It's rare these days to not suffer through at least one instance of credit card fraud, where you get that bill that has charges from places you've never visited for items you never purchased. Kevin Poulsen uncovers the murky world that traffics in credit card fraud and data theft in his book Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground. It follows the story of one Max Butler and his turn from white-hat hacker to head of am underground data theft crime scene. It's a fascinating read, and by the end you have a good understanding of the massive cost to consumers, retailers, and banks.
Contents: The Key; Deadly Weapons; The Hungry Programmers; The White Hat; Cyberwar!; I Miss Crime; Max Vision; Welcome to America; Opportunities; Chris Aragon; Script's Twenty-Dollar Dumps; Free Amex!; Villa Siena; The Raid; UBuyWeRush; Operation Firewall; Pizza and Plastic; The Briefing; Carders Market; The Starlight Room; Master Splyntr; Enemies; Anglerphish; Exposure; Hostile Takeover; What's in Your Wallet?; Web War One; Carder Court; One Plat and Six Classics; Maksik; The Trial; The Mall; Exit Strategy; DarkMarket; Sentencing; Aftermath; Epilogue; Notes; Acknowledgments
Poulsen follows the story of how Max Butler went from a teenager who didn't fit in to someone who was able able to buy and sell stolen data, earning an incredible amount of money in the process. As a security expert and a white hat hacker, he was able to uncover and expose security flaws that put clients at risk. But due to an early run-in with the law, he had difficulties finding work as no one wanted to hire him with his criminal background. Those monetary concerns led him to venture into the world of data theft, where stolen credit card and identity information is sold and used to steal billions in cash and merchandise.
As Butler honed his skills and moved up in the underground along with his partner Chris Aragon, they started to attract the attention of the Feds, specifically Special Agent Keith Mularski. Mularski got authorization to create an alias (Master Splyntr) and start digging into the main web sites where data trafficking was centered. He started to make the connections and figure out who were the main players and where they were located. With a few key informants, Mularski was able to start making raids and arrests that shut down the top players, both national and international.
Poulsen had an incredible amount of access to the players in this story, and the authenticity of the dialogue and action rings true. Kingpin highlights a couple of different aspects of the topic of data theft. Primary is the sheer size of the market for data theft. Butler was able to steal account information with little effort, and in many instances it wasn't even a case of the hackers being one step ahead of the companies. Either the data was stored in unencrypted text files available to anyone who could hack the server, or the card encryption safeguards weren't even implemented by the people charged with keeping the data secure. The other aspect is how international borders mean nothing when it comes to data theft. Numbers stolen in one country are sold in another and used in a third. It was quite remarkable that authorities in separate countries were able to work together to shut down some of the operations. It's not often you get that level of international cooperation when dealing with multiple jurisdictions.
Kingpin is the perfect read if you're wondering why banks can't just snap their fingers and prevent credit card fraud. There's always some way to hack the system, and your data is at risk no matter how careful you might be.
Thomas Duff, aka "Duffbert", is a long-time member of the Lotus community. He's primarily focused on the development side of the Notes/Domino environment, currently working for a large insurance … more
Consider the Source
Use Trust Points to see how much you can rely on this review.