What do you think?
Rate this book
Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet
In this disquieting cyber thriller, Joseph Menn takes readers into the murky hacker underground, traveling the globe from San Francisco to Costa Rica and London to Russia. His guides are California surfer and computer whiz Barrett Lyon and a fearless British high-tech agent. Through these heroes, Menn shows the evolution of cyber-crime from small-time thieving to sophisticated, organized gangs, who began by attacking corporate websites but increasingly steal financial data from consumers and defense secrets from governments. Using unprecedented access to Mob businesses and Russian officials, the book reveals how top criminals earned protection from the Russian government. Fatal System Error penetrates both the Russian cyber-mob and La Cosa Nostra as the two fight over the Internet's massive spoils. The cloak-and-dagger adventure shows why cyber-crime is much worse than you thought—and why the Internet might not survive.
249 pages, Hardcover
First published January 1, 2010
70 people are currently reading
1786 people want to read
About the author
Joseph Menn
6 books87 followersJoseph Menn’s fourth book, "Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World," was published in June 2019 by PublicAffairs and in paperback in June 2020. It tells the story of the oldest, most respected and most famous American hacking group of all time. Its members invented the concept of hacktivism, released both the top tool for cracking passwords and the reigning technique for controlling computers from afar, and spurred development of Edward Snowden’s anonymity tool of choice. With its origins in the earliest days of the Internet, the cDc is full of oddball characters-activists, artists, and musicians-who are now woven into the top ranks of the American establishment.
Hudson Booksellers named "Cult of the Dead Cow" one of the 10 best nonfiction books of the year, and the Wall Street Journal called it one of the five cybersecurity books everyone should read. The New York Times Book Review called it "an invaluable resource...The tale of this small but influential group is a hugely important piece of the puzzle for anyone who wants to understand the forces shaping the internet age.”
Menn's "Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet," was published in 2010. Part true-life thriller and part expose, it became an immediate bestseller, with Menn interviewed on national television and radio programs in the US, Canada and elsewhere. Menn has spoken at major security conferences on his findings, which include hard evidence that the governments of Russia and China are protecting and directing the behavior of some of the world’s worst cyber-criminals.
“Fatal System Error accurately reveals the secretive global cyber cartels and their hidden multibillion-dollar business, proving cybercrime does pay and pays well,” said Richard A. Clarke, special advisor to President George W. Bush for cyber security and author of Against All Enemies: Inside America’s War on Terror. The New Yorker magazine said it was “riveted” by the tale, comparing it to the novels of Stieg Larsson.
Menn is an investigative reporter on cybersecurity at Reuters and formerly worked at the Financial Times and the Los Angeles Times, He is a three-time finalist for the Loeb Award, the most prestigious in financial journalism, and a ghree-time winner of a "Best in Business" award from the Society of American Business Editors and Writers.
His previous books include "All the Rave: The Rise and Fall of Shawn Fanning’s Napster," the definitive 2003 work selected as a book-of-the-year finalist by the trade group Investigative Reporters & Editors Inc. All the Rave reversed the conventional wisdom on what had been the most exhaustively covered start-up of the era. The New York Times wrote that All the Rave "provides a well-documented history of one of the most celebrated collapses of the Internet. But it goes far deeper, giving an inside account of the creation of Napster, the battle for its control and the maneuvering by big Silicon Valley names to try to turn music piracy into gold."
Menn is also co-author of The People vs. Big Tobacco: How the States Took on the Cigarette Giants (1998) and a principal editor of The Chronology: The Documented Day-by-Day Account of the Secret Military Assistance to Iran and the Contras (1987). He was taught advanced technology and business writing at the University of California at Berkeley’s graduate school of journalism and lectured at other universities and conferences.
Menn began his professional career at The Charlotte (N.C.) Observer. He grew up in the Boston area and graduated with honors from Harvard College, where he was executive editor of The Harvard Crimson.
Hudson Booksellers named "Cult of the Dead Cow" one of the 10 best nonfiction books of the year, and the Wall Street Journal called it one of the five cybersecurity books everyone should read. The New York Times Book Review called it "an invaluable resource...The tale of this small but influential group is a hugely important piece of the puzzle for anyone who wants to understand the forces shaping the internet age.”
Menn's "Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet," was published in 2010. Part true-life thriller and part expose, it became an immediate bestseller, with Menn interviewed on national television and radio programs in the US, Canada and elsewhere. Menn has spoken at major security conferences on his findings, which include hard evidence that the governments of Russia and China are protecting and directing the behavior of some of the world’s worst cyber-criminals.
“Fatal System Error accurately reveals the secretive global cyber cartels and their hidden multibillion-dollar business, proving cybercrime does pay and pays well,” said Richard A. Clarke, special advisor to President George W. Bush for cyber security and author of Against All Enemies: Inside America’s War on Terror. The New Yorker magazine said it was “riveted” by the tale, comparing it to the novels of Stieg Larsson.
Menn is an investigative reporter on cybersecurity at Reuters and formerly worked at the Financial Times and the Los Angeles Times, He is a three-time finalist for the Loeb Award, the most prestigious in financial journalism, and a ghree-time winner of a "Best in Business" award from the Society of American Business Editors and Writers.
His previous books include "All the Rave: The Rise and Fall of Shawn Fanning’s Napster," the definitive 2003 work selected as a book-of-the-year finalist by the trade group Investigative Reporters & Editors Inc. All the Rave reversed the conventional wisdom on what had been the most exhaustively covered start-up of the era. The New York Times wrote that All the Rave "provides a well-documented history of one of the most celebrated collapses of the Internet. But it goes far deeper, giving an inside account of the creation of Napster, the battle for its control and the maneuvering by big Silicon Valley names to try to turn music piracy into gold."
Menn is also co-author of The People vs. Big Tobacco: How the States Took on the Cigarette Giants (1998) and a principal editor of The Chronology: The Documented Day-by-Day Account of the Secret Military Assistance to Iran and the Contras (1987). He was taught advanced technology and business writing at the University of California at Berkeley’s graduate school of journalism and lectured at other universities and conferences.
Menn began his professional career at The Charlotte (N.C.) Observer. He grew up in the Boston area and graduated with honors from Harvard College, where he was executive editor of The Harvard Crimson.
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 30 of 101 reviews
April 17, 2010
When I started making entries for GoodReads, I noted that the 5-step rating system was flawed, in that the lowest rating had to be for books so bad that I would in effect be telling people not to bother with these, and that the highest rating had to be for must-read books I felt everyone should read. This left only the three intermediate ratings, which hence automatically meant that the middle 3-star rating had to be for books that ranged from acceptable to well worth reading, the preceding 2-star rating had to be for books that were not the worst I had seen but provided little in the way of entertainment of worthwhile knowledge, and the remaining 4-star rating had to be for books that were better than average but not quite in the must-read category. This book gets five stars; it is an absolute must-read, especially for anyone who has anything to do with computers, and I wish I had the money and wherewithal to send copies to President Obama and every member of Congress--and the wherewithal to force them to read it.
Joseph Menn was a business writer for ten years at the Los Angeles Times and left there last year to join the London-based Financial Times in San Francisco. This book grew out of his investigative reporting work at the Times, where he became acquainted with the activities of Barrett Lyon, a California computer whiz who started his own company in his early 20s to provide computer network security to businesses that were being hacked or otherwise attacked by cyber criminals. Lyon soon realized that the people providing the financial support for his company were also criminals--and, moreover, that his company was being used to protect the computer networks of criminal gangs involved in botnet piracy and other nefarious activities. Lyon on his own started tracking these people though the networks, finding that many of them were Russian teenagers. As part of this investigation, he came into contact with an English police officer, named Andy Crocker, who was doing the same sort of investigation but on an official basis, rather than as a private hobby. Together, although very much acting separately, the two began to home in on the bad guys, watching as they moved from simple hacking to denial-of-service ransom schemes, then to identify theft, and finally to government-supported cyber attacks on other nations.
All of that provides an astonishingly engrossing story that almost reads as a novel, combined with fascinating accounts of police/government indifference and the growing interaction between the teenage hackers and the established underworld ... but the story is really just background for some blood-curdling conclusions that Menn draws at the end of the book with respect to our susceptibility to cyber-attacks by Chinese and Russian government-supported technologists. On the one hand, I decided very early in the book that I would never play online poker; on the other hand, I am now close to being afraid to connect to the Internet at all!
This book was written by a science reporter who knows how to talk about technical subjects without being so technical that his readers cannot understand what he is saying, and who interviewed most of the people being discussed, both good and bad, here and abroad. Underlying the easy-reading prose style is a vast background of research, well-documented at the end of the book. Everyone should read it--and then write to his/her political representatives to demand that something be done about the known dangers before it is too late.
Joseph Menn was a business writer for ten years at the Los Angeles Times and left there last year to join the London-based Financial Times in San Francisco. This book grew out of his investigative reporting work at the Times, where he became acquainted with the activities of Barrett Lyon, a California computer whiz who started his own company in his early 20s to provide computer network security to businesses that were being hacked or otherwise attacked by cyber criminals. Lyon soon realized that the people providing the financial support for his company were also criminals--and, moreover, that his company was being used to protect the computer networks of criminal gangs involved in botnet piracy and other nefarious activities. Lyon on his own started tracking these people though the networks, finding that many of them were Russian teenagers. As part of this investigation, he came into contact with an English police officer, named Andy Crocker, who was doing the same sort of investigation but on an official basis, rather than as a private hobby. Together, although very much acting separately, the two began to home in on the bad guys, watching as they moved from simple hacking to denial-of-service ransom schemes, then to identify theft, and finally to government-supported cyber attacks on other nations.
All of that provides an astonishingly engrossing story that almost reads as a novel, combined with fascinating accounts of police/government indifference and the growing interaction between the teenage hackers and the established underworld ... but the story is really just background for some blood-curdling conclusions that Menn draws at the end of the book with respect to our susceptibility to cyber-attacks by Chinese and Russian government-supported technologists. On the one hand, I decided very early in the book that I would never play online poker; on the other hand, I am now close to being afraid to connect to the Internet at all!
This book was written by a science reporter who knows how to talk about technical subjects without being so technical that his readers cannot understand what he is saying, and who interviewed most of the people being discussed, both good and bad, here and abroad. Underlying the easy-reading prose style is a vast background of research, well-documented at the end of the book. Everyone should read it--and then write to his/her political representatives to demand that something be done about the known dangers before it is too late.
March 18, 2010
I wasn't sure what to expect from this book, but read it based on reviews. I'm aware that I am bucking the trend here, but I didn't much care for this book.
First of all, the book desperately needed a technical editor. The author used an extensive technical vocabulary, but frequently misused terms. As one who works with technology, I found this distracting. I wasn't expecting a technical manual, but did expect the book to be accurate.
More importantly, however, the author failed to capture the excitement of the stories he told. This is not to say that the stories are not interesting (in fact they are), just that Menn's rendition of them is not interesting. This book covered some extremely interesting, creepy, frightening, and heroic personalities. Menn's depiction of them felt as superficial and stereotypical as a low-budget miniseries.
I actually agree with those reviews that say this book reads like thriller fiction, and not non-fiction. Stylisticly, it is certainly more John Grisham than Thomas Friedman. Somehow, Menn captured the worst of both genre's here.
First of all, the book desperately needed a technical editor. The author used an extensive technical vocabulary, but frequently misused terms. As one who works with technology, I found this distracting. I wasn't expecting a technical manual, but did expect the book to be accurate.
More importantly, however, the author failed to capture the excitement of the stories he told. This is not to say that the stories are not interesting (in fact they are), just that Menn's rendition of them is not interesting. This book covered some extremely interesting, creepy, frightening, and heroic personalities. Menn's depiction of them felt as superficial and stereotypical as a low-budget miniseries.
I actually agree with those reviews that say this book reads like thriller fiction, and not non-fiction. Stylisticly, it is certainly more John Grisham than Thomas Friedman. Somehow, Menn captured the worst of both genre's here.
June 7, 2011
Thank goodness for Goodreads reviews and bookswap. Reading the prior reviews I had low expectations for this book, and through swap I only wasted money on the postage.
The book can almost be divided into 3 segments. The author seems to only have interviewed two main participants against internet crime, and came away with an incomplete and incoherent understanding of any details of the problem. He almost attributes all the evil on the internet as having a denial of service as the source. Even during the second part of the book, which included the topic of identity theft, he was attributing most of the theft activity to DDoS. I think he just like to bring up the acronym.
Some of the problems I had with the book :
1. There were 90 pages attributed to crimes of US mafia figures, in which the dollar amounts of each occurrence were laboriously spelled out like a Bob Cratchet accountant listing personal losses and moaning about the inability of the FBI to pursue the Gumbas and delegate justice. Literary style could have been extended to a two-page spreadsheet report detailing the who, how, and how much figures. This segment of the book generated the feeling of watching a Godfather marathon movie session, and I felt really diverged from the intent of discussing internet crime in terms of how the internet is the enabling tool. I already suspected that mules carry money, people get killed, and identities are just handles to hide behind.
2. The swashbuckling crime fighting DDoS buster had a girlfriend to whom a few pages were wasted on. Since she was irrelevant to the overall topic, she could have been mentioned once for background, and not introduced as what might have become a significant character (but never did).
3. The mechanics of defeating a DDos attack were never detailed. The server farm set up in Phoenix had the bandwidth and number of servers to defeat an attack, but there were no details provided as to why it was specifically set up in Phoenix, what its components were, and how a direct attack defense was managed.
4. Because the author seemed obsessed with DDoS, he mentioned bots and botnets at least once on every 3rd page. He never described a bot to the laymen. He never made it clear whether a bot could consist of a virtual machine created for a purpose, or whether it had to be an independent 3rd party box belonging to an unsuspecting bystander. The author never fully explained the mechanics of a trojan horse implant, and didn't clarify the difference between a virus and trojan horse. He also never explained what can be done at the individual user level to fend off trojans and viruses, except in a short subject dealing with phishing emails generated by spam during --- DDoS attacks. He never clarified that DDoS isn't necessary for phishing, and neither are bots.
5. Only once was it mentioned that one group switched to Macs because they seemed less susceptible to attack. He mentioned at least twice that you can't sue Microsoft for providing a faulty OS combined with a poorly updated integrated browser, because purchasing a machine with Windows provides only a license to use the software and provides no firm sale transaction in which a person owns the software running on the hardware that they do own. He did mention the Microsoft monopoly on the OS, but failed to mention that Microsoft was prosecuted in conjunction with monopolistic powers only related to installation of a browser. It was never mentioned that Microsoft to this day controls hardware vendor access to Windows, and if the hardware companies dare install anything else but Windows or MS products, they will be heavily penalized in regard to being able to install Windows. If anyone says the Dell sells Linux, I must say that I've only ever been able to find minimal hardware boxes in the very basic desktop configuration, and in selecting one of those choices, there is a radio selection button for the OS that would full form advance to a Windows selection. Phone inquiries were even worse at the individual customer level. Only institutional server customers could purchase equipment with Linux pre-installed. Same story at all vendors except Lenovo, and then only through individual providers.
6. The author in the last 50 pages provides a conglomerated synopsis of headline events and trends regarding contemporary internet warfare across national borders. China is mentioned as a war opponent in cyberhacking, but it is never mentioned that China manufactures a significant volume of the circuitry used in electronics and could very easily, using the subversion techniques described by R.J. Pineiro, hide logic bombs and covert data skimmers within circuit boards and components. This could happen to Apple and all the phone manufacturers, so that their equipment could be subverted despite the installed software. Of course the title of the book was "the hunt for the internet crime lords", so hardware subversion might have been beyond the scope.
7. Since the title was the "hunt for the New Crime Lords who are bringing down the internet", some credit must be given to the author for remaining in the hunt venue, and not providing the extraneous technical details that readers might be led to expect by the book-cover blurb adulations such as "A fascinating high-tech whodunit". The high tech here would be synonymous to an interstate highway providing speeders the ability to go faster.
8. The middle segment dealing with a physical legal pursuit presence in Russia, was in my opinion the redeeming revelation of the book. Life in Russia has never been painted as a Disneyland experience, but the adverse conditions both politically and physically presented here, really underscored the futility of pursuit of Soviet area bad guys in their home territory.
The book can almost be divided into 3 segments. The author seems to only have interviewed two main participants against internet crime, and came away with an incomplete and incoherent understanding of any details of the problem. He almost attributes all the evil on the internet as having a denial of service as the source. Even during the second part of the book, which included the topic of identity theft, he was attributing most of the theft activity to DDoS. I think he just like to bring up the acronym.
Some of the problems I had with the book :
1. There were 90 pages attributed to crimes of US mafia figures, in which the dollar amounts of each occurrence were laboriously spelled out like a Bob Cratchet accountant listing personal losses and moaning about the inability of the FBI to pursue the Gumbas and delegate justice. Literary style could have been extended to a two-page spreadsheet report detailing the who, how, and how much figures. This segment of the book generated the feeling of watching a Godfather marathon movie session, and I felt really diverged from the intent of discussing internet crime in terms of how the internet is the enabling tool. I already suspected that mules carry money, people get killed, and identities are just handles to hide behind.
2. The swashbuckling crime fighting DDoS buster had a girlfriend to whom a few pages were wasted on. Since she was irrelevant to the overall topic, she could have been mentioned once for background, and not introduced as what might have become a significant character (but never did).
3. The mechanics of defeating a DDos attack were never detailed. The server farm set up in Phoenix had the bandwidth and number of servers to defeat an attack, but there were no details provided as to why it was specifically set up in Phoenix, what its components were, and how a direct attack defense was managed.
4. Because the author seemed obsessed with DDoS, he mentioned bots and botnets at least once on every 3rd page. He never described a bot to the laymen. He never made it clear whether a bot could consist of a virtual machine created for a purpose, or whether it had to be an independent 3rd party box belonging to an unsuspecting bystander. The author never fully explained the mechanics of a trojan horse implant, and didn't clarify the difference between a virus and trojan horse. He also never explained what can be done at the individual user level to fend off trojans and viruses, except in a short subject dealing with phishing emails generated by spam during --- DDoS attacks. He never clarified that DDoS isn't necessary for phishing, and neither are bots.
5. Only once was it mentioned that one group switched to Macs because they seemed less susceptible to attack. He mentioned at least twice that you can't sue Microsoft for providing a faulty OS combined with a poorly updated integrated browser, because purchasing a machine with Windows provides only a license to use the software and provides no firm sale transaction in which a person owns the software running on the hardware that they do own. He did mention the Microsoft monopoly on the OS, but failed to mention that Microsoft was prosecuted in conjunction with monopolistic powers only related to installation of a browser. It was never mentioned that Microsoft to this day controls hardware vendor access to Windows, and if the hardware companies dare install anything else but Windows or MS products, they will be heavily penalized in regard to being able to install Windows. If anyone says the Dell sells Linux, I must say that I've only ever been able to find minimal hardware boxes in the very basic desktop configuration, and in selecting one of those choices, there is a radio selection button for the OS that would full form advance to a Windows selection. Phone inquiries were even worse at the individual customer level. Only institutional server customers could purchase equipment with Linux pre-installed. Same story at all vendors except Lenovo, and then only through individual providers.
