Hacker News Comments on
Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground
·
4
HN comments
- This course is unranked · view top recommended courses
Hacker News Stories and Comments
All the comments and stories posted to Hacker News that reference this book.> I don’t see how you could conceivably convince strangers to withdraw cash for you at that scale without raising eyebrowsThe book "Kingpin" talked about how most of the people doing the withdrawing of cash were usually "mules" who were in on the scam. They'd withdraw the money, get a small cut and send the rest to a middleman.
The book itself goes into a lot more detail on how it worked:
https://www.amazon.com/Kingpin-Hacker-Billion-Dollar-Cybercr...
The Soul of a New Machine by Tracy Kidder, the classic book following the development of a new minicomputer in the late 70s.http://www.amazon.com/Soul-New-Machine-Tracy-Kidder/dp/03164...
Stealing The Network: How to Own the Box. This is a collection of fictional accounts of "hacking" written by hackers. Real world techniques are described though its in lightweight detail, the aim of the book is more to give an insight into how an attacker thinks. It's quite an enjoyable read too.
http://www.amazon.co.uk/Stealing-Network-How-Own-Cyber-Ficti...
Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Kevin Poulsen. This one's a true story.
http://www.amazon.co.uk/Kingpin-Hacker-Billion-Dollar-Cyberc...
Code: The Hidden Language of Computer Hardware and Software By Charles Petzold. I still have to read this one, but I expect it would fit in with what you're after quite well.
http://www.amazon.com/Code-Language-Computer-Hardware-Softwa...
In "Kingpin" by Kevin Poulsen [1], one of the key players made a lot of money by hacking into POS systems at "mom & pop" locations (restaurants, dry cleaners, etc).Their surface area was "just enough" - they're online in order to run credit cards and early versions of the POS software kept the card details in local files. Once he was into their system, he had access to thousands of cards... when the cards were used fraudulently, it was very difficult to know how it'd been stolen because it was via lots of small breaches that never made the news.
Appropriately for this post... the POS software vendors eventually rushed to be compliant with new security standards (PCI?) and not store those details locally. But the store owners were reluctant to upgrade because the new software versions had an upgrade fee or, even when the upgrade was free, they'd have to pay thousands to their local consultant to actually perform the upgrade.
[1] - http://amzn.com/0307588696 ... Twitter-sized review: Pretty good book and it read like a technology novel at times. Will definitely get you re-thinking where/when your cards are used.
You might find this book interesting. http://www.amazon.com/Kingpin-Hacker-Billion-Dollar-Cybercri...I've read it and can confirm its a good read. I think this guy was arrested in 2005 or 2007 but that's going on memory from over a year ago.
⬐ SageRavenGood, entertaining read. I get the impression it was sanitized a great deal, because I was sorely disappointed with the lack of technical meat-n-potatoes.For instance, the author totally glossed over how they recovered the data from his encrypted storage at the end. Was the PC left on and the screen not locked? Cold boot attack? Brute force? Hell, they didn't even specify exactly which crypto software was used.
⬐ dobbsbobHe fell asleep while he left his servers on. So they simply siphoned the keys from memory. He used some proprietary Israeli made encryption software and FreeBSD, but it didn't matter because everything including Truecrypt keeps your keys in memory when mounted.Even if his server was off, they could have broken into his safehouse and sabotaged the unencrypted bootloader. Only defense against this is use OpenBSD 5.3 which allows booting from fully encrypted drives, or keep your unencrypted boot partition on a usb stick you carry around.