59 of 64 people found the following review helpful
Excellent book on the contemporary face of computer crime,
This review is from: Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground (Hardcover)
I've read and reviewed almost all of the non-fiction computer crime and espionage books written since the 1980s. Kingpin by Kevin Poulsen is one of my favorites. I will recommend this book to fellow digital security professionals and those who would like insights into our world. Kingpin's coverage of Max Ray Butler's (MRB) constant entanglement with the dark side is a lesson for anyone contemplating using their skills for evil.
One of the reasons I enjoyed reading Kingpin is that I've been familiar with the case since 1998. Poulsen described how MRB exploited vulnerable BIND instances on Air Force and other DNS servers that year. I happened to be a captain in the Air Force CERT and worked with the analyst who discovered MRB's exploitation of Air Force name servers.
Because of my familiarity with this case (limited though it may be), I identified more than one instance where Poulsen seemed to take what I consider to be an unnecessarily "sympathetic" or "understanding" approach to MRB's actions. For example, if MRB acted in the best interest of the Air Force by exploiting and then patching DNS servers, he didn't need to leave a rootkit behind. Worse, he didn't need to return to the compromised systems via his rootkit and backdoor once his "work" was done. Poulsen didn't question MRB's stated motives by presenting a more reasonable explanation for this activity: MRB was a black hat and acted like one.
I noted more "sympathy" for MRB when Poulsen described the incident where MRB choked his girlfriend. Instead of saying MRB "choked his girlfriend," Poulsen wrote on p 11 that "Max began trembling. Then his hands were around her throat and he was pushing her down onto the mattress." This sort of language is disturbing beyond the event itself, because it seems to reveal too much bias.
Once readers recognize this aspect of the book, however, I believe they will still like reading it. Poulsen has a real knack for covering technology and security news and events. I only noticed one odd observation on p 6: Poulsen wrote about the year 1990 and said "the Internet was seven years old then." I think he meant that TCP/IP was seven years old in 1990, having been invented in 1983. Otherwise, I found Poulsen's descriptions of MRB's various exploits to be accurate and intriguing.
If you're interested in a great true story on modern cybercrime, take a look at Kingpin. I finished the book in about two sittings and read every word! I hope Poulsen decides to tackle other aspects of the digital underground in future books.
Sort: Oldest first | Newest first
Showing 1-3 of 3 posts in this discussion
Initial post: Apr 2, 2011 5:43:45 PM PDT
Allie D. says:
I read the book and although I think Poulsen was more sympathetic/admiring than I would be, since I found MRB to be deeply pathological in his need to keep hacking (and I predict once he gets out he will once again be drawn to a life of crime)...I don't think he was too soft on MRB when talking about the backdoor he left when patching a security hole. From a lay person who is computer-literate but knows almost nothing about the world of hacking, he laid out MRB's actions and motivations in a way that allowed me to draw the clear conclusion that what he had done was ethically wrong, and was based in his own compulsion to do forbidden things just because he could. Yeah, he did go light on him when talking about his assault on his girlfriend... I half suspected this to be the story about a guy who couldn't take it when women left him, and ended up killing one of them. But apparently as he aged, MRB was at least able to control THAT side of himself!
Posted on Apr 4, 2011 11:14:58 PM PDT
Last edited by the author on Apr 4, 2011 11:15:26 PM PDT
Thanks for a great set of comment on the book.
It's a minor nit, but Vinton Cerf published the initial RFC (http://tools.ietf.org/html/rfc675) for TCP in Dec 1974, followed by RFC's 791, 792, and 793 between 1978 and 1980, so one could argue that TCP/IP is older than 1983. In 1982 it became the standard for the US military and in 1983 become the official single standard protocol for the ARPA net, so that is probably what you are referring to.
The birth date of the Internet is pretty fuzzy. Other networks (e.g CSNet) began to be interconnected with the ARPAnet around the same time, so perhaps we should let his statement stand.
Posted on Jan 6, 2012 1:22:15 AM PST
Disc Jaukey says:
This review has a bias in favor of authority and against transparency in government, obviously being a supporter of the Air Force and the military in general. He takes care to put a difference between "black hat" and "white hat" while from a hackers' (purist) point of view - the desire to hack is an innate instinct to solve problems and conquer, not to distinguish between right and wrong based on a socialized view of "right and wrong." Having known nothing about the reality of the "choking girlfriend" criminal justice case or having any real-life sympathy, this reviewer also chooses to judge MRB and the author's interpretation on his case of the assault of his girlfriend. This reviewer, coming from a middle-aged standpoint, likely fails to realize the hormonal extremes of high school and early college. MRB was diagnosed with bipolar disorder, and a boy's "first love" is always the hardest to deal with emotionally, especially as the one being dumped. This is an interesting review, but comes from a conservative standpoint.
‹ Previous 1 Next ›