Ghost in the Wires: My Adventures as the World's Most Wanted Hacker

Kevin Mitnick's story is a riveting, can't put down read. You just know he will manage to work himself out of a difficult situation (until he doesn't.) The book moves quickly, yet provides plenty of details. I could easily relate to some locations (such as those in Seattle) as well as different times and events.

Mitnick started out learning more and more about phone technology. He got a HAM radio license at a young age. He learned various special "codes" for getting free calls and doing other things within the phone lines. His primary method of gaining knowledge was through social engineering. He would often exude confidence and get somebody to give him information or access he was looking for. He had used this to learn more about the phone company and later computer systems.

Eventually his snooping caught up with him. He was imprisoned as s juvenile. There was a great deal of exaggeration and  trumped up charges. (Cybercrime was something new and the authorities just didn't know how to proceed.) After being free, he led a relatively normal life until things caught up with him again. He had suspicion of a hacking friend he met. He used his skills to learn more information and learned that he was going to be busted. He fled, used social engineering to obtain fake identities and tried working regular jobs. On the side, he led a sport of obtaining source code for major operating systems. He had a mobile phone that he could change at will as well as many other tricks of the trade. Eventually he was caught jailed and then set free.

It is interesting what has changed as well as remained the same. A lot of the information that he had gone through great trouble to obtain is now available online. Phone companies are pretty much "old news". There are probably still plenty of the hacks that can be done, but it is also easy to just grab a bunch of burner phones. Phone and internet usage is also so cheap that a lot of the free calling features are not worth the effort. (I do remember having a friend get "busted" after using some codes to get free long distance dial-up back in the days when a 9600 bps modem was blazing fast.)

Social Engineering and hacking is become even more powerful today. People are trusting. At one company, I called the helpdesk from home and had no problem getting a password reset. Social engineering is often the lead entry point for many attacks today. We continue to be just as vulnerable as we were in the past - despite more knowledge of attacks. Unfortunately there are also a large number of malicious players out there, making the scope of damage worse. How can we manage a society that relies on trust without letting the bad players ruin it?