Feeds

Fatal System Error: Watching the miscreants

The net's heart of darkness

SANS - Survey on application security programs

Book review Fatal System Error - The Hunt for the New Crime Lords Who Are Bringing Down the Internet is an informative and entertaining look at the roots of the burgeoning cybercrime economy and its links to government, featuring a rogue's gallery of international wrong 'uns.

Joseph Menn peers down into the underground economy through the eyes of two hero protagonists who fought cybercrime: Barrett Lyon, technologist and founder of anti-DDoS tool firm Prolexic, and Andy Crocker, a cybercop and former officer in the UK's National High Tech Crime Unit (NHTCU).

The book has an unusual two-part structure. The first half of the book focuses on Lyon, and how his nascent security firm was set up from money from offshore gambling firm, BetCRIS. The Costa Rica-based firm is staffed by a colourful collection of US and Canadian ex-pats who Lyon comes to distrust.

Offshore gambling firms like BetCRIS, some of with ties to the US mafia, become the victims of cyber-extortionists from Russia and neighbouring countries who update old-school protection rackets for the internet age. Lyon uses all his considerable technical abilities to repel these threats.

The second and main part of the story tells how Crocker is sent on a mission to investigate cyber-extortion attacks against UK bookmakers. Early in the book we learn that Lyon posed as a hacker to gain an insight into how DDoS attacks are organised.

His feigned relationship with one of the hackers provides intelligence that helps kick start Crocker's investigation, a long and fraught process that eventually leads to conviction and tough prison sentences for three DDoS extortionists in Russia.

Crocker spent several years in Russia investigating the case. His arduous task highlights the difficulties future investigators will face. Menn, a business writer for the Financial Times USA and formerly of the Los Angeles Times, has a knack for boiling down complex technology into everyday language without distortion. He also does a neat line in pen portraits on his subjects.

The author formerly covered Hollywood, famously discovering that Disney Corp may not have the retained the image rights for the first version of Mickey Mouse while at the LA Times, and it's clear that his book has half an eye towards a screenplay. My own impression is that a documentary might suit this particular subject matter.

Menn, who travelled to Russia and Costa Rica in researching the book, is dogged in nailing down every strand of the investigation and his book benefits from this. Unlike other books on the subject, the book is neither a first person account nor a tale woven together from clippings but from an obviously extensive number of interviews.

A picture is presented of how cybercrooks in Russia and China operate with the blessing of corrupt government insiders. It's one of the best descriptions of the formation of the underground economy I've read. It deserves to be read by those in the IT security industry, policy formation and with any interest in a hype-free expose of the true face of cybercrime.

Highly recommended. ®

Fatal System Error - The Hunt for the New Crime Lords Who Are Bringing Down the Internet, by Joseph Menn

Hardback, 288 pages, £15.99, 978-1586487485

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS
Agency forgets it exists to protect communications, not just spy on them
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.