InfoSec Reviews – Kingpin

Book Title: Kingpin

Subtitle: How One Hacker Took Over the Billion-Dollar Cybercrime Underground

Author: Kevin Poulsen

Publisher: Crown Publishing Group

Date of Publishing: 22/02/2011

ISBN(13): 978-0307588685

Price (UK&US price – full price, not discounted price): £15.44,   $25.00

URL of Publisher Site: www.randomhouse.com

URL of Amazon UK web page: Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground

URL of Amazon US web page: Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground

Kingpin is a security book with a difference. Written by senior Wired Magazine editor and ‘Threat Level’ blogger, Kevin Poulsen, this is the true story of the rise to criminal superpower of expert hacker, Max Butler, who single handedly enacted the most audacious hostile takeover of any criminal gang on the planet. However, this is not just a book on computer security; this book will appeal to anyone who enjoys a decent thriller – in fact, Poulsen’s style of writing makes this tale more exciting than most of the Clancy and Ludlum books I’ve read over the past 10 years. Kingpin reads like a novel, using plot-enriching devices, such as cliffhangers and subplots to keep the reader interested, however, what’s brilliant is the way Poulsen doesn’t skimp on the technical detail. The hacks Butler used to gain access to credit card payment systems and rival gangs’ servers, such as zero-day exploits and SQL injection attacks, are explained at code-level, but in a way that makes them accessible to the layman. In fact, I’d go as far as to say that I’d happily pass this book on to my father, knowing full well that he’d understand all of it and come away feeling like he’s just watched the latest Hollywood blockbuster. The premise of Kingpin is simple. It’s the story of a disenfranchised computer programming expert who gets victimized by the Federal government in the US for hacking computer systems, even though his intentions were in the main (at least in the beginning) noble and honest. As a result, this incredibly intelligent computer genius takes a new path in life where he slowly spirals down into the depths of the criminal underworld, pitting his wits on one side against the most dangerous criminal gangs in Cyberspace, while on the other side he’s fending off the FBI’s crack cybercrime unit.The story starts where all good stories should, right at the beginning. It paints a picture of Butler’s youth, elucidating the underlying obsessive nature that fuels him to do what he does and become what he becomes. This early part of the tale shows his contempt for authority as a rebellious teenager, illustrating well the strength of his character and obsessive nature of his relationships. Poulsen does a good job in these early chapters of getting us to like Butler and in a way understand him better; let’s face it we’ve all had a buddy or two over the years with some of these traits. In a way what’s sad about this story is that it shows how Butler tried on numerous occasions to get away from cybercrime and into ‘white-hat’ work, where he could be a force for good in the computer security world. It almost seems that the fact he was so good at discovering security vulnerabilities, and as a result was persecuted by the US government, that he was driven to crime like some kind of alienated superhero (or at least that’s the way Poulsen has written it). The fun real starts halfway through the book when FBI agent, J. Keith Mularski, signs up to the CarderPortal as Master Splyntr (yes, that’s right, the old dude from Teenage Mutant Ninja Turtles), and starts the long slow attack to infiltrate the fraudulent credit card underworld. From here the chase really begins. I’m not going to give much more of the plot away since it’s such a gripping read it would be a disservice to both you guys and the author to give away any spoilers, however, the highlight for me of the whole book is Chapter 25 which describes in detail the ‘Hostile Takeover’ Butler inflicts on the entire global identify fraud underground. Poulsen goes into detail about Butler’s use of clever SQL Injection attacks to take over the other carders’ servers, rendering them inoperable, yet at the same time recreating all the user accounts from these other systems on his own. The impact was huge, summed up by, “Ten thousand criminals around the world, me with six-figure deals in the works; wives, children, and mistresses to support; cops to buy off; mortgages to pay; debts to satisfy; and orders to fill, were, in an instant, blind. Adrift. Losing Money.” Butler then mas-emailed the entire underground through his own newly populated (and hardened) site, and the dawn of a new era in identity fraud had begun. This really is a great book and credit to Poulsen for making it such fun as his skill in getting the readers to empathize with the genius antihero, Max Butler. It’s a sad indictment on the federal government that they can’t embrace these sort of likable rogues and make use of them in a way that is less corrupt.

Two words complete this review and sum up my feelings for this read… BUY IT.

Kingpin is an exciting, hardcode techno-thriller that takes the reader right to the heart of the identify theft and credit card cloning underworld. If you are a security expert, or a layman interested in this aspect of cybercrime, this is the book for you. The author, Kevin Poulsen, provides expert descriptions of Max Butler’s (a.k.a. Max Vision) hacking exploits, written in such a way as to make the detail consumable to the layman. This is one security book that will appeal to geeks and lovers of thrillers alike and has the potential to make a great movie.

Marks: 5 out of 5

*****