YetanotherHackerNewsdigest.com
HN Theater | HN Academy | HN Books

HN Books @HNBooksMonth

The best books of Hacker News.
Rankings: week · month (mar/apr) · year (2024) · all time
digests · search

Hacker News Comments on
Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground

Kevin Poulsen · 4 HN comments
HN Books has aggregated all Hacker News stories and comments that mention "Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground" by Kevin Poulsen.
View on Amazon [↗]
HN Books may receive an affiliate commission when you make purchases on sites after clicking through links on this page.
Amazon Summary
Former hacker Kevin Poulsen has, over the past decade, built a reputation as one of the top investigative reporters on the cybercrime beat. In Kingpin, he pours his unmatched access and expertise into book form for the first time, delivering a gripping cat-and-mouse narrative—and an unprecedented view into the twenty-first century’s signature form of organized crime. The word spread through the hacking underground like some unstoppable new virus: Someone—some brilliant, audacious crook—had just staged a hostile takeover of an online criminal network that siphoned billions of dollars from the US economy. The FBI rushed to launch an ambitious undercover operation aimed at tracking down this new kingpin; other agencies around the world deployed dozens of moles and double agents. Together, the cybercops lured numerous unsuspecting hackers into their clutches. . . . Yet at every turn, their main quarry displayed an uncanny ability to sniff out their snitches and see through their plots. The culprit they sought was the most unlikely of criminals: a brilliant programmer with a hippie ethic and a supervillain’s double identity. As prominent “white-hat” hacker Max “Vision” Butler, he was a celebrity throughout the programming world, even serving as a consultant to the FBI. But as the black-hat “Iceman,” he found in the world of data theft an irresistible opportunity to test his outsized abilities. He infiltrated thousands of computers around the country, sucking down millions of credit card numbers at will. He effortlessly hacked his fellow hackers, stealing their ill-gotten gains from under their noses. Together with a smooth-talking con artist, he ran a massive real-world crime ring. And for years, he did it all with seeming impunity, even as countless rivals ran afoul of police. Yet as he watched the fraudsters around him squabble, their ranks riddled with infiltrators, their methods inefficient, he began to see in their dysfunction the ultimate challenge: He would stage his coup and fix what was broken, run things as they should be run—even if it meant painting a bull’s-eye on his forehead. Through the story of this criminal’s remarkable rise, and of law enforcement’s quest to track him down, Kingpin lays bare the workings of a silent crime wave still affecting millions of Americans. In these pages, we are ushered into vast online-fraud supermarkets stocked with credit card numbers, counterfeit checks, hacked bank accounts, dead drops, and fake passports. We learn the workings of the numerous hacks—browser exploits, phishing attacks, Trojan horses, and much more—these fraudsters use to ply their trade, and trace the complex routes by which they turn stolen data into millions of dollars. And thanks to Poulsen’s remarkable access to both cops and criminals, we step inside the quiet, desperate arms race that law enforcement continues to fight with these scammers today. Ultimately, Kingpin is a journey into an underworld of startling scope and power, one in which ordinary American teenagers work hand in hand with murderous Russian mobsters and where a simple Wi-Fi connection can unleash a torrent of gold worth millions.
HN Books Rankings

Hacker News Stories and Comments

All the comments and stories posted to Hacker News that reference this book.
> I don’t see how you could conceivably convince strangers to withdraw cash for you at that scale without raising eyebrows

The book "Kingpin" talked about how most of the people doing the withdrawing of cash were usually "mules" who were in on the scam. They'd withdraw the money, get a small cut and send the rest to a middleman.

The book itself goes into a lot more detail on how it worked:

https://www.amazon.com/Kingpin-Hacker-Billion-Dollar-Cybercr...

The Soul of a New Machine by Tracy Kidder, the classic book following the development of a new minicomputer in the late 70s.

http://www.amazon.com/Soul-New-Machine-Tracy-Kidder/dp/03164...

Stealing The Network: How to Own the Box. This is a collection of fictional accounts of "hacking" written by hackers. Real world techniques are described though its in lightweight detail, the aim of the book is more to give an insight into how an attacker thinks. It's quite an enjoyable read too.

http://www.amazon.co.uk/Stealing-Network-How-Own-Cyber-Ficti...

Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Kevin Poulsen. This one's a true story.

http://www.amazon.co.uk/Kingpin-Hacker-Billion-Dollar-Cyberc...

Code: The Hidden Language of Computer Hardware and Software By Charles Petzold. I still have to read this one, but I expect it would fit in with what you're after quite well.

http://www.amazon.com/Code-Language-Computer-Hardware-Softwa...

In "Kingpin" by Kevin Poulsen [1], one of the key players made a lot of money by hacking into POS systems at "mom & pop" locations (restaurants, dry cleaners, etc).

Their surface area was "just enough" - they're online in order to run credit cards and early versions of the POS software kept the card details in local files. Once he was into their system, he had access to thousands of cards... when the cards were used fraudulently, it was very difficult to know how it'd been stolen because it was via lots of small breaches that never made the news.

Appropriately for this post... the POS software vendors eventually rushed to be compliant with new security standards (PCI?) and not store those details locally. But the store owners were reluctant to upgrade because the new software versions had an upgrade fee or, even when the upgrade was free, they'd have to pay thousands to their local consultant to actually perform the upgrade.

[1] - http://amzn.com/0307588696 ... Twitter-sized review: Pretty good book and it read like a technology novel at times. Will definitely get you re-thinking where/when your cards are used.

You might find this book interesting. http://www.amazon.com/Kingpin-Hacker-Billion-Dollar-Cybercri...

I've read it and can confirm its a good read. I think this guy was arrested in 2005 or 2007 but that's going on memory from over a year ago.

SageRaven
Good, entertaining read. I get the impression it was sanitized a great deal, because I was sorely disappointed with the lack of technical meat-n-potatoes.

For instance, the author totally glossed over how they recovered the data from his encrypted storage at the end. Was the PC left on and the screen not locked? Cold boot attack? Brute force? Hell, they didn't even specify exactly which crypto software was used.

dobbsbob
He fell asleep while he left his servers on. So they simply siphoned the keys from memory. He used some proprietary Israeli made encryption software and FreeBSD, but it didn't matter because everything including Truecrypt keeps your keys in memory when mounted.

Even if his server was off, they could have broken into his safehouse and sabotaged the unencrypted bootloader. Only defense against this is use OpenBSD 5.3 which allows booting from fully encrypted drives, or keep your unencrypted boot partition on a usb stick you carry around.

HN Books is an independent project and is not operated by Y Combinator or Amazon.com.
~ yaj@
;laksdfhjdhksalkfj more things
yahnd.com ~ Privacy Policy ~
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.