Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground
© 2011 Kevin Pulsen
288 pages
If Meyer Lanksy had gone straight, a contemporary of his noted, he could have rivaled Nelson Rockefeller. Maybe the same could be said for Max Butler, only a few years older than Mark Zuckerberg. Instead of becoming a billionaire, however, Butler’s genius and entrepreneurial risks landed him in prison for thirteen years with a $30 million dollar debt to pay off. Kingpin recounts his beginning as a teenager given to pranks, discovering the internet as a place with ample opportunities for play, and follows his slide into crime. Although Butler attempted to direct his skill and curiosity towards creative purposes -- becoming a ‘whitehat’ security consultant, a hacker for the good guys -- his early experiences with the Justice Department gave Butler a chip on his shoulder, and he continued to flirt with darkness, unable to resist tests of his skill.
Butler entered the scene just as hacking’s very character was changing. A generation of telephone ‘phreakers’ turned programmers whose motivation had been exploring the technology itself was giving over to those who saw in the internet an opportunity for quick money. Central to this story, and Butler’s evolution as a criminal, is credit card fraud. Although he tended to get into trouble as a kid, Butler wasn’t malicious at heart: he liked to push the boundaries, especially when he could experiment with his skills. When he began stealing card numbers, he did so from other fraudsters, and used a similar justification when he began compromising the systems of banks: they were the utter bad guys, constantly luring poor people into debt. What were they but crooks pretending to be legitimate? Time and again Butler contemplated going straight, but he’d see an opportunity for showing off and couldn’t fail to take it up. One of his most dramatic achievements is covered early on, when he single-handedly effects a takeover of several underground forums, combining their databases into his own and deleting the originals from the internet. It was a hostile takeover that made Butler the king of a carding empire, netting him a $1000 a day just from stealing, selling, or using credit card data.
Kingpin is the fascinating history of not just a man, but of a criminal industry. Because of creative minds like Butler’s, identity theft doesn’t just threaten people who thoughtlessly throw sensitive information into the trash. Butler’s bread and butter was milking restaurants’ point of sale systems -- those machines shoppers use for credit card transactions -- so anyone who uses a credit card in stores is vulnerable. In recent years, for instance, customers of Target and Wendy’s have been exposed. The government and businesses have attempted to respond by moving to cards with an embedded chip which is nominally more difficult to extract data from, but after reviewing Butler’s many adventures it’s hard to believe anything will be secure for very long.
Good reading for a bit of ‘modern’ true crime, told by someone like Butler who once practiced the dark arts, but who managed to stay on the straight and narrow.
Related:
Spam Nation, Brian Krebs
fascinating... it all seems so impossible, getting all that info from little numbers over radio waves... what a different world it is now, as compared to even ten years ago...
ReplyDeleteWhat baffles me is the telephone phreakers -- people used to spend hours dialing and listening to the tones the switching systems used, then started replicating those tones to play with the system. What a weirdly curious species we are..
ReplyDeleteI've read many books on the early days of Hacking. Fascinating if so very strange.....
DeleteThey were really old school, too -- digging in the trash cans of phone companies to find manuals with codes and addresses in them! You may have been aware that Steve Jobs and the other guy, Wozniack, started out selling phone-hacking gadgets..
DeleteI can recommend 'Masters of Deception' by Joshua Quittner & Michelle Slatalla if you want to delve into things a bit more.
Delete