I have read many books about computer security. Many of them tried to shed light on the cybercrime, but all of them failed. Most of the time, people seem to be afraid to touch sensitive stuff, because this typically involves revealing identities of cybercrime bosses and their counterparts – FBI operatives. And without mentioning the names a book becomes too generic and boring.
Here is the book you gotta read. It is the best book written in a decade about the subject. It describes the life of the most notorious American hacker named Max Butler. He is the guy responsible for stealing more than 1 billion US dollars from credit cards. If your credit card ever got abused (I know such people who suddenly found 20 pillows charged to their credit card) then blame this guy.
The book is written with an intimate knowledge of hacker’s daily routine. It also sheds light on his early days, the time when he was growing up, his relationships with other people, etc. This is only possible because the author – Kevin Poulsen is a former black hat hacker himself. The book makes it very clear that hackers are neither good nor bad. Of course, if your credit card suffers then they are obviously bad from your point of view. More generally, however, hackers are responsible for many security tools that help protect networks from some other bad guys. It is pretty clear that some bad people will sooner or later attempt to stage a 9-11-scale attack virtually. This is indeed possible because critical infrastructure is controlled by Internet-connected machines (including flight control towers, power plants, etc.). So, these hackers give specific warning signs to governments: protect your networks or you will be own3d pretty soon.
So, from my point of view, it is very difficult to judge the hacker, even those that steal money. They do harm to individual people, but they are rather useulf to society as a whole. I am pretty sure that without their help (and it is obvious that US authorities are using their help), the US infrastructure would fall victim to some foreign government.
The funniest part in this book is the description of how the hackers actually do their job. Typically, it is a combination of hacking, social engineering, and some luck. For the first part, you need to find an exploit in some popular software such as Internet Explorer. Then, you have to convince the users to visit the page that contains the malicious code. Typically, hackers send some funny e-mails containing a link, which make many people click this link. After that the exploit lands on victim’s machine, and it becomes own3d. What can you find on victim’s machine? Well, it depends. If it is a personal machine of some celebrity or FBI officers, you can find his/her e-mails, documents, plans, schedules, etc. Tons of funny stuff. However, if the victim machine belongs to some enterprise such as local pizza shop then you can get access to customer’s credt cards, if you are lucky. The problem is that many shops fail to abide by VISA security standards which demand credit card number be deleted after processing the order. However, it turns out that many restaurants store YEARS of customer’s traces, which makes them an attractive target for hackers.
After stealing credit card numbers, the hacker passes them to a gang of shoppers, who buy lots of random products, only to sell them on eBay later on. This kind of dirty business involves thousands and thousands of people and is responsible for billions of dollars in losses for credit card companies. But hackers are saying that banks are rich and greedy anyway, so they should suffer a bit (for a credit card theft, the client is only responsible for initial $50 in losses, and the bank carries the rest).
The book makes it very clear that FBI and Secret Service are eagerly interested in hackers’ community. However, it is not just “shoot them all” approach. Rather, the authorities try to infiltrate the hackers’ community (sometimes they even run hackers’ forums), identify the key people and recruit them. It is funny that the identities of recruited hackers is an even bigger secret than identities of FBI operatives. Sometimes, FBI agents from one city are not aware of the fact that the hacker has been recruited by agents in another city, so they attempt to arrest the hacker during his trip. The funniest part begins when they start searching hacker’s house, and then the FBI operatives are told not to search too deeply, implying that the house belongs to the cooperating hacker. So, when the FBI agents arrive with a search warrant, the hacker simply hides his hard drive in a trash bin, and the people who perform the search “fail” to find it. What a funny situation! Everybody understands that all of them are working for FBI (or some other 3-letter agency), but they cannot reveal each other’s identities!
So, the book is a praise to the 3-letter agencies who managed to recruit many hackers. The uncooperating ones are put behind the bars. This is an American story with a happy end. Are there any threats left?