Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground

By Kevin Poulsen

Former hacker Kevin Poulsen has, over the past decade, built a reputation as one of the top investigative reporters on the cybercrime beat. In Kingpin, he pours his unmatched access and expertise into book form for the first time, delivering a gripping cat-and-mouse narrative—and an unprecedented view into the twenty-first century’s signature form of organized crime.
 
The word spread through the hacking underground like some unstoppable new virus: Someone—some brilliant, audacious crook—had just staged a hostile takeover of an online criminal network that siphoned billions of dollars from the US economy.
 
The FBI rushed to launch an ambitious undercover operation aimed at tracking down this new kingpin; other agencies around the world deployed dozens of moles and double agents. Together, the cybercops lured numerous unsuspecting hackers into their clutches. . . . Yet at every turn, their main quarry displayed an uncanny ability to sniff out their snitches and see through their plots.
 
The culprit they sought was the most unlikely of criminals: a brilliant programmer with a hippie ethic and a supervillain’s double identity. As prominent “white-hat” hacker Max “Vision” Butler, he was a celebrity throughout the programming world, even serving as a consultant to the FBI. But as the black-hat “Iceman,” he found in the world of data theft an irresistible opportunity to test his outsized abilities. He infiltrated thousands of computers around the country, sucking down millions of credit card numbers at will. He effortlessly hacked his fellow hackers, stealing their ill-gotten gains from under their noses. Together with a smooth-talking con artist, he ran a massive real-world crime ring.
 
And for years, he did it all with seeming impunity, even as countless rivals ran afoul of police.
 
Yet as he watched the fraudsters around him squabble, their ranks riddled with infiltrators, their methods inefficient, he began to see in their dysfunction the ultimate challenge: He would stage his coup and fix what was broken, run things as they should be run—even if it meant painting a bull’s-eye on his forehead.
 
Through the story of this criminal’s remarkable rise, and of law enforcement’s quest to track him down, Kingpin lays bare the workings of a silent crime wave still affecting millions of Americans. In these pages, we are ushered into vast online-fraud supermarkets stocked with credit card numbers, counterfeit checks, hacked bank accounts, dead drops, and fake passports. We learn the workings of the numerous hacks—browser exploits, phishing attacks, Trojan horses, and much more—these fraudsters use to ply their trade, and trace the complex routes by which they turn stolen data into millions of dollars. And thanks to Poulsen’s remarkable access to both cops and criminals, we step inside the quiet, desperate arms race that law enforcement continues to fight with these scammers today. 
 
Ultimately, Kingpin is a journey into an underworld of startling scope and power, one in which ordinary American teenagers work hand in hand with murderous Russian mobsters and where a simple Wi-Fi connection can unleash a torrent of gold worth millions.

• Language: English
• Publisher: Random House Publishing Group
• Release date: Feb 22, 2011
• ISBN: 9780307588708

Reviews for Kingpin

[lucaconti-1 · Rating: 5 out of 5 stars]

Great great entertainment

[malexmave · Rating: 4 out of 5 stars]

I will not loose a lot of words about this book, since this is probably something most of you have no real interest in.

This is the true story of the Hacker Max Butler and how he took over the "carding" scene (trading of stolen / fake credit cards, IDs, and so on). It is, as I said, based on a real story, so that makes it less of a thriller and more of a "history book", although said history is only a few years old.

I, as a computer science student with an interest in computer security, found this book to be well written and interesting. For my taste, it was not technical enough, but it still features some technical details that may confuse people without prior knowledge of the topic (although they are usually explained very well).

If you have an interest in the world of carding or computer security, this book provides an interesting story with some few technical details, easily understood or ignored. I like it, but would recommend it only to people interested in the topic.

[csdaley-1 · Rating: 4 out of 5 stars]

A little dry sometimes but a really interesting book.

[mithril_1 · Rating: 2 out of 5 stars]

Informative, but not exactly gripping.

[achmorrison-789479 · Rating: 5 out of 5 stars]

Probably the best book I've read so far this year. Kingpin will make you see cracking and credit card fraud in a whole new light. I first heard about this book on the Planet Money podcast, and it completely lives up to the hype they gave it. If everyone read this book and understood the risks to their credit cards we would be more likely to have the chipped cards in place around the world.

[scottjpearson · Rating: 4 out of 5 stars]

Computers – and particularly the Internet – have opened up new avenues for crime to occur. To programmers (like myself), they pose a new option of choosing good over evil. In this work, Poulsen documents and depicts the work of Max Vision, a hacker who ended up conducting a cybercrime ring of illegal credit cards. This ring duped financial of hundreds of millions of dollars. Fortunately, the feds busted this ring and decimated the conspiracy. Since then, illegal carding has gone relatively defunct (for now).

This book reads like an in-depth newspaper article, which makes sense since the author is a senior editor at Wired.com. While certainly embellished a little for drama, the writing sticks mainly to the facts and to interviews. Well-researched, it documents holes in the financial system that are now plugged. Max Vision and his compatriots exposed these holes through their crimes.

So how was the crime ring done? The credit card industry seemed secure before online transactions took over. Then, hacking into insecure databases and re-grafting that information into new magnetic stripes could produce a bevy of illegal credit cards. These credit cards could be converted into cash by buying expensive items from chains and re-selling them on eBay. Since thousands, if not millions, of credit cards are used, there is no one easy way to shut down the operation.

