Windows NT/2000 network security Book

I realized as I was reading this that I had read this before -- 20 years ago when it was first published. I had forgotten that, but it came back to me as I read it again. And I really enjoyed reading it again, even though so much about technology and the Internet has changed since then. Littman wrote so that the information still seems relevant all this time later.

The book is, of course, about the world's most famous hacker, Kevin Mitnick, and about the government's insane obsession to catch him and bring him to their form of "justice" back in the mid-90s when he was a fugitive. Littman interviewed tons of people for this book and spent over 50 hours interviewing Mitnick himself, so I take Littman's word over anyone else's aside from Mitnick's himself in his own autobiography of a couple of years ago (which was excellent), particularly those of John Markoff and Tsutomu Shimomura, the author/New York Times reporter and the NSA spook and super security expert/hacker who "helped" the FBI track and catch Mitnick.

The book details Mitnick's unhappy childhood, his beginnings in ham radio and then computing and phone phreaking, his growth in social engineering and his troubles with the law as a teenager. It started early. And hacking became an obsession. However, Mitnick was an "old school" hacker. He didn't do it for money or profit. He did it for the challenge and for information. He liked breaking into systems and finding out information and he liked breaking into phone systems. As a young adult, he was once again caught and sentenced to a fairly short term in prison, but he was put in solitary for eight months and it scarred him, permanently. He was allowed outside for one hour a day -- with murderers. He wasn't allowed access to computers, of course, or even to telephones, as the prosecutor had convinced the judge he could start World War Three by using the phone to launch our nuclear missiles, as insane as that sounds, and the judge bought it. When he got out of prison, he tried to get a legitimate job, but his probation officer would call these companies and tell them Mitnick couldn't be allowed near money or anything secure, so he couldn't get work. He grew even more bitter. He and his hacker best friend Lewis DePayne started doing some black stuff again.

Meanwhile, much to my initial confusion, Littman's book actually pretty much starts off with the story of a different hacker, Eric Heinz, aka Agent Steal. Aka quite a few names actually. And one who is actually an FBI informant. And one who sets up Mitnick for a sting which the FBI will use to arrest Kevin again so they can put him away for a good, long time. Why? Don't know. He had already done his time. He was doing no real harm. He was trying to live a decent life. So the FBI was trying to screw him over from day one. Nice. Great government watching over us. Mitnick and his buddy caught on, however, and started tapping the phones of the FBI agents watching them. Kevin was working for a detective agency at the time and found out its lines were tapped, as well as his father's, so he knew what was going on. At some point, though, Heinz started screwing the FBI by doing some black hat hacking and when they went to arrest him, he went on the run, so their informant was a bust. Littman actually interviewed him over the phone a number of times.

Around this time, Kevin's probation was about to run out. However, literally as that was about to happen, he screwed up and was almost arrested and he fled. All of a sudden, he was a fugitive on the run. And so it really began. Mitnick disappeared, although he apparently later went to Seattle because he narrowly escaped arrest there some time later. He and Littman got in touch through Lewis and the telephone calls began. Littman paints a fairly sympathetic picture of Mitnick, although not always. For instance, he wasn't thrilled when he discovered that Kevin was reading his email on The Well, an ISP I used to use at the same time. When Littman told The Well's tech support staff that a hacker had root access on their system, they said it was impossible, their system was impregnable, and they wouldn't believe him. But Kevin had hacked their system and was not only reading email, but dumping huge files on their system, stolen source code he had hacked from corporations such as Motorola, Qualcomm, perhaps DEC, and ultimately over 21,000 credit card numbers he stole from Netcom, another ISP. Ultimately, the FBI would accuse him of stealing credit card numbers from computers all over the country, which wasn't true, but they never accused him of actually USING any, as he never did, so he never gained anything monetarily from them. Furthermore, with all of his hacks of source code and programs, they claimed he stole $80,000,000 worth of stuff. But he never sold any of this source code, never profited from it in any way, never deleted the original source code from the companies he made COPIES from, never actually hurt them. So the FBI was clearly out to screw him. And when they ultimately got him, he was facing over 200 years in prison.

Meanwhile, the self described Kevin Mitnick "expert," John Markoff, a New York Times reporter who had written a book on hackers a few years before, about a third of which featured Mitnick, was busy writing front page articles on Mitnick and the dangers he presented to the world. He wrote old allegations and myths that Mitnick had hacked into NORAD, inspiring the movie Wargames with Matthew Broderick, that he had hacked into numerous secure sites that endangered the safety of our country, that he was stealing phone companies' software worth billions, etc. Markoff hadn't even talked to Mitnick. Littman had. A lot. Markoff and Littman knew each other as journalists. They even had lunch together a few times. Littman never told him he was in contact with Mitnick, even as Markoff stated that he wanted to catch Mitnick himself. Littman was a little shocked by that.

