, what he’s most famous for is fixing, not once, but twice two radio station call in competitions with the DJ, Rick Dees, where they were giving away a $50,000 Porsche. He and Ron rented a seedy office, got eight phones, set up eight phone lines attached to the radio station, ran them into his phones, and when the three songs were played in order and the phones started ringing, at some point, the callers all got busy signals and Kevin and Ron were the “right” callers and won their cars. They also won other deals, like $10,000 in cash and trips to Hawaii. Another biggie is when Kevin was featured on the TV show, Unsolved Mysteries, at the request of the FBI. While it was being aired, all 30 phone lines to the show went down for the duration of the show while the FBI sat there and fumed. They knew what had happened and who had done it.

Eventually Kevin and Eric had a bit of a falling out and Eric got especially careless. Kevin was cocky and got a little careless himself. Arrest. He was facing two federal indictments in northern and southern California, one of which would have netted him 100+ years in prison, the other of which would have given him 37 years in prison. The headlines were brutal. The charges were insane. Espionage. Breaking into military computers. Military networks. The implication that he had been wiretapping the Soviet Consulate in San Francisco. Not proven. Classified military documents. Well, he has security clearances and that was part of his job. Idiot prosecutors and FBI were too stupid and too eager to send him to prison for life to actually look at what he had actually done or not done. When it was all said and done, most of the charges were dropped, virtually all of the serious charges, and he served about five years in prison. This was in the early 1990s, even though his hacking career began back in the very early 1980s. I don’t know what happened to him between when he got out of prison and now, but I do know that now he’s a respected security “expert” and journalist. He’s an editor for Wired Magazine and recently wrote a book called Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground, which I read just a month or two ago. It was well written and quite interesting. So obviously, he’s come a long way and more power to him. He had a lot of growing and maturing to do and he seriously had to pay his debt to society. It appears he has.

For me, this book is probably worthy of five stars, but I’m not certain if it’s outstanding enough to actually merit five stars. It’s a tough call. It’s at least a four star book. It’s interesting, well written, detailed, tension filled, easy to understand (for the most part), and well documented. And I don’t really know how it could have been improved. So to be honest, even though I’m not certain it’s a five star book, I don’t see how I can’t give it five stars. I just don’t see how it could have been better. It was an excellent book. So, five stars and recommended if you like to read histories of old school hackers and hacking.

View all my reviews

Posted in Writing | Tagged: , , , , , , , , , , , | Leave a Comment »

A Review of Fatal System Error

Posted by Scott Holstad on December 22, 2015

Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the InternetFatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet by Joseph Menn
My rating: 3 of 5 stars

Fatal System Error is an absolutely scary as shit, totally frightening book about today’s hackers and their ties to the Russian mob and how billions of US dollars in terms of identity theft and credit card fraud make their way to the Russian Mafia through this new breed of hacker. The author is a technology journalist who is a decent writer and the book could have been good, and at times, is, but it has some major flaws as well. First through, Menn, the author, traces the lives and paths of new cybercrime fighters in America and Britain, Barrett Lyon and Andy Crocker, as they develop ways to defend against hacker attacks and ultimately carry the battle to them. What they find out and how they did it is shocking.

