I love books and one of the books that I remember reading years ago was the book by Tsutomu Shimomura and John Markoff “Takedown: The Pursuit and Capture of Kevin Mitnick, America’s Most Wanted Computer Outlaw-by the Man Who Did It”. This book came out in mid-90’s and as I was already then in software business, I was interested in to learn more about the mindset of hackers and Kevin D. Mitnick was at the time the most known. At the time, I do not remember learning anything about Social Engineering but having read the latest book “Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker” by Kevin Mitnick and William L. Simon, it became obvious to me how vulnerable humans are in revealing secrets to strangers without really thinking too much about it.
This book brings an intriguing perspective to what went on in Mitnick’s life and what makes it even more interesting is to see the other side of the coin and the comments that Mitnick makes about both Tsutomu Shimomura and John Markoff. According to Mitnick, many of the claims that Markoff’s book brings to light are false and it is obvious that Markoff is not one of Mitnick’s favorite friends. Whatever the case, this book brings the dark side of being a fugitive, not being able to spend time with family and having to move continuously from one place to another based on how close the authorities were able to get to him. He describes how bad he felt when he let down his mother and grandmother and the grief he cause to them by continuing on this illegal activity.
The book has lots of detailed examples of the hackings that he did to companies such as Nokia, Motorola, Sun Microsystems etc. The examples of Nokia were especially interesting when he explains how he called Salo product development in Finland and asked a person to send source code by using social engineering tactics. This is something that people do not think about and especially in large organizations where people assume that the request is coming from within the company and not from a hacker that pretends to be something else that he/she really is. The book explains the different tactics that Mitnick used and I think this book should be a required reading for any information system student or person that works within the technology field. It explains that the biggest threats in security might not be coming from weak security systems, but from the weakness of humans working in organizations. Mitnick knew the lingo and used this as a way to convince the other side on the telephone to do what he wanted. This is what social engineering is all about.
When reading the book, Mitnick claims that he was never after money or wanting to cause damage to any organization. He did hacking because of the challenge and I guess boredom. What was also obvious is that his friends that he was hacking with turned out to be not his friends as they became informers to get Mitnick prosecuted. I am not sure why Mitnick decided to spend a big part of this life having to worry about being arrested, but I guess many things in people and our lives can’t be explained. Mitnick also includes other famous hackers in his book such as Kevin Poulsen that spent time in prison and also wrote a book “Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground”
If you want to read about Mitnick’s side of the story, I think this is a good book to get started.