The Ghost in the Wires is Kevin Mitnick’s memoir of his past exploits as a computer hacker and telephone phreaker. Today he works as a computer security consultant, paid to test security defenses for companies around the world. This book is well-written, fast paced, and difficult to put down.
There is one warning however: The ignored elephant hiding between the pages is the author’s lack of self-reflection on ethics, hacking, and his weak rationalizations for committing cybercrimes. Throughout, Mr. Mitnick commits acts that might be labeled unsocial social engineering in an effort to reach highly dubious goals.
As a child Mr. Mitnick was alternately solitary and social, having interests in various subjects including magic, ham radio, and lockpicking. He was an avid reader interested in “underground” books such as those that taught how to create fake legal documents. For one prank he switched locks on his apartment’s co-tenants’ storage bins. For another he intercepts customer’s requests over a McDonald’s drive-through wireless for the purpose of responding inappropriately. When he takes a computer class, unsurprisingly the first program he writes is one to steal passwords.
You can see where this is headed, and like Catch Me If You Can, you can predict how it’s going to end. The thrill, and there is one, is in the chase.
Nineteen-eighty is the first time Mr. Mitnick is caught by the FBI for hacking. He is given a warning because hacking is not yet illegal. Caught again in 1981 he is prosecuted in the world’s first-ever hacking case. What did he do? He walked into Pacific Telephone, said that he worked there, and walked out with technical manuals.
Only 17, he is sent to a California Youth Authority (CYA) facility for psychiatric evaluation. He spends his 18th birthday in jail. He is released after 90 days but then caught hacking while on probation and sentenced to 3 years 8 months. The prison he is sent to has limited avenues for education. He convinces the authorities to send him to a facility with a college program, and there becomes a model prisoner. He is released after six months. He is again arrested, this time for hacking he didn’t do. As he is still under 20, he is still under authority of the CYA. He is held for 57 days, sentenced to 60, and released 3 days after sentencing.
Through a friend working at Hughes Aircraft, Mr. Mitnick hacks the “Dockmaster” computer server, the server of the National Security Computer Center (NCSC), the public arm of the super-secret NSA. Using his social engineering skills he also hacks the telephone switching control center of PacBell, and from 1986 through 1987 he was able to listen in on the telephone calls of NSA employees.
Mr. Mitnick is hired into GTE’s Information Technology department but fired nine days later after someone in the security department recognizes his name. He is then hired by a bank as an information security specialist but is fired before his first day.
He hacks SCO, a company that makes computer server software. His activities are detected, and his apartment later raided by the Santa Cruz police. He wasn’t at his apartment at the time of the raid so the police leave a warrant and go. He turns himself in. In their excitement, the police forget to take his fingerprints or photograph him so no arrest record is made. SCO drops their $1.4M lawsuit against him in exchange for explaining how he did it. The final judgment is a misdemeanor, trespassing with a $216 fine, no probation, and a promise to not “commit any crimes.”
How did he do it? He phoned a secretary and shmoozed her into providing her login name and password.
He hacks Digital Equipment Corporation (DEC) and disables their security to get at the source code for the VAX-VMS operating system, which he studies for security flaws. Since the code is very large he has to break into other computer systems to use their disk space. He is arrested for the DEC break-ins in 1989.
By this time there is a myth of his having hacking super powers. Prosecutors call him a threat to national security. The charges against him include rumors and tall tales, for example that he could whistle modem tones directly into phone lines and control computers, and that he could launch missiles from NORAD. He is placed into solitary confinement in a maximum-security prison. DEC claims $4M in damages. His lawyer plea-bargains his sentence down to one year, but the judge says that that is too lenient and extends it to one year plus six months in a halfway house. Mr. Mitnick is then moved from a high security prison into a prison for white-collar criminals.
His wife divorces him on his release (having married after a previous arrest to prevent her from testifying against him). He moves in with his father in L.A., and in 1991 begins cell-phone hacking. Obtaining a copy of cell phone “firmware” he figures out how to alter billing information through the keypad.
