Saturday, March 26, 2011

Kingpin by Kevin Poulson of WIRED

I love to read, but it's been quite a long time since I had one of those "books I can't put down" evenings. Tonight was one of those nights. I had been delaying the start of reading "KINGPIN: How one hacker took over the billion-dollar cybercrime underground" not because I thought it would be a book I couldn't put down, but because honestly, I thought I knew the story already.

If you were interested in the hacking scene around the turn of the millenium, you would definitely know the name Max Butler. Max made a name for himself in the IDS world, helping with the earliest days of Snort, and running a database for IDS signatures called arachnIDS. I remember when Max went to jail the first time, chatting with my friend Dan Clemens of PacketNinjas, LLC, who was also into IDS systems and snort in a heavy way, about the arrest. It was troubling to see someone running a website called "" and ending up in jail. The version of the story I thought I knew was that Max had been asked by the Feds to help them patch their systems from the BIND bug that was so popular in 1998-1999, but that Max couldn't resist the urge to
put a back door into the patch.

White Hat Hacker in Court - April 13, 2000 - "Open source hacker "Max Vision" aided the FBI while allegedly cracking the Pentagon."

Max Vision: FBI Pawn? - May 8, 2001 - "FBI agents called him 'the Equalizer': a security expert and confessed hacker who infiltrated the electronic underground to help the Bureau. When he drew the line at bugging a friend, they threw the book at him."

Max Vision Begins 18-Month Term - July 5, 2001 - "Intrusion detection guru joins a growing hacker population in federal stir."

All of those stories are by Kevin Poulsen, who has "owned" this story from the very beginning.

The popular theory at the time was that Max had been sent to DefCon and was only charged with his crimes after refusing to be a snitch for the Feds at DefCon. See for instance this conversation thread from 2001, Max Butler AKA Max Vision-Iceman-Aphex Now Retired.

I've spoken to investigators at extremely large companies who actually used Max Butler to test the security of their systems as a Penetration Tester, only learning later that he was actually stealing from them at the same time!

In addition to remembering the story very well from the "old days," I also know the story as a friend of the NCFTA who has had the chance to meet and work with FBI Special Agent Keith Mularski. Keith's work, announced by the FBI in their October 20, 2008 press release, 'Dark Market' Takedown -- Exclusive Cyber Club for Crooks Exposed lead to the arrest of more than 50 cyber criminals who were in the credit card stealing and trading business. (More details on DarkMarket arrests are available from WIRED: Dark Market ring leader pleads guilty in London.

Like the more recent arrest of Albert Gonzales AKA Segvec Max has a long story of helping the Feds and working against them at the same time. Gonzales was a US Secret Service informant against the ShadowCrew, while simultaneously breaching the Heartland Payments systems, TJX, and many other places.

The difference though, was that while Gonzales was a two-timing crook who was playing the system, Max started off as a troubled soul who wanted desperately to be the hero, but couldn't resist the thrill of the hack.

Like I said, I thought I already knew the story. Reading Kevin's book brought out so many details I couldn't possibly have known though. Kevin did a great job getting into the early life of the characters, and exploring the formation of their personalities and motivations. As Kevin reels out the lives of the characters, its clear to see that there were several types of criminals in the stories. His ability to create a sympathetic protagonist out of a criminal who caused $80 Million in credit card fraud is a feat in itself.

This book belongs on the shelf next to Steven Levy's Hackers. If you haven't read it yet, pick a rainy Saturday and start early in the day, you aren't going to be able to stop until you get to the last page.

Order Kingpin from Amazon

Be sure to read more stories by Kevin at WIRED by following his Author Page at Threat Level and elsewhere.

No comments:

Post a Comment

Trying a new setting. After turning on comments, I got about 20-30 comments per day that were all link spam. Sorry to require login, but the spam was too much.