So Kevin was on the run all over the country and kept calling Littman. Meanwhile, on Christmas day in 1995, I believe, Tsutomu Shimomura, a quietly well known NSA "spook" and super security expert had his personal computer broken into and everything in his computer stolen, which included a number of custom built "tools" which would enable someone to basically break the damn Internet and also cell phone code that would enable anyone to eavesdrop and trace calls without a warrant, among many other things. It made huge news and within hours, Markhoff reported it on the front page of the New York Times. At the same time, Mitnick called Littman, gleefully giving him a detailed account of how the hack attack took place, what happened, what was stolen, what happened to it, etc. Obviously, Littman was left to conclude that Mitnick did it, and everyone else concluded the same thing, based on Markoff's article. Shimomura was mega-pissed and vowed to catch the person responsible as a matter of honor and immediately set about doing so. With Markoff at his side. Which was odd. What was an NSA spook and a journalist doing going about pursuing a federal fugitive with or without the FBI's help? Were they deputized? No. Nonetheless, they flew to San Francisco, where the US Attorney and FBI agent in charge essentially put Shimomura in charge of things. He brought his own equipment with him and using it, as well as, perhaps, the equipment of the cell phone companies and the FBI, he was able to determine that Mitnick was in Raleigh NC, so he flew there immediately and joined a Sprint technician with scanning equipment. Where they were joined by an unidentified Markoff. And a couple of FBI agents. The Sprint guy and Shimomura located Mitnick's apartment in 30 minutes. They then returned with Markoff holding the equipment for another look. A journalist playing the active role of law enforcement. Littman pulls no punches in how he views this. And when the FBI finds out about this, they lose it. Shimomura tries to throw his weight around, but they dump Markoff. Nonetheless, Shimomura still has enough weight to accompany the FBI to Mitnick's apartment the next day to arrest him. As Mitnick is being handcuffed, he tells Shimomura that he respects his skills and Shimomura just stares at him.

But it doesn't end there. Mitnick is eventually flown from North Carolina to California after being jailed there for far too long and after Markoff's articles have made Shimomura a superstar. And surprise, surprise, Markoff and Shimomura sign a $750,000 book deal for a book on their tale of tracking down and capturing Mitnick. Then they sign a movie deal based on the book for a whole lot more money. It's truly disgusting. Mitnick hires a good attorney, but the US Attorney hates this man and sets out to screw Kevin by indicting his buddy, Lewis. Mitnick's attorney already represents him and can't then represent Kevin too, so Kevin is left without a lawyer and the public defender says they have no one to take his case. He's truly screwed and looking at 200 years in prison. But something happens. Magazines and newspapers start looking at and questioning Markoff and Shimomura's roles in this event. It seems suspicious. For everything that happened in this case, Markhoff was prepared with a front page story within several hours, like he had written them ahead of when they actually occurred. Almost like Mitnick was entrapped by Shimomura on the Christmas day attack. And then there was the rumor circulating that an elite Israli hacker had actually been the one behind the attack on Shimomura's computer and that, moreover, it wasn't the first time his computer had been penetrated and that, moreover, a number of people had his files and programs. Kevin was just one of them. So was Kevin set up by the government and Markoff/Shimomura? They certainly appear to have used unauthorized wiretaps, illegal hacking actions, illegal hacking/phreaking tools and actions for which Shimomura had had to get immunity to display to Congress two years before, but which was still illegal, etc. There were a lot of irregularities with this case. And of the 24+ indictments, not too many made sense. There weren't many that were absolute and provable. In fact, the only one that seemed solid was his probation violation. That's it. He never actually broke anything. He never used anything. He never made any money. He never really did anything evil, unless you think tapping FBI agents' lines who are tracking you is evil or reading the occasional illicit email. Really, this deserves 200 years?

The book ends before Mitnick is sentenced. The good thing is the book is old, so you can find out that Mitnick only had to serve five years in prison and is out and reformed and has his own security company now and seems to be doing well, so more power to him. Meanwhile, Shimomura lost his fame almost as soon as the media started questioning his actual role in things and Markoff's legitimacy took a hit too. And they lost their movie deal. Boo hoo. Frankly, I think they were vindictive assholes, plotting to take down the world's most famous hacker for no other reason than pure fame and profit on their part. I think they were mega-dicks. I'm pretty sure Markoff is still around. I don't know what became of Shimomura. I assume he's still at it, but if so, I hope he's keeping a low profile and isn't doing what he very obviously was doing then -- illegal hacking and phreaking -- for the feds. Fascinating book, even after all these years. Definitely recommended.