“Cybercrime and Espionage provides a wealth of knowledge related to the realities seen in the execution of advanced attacks, their success from the perspective of exploitation and their presence within all industry. This book will educate you on realities of advanced, next generation threats, which take form in a variety ways.”
That’s what the publisher says. All I can say is that I am less than impressed. I was expecting this book to provide a fairly in-depth analysis of the methodologies used in the perpetration of criminal and subversive attacks and ways in which those attacks may be resisted. Accordingly, I began by checking the index for information on commonly used tools and techniques such as Rootkits, SQL-injection and Rainbow tables. None of these have an index entry. OK, so next I looked up Anonymous – the name of the diffuse group of hackers and crackers who have launched attacks on everyone from security company, H B Gary, to the Bank Of America. No, they aren’t in the index either. In fact, the index isn’t that good: while the book spends some time talking about WikiLeaks, Julian Assange and Bradley Manning, none of these gets an index entry. So it’s difficult to be absolutely certain if the ‘missing’ topics are in the book somewhere. If so, I haven’t been able to find them.
The book gives an account of a variety of security threats and explains, to some degree, how social networks can be used in cybercrime, how phishing works and the security risks posed by some very specific technologies such as iFrames to display external context in web pages. The authors describe various types of malware, viruses and bots. They also mention some famous examples of modern security breaches and cyber attacks such as Stuxnet and the recent WikiLeaks release of US documents.
It also has an awful lot of ‘historical context’ which, depending on your point of view, might either be regarded as interesting background information or irrelevant padding. To give you an example, there are discussions of ‘early forms of communication’ ranging from cave paintings to the Etruscan alphabet; there are case histories, some of them pre-computer age, such as the case of Julius and Ethel Rosenberg arrested for spying in 1950; and there is a discussion of Sun Tzu’s Japanese tactical warfare book, The Art Of War, and its relationship to ‘The rise of the subversive multivector threat’.
On the whole, I find this book pretty unsatisfactory. It seems to ‘dip in’ to a number of topics more or less closely related to cybercrime and espionage without giving a really detailed account of any of them. I note that other reviewers, on Amazon, find it more engaging and informative than I did and you may want to read those opinions too. Personally, I have found the excellent coverage provided by authors on the Ars Technica site to be much more illuminating and more technically ‘in depth’ (see ‘Further Reading’ below). Ars Technica has recently published some of its articles on a specific case – the Anonymous attacks of the H B Gary site – in the form of a Kindle book called ‘Unmasked’. While this may not cover the same range of topics described in ‘Cybercrime and Espionage’, it is, in my opinion, a far more satisfactory account of real-world security issues. As a programmer, I also found the level of technical detail more appropriate to my requirements.
Further Reading:
Anonymous speaks: the inside story of the HBGary hack
Black ops: how HBGary wrote backdoors for the government
How one man tracked down Anonymous—and paid a heavy price
Anonymous vs. HBGary: the aftermath
Add
to del.icio.us