BOOK REVIEWS
Cybersecurity Central is excited to share Blog by CC Book Reviews.
Bookmark this page and visit monthly to read reviews from Team CC.
#cybersecuritycentral #diversityofthought #blogbycc
TABLE OF CONTENTS
THE CUCKOO'S EGG
The Cuckoo's Egg | Book Review by Alexis Julian
November 2024
I was on the edge of my seat reading "The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage" by Cliff Stoll. This book goes through the twists and turns Stoll experienced in the 1980's while tracking a hacker that had infiltrated machines at the Lawrence Berkeley Lab, where he worked as an astronomer. Stoll discovered the hacker due to a 75-cent accounting shortfall on their computer usage bill. This discovery led Stoll through a complex investigation revealing that the hacker was also breaking into U.S. Government and Military systems.
Stoll details his triumphs and setbacks during his work to help track the unauthorized user as they move across networks and search out specific military data. The book sheds light into the difficulties of investigating computer crimes during that time due to the compartmentalization and secrecy within and between U.S. Government Agencies and their allies abroad. It also puts into prospective the amount of effort required to track someone through multiple networks to have enough evidence to point back to a specific individual and be able to prosecute them. Stoll leaves you guessing right up to the end, providing the details he spent years tracking down in the second to last chapter. The book also weaves in detail about how this investigation impacted his relationships and made him question his motives for chasing the intruder.
Overall, this is one of my top five reads. I was hooked from the first chapter and often had trouble setting it down once I picked it back up. I would recommend this to those who enjoy spy or true crime thrillers; those interested in how someone could historically be traced through networks; and those looking to learn more about historical hacks and investigations. It is written clearly and explains complex computer topics in a way that is easily understandable.
Learn more about the book and purchase: https://www.amazon.com/Cuckoos-Egg-Tracking-Computer-Espionage/dp/0385249462
Connect with Alexis on LinkedIn: https://www.linkedin.com/in/alexis-julian-b81ab5116/
THIS MACHINE KILLS SECRETS
This Machine Kills Secrets | Book Review by Alexis Julian
October 2024
Andy Greenberg’s "This Machine Kills Secrets: Julian Assange, the Cypherpunks, and Their Fight to Empower Whistleblowers," offers an in-depth exploration of the world of digital whistleblowing, focusing on the rise and impact of WikiLeaks and its founder, Julian Assange. The book also dives into the broader community of cypherpunks and other significant activists who have played pivotal roles in the fight to expose government and corporate secrets.
Greenberg's narrative is masterfully written due to personal interviews with key figures in the whistleblowing and hacking communities. Prominent among these are Julian Assange, the leader of WikiLeaks; Daniel Domscheit-Berg, a former WikiLeaks spokesperson who later founded OpenLeaks; and an anonymous figure referred to as "the Architect," who played a crucial role in the technical infrastructure behind these platforms. The book provides a comprehensive history of Julian Assange, tracing his early life, his ideological motivations, and his evolution into one of the most controversial figures in modern journalism. WikiLeaks, under Assange's leadership, became a global force, publishing classified information that exposed government and corporate controversial actions.
The book remains particularly timely given the recent developments concerning Julian Assange. In June, Assange agreed to a plea deal, pleading guilty to a charge under the Espionage Act for conspiring to obtain and disclose classified U.S. national defense documents. This deal has significant implications for Assange's future, allowing him to return to Australia after being imprisoned for the past five years. News broadcasts showed he landed June 26th on Australia and was welcomed home by his wife and children.
Learn more about the book and purchase: https://www.amazon.com/This-Machine-Kills-Secrets-Whistleblowers/dp/0142180491
Connect with Alexis on LinkedIn: https://www.linkedin.com/in/alexis-julian-b81ab5116/
FANCY BEAR GOES PHISHING
Fancy Bear Goes Phishing | Book Review by Alexis Julian
April 2024
"Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks" by Scott J. Shapiro is filled with masterfully written in-depth technical details about why the Internet is so vulnerable to attack. Shapiro sprinkles in a few comedic lines throughout his critical examination of cybercrime, one of my favorite being:
"Coding in assembly is easy. It's like riding a bike. Except the bike is on fire and you're on fire and everything is on fire and you're in hell."
Shapiro does a wonderful job describing the different malware strains discussed throughout the book. Take Mirai for example, Shapiro describes how "Mirai unlinks itself as soon as it infected a device...looks for programs using communication ports that malware typically used to talk with C2s....also inspects every program file and checks the first 4,096 bytes for Qbot". The details in the book also describe the human element behind why Mirai does the last file checks.
Throughout the book the human element of Cybersecurity is taken into account, making this a very thought provoking read. Shapiro discussed what he calls, upcode and downcode to help explain his analysis. "Downcode is technical computer code" and upcode is "the inner operations of the human brain to the outer social, political, and institutional forces that define the world around us." This concept has really helped me reframe the questions I ask around cyber attacks that occur from not just how, but why and to what ends?
I also really enjoy that Shapiro quickly discussed the current job landscape for cybersecurity. Noting that "Industry leaders estimate that the field needs 3.5 million new workers just to keep pace with demand." He also adds his opinion of "if we fill some of those positions with budding hackers, we will need fewer positions." I see a gap that has been forming in this industry of many open junior/senior level roles that will sit open for months at a time because there isn't enough *experienced* talent to fill highly specialized roles and too few entry level roles for the massive amount of people trying to break into the industry. At some point something has to change or the industry is going to continue to lose great talent due to not being able to get their foot into the industry.
As I mentioned previously, this is a very thought provoking read. Be prepared to have a notebook out beside you to jot down any thoughts that come to mind as you're reading. Overall this book was a great read and I'd recommend it to anyone interested in the human element behind cybercrime and those interested in learning more about historic cyber attacks.
Learn more about the book and purchase: https://www.amazon.com/dp/B0BBC8LG9P
Connect with Alexis on LinkedIn: https://www.linkedin.com/in/alexis-julian-b81ab5116/
TRACERS IN THE DARK
Tracers in the Dark | Book Review by Alexis Julian
March 2024
Tracers in the Dark: the Global Hunt for the Crime Lords of Cryptocurrency by Andy Greenberg, takes readers through a captivating recount of investigations into the most well-known black-market cryptocurrency take-downs in history. The book goes over the rise and fall of the Silk Road and initial AlphaBay marketplace, delving into the research showcasing cryptocurrency’s traceability and the key players that made the take-down of the marketplaces feasible. It reads like an intense thriller rather than the typical narration of law enforcement investigations, which may be mundane.
Throughout the five sections, there are shocking twists and turns in the investigations, sometimes caught right in the nick of time before actions were taken that could have been catastrophic to the case. It sheds light on how intricate the investigation can be and the ethical dilemmas that often arise from tactics used during exploration and infiltration of dark web sites. Some investigations reviewed in the book took years of work and collaboration with multiple law enforcement agencies from around the globe, while others took just two weeks to pull off. I found the book to be very informative and detailed in a way that gets readers thinking about other implications of investigations or the creation and usage of different tracking tools.
Before reading this book, I didn’t know much about cryptocurrencies because I have never been interested in looking into them, considering them a poor investment with a stigma surrounding the exchanges. After reading, I now have a good grasp on how cryptocurrencies work and knowledge about the fundamental research that went into demonstrating the insecurities of the currency that allows it to be traceable. I was also able to learn why some cryptocurrency money trails are easy to track while more modern cryptocurrency is proving harder to trace and substantiate ownership, such as the methods being used by current ransomware operations.
While this book proves to be thoroughly researched and a great resource for knowledge of these high-profile take-downs, it is not suitable for everyone. As described in the author’s note, this book contains references to topics that may be triggering for individuals, such as self-harm, suicide, and child abuse. Most of the explicit details can be avoided by skipping over the fourth section in the book, which I had a hard time getting through due to the horrendous nature of the crimes described. Therefore, I recommend this book to those interested in how cryptocurrency can be traced and the major law enforcement investigations that took down some of the most notorious cyber criminals in history. It is also a good read for those who may be interested in one day joining law enforcement or other teams that focus on identifying and catching cyber criminals because it exposes the reader to some of the worst crimes that they encounter in their careers.
Learn more about the book and ways to purchase here: https://andygreenberg.net
Connect with Alexis on LinkedIn: https://www.linkedin.com/in/alexis-julian-b81ab5116/
NOTHING TO HIDE
Nothing to Hide | Book Review by Alexis Julian
February 2024
"Nothing to Hide" by Daniel J. Solove thoroughly argues the notion that we need to sacrifice privacy for security. Solove is the Eugene L. and Barbara A. Bernard Professor of Intellectual Property and Technology Law at George Washington University Law School. He has authored numerous books and articles about privacy and technology, and founded the privacy and security training company TeachPrivacy. Originally published by Yale University Press in 2011, the book is still appropriate and applicable today, 10+ years later.
Throughout the books' four parts, Solove discusses many popular arguments for the privacy vs. security debate. Solove states that, "Privacy is often misunderstood and undervalued when balanced against security," and he very clearly defends this throughout part one. I particularly enjoyed the chapter on 'The All-or-Nothing Fallacy' where Solove discusses two polls from Pew Research and Rasmussen Reports. Digging into one of those questions, "Should the government be allowed to read emails and listen to phone calls to fight terrorism", it's easy to see where a lot of people would answer 'Yes' because of the All-or-Nothing framing of the question. However, if the questions were framed as Solove suggests, "Should the government be allowed to read emails and listen to phone calls without a search warrant or the appropriate court order required by law to fight terrorism", it's easy to see where a lot of people would answer 'No'.
Part two discusses how the laws around privacy and security should respond in matters of national security. Solove picks apart arguments towards decreasing privacy in times of crisis by analyzing cases where the response was to overlook privacy protections. Part three focuses on the constitutional fourth amendment rights in relation to privacy and also argues why the first amendment should protect against government investigations into speech, beliefs, or habits. Finally, part four discussed how the law should react to new and changing technologies.
I originally read this book in 2016 as part of a college course that analyzed the differences between American and German privacy and security practices. Reading it again, in 2023, I find this book to be applicable to individuals who are interested in the privacy debate, work with large amounts of detailed customer/user data, and/or draft policies or procedures which revolve around privacy. I also believe this to be a great book for college class discussions.
Learn more about the book here: https://www.danielsolove.com/nothing-to-hide
Purchase the book here: https://www.amazon.com/gp/product/0300172338
Connect with Alexis on LinkedIn: https://www.linkedin.com/in/alexis-julian-b81ab5116/
HOW TO CATCH A PHISH
How To Catch A Phish | Book Review by Alexis Julian
January 2024
Nick Oles has created a comprehensive guide in his recently published book "How to catch a phish". Oles is a Cybersecurity expert of over 15 years specialized in incident response and threat detection. This practical guide showcases his expertise in the area providing valuable tips and foundational information. The book digs deep into details and uses visuals to showcase numerous examples.
Oles describes the foundational knowledge of how email works in chapter one and goes into detail on email header analysis. He provides a list of free tools for header analysis at the end of the chapter, including a look into one of my favorite tools - MxToolbox. After that, the book briefly describes different phishing tactics and techniques and the incident response process.
A bit later, Oles discusses VirusTotal and urlscan as tools for URL analysis. VirusTotal is an amazing industry tool. If you aren't familiar with it, I highly recommend taking the time to learn about the tool. Following up URL analysis, Oles describes how to safely analyze suspicious emails attachments using sandboxes such as any run and hybrid analysis. Finally, the guide also discusses key remediation actions and finalizing lessons learned.
I haven't seen a more in-depth phishing guide available. Organizations that may not have dedicated phishing investigation processes could utilize this book to help guide them towards a repeatable and budget friendly option. This book is written for beginners but is applicable for all levels - I found myself learning a trick or two that I will utilize in the future.
I would recommend this book for those who work with analyzing phishing emails for work or are personally interested in learning how to analyze suspicious emails that come into your inbox safely.
Purchase the book here: https://www.amazon.com/How-Catch-Phish-Practical-Detecting/dp/1484293606/ref=tmm_pap_swatch_0
Connect with the author, Nick Oles on LinkedIn:
https://www.linkedin.com/in/nick-o-8b5b6349
Connect with Alexis on LinkedIn: https://www.linkedin.com/in/alexis-julian-b81ab5116/
CULT OF THE DEAD COW
Cult of the Dead Cow | Book Review by Alexis Julian
December 2023
This month I read, "Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World" by Joseph Menn. Menn takes readers through the history of the oldest active American hacking group and some of its most well known members. It is evident this book was meticulously researched and provides 200+ notes at the end for additional details outside the text.
I did not know much about the Cult of the Dead Cow hacking group, also known as cDc, other than what I've come across in my previous readings. Surprisingly, the group has not come up a lot in my other readings. Menn does a great job analyzing all the historical events that played into how cDc and other hacking groups, like L0pht, shaped the internet and modern security practices.
He includes details on clear white hat and black hat activities along with more decisive grey hat activities the hacking groups participated in. The book also describes the evolution of major security conferences like DefCon and BlackHat, which I loved learning more about. I have never been to either conference, but would love to go one day to get the experience and learn from the valuable presentations and workshops.
I appreciate that Menn put a section in the beginning of the book called 'The Players' that clearly matched each of the aliases to their true name. This made it easier to identify exactly who was being referenced throughout the book.
There is a lot of history referenced in just over two hundred pages, sometimes making it difficult to follow. The book is an outstanding resource to deepen knowledge around how hacking groups play into the evolution of information security. I would recommend this book to those interested in the history of major hacking groups or what key events and individuals helped shape modern security practices.
Purchase the book here: https://www.amazon.com/Cult-Dead-Cow-Original-Supergroup-ebook/dp/B07J54F9KR
Connect with Alexis on LinkedIn: https://www.linkedin.com/in/alexis-julian-b81ab5116/
GHOST IN THE WIRES
Ghost In The Wires | Book Review by Alexis Julian
November 2023
"Ghost In The Wires" by Kevin Mitnick is a thrilling autobiography of, as he puts it, the transformation from "the worlds most wanted hacker to one of the most wanted security experts in the world". Mitnick guides readers through his adventures, laying the story out much like an action-packed thriller. He also debunks many of the common rumors, some of which were used against him in court, about his hacks.
At one hearing, the prosecutor said that he had hacked into the NSA, tampered with a judge's TRW report, planted false stories about a company having lost millions of dollars, and even hacked into police computers to erase his prior arrest records - all of which were false claims. The judicial system treated him like he was a national security threat, even placing him in solitary confinement in order to keep him away from the phones that were available in the general population areas when he was in prison.
The details outlined in his stories also provide valuable learnings for red teams utilizing social engineering in their toolkit. One of my favorites is: if you ask for a piece of sensitive information then naturally people will grow suspicious; however, if you pretend to already have that information and provide incorrect data, they will frequently correct you with the accurate data you're looking for. Something so simple to execute once identified - you may start to wonder if you've ever been tricked like this.
Mitnick partnered with the well known security awareness training company, KnowBe4, from 2012-2023 as their Chief Hacking Officer. They have a dedicated 'Kevin Mitnick Security Awareness Training' that specializes in awareness around many common security threats. It was a tremendous loss for his friends, family, and the security community when he passed in July after his battle with pancreatic cancer. Even with his passing, it is clear that he has left behind a strong legacy that will be used to train and inform people for decades to come.
This book is easily one of my top five favorites and I foresee myself re-reading it often. I highly recommend this book to all security professionals. It would even make a great read for non-technical individuals who want to learn more about what tactics the "bad guys" have used to trick people into providing information. The book is written in terms easy to understand and he did a great job of translating really technical details into a thrilling storyline.
Purchase the book here: https://www.mitnicksecurity.com/ghost-in-the-wires
Connect with Alexis on LinkedIn: https://www.linkedin.com/in/alexis-julian-b81ab5116/
PEGASUS
Pegasus | Book Review by Alexis Julian
October 2023
"Pegasus: How A Spy In Your Pocket Threatens The End Of Privacy, Dignity, and Democracy" by Laurent Richard and Sandrine Rigaud is a detailed report about the Pegasus surveillance software and the group that markets it. Pegasus was created by NSO Group, an Israeli cyber-intelligence firm, and marketed to governments and law enforcement agencies as a lifesaving measure against terrorism.
The steps of the Pegasus surveillance solution are simple: injection, configuration, and data removal. Injection consisted of finding a vulnerability in the phone's operating system to plant the spyware. The spyware could then be configured to do a number of things including, but not limited to, monitor and collect contacts, email, and voicemail as well as all system files and geolocation data. After collecting the data from the phone, Pegasus then exfiltrated the data for mining and analysis.
In the book, Richard and Rigaud recall gripping accounts of evidence gathered during their investigation into usage of the software targeting activists, heads of state, and journalists - well outside of the software marketed scope of combatting terrorism. The authors were part of the team that released the evidence in a collaborative investigation by 17 media organizations in 2021 revealing that Pegasus had been used to target more than 50,000 phone numbers in over 50 countries.
Two years later, we are still seeing new discoveries from investigations into past Pegasus usage. In March of 2023, the Washington post reported that at least 50 U.S. government employees had been the targets of Pegasus. On September 7th 2023, Citizen Lab discovered two apple device no-click zero-day vulnerabilities which were delivering NSO Group's Pegasus. Apple issued an emergency update following the discovery to patch the flaws used in the Pegasus attack chain.
These investigations make clear that software created for good purposes, can and often will be exploited for personal gain and malicious intentions. The stories described in the book push raw and compelling reasons why surveillance technologies are so dangerous in the wrong hands.
I highly recommend this book for anyone interested in IT or cyber. The book is written in terms easy to understand and the graphic descriptions make it a hard book to put down once your interested. This would be a great book for a class discussing ethical usages of cyber weapons and surveillance tools.
Purchase the book here: https://www.amazon.com/Pegasus-Threatens-Privacy-Dignity-Democracy/dp/B0C865BV33/
Connect with Alexis on LinkedIn: https://www.linkedin.com/in/alexis-julian-b81ab5116/
HOW TO DISAPPEAR
How to Disappear | Review by Alexis Julian
September 2023
Have you ever wondered what it takes to disappear? You can learn all the do's and dont's from retired skiptracers, Frank M. Ahearn and Eileen C. Horan in their book titled, "How to Disappear". This book was originally published in 2010, and I definitely felt some nostalgia from the different technologies it mentions.
Chapter six reviews all the technology and data you may have around your home. Starting with your wallet and pockets, the section describes how you may have an iPod in your pocket as you walk around the city and asks what information it may provide to someone trying to track you down. While I found it amusing thinking about how many people would still have an iPod - the same questions are applicable to the phone you now carry with you everywhere.
I loved the stories Ahearn describes throughout the book about his and Horan's adventures as skiptracers. It adds relevance to the instructions Ahearn details in each chapter. This includes one of the fundamentals - if you are actually interested in disappearing, whatever that reason may be, don't buy this book with a credit or debit card.
Ahearn walks readers through three different steps in disappearing - misinformation, disinformation, and reformation. The book is a comprehensive guide that discusses techniques that can be tailored to your situation. For example, someone wanting a bit more privacy is going to need to do a lot less than someone who is in witness protection or trying to escape a domestic situation. This book is also a great reference if you have your identity stolen - the more misinformation and disinformation out there about you, the less likely it would be for identity thieves to gather enough information about you to steal your identity.
Whatever the situation, this book is a great resource. I would recommend this book to anyone interested in what it takes to keep your online information private and anyone interested in disappearing. Overall, it was a really interesting read and I learned a lot more about skiptracers and how data is discovered and correlated about an individual to find them.
Purchase the book here: https://www.amazon.com/How-Disappear-Digital-Footprint-Without/dp/1493045288/ref=asc_df_1493045288/
Connect with Alexis on LinkedIn: https://www.linkedin.com/in/alexis-julian-b81ab5116/
ALL THE WAR THEY WANT
All the War They Want | Review by Alexis Julian
July 2023
This month I read 'All the War They Want: Special Operations Techniques for Winning in Cyber Warfare, Business, and Life' by Jeffrey J. Engle.
Engle is currently Chairman & President at Conquest Cyber. During his United States Army Special Operations career, he was awarded two bronze stars, the purple heart, the meritorious service medal, army commendation medal for valor, combat action badge, and the military free fall parachutist’s badge. In this book Engle writes about his experiences in U.S. military special operations and the approach he uses for problem solving.
Engle analyzes his problem-solving methods starting from preparation and planning all the way through execution, detailing all the conventional rules he believes are meant to be broken. Part one of the book is focused on his take of the Sun Tzu's 'Art of War' concepts of knowing the environment, enemy, and yourself. Engle describes how knowing these concepts are the baseline to building and expanding on what needs to be done.
In part two, Engle writes about presenting situations in a way that will excite others to join by utilizing motivating communications. The three chapters in this section describe a potential motivating strategy - "doing cool stuff", "stuff that makes an impact", and "doing stuff with people you like". Part three reviews the concept of eliminating any unnecessary information and simplifying the most pertinent information when communicating. Finally, in part four, Engle covers concepts on building and empowering an elite team at an organization including how to build team moral and have functional accountability.
Overall, this was a very thought provoking read. It would be a great book for leaders and managers in cyber who are interested in new problem-solving techniques and managing large scale operations.
Purchase this book on Amazon: https://www.amazon.com/All-War-They-Want-Operations-ebook/dp/B0BPMY1CT3
SANDWORM
Sandworm | Review by Alexis Julian
June 2023
For the month of May, I picked up the book, "Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers" by Andy Greenburg. The author is an award winning senior writer for WIRED. "Sandworm" earned numerous awards including the Gerald Loeb Award for International Reporting, a Sigma Delta Chi Award from the Society of Professional Journalists and the Cornelius Ryan Citation for Excellence from the Overseas Press Club.
In the first section of the book, Greenberg writes about Drew Robinson, John Hultiquist, and Robert Lee's involvement in identifying and piecing together Sandworm's history. The group Sandworm is an Advanced Persistent Threat operated by a cyber warfare unit of the GRU, Russia's military intelligence service. Hultiquist officially named Sandworm after Robinson found a link between different malware samples to "Dune" references.
Lee became the leader of all industrial control system threat discovery for the NSA at just 22 years old where he and his team tracked industrial control system hackers. In 2015, when Ukraine's power grid was attacked and caused widespread outages, Lee, Mike Assante and Tim Conway reviewed the hack and discovered the attack chain that pointed back to Sandworm being responsible.
That is just the beginning of the journey Greenburg takes readers on with this book. Greenburg masterfully tracks the history of the Russian backed hacker group that has perpetrated some of the most sophisticated and devastating cyber attacks in history. Detailing Sandworms involvement with EternalBlue, NotPetya, and the Shadow Brokers among many others.
Greenberg does an excellent job of weaving together the technical details of these cyberattacks with the stories of the people who were affected by them. He also provides a clear and concise explanation of the political and military implications of cyberwarfare. Greenberg's writing is a reminder that the world is increasingly reliant on technology, and that our reliance on technology makes us vulnerable to cyberattacks that could have catastrophic consequences.
I highly recommend Sandworm to those interested in the history of specific Advanced Persistent Threats, implications of cyber warfare, and historic cyber attacks. Greenburg tells the story of Sandworm like a thriller, it's engaging and suspenseful, leaving the reader guessing till the end. I personally found it difficult to put the book down once I started reading.
Purchase this book and others books from Andy at: https://andygreenberg.net
DARK TERRITORY
Dark Territory | Review by Alexis Julian
May 2023
'Dark Territory: The Secret History of Cyber War' by Fred Kaplan, originally published in 2016, is a thought-provoking book that explores the history of US cyber security and cyber warfare. Kaplan masterfully details the history of how the US government has responded and adapted to the ways cyber has changed information warfare.
Kaplan starts from the very beginning discussions and ideas surrounding cybers' role in information warfare; when President Reagan was in office and the movie 'War Games' had just premiered. President Reagan gathered a large group, composed of national security staff, members of Congress, the chairman of the joint chiefs of staff, and the secretaries of state, defense, and treasury, to discuss if the scenarios in 'War Games' could actually happen. Turned out, as we know now, that it is possible for someone to hack into a computer and steal sensitive data.
'Dark Territory' then expands on the key players, events, and technologies that have developed the field of cyber security. Some of the critical events include operation desert storm, the creation of TAO, the Aurora Generator Test, Stuxnet, and the Snowden Leaks. Kaplan also details the creation of different government organizations and the development of policies and presidential directives that have helped shape cyber security into what it is today.
In the afterword, Kaplan expands on important events post-publication, noting that the threat of cyber attacks has only grown. It highlights major cyber attacks including IoT distributed dental of service attacks and the Russian hacking of the 2016 US election. Kaplan also utilizes this section to argue that the US needs to take cyber security more seriously. He points out that Matt Devost predicted the Internet of Things in 1996, with the publication 'Information Terrorism: Can you trust your toaster?' I found this history interesting because in 2019 at a job fair, one of the booths introductory pitch was "Do you want to learn how to exploit toasters?"
The book provides intricate details that aren't found in others that I have read and really highlight the development of thinking towards new threats posed by cyber. I recommend this book to anyone interested in US military or government history, security practitioners, and those curious about the risks of cyber warfare. I found Dark Territory to be engaging, informative, and enlightening.
Purchase the book here: https://www.simonandschuster.com/books/Dark-Territory/Fred-Kaplan/9781476763262
CODE GIRLS
Code Girls | Review by Alexis Julian
April 2023
"Code Girls", by Liza Mundy recounts the invaluable contributions made by women to the field of cryptography during World War II. Each page is packed with a treasure trove of historical knowledge on the everyday lives of women code-breakers during the war.
