Review: Ghost in the Wires

Written by Mitnick Security | Oct 4, 2016 12:00:00 AM

Ghost in the Wires’ is the autobiography of Kevin Mitnick, the “world’s most wanted hacker”. The book came out in 2011. Mitnick now claims to be reformed and has his own security consulting company.

Kevin Mitnick, as a teenager, was curious about breaking into computer systems. He did so, explains in the book how broke in mainly by using social engineering methods, and eventually got caught and was sent to a juvenile correctional facility. With this began a cycle that would repeat itself many times over the book.
The book is best in the early parts when Kevin describes one of his hacks. He understood that any system has weaknesses, technical or human. He would find a weakness and exploit it. He would persist if initially unsuccessful. The hacker mindset on display as he attempts to break into something just for the fun of it is something that people would do well to understand. Also, the ease with which systems built by hundreds of people can be subverted using very low-tech methods is something to know about.

As a person with some technical knowledge, I was able to follow a great deal of the technical hacking described in the book. A lot of what is described (“getting root”, “exploit [noun]”, etc.) is incomprehensible for the layman - my father gave the book a try. Surprisingly, the book gets boring after a while. Within the first hundred pages, one learns everything there is to know about Kevin’s non-technical social engineering skills. What follows is a repetition of what already happened: Kevin decides to break into something; he calls someone pretending to be someone else, elicits and easily gets required information from them; he breaks in; he learns that law enforcement may have gotten wind of it; he tries to cover his tracks and breaks into something else to get more information. The cycle continues, occasionally punctuated by visits from the police. 

The discussion regarding law enforcement becomes complicated by the fact that they (and criminal prosecution) do not appear to have a good grasp on what Kevin has actually done (according to him), accuse him of crimes that he did not commit (according to Kevin) and prosecute him for the same. This is another interesting thing about the book that everyone trying to stay on the right side of the law in a fully internet-connected world should appreciate. 

A serious problem with the book is Kevin’s lack of contrition. He is repeatedly sorry for the harm he did to his loved ones, but has no feelings whatsoever for the companies that he broke into, their employees, or for the people whom he insults with snide remarks in his book. His language, as a man in his forties (when the book was written), shows an immaturity that should have ended with teenage. Kevin repeatedly refers to the man who caught him, Tsutomu Shimomura, as “Shimmy”; he calls people “bastards”; he unnecessarily names and shames a colleague who may have wanted to have sex with him; etc.

The casual reader would learn much about the vulnerability of the devices and infrastructure that we use from going through about 100 pages of the book. 300+ pages is way too much to read about one egoistic hacker who may not have learned his lessons.
 

Source: Essays on Security