Feeds

Cyber Alert: crime hits the net

The end of innocence

  • alert
  • submit to reddit

Securing Web Applications Made Simple and Scalable

Book review Cyber Alert sets out to explain how 'traditional' organised crime is waking up to the huge criminal potential of cyber space and how software manufactures and police are responding, after years of paying the issue insufficient attention.

Authors Peter Warren and Michael Streeter use the 260 page book to put a different aspects of cyber crime - ranging from the genesis of offences such as phone phreaking to the rise of botnets - under the microscope. The book's nine chapters feature examples from criminal cases and other real-world examples alongside interviews with industry experts, police investigators and cyber criminals themselves. The authors obviously carried out scores of interviews in compiling Cyber Alert and the book is stronger for it.

The book is written to be understood by the layman, though information security professionals will find much within its cover of interest. The prose style is lucid and the authors spin a good yarn that makes the book an easy read.

However there are some shortcomings which prevent us endorsing it wholeheartedly. The authors supply a clear overview on online paedophilia, detailing the latest techniques perverts are using to evade detection and how police are seeking to stay ahead of the game. They also have fresh insights on how well-known cases (such as Operation Cathedral) were cracked.

But the chapter on computer viruses is much less impressive. It simply documents a series of high profile outbreaks (the Morris Worm, Love Bug, NetSky etc) without any context or overview. There's been no attempt to interview virus writers - or anyone else apart from anti-virus vendors - and the chapter is the poorer for it.

Mystery science theatre

In the intro the authors say an intruder attacked 10 Downing Street in 1999 from a mobile phone located somewhere in Russia. This is exciting stuff, But they have little else to say on the possible motive or mechanism of this "mysterious and sophisticated" hacking attack.

The use of such unsourced, eye-catching anecdotes is rare. The book does a good job of explaining the transition of old-style hacking - where people simply wanted to explore systems - to criminality, and the risks that this has created for consumers and business. This forms one of the book's two central themes; the second is an account of the mobilisation of police and the IT industry in response to the migration of old-style crimes such extortion onto the net, via DDoS attacks against online bookies and the like.

Hacking is the 'OS of cybercrime'

CyberAlert also floats some interesting theories - such as the possibility that officers from the now defunct Russian Federal Government Communications Agency, SAPSI, moonlighted for organised crime groups and corrupt businesses to tap phones on their behalf. In Bulgaria, many hackers and virus writers in Bulgaria were trained by Durzhavna Sigurnost, the secret police; they have moved on to working for Russian gangs such as Solntsevo, according to Vladimir Golubev, a Ukrainian academic.

This 'cyber-criminal' is a highlights of the book, along withan extensive interview with a computer hacker called Fungus. The book concludes with some gloomy predictions for the future, particularly about the likelihood of increased fraud on the net. It makesrecommendations for an internet security "cyber manifesto".

Overall, CyberAlert is a worthwhile addition to the security canon. Recommended (with caveat over virus section). ®

Cyber Alert, by Peter Warren and Michael Streeter
Vision Paperbacks
Paperback - 262 pages
March 2005 - £10.99

Related stories

Mitnick sequel fails to hack it
Traces of Guilt: computer crime from the front line
eCrime cost UK.biz £2.4bn in 2004
Cyber cops foil £220m Sumitomo bank raid
Web paedophile jailed for four years

The smart choice: opportunity from uncertainty

More from The Register

next story
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.