// Comparison
Kingpin vs Pegasus: Which Should You Read?
Two cybersecurity books on Narrative, compared honestly: who each is for, what each does best, and which to read first.
How One Hacker Took Over the Billion-Dollar Cybercrime Underground
Kevin Poulsen
Kevin Poulsen's reconstruction of Max Butler's career — from white-hat consultant to running CardersMarket, the carding forum that consolidated the early-2000s underground — and the FBI investigation that finally took him down.
How a Spy in Your Pocket Threatens the End of Privacy, Dignity, and Democracy
Laurent Richard, Sandrine Rigaud
The inside story of the Forbidden Stories investigation into NSO Group's Pegasus spyware, told by the journalists who ran it. The best narrative account of what commercial zero-click surveillance actually does to its targets.
Read this if
Skip this if
Key takeaways
- Cybercrime markets are markets — they have liquidity, reputation, dispute resolution, and trust topology, and they fail in market-like ways.
- Most underground takedowns are won by HUMINT and OSINT inside the forums, not by exploitation; Butler's downfall was social.
- The book's pacing makes the carding economy legible without flattening the moral complexity of its inhabitants.
- Zero-click exploitation removes the user from the security model entirely; there is no link not to tap and no mistake to avoid.
- A commercial vendor selling to governments launders state surveillance through a layer of plausible deniability that NSO exploits relentlessly.
- The targets were not just terrorists and criminals as advertised, but journalists, lawyers, activists, and heads of state.
How they compare
We rate Kingpin higher (5/5 against 4/5 for Pegasus). For most readers, that means Kingpin is the primary pick and Pegasus is a useful follow-up.
Both books target beginner-level readers, so the choice is about topic, not difficulty.
Kingpin and Pegasus both cover Narrative, so reading them in sequence reinforces the same material from different angles.