Book Review: Ghost in the Wires

Submitted by tim ribaric on Thu, 09/22/2011 - 09:54

I still remember the first hack that I witnessed with my own eyes. My buddy we'll call him 'G', and I were sitting in front of a computer in our High School Grade 10 programming class. Some of the specifics escape me but it was an amazing bit of computer work.

The machine was lock downed with some sort of software that stopped you from accessing the hard drive, editing system files etc. You could unlock the system by putting a disk in the drive that had a special file on it. G must of done some background research on a BBS (this was way pre-Modern-Internet Era) about the software and how to crack it. G popped open a Open File dialog box, probably from Notepad or something, navigated to the disk he just popped in the drive and created a file. G then pressed, and held the alt key, keyed in 2 - 2 - 5 and released the alt key. He then added a few more characters to the file name, probably something like ßunlocker.dat and then poof once the file was created the machine unlocked. It was magic. I'm not sure that was the magic unlock filename or if using a higher end ascii character threw off the system but the result was an unlocked computer. G quickly popped the disk out, we rebooted the computer and I was hooked.

Reading this Kevin Mitnick memoir reminded me of that day. For those that don't know Kevin Mitnick was no joke the 'World's Most dangerous Hacker'. He had a knack for social engineering phone companies into getting access to switches, modems, and obtaining confidential login information. Reading him recount his strategies and tactics is incredible. His hacks eventually got him into some real troubles and he had to flee and live under an alias for a while. He eventually got caught though, I'll forego any details as I don't want to ruin the story. When he did get caught, wow, talk about civil rights violations. The Judges and DA's were so concerned about what he could do he was placed in Solitary Confinement, denied bail and treated like a war criminal. The real kick is that he did everything for the sheer thrill of it, he didn't make and money from what he was doing. Eventually a grassroots movement started to inform the world what sort of injustices Mitnick was facing. The story is told in a documentary called Freedom Downtime. You can also watch it online.

Seriously, in like 95-97 you didn't have any geek cred without this sticker.

The process of social engineering is incredible. If you're clever enough you can acquire any piece of information you could need. For example you might be able to find out what books someone has checked out but being clever on the phone with the Circ desk:

Hi sorry I'm calling to find out when my books are due. I know something is coming up this week but I don't want to hand it in late and get a fine. Ummm, I don't have my card on my right now so could I just give you like my phone number and then you can look it up?

Finding someone's phone number is an easy task. I also happen to know that a local library system uses the last four digits of your phone number as your default password to your online account, I doubt many people bother changing that. Putting together all of these pieces you could probably cause some mayhem or at least find out when your friend's Harry Potter books are due. Beyond the instance with 'G' I haven't done any real hacking in my life. I've read stories, heck I was even hacked once but that is the extent of it.

I'd recommend the book, it is light on technical details so it is very readable for all audiences. WIRED has an excerpt if you're interested.