Review: Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Kevin Poulsen

Cover of Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground

This book is, among other things, an illustration in prose of the adage “it takes one to know one”.  It is through the writing of Poulsen, a noteworthy ex-hacker himself, that you gain a clear understanding of how and why Max Vision (born Max Butler) became the infamous hacker who stole 1.8 million credit card numbers resulting in $86.4 million in damages.  Poulsen, now a news editor for, is most famous for being the phreaker who hacked into the phone lines of a Los Angeles radio station during a Porsche giveaway to ensure he’d be the winning caller.  So when Poulsen describes the thrill and satisfaction Max felt when he exploited a BIND vulnerability to create back doors into government and military machines in 1998, the feeling is palpable.

Living vicariously through a notorious hacker, who becomes a carder (one who participates in credit card fraud), leaves you dealing with the same moral ambiguity Max himself struggles with as he oscillates between black hat and white hat activities.  If you enjoy observing his exploits, you can’t easily condemn his actions without feeling hypocritical.  Poulsen plays with this uncertainty throughout the book.  At times, he suddenly confronts you with your ambivalence after allowing it to quietly build as the plot unfolds, such as when Max hacks into a point of sale system at a pizzeria in his mother’s neighborhood.  Your reaction, disappointment in this case, reveals that you are rooting for him.  You give him the benefit of the doubt until he crosses your hastily drawn line.  To the last page, it is unclear whether Poulsen wants you to pity Max or fear him.  Consequently, you’re left doing a little bit of both.

At 266 pages, this book is a quick read that is not only well researched (there are 20 pages of notes) but also thoroughly engrossing.  Even if you are aware of Max Vision and his crimes, Poulsen’s storytelling will captivate you.  Additionally, the manner that he describes the everyday life of a hacker will enrich your understanding of the threats facing the technology we maintain, create, and utilize.  His examination of magnetic stripe vulnerabilities is particularly striking.  This book will educate and entertain, but it will also leave many questioning the notion of security.