What do you think?
Rate this book
Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground
Goodreads Choice Award
Nominee for Readers' Favorite Nonfiction (2011)Former hacker Kevin Poulsen has, over the past decade, built a reputation as one of the top investigative reporters on the cybercrime beat. In Kingpin, he pours his unmatched access and expertise into book form for the first time, delivering a gripping cat-and-mouse narrative—and an unprecedented view into the twenty-first century’s signature form of organized crime. The word spread through the hacking underground like some unstoppable new Someone—some brilliant, audacious crook—had just staged a hostile takeover of an online criminal network that siphoned billions of dollars from the US economy. The FBI rushed to launch an ambitious undercover operation aimed at tracking down this new kingpin; other agencies around the world deployed dozens of moles and double agents. Together, the cybercops lured numerous unsuspecting hackers into their clutches. . . . Yet at every turn, their main quarry displayed an uncanny ability to sniff out their snitches and see through their plots. The culprit they sought was the most unlikely of a brilliant programmer with a hippie ethic and a supervillain’s double identity. As prominent “white-hat” hacker Max “Vision” Butler, he was a celebrity throughout the programming world, even serving as a consultant to the FBI. But as the black-hat “Iceman,” he found in the world of data theft an irresistible opportunity to test his outsized abilities. He infiltrated thousands of computers around the country, sucking down millions of credit card numbers at will. He effortlessly hacked his fellow hackers, stealing their ill-gotten gains from under their noses. Together with a smooth-talking con artist, he ran a massive real-world crime ring. And for years, he did it all with seeming impunity, even as countless rivals ran afoul of police. Yet as he watched the fraudsters around him squabble, their ranks riddled with infiltrators, their methods inefficient, he began to see in their dysfunction the ultimate He would stage his coup and fix what was broken, run things as they should be run—even if it meant painting a bull’s-eye on his forehead. Through the story of this criminal’s remarkable rise, and of law enforcement’s quest to track him down, Kingpin lays bare the workings of a silent crime wave still affecting millions of Americans. In these pages, we are ushered into vast online-fraud supermarkets stocked with credit card numbers, counterfeit checks, hacked bank accounts, dead drops, and fake passports. We learn the workings of the numerous hacks—browser exploits, phishing attacks, Trojan horses, and much more—these fraudsters use to ply their trade, and trace the complex routes by which they turn stolen data into millions of dollars. And thanks to Poulsen’s remarkable access to both cops and criminals, we step inside the quiet, desperate arms race that law enforcement continues to fight with these scammers today. Ultimately, Kingpin is a journey into an underworld of startling scope and power, one in which ordinary American teenagers work hand in hand with murderous Russian mobsters and where a simple Wi-Fi connection can unleash a torrent of gold worth millions.
432 pages, Kindle Edition
First published February 22, 2011
324 people are currently reading
9695 people want to read
About the author
Kevin Poulsen
6 books91 followersMr. Poulson is a former hacker turned technology journalist, focusing on computer security.
From Wikipedia:
"Poulsen has reinvented himself as a journalist since his release from prison, and sought to distance himself from his criminal past.
Poulsen served in a number of journalistic capacities at California-based security research firm SecurityFocus, where he began writing security and hacking news in early 2000.
Despite a late arrival to a market saturated with technology media, SecurityFocus News became a well-known name in the tech news world during Poulsen's tenure with the company and was acquired by Symantec.
His original investigative reporting was frequently picked up by the mainstream press. Poulsen left SecurityFocus in 2005 to freelance and pursue independent writing projects.
He became a senior editor for Wired News in June 2005, which hosts his recent (as of 2006) blog, 27BStroke6 which has since been renamed Threat Level."
From Wikipedia:
"Poulsen has reinvented himself as a journalist since his release from prison, and sought to distance himself from his criminal past.
Poulsen served in a number of journalistic capacities at California-based security research firm SecurityFocus, where he began writing security and hacking news in early 2000.
Despite a late arrival to a market saturated with technology media, SecurityFocus News became a well-known name in the tech news world during Poulsen's tenure with the company and was acquired by Symantec.
His original investigative reporting was frequently picked up by the mainstream press. Poulsen left SecurityFocus in 2005 to freelance and pursue independent writing projects.
He became a senior editor for Wired News in June 2005, which hosts his recent (as of 2006) blog, 27BStroke6 which has since been renamed Threat Level."
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 30 of 451 reviews
August 14, 2014
Executive Summary: A fascinating and terrifying look at the darker underbelly of the internet and identity theft.
Full Review
I consider myself fairly knowledgeable about computers and the internet. Computer Security has never really been my thing though. Yet for whatever reason I find reading books about computer crime fascinating.
This book is no different. Kevin Poulsen has turned himself from one-time hacker into a leader in covering computer security. I occasionally read some of his articles on Wired. I like getting the take of someone whose been there before on things. It seems like he's good about not just presenting the facts, but the reasons behind them. He really gets into Max Butler's head a little and presents a more complete picture than you might get from a different author.
I had read a little here and there about carding over the years, and I had vague recollections about the Dark Market, but I never really knew any of the details behind that bust. When comparing law enforcement in this book to that of The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage it's like night and day. Of course 20 years have passed, but they really had some clever approaches to tracking and eventually capturing some big players in the cyber crime world.
It's scary to learn just how easy it was and continues to be for people to steal your credit card information, and that the credit industry in the US refuses to change magnetic strips simply because of the upfront cost to replace the machines is so high they prefer to deal with the cost associated with the theft instead. I don't know what it will take to finally force a change, but meanwhile innocent consumers continue to have their lives upended by it.
I didn't find this book too technical, though given my background, I'm usually a bad judge of these things. I think anyone who understands the basics of the internet would be able to follow along. It's really more a character study of Max Butler and others than it is a detailed account of how he did it.
Overall another fascinating read.
Full Review
I consider myself fairly knowledgeable about computers and the internet. Computer Security has never really been my thing though. Yet for whatever reason I find reading books about computer crime fascinating.
