Every once and a while I like to break away from the stress that is pentesting and bunker down with a
good fiction book. Normally I stick to sci-fi and fantasy but last week I got to keep my head in the game while still recharging my batteries, with Kevin Paulsen’s Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground. Having been a fan of what I thought to be similar titles like the Stealing the Network series and a researcher during the ShadowCrew era, I dove into Kingpin and managed to read it on a round trip plane flight between clients.
Kingping is the story of Max Butler aka Iceman, a hacker and carder that took over the digital carding scene in 2008. When i say took over, i mean, he really did take over. From a small apartment in San Francisco Iceman forcibly and calculatingly popped almost every single carding forum that opposed him all in an effort to ensure the underground scene was free of law enforcement and scammers. The story chronicles Max and the Law enforcement agents that pursue him at every turn.
While most editorial reviews focus on literary prose and plot development, I have less of that expertise and more of the “having lived it” expertise.
Kingpin was a non-stop page turner. Well written, it grabs you right away and never lets go. The great thing about the story is it’s based on true events and the author depicts the characters with stark realism, almost scarily so. Being a pentester you find yourself thinking ” had i made one or two bad decisions, this could have been me” and if you’ve been in or around “the scene” in the past this story hits so close to home you might find yourself a bit shaken up.
While not the half fiction half tech split that most hacking books have adopted these days, Kingpin is a pure chronicle. That’s not to say that there’s no tech, because there certainly is some sploits referenced in Kingpin but, it’s more of passerby than books like STN or Dissecting The Hack.
Now onto the verdict:
Kingpin was so good, so shockingly real to true events, that it has entered my top 10 book list. Go read it. Now.
For some people it will be story, for others a warning, and for some a guide. The book will open your eyes to how the real underground works; where hackers deal with carders, the carders work for the Russians, and Law Enforcement uses old school methods with new school tech to chase them down.
Hopefully it will teach you what only the realists among us have realized. Real for-profit hackers do not care about 0-day exploits when larger issues go unpatched. Real hackers will attack weak links like passwords. Real hackers aren’t about your informational level findings. Real hackers are about the data. They dont target your firewalls they target your employees. Your compromised network is often a conquest of opportunity from a net cast over the whole internet, and they are more often caught because of the people they confide in than the tech the used to hide.