Cyber Alert: crime hits the net
The end of innocence
Book review Cyber Alert sets out to explain how 'traditional' organised crime is waking up to the huge criminal potential of cyber space and how software manufactures and police are responding, after years of paying the issue insufficient attention.
Authors Peter Warren and Michael Streeter use the 260 page book to put a different aspects of cyber crime - ranging from the genesis of offences such as phone phreaking to the rise of botnets - under the microscope. The book's nine chapters feature examples from criminal cases and other real-world examples alongside interviews with industry experts, police investigators and cyber criminals themselves. The authors obviously carried out scores of interviews in compiling Cyber Alert and the book is stronger for it.
The book is written to be understood by the layman, though information security professionals will find much within its cover of interest. The prose style is lucid and the authors spin a good yarn that makes the book an easy read.
However there are some shortcomings which prevent us endorsing it wholeheartedly. The authors supply a clear overview on online paedophilia, detailing the latest techniques perverts are using to evade detection and how police are seeking to stay ahead of the game. They also have fresh insights on how well-known cases (such as Operation Cathedral) were cracked.
But the chapter on computer viruses is much less impressive. It simply documents a series of high profile outbreaks (the Morris Worm, Love Bug, NetSky etc) without any context or overview. There's been no attempt to interview virus writers - or anyone else apart from anti-virus vendors - and the chapter is the poorer for it.
Mystery science theatre
In the intro the authors say an intruder attacked 10 Downing Street in 1999 from a mobile phone located somewhere in Russia. This is exciting stuff, But they have little else to say on the possible motive or mechanism of this "mysterious and sophisticated" hacking attack.
The use of such unsourced, eye-catching anecdotes is rare. The book does a good job of explaining the transition of old-style hacking - where people simply wanted to explore systems - to criminality, and the risks that this has created for consumers and business. This forms one of the book's two central themes; the second is an account of the mobilisation of police and the IT industry in response to the migration of old-style crimes such extortion onto the net, via DDoS attacks against online bookies and the like.
Hacking is the 'OS of cybercrime'
CyberAlert also floats some interesting theories - such as the possibility that officers from the now defunct Russian Federal Government Communications Agency, SAPSI, moonlighted for organised crime groups and corrupt businesses to tap phones on their behalf. In Bulgaria, many hackers and virus writers in Bulgaria were trained by Durzhavna Sigurnost, the secret police; they have moved on to working for Russian gangs such as Solntsevo, according to Vladimir Golubev, a Ukrainian academic.
This 'cyber-criminal' is a highlights of the book, along withan extensive interview with a computer hacker called Fungus. The book concludes with some gloomy predictions for the future, particularly about the likelihood of increased fraud on the net. It makesrecommendations for an internet security "cyber manifesto".
Overall, CyberAlert is a worthwhile addition to the security canon. Recommended (with caveat over virus section). ®
Cyber Alert, by Peter Warren and Michael Streeter
Paperback - 262 pages
March 2005 - £10.99
Sponsored: Customer Identity and Access Management