This book is no different. Kevin Poulsen has turned himself from one-time hacker into a leader in covering computer security. I occasionally read some of his articles on Wired. I like getting the take of someone whose been there before on things. It seems like he's good about not just presenting the facts, but the reasons behind them. He really gets into Max Butler's head a little and presents a more complete picture than you might get from a different author.
I had read a little here and there about carding over the years, and I had vague recollections about the Dark Market, but I never really knew any of the details behind that bust. When comparing law enforcement in this book to that of The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage it's like night and day. Of course 20 years have passed, but they really had some clever approaches to tracking and eventually capturing some big players in the cyber crime world.
It's scary to learn just how easy it was and continues to be for people to steal your credit card information, and that the credit industry in the US refuses to change magnetic strips simply because of the upfront cost to replace the machines is so high they prefer to deal with the cost associated with the theft instead. I don't know what it will take to finally force a change, but meanwhile innocent consumers continue to have their lives upended by it.
I didn't find this book too technical, though given my background, I'm usually a bad judge of these things. I think anyone who understands the basics of the internet would be able to follow along. It's really more a character study of Max Butler and others than it is a detailed account of how he did it.
Overall another fascinating read.
September 1, 2023
В книге рассказывается, как из обычного гика молодой парень превратился в матерого преступника(давайте называть вещи своими именами) в сфере компьютерных систем.
Это относительно новый тип преступника, сейчас их пруд пруди, и Макс о котором идет речь в книге, лишь один из них. Отличительная черта этого типа преступников - то что они неглупые, и вполне могли бы реализовать себя в легальных видах деятельности, но по тем или иным причинам они выбрали путь криминала. Как так получается? Об этом и рассказывает книга.
На мой взгляд, история Макса скорее грустная, нежели поучительная. Но по мере развития событий на полях книги описывается: развитие технологий, становление преступного сообщества, его взаимодействие с правоохранительными органами, и собственно методы работы правоохранительных органов.
Я неоднократно задавался вопросом, на чей стороне сам автор книги? Он очень старается казаться непредвзятым, но по тому, как он пытается описать Макса как некого заигравшегося ребенка, автор все-таки на стороне Макса.
Что касается правоохранительных органов, несмотря на беспристрастность автора, фразы типа: "через две недели в турецкой тюрьме, он выдавил из себя двадцати семи символьный пароль", не должны ни кого вводить в заблуждение.
С точки зрения технологий, книга безнадежно устарела после откровений Эдварда, но из нее все равно можно почерпнуть множество исторических деталей.
Книга на полные пять звезд. "Must read" для всех причастных.
Это относительно новый тип преступника, сейчас их пруд пруди, и Макс о котором идет речь в книге, лишь один из них. Отличительная черта этого типа преступников - то что они неглупые, и вполне могли бы реализовать себя в легальных видах деятельности, но по тем или иным причинам они выбрали путь криминала. Как так получается? Об этом и рассказывает книга.
На мой взгляд, история Макса скорее грустная, нежели поучительная. Но по мере развития событий на полях книги описывается: развитие технологий, становление преступного сообщества, его взаимодействие с правоохранительными органами, и собственно методы работы правоохранительных органов.
Я неоднократно задавался вопросом, на чей стороне сам автор книги? Он очень старается казаться непредвзятым, но по тому, как он пытается описать Макса как некого заигравшегося ребенка, автор все-таки на стороне Макса.
Что касается правоохранительных органов, несмотря на беспристрастность автора, фразы типа: "через две недели в турецкой тюрьме, он выдавил из себя двадцати семи символьный пароль", не должны ни кого вводить в заблуждение.
С точки зрения технологий, книга безнадежно устарела после откровений Эдварда, но из нее все равно можно почерпнуть множество исторических деталей.
Книга на полные пять звезд. "Must read" для всех причастных.
April 5, 2011
still too pissed off about my lost hour reviewing Hitch-22 to properly write; suffice to say that this is the best true hax0r crime book written as of April 2011 -- yes, i have read them all (previous title holder: The Hacker Crackdown. it pleases me to no longer need praise anything by confirmed mountebank Bruce Sterling, though he's been replaced by charlatan Kevin Poulsen....whom I think I must reassess).
so much nostalgia. i knew two characters, peripheral but named, personally, and half-expected to see my first, favorite and most successful startup mentioned on any page. poulsen gets it all right (ahh, the MSR206, how many lives did you change for better and worse?), from details historial to cultural to psychological. great book, save that game time's no more than about one hour.
---------
http://garwarner.blogspot.com/2011/03... very solid review here, and i dig poulsen's "THREAT LEVEL" blog on wired. it's always amusing if nothing else. poulsen might be a big douchebag (see The Fugitive Game), but he did give us this awesomeness:
so much nostalgia. i knew two characters, peripheral but named, personally, and half-expected to see my first, favorite and most successful startup mentioned on any page. poulsen gets it all right (ahh, the MSR206, how many lives did you change for better and worse?), from details historial to cultural to psychological. great book, save that game time's no more than about one hour.
---------
http://garwarner.blogspot.com/2011/03... very solid review here, and i dig poulsen's "THREAT LEVEL" blog on wired. it's always amusing if nothing else. poulsen might be a big douchebag (see The Fugitive Game), but he did give us this awesomeness:
February 22, 2016
This would be 3.5 Stars.
Although I really enjoyed the book, they seemed to have over simplified some things.
I'm not sure if it was the narrator or the biography form of the book, but the way it was told didn't quite grab and keep my attention, I found myself drifting away a lot.
Some things getting explained in the book like the Bind hack that didn't have a checksum and you could append extra bytes to the end of you post to run code, and the way they explained SQL injection was really well written. Short paragraphs explaining the just of the technicalities.
It was interesting to see that it doesn't really matter how secure/safe you try be with your own cards, the bridge in security will most likely not happen on your side, or with your online usage.
Some of the hacking also seemed over simplified, although some of the initial phases of security probably was that easy to compromise.
I liked some of the white-hat initiatives of warning people about security loop holes before publishing it.
