When friends and colleagues ask me how they can learn about cybersecurity, I provide the following advice. Rather than read textbooks or something like Network Security for Dummies, I recommend that they read a few of the more popular and recent titles from Amazon. I’m talking about books like Richard Clarke’s Cyberwar, Joseph Menn’s Fatal System Error, or Mark Bowden’s Worm. All of these are entertaining and insightful.
It is with this mindset that I recommend that anyone interested in cybersecurity read the book, Kingpin, by Kevin Poulsen. I don’t know Kevin but he is well qualified as an author. He himself is an ex-hacker, a security expert, and a regular writer for wired magazine.
This book is a story about one particular hacker named Max Butler whose security career went from highly-skilled but junior white hat hacker to become a global cyber crime leader who commandeered most of the “carder” (i.e. theft and distribution of credit card numbers, counterfeit cards, and other related criminal services) marketplace worth tens of millions of dollars. The book follows this transformation over several years in a picaresque fashion.
I won’t give away any more details but let me provide a few reasons why I liked this book and recommend it so strongly:
1. Poulsen does a great job of avoiding the technology nerd trap of burying the reader with complex concepts and a sea of acronyms. It helps if you understand TCP/IP, encryption, and buffer overflows but it is not a requirement at all. The author consistently provides everyday analogues for technology concepts that makes the book readable – even if you aren’t a CISSP.
2. The book really gets into the head of Max Butler, exploring his background, psychology, brushes with law enforcement, even his relationships. Poulsen seems to be addressing why Hackers become hackers which a human element that complements the bits and bytes.
3. Kingpin may read like a novel but it is a true story. As such, it does a good job of demonstrating how vulnerable most organizations are to a cyber attack with real examples rather than research and statistics. In fact, the book concludes by talking about the continuing vulnerabilities around credit card magnetic strips.
4. The author does a great job of mapping the cyber crime underworld and includes descriptions of geography, workflow, specialization, money, etc. For example, the book really describes the division of labor between the highly skilled hackers at one end of the spectrum and the common thieves and dirt bags on the other.
5. Like a few other cybersecurity stories (Fatal System Error comes to mind), Kingpin included a description of law enforcement strategies, tactics, processes, and limitations as they relate to cyber crime. In other words, you get to see cybersecurity from the perspective of cops and robbers.
It’s hard to learn about any topic when reading is a boring slog. If you are interested in cybersecurity, I think you’ll find Kingpin an educational experience as well as a proverbial “page turner.”