Tuesday, September 6, 2011

Convene Reads: Ghost in the Wires

Considering how Ghost in the Wires: My Adventures as the World's Most Wanted Hacker, by Kevin Mitnick, revolves around technology -- and the degree to which people like the author covet it for no other reason than the challenge of seeing what they can get away with -- it's no surprise that world-famous Consumer Electronics Show makes a cameo appearance here. But it's interesting nonetheless to get a hacker's perspective on CES from 20 years ago, and also to see the role that CES played in one of his scams:
Imagine a trade-show floor filled with 2 million square feet of space, packed with 200,000 people crammed wall to wall, sounding like they're all talking at once, mostly in Japanese, Taiwanese, and Mandarin. That's what the Las Vegas Convention Center was like in 1991 during CES, the annual Consumer Electronics Show -- a candy store, drawing one of the biggest crowds in the world. 
I had traveled across town to be there one day during the show, but not just to visit the booths or see the new electronic gadgets that would dazzle buyers the next Christmas. I was there for the background noise. It was essential for an air of believability on the phone call I was about to place. 
This was the challenge: I had a Novatel PTR-825 cell phone, which back then was one of the hottest phones on the market. I wanted to feel safe talking to my friends on it, and not have to wonder if somebody from the FBI or local law enforcement was listening in. I knew a way that might be possible. Now I was trying to find out if what I had in mind could really work.
The true revelation in this book is that, for all Mitnick's technical prowess -- in his heyday, he hacked everything from Pac Tel to Sun Microsystems to the California DMV -- his true genius lies in "social engineering," which he describes as "the casual or calculated manipulation of people to influence them to do things they would not normally do. And convincing them without raising the least bit of suspicion." Mitnick would call someone at a company he wanted to hack, ask a few innocuous questions, use the information he learned to call someone else in the company, and so on, until he'd gleaned enough to pass himself off -- always on the phone -- as someone who worked there and could be trusted with a key password or access point.

It's not quite the power of face-to-face meeting, but it would overlap with that on a Venn diagram. You tend to trust people whom you're talking to, whom you've come to know, even over the phone, even for a few brief minutes -- especially if they seem to have something in common with you, such as working in the same field, or for the same company. It's scary and invigorating, and totally something you can leverage -- for good -- at your meetings.

No comments: