First Half of 2020. Books I've Read.
In this article, I'll share my impressions and a brief overview of the books I read over the six months of 2020.
The Invasion: A Brief History of Russian Hackers
Author: Daniil Turovsky, special correspondent for "Meduza." I used to read his work regularly, including excerpts from his book published on the outlet's website. Additionally, as someone interested in hacker history, I've read a sea of articles on the topic. So 2/3 of the book was frankly uninteresting to me, as it consisted of quotes from all those articles. But that doesn't diminish the author's merit.
I'm incredibly pleased that such books have started appearing in our country, that cyberspace is getting attention, and the Russian internet is developing its own history. The rest of the book is breathtaking — a meeting with a hacker from lurk, the arrest of D. Dokuchaev, cyber troops, and lots of exclusive information.
Surely You're Joking, Mr. Feynman!
After reading this book, I'm sure many will feel inadequate. This book is a collection of stories that Ralph Leighton recorded on tape during conversations with Nobel laureate Richard Feynman over seven years.
Feynman's biography is incredibly rich — from developing quantum electrodynamics to participating in the Manhattan Project and a multitude of other hobbies, such as safecracking, playing the bongo, psychological experiments, and an interest in art. The book contains many stories about his student years and work in research labs.
After reading, you can't help but realize how great the US education system was in the mid-20th century. Before his dissertation defense, Feynman's academic advisor sent him to another institute to expose him to other disciplines. Despite being a physicist, he studied biology, philosophy, and mathematics departments. Simply put, the education system in no way limited his curiosity and encouraged all endeavors.
How I Stole a Million
Author: Sergey Pavlovich, a Belarusian carder. According to preliminary data, he caused $36 million in damage to the US economy. (The hero of the next book, Max Butler, caused $86 million in damage.) I don't think the author is a hacker, but he's clearly a knowledgeable fraudster from the past. Comparing him to the next book "Kingpin," I'd liken him to Chris Aragon, Butler's business partner.
Critics fault the author for poor writing, but in my opinion the book turned out very concise and, more importantly, sincere. The author shared his experiences, stories, and the chronology of events in the carding underground, and a connection forms between author and reader. It immediately becomes clear that the author lived through all of this, not invented it. Even comparing this book to "Kingpin," the stories in them are closely intertwined.
The Greed and Glory of Wall Street
Author: Pulitzer Prize winner James B. Stewart. This book is a journalistic investigation into insider trading and financial market manipulations in the 1980s. It was a pivotal time for the US financial sector because:
- The gold standard was abolished in 1971
- Lack of regulation. Ronald Reagan's economic policy (Reaganomics) preached the principle of government non-intervention in free markets.
- Fed Chairman Paul Volcker stimulated markets with anti-inflation policy. (Inflation decreased from 11.22% in 1979 to 3.66% in 1987)
All of this gave carte blanche to financial speculation. But the worst part was that breaking the law became so ordinary and traditional that portfolio managers, hedge fund owners, and employees (often people without malicious intent) who had access to insider information didn't hesitate for a second because they knew they wouldn't be punished, and sometimes people didn't even know they were breaking the law. It got to the point where financiers organized entire clubs to exchange insider information.
The main characters are Michael Milken — managing director of Drexel Burnham Lambert, Ivan Boesky — son of a Russian immigrant and managing director of Ivan Boesky and Company, and then the smaller investment bankers Martin Siegel and Dennis Levine.
These guys worked closely together, exchanging insider information and earning millions.
The fates of Milken and Boesky turned out controversially. Milken served two years out of ten and was permanently barred from financial activities, but in 2020, D. Trump pardoned him along with a number of businessmen. For which he received $100 million from Milken for his campaign. According to Forbes estimates, Milken's fortune in 2020 was $3.8 billion.
Boesky served two years in an elite prison (with golf courses and tennis courts). After release, he divorced his wife and won $30 million from her, a country house, and annual payments of $180,000 (his fortune was previously estimated at $130 million). Now he's involved in charity work and, after becoming a rabbi, works part-time at a synagogue. There's another interesting story connected to him: after his release, he felt drawn to his homeland and visited Russia in the mid-90s, where he wanted to offer his services. But it didn't work out and he left Russia.
Ivan Boesky before custody and after release.
Martin Siegel's fate is unknown, but Dennis Levine didn't calm down after his release and organized a highly dubious organization (he was invited to a TV show and criticized there). Somehow he miraculously avoided criminal prosecution. After that, he got a job at a law firm; nothing else is known about his fate. Except that in 2012, for a couple of years, someone tried to "whitewash" his Wikipedia page — presumably, he hired a PR agency to remove incriminating information from his Wikipedia biography. Read more here.
If you read M. Gladwell's book "Outliers" in addition to this one, you inevitably come to realize another hidden driver behind this tendency toward fraud.
Immigrants who arrived in the US in the first half of the 20th century tried in every way to realize the American dream — they opened grocery stores, tailor shops, small manufacturing. Incidentally, I. Boesky's father opened a chain of strip clubs. Their children, more affluent and adapted, tried to occupy the most promising jobs, which at that time were finance and law. But after getting an education, when applying for jobs, they encountered outright racism from WASP (White Anglo-Saxon Protestants). Immigrant employees weren't given promising projects. Specifically: in law firms, the children of immigrants handled hostile takeovers because Anglo-Saxons "disdained" this work and considered it unethical. In financial firms, they dealt with low-yield (or junk) bonds. Milken started his career in that very position. Meanwhile, Anglo-Saxon employees handled stocks and treasury bonds (the highest-paying positions).
Immigrant diasporas, regardless of nationality, are very close-knit. Having endured all the hardships of an immigrant's life, they know how important solidarity is.
After some time, immigrants gained experience and achieved the status of first-class specialists. And then something happened — a boom began in their industry. Lawyers handling takeovers worked closely with junk bond traders. How did this happen?
What did Milken do at the start of his career? To make low-yield bonds more attractive, he conducted research (it's still unclear whether the research was fraudulent or contained an error) claiming that low-yield bonds with proper diversification show higher returns compared to conservative treasury bonds. Then, if Milken managed to interest a client, he would sell the bonds to them with a 10-30% markup. I still haven't fully understood whether Milken shared the markup with the client after the deal, whether he had a more advanced pricing model that allowed him to value bonds more rationally, or whether he simply had a gift for persuasion and deceived clients.
Then Reaganomics made its contribution. Companies were allowed to finance takeovers with borrowed money. Milken proposed financing takeovers through the issuance of junk bonds. This is what made his business the most successful on Wall Street. It's still unclear how Milken managed to get the entire industry to buy his junk bonds. But many years later, after he was arrested, the entire fraudulent scheme collapsed and the junk bonds became worthless. That was it! Without Milken, nobody wanted to buy low-yield bonds anymore.
For the most part, the book raises more questions than it answers. Milken was very secretive; when regulators accused him of fraud, none of the lower-ranking employees and managers believed it. And Milken hired a PR agency, paying them millions of dollars a year to maintain his reputation in a positive light.
And finally, a good quote from the book:
High returns are not necessarily market anomalies, but they are always a measure of even greater risk. This should have been obvious to the buyers of junk bonds, who also rejoiced at profits that seemed disproportionate to the risk. However, most of them remained blinded by the sun god of Beverly Hills.
Kingpin
Author: Kevin Poulsen. Once a famous hacker who, in 1990, hacked a telephone station to win a Porsche 944 S2 in a radio trivia contest. After serving his sentence, Poulsen turned to journalism and then began working on independent projects. In particular, he wrote the book "Kingpin," which tells the story of hacker Max Butler, who allegedly managed to steal access to 1.8 million credit cards.
Max Butler
Butler grew up in Meridian, Idaho. His father owned a computer store; his mother was the daughter of Ukrainian immigrants. At age 14, his parents divorced, which affected him negatively. He broke into the school chemistry lab and stole chemicals. Butler received probation and was diagnosed with bipolar disorder. While a student, his girlfriend accused him of attempted assault, earning Butler his first prison sentence.
