In 1996 I reviewed three books for New Scientist about the same 1995 events: the chase (through cyberspace and the physical United States) after and capture of Kevin Mitnick. Who's that, you say? Ah, so young. Ever heard the term 'social engineering'? Mitnick invented it.
Mitnick had the misfortune to be one of the earliest hackers, just at the moment when the meaning of that word was shifting from 'people who build things and make them work' to 'people who crack into other people's computer systems'. Mitnick owes his fame to John Markoff of the New York Times, who in the early 1990s dubbed him the world's most dangerous hacker.
As I have written at various times, this characterisation seemed overblown at the time, and seems utterly quaint now. Mitnick's skills were primarily human: he was very, very good at getting people to tell him things they shouldn't, anything from internal security codes to personal information enabling him to identify which of his apparent friends was really an FBI snitch (as he recounts in Ghost in the Wires). He was, of course, also good at putting that information to use, but unlike today's politically and financially motivated criminals, he really wasn't in the game to destroy anyone's network or garner profit for himself. Unfortunately for Mitnick and others like him, the newness of the technology meant that law enforcement reacted with panic and force. Throwing the book at Mitnick was their effort at deterring others. You can see how well that worked…
The three 1996 books were: Takedown, by John Markoff and Tsutomu Shimomura (whom Mitnick calls 'Shimmy' in Ghost in the Wires); Jonathan Littman's The Fugitive Game, and Jeff Goodell's The Cyberthief and the Samurai. Only Littman had actually interviewed Mitnick at any length, but his book was so focused on what Markoff — who sat in on the chase and followed up by selling a screenplay — knew and when, that you didn't get much sense of Mitnick's own story. It's taken 15 years of waiting out the court-imposed prohibition on making money from his story for Mitnick to finally be able to tell it himself. Along the way, he takes the opportunity to correct the many misperceptions and inaccurate reports and avoid hyperbole. Some unexpected details emerge. Mitnick got interested in security at ten, when he discovered stage magic and the art of deception. It's a good read.
His resentment seems much diminished from contemporary interviews, but then he has a big finish. The unwanted fame bestowed on him by the media and the unfair treatment he received at the hands of the American justice system (eight years in prison without a bail hearing) meant that since his release in 2003 he has become a successful speaker and book author on security topics. Auctioning his prison ID raised nearly enough money to pay off his eventual $4,125 fine, and things have only improved from there. CISOs of a major companies might never trust a former hacker to secure their systems personally, but they understand that Mitnick knows more about how someone might crack their systems than they do. Ghost in the Wires rights a final, vestigial wrong: until now, everyone has made money from Mitnick's story except himself.
Ghost in the Wires: My Adventures as the World's Most Wanted Hacker By Kevin Mitnick, with William L. Simon Little, Brown 414 pages ISBN: 978-0-316-03770-9 $25.99