Book Review: "Kingpin"
"Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground" by Kevin Poulson, is an epic non-fiction telling of the underground carder markets that dominated the first decade of the millennium. First, it has to be said that there could be no better author for the story, as Poulson is a true "hackers' hacker", because he's pulled off similar incredible technical feats and paid the price for them. It covers many of the larger players, from Albert Gonzales and ShadowCrew, to Maksik and, most importantly because he's the the main character of the story, Max Butler A.K.A. Max Vision A.K.A. Iceman. It's a digital Scarface story, showing one man's rise in the black hat carder market, from small time hacker to the mass exploitation and consolidation of the underground credit card theft scene. The story gives the juicy details of how a carding operation works, from the hacking that sources the cards, to the forums where they are traded en-mass, all the way down to the thrifty lifestyles of the mules who pull goods to sell from the stolen plastic. The book also delves deep into the law enforcement campaigns tracking these individuals, detailing how the cases are built, players identified, turned into informants and inevitably prosecuted for their various illegal hacking activities. The book also aptly conveyed the deep paranoia that comes from working in the underground, in the forums that were crawling with informants and undercover officers, all the while millions of dollars in stolen credit cards were being traded as business as usual. Overall, I give the story 8 / 10 stars, for a riveting and culture rich ride down the hacker rabbit hole, however after all the digital citations that came with Countdown to Zeroday, I feel the bar has been somewhat raised. I recommend this book to the non-technical and technical alike, anyone interesting in information security, specifically the hackers, pentesters, geeks, and Internet nerds out there. In my typical review fashion, the following are the chapters of the book, showing the dark and twisted narrative the book takes.
Cops and Carders
Prologue
Chapter 1: The Key
Chapter 2: Deadly Weapons
Chapter 3: The Hungry Programmers
Chapter 4: The White Hat
Chapter 5: Cyberwar!
Chapter 6: I Miss Crime
Chapter 7: Max Vision
Chapter 8: Welcome to America
Chapter 9: Opportunities
Chapter 10: Chris Aragon
Chapter 11: Script's Twenty-Dollar Dumps
Chapter 12: Free Amex!
Chapter 13: Villa Siena
Chapter 14: The Raid
Chapter 15: UBuyWeRush
Chapter 16: Operation Firewall
Chapter 17: Pizza and Plastic
Chapter 18: The Briefing
Chapter 19: Carders Market
Chapter 20: The Starlight Room
Chapter 21: Master Splyntr
Chapter 22: Enemies
Chapter 23: Anglerphish
Chapter 24: Exposure
Chapter 25: Hostile Takeover
Chapter 26: What's in Your Wallet?
Chapter 27: Web War One
Chapter 28: Carder Court
Chapter 29: One Plat and Six Classics
Chapter 30: Maksik
Chapter 31: The Trial
Chapter 32: The Mall
Chapter 33: Exit Strategy
Chapter 34: Dark Market
Chapter 35: Sentencing
Chapter 36: Aftermath
Epilogue
Notes
Acknowledgements
The book is so steller, at times I caught myself questioning how factual it really was. However the book holds up to factual scrutiny and extrudes hacker culture along the way, discussing various communities, players, and tools that obvious require hard gained insider information by Poulsen. The book also has its own companion site, although it's fairly flat. Further, the book has been placed on the 2015 Palo Alto Security Canon Candidate List, making it near required reading. My favorite parts of the book where when Max Vision would trojan / shell other members of the carding forums, and use it gain counter-intelligence on their sources, operations, and even informants! Max Vision always seemed to be pushing the limit of his exploits, targeting massive amounts of targets and establishing persistence wherever he could. Even his careful setup of encryption and wireless misdirection wasn't enough, as his ultimate downfall was the infiltration of his community and associates, intelligence work that led to him after tracking his colleges and network back to San Francisco. Long story short, 'Kingpin' was the kind of book that I couldn't put down, bringing an exciting story and capturing my fascination as a hacker.