6. The author in the last 50 pages provides a conglomerated synopsis of headline events and trends regarding contemporary internet warfare across national borders. China is mentioned as a war opponent in cyberhacking, but it is never mentioned that China manufactures a significant volume of the circuitry used in electronics and could very easily, using the subversion techniques described by R.J. Pineiro, hide logic bombs and covert data skimmers within circuit boards and components. This could happen to Apple and all the phone manufacturers, so that their equipment could be subverted despite the installed software. Of course the title of the book was "the hunt for the internet crime lords", so hardware subversion might have been beyond the scope.
7. Since the title was the "hunt for the New Crime Lords who are bringing down the internet", some credit must be given to the author for remaining in the hunt venue, and not providing the extraneous technical details that readers might be led to expect by the book-cover blurb adulations such as "A fascinating high-tech whodunit". The high tech here would be synonymous to an interstate highway providing speeders the ability to go faster.
8. The middle segment dealing with a physical legal pursuit presence in Russia, was in my opinion the redeeming revelation of the book. Life in Russia has never been painted as a Disneyland experience, but the adverse conditions both politically and physically presented here, really underscored the futility of pursuit of Soviet area bad guys in their home territory.
November 16, 2017
Think about how hard it is to report on Soviet cyber security, and how brace both Menn and his sources are. This is one of the few books that actually reports real events and real threats, while reading like an adventure novel.
It's not perfectly written/edited, and I would have chosen different topics/emphasis. But Menn wrote about the evidence and relationships he actually had at the time, so he should just be commended for what he was able to accomplish and report.
It's not perfectly written/edited, and I would have chosen different topics/emphasis. But Menn wrote about the evidence and relationships he actually had at the time, so he should just be commended for what he was able to accomplish and report.
June 25, 2012
Some interesting stuff in here, mainly around organized crime linked-hackers using botnets to extort "grey market" businesses (gambling, porn, etc) via distributed denial of service attacks. I find that whole ecosystem fascinating.
The book goes into detail about the various scandals that happened w/ online poker (remember how that was a huge thing? I had a friend who bought a motorcycle that way and another who made his living that way) i.e.
The Absolute Poker Cheating Scandal Blown Wide Open
Bot Ring Discoverd at Poker Stars
It makes a good case for the involvement of Russian gangsters in various malware scams... I hadn't heard of Russian Business Network until reading this. Those are some shady dudes. You have to respect Russian mobsters cos they don't just launder money, they OWN THE BANK. That's gangsta!
This is a good companion piece to Kingpin . Better actually. My only complaint is that the book's title is stupid.
The book goes into detail about the various scandals that happened w/ online poker (remember how that was a huge thing? I had a friend who bought a motorcycle that way and another who made his living that way) i.e.
The Absolute Poker Cheating Scandal Blown Wide Open
Bot Ring Discoverd at Poker Stars
It makes a good case for the involvement of Russian gangsters in various malware scams... I hadn't heard of Russian Business Network until reading this. Those are some shady dudes. You have to respect Russian mobsters cos they don't just launder money, they OWN THE BANK. That's gangsta!
This is a good companion piece to Kingpin . Better actually. My only complaint is that the book's title is stupid.
April 19, 2011
Positively chilling to realize how rampant crime is on the Internet, perpetrated by both criminals and foreign governments. Startling also to realize how big a target we Americans are--again, both for criminals and for foreign governments. Reading this will help you understand how treacherous the Internet is, and help you imagine how many people are gunning for your credit card numbers, your money, and your identity.
This book also portrayed how easily criminals get away with what they're doing, simply because law enforcement in their countries is inept, lackadaisical, or (more often) complicit. The playground ain't level.
This book was long on personal details and short on technical details, which left me wanting. I read so many Russian names that I started to append "-ovich" to my children's names, but didn't gain any better understanding into how these miscreants perpetrate their attacks or, more importantly, how to defend against them. I guess that wasn't the point of this book, but I wish it were.
This book also portrayed how easily criminals get away with what they're doing, simply because law enforcement in their countries is inept, lackadaisical, or (more often) complicit. The playground ain't level.
This book was long on personal details and short on technical details, which left me wanting. I read so many Russian names that I started to append "-ovich" to my children's names, but didn't gain any better understanding into how these miscreants perpetrate their attacks or, more importantly, how to defend against them. I guess that wasn't the point of this book, but I wish it were.
April 6, 2010
A pretty good and engaging read. Well, if you know what they're talking about. Otherwise, you probably won't like it.
February 17, 2020
A guy who sees computers pretty much like a Lord of the Rings spin off with wizards and orcs. And writing is not Menn's forte.
December 22, 2015
Fatal System Error is an absolutely scary as shit, totally frightening book about today’s hackers and their ties to the Russian mob and how billions of US dollars in terms of identity theft and credit card fraud make their way to the Russian Mafia through this new breed of hacker. The author is a technology journalist who is a decent writer and the book could have been good, and at times, is, but it has some major flaws as well. First through, Menn, the author, traces the lives and paths of new cybercrime fighters in America and Britain, Barrett Lyon and Andy Crocker, as they develop ways to defend against hacker attacks and ultimately carry the battle to them. What they find out and how they did it is shocking.
Lyon, a young California computer geek helped a friend’s company stop something called a DDOS attack (denial-of-service) in the early 2000s. This was fairly new and some hackers had figured out they could start using their computers and other people’s computers in what later became known as bots and botnets to flood a person or company’s single server with data requests, thus bringing it down and bringing it offline. They initially started doing this to offshore gambling sites, where there was majorly big money to be made, and they demanded “ransoms” of some $5,000, $10,000, $20,0000, and as time went by, as much as $200,000, payable in hours, or else these sites would be shut down on a big game day and these betting sites would lose many millions of dollars. One of these major gambling sites heard about what Lyon had done and hired him to quickly defeat a DDOS attack against its company, which Lyon did. The thing I don’t really understand, since this became Lyon’s thing and since the author made such a big deal about this for about half the book and made such a big deal about Lyon’s computer genius, is that it seems to me that Lyon merely obtained and later bought large server farms to build up bandwidth and capacity to defeat the DDOS attacks – and it worked. But that’s not genius! Anyone could figure that out! That’s just brute force defense. There’s no brilliant coding. There’s not even any brilliant networking. No virus traps, no Trojans, no sniffers, nothing. Just server farms. Okay, whatever. He started his own company, with the backing of a number of these gambling companies he was now working for, all offshore, and which he rather stupidly and naively didn’t realize were themselves criminals, er, US mobsters. So, he started his own business with mob money. At some point, he rats them out, loses his business, somehow survives, starts a new business, and discovers that the world of hacking has passed him by, as DDOS is a thing of the past and he has to catch up if he’s going to sell his security skills. Lyon at some point started tracking hackers though various networks, finding that many of them were Russian punks, just teens. As part of this investigation, he came into contact with an English policeman named Andy Crocker, who was doing the same sort of investigation, but on an official basis for his government. Simultaneously, though acting independently, the two began to move in on the “bad” guys, watching as they transitioned from basic hacking to DDOS ransom schemes, then to identify theft and credit card fraud, and finally to government-sponsored cyber attacks on other governments and multinational corporations.