He reverse-engineers phone line-monitoring equipment to listen in on any line at PacBell. He also social engineers PacBell to find out if his probation officers are wiretapping him. They are not, but he does find an intercept on a line of a friend of his father’s. This friend runs a detective agency (and was wiretapped for suspicion of accessing credit reports illegally). Mr. Mitnick attempts to wiretap the wiretappers only to discover that the intercepts have moved—to his father’s phone. He then social engineers PacBell’s security department to drop all the wiretaps.
During this period Mr. Mitnick meets with a mysterious hacker in order to share information. Suspicious, he believes that the mysterious hacker might really be an informant for the FBI. He confirms his suspicions by first hacking the hacker’s bank account then hacking the bank that is paying the hacker, tracing the source of the funds to an FBI account. He acquires the informant’s real name and address as the informant goes underground into the witness protection program.
In 1992, a bench warrant is issued for Kevin Mitnick’s arrest for cell-phone theft of services. This time, instead of turning himself in, he goes on the lam, becoming a fugitive. He creates a new identity, Eric Weiss, which was Harry Houdini’s real name, and creates the necessary false records, including social security card, IRS W2, birth certificate, and retakes his driver’s test.
As Eric Weiss he works for a friend as a freelance as a process-server, delivering subpoenas! He also creates a false resume and business cards, hires an answering service to intercept the phone calls made to false references, and pretends to be his fake previous job’s boss to give himself a good recommendation. He also hacks the TRW credit reporting system to pass a credit check. He is hired as a telephone and IT tech for a law firm in Colorado.
While working as an IT tech, he social engineers his way to the source code for Motorola cell phones. He almost gets the source code to Nokia cell phones but realizes the police are onto him at the last minute and doesn’t follow through. The close call of capture doesn’t discourage him. He goes after the source code for NEC cell phones.
In 1994, still free as Eric Weiss, Mr. Mitnick is fired from the law firm, the firm believing he was consulting for others on company time. Worried that his previous employer might be suspicious and investigate deeper, he moves out of his apartment and changes his name again, this time to Brian Merrill. He moves to Las Vegas to be near his mother. There he hacks CERT, the Computer Readiness Response Team, which is the central location for software bug information and also the central distributor for bug fixes and patches.
His name becomes New York Times front-page news as the hacker the FBI cannot catch. The FBI, embarrassed, put him as their top priority. Many computer system administrators wise-up to his tricks, track his activity and forward information to the FBI. Mr. Mitnick monitors the cell phone calls of the FBI agents on his trail and acquires a radio scanner to detect activity on FBI radio channels. He monitors a telephone conference call at PacBell where he is the topic of discussion. The FBI begins to encrypt their radio calls, but he jams them by transmitting at the same time on the same channel, which forces the FBI to broadcast in the clear.
In Las Vegas, the police again break down the door to his apartment. Again he is not there. But they are looking for Brian Merrill for cell-phone hacking, not Kevin Mitnick. They don’t stick around but leave a warrant. He takes a bus out of town.
Brian Merrill becomes Michael David. He hacks a security expert’s (Tsutomu Shimomura’s) computer server. This expert deputized by the FBI is the one who gets the credit for the author’s final capture. Kevin Mitnick’s cell phone is traced to a cell tower in Raleigh, North Carolina. On Feb. 14, 1995, he is tracked to his apartment. The police at his door, he denies he is Kevin Mitnick—he is Brian Merrill. The police enter. Not knowing what Kevin looks or sounds like, they don’t arrest him immediately but instead search the apartment. They find an old jacket and in it a paystub with his real name. The chase is over. The author is held without bail and spends the next four and a half years in jail—most of that time, waiting for trial.
After release Mr. Mitnick turns his life around. In March 2000, he is asked to testify before a U.S. Senate committee on the topic of computer security. His testimony is appreciated which opens up opportunities for speaking engagements: on news shows, talk shows, and think tanks. He gets his own radio show in LA. In 2001 he acquires a literary agent, and co-authors his first best seller, The Art of Deception.
Reviewer Robert Schaefer is a Research Engineer at MIT Haystack Observatory
The Ghost in the Wires, an amazing and engaging book, is destined to be a bestseller, too.
Originally published in new york journal of books, the web's most comprehensive professional book review. Reviews of other books are available at: www.nyjournalofbooks.com
CLICK HERE to purchase book: http://www.amazon.com?_encoding=UTF8&tag=wwwtos5com-20