Authors: Will Gragido, Daniel Molina, John Pirc and Nick Selby
If you need to get in the minds of cyber criminals to understand their motives and the economics of cyber crime, this book is enough to get you started.
About the authors
Will Gragido worked within information security consultancy roles performing and leading red teaming, penetration testing, incident response, security assessments, ethical hacking and malware analysis.
Daniel J. Molina is Director of Business Development for ELAM (Emerging Latin American Markets) in Kaspersky Lab.
John Pirc, an advisor to HP’s CISO on Cyber Security, has more than 15 years of experience in Security R&D, worldwide security product management, testing, forensics,consulting, and critical infrastructure architecting.
Nick Selby has been an information security analyst and consultant for more than a decade. In 2005 he established the information security practice at industry analyst firm The 451 Group.
Inside the book
The authors started with a short but helpful introduction – actually a recap of a chapter from a previous book written by two of them – that explains the differences between the various actors engaged in cybercrime: script kiddies (novice level), cyber crooks in it for the money (intermediate), and those employed by nation states (expert). They point out the problems of attribution, and how expertise, motivation, attack vectors and sophistication can point defenders in the right direction, and touch on the (known) cyber capabilities of a number of terrorist groups and nations.
Most Internet and computer users are so uninformed about the technology they use and the social engineering prowess of the attackers that they are unaware of being in danger, of their own psychological weaknesses, and of being the perfect way into an organization. The authors effectively explain why quality cyber legislation is still eons away, held hostage by the legislators that still believe that upping prison sentences will be enough to discourage cyber attackers.
They also provide a short history of hacking, starting way back in the 1800 in order to explain the concept, then rightly concentrating on hackers and hacking groups that surfaced around the 1980s and the evolution of the scene until the current day (Anonymous and LulzSec included). This history is by no means complete, but does a good job explaining to those less in touch with latest events about the current state of cyber attackers motivated by ideology (although you can sense that they don’t believe that some Anonymous “members” are wholly uninterested in monetary gain).
The topic of hacker motivation is covered, and a special chapter is dedicated to the early years of cyber attacks, explaining the shift from easy-to-spot, flamboyant malware launched at the beginnings, to stealthy malware now used in cyber espionage. This chapter also include a great four-page summary of the intricacies of the Flame, Stuxnet and Duqu malware and how it was used.
The next chapter explores the attackers’ modus operandi, the technologies and code they use, and how they choose their targets. Then follows the explanation on how Russian cyber crooks and Chinese hackers became the best in their respective fields (cyber crime and espionage), and the opportunities that emerging markets offer for cyber crooks.
The current situation in the U.S. and its law enforcement efforts and methods are finally covered, and the book concludes with an interesting chapter in which the authors share their opinions about the future of security.
This book gives a clear and concise overview of the past and current state of cybercrime, the motivations behind it and the modus operandi of the actors that perpetrate it.
It includes many good examples of past attacks, and even thought they occasionally make mistakes like spelling Nikola Tesla’s name incorrectly, the information they provide is overall accurate and written down in eminently readable form.
I would recommend this book to anyone who quickly wants to get a grasp on the current situation when it comes to cybercrime. Be advised, though, that the technologies and approaches used by cyber crooks change so quickly that the book (published in December 2012) does not include the very latest developments in the field.