This book really makes you think whether you are doing enough to safeguard your own data, and keeping up to date with security.
All in all a worth while read.
Although I really enjoyed the book, they seemed to have over simplified some things.
I'm not sure if it was the narrator or the biography form of the book, but the way it was told didn't quite grab and keep my attention, I found myself drifting away a lot.
Some things getting explained in the book like the Bind hack that didn't have a checksum and you could append extra bytes to the end of you post to run code, and the way they explained SQL injection was really well written. Short paragraphs explaining the just of the technicalities.
It was interesting to see that it doesn't really matter how secure/safe you try be with your own cards, the bridge in security will most likely not happen on your side, or with your online usage.
Some of the hacking also seemed over simplified, although some of the initial phases of security probably was that easy to compromise.
I liked some of the white-hat initiatives of warning people about security loop holes before publishing it.
This book really makes you think whether you are doing enough to safeguard your own data, and keeping up to date with security.
All in all a worth while read.
May 11, 2011
Poulsen’s name may be familiar to those who follow cyber-crime. He was a notorious hacker in his own right before serving time and emerging a WIRED correspondent. He knows the sub-culture of hacking, and that really makes this story feel “inside.” This is not the most “active” story, but it is one, like SOCIAL NETWORK, that takes us inside the minds of some brilliant people; introduces us to an intriguing world; and plays out cops and robbers in an entirely new way. And in a time of wikileaks, the story is totally current.
Read
January 6, 2013Inside look at the cybercrime underworld, specifically carders (people who steal credit card information). Book is really well written and hard to put down, and additionally it actually manages to cover the technical parts in enough detail to be interesting without being boring. Book follows the life of Max Burton and how he came to rule the carding world. Interestingly, he started out with light stuff, got in trouble, and went white hat for a while. But when the FBI wanted him to inform on one of his friends, he refused and got put in the slammer. It was there that he turned black hat once more, and once out of jail started getting into carding.
It was surprising how technically inept the supposed other hackers who made up the carding population were. Most were running skimming operations (stealing magstripe data by literally swiping cards, usually with an inside person at a restaurant), but otherwise were not skilled at computers. Max was able to easily hack those people and steal their card information before they could resell it. Even the guys who were running the carding forums where all these people met were no better. After Max was able to hack into some of their computers/accounts, it was pretty easy for him to take over their forums as well. In fact, of all the characters in the book, only a couple of people, Max included, actually sounded like they could legitimately break into other peoples computers.
It was also pretty alarming how widespread this kind of crime seems. There are break-ins and thefts of credit card data all the time. The people who buy the stolen credit card information then buy lots of goods at stores, and resell them on eBay in order to make a profit. Their favorite items are things like expensive handbags and electronics - basically big ticket items. So now I wonder how many outrageous deals I see on Craigslist or eBay are actually just carded goods. It’s also sad how many break-ins and thefts of credit card data happen. Most of it is just due to how poorly secured most corporations are (even some big ones), that once you break into their corporate network (and many have B&M branches that are wired into that network) it’s possible to steal credit card data. I guess it’s just insane to me that they have credit card data in the clear, stored on their network. That should never happen.
But it was due to poor security practices that Max was able to find most of his card data. The main exploit the book details is how small restaurants like pizza places, who really can’t afford to hire anyone technical, use a POS that stores credit card information accumulated during the day, and waits to transmit it all at night to the processing center. The full magstripe data is stored in the clear in text files on those computers. Many of them also do not delete old text files after they’re no longer needed. Max was able to find and break into these computers, giving him lots of fresh card information. Part of the exploit detailed was a VNC vulnerability that sounds so silly it’s hard to believe anyone could be so incompetent to actually have implemented it. Basically, the handshake between a VNC server and client involves the server telling the client what protocols it wants, and the client picking one of those protocols to actually use. However, the implementation used on most of the POS’s (VNC was installed to allow remote administration) didn’t check that the protocol the client passed back was actually on its list of accepted protocols. Therefore, you could hack a client to pass back protocol 1, which requires no authentication, and the server would gladly open a password-less connection.
One other thing from the book that stood out to me was how vulnerable client machines are to being hacked. There were multiple exploits detailed in the book, mostly on old Windows software, that would allow an attacker to take control of a machine, and all that was required was that it visit a compromised webpage.
There are lots more details in the book about Max’s multiple identities, different vulnerabilities, and just loads more detail, but it’d be too much to try and capture here. Needless to say, this was an easy read and a really enjoyable book.
It was surprising how technically inept the supposed other hackers who made up the carding population were. Most were running skimming operations (stealing magstripe data by literally swiping cards, usually with an inside person at a restaurant), but otherwise were not skilled at computers. Max was able to easily hack those people and steal their card information before they could resell it. Even the guys who were running the carding forums where all these people met were no better. After Max was able to hack into some of their computers/accounts, it was pretty easy for him to take over their forums as well. In fact, of all the characters in the book, only a couple of people, Max included, actually sounded like they could legitimately break into other peoples computers.
It was also pretty alarming how widespread this kind of crime seems. There are break-ins and thefts of credit card data all the time. The people who buy the stolen credit card information then buy lots of goods at stores, and resell them on eBay in order to make a profit. Their favorite items are things like expensive handbags and electronics - basically big ticket items. So now I wonder how many outrageous deals I see on Craigslist or eBay are actually just carded goods. It’s also sad how many break-ins and thefts of credit card data happen. Most of it is just due to how poorly secured most corporations are (even some big ones), that once you break into their corporate network (and many have B&M branches that are wired into that network) it’s possible to steal credit card data. I guess it’s just insane to me that they have credit card data in the clear, stored on their network. That should never happen.