Mundy vividly describes the tough living and working environments the girls dealt with. Oftentimes women lived in small apartments and had to "hot-swap" beds due to having more roommates than beds available. The women came to Washington in such large numbers that the public often grouped them together and called them G-Girls, for government girls. Mundy doesn't spare any uncomfortable details of the discriminatory practices towards working women throughout the book. Including that women who got pregnant were expected to quit, marriage was frowned upon, and during this time segregation was still implemented.
In the books' insert, Mundy has arranged a plethora of memorable photos, including that of a portable enigma machine, recruiting stations, historic buildings, and women code-breakers and families. The most notable, in my opinion, being the last photo of Dorothy Bruce and her family. It was taken during her ninety-seventh birthday party and describes how she still has reservations about saying certain words their oath of secrecy forbade.
I thoroughly enjoyed reading about the effort it took to endure the cryptanalysis positions. To crack cryptographic ciphers it takes a lot of focus, pattern analysis, and patience. In some situations breakthroughs could take months to achieve. Imagine looking at ciphers day after day for twelve hours shifts and not making any progress on solving the encoding method for months. I remember my college cryptography courses, it was infuriating not being able to crack a cipher for a week. The drive to be able to proudly say, "Hey I cracked this", was extremely motivating and was often the only reason to push through. For the women during world war two, their motivation came from knowing that cracking the code was integral to the success of the war. The codes represented life or death; without knowledge of the plaintext communications the military was ignorant to key enemy movements.
This book is a great read for those interested in military history, women's history, or cryptography. It also attributes notes on where facts were collected, a world war two timeline, and a glossary of code-breaking terms. With a reading group discussion guide also included, this book is an excellent option for educators and book clubs.
Purchase the book here: http://www.lizamundy.com/code-girls
THE CYBER ATTACK SURVIVAL GUIDE
The Cyber Attack Survival Guide | Review by Alexis Julian
March 2023
This month I read, "The Cyber Attack Survival Manual" by Heather Vescent and Nick Selby. At first glance, the layout and illustrations are beautifully created and captivating - credit to Eric Chow and Conor Buckley for their artwork.
Before diving into a book, I always read its blurb to get an idea of its content. The blurb for this book caught my attention with its promise to be "comprehensive, practical, and fact-filled", and I believe this description perfectly captures the essence of the book's content.
If you're worried about any kind of fraud, this book has got you covered. It covers all types of fraud, including identity theft, tax fraud, credit card fraud, benefits fraud, employment fraud, medical fraud, and more. Plus, it provides invaluable advice on how to reduce your risks before and after a fraud incident, as well as the essential steps to take if you do become a victim. Fraud is just one topic of this book, it goes over so much more.
It also delves into the world of IoT, providing an in-depth exploration of the risks and prevalence of these technologies. From smart home appliances and cars to wearable devices for both humans and pets, the level of detail in this section was truly impressive.
Each chapter concludes with a section called "The Takeaway" which provides a concise summary of the chapter's content. Not only does it offer a helpful summary of the chapter's content, but it's also presented in a unique and engaging format, with sections dedicated to 'the basics', 'advanced measures', and even the more extreme precautions of the 'tinfoil-hat brigade'.
I would recommend this book for high school students and college students; it would make a great textbook for class that focuses on different cyber attack methods. It's also a great read for parents, as it has a whole section dedicated to keeping kids safe online. All-in-all, this was a great read and I learned some great security awareness points to share with friends and family to help keep them safe and secure online.
Purchase the book here: https://www.simonandschuster.com/books/Cyber-Attack-Survival-Manual/Nick-Selby/9781681881751
THIS IS HOW THEY TELL ME THE WORLD ENDS
This is How They Tell Me the World Ends | Review by Alexis Julian
February 2023
"This is How They Tell Me the World Ends," by Nicole Perlroth takes a look at major historical cyber events such as stuxnet, Snowden leaks, and many previously classified government projects related to the underground zero-day market. Nicole covers cybersecurity and digital espionage for the New York Times. For those who may unfamiliar, a zero-day vulnerability is a vulnerability that is unknown to the parties responsible for patching or securing the affected software. In this book Nicole details her journey across the globe in search of answers to the uncomfortable questions weighing on her and frankly should be weighing on all cyber security professionals.
Are there any rules or laws to the cyberarms trade? How does someone rationalize the sale of Zero-days in technology they and their family use, domestic or foreign? Was the United States government involved in the zero-day market? Under what conditions will the government use the Zero-days it's stockpiled? But most importantly of all, in my opinion, how are they being protected?
Nicole keeps you captivated with each chapter bringing light to the mysterious trade. She also highlights the fear and uncertainty the Cyberarms trade has caused across the globe. This is sincerely detailed in a recount Nicole had with Tom Cook, the current CEO of Apple about the letters he was receiving from individuals in Germany about the consequences of weaponizing surveillance technologies:
"𝘈𝘯𝘥 𝘵𝘩𝘦 𝘸𝘰𝘳𝘥𝘴 𝘪𝘯 𝘵𝘩𝘦𝘴𝘦 𝘯𝘰𝘵𝘦𝘴 𝘸𝘦𝘳𝘦 𝘯𝘰𝘵 𝘮𝘦𝘳𝘦𝘭𝘺 𝘥𝘳𝘢𝘮𝘢𝘵𝘪𝘤 𝘢𝘯𝘥 𝘦𝘮𝘰𝘵𝘪𝘰𝘯𝘢𝘭. 𝘛𝘩𝘦𝘺 𝘸𝘦𝘳𝘦 𝘩𝘦𝘢𝘳𝘵𝘧𝘦𝘭𝘵. 𝘎𝘦𝘳𝘮𝘢𝘯𝘴 𝘩𝘢𝘥 𝘭𝘪𝘷𝘦𝘥 𝘵𝘩𝘳𝘰𝘶𝘨𝘩 𝘚𝘵𝘢𝘴𝘪 𝘴𝘶𝘳𝘷𝘦𝘪𝘭𝘭𝘢𝘯𝘤𝘦, 𝘸𝘩𝘦𝘯 𝘦𝘷𝘦𝘳𝘺 𝘸𝘰𝘳𝘬𝘱𝘭𝘢𝘤𝘦, 𝘶𝘯𝘪𝘷𝘦𝘳𝘴𝘪𝘵𝘺, 𝘢𝘯𝘥 𝘱𝘶𝘣𝘭𝘪𝘤 𝘷𝘦𝘯𝘶𝘦 𝘸𝘢𝘴 𝘮𝘰𝘯𝘪𝘵𝘰𝘳𝘦𝘥 𝘣𝘺 𝘴𝘰𝘭𝘥𝘪𝘦𝘳𝘴, 𝘢𝘯𝘢𝘭𝘺𝘴𝘪𝘴, 𝘵𝘪𝘯𝘺 𝘤𝘢𝘮𝘦𝘳𝘢𝘴, 𝘢𝘯𝘥 𝘮𝘪𝘤𝘳𝘰𝘱𝘩𝘰𝘯𝘦𝘴 𝘵𝘰 𝘳𝘰𝘰𝘵 𝘰𝘶𝘵 "𝘴𝘶𝘣𝘷𝘦𝘳𝘴𝘪𝘷𝘦 𝘪𝘯𝘥𝘪𝘷𝘪𝘥𝘶𝘢𝘭𝘴." 𝘚𝘪𝘹𝘵𝘺-𝘧𝘪𝘷𝘦 𝘺𝘦𝘢𝘳𝘴 𝘭𝘢𝘵𝘦𝘳, 𝘵𝘩𝘦 𝘩𝘰𝘳𝘳𝘰𝘳𝘴 𝘰𝘧 𝘌𝘢𝘴𝘵 𝘎𝘦𝘳𝘮𝘢𝘯𝘺'𝘴 𝘱𝘢𝘴𝘵 𝘸𝘦𝘳𝘦 𝘢𝘭𝘭 𝘵𝘰𝘰 𝘳𝘦𝘢𝘭."
As I finished up the book, I was still left with the same question Nicole asked in Chapter two, how is the stockpile of Zero-days being protected? The Snowden leaks in 2013 were the first to show Americans the secret global surveillance programs the NSA and the Five Eyes intelligence alliance were conducting, foreign and domestic; but it wasn't the last. Next came The Shadow Brokers who leaked complete NSA tools and working exploits online in 2016. Both instances make us wonder if the zero-day stockpile is truly secured appropriately.
I thoroughly recommend this book for security professionals, especially those interested in the prospects of Bug Bounty programs and penetration testing. While this read is anxiety inducing, it's important to learn about the history of decisions and events that make up where we are today to better ensure we can protect ourselves and our corporations into the future.
Purchase the book here: https://thisishowtheytellmetheworldends.com