Lyon, a young California computer geek helped a friend’s company stop something called a DDOS attack (denial-of-service) in the early 2000s. This was fairly new and some hackers had figured out they could start using their computers and other people’s computers in what later became known as bots and botnets to flood a person or company’s single server with data requests, thus bringing it down and bringing it offline. They initially started doing this to offshore gambling sites, where there was majorly big money to be made, and they demanded “ransoms” of some $5,000, $10,000, $20,0000, and as time went by, as much as $200,000, payable in hours, or else these sites would be shut down on a big game day and these betting sites would lose many millions of dollars. One of these major gambling sites heard about what Lyon had done and hired him to quickly defeat a DDOS attack against its company, which Lyon did. The thing I don’t really understand, since this became Lyon’s thing and since the author made such a big deal about this for about half the book and made such a big deal about Lyon’s computer genius, is that it seems to me that Lyon merely obtained and later bought large server farms to build up bandwidth and capacity to defeat the DDOS attacks – and it worked. But that’s not genius! Anyone could figure that out! That’s just brute force defense. There’s no brilliant coding. There’s not even any brilliant networking. No virus traps, no Trojans, no sniffers, nothing. Just server farms. Okay, whatever. He started his own company, with the backing of a number of these gambling companies he was now working for, all offshore, and which he rather stupidly and naively didn’t realize were themselves criminals, er, US mobsters. So, he started his own business with mob money. At some point, he rats them out, loses his business, somehow survives, starts a new business, and discovers that the world of hacking has passed him by, as DDOS is a thing of the past and he has to catch up if he’s going to sell his security skills. Lyon at some point started tracking hackers though various networks, finding that many of them were Russian punks, just teens. As part of this investigation, he came into contact with an English policeman named Andy Crocker, who was doing the same sort of investigation, but on an official basis for his government. Simultaneously, though acting independently, the two began to move in on the “bad” guys, watching as they transitioned from basic hacking to DDOS ransom schemes, then to identify theft and credit card fraud, and finally to government-sponsored cyber attacks on other governments and multinational corporations.

Andy Crocker was a British policeman, former military, now working a national task force dedicated to eliminating Internet crime. As noted, he came across Lyon while researching these hackers who were also hitting British gambling companies. He traced them, like Lyon, to Russia and other Eastern European countries, such as Kazakhstan, Latvia, and Estonia. Like Lyon, he was able to trace the originators of some of these DDOS attacks to actual hackers and found out some of their true identities and locations. He actually traveled to Russia to begin a cooperative effort with the FSB and MVD to locate, arrest, and prosecute these Russian hackers. And although it took great effort and a hell of a long time, they got three of the prominent ones, all young kids who had done a hell of a lot of damage and were responsible for millions of dollars of theft and destruction. But they obviously weren’t the only ones, by far. There were thousands of others and these were low level hackers. They wanted to go after bigger ones. And to their dismay, they found they couldn’t. One they tried to get was the son of the province’s police chief and he was untouchable. The biggest, someone called King Arthur, who was allegedly making a million a day, was unknown and unreachable and was a god in the hacking world. They eventually found his country and he was also untouchable. Andy was told by everyone that no one could go after him. That no one could arrest him, sorry. Someone big was looking out for him. Crocker came to the conclusion that either the Russian mob and or, and more likely, the Russian government was using and protecting the big Russian hackers. It was depressing. In fact, after Crocker returned to England, the Russian prosecutor of these hackers who was so gung ho about prosecuting more Russian hackers was found murdered!

Another depressing thing was just how deeply into Russian society this world of hacking and cybercrime runs. Apparently, St. Petersburg is a monster crime haven. Apparently there’s a mob organization so big and so powerful and so feared that they brazenly run ads advertising their services and skills openly and offer a home to over 100 big league hackers, carders, virus makers, botnet owners, scammers, spammers, crackers, etc. It’s called the Russian Business Network (RBN), and although it’s theoretically merely a network provider, it’s widely thought to be a government-sponsored, mob controlled crime syndicate that is extremely violent, horrendously violent, and very dangerous. And there’s not a damn thing anyone can do about it. It’s completely protected. It seems that virtually everything seriously big, bad, and evil goes through the RBN. No one can penetrate it. It’s a god.

The book goes on to assert that the battle against hackers and cybercrime has essentially been lost. That those who argue that real-time, live use of credit cards is riskier than online use are insane and dead wrong (which is interesting, cause I just read a carding book by uberhacker and now-Wired editor Kevin Poulsen stating this very assertion the author’s denying). That over 30% of America’s credit card numbers, as well as Social Security card numbers and other forms of ID, are in the hands of the Russian mobsters. This book was written in 2010. I imagine if this was true then, it’s probably worse now. It’s depressing as hell. Still, the two times I’ve been victimized by credit card fraud and theft, it’s not been online; it’s been live use theft.

