Kingpin

"This is taken a step further in Kevin Poulsen’s book. Kingpin deals with an extraordinary guy called “Iceman”, whose real name is Max Butler, although he then changed it to Max Bishop. In the late 1990s, Butler was a really exceptional, legal, so-called penetration tester. Companies would pay him to try to attack their systems, to see where the vulnerabilities in the system lay. He worked voluntarily with the FBI as well. But he had some of the obsessive characteristics that most hackers demonstrate. One of those, which is very common, is that all times of day and night they are obsessively trying to crack into network systems. They do this rather like you or I might turn on the telly. Butler managed to penetrate almost all US government networks, including a lot of military networks and nuclear research facilities. And essentially he saved the US from huge embarrassment by patching up this vulnerability. But he left himself a little hole in the system, through which he could crawl and no-one else. This was spotted by an eagle-eyed investigator from the air force, who had responsibility for cyber at the time, in 1999. Butler went to jail for two years as a consequence. He shouldn’t have, in my opinion, but he did. He went to an open prison, and almost everyone else was there for financial fraud. They spotted that he was a hacker, and recruited him there in prison. When he came out, just as he was one of those brilliant people working legally in the security system, he became probably the smartest hacker involved in criminal activity out there. A really incredible operation, the whole thing. He made millions of pounds, not for himself but for his employers, before he was eventually busted. Kevin Poulsen, who is the editor of Wired! magazine’s security section, is himself a convicted felon. So for him, Iceman – as he was called when he was doing his hacker work – was a hero. And this is written very sympathetically, about Iceman and his life. I have met Butler, I’ve interviewed him at length, and I think he’s a very decent guy. I don’t think he should be spending the next 13 years in prison, which he will be. As the issue of cybersecurity becomes ever more complex and important, we need help from people like him, we do not need to be throwing them into jail. In some way, these last two books are a more constructive way of looking at malfeasance on the web. Actually, the people involved in crime and hacking of various types have real abilities and skills. So it’s food for thought, and I hope that in Dark Market I was able to contribute a bit more towards that. Well, buy a Mac is the first thing! Secondly, if you prefer or happen to be on Windows, you have to make sure that you keep your anti-virus software up to date, and try to look for the best anti-virus products as well. Personally I was running two or three anti-virus ones on Windows. Encrypt your data wherever you can, which is legal to do [in Britain]. That’s very important. And take great care about opening emails, because that is the most common form of penetration of your computer, when you open an email that has an attachment. You very quickly learn whether something is from a friend or not because of the language used. About once a week I have to write to a friend saying, “I just received an email from you making it perfectly clear that your computer has been compromised. You have to scrub it, reformat it and completely reload your system. Either that or find someone who can get rid of the virus.”"