You will find this an interesting book; it covers a lot of ground, but pulls the information together in the end. Cybercrime and Espionage opens with a quote from Cicero from the first century B.C. The discussion of fraud and justice reaches back to the code of Hammurabi and a page later we read about the Smartphone. There are a few dominant themes:
– The authors work diligently to build a strong foundation based on history to show us, while the technology is new. There is an unprecedented amount of information that shows that crimes we are exposed to are not so new; nothing about the iPad changes human behavior.
– The authors have worked at advanced security companies and have access to the actual tools and attacks that are being used by criminals, Nation States, and organized groups to capture and exploit information.
– Knowing that the technology will continue to change, the authors have developed frameworks to help clarify this complex information.
– Case studies and actual examples, many of which went to court, are shared so that it is clear this is not opinion but what is actually happening.
With these themes in mind, do not be surprised if the discussion ranges from the Greek alphabet, the printing press, the history of the ARPANET, and the public switched network and then to the cutting-edge work of Bond and Danezis and why we fall prey to malware again and again. The discussion on compliance not equaling security is as clearly stated (and supported) as any I have seen, and this is such an important concept to understand because if you follow the money, a lot is invested in compliance. We are shown that physical and logical security are becoming less and less related. Two examples of why this can be a problem are the stories of Dong Chul Shin and Danielle Duann; both had insider access and were terminated from their organizations but were able to access IT resources via their organizations’ VPN.
Chapter 6 is particularly chilling, this is where the authors cover state-sponsored information gathering, and they do not hold back. They remind us again this is not a new problem; human nature has not changed, and their poster children include Ethel and Julius Rosenberg, Klaus Fuchs, Clayton Lonetree, Aldrich Ames, and Clyde Lee Conrad. This is followed by a veritable who’s who of significant groups, perhaps smaller than Nation State, involved in harvesting and exploiting information.
Cybercrime and Espionage also goes into some considerable depth to explain exactly how the criminal underground is able to harvest information about people like you or I. I haven’t seen this much explanatory information since Crimeware. We learn about the Advanced Persistent Threat, and rather than throwing a lot of technology at the reader, the authors break it down by its functionalities and support their premise with actual cases including Titan Rain. In Chapter 10, we see actual screenshots showing how criminal-oriented malware is used; the authors’ backgrounds in security companies has given them real-world experience. I really appreciated Chapter 11. How can they keep making malware we can’t detect? You will get to see the tools that are actually used.
Amazingly, the authors are able to pull it all together; Chapter 12 serves to focus what you have read. In fact, to get the most out of the book, you might want to start with Chapter 12 and read the MOSAIC framework section. MOSAIC is designed to help an analyst correctly evaluate cybercrime and cyber attack information. It stands for
• Open source intelligence collection
• Asymmetrical intelligence correlation
Or, as the authors say in the summary, remember to focus on the three dimensions of people, process and technology and your security efforts will be much improved. This book has lots of information on all three dimensions. It was a pleasure reading it and to develop this foreword, and I am sure you will find it advances your knowledge on cybercrime and espionage.