But it was due to poor security practices that Max was able to find most of his card data. The main exploit the book details is how small restaurants like pizza places, who really can’t afford to hire anyone technical, use a POS that stores credit card information accumulated during the day, and waits to transmit it all at night to the processing center. The full magstripe data is stored in the clear in text files on those computers. Many of them also do not delete old text files after they’re no longer needed. Max was able to find and break into these computers, giving him lots of fresh card information. Part of the exploit detailed was a VNC vulnerability that sounds so silly it’s hard to believe anyone could be so incompetent to actually have implemented it. Basically, the handshake between a VNC server and client involves the server telling the client what protocols it wants, and the client picking one of those protocols to actually use. However, the implementation used on most of the POS’s (VNC was installed to allow remote administration) didn’t check that the protocol the client passed back was actually on its list of accepted protocols. Therefore, you could hack a client to pass back protocol 1, which requires no authentication, and the server would gladly open a password-less connection.
One other thing from the book that stood out to me was how vulnerable client machines are to being hacked. There were multiple exploits detailed in the book, mostly on old Windows software, that would allow an attacker to take control of a machine, and all that was required was that it visit a compromised webpage.
There are lots more details in the book about Max’s multiple identities, different vulnerabilities, and just loads more detail, but it’d be too much to try and capture here. Needless to say, this was an easy read and a really enjoyable book.
May 11, 2011
4 stars for its descriptions of how hackers work, and of the techniques they use -- this book explains what SQL injection is, for instance, and manages to do it in just a couple of extremely clear paragraphs. Really a marvelous achievement from that perspective.
But as a psychological portrait of a hacker, I don't think it achieves the heights it's aiming for. I can relate to some of the obsessive traits that seem to have driven Max. But I don't understand them any better for having read this.
But as a psychological portrait of a hacker, I don't think it achieves the heights it's aiming for. I can relate to some of the obsessive traits that seem to have driven Max. But I don't understand them any better for having read this.
January 31, 2015
This book is a fascinating chronicle of the rise, fall, rise, fall, rise, and then final fall of hacker Max Vision. Even though this book is a true account of Max's exploits, it reads like a fictional story in large parts. It's just riveting stuff to learn how Max moved from being a young punk hacker, to running massive identity and credit card theft schemes. Poulsen's writing is very clear and easy to follow. He isn't trying to be Truman Copete here, he's just relaying the story as he knows it, with very little in the way of sprucing up. I appreciated that.
December 31, 2015
Good read. Gives you insight into how fragile the swipe system of credit cards is. The USA was the only country left using it - because the cost of changing the system his higher than the losses in fraud. Thank you American banks - please may I have another. The US has finally moved to chip and sign. Hopefully, they will move to chip and pin soon to help further protect its citizens from identity and financial theft. Then again - the US is still on Imperial measurements...
June 13, 2018
This was a real compulsive non-stop read for me. I am fascinated by computer geeky stuff to begin with. However, Kevin Poulsen's writing is pretty smooth. The book focuses on the exploits of ace-hacker Max Vision. After serving nine years in prison, Max will be getting out just before Christmas 2018, which is right around the corner. Now maybe he's already out now. I don't know. But that was what I read in the book.
My opinion is that all these hackers have pretty much destroyed the Internet, which many claim to love, with their dirty deals and dirty tricks. Why they think they are being so cute certainly beats me. Computers and the Internet offered me a great time working on database development projects all over the US and the UK. Now I build websites for fun and write books, all thanks to computers and the Internet. Otherwise, I have no idea what I would have been doing. Probably nothing good.
This book should be a real eye-opener for those who don't understand the extent to which the Internet has been corrupted. Most recently, Net Neutrality has gone down the tubes. Policing and use restrictions will become the future and folks will gripe and complain about that.
Thank a hacker! What a shame and waste of talent and perseverance, just to show the world that you are a smart-ass.
My opinion is that all these hackers have pretty much destroyed the Internet, which many claim to love, with their dirty deals and dirty tricks. Why they think they are being so cute certainly beats me. Computers and the Internet offered me a great time working on database development projects all over the US and the UK. Now I build websites for fun and write books, all thanks to computers and the Internet. Otherwise, I have no idea what I would have been doing. Probably nothing good.
This book should be a real eye-opener for those who don't understand the extent to which the Internet has been corrupted. Most recently, Net Neutrality has gone down the tubes. Policing and use restrictions will become the future and folks will gripe and complain about that.
Thank a hacker! What a shame and waste of talent and perseverance, just to show the world that you are a smart-ass.
June 6, 2019
Unlike the "Kingpin" about Silk Road (by a different author), this is the book that I can recommend.
Yes, it is fictionalized, but fictionalization is not in-your-face, the author does not supply tons of dialogues or monologues to "help build the character", and best of all - book is decently sourced and comes with per-chapter references.
Yes, it does not go deep into technical details, but technical details are there - "zero-day RealVNC exploit" will be called just that, and there would be a reference to read more if you like.
Maybe this is just nostalgia - I've heard names and saw sites mentioned here back when it all happened - but I enjoyed the book.
Yes, it is fictionalized, but fictionalization is not in-your-face, the author does not supply tons of dialogues or monologues to "help build the character", and best of all - book is decently sourced and comes with per-chapter references.
Yes, it does not go deep into technical details, but technical details are there - "zero-day RealVNC exploit" will be called just that, and there would be a reference to read more if you like.
Maybe this is just nostalgia - I've heard names and saw sites mentioned here back when it all happened - but I enjoyed the book.
January 6, 2022
Well written, with accessible explanations of technical concepts (SQL injection was described especially well) but this was hard to get into. I like hacker narratives when the protagonist is antiauthority and mischievous but still has a moral code, and Max wasn’t someone I was rooting for. I enjoyed Kevin Mitnick’s book a lot more
October 2, 2018
Great account of some of the carder underground, big carder sites, and scene drama. Particularly good because the author is from the underground and is now a journalist. Interesting too since I know a lot of the people and sites/systems involved.
October 8, 2021
Fascinating view into early online cyber crime, the world of credit cards scammers, and the feds who stalk them.
There’s a great balance of not pulling technical punches with things like encryption, but also not getting bogged down with overly technical details.
Entertaining and informative read.
There’s a great balance of not pulling technical punches with things like encryption, but also not getting bogged down with overly technical details.
Entertaining and informative read.