The thing that really irritated me about this book, though, was that the author relied virtually exclusively on these two “experts” (one of whom I question is actually even a real expert) to write the book. Shouldn’t he have sought out sources from CERT, the much maligned (in this book) FBI, Secret Service, FBS (since he went there), big name hackers (go to the source), white hat hackers, other security professionals, etc.? Why rely on two people who may have had five years of varying degrees of success in the mid-2000s, neither of which I’ve ever heard of, and I’ve heard of many major security professionals, when there are so many sources to choose from? It seems short sighted and it seems like you’re limiting your book and your readers’ educations and experiences. I don’t like it. But that’s what he chose to do, so that’s what I have to live with. Still, I dislike it so much, and I dislike the fact that he focuses so damn much of the book on one figure who focuses almost exclusively on a hacking technique (DDOS) that went out of style even before the mid-2000s, that I’m knocking the book down from four stars max to three max. This could and should have been a much better and broader book and it wasn’t. I think the author did the reader a grave disservice. Not a great book with unusual sources, but slightly recommended if you want to wake up sweating in the middle of the night.

I found a number of interesting reviews, one of which impressed me so much, that I’m going to print it here without the author’s knowledge or permissions, but while giving him full credit and hoping he approves. I think he makes some excellent points about the book and they’re worth reading.

Joe White rated it did not like it · review of another edition
Shelves: on-shelf, techread

One star

Thank goodness for Goodreads reviews and bookswap. Reading the prior reviews I had low expectations for this book, and through swap I only wasted money on the postage.
The book can almost be divided into 3 segments. The author seems to only have interviewed two main participants against internet crime, and came away with an incomplete and incoherent understanding of any details of the problem. He almost attributes all the evil on the internet as having a denial of service as the source. Even during the second part of the book, which included the topic of identity theft, he was attributing most of the theft activity to DDoS. I think he just like to bring up the acronym.
Some of the problems I had with the book :

1. There were 90 pages attributed to crimes of US mafia figures, in which the dollar amounts of each occurrence were laboriously spelled out like a Bob Cratchet accountant listing personal losses and moaning about the inability of the FBI to pursue the Gumbas and delegate justice. Literary style could have been extended to a two-page spreadsheet report detailing the who, how, and how much figures. This segment of the book generated the feeling of watching a Godfather marathon movie session, and I felt really diverged from the intent of discussing internet crime in terms of how the internet is the enabling tool. I already suspected that mules carry money, people get killed, and identities are just handles to hide behind.

2. The swashbuckling crime fighting DDoS buster had a girlfriend to whom a few pages were wasted on. Since she was irrelevant to the overall topic, she could have been mentioned once for background, and not introduced as what might have become a significant character (but never did).

3. The mechanics of defeating a DDos attack were never detailed. The server farm set up in Phoenix had the bandwidth and number of servers to defeat an attack, but there were no details provided as to why it was specifically set up in Phoenix, what its components were, and how a direct attack defense was managed.

4. Because the author seemed obsessed with DDoS, he mentioned bots and botnets at least once on every 3rd page. He never described a bot to the laymen. He never made it clear whether a bot could consist of a virtual machine created for a purpose, or whether it had to be an independent 3rd party box belonging to an unsuspecting bystander. The author never fully explained the mechanics of a trojan horse implant, and didn’t clarify the difference between a virus and trojan horse. He also never explained what can be done at the individual user level to fend off trojans and viruses, except in a short subject dealing with phishing emails generated by spam during — DDoS attacks. He never clarified that DDoS isn’t necessary for phishing, and neither are bots.

5. Only once was it mentioned that one group switched to Macs because they seemed less susceptible to attack. He mentioned at least twice that you can’t sue Microsoft for providing a faulty OS combined with a poorly updated integrated browser, because purchasing a machine with Windows provides only a license to use the software and provides no firm sale transaction in which a person owns the software running on the hardware that they do own. He did mention the Microsoft monopoly on the OS, but failed to mention that Microsoft was prosecuted in conjunction with monopolistic powers only related to installation of a browser. It was never mentioned that Microsoft to this day controls hardware vendor access to Windows, and if the hardware companies dare install anything else but Windows or MS products, they will be heavily penalized in regard to being able to install Windows. If anyone says the Dell sells Linux, I must say that I’ve only ever been able to find minimal hardware boxes in the very basic desktop configuration, and in selecting one of those choices, there is a radio selection button for the OS that would full form advance to a Windows selection. Phone inquiries were even worse at the individual customer level. Only institutional server customers could purchase equipment with Linux pre-installed. Same story at all vendors except Lenovo, and then only through individual providers.

6. The author in the last 50 pages provides a conglomerated synopsis of headline events and trends regarding contemporary internet warfare across national borders. China is mentioned as a war opponent in cyberhacking, but it is never mentioned that China manufactures a significant volume of the circuitry used in electronics and could very easily, using the subversion techniques described by R.J. Pineiro, hide logic bombs and covert data skimmers within circuit boards and components. This could happen to Apple and all the phone manufacturers, so that their equipment could be subverted despite the installed software. Of course the title of the book was “the hunt for the internet crime lords”, so hardware subversion might have been beyond the scope.

7. Since the title was the “hunt for the New Crime Lords who are bringing down the internet”, some credit must be given to the author for remaining in the hunt venue, and not providing the extraneous technical details that readers might be led to expect by the book-cover blurb adulations such as “A fascinating high-tech whodunit”. The high tech here would be synonymous to an interstate highway providing speeders the ability to go faster.

8. The middle segment dealing with a physical legal pursuit presence in Russia, was in my opinion the redeeming revelation of the book. Life in Russia has never been painted as a Disneyland experience, but the adverse conditions both politically and physically presented here, really underscored the futility of pursuit of Soviet area bad guys in their home territory.

View all my reviews

Posted in Writing | Tagged: , , , , , , , , , , , , , , , , , , , , | Leave a Comment »

A Review of The Fugitive Game

Posted by Scott Holstad on November 5, 2015

The Fugitive Game: Online with Kevin MitnickThe Fugitive Game: Online with Kevin Mitnick by Jonathan Littman
My rating: 5 of 5 stars

I realized as I was reading this that I had read this before — 20 years ago when it was first published. I had forgotten that, but it came back to me as I read it again. And I really enjoyed reading it again, even though so much about technology and the Internet has changed since then. Littman wrote so that the information still seems relevant all this time later.

The book is, of course, about the world’s most famous hacker, Kevin Mitnick, and about the government’s insane obsession to catch him and bring him to their form of “justice” back in the mid-90s when he was a fugitive. Littman interviewed tons of people for this book and spent over 50 hours interviewing Mitnick himself, so I take Littman’s word over anyone else’s aside from Mitnick’s himself in his own autobiography of a couple of years ago (which was excellent), particularly those of John Markoff and Tsutomu Shimomura, the author/New York Times reporter and the NSA spook and super security expert/hacker who “helped” the FBI track and catch Mitnick.

The book details Mitnick’s unhappy childhood, his beginnings in ham radio and then computing and phone phreaking, his growth in social engineering and his troubles with the law as a teenager. It started early. And hacking became an obsession. However, Mitnick was an “old school” hacker. He didn’t do it for money or profit. He did it for the challenge and for information. He liked breaking into systems and finding out information and he liked breaking into phone systems. As a young adult, he was once again caught and sentenced to a fairly short term in prison, but he was put in solitary for eight months and it scarred him, permanently. He was allowed outside for one hour a day — with murderers. He wasn’t allowed access to computers, of course, or even to telephones, as the prosecutor had convinced the judge he could start World War Three by using the phone to launch our nuclear missiles, as insane as that sounds, and the judge bought it. When he got out of prison, he tried to get a legitimate job, but his probation officer would call these companies and tell them Mitnick couldn’t be allowed near money or anything secure, so he couldn’t get work. He grew even more bitter. He and his hacker best friend Lewis DePayne started doing some black stuff again.