After release, he moved and started working as a pentester. Butler built a good reputation, and companies hired him for $100 an hour. He developed a network intrusion detection system and created a website where he wrote about potential threats. People spoke highly of him, and eventually he began consulting for the FBI.
The breaking point in his cooperation with the FBI was a vulnerability in BIND servers. Butler discovered this vulnerability and informed the FBI that their systems were at risk. They ignored this warning. By that time, news of the vulnerability had become public. Butler decided to hack federal government servers with good intentions — to patch and protect them from real attackers.
The FBI learned about this audacious act but turned a blind eye as long as Butler cooperated. Aware of their leverage over Butler, the agency demanded he inform on his colleagues. His refusal led to a criminal investigation. Butler pleaded guilty, and despite his colleagues defending him, the court handed down a harsh sentence by the standards of the time — 18 months in prison.
After release, Butler faced one disappointment after another. He was released after the Dot-com bubble burst and saw his former colleagues making fortunes and climbing the career ladder, while he was left with nothing. Out of old friendship, one company hired him as a pentester to find vulnerabilities in their network and paid him $5,000. Butler used old methods and failed. Companies had taken network security seriously, and old attack methods no longer worked. In a fit of desperation, to avoid looking foolish, Butler launched a phishing attack on employees. This violated the contract, which didn't provide for attacks on employees. His colleagues condemned him for this act. Butler, once a first-class specialist earning $100 an hour, couldn't find work even for $6 an hour due to his tarnished reputation and hacking conviction.
From there, the story develops much faster. The protagonist meets Chris Aragon, who was looking for a hacker to partner with in carding. Butler agreed to cooperate and started driving around town with a huge Wi-Fi antenna, renting hotel rooms and hacking retail stores to steal credit card dumps. He then realizes that partnering with Aragon is extremely risky. He decides to set up an online site selling dumps. He begins hacking POS terminals remotely through a vulnerability in the VNC protocol. Or he hacks dump sellers and steals their dumps. Then, to eliminate competitors, he hacks their forums and transfers their user databases to his own site.
Christopher Aragon
And, as expected, Butler gets caught. No, he didn't leave a trail online. It's not hard to guess that in any scheme, the weakest link is always a person and their connections. Aragon gave Butler up.
Evidence from Chris's underground factory
In 2007, he was sentenced to 13 years. In 2019, he was supposed to be released. But now he's been accused of smuggling a smartphone and using it to continue stealing credit card dumps. He distributed the money among his fellow inmates' prison accounts and funded the delivery of contraband to the prison via drones. Source
And finally, some interesting facts from the book:
Def Con organizer J. Moss came up with the game "spot the fed." A participant who spotted an agent would loudly announce it. If the audience agreed, the hacker would take home a T-shirt saying "I spotted a fed at Def Con." Quite often, the suspected agent would give up and show their badge.
In 2002, postal inspector Greg Crabb, who dealt with international fraud, collected data on carders around the world. Since then, he visited twenty-five countries, working with local police, and managed to collect a large amount of personal data on members of the growing hacker community: nicknames, IP addresses, correspondence, and email messages of more than two thousand people. He became the government's leading expert in this field, but soon his level of importance began to threaten his safety. So he came to the FBI for help.
Losses from carders became so significant that the US financial sector united and organized a non-profit corporation — the National Cyber-Forensics and Training Alliance, or NCFTA — whose goal is to identify, mitigate, and neutralize cyber threats through strategic alliances and partnerships with domain experts in the public, private, and academic sectors.
Agent Mularski, who investigated carders, decided to infiltrate the underground and registered on the largest carder forum, CarderPortal. He posted new fraudulent schemes there (which he knew about due to his profession). This way he gained a reputation. A couple of years later, he became a forum administrator, which gave him access to users' IP addresses and ultimately led to 56 arrests of dump sellers. (Now that's what I call career growth — from FBI agent to leader of the carder underground.)