The feds ended up shutting down the operation by arresting the co-conspirators and thus decimating the human network. After that, chip technology has by-and-large replaced magnetic stripes as the communicative agent of credit cards. Through better encryption and randomization, this new technology, though slightly slower, makes replication of purchasing agents much harder.

An engaging story, this work successfully conveys a story that is not well-known to the public. I wonder whether the tale would translate well into a movie. Perhaps there is not enough drama and too much technological theory. Nonetheless, such fast-paced action is part and parcel of this work. A good read from a book club for me!

[aujames95-1 · Rating: 5 out of 5 stars]

Good read. Solid technical explanations, and great background.

[scottcholstad · Rating: 5 out of 5 stars]

Kingpin is a fascinating and utterly frightening account of one hacker/carder who essentially took on the world and took over the billion dollar carding empire -- until the FBI finally got him. Max “Vision” Butler was a giant self taught computer genius from Idaho who settled in San Francisco and met another guy named Chris and found they had some things in common, like making money and hacking. Max had already been in prison for hacking and had a vendetta against authority and society even while at the same time viewing himself as a "white hacker," hacking for society's good. He was a walking dichotomy. They set up a carding scheme with Max as the hacker/carder, hacking at first into restaurant point of sales machines and getting credit card data from them, and later into a zillion "secure" computers and servers of banks and companies (and individuals too) around the world. He gave the card data to Chris who built a card making factory in Orange County and soon he was making millions, while paying Max next to nothing. But Max enjoyed the challenge of hacking and carding. And he was the best, or at least one of the very best. There was a Ukrainian who could have challenged him for that title, apparently. Going by the name of "Iceman," Max destroyed all of the English speaking carding boards on the web one night and transferred all of their members to his new board, Carders Market. There, people exchanged ads and sales of stolen credit card numbers, by the millions at times, and other card and ID making odds and ends. Until one FBI agent infiltrated a competing board that Max had taken down. It was brought back and this agent was made an admin there. He was getting tons of info, but he was after Iceman. Trouble was Iceman found him first and tried to out him. The irony was, this FBI agent was so good that as soon as he was outed, he made some major online changes and defended himself successfully and pointed people in other directions. Another irony is that so many carders and admins were actually FBI informants. The story of how Max was ultimately caught and brought to justice was pretty exciting, like an action novel and again, the irony was it occurred immediately after he decided to quit carding and go legit and he had deleted his account from the board and was saying his goodbyes, even as the FBI came storming through his door.This book is especially good because it's well written and written with authority, as the author, Kevin Poulsen is a well known former "dark hat" hacker from before Iceman's time, and is now a Wired editor. He writes quite well and while explaining technical things like Sequel hack attacks in Internet Explorer, it never feels like he's talking down to you. Indeed, he even shows some lines of code at various places in the book so you get a feel of what some of the hacks looked like. I've got to say, though, that I'm damn glad I use a Mac. Virtually all of the hacking/carding is done to and with Windows machines and can't be done on Macs. And since 95% of all computers and servers are running Windows commercially, it's scary as hell, but at least I don't have to worry about anything here at home. I hope. Still, the scary thing to learn was that online transactions are actually much more secure than live credit card transactions and that restaurants are the absolute worst. Followed by retail stores and gas stations, etc. The primary reason it's so bad in America, and trust me, we're not told just how bad it is, is because our credit cards still use those magnetic strips, which are completely hackable. The rest of the world has gone to unhackable chips and while some banks in America are making that transition -- I have two credit cards with chips -- most places won't because of the expense. They'd rather pay for stolen money and credit than to upgrade their systems. How screwed up is that? People's lives are totally ruined. Their social security numbers are stolen and sold, their driver's licenses are stolen and sold, their credit and debit cards and PINS are stolen and sold and the banks and companies don't want to make changes cause it's easier and cheaper to reimburse people. Great. Makes me want to never use a credit card again. And of course, that's impossible. Oh, never use a credit card via public wi fi. Never.So I wasn't sure if this was actually a five star book or not, but I can't think of any reason not to give it five stars, so I am. Definitely recommended.

[npbone · Rating: 4 out of 5 stars]

I tore through this book. An extremely interesting look at what can happen to your credit card info. after you make a purchase. Kevin Poulson writes in a way that makes highly technical material understandable. You might even learn some computer stuff by reading this book. I highly recommend.

[kymarlee_1 · Rating: 3 out of 5 stars]

Interesting book about the world of cybercrime and the intricacies of the Internet.

[dltj_1 · Rating: 5 out of 5 stars]

Kevin Poulsen dives deep into the underground world of 'carders' — individuals that steal, sell, and abuse credit card numbers. Prior to reading this book I thought that a lot of the fraud was based on stealing or intercepting credit card information from online merchants. This book tells the story, though, of stealing cards, printing them on actual plastic stock, and 'shopping' for merchandise that can be easily resold. The pace of the book is fast, and with the wide variety of characters it is hard to keep track of who is linked to who and all of the backstabbing that goes on. It is an easy read, even for those without a deep technical background (and you'll pick up an understanding of the techie bits through some well-written prose).