Andy Crocker was a British policeman, former military, now working a national task force dedicated to eliminating Internet crime. As noted, he came across Lyon while researching these hackers who were also hitting British gambling companies. He traced them, like Lyon, to Russia and other Eastern European countries, such as Kazakhstan, Latvia, and Estonia. Like Lyon, he was able to trace the originators of some of these DDOS attacks to actual hackers and found out some of their true identities and locations. He actually traveled to Russia to begin a cooperative effort with the FSB and MVD to locate, arrest, and prosecute these Russian hackers. And although it took great effort and a hell of a long time, they got three of the prominent ones, all young kids who had done a hell of a lot of damage and were responsible for millions of dollars of theft and destruction. But they obviously weren’t the only ones, by far. There were thousands of others and these were low level hackers. They wanted to go after bigger ones. And to their dismay, they found they couldn’t. One they tried to get was the son of the province’s police chief and he was untouchable. The biggest, someone called King Arthur, who was allegedly making a million a day, was unknown and unreachable and was a god in the hacking world. They eventually found his country and he was also untouchable. Andy was told by everyone that no one could go after him. That no one could arrest him, sorry. Someone big was looking out for him. Crocker came to the conclusion that either the Russian mob and or, and more likely, the Russian government was using and protecting the big Russian hackers. It was depressing. In fact, after Crocker returned to England, the Russian prosecutor of these hackers who was so gung ho about prosecuting more Russian hackers was found murdered!
Another depressing thing was just how deeply into Russian society this world of hacking and cybercrime runs. Apparently, St. Petersburg is a monster crime haven. Apparently there’s a mob organization so big and so powerful and so feared that they brazenly run ads advertising their services and skills openly and offer a home to over 100 big league hackers, carders, virus makers, botnet owners, scammers, spammers, crackers, etc. It’s called the Russian Business Network (RBN), and although it’s theoretically merely a network provider, it’s widely thought to be a government-sponsored, mob controlled crime syndicate that is extremely violent, horrendously violent, and very dangerous. And there’s not a damn thing anyone can do about it. It’s completely protected. It seems that virtually everything seriously big, bad, and evil goes through the RBN. No one can penetrate it. It’s a god.
The book goes on to assert that the battle against hackers and cybercrime has essentially been lost. That those who argue that real-time, live use of credit cards is riskier than online use are insane and dead wrong (which is interesting, cause I just read a carding book by uberhacker and now-Wired editor Kevin Poulsen stating this very assertion the author’s denying). That over 30% of America’s credit card numbers, as well as Social Security card numbers and other forms of ID, are in the hands of the Russian mobsters. This book was written in 2010. I imagine if this was true then, it’s probably worse now. It’s depressing as hell. Still, the two times I’ve been victimized by credit card fraud and theft, it’s not been online; it’s been live use theft.
The thing that really irritated me about this book, though, was that the author relied virtually exclusively on these two “experts” (one of whom I question is actually even a real expert) to write the book. Shouldn’t he have sought out sources from CERT, the much maligned (in this book) FBI, Secret Service, FBS (since he went there), big name hackers (go to the source), white hat hackers, other security professionals, etc.? Why rely on two people who may have had five years of varying degrees of success in the mid-2000s, neither of which I’ve ever heard of, and I’ve heard of many major security professionals, when there are so many sources to choose from? It seems short sighted and it seems like you’re limiting your book and your readers’ educations and experiences. I don’t like it. But that’s what he chose to do, so that’s what I have to live with. Still, I dislike it so much, and I dislike the fact that he focuses so damn much of the book on one figure who focuses almost exclusively on a hacking technique (DDOS) that went out of style even before the mid-2000s, that I’m knocking the book down from four stars max to three max. This could and should have been a much better and broader book and it wasn’t. I think the author did the reader a grave disservice. Not a great book with unusual sources, but slightly recommended if you want to wake up sweating in the middle of the night.
I found a number of interesting reviews, one of which impressed me so much, that I’m going to print it here without the author’s knowledge or permissions, but while giving him full credit and hoping he approves. I think he makes some excellent points about the book and they’re worth reading.
Joe White rated it did not like it · review of another edition
Shelves: on-shelf, techread
One star
Thank goodness for Goodreads reviews and bookswap. Reading the prior reviews I had low expectations for this book, and through swap I only wasted money on the postage.
The book can almost be divided into 3 segments. The author seems to only have interviewed two main participants against internet crime, and came away with an incomplete and incoherent understanding of any details of the problem. He almost attributes all the evil on the internet as having a denial of service as the source. Even during the second part of the book, which included the topic of identity theft, he was attributing most of the theft activity to DDoS. I think he just like to bring up the acronym.
Some of the problems I had with the book :
1. There were 90 pages attributed to crimes of US mafia figures, in which the dollar amounts of each occurrence were laboriously spelled out like a Bob Cratchet accountant listing personal losses and moaning about the inability of the FBI to pursue the Gumbas and delegate justice. Literary style could have been extended to a two-page spreadsheet report detailing the who, how, and how much figures. This segment of the book generated the feeling of watching a Godfather marathon movie session, and I felt really diverged from the intent of discussing internet crime in terms of how the internet is the enabling tool. I already suspected that mules carry money, people get killed, and identities are just handles to hide behind.
2. The swashbuckling crime fighting DDoS buster had a girlfriend to whom a few pages were wasted on. Since she was irrelevant to the overall topic, she could have been mentioned once for background, and not introduced as what might have become a significant character (but never did).
3. The mechanics of defeating a DDos attack were never detailed. The server farm set up in Phoenix had the bandwidth and number of servers to defeat an attack, but there were no details provided as to why it was specifically set up in Phoenix, what its components were, and how a direct attack defense was managed.
4. Because the author seemed obsessed with DDoS, he mentioned bots and botnets at least once on every 3rd page. He never described a bot to the laymen. He never made it clear whether a bot could consist of a virtual machine created for a purpose, or whether it had to be an independent 3rd party box belonging to an unsuspecting bystander. The author never fully explained the mechanics of a trojan horse implant, and didn't clarify the difference between a virus and trojan horse. He also never explained what can be done at the individual user level to fend off trojans and viruses, except in a short subject dealing with phishing emails generated by spam during --- DDoS attacks. He never clarified that DDoS isn't necessary for phishing, and neither are bots.
