Dark Territory

Dark Territory

 

From Amazon.com

As cyber-attacks dominate front-page news, as hackers join terrorists on the list of global threats, and as top generals warn of a coming cyber war, few books are more timely and enlightening than Dark Territory: The Secret History of Cyber War, by Slate columnist and Pulitzer Prize–winning journalist Fred Kaplan.

Kaplan probes the inner corridors of the National Security Agency, the beyond-top-secret cyber units in the Pentagon, the “information warfare” squads of the military services, and the national security debates in the White House, to tell this never-before-told story of the officers, policymakers, scientists, and spies who devised this new form of warfare and who have been planning—and (more often than people know) fighting—these wars for decades.

From the 1991 Gulf War to conflicts in Haiti, Serbia, Syria, the former Soviet republics, Iraq, and Iran, where cyber warfare played a significant role, Dark Territory chronicles, in fascinating detail, a little-known past that shines an unsettling light on our future.

Critical Infrastructure Protection, Volume II

From the preface:

This book is a follow-on to our earlier book published in 2011 and represents a detailed look at various aspects of cyber security. The chapters in this book are the result of invited presentations in a 2-day conference on cyber security held at the City University of New York, City College, June 8-9, 2011.

Our increased reliance on the Internet, information, and networked systems has also raised the risks of cyber attacks that could harm our nation’s cyber infrastructure. The cyber infrastructure encompasses a number of sectors including the nation’s mass transit and other transportation systems, railroads, airlines, the banking and financial systems, factories, energy systems and the electric power grid, and telecommunications, which increasingly rely on a complex array of computer networks. Many of these infrastructures’ networks also connect to the public Internet. Unfortunately, many information systems, computer systems, and networks were not built and designed with security in mind. As a consequence, our cyber infrastructure contains many holes, risks, and vulnerabilities that potentially may enable an attacker to cause damage or disrupt the operations of this cyber infrastructure. Threats to the safety and security of the cyber infrastructure come from many directions: hackers, terrorists, criminal groups, and sophisticated organized crime groups; even nation-states and foreign intelligence services conduct cyber warfare. Costs to the economy from these threats are huge and increasing. Cyber infrastructure protection refers to the defense against attacks on such infrastructure and is a major concern of both the government and the private sector.

A key contribution of this book is that it provides an integrated framework and a comprehensive view of the various forms of cyber infrastructure protection. We, the editors, strongly recommend this book for policymakers and researchers.

Read the full book here.

The Cukoo’s Egg

Cuckoo's Egg

 

From Amazon.com

Before the Internet became widely known as a global tool for terrorists, one perceptive U.S. citizen recognized its ominous potential. Armed with clear evidence of computer espionage, he began a highly personal quest to expose a hidden network of spies that threatened national security. But would the authorities back him up? Cliff Stoll’s dramatic firsthand account is “a computer-age detective story, instantly fascinating [and] astonishingly gripping” (Smithsonian).

Cliff Stoll was an astronomer turned systems manager at Lawrence Berkeley Lab when a 75-cent accounting error alerted him to the presence of an unauthorized user on his system. The hacker’s code name was “Hunter” — a mysterious invader who managed to break into U.S. computer systems and steal sensitive military and security information. Stoll began a one-man hunt of his own: spying on the spy. It was a dangerous game of deception, broken codes, satellites, and missile bases — a one-man sting operation that finally gained the attention of the CIA…and ultimately trapped an international spy ring fueled by cash, cocaine, and the KGB.

Ghost in the Wires

Ghost in the Wires

 

From Amazon.com

Kevin Mitnick was the most elusive computer break-in artist in history. He accessed computers and networks at the world’s biggest companies–and however fast the authorities were, Mitnick was faster, sprinting through phone switches, computer systems, and cellular networks. He spent years skipping through cyberspace, always three steps ahead and labeled unstoppable. But for Kevin, hacking wasn’t just about technological feats-it was an old fashioned confidence game that required guile and deception to trick the unwitting out of valuable information.

Driven by a powerful urge to accomplish the impossible, Mitnick bypassed security systems and blazed into major organizations including Motorola, Sun Microsystems, and Pacific Bell. But as the FBI’s net began to tighten, Kevin went on the run, engaging in an increasingly sophisticated cat and mouse game that led through false identities, a host of cities, plenty of close shaves, and an ultimate showdown with the Feds, who would stop at nothing to bring him down.

Ghost in the Wires is a thrilling true story of intrigue, suspense, and unbelievable escape, and a portrait of a visionary whose creativity, skills, and persistence forced the authorities to rethink the way they pursued him, inspiring ripples that brought permanent changes in the way people and companies protect their most sensitive information.

Cyber War in Perspective: Russian Aggression against Ukraine

Cyber War in Perspective- Russian Aggression against Ukraine

Overview from CCDCOE:

The conflict in Ukraine appears to have all the ingredients for cyber war. Moscow and Kyiv are playing for the highest geopolitical stakes, and both countries possess a high level of expertise in information technology and computer hacking. However, there are still many sceptics of cyber war, and more questions than answers. Malicious code has served criminals and spies very well, but can cyber attacks offer soldiers more than a tactical edge on the battlefield? Can they have a strategic effect? And what norms should be established in international relations to govern nation-state hacking in peacetime and in war?

The book serves as a benchmark in the early history of Internet-era warfare. It features 18 chapters by scholars and practitioners who identify the case’s tactical and strategic implications, discuss their significance for policy and law, and analyse ongoing information operations. For worldleaders and system administrators alike, the ‘cyber dimension’ of the Russo-Ukrainian crisis offers many lessons and sheds light on whether cyber war is still closer to science fiction than reality.

This case study, which examines the Ukraine crisis between 2013-2015, demonstrates that cyber attacks have been used in a broader strategy of information warfare. They encompass digital propaganda, denial-of-service (DoS) campaigns, website defacements, information leaks by hacktivist groups, and cutting-edge cyber espionage malware. However, apart from disruptions to Internet connectivity between Crimea, Donbass, and the rest of Ukraine, there have been no known attacks against civilian or military critical infrastructures. Does this mean that Russia – considered by many to be one of the leading cyber powers in the world – is voluntarily showing restraint? And what are the scenarios in which we could see an escalation of this conflict in cyberspace?

Read the full book here.

Nuclear Lessons for Cyber Security

Air-University-logo

Identifying “revolutions in military affairs” is arbitrary, but some inflection points in technological change are larger than others: for example, the gunpowder revolution in early modern Europe, the industrial revolution of the nineteenth century, the second industrial revolution of the early twentieth century, and the nuclear revolution in the middle of the last century.1 In this century, we can add the information revolution that has produced today’s extremely rapid growth of cyberspace. Earlier revolutions in information technology, such as Gutenberg’s printing press, also had profound political effects, but the current revolution can be traced to Moore’s law and the thousand-fold decrease in the costs of computing power that occurred in the last quarter of the twentieth century.

Read the full article here.

Fatal System Error

Fatal System Error

 

From Amazon.com:

In 2004, a California computer whiz named Barrett Lyon uncovered the identity of a hacker running major assaults on business websites. Without fully grasping the repercussions, he set on an investigation that led him into the heart of the Russian mob. Cybercrime was evolving. No longer the domain of small-time thieves, it had been discovered by sophisticated gangs. They began by attacking corporate websites but increasingly stole financial data from consumers and defense secrets from governments.

While Barrett investigated the cutting edge of technology crime, the U.S. government struggled to catch up. Britain, however, was a different story. In the late 1990s, the Queen herself had declared safe e-commerce a national security priority. Agents from the London-based National Hi-Tech Crime Unit sought out Barrett and enlisted his help. They also sent detective Andrew Crocker, a Welsh former boxer, to Russia to track down and prosecute the hacker’s and to find out who they worked for.

Fatal System Error penetrates both the Russian cyber-mob and the American mafia as the two fight over the Internet’s massive spoils. It takes readers into the murky hacker underground, traveling the globe from San Francisco to Costa Rica, London, and Russia. Using unprecedented access to mob businesses and Russian officials, it shows how top criminals earned protection from the Russian government—and how Barrett Lyon and Andrew Crocker got closer to the titans of the underground economy than any previous outsider. Together, their stories explain why cybercrime is much worse than you thought—and why the Internet might not survive.