November 9, 2018
This is a quick read and it is really interesting to follow this guys story. Max Vision is fascinating to learn about, but equally interesting is learning about this huge intricate story that took place in our lives that we never knew anything about. I learned a ton about internet security through this book. It is a quick and interesting read.
June 21, 2023
I don't know much about computers or computer security but I was drawn into this investigation. Max Vision's story on how he went from young hacker into the mastermind of running an identity theft scheme blew my mind. It was scary to read about the hacking culture and how they are constantly evolving to obtain our private information.
June 6, 2020
This is an interesting story about Max Butler (aka Max Vision), a black-hat (and formerly white-hat) hacker that executed one of the largest scale magnetic strip ('magstrip') credit-card hacks in history, siphoning thousands of credit cards into their illegal pool to be sold/used in the dark web. The exploits found on magstrips is the main reason why all American credit cards transitioned over to the cryptographic chip technology now being used today.
The book has a feel of a "Catch Me if You Can", we get a a bit of Max's background in Idaho in the early/mid-90s, where he also attended college before being kicked out, his move to the west coast, leading to his work as a white-hat, and his eventual turn into black-hat. Not much of the technical details is really mentioned here, though it seems Max did not do much social-engineering (a la Mitnick) and focused more on understanding holes in the system via his superior detail-orientation around the backed processes. The one exploit that is mentioned by name later in the book is the SQL-injection exploit, which has to do with a subtle change in the SQL script which allowed one to pull all of a table with a request, including potentially parts of the schema that housed private elements and/or provide data beyond the current user's scope-limits.
The book really gets interesting when Max starts to construct the "Carders Market" a forum/marketplace people used to exchange the hacked card information. Stereotypical to the scene at this time, Vision's eco-system involved significant amount of eastern European connections, though less directly connected to ordinary organized crime at this point (the book suggest that "the scene" has become far more violent/traditional since this era though, as the volume of money being pushed via these channels has increased).
It is around this time that the book transitions to the cat/mouse game between Max and his secret service / FBI pursuers, finally being caught after the agencies setup a persona and honey pot within their community that was able to gain trust and extract information about the major players of the network over a few years.
The book would benefit from a better explanation of the system and the nature of exploits, it's clear that Max and his colleagues were fairly clever, and although that is said several times throughout the book, this cleverness is not allowed to shine through via an explanation of what they did, save the detail on the SQL-injection exploit. Overall, it's a nice short read, and it's a conditional recommend for people interested in computing and/or cyber security.
The book has a feel of a "Catch Me if You Can", we get a a bit of Max's background in Idaho in the early/mid-90s, where he also attended college before being kicked out, his move to the west coast, leading to his work as a white-hat, and his eventual turn into black-hat. Not much of the technical details is really mentioned here, though it seems Max did not do much social-engineering (a la Mitnick) and focused more on understanding holes in the system via his superior detail-orientation around the backed processes. The one exploit that is mentioned by name later in the book is the SQL-injection exploit, which has to do with a subtle change in the SQL script which allowed one to pull all of a table with a request, including potentially parts of the schema that housed private elements and/or provide data beyond the current user's scope-limits.
The book really gets interesting when Max starts to construct the "Carders Market" a forum/marketplace people used to exchange the hacked card information. Stereotypical to the scene at this time, Vision's eco-system involved significant amount of eastern European connections, though less directly connected to ordinary organized crime at this point (the book suggest that "the scene" has become far more violent/traditional since this era though, as the volume of money being pushed via these channels has increased).
It is around this time that the book transitions to the cat/mouse game between Max and his secret service / FBI pursuers, finally being caught after the agencies setup a persona and honey pot within their community that was able to gain trust and extract information about the major players of the network over a few years.
The book would benefit from a better explanation of the system and the nature of exploits, it's clear that Max and his colleagues were fairly clever, and although that is said several times throughout the book, this cleverness is not allowed to shine through via an explanation of what they did, save the detail on the SQL-injection exploit. Overall, it's a nice short read, and it's a conditional recommend for people interested in computing and/or cyber security.
March 27, 2012
This book explores part of the world of modern cybercriminals.
I tend to think of the "old school" of computer "criminals" as mostly people that were interested in technology, wanted to explore, and just didn't care laws -- but generally not interested in directly stealing money from people. At worst, they would profit by doing things that they didn't consider stealing: for example, taking over a radio station's phone lines to guarantee that they would win a call-in prize.
The newer versions of cybercriminals really are just interested in stealing money: getting lists of credit cards, and turning those into actual dollars. People have been abusing credit cards for as long as they've existed, but recently the criminal activity surrounding them -- stealing the numbers, producing fake credit cards, buying products, turning that into laundered money -- has become very organized.
And thus, this book: it describes some of the central players that helped set of some of the largest discussion forums and computer-based credit card fraud marketplaces: people could buy or sell cards, equipment, and services.
The book theoretically focuses on one, or a few, characters ("how one hacker took over...") but in reality, many of the people involved in organizing smaller criminals knew each other, and interacted on a regular basis, and this book describes many of them.
The topic is pretty incredible: the way that the criminals would wait for a new security flaw to be discovered, and then take a shotgun approach to snagging as many people as possible. If virtually all of the potential targets evaded the attack, no matter -- the net was cast so wide, a few would get taken in. Then, it's sort of fascinating to see how the people would operate: given that their career was theft, it's not surprising that they would turn on one another, but they do it so quickly -- even going so far as to attack each other's computers.
The book itself is not bad, but it does seem a little disorganized. The author was involved in the computer underground previously, and recently involved himself in the computer deception that eventually caused Bradley Manning to be arrested for involvement with Wikileaks, so he's got the right background -- I just wish the book itself had a little more focus.
I tend to think of the "old school" of computer "criminals" as mostly people that were interested in technology, wanted to explore, and just didn't care laws -- but generally not interested in directly stealing money from people. At worst, they would profit by doing things that they didn't consider stealing: for example, taking over a radio station's phone lines to guarantee that they would win a call-in prize.
The newer versions of cybercriminals really are just interested in stealing money: getting lists of credit cards, and turning those into actual dollars. People have been abusing credit cards for as long as they've existed, but recently the criminal activity surrounding them -- stealing the numbers, producing fake credit cards, buying products, turning that into laundered money -- has become very organized.
And thus, this book: it describes some of the central players that helped set of some of the largest discussion forums and computer-based credit card fraud marketplaces: people could buy or sell cards, equipment, and services.
The book theoretically focuses on one, or a few, characters ("how one hacker took over...") but in reality, many of the people involved in organizing smaller criminals knew each other, and interacted on a regular basis, and this book describes many of them.
The topic is pretty incredible: the way that the criminals would wait for a new security flaw to be discovered, and then take a shotgun approach to snagging as many people as possible. If virtually all of the potential targets evaded the attack, no matter -- the net was cast so wide, a few would get taken in. Then, it's sort of fascinating to see how the people would operate: given that their career was theft, it's not surprising that they would turn on one another, but they do it so quickly -- even going so far as to attack each other's computers.
The book itself is not bad, but it does seem a little disorganized. The author was involved in the computer underground previously, and recently involved himself in the computer deception that eventually caused Bradley Manning to be arrested for involvement with Wikileaks, so he's got the right background -- I just wish the book itself had a little more focus.
November 16, 2019
Computers – and particularly the Internet – have opened up new avenues for crime to occur. To programmers (like myself), they pose a new option of choosing good over evil. In this work, Poulsen documents and depicts the work of Max Vision, a hacker who ended up conducting a cybercrime ring of illegal credit cards. This ring duped financial of hundreds of millions of dollars. Fortunately, the feds busted this ring and decimated the conspiracy. Since then, illegal carding has gone relatively defunct (for now).
This book reads like an in-depth newspaper article, which makes sense since the author is a senior editor at Wired.com. While certainly embellished a little for drama, the writing sticks mainly to the facts and to interviews. Well-researched, it documents holes in the financial system that are now plugged. Max Vision and his compatriots exposed these holes through their crimes.
So how was the crime ring done? The credit card industry seemed secure before online transactions took over. Then, hacking into insecure databases and re-grafting that information into new magnetic stripes could produce a bevy of illegal credit cards. These credit cards could be converted into cash by buying expensive items from chains and re-selling them on eBay. Since thousands, if not millions, of credit cards are used, there is no one easy way to shut down the operation.
The feds ended up shutting down the operation by arresting the co-conspirators and thus decimating the human network. After that, chip technology has by-and-large replaced magnetic stripes as the communicative agent of credit cards. Through better encryption and randomization, this new technology, though slightly slower, makes replication of purchasing agents much harder.
An engaging story, this work successfully conveys a story that is not well-known to the public. I wonder whether the tale would translate well into a movie. Perhaps there is not enough drama and too much technological theory. Nonetheless, such fast-paced action is part and parcel of this work. A good read from a book club for me!
This book reads like an in-depth newspaper article, which makes sense since the author is a senior editor at Wired.com. While certainly embellished a little for drama, the writing sticks mainly to the facts and to interviews. Well-researched, it documents holes in the financial system that are now plugged. Max Vision and his compatriots exposed these holes through their crimes.
So how was the crime ring done? The credit card industry seemed secure before online transactions took over. Then, hacking into insecure databases and re-grafting that information into new magnetic stripes could produce a bevy of illegal credit cards. These credit cards could be converted into cash by buying expensive items from chains and re-selling them on eBay. Since thousands, if not millions, of credit cards are used, there is no one easy way to shut down the operation.
The feds ended up shutting down the operation by arresting the co-conspirators and thus decimating the human network. After that, chip technology has by-and-large replaced magnetic stripes as the communicative agent of credit cards. Through better encryption and randomization, this new technology, though slightly slower, makes replication of purchasing agents much harder.
An engaging story, this work successfully conveys a story that is not well-known to the public. I wonder whether the tale would translate well into a movie. Perhaps there is not enough drama and too much technological theory. Nonetheless, such fast-paced action is part and parcel of this work. A good read from a book club for me!
December 29, 2015
If you're interested in cyber crime, hacking, online and banking security, this is definitely an interesting read. It mostly tries to be a biography of one of the more prominent hackers who ended up organizing a large group of cyber criminals. So if you enjoy biographies, this is also a quite well written one in my opinion. However, if you're like me, who doesn't enjoy biographies much and is only moderately interested in cyber crime, then it's just a decent book that tells a decent story with some cool anecdotes here and there.
The biographical nature of the book makes sense, since it allows the reader to have an anchor while traversing the three decades worth of cyber crime. So it kind of irked me that towards the end, it started going all over the place, detailing exploits of numerous other cyber criminals that only loosely connected to the main character. I think the inconsistency was more of an issue than the actual content, since I actually preferred the latter part of the book.
On the technical side, the writing was solid and the length was spot on: not too long that it felt boring and not too short that you were left wanting more. The story was quite predictable, but it's hard to be too critical of that since it is a true story after all. I didn't really care about any of the characters and their problems, but that might also be a personal bias since the stuff they do is quite annoying to most people. I also felt the book was a tad biased towards law enforcement and a bit naive in general on the state of cyber crime which I felt was a bit dishonest.
Overall, it was a good book that I generally enjoyed and which had only minor, mostly nit picky issues. If you like biographies and cyber crime themed books, this will probably earn a higher rating from you, but I don't, so it gets a fair three stars from me.
The biographical nature of the book makes sense, since it allows the reader to have an anchor while traversing the three decades worth of cyber crime. So it kind of irked me that towards the end, it started going all over the place, detailing exploits of numerous other cyber criminals that only loosely connected to the main character. I think the inconsistency was more of an issue than the actual content, since I actually preferred the latter part of the book.
On the technical side, the writing was solid and the length was spot on: not too long that it felt boring and not too short that you were left wanting more. The story was quite predictable, but it's hard to be too critical of that since it is a true story after all. I didn't really care about any of the characters and their problems, but that might also be a personal bias since the stuff they do is quite annoying to most people. I also felt the book was a tad biased towards law enforcement and a bit naive in general on the state of cyber crime which I felt was a bit dishonest.