5. Only once was it mentioned that one group switched to Macs because they seemed less susceptible to attack. He mentioned at least twice that you can't sue Microsoft for providing a faulty OS combined with a poorly updated integrated browser, because purchasing a machine with Windows provides only a license to use the software and provides no firm sale transaction in which a person owns the software running on the hardware that they do own. He did mention the Microsoft monopoly on the OS, but failed to mention that Microsoft was prosecuted in conjunction with monopolistic powers only related to installation of a browser. It was never mentioned that Microsoft to this day controls hardware vendor access to Windows, and if the hardware companies dare install anything else but Windows or MS products, they will be heavily penalized in regard to being able to install Windows. If anyone says the Dell sells Linux, I must say that I've only ever been able to find minimal hardware boxes in the very basic desktop configuration, and in selecting one of those choices, there is a radio selection button for the OS that would full form advance to a Windows selection. Phone inquiries were even worse at the individual customer level. Only institutional server customers could purchase equipment with Linux pre-installed. Same story at all vendors except Lenovo, and then only through individual providers.
6. The author in the last 50 pages provides a conglomerated synopsis of headline events and trends regarding contemporary internet warfare across national borders. China is mentioned as a war opponent in cyberhacking, but it is never mentioned that China manufactures a significant volume of the circuitry used in electronics and could very easily, using the subversion techniques described by R.J. Pineiro, hide logic bombs and covert data skimmers within circuit boards and components. This could happen to Apple and all the phone manufacturers, so that their equipment could be subverted despite the installed software. Of course the title of the book was "the hunt for the internet crime lords", so hardware subversion might have been beyond the scope.
7. Since the title was the "hunt for the New Crime Lords who are bringing down the internet", some credit must be given to the author for remaining in the hunt venue, and not providing the extraneous technical details that readers might be led to expect by the book-cover blurb adulations such as "A fascinating high-tech whodunit". The high tech here would be synonymous to an interstate highway providing speeders the ability to go faster.
8. The middle segment dealing with a physical legal pursuit presence in Russia, was in my opinion the redeeming revelation of the book. Life in Russia has never been painted as a Disneyland experience, but the adverse conditions both politically and physically presented here, really underscored the futility of pursuit of Soviet area bad guys in their home territory.
Lyon, a young California computer geek helped a friend’s company stop something called a DDOS attack (denial-of-service) in the early 2000s. This was fairly new and some hackers had figured out they could start using their computers and other people’s computers in what later became known as bots and botnets to flood a person or company’s single server with data requests, thus bringing it down and bringing it offline. They initially started doing this to offshore gambling sites, where there was majorly big money to be made, and they demanded “ransoms” of some $5,000, $10,000, $20,0000, and as time went by, as much as $200,000, payable in hours, or else these sites would be shut down on a big game day and these betting sites would lose many millions of dollars. One of these major gambling sites heard about what Lyon had done and hired him to quickly defeat a DDOS attack against its company, which Lyon did. The thing I don’t really understand, since this became Lyon’s thing and since the author made such a big deal about this for about half the book and made such a big deal about Lyon’s computer genius, is that it seems to me that Lyon merely obtained and later bought large server farms to build up bandwidth and capacity to defeat the DDOS attacks – and it worked. But that’s not genius! Anyone could figure that out! That’s just brute force defense. There’s no brilliant coding. There’s not even any brilliant networking. No virus traps, no Trojans, no sniffers, nothing. Just server farms. Okay, whatever. He started his own company, with the backing of a number of these gambling companies he was now working for, all offshore, and which he rather stupidly and naively didn’t realize were themselves criminals, er, US mobsters. So, he started his own business with mob money. At some point, he rats them out, loses his business, somehow survives, starts a new business, and discovers that the world of hacking has passed him by, as DDOS is a thing of the past and he has to catch up if he’s going to sell his security skills. Lyon at some point started tracking hackers though various networks, finding that many of them were Russian punks, just teens. As part of this investigation, he came into contact with an English policeman named Andy Crocker, who was doing the same sort of investigation, but on an official basis for his government. Simultaneously, though acting independently, the two began to move in on the “bad” guys, watching as they transitioned from basic hacking to DDOS ransom schemes, then to identify theft and credit card fraud, and finally to government-sponsored cyber attacks on other governments and multinational corporations.
Andy Crocker was a British policeman, former military, now working a national task force dedicated to eliminating Internet crime. As noted, he came across Lyon while researching these hackers who were also hitting British gambling companies. He traced them, like Lyon, to Russia and other Eastern European countries, such as Kazakhstan, Latvia, and Estonia. Like Lyon, he was able to trace the originators of some of these DDOS attacks to actual hackers and found out some of their true identities and locations. He actually traveled to Russia to begin a cooperative effort with the FSB and MVD to locate, arrest, and prosecute these Russian hackers. And although it took great effort and a hell of a long time, they got three of the prominent ones, all young kids who had done a hell of a lot of damage and were responsible for millions of dollars of theft and destruction. But they obviously weren’t the only ones, by far. There were thousands of others and these were low level hackers. They wanted to go after bigger ones. And to their dismay, they found they couldn’t. One they tried to get was the son of the province’s police chief and he was untouchable. The biggest, someone called King Arthur, who was allegedly making a million a day, was unknown and unreachable and was a god in the hacking world. They eventually found his country and he was also untouchable. Andy was told by everyone that no one could go after him. That no one could arrest him, sorry. Someone big was looking out for him. Crocker came to the conclusion that either the Russian mob and or, and more likely, the Russian government was using and protecting the big Russian hackers. It was depressing. In fact, after Crocker returned to England, the Russian prosecutor of these hackers who was so gung ho about prosecuting more Russian hackers was found murdered!
Another depressing thing was just how deeply into Russian society this world of hacking and cybercrime runs. Apparently, St. Petersburg is a monster crime haven. Apparently there’s a mob organization so big and so powerful and so feared that they brazenly run ads advertising their services and skills openly and offer a home to over 100 big league hackers, carders, virus makers, botnet owners, scammers, spammers, crackers, etc. It’s called the Russian Business Network (RBN), and although it’s theoretically merely a network provider, it’s widely thought to be a government-sponsored, mob controlled crime syndicate that is extremely violent, horrendously violent, and very dangerous. And there’s not a damn thing anyone can do about it. It’s completely protected. It seems that virtually everything seriously big, bad, and evil goes through the RBN. No one can penetrate it. It’s a god.