Cyber Infrastructure Protection

From the preface:

The Internet, as well as other telecommunication networks and information systems, have become an integrated part of our daily lives, and our dependency upon their underlying infrastructure is ever-increasing. Unfortunately, as our dependency has grown, so have hostile attacks on the cyber infrastructure by network predators. The lack of security as a core element in the initial design of these information systems has made common desktop software, infrastructure services, and information networks increasingly vulnerable to continuous and innovative breakers of security. Worms, viruses, and spam are examples of attacks that cost the global economy billions of dollars in lost productivity. Sophisticated distributed denial of service (DDoS) attacks that use thousands of web robots (bots) on the Internet and telecommunications networks are on the rise. The ramifications of these attacks are clear: the potential for a devastating largescale network failure, service interruption, or the total unavailability of service.

Yet many security programs are based solely on reactive measures, such as the patching of software or the detection of attacks that have already occurred, instead of proactive measures that prevent attacks in the first place. Most of the network security configurations are performed manually and require experts to monitor, tune security devices, and recover from attacks. On the other hand, attacks are getting more sophisticated and highly automated, which gives the attackers an advantage in this technology race.

A key contribution of this book is that it provides an integrated view and a comprehensive framework of the various issues relating to cyber infrastructure protection. It covers not only strategy and policy issues, but it also covers social, legal, and technical aspects of cyber security as well. We strongly recommend this book for policymakers and researchers so that they may stay abreast of the latest research and develop a greater understanding of cyber security issues.

Read the full book here.

Reality Check on a Cyber Force

Air-University-logo

It is premature to call for a separate cyberspace armed service, independent of the other services and agencies, to project power and protect vital US national security and economic vitality interests. There are four key prerequisites before achieving this goal: 1) a unique, strategic military capability unachievable by any of the other services and agencies; 2) corresponding technological advances; 3) an unrestricted battlespace; and 4) political champions to maneuver the bureaucracy and pass legislation.

Read the full article here.

Kingpin

Kingpin

 

From Amazon.com:

Former hacker Kevin Poulsen has, over the past decade, built a reputation as one of the top investigative reporters on the cybercrime beat. In Kingpin, he pours his unmatched access and expertise into book form for the first time, delivering a gripping cat-and-mouse narrative—and an unprecedented view into the twenty-first century’s signature form of organized crime.

The word spread through the hacking underground like some unstoppable new virus: Someone—some brilliant, audacious crook—had just staged a hostile takeover of an online criminal network that siphoned billions of dollars from the US economy.

The FBI rushed to launch an ambitious undercover operation aimed at tracking down this new kingpin; other agencies around the world deployed dozens of moles and double agents. Together, the cybercops lured numerous unsuspecting hackers into their clutches. . . . Yet at every turn, their main quarry displayed an uncanny ability to sniff out their snitches and see through their plots.

The culprit they sought was the most unlikely of criminals: a brilliant programmer with a hippie ethic and a supervillain’s double identity. As prominent “white-hat” hacker Max “Vision” Butler, he was a celebrity throughout the programming world, even serving as a consultant to the FBI. But as the black-hat “Iceman,” he found in the world of data theft an irresistible opportunity to test his outsized abilities. He infiltrated thousands of computers around the country, sucking down millions of credit card numbers at will. He effortlessly hacked his fellow hackers, stealing their ill-gotten gains from under their noses. Together with a smooth-talking con artist, he ran a massive real-world crime ring.

And for years, he did it all with seeming impunity, even as countless rivals ran afoul of police.

Yet as he watched the fraudsters around him squabble, their ranks riddled with infiltrators, their methods inefficient, he began to see in their dysfunction the ultimate challenge: He would stage his coup and fix what was broken, run things as they should be run—even if it meant painting a bull’s-eye on his forehead.

Through the story of this criminal’s remarkable rise, and of law enforcement’s quest to track him down, Kingpin lays bare the workings of a silent crime wave still affecting millions of Americans. In these pages, we are ushered into vast online-fraud supermarkets stocked with credit card numbers, counterfeit checks, hacked bank accounts, dead drops, and fake passports. We learn the workings of the numerous hacks—browser exploits, phishing attacks, Trojan horses, and much more—these fraudsters use to ply their trade, and trace the complex routes by which they turn stolen data into millions of dollars. And thanks to Poulsen’s remarkable access to both cops and criminals, we step inside the quiet, desperate arms race that law enforcement continues to fight with these scammers today.

Ultimately, Kingpin is a journey into an underworld of startling scope and power, one in which ordinary American teenagers work hand in hand with murderous Russian mobsters and where a simple Wi-Fi connection can unleash a torrent of gold worth millions.