This is the autobiography of a man who was once the world’s most notorious hacker. It stands alongside that other classic account of the early days of hacking: ‘The Cuckoo’s Egg’ by Clifford Stoll. Stoll’s book was about the hunt in 1986 for Markus Hess, a German hacker who attacked US military systems for the KGB in return for cash. As with Hess, Mitnick’s hacking dates back to the last century before Windows 95 hit the shelves and when most users had to have a telephone cradle and a modem to log onto the internet. Hacking was usually carried out by individuals rather than the large, often state backed, hacking crews we see today.
Mitnick’s account is highly readable and moves along at a great pace, thanks largely, one would imagine, to the input of his professional co-writer William L. Simon. Despite the amount of technical jargon, this is no dry account of hacking minutiae. What will interest intelligence professionals is not the computer hacking itself, but the ways in which Mitnick was able to get around the most seemingly impenetrable of security systems. He did this by what he refers to as “social engineering” and what a field officer has called “good, old fashioned people skills.” Time after time, Mitnick gets around apparently ironclad security by simply talking to humans who are involved in the system. For intelligence professionals, a good way to read the book is every time Mitnick describes a security system, stop and ask yourself how you would get around it? I suspect that you will often be stunned by just how simple Mitnick’s solutions were.
Mitnick’s typical approach to the problem reminded me rather of the successful escape plan in the film The Colditz Story: a prisoner comes up with the corny old escape idea of dressing up as German officers – everyone protests that this ruse has been tried a hundred times and never worked – until the prisoner points out that the fake officers always approached from an unexpected direction! Mitnick’s attempt at getting confidential information out of people was sometimes due to the fact that people can be stupid, but more often because he made it sound as though he had a legitimate right to the information. In this book, Mitnick highlights the vital importance of good research, supporting documentation and a good back-up plan (the “What If?” game as we call it in the trade) BEFORE one pitches up and tries to get the information. This mirrors what intelligence professionals are always trained to do (and sometimes forget). It is also exactly what is never shown in the Bond or Bourne films where the public get the impression that spies just make it up as they go along.
Mitnick never stole data for personal gain, but simply because he was addicted to the challenge of hacking systems. He would keep the stolen data as trophies when he could have sold it for millions of dollars if he wished. In the end, Mitnick was tracked down by an angry IT professional rather than by the FBI. He now wears a white hat and uses his considerable skills for good, working as an IT security analyst, finding out how companies can be penetrated and finding weaknesses in computer systems and software. At first, this is a dispiriting thought. With people as experienced as Mitnick destroying all the loopholes, the task of today’s spy to penetrate modern security systems seems depressingly impossible. After all, Mitnick’s heyday was more than twenty years ago, surely security systems are as near foolproof as they can be by now? But, as Mitnick points out, many of the hacks that would have worked for him then still work for him today. In some cases even the same passwords still work! And one only has to remember that Chelsea Manning was able to download hundreds of confidential documents onto a memory stick and simply walk out of a building. One quickly realises that the same yawning security vulnerabilities are there if only one cares to take a look. For instance, over one million people in the United States currently have access to Top Secret material. That is a lot of potential opportunities for a good spy. So don’t be too downhearted.
This book may be dated, but the skills described within it are as relevant today as they were twenty years ago. This is a useful book for the intelligence professional and a worthy addition to the ranks of books that chronicle the history of computer hacking. Recommended.
[NB Our book reviews are not assessments of the literary value of the work. They are written by intelligence professionals and are concerned with the book’s accuracy, relevance to the realities of espionage, place in espionage history, etc.]