The book goes on to assert that the battle against hackers and cybercrime has essentially been lost. That those who argue that real-time, live use of credit cards is riskier than online use are insane and dead wrong (which is interesting, cause I just read a carding book by uberhacker and now-Wired editor Kevin Poulsen stating this very assertion the author’s denying). That over 30% of America’s credit card numbers, as well as Social Security card numbers and other forms of ID, are in the hands of the Russian mobsters. This book was written in 2010. I imagine if this was true then, it’s probably worse now. It’s depressing as hell. Still, the two times I’ve been victimized by credit card fraud and theft, it’s not been online; it’s been live use theft.
The thing that really irritated me about this book, though, was that the author relied virtually exclusively on these two “experts” (one of whom I question is actually even a real expert) to write the book. Shouldn’t he have sought out sources from CERT, the much maligned (in this book) FBI, Secret Service, FBS (since he went there), big name hackers (go to the source), white hat hackers, other security professionals, etc.? Why rely on two people who may have had five years of varying degrees of success in the mid-2000s, neither of which I’ve ever heard of, and I’ve heard of many major security professionals, when there are so many sources to choose from? It seems short sighted and it seems like you’re limiting your book and your readers’ educations and experiences. I don’t like it. But that’s what he chose to do, so that’s what I have to live with. Still, I dislike it so much, and I dislike the fact that he focuses so damn much of the book on one figure who focuses almost exclusively on a hacking technique (DDOS) that went out of style even before the mid-2000s, that I’m knocking the book down from four stars max to three max. This could and should have been a much better and broader book and it wasn’t. I think the author did the reader a grave disservice. Not a great book with unusual sources, but slightly recommended if you want to wake up sweating in the middle of the night.
I found a number of interesting reviews, one of which impressed me so much, that I’m going to print it here without the author’s knowledge or permissions, but while giving him full credit and hoping he approves. I think he makes some excellent points about the book and they’re worth reading.
Joe White rated it did not like it · review of another edition
Shelves: on-shelf, techread
One star
Thank goodness for Goodreads reviews and bookswap. Reading the prior reviews I had low expectations for this book, and through swap I only wasted money on the postage.
The book can almost be divided into 3 segments. The author seems to only have interviewed two main participants against internet crime, and came away with an incomplete and incoherent understanding of any details of the problem. He almost attributes all the evil on the internet as having a denial of service as the source. Even during the second part of the book, which included the topic of identity theft, he was attributing most of the theft activity to DDoS. I think he just like to bring up the acronym.
Some of the problems I had with the book :
1. There were 90 pages attributed to crimes of US mafia figures, in which the dollar amounts of each occurrence were laboriously spelled out like a Bob Cratchet accountant listing personal losses and moaning about the inability of the FBI to pursue the Gumbas and delegate justice. Literary style could have been extended to a two-page spreadsheet report detailing the who, how, and how much figures. This segment of the book generated the feeling of watching a Godfather marathon movie session, and I felt really diverged from the intent of discussing internet crime in terms of how the internet is the enabling tool. I already suspected that mules carry money, people get killed, and identities are just handles to hide behind.
2. The swashbuckling crime fighting DDoS buster had a girlfriend to whom a few pages were wasted on. Since she was irrelevant to the overall topic, she could have been mentioned once for background, and not introduced as what might have become a significant character (but never did).
3. The mechanics of defeating a DDos attack were never detailed. The server farm set up in Phoenix had the bandwidth and number of servers to defeat an attack, but there were no details provided as to why it was specifically set up in Phoenix, what its components were, and how a direct attack defense was managed.
4. Because the author seemed obsessed with DDoS, he mentioned bots and botnets at least once on every 3rd page. He never described a bot to the laymen. He never made it clear whether a bot could consist of a virtual machine created for a purpose, or whether it had to be an independent 3rd party box belonging to an unsuspecting bystander. The author never fully explained the mechanics of a trojan horse implant, and didn't clarify the difference between a virus and trojan horse. He also never explained what can be done at the individual user level to fend off trojans and viruses, except in a short subject dealing with phishing emails generated by spam during --- DDoS attacks. He never clarified that DDoS isn't necessary for phishing, and neither are bots.
5. Only once was it mentioned that one group switched to Macs because they seemed less susceptible to attack. He mentioned at least twice that you can't sue Microsoft for providing a faulty OS combined with a poorly updated integrated browser, because purchasing a machine with Windows provides only a license to use the software and provides no firm sale transaction in which a person owns the software running on the hardware that they do own. He did mention the Microsoft monopoly on the OS, but failed to mention that Microsoft was prosecuted in conjunction with monopolistic powers only related to installation of a browser. It was never mentioned that Microsoft to this day controls hardware vendor access to Windows, and if the hardware companies dare install anything else but Windows or MS products, they will be heavily penalized in regard to being able to install Windows. If anyone says the Dell sells Linux, I must say that I've only ever been able to find minimal hardware boxes in the very basic desktop configuration, and in selecting one of those choices, there is a radio selection button for the OS that would full form advance to a Windows selection. Phone inquiries were even worse at the individual customer level. Only institutional server customers could purchase equipment with Linux pre-installed. Same story at all vendors except Lenovo, and then only through individual providers.
6. The author in the last 50 pages provides a conglomerated synopsis of headline events and trends regarding contemporary internet warfare across national borders. China is mentioned as a war opponent in cyberhacking, but it is never mentioned that China manufactures a significant volume of the circuitry used in electronics and could very easily, using the subversion techniques described by R.J. Pineiro, hide logic bombs and covert data skimmers within circuit boards and components. This could happen to Apple and all the phone manufacturers, so that their equipment could be subverted despite the installed software. Of course the title of the book was "the hunt for the internet crime lords", so hardware subversion might have been beyond the scope.
7. Since the title was the "hunt for the New Crime Lords who are bringing down the internet", some credit must be given to the author for remaining in the hunt venue, and not providing the extraneous technical details that readers might be led to expect by the book-cover blurb adulations such as "A fascinating high-tech whodunit". The high tech here would be synonymous to an interstate highway providing speeders the ability to go faster.
8. The middle segment dealing with a physical legal pursuit presence in Russia, was in my opinion the redeeming revelation of the book. Life in Russia has never been painted as a Disneyland experience, but the adverse conditions both politically and physically presented here, really underscored the futility of pursuit of Soviet area bad guys in their home territory.
December 31, 2011
Joseph Menn's latest book concerns the escalating threats posed by criminal spamming, phishing and extortion aimed at the internet during the first decade of this century. He is well suited to reporting on the complex issues of international crime making up this story. He has covered security and technology issues for over ten years with the "Financial Times" and the "Los Angeles Times". He is a two-time finalist for the Loeb Award and won a "Best in Business" award from the Society of American Business Editors and Writers for covering the tobacco settlement talks at Bloomberg News.
