Books on hacking and hacking exploits are ten a penny these days, and it’s not hard to figure out why. After two or more decades when they were seen as bizarre outsiders practising an intense but ultimately useless art, they are now just as likely to be seen as “out there” pioneers of a new and dazzling 21st Century counter-culture.
Like the ivory tower scholars of the middle ages, they have knowledge the ordinary citizen doesn’t possess. Computer networks are commonly thought of as unfathomable and invisible, beyond our ken; a hacker is someone who can still see the joins, and this makes them interesting.
Kevin Mitnick’s second book on hacking, “The Art of Intrusion“– see our opinion of his publishing debut – underlines that however much they fascinate people, hackers are no sons and daughters of the humanist enlightenment. In their hands, knowledge has become powerful enough to birth technological epiphanies but it also calcifies the mind. They start seeing nothing but networks, as if they are an end in themselves.
They pursue hacking and cracking for glory, profit, misguided ego, and simply because they can. We’ll ignore that part of the story because it’s well-established that hackers delve deeper than most into the nosy and illegal and it’s not the most original insight of the book.
The Art of Intrusion is not so much a book about hacking, in fact, as a book about hackers themselves. There’s an important difference. Mitnick is at his best exploring their motivations, working techniques and personalities, an understandable focus given his own past as one of their kind. You wouldn’t say he justifies what they do, as the endeavour comes with a darker outlook, but he wants to explain that they can sometimes be misunderstood.
For the record, Mitnick collected his tales by offering cash for a good yarn. He has always denied the accusation that he might therefore be inciting crime. Having read the book, it is unlikely that any of the characters within its pages would start or stop hacking simply because Mitnick swings them a buck.
They hack and crack sometimes because they want to understand, tinkering in the network-sphere just as radio obsessives might pull open a transistor radio in search of an answer to the questions, “what makes it different from all the others?”, or “why was it built this way?”
We have the an interesting assortment of the species. There’s ne0h, a young kid who might (or might not) have been manipulated into attempting a risky hack of the U.S military’s Defense Information Systems Network by a supposed “terrorist” with Al Qaeda connections. We never quite find out whether his “terrorist” was who he suggested he might be, but it is a pertinent reminder that there are plenty of people who might want to hire hackers for nefarious ends.
There are others; phone phreakers who hacked to make free and unlimited cellphone calls, others who can hack banking systems almost at will it would seem, and a generic look at the sophisticated mindset of social engineering hacks.
Without adding anything earth-shattering to the genre, or being a must-read, The Art of Intrusion does hit on one interesting insight. The received view of hackers is that they are individuals deeply immersed in computing, fluent in at least one computer language, and possessed of an array of sometimes arcane knowledge. For the most part, this image is correct.
But one of the most interesting hackers in the book turns out to be a guy called Adrian Lamo. He has no programming skills, admits to having a poor short-term memory, and yet through huge intelligence overcomes his lack of inside knowledge. A classic autodidact, he appears to come at computer systems with no pre-conceptions about what is, and is not, possible.
“His success instead relies on analysing how people think, how they set up systems, the processes that are used by the system and network administrators to do network architecture.”
He was able, it turns out, to wander the network of the apparently impregnable New York Times, using nothing more than his intuition about human frailties and, indeed, the technical mind, to get at all sorts of the newspaper’s most important secrets. A conventional techie hacker might very well have failed to do what Adrian did; his hack depended on an intuitive understanding of how systems are created (and often inadvertently left insecure) by people and the organisations they work for.
This is an obvious point but you’ll not hear it mentioned very often by tech enthusiasts. No technology built and managed by fallible human beings can ever be impregnable. If the book has a Matrix-style Neo, then it’s Lamo for sure. Mitnick draws him well, while leaving some other chapters to drag on.
One day, perhaps a generation from now, our computer systems will no doubt be looked back on as about as sophisticated as a pile of wet string. People will laugh at the idea that hackers were ever thought accomplished engineers for breaking into this hopeless mush. And by then, it is a fair bet that computer systems will be designed and run by people more like Adrian Lamo.
The Art of Intrusion
By Kevin Mitnick (with William L. Simon)
Wiley Publishing, 2005
£17.99 / €24.00