Tuesday, May 31, 2011

Kingpin

Kevin Poulsen's Kingpin is a fascinating look at the world of cybercrime involving credit card theft and fraud. The story is told from two angles. The first is from the perspective of Max Butler, one of the leading cyber criminals of the last ten years, and the second is from the perspective of law enforcement. We follow the path of J. Kevin Mularski, an FBI agent, who leads the effort to track down and ultimately capture Max Butler.

As “Iceman,” Butler ran Carders Market, an online marketplace for illegal credit card data. The book covers many of the high-level techniques that Butler uses to break into systems, invade Point of Sale Systems, and it includes a solid discussion of how SQL injection is used to steal data. In fascinating detail Poulsen covers how Max uses hacking techniques to take over many of the illegal sites that hackers use to buy and sell credit card information, shut down his competitors, and move all of the traffic over to his Carders Market site.

The dual focus on the criminals and the law enforcement efforts to capture them makes the story a page turner, and it reads like a crime novel. Kingpin also covers some of the law enforcement efforts surrounding, Shadowcrew, the online criminal marketplace that was shut down due to the information received from the combination informant / cybercriminal Albert Gonzalez, who would later be arrested and convicted for the TJX and Heartland Payment Systems breaches. The FBI brilliantly set up a VPN for the Shadowcrew service so that they could tap all of the online conversations and identify the evildoers.

Kevin Poulsen certainly knows the hacker underground, as he was convicted in June of 1994 of several computer crimes and was sentenced to over 4 years in prison. Jonathan Littman covered his Kevin’s exploits in The Watchman: The Twisted Life and Crimes of Serial Hacker Kevin Poulsen