Feeds

Fatal System Error: Watching the miscreants

The net's heart of darkness

Seven Steps to Software Security

Book review Fatal System Error - The Hunt for the New Crime Lords Who Are Bringing Down the Internet is an informative and entertaining look at the roots of the burgeoning cybercrime economy and its links to government, featuring a rogue's gallery of international wrong 'uns.

Joseph Menn peers down into the underground economy through the eyes of two hero protagonists who fought cybercrime: Barrett Lyon, technologist and founder of anti-DDoS tool firm Prolexic, and Andy Crocker, a cybercop and former officer in the UK's National High Tech Crime Unit (NHTCU).

The book has an unusual two-part structure. The first half of the book focuses on Lyon, and how his nascent security firm was set up from money from offshore gambling firm, BetCRIS. The Costa Rica-based firm is staffed by a colourful collection of US and Canadian ex-pats who Lyon comes to distrust.

Offshore gambling firms like BetCRIS, some of with ties to the US mafia, become the victims of cyber-extortionists from Russia and neighbouring countries who update old-school protection rackets for the internet age. Lyon uses all his considerable technical abilities to repel these threats.

The second and main part of the story tells how Crocker is sent on a mission to investigate cyber-extortion attacks against UK bookmakers. Early in the book we learn that Lyon posed as a hacker to gain an insight into how DDoS attacks are organised.

His feigned relationship with one of the hackers provides intelligence that helps kick start Crocker's investigation, a long and fraught process that eventually leads to conviction and tough prison sentences for three DDoS extortionists in Russia.

Crocker spent several years in Russia investigating the case. His arduous task highlights the difficulties future investigators will face. Menn, a business writer for the Financial Times USA and formerly of the Los Angeles Times, has a knack for boiling down complex technology into everyday language without distortion. He also does a neat line in pen portraits on his subjects.

The author formerly covered Hollywood, famously discovering that Disney Corp may not have the retained the image rights for the first version of Mickey Mouse while at the LA Times, and it's clear that his book has half an eye towards a screenplay. My own impression is that a documentary might suit this particular subject matter.

Menn, who travelled to Russia and Costa Rica in researching the book, is dogged in nailing down every strand of the investigation and his book benefits from this. Unlike other books on the subject, the book is neither a first person account nor a tale woven together from clippings but from an obviously extensive number of interviews.

A picture is presented of how cybercrooks in Russia and China operate with the blessing of corrupt government insiders. It's one of the best descriptions of the formation of the underground economy I've read. It deserves to be read by those in the IT security industry, policy formation and with any interest in a hype-free expose of the true face of cybercrime.

Highly recommended. ®

Fatal System Error - The Hunt for the New Crime Lords Who Are Bringing Down the Internet, by Joseph Menn

Hardback, 288 pages, £15.99, 978-1586487485

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.