Overall, it was a good book that I generally enjoyed and which had only minor, mostly nit picky issues. If you like biographies and cyber crime themed books, this will probably earn a higher rating from you, but I don't, so it gets a fair three stars from me.
May 30, 2011
Wow... what a powerful book! I noticed this on my friend's book update feed yesterday, searched around for an ebook, found one, started reading, and practically didn't even stop for much else. (Although there was a 16 hour break in between reading there :P)
Normally I don't like nonfiction books: they are dry, not engaging and just don't deal with subject matter in an interesting way that I can absorb readily. This book reads more like an action novel filled with tons of real life tidbits. I think the tidbits are what I enjoyed most. Travelling through the decades of hacking took me back to my own misbegotten youth (especially when Back Orifice was mentioned being released at DefCon!) but it was also a bit of a look into the movie Hackers, Hackers 2 and so forth. Just that this book continued up until right now (it even included a footnote at the very very end about the recent Wikileaks hack.)
All in all, this is a great book for learning about the huge world carding scams out there (descriptive enough to make you never want to use a credit card in America again until they change the system), about the main hackers on the scene and in between filling in your tech knowledge gaps (for instance, it explained SQL in a few short, very easy to understand paragraphs. Anyone want to change the Wikipedia article to make more sense??)
All in all, a very well written book, that I felt really covered the whole area of hacking while still maintaining a somewhat unbiased point of view. I thoroughly enjoyed it!
Normally I don't like nonfiction books: they are dry, not engaging and just don't deal with subject matter in an interesting way that I can absorb readily. This book reads more like an action novel filled with tons of real life tidbits. I think the tidbits are what I enjoyed most. Travelling through the decades of hacking took me back to my own misbegotten youth (especially when Back Orifice was mentioned being released at DefCon!) but it was also a bit of a look into the movie Hackers, Hackers 2 and so forth. Just that this book continued up until right now (it even included a footnote at the very very end about the recent Wikileaks hack.)
All in all, this is a great book for learning about the huge world carding scams out there (descriptive enough to make you never want to use a credit card in America again until they change the system), about the main hackers on the scene and in between filling in your tech knowledge gaps (for instance, it explained SQL in a few short, very easy to understand paragraphs. Anyone want to change the Wikipedia article to make more sense??)
All in all, a very well written book, that I felt really covered the whole area of hacking while still maintaining a somewhat unbiased point of view. I thoroughly enjoyed it!
June 3, 2016
See the Full review at my blog site:
http://terebrate.blogspot.sg/2014/02/...
Kingpin tells the story of the rise and fall of a hacker legend: Max Butler. Butler is most famous for his epic, hostile hacking takeover in August 2006 of four of the criminal underground’s prominent credit card forums. He is also tangentially associated with the TJX data breach of 2007. His downfall resulted from the famous FBI undercover sting operation called Operation Firewall where agent Keith Mularski was able to infiltrate one of the four forums Butler had hacked: DarkMarket. But Butler’s transition from pure white-hat hacker into something gray—sometimes a white hat, sometimes a black hat—is a treatise on the cyber criminal world. The author of Kingpin, Kevin Poulsen, imbues the story with lush descriptions of how Butler hacked his way around the Internet and pulls the curtain back on how the cyber criminal world functions. In much the same way that Cuckoo's Egg reads like a spy novel, Kingpin reads like a crime novel. Cyber security professionals might know the highlights of this cyber criminal underworld, but Poulsen is able to provide a lot of detail about how this world functions that is understood by mostly only the cyber criminals themselves and the law enforcement officials who stalk them. Because of that, Kingpin is cyber-security-canon worthy, and you should have read this by now.
http://terebrate.blogspot.sg/2014/02/...
Kingpin tells the story of the rise and fall of a hacker legend: Max Butler. Butler is most famous for his epic, hostile hacking takeover in August 2006 of four of the criminal underground’s prominent credit card forums. He is also tangentially associated with the TJX data breach of 2007. His downfall resulted from the famous FBI undercover sting operation called Operation Firewall where agent Keith Mularski was able to infiltrate one of the four forums Butler had hacked: DarkMarket. But Butler’s transition from pure white-hat hacker into something gray—sometimes a white hat, sometimes a black hat—is a treatise on the cyber criminal world. The author of Kingpin, Kevin Poulsen, imbues the story with lush descriptions of how Butler hacked his way around the Internet and pulls the curtain back on how the cyber criminal world functions. In much the same way that Cuckoo's Egg reads like a spy novel, Kingpin reads like a crime novel. Cyber security professionals might know the highlights of this cyber criminal underworld, but Poulsen is able to provide a lot of detail about how this world functions that is understood by mostly only the cyber criminals themselves and the law enforcement officials who stalk them. Because of that, Kingpin is cyber-security-canon worthy, and you should have read this by now.
September 16, 2014
My mom passed this book to me, along with numerous others about computer espionage and hacking. This one was a quick and fascinating read - on that nearly made by blood boil to learn how easy software companies made it to hack our personal computers and gain our credit card numbers as far back as the 1980s. It details the effort of an amazing FBI man to bring down a brilliant cyber criminal Max "Vision" Butler, also known as Iceman online. It's a fascinating look at how mag-wipe credit cards were first stolen, how the process evolved, and the first criminals to sell mass lists of data. While Europe and nearly every other country on the planet has moved past the easy to compromise mag-swipe credit cards to the highly secure pin and chip credits cards, the United States has not. Last Christmas my credit card info was hacked by the infamous Target breach. Sadly, the same month I read this book, I learned that it was compromised again by Home Depot. I called to complain loudly with my credit card company to move them to fight the cause and they sent me a pin and chip card. If every consumer called someone to complain maybe we could move the corporate giants to push forward the necessary reforms.
