March 19, 2011
By BRYAN BURROUGH
FOR sheer entertainment purposes, one of the best subgenres of business books has been the computer-hacker narrative, the kind of technological detective story found in books like “Takedown,” by Tsutomu Shimomura with John Markoff (1996), and my personal favorite, “The Cuckoo’s Egg,” by Clifford Stoll (1989). When done well, these books do what the best business stories do: take readers into strange new worlds to learn strange new things, and not have it taste like cough syrup.
It’s been a while since I’ve picked up a memorable hacker book. A new one crossed my desk recently, “Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground,” by Kevin Poulsen, a senior editor at Wired magazine (Crown Publishers, $25). It tells the story of a gangly 6-foot-5 San Francisco hacker named Max Butler, known online as Max Vision, among his many noms de chat room, and, on its face, it’s a pretty good yarn. No, Mr. Butler didn’t actually take over the “cybercrime underground.” That’s standard publishing hyperbole, something that irritates me to no end. What he did do, though, is almost as amazing.
Back in the 1990s, Mr. Butler was a troubled high school student outside Boise, Idaho. He was found to be bipolar, and was sentenced to jail for attempting to choke his girlfriend when she tried to leave him. Migrating to the Bay Area upon his release, he found work as a “white hat” computer consultant, testing corporate systems for security gaps, and moonlighting as an informer for the Federal Bureau of Investigation. As hackers go, he was exceedingly skilled, though his moral compass swung madly. One day, he was helping the F.B.I.; the next he was illegally hacking into a major bank.
When the F.B.I. learned of his dark side, it threw the book at him, leading to a second term behind bars, in a California minimum-security prison. While inside, Mr. Butler met an Orange County con man, and once they were released they joined forces. Mr. Butler bought stolen credit card numbers online; his confederate imprinted them onto blank cards, then bought merchandise he sold on eBay. It was lucrative, if small time.
In the early 2000s, computer crime was on the rise. Cybercriminals grew so bold that they formed two online clearinghouses that served their every need, offering online tutorials, want ads and a store that sold virtually anything that could be procured illegally online, including credit card numbers — the mainstay — and hacking tools.
The first of these Web sites served the growing Russian and Eastern European hacking world; a second duplicated these services for their Western brethren. To make a long story short, it took a few years, but the F.B.I. and its overseas counterparts cracked down. One site was shut. Another closed under pressure.
Here’s where Mr. Butler comes in. A half-dozen sites popped up to replace the lost ones. Mr. Butler, now calling himself Iceman, ran one named Carders Market out of a cramped apartment in downtown San Francisco. When he tired of his competition, he hatched a jaw-dropping ploy to best them. He found a way to hack into all five of the competing sites. Then, in one daring checkmate, he not only wiped clean each of their databases, but also herded almost all their customers to Carders Market.
The scheme wasn’t perfect — one site limped back to life. And while Mr. Butler didn’t “take over” cybercrime, for a while the scheme did make him a very big name in the online underworld. Until, of course, the F.B.I., in the person of a Pittsburgh agent who went undercover online, sniffed out what had happened and took him down. Mr. Butler is now in federal prison for wire fraud and identity theft.
“Kingpin” rises to the challenge of books like “Cuckoo’s Egg” — which describes efforts to track down the person who hacked the Lawrence Berkeley National Laboratory — but doesn’t quite reach the same class. The author, Mr. Poulsen, has the technical command expected from a Wired editor. He can kick around techno-acronyms like hacky sacks, and most of the time I actually understood what was happening.
He is especially adept at conjuring a world that very few will ever hope to understand. The notion of cybercrime is something that most of us know as some vague and vaguely Russian-dominated thing, but Mr. Poulsen sketches in history, major cases and context to make it all sharp and clear. He had me laughing a time or two at the sheer brazenness of the schemes. One hacker site called itself the International Association of Criminal Activity. Another took the name Theft Services. You gotta love these guys.
IF the author is expert at the gadgets, however, he’s not as good with the people. Mr. Butler cooperated with the book, yet he never comes alive as a character, and neither do his confederates. Mr. Butler’s internal life remains opaque, which is a shame, because a reader would love to enter this man’s head.
One character who gave the author much information, the undercover F.B.I. agent, comes across in the book as bland as can be; he trolls hacker chat rooms while watching “Saturday Night Live.” “Kingpin” thus lacks the crucial human element that “Cuckoo’s Egg” and other good hacker narratives used so artfully.
That said, the book remains a brisk and entertaining tale. Mr. Poulsen’s prose is fat-free, largely devoid of padding and wandering tangents. About the only writing flaw is an occasional tendency to lapse into groovy slang. Here a con man doesn’t steal money; he is “looking to scam zeros.” His proceeds are not cash; they are “serious bank.” It’s a small thing, and unlikely to divert you, but a serious book doesn’t deserve “serious bank.”
More in Business Day (1 of 26 articles)
DealBook: AT&T to Buy T-Mobile USA for $39 Billion
Read More »
Close
No comments:
Post a Comment