Feeds

Cyber Alert: crime hits the net

The end of innocence

  • alert
  • submit to reddit

Reducing security risks from open source software

Book review Cyber Alert sets out to explain how 'traditional' organised crime is waking up to the huge criminal potential of cyber space and how software manufactures and police are responding, after years of paying the issue insufficient attention.

Authors Peter Warren and Michael Streeter use the 260 page book to put a different aspects of cyber crime - ranging from the genesis of offences such as phone phreaking to the rise of botnets - under the microscope. The book's nine chapters feature examples from criminal cases and other real-world examples alongside interviews with industry experts, police investigators and cyber criminals themselves. The authors obviously carried out scores of interviews in compiling Cyber Alert and the book is stronger for it.

The book is written to be understood by the layman, though information security professionals will find much within its cover of interest. The prose style is lucid and the authors spin a good yarn that makes the book an easy read.

However there are some shortcomings which prevent us endorsing it wholeheartedly. The authors supply a clear overview on online paedophilia, detailing the latest techniques perverts are using to evade detection and how police are seeking to stay ahead of the game. They also have fresh insights on how well-known cases (such as Operation Cathedral) were cracked.

But the chapter on computer viruses is much less impressive. It simply documents a series of high profile outbreaks (the Morris Worm, Love Bug, NetSky etc) without any context or overview. There's been no attempt to interview virus writers - or anyone else apart from anti-virus vendors - and the chapter is the poorer for it.

Mystery science theatre

In the intro the authors say an intruder attacked 10 Downing Street in 1999 from a mobile phone located somewhere in Russia. This is exciting stuff, But they have little else to say on the possible motive or mechanism of this "mysterious and sophisticated" hacking attack.

The use of such unsourced, eye-catching anecdotes is rare. The book does a good job of explaining the transition of old-style hacking - where people simply wanted to explore systems - to criminality, and the risks that this has created for consumers and business. This forms one of the book's two central themes; the second is an account of the mobilisation of police and the IT industry in response to the migration of old-style crimes such extortion onto the net, via DDoS attacks against online bookies and the like.

Hacking is the 'OS of cybercrime'

CyberAlert also floats some interesting theories - such as the possibility that officers from the now defunct Russian Federal Government Communications Agency, SAPSI, moonlighted for organised crime groups and corrupt businesses to tap phones on their behalf. In Bulgaria, many hackers and virus writers in Bulgaria were trained by Durzhavna Sigurnost, the secret police; they have moved on to working for Russian gangs such as Solntsevo, according to Vladimir Golubev, a Ukrainian academic.

This 'cyber-criminal' is a highlights of the book, along withan extensive interview with a computer hacker called Fungus. The book concludes with some gloomy predictions for the future, particularly about the likelihood of increased fraud on the net. It makesrecommendations for an internet security "cyber manifesto".

Overall, CyberAlert is a worthwhile addition to the security canon. Recommended (with caveat over virus section). ®

Cyber Alert, by Peter Warren and Michael Streeter
Vision Paperbacks
Paperback - 262 pages
March 2005 - £10.99

Related stories

Mitnick sequel fails to hack it
Traces of Guilt: computer crime from the front line
eCrime cost UK.biz £2.4bn in 2004
Cyber cops foil £220m Sumitomo bank raid
Web paedophile jailed for four years

Mobile application security vulnerability report

More from The Register

next story
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Microsoft: You NEED bad passwords and should re-use them a lot
Dirty QWERTY a perfect P@ssword1 for garbage websites
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
Crooks fling banking Trojan at Japanese smut site fans
Wait - they're doing online banking with an unpatched Windows PC?
NIST told to grow a pair and kick NSA to the curb
Lrn2crypto, oversight panel tells US govt's algorithm bods
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.