Meanwhile, much to my initial confusion, Littman’s book actually pretty much starts off with the story of a different hacker, Eric Heinz, aka Agent Steal. Aka quite a few names actually. And one who is actually an FBI informant. And one who sets up Mitnick for a sting which the FBI will use to arrest Kevin again so they can put him away for a good, long time. Why? Don’t know. He had already done his time. He was doing no real harm. He was trying to live a decent life. So the FBI was trying to screw him over from day one. Nice. Great government watching over us. Mitnick and his buddy caught on, however, and started tapping the phones of the FBI agents watching them. Kevin was working for a detective agency at the time and found out its lines were tapped, as well as his father’s, so he knew what was going on. At some point, though, Heinz started screwing the FBI by doing some black hat hacking and when they went to arrest him, he went on the run, so their informant was a bust. Littman actually interviewed him over the phone a number of times.

Around this time, Kevin’s probation was about to run out. However, literally as that was about to happen, he screwed up and was almost arrested and he fled. All of a sudden, he was a fugitive on the run. And so it really began. Mitnick disappeared, although he apparently later went to Seattle because he narrowly escaped arrest there some time later. He and Littman got in touch through Lewis and the telephone calls began. Littman paints a fairly sympathetic picture of Mitnick, although not always. For instance, he wasn’t thrilled when he discovered that Kevin was reading his email on The Well, an ISP I used to use at the same time. When Littman told The Well’s tech support staff that a hacker had root access on their system, they said it was impossible, their system was impregnable, and they wouldn’t believe him. But Kevin had hacked their system and was not only reading email, but dumping huge files on their system, stolen source code he had hacked from corporations such as Motorola, Qualcomm, perhaps DEC, and ultimately over 21,000 credit card numbers he stole from Netcom, another ISP. Ultimately, the FBI would accuse him of stealing credit card numbers from computers all over the country, which wasn’t true, but they never accused him of actually USING any, as he never did, so he never gained anything monetarily from them. Furthermore, with all of his hacks of source code and programs, they claimed he stole $80,000,000 worth of stuff. But he never sold any of this source code, never profited from it in any way, never deleted the original source code from the companies he made COPIES from, never actually hurt them. So the FBI was clearly out to screw him. And when they ultimately got him, he was facing over 200 years in prison.

Meanwhile, the self described Kevin Mitnick “expert,” John Markoff, a New York Times reporter who had written a book on hackers a few years before, about a third of which featured Mitnick, was busy writing front page articles on Mitnick and the dangers he presented to the world. He wrote old allegations and myths that Mitnick had hacked into NORAD, inspiring the movie Wargames with Matthew Broderick, that he had hacked into numerous secure sites that endangered the safety of our country, that he was stealing phone companies’ software worth billions, etc. Markoff hadn’t even talked to Mitnick. Littman had. A lot. Markoff and Littman knew each other as journalists. They even had lunch together a few times. Littman never told him he was in contact with Mitnick, even as Markoff stated that he wanted to catch Mitnick himself. Littman was a little shocked by that.

So Kevin was on the run all over the country and kept calling Littman. Meanwhile, on Christmas day in 1995, I believe, Tsutomu Shimomura, a quietly well known NSA “spook” and super security expert had his personal computer broken into and everything in his computer stolen, which included a number of custom built “tools” which would enable someone to basically break the damn Internet and also cell phone code that would enable anyone to eavesdrop and trace calls without a warrant, among many other things. It made huge news and within hours, Markhoff reported it on the front page of the New York Times. At the same time, Mitnick called Littman, gleefully giving him a detailed account of how the hack attack took place, what happened, what was stolen, what happened to it, etc. Obviously, Littman was left to conclude that Mitnick did it, and everyone else concluded the same thing, based on Markoff’s article. Shimomura was mega-pissed and vowed to catch the person responsible as a matter of honor and immediately set about doing so. With Markoff at his side. Which was odd. What was an NSA spook and a journalist doing going about pursuing a federal fugitive with or without the FBI’s help? Were they deputized? No. Nonetheless, they flew to San Francisco, where the US Attorney and FBI agent in charge essentially put Shimomura in charge of things. He brought his own equipment with him and using it, as well as, perhaps, the equipment of the cell phone companies and the FBI, he was able to determine that Mitnick was in Raleigh NC, so he flew there immediately and joined a Sprint technician with scanning equipment. Where they were joined by an unidentified Markoff. And a couple of FBI agents. The Sprint guy and Shimomura located Mitnick’s apartment in 30 minutes. They then returned with Markoff holding the equipment for another look. A journalist playing the active role of law enforcement. Littman pulls no punches in how he views this. And when the FBI finds out about this, they lose it. Shimomura tries to throw his weight around, but they dump Markoff. Nonetheless, Shimomura still has enough weight to accompany the FBI to Mitnick’s apartment the next day to arrest him. As Mitnick is being handcuffed, he tells Shimomura that he respects his skills and Shimomura just stares at him.

But it doesn’t end there. Mitnick is eventually flown from North Carolina to California after being jailed there for far too long and after Markoff’s articles have made Shimomura a superstar. And surprise, surprise, Markoff and Shimomura sign a $750,000 book deal for a book on their tale of tracking down and capturing Mitnick. Then they sign a movie deal based on the book for a whole lot more money. It’s truly disgusting. Mitnick hires a good attorney, but the US Attorney hates this man and sets out to screw Kevin by indicting his buddy, Lewis. Mitnick’s attorney already represents him and can’t then represent Kevin too, so Kevin is left without a lawyer and the public defender says they have no one to take his case. He’s truly screwed and looking at 200 years in prison. But something happens. Magazines and newspapers start looking at and questioning Markoff and Shimomura’s roles in this event. It seems suspicious. For everything that happened in this case, Markhoff was prepared with a front page story within several hours, like he had written them ahead of when they actually occurred. Almost like Mitnick was entrapped by Shimomura on the Christmas day attack. And then there was the rumor circulating that an elite Israli hacker had actually been the one behind the attack on Shimomura’s computer and that, moreover, it wasn’t the first time his computer had been penetrated and that, moreover, a number of people had his files and programs. Kevin was just one of them. So was Kevin set up by the government and Markoff/Shimomura? They certainly appear to have used unauthorized wiretaps, illegal hacking actions, illegal hacking/phreaking tools and actions for which Shimomura had had to get immunity to display to Congress two years before, but which was still illegal, etc. There were a lot of irregularities with this case. And of the 24+ indictments, not too many made sense. There weren’t many that were absolute and provable. In fact, the only one that seemed solid was his probation violation. That’s it. He never actually broke anything. He never used anything. He never made any money. He never really did anything evil, unless you think tapping FBI agents’ lines who are tracking you is evil or reading the occasional illicit email. Really, this deserves 200 years?

The book ends before Mitnick is sentenced. The good thing is the book is old, so you can find out that Mitnick only had to serve five years in prison and is out and reformed and has his own security company now and seems to be doing well, so more power to him. Meanwhile, Shimomura lost his fame almost as soon as the media started questioning his actual role in things and Markoff’s legitimacy took a hit too. And they lost their movie deal. Boo hoo. Frankly, I think they were vindictive assholes, plotting to take down the world’s most famous hacker for no other reason than pure fame and profit on their part. I think they were mega-dicks. I’m pretty sure Markoff is still around. I don’t know what became of Shimomura. I assume he’s still at it, but if so, I hope he’s keeping a low profile and isn’t doing what he very obviously was doing then — illegal hacking and phreaking — for the feds. Fascinating book, even after all these years. Definitely recommended.

View all my reviews

Posted in Writing | Tagged: , , , , , , , , , , | Leave a Comment »

A Review of Kingpin

Posted by Scott Holstad on October 22, 2015

Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime UndergroundKingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Kevin Poulsen
My rating: 5 of 5 stars

Kingpin is a fascinating and utterly frightening account of one hacker/carder who essentially took on the world and took over the billion dollar carding empire — until the FBI finally got him. Max “Vision” Butler was a giant self taught computer genius from Idaho who settled in San Francisco and met another guy named Chris and found they had some things in common, like making money and hacking. Max had already been in prison for hacking and had a vendetta against authority and society even while at the same time viewing himself as a “white hacker,” hacking for society’s good. He was a walking dichotomy. They set up a carding scheme with Max as the hacker/carder, hacking at first into restaurant point of sales machines and getting credit card data from them, and later into a zillion “secure” computers and servers of banks and companies (and individuals too) around the world. He gave the card data to Chris who built a card making factory in Orange County and soon he was making millions, while paying Max next to nothing. But Max enjoyed the challenge of hacking and carding. And he was the best, or at least one of the very best. There was a Ukrainian who could have challenged him for that title, apparently. Going by the name of “Iceman,” Max destroyed all of the English speaking carding boards on the web one night and transferred all of their members to his new board, Carders Market. There, people exchanged ads and sales of stolen credit card numbers, by the millions at times, and other card and ID making odds and ends. Until one FBI agent infiltrated a competing board that Max had taken down. It was brought back and this agent was made an admin there. He was getting tons of info, but he was after Iceman. Trouble was Iceman found him first and tried to out him. The irony was, this FBI agent was so good that as soon as he was outed, he made some major online changes and defended himself successfully and pointed people in other directions. Another irony is that so many carders and admins were actually FBI informants. The story of how Max was ultimately caught and brought to justice was pretty exciting, like an action novel and again, the irony was it occurred immediately after he decided to quit carding and go legit and he had deleted his account from the board and was saying his goodbyes, even as the FBI came storming through his door.

This book is especially good because it’s well written and written with authority, as the author, Kevin Poulsen is a well known former “dark hat” hacker from before Iceman’s time, and is now a Wired editor. He writes quite well and while explaining technical things like Sequel hack attacks in Internet Explorer, it never feels like he’s talking down to you. Indeed, he even shows some lines of code at various places in the book so you get a feel of what some of the hacks looked like. I’ve got to say, though, that I’m damn glad I use a Mac. Virtually all of the hacking/carding is done to and with Windows machines and can’t be done on Macs. And since 95% of all computers and servers are running Windows commercially, it’s scary as hell, but at least I don’t have to worry about anything here at home. I hope. Still, the scary thing to learn was that online transactions are actually much more secure than live credit card transactions and that restaurants are the absolute worst. Followed by retail stores and gas stations, etc. The primary reason it’s so bad in America, and trust me, we’re not told just how bad it is, is because our credit cards still use those magnetic strips, which are completely hackable. The rest of the world has gone to unhackable chips and while some banks in America are making that transition — I have two credit cards with chips — most places won’t because of the expense. They’d rather pay for stolen money and credit than to upgrade their systems. How screwed up is that? People’s lives are totally ruined. Their social security numbers are stolen and sold, their driver’s licenses are stolen and sold, their credit and debit cards and PINS are stolen and sold and the banks and companies don’t want to make changes cause it’s easier and cheaper to reimburse people. Great. Makes me want to never use a credit card again. And of course, that’s impossible. Oh, never use a credit card via public wi fi. Never.

So I wasn’t sure if this was actually a five star book or not, but I can’t think of any reason not to give it five stars, so I am. Definitely recommended.

View all my reviews

Posted in Writing | Tagged: , , , , , , , , , , | Leave a Comment »

50 million compromised in Evernote hack – CNN.com

Posted by Scott Holstad on March 4, 2013

50 million compromised in Evernote hack – CNN.com.

I use Evernote. Do you? Will you now that this security breach has happened?

Posted in Uncategorized | Tagged: , , , | Leave a Comment »