The web of crime reported here is very complex, requiring the reader to put some effort into keeping tab of the characters and places involved. The book is based on the untiring efforts of two pioneering cyber crime investigators, who persistently followed clues of activity which led to an ever-widening cast of participants involved on various levels of criminal organization. Barrett Lyon, an American expert who has been on the cutting edge of combatting cyber crime, and Andy Crocker, a law enforcement officer assigned to Great Britain's National Hi-Tech Crime Unit (NHTCU) both would follow their leads to discover a foundation of organized crime working on new business models.
Menn begins with Barrett Lyon's trip to Costa Rica in late 2003 to meet with the American owners of internet poker sites conducting a lucrative business by providing off-shore internet gambling access to customers in the United States. The operators of one site, BetCRIS, had decided to fight hackers who were seriously disrupting their computer system in Denial of Service (DDoS) attacks. The company was in danger of having its web site seriously disrupted if it did not pay off hackers. Lyon was able to devise a system to save BetCRIS. He soon found himself very busy when the criminals continually improved their tactics to overcome Lyon's defenses. Protecting the gambling sites grew ever more serious, involving the application of increasing amounts of ingenuity and computer hardware to the fight. This was both a curse and a blessing. The amount of time, hardware and money needed to be found somewhere if the hackers were to be
stopped. There was no governmental involvement in fighting this type of crime, so the field was wide open for Lyons to go into business as a cyber warrior. He soon found himself in demand as his engineering genius allowed him to pile up positive results in the battle against DDoS.
Barrett Lyon's grateful clients at BetCRIS bankrolled him to start his business in the United States. He built up a wider list of clientele, but he belatedly came to the realization that his partners were mobbed up, and were controlling the financial part of his company for their aggrandizement. He was able to extricate himself from the company at significant personal financial cost and he gave information to the FBI on their activities. However, he wasn't able to get the FBI to seriously pursue the discovery he had made about the internet-based crime originating in Russia, or the potential security dangers connected to the supplanting of freelance extortionists using botnets to threaten DDoS attacks, with higher-level directed criminal threats capable of completely wiping out business web sites.
Great Britain was much more serious about combatting this threat. They formed the NHTC for this purpose. Lyon was contacted by them and provided them with his information on tracing his cyber criminal sources to Russia. Crocker was assigned to travel to Russia to pursue these leads. He made contact with prosecutors who collaborated with him in apprehending criminal operatives and bringing them to trial. This was no small feat in a country where the Russian mob took control of the hacking rings. The criminals there were aided by the labyrinthine government hierarchy. Official corruption is rife on all levels, and honest prosecutors, and police officers like Crocker, can be at serious personal risk when performing their jobs. The gratifying aspect of Crocker's Russian trek is that he was able to assist in the apprehension and successful prosecutions of several operatives.
Unfortunately, the story doesn't end with these convictions. The major revelation of "Fatal System Error" is that all of the detective work of Lyon and Crocker eventually shed light on only a portion of the criminal enterprises targeted by them. In Russia, for instance, huge stakes have placed the top levels of the major hacking enterprises under the government's intelligence and military arms. The government is involved indirectly by collaborating with, and protecting, the Russian Business Network (RBN), a cyber crime organization notorious for hosting illegal businesses. Centered in St. Petersburg, it originated as an ISP for enterprises involved in child pornography, spamming and phishing. It now specializes in wide spread personal identity theft for resale. The government is directly involved, through its FSB (Federal Security Service), successor to the KGB, in protecting criminals from arrest, including a major figure named King Arthur who was unsuccessfully hunted by Crocker.
The most chilling part of the book, to me, was the description of how these protected elements have been enlisted in turning the internet into a geopolitical weapon. Ethnic tensions between the Estonian government and citizens of Russian descent in 2007 led to sustained denial-of-service attacks on Estonian government websites. This first all-out cyber attack on an entire country also led to the inundation of bank, media and infrastructure companies from over a million computers from around the world. This attack has marked the introduction of cyberwarfare. Andy Crocker was quoted as saying this was probably a "proof of concept" for the RBN to demonstrate its abilities to the Russian government. This attack was followed by malicious cyber traffic aimed at Georgian government sites from RBN operatives after Russia's August 2008 invasion of that country.
Menn clearly identifies the structure of the internet as the source of the problems he reports on. The core issue isn't a broken system as much as a system that never was intended to be secure. Vint Cerf, an author of the core internet protocols, is quoted in the book as showing surprise that the internet continues to function. The open-source mindset of the net, allowing it to operate for free, with the flexibility to link sources without permission, lends itself to hacking.
There is no easy solution to the increasing, organized criminalization taking place on the net. Government intervention is not necessarily a panacea. The U.S. government has provided other examples of this type of activity, which has been marked by throwing money at a problem and increasing bureaucracies, without any real increased protection. Regardless, Menn has documented Lyon's frustration regarding his involvement with the FBI. The growing criminal threat, especially since 2004, has been met by indifference by the Bush White House, and no major change in this position has occurred under the Obama administration to date. Even Andy Crocker's organization, the NHTC, has been disbanded, with its functions placed under a new law enforcement agency concerned with other priorities.
Internet security has also been undermined by the peddling of unsafe programs by software companies that have been legally protected from product liability responsibility by the courts.
Menn places hope, at least in the short term, of more coordinated movement by nascent communities and private sleuthing companies, like Lyon's, in identifying authors of viruses. Campaigns by determined private individuals can then provide protection while goading law enforcement into action. This approach has shown merit in anti-virus campaigns, such as the SoBig virus that Barrett Lyon's firm became noted for fighting.
Longer term, and more comprehensive, security may depend on starting over, redesigning an internet under a new protocol, according to Menn. This of course demands coordinated action and significant finances to accomplish, bringing us back probably to government, or a major foundation for investing in the research needed to build a new infrastructure. This approach could result in a "red internet" based on the current system, and a "green internet" where users know the identity of those who are communicating with them, as envisioned by Alan Paler, director of SANS Institute.
The technology and motivation to change are available for this to occur. Unfortunately, positive change toward the security infrastructure, civil or military, have usually occurred only after a calamity has goaded the populace into supporting action. In the case of cyber security, let's hope we can set a direction and agree to work collectively before that motivation becomes necessary.
The web of crime reported here is very complex, requiring the reader to put some effort into keeping tab of the characters and places involved. The book is based on the untiring efforts of two pioneering cyber crime investigators, who persistently followed clues of activity which led to an ever-