February 11, 2022
Kingpin is a biographical story centred around Max Butler - an extremely talented whitehat and blackhat hacker in the US. Max Butler contributed to open-source security software but then strayed over to the dark side and back again. He was especially involved in the carding (or card dumps) marketplace building several sites until his eventual downfall at the hands of a determined FBI agent.
The author has done a good job writing a gripping non-fiction tale explaining the cat and mouse games between different entities involves such as the rivalry between different carding forums, between Eastern European hackers and US-based hackers as well as between law enforcement and the dark crime-ridden underbelly of the carder's market. The narrative is written thriller style intertwining different perspectives from different characters and groups. The author has also done a good job explaining the different hacking techniques or protocols in detail such as cryptographic handshakes or SQL injection attacks. The narrative structure is similar to Cuckoo's egg (which is a fantastic read itself). Overall a deeply researched book written by an author who understands the field of both whitehat and blackhat security hacking. Probably 3.5 stars but rounding up to 4 stars.
The author has done a good job writing a gripping non-fiction tale explaining the cat and mouse games between different entities involves such as the rivalry between different carding forums, between Eastern European hackers and US-based hackers as well as between law enforcement and the dark crime-ridden underbelly of the carder's market. The narrative is written thriller style intertwining different perspectives from different characters and groups. The author has also done a good job explaining the different hacking techniques or protocols in detail such as cryptographic handshakes or SQL injection attacks. The narrative structure is similar to Cuckoo's egg (which is a fantastic read itself). Overall a deeply researched book written by an author who understands the field of both whitehat and blackhat security hacking. Probably 3.5 stars but rounding up to 4 stars.
April 23, 2019
Terrifying read... I've never realized how close the early years of my career as a systems administrator and developer took me to the crazy world of underground computer crime that was unfolding around us.
I've spent the past week wondering if doing what Max and other people in this story did is the result of an innate personality trait or just a set of coincidences, a bad hand the life deals a computer specialist, turning them into a criminal. For many people working in this industry, it is always about the craft, the challenge of building systems (just like the bind hack was for Max) and I am not sure there is a point in one's career when you make a conscious decision to become a criminal. Unfortunately, even after finishing the book I don't have an answer to this question.
Even if you are not an Eastern European-born computer science professional, the book is still a fascinating primer on the effects of bad and the need for good security in today's computerized society and I'd highly recommend it to everybody working with computers on a daily basis.
I've spent the past week wondering if doing what Max and other people in this story did is the result of an innate personality trait or just a set of coincidences, a bad hand the life deals a computer specialist, turning them into a criminal. For many people working in this industry, it is always about the craft, the challenge of building systems (just like the bind hack was for Max) and I am not sure there is a point in one's career when you make a conscious decision to become a criminal. Unfortunately, even after finishing the book I don't have an answer to this question.
Even if you are not an Eastern European-born computer science professional, the book is still a fascinating primer on the effects of bad and the need for good security in today's computerized society and I'd highly recommend it to everybody working with computers on a daily basis.
May 11, 2012
On one hand you have a brilliant self taught programmer/hacker. On the other hand you have a relative child. And they are both the same person. At least that's how it appeared to me. Relatively few social skills and a need to prove himself, an absolutely brilliant flair for finding holes in computer security = lots of offended people and jail time. Still I quite enjoyed the story/history. In the end I was left wondering - obviously there were quite a few security holes out there in the emerging computer world and just as obviously there were quite a few people looking for, finding and exploiting these holes. Where was the ethical/moral training to come into play? I don't quite know how to characterize it, but it's frustrating nonetheless to see the billions of dollars of fraud (that ends up getting paid for by others in one way or another -- see higher usage fees, etc) enacted by the new computer criminals.
October 7, 2021
Fairly intersting book. The work done by Kevin Poulsen to find all the necessary materials for the basis of the book is really impressive. He tells about fraudulent life, which takes place right in front of common user's life - on the screens of our PCs. There is no classical war between mafia or gangs in this book. Instead, we see how hackers keep doing their dirty deeds simply sitting in front of the screen. Nonetheless, the effects of this deeds sometimes cost much more than any others. In addition, the style of the book looks similar to another investigation by Wired - the one about the Silk Road (https://www.wired.com/2015/04/silk-ro...) - which took place a few years after the events, described in this book.
May 31, 2011
A fast paced, easy, and interesting look at one of the largest credit card thieves and credit card theft forum operators around. Gives a good overview of how credit card breaches have happened, what businesses need to do to help prevent them, and how the feds have set up some pretty complicated stings to take down some of the people who perpetrate them. It may help that I have a tech background, but I found the book easy to read and follow, the technical explanations very good, and the book overall interesting.
I also have to say that while reading this, I found a sudden urge to run Windows Update and patch 3rd-party apps on the couple Windows machines that I keep around my house...
I also have to say that while reading this, I found a sudden urge to run Windows Update and patch 3rd-party apps on the couple Windows machines that I keep around my house...
March 24, 2011
Only the Paranoid survive.
Every system or even encryption has a security loophole, you just have to know how to find it, exploit it and cover your tracks.
This is not a book for the paranoid or Internet Newbie. It will most likely scare the be-jesus out of them with regard to shopping with a credit card, especially online.
Recent IT Issues within Australian regarding the National Australia Bank and Commonwealth Bank will leave you deeply suspicious after reading this book. Buy gold and hide it under the bed before its not too late !!! :-)
Every system or even encryption has a security loophole, you just have to know how to find it, exploit it and cover your tracks.
This is not a book for the paranoid or Internet Newbie. It will most likely scare the be-jesus out of them with regard to shopping with a credit card, especially online.
Recent IT Issues within Australian regarding the National Australia Bank and Commonwealth Bank will leave you deeply suspicious after reading this book. Buy gold and hide it under the bed before its not too late !!! :-)
December 29, 2015
I really enjoyed this true crime book about the cat and mouse game of hackers who steal credit card numbers and resell them online. One thing I learned is that online companies do a better job of protecting your data. Most of the cards stolen were from brick and mortar stores with insecure point of sale machines.
Displaying 1 - 30 of 451 reviews