For most people, computers are magic. Which is to say, they are technology sufficiently advanced to the point of mystification. I include myself in this camp, for despite my comfort with computers and my fluency in programming, a great deal of mystery still surrounds them. With the emergence of the Internet into the public sphere and the rise of the Web, computers and the phone system are now fundamentally intertwined, and vast swathes of our infrastructure are dependent on them. The dangers of cyberwarfare are very real. At the same time, however, it's important that we don't exaggerate or misrepresent this threat. Movies and television sensationalize the abilities and proclivities of hackers for the sake of drama and entertainment. Real hackers are quite different, and their motives and actions are as diverse and varied as the people they hack. Real hacking is independent of platform and technology; it's often more of a case of appealing to the weakest element in the system: the human.
Ghost in the Wires is the autobiography of Kevin Mitnick, “the world's most wanted hacker”. His is a fascinating, even bizarre tale of the convergence of law enforcement, ego, and addiction. Thanks to Mitnick’s impressive abilities, equally impressive capacity for self-delusion and self-denial, and the media’s tendency to think the worst, exploits and escapades that start as harmless fun result in a years-long manhunt and nearly a decade of jail time.
Mitnick's gateway into hacking is “phone phreaking”, unauthorized access to the phone company’s systems. This was in the days before the Web, before even personal computers, when computing itself involved entering programs line-by-line into computer memory and watching the read-outs on a printer, not a screen. It’s an era utterly alien to someone of my generation, let alone younger readers—and I love reading about how people interacted with computers at that stage.
As computers and phones become more advanced, so too does Mitnick. He explains how he acquires the ability to clone cell phone numbers, and how he uses space in dormant accounts on university and company servers to store source code he steals from companies like Sun, Novell, and Motorola. He obtains access to the IRS and DMV records, which later becomes instrumental as he creates false identities and goes on the run.
Mitnick keeps the structure of the book strictly chronological, with just enough foreshadowing to whet our appetites in anticipation of future events. However, some common themes quickly emerge. After his first few brushes with law enforcement over his hacking, Mitnick attempts to “straighten out” and quit, only to relapse time and again. In this sense, hacking is an addiction—it’s a challenge that provides a cognitive reward. No matter how hard he tries to give it up, he returns to it. This inability to rein himself in, even when he recognizes the dangers and the possibility of overreaching, is one of the reasons he eventually gets caught and goes to jail.
Mitnick also faces a revolving door of betrayal. Best friends and confidantes turn coat and rat him out to get lighter punishments; people he thought he could rely on turn against him. I sympathize. However, these accounts are necessarily one-sided, and I get the sense from reading between the lines that there was a lot about Mitnick as a person that contributed to these changes of heart.
Ghost in the Wires is a hefty book, especially as a paperback, and the pace is very slow. Mitnick enjoys teasing out every detail of his latest hack or discovery. Yet I never tired of hearing about it; I seldom wanted to put this book down. I just wanted to know what happened next: what was the next hack, the next run-in with the law, the next problem Mitnick had to overcome? Even before he becomes a fugitive, there is a sense of danger always around the corner. Though he spends a lot of time celebrating his ability to outwit and evade security employees from the telephone companies, he also gives due credit to those people who manage to outwit him. Once in a while, a technician or sysadmin catches on and boots him out. My reading pace is different for every book, but I literally did not want to stop reading this, stealing every possible opportunity to read as much as I could each day. There is just never a dull moment in the book.
It’s also truly terrifying to see how quickly rumours become exaggerated and become part of the legal record. Mitnick stresses throughout the book that he never hacked for profit or out of malice. For him, it was merely an exercise in ego. That doesn’t excuse the actions, but it does mean that charges amounting to terrorism are unjust. The ignorance of the law enforcement and judicial officials involved in this case is staggering. The overreactions—not letting Mitnick have any access to a phone for national security reasons—are a sobering reminder of how easy it is to mislead people who are less informed. When those people are in positions of power, they can abuse or misuse that power unwittingly, under the impression they are acting in the interests of public safety.
Perhaps the most surprising revelation in this book isn’t a technical one at all. Rather, Mitnick accomplishes some of his most daring hacks through social engineering. It’s incredible how willing people are to help him cirumvent their own company’s security procedures. With a little research and some guile, Mitnick poses as an employee from another office, tells a plausible story, and gets remote access or other information that people shouldn’t be so ready to divulge.
The weakest link in our cybersecurity is not the technology. It’s us. The trusting operator, the cheerful colleague … these are all parts of being human and having positive interactions every day. But the best, most secure systems are worthless if all you need to do is sweet-talk someone into reseting an account’s password. Mitnick’s approach still works today. Just ask Mat Honan, who had his Amazon and Apple accounts hacked through social-engineering of customer support representatives, and from there, the hackers disassembled the rest of his digital existence.
Ghost in the Wires is that sweet spot of books about technology. It’s accessible to everyone. At times Mitnick’s terminology definitely becomes a little technical and specialized—I don’t know enough about how our phone system works to pretend to follow his explanations of how he tricks the system into rerouting calls and letting him listen into private conversations. But that didn’t affect my enjoyment of the book or my ability to follow what he was achieving. It also has a strong social message. Mitnick’s relationship with hacking is an addiction just as damaging to his life as an addiction to drugs or alcohol. Moreover, the book is a warning that unless we make sure people in positions of power are better-educated about the capabilities of technology, we run the risk of innocent lives being ruined by misinformed authorities.
The majority of Mitnick’s tale takes place in the 1980s and 1990s, in the infancy of the World Wide Web. There was no Facebook or Twitter, no Amazon or Google. Now we spend more and more of our lives online. Mitnick might have been the world’s first “most wanted hacker”, but I doubt he will be the last. And we’re all going to have to get a little more clued-in, or we will be in for a rough time.