Saturday, April 30, 2011

Early Review of Ghost in the Wires

Kevin Mitnick was kind enough to send me a galley copy of his upcoming autobiography Ghost in the Wires. won't let me post a review yet, so I'll write what I would have supplied to the site.

In 2002 I reviewed Kevin Mitnick's first book, The Art of Deception. In 2005 I reviewed his second book, The Art of Intrusion. I gave both books four stars. Mitnick's newest book, however, with long-time co-author Bill Simon, is a cut above their previous collaborations and earns five stars.

As far as I can tell (and I am no Mitnick expert, despite reading almost all previous texts mentioning him), this is the real deal. Mitnick addresses just about everything you might want to know about. For me, the factor that made the book very unique was the authors' attention to detail. This sounds like it might have been a point of contention between the co-authors, but I found the methodical explanation of the social engineering and technical attacks to be relevant and interesting. Mitnick just doesn't say he social engineered a target; rather, he walks you through every step of the event! It's amazing, audacious, and in many cases beyond the pale.

One surprise for me was the amount of technical hacking Mitnick describes. He wasn't just crafty with a phone; he spent a lot of time at the keyboard executing technical exploitation of Unix variants. Interestingly, this may or may not include the so-called "Mitnick attack" whereby Tsutomu Shimomura's computer suffered the only documented TCP blind spoofing incident. In Ghost in the Wires, Mitnick says an Israeli hacker nicknamed JSZ wrote the code to implement the attack, and JSZ executed the Christmas Day 1994 exploitation of Shimomura's computer (p 326). Later on p 334, however, Mitnick notes the same attack worked against a different target (blackhole dot inmet dot com), so he may have executed that previously undocumented incident himself?

Ghost in the Wires also shares the human side of Mitnick's story. His description of solitary confinement and his anxiety of returning to those conditions seemed very real. They appear ever more relevant given recent treatment of Bradley Manning. One has to wonder about "cruel and unusual punishment" of those who are not convicted, such that they will sign plea deals just to avoid solitary confinement. Beyond prison issues, Mitnick's love for his family (especially his mother and grandmother) were clear throughout the book.

I very much enjoyed reading Ghost in the Wires, and I believe the majority of the computer security community would too.

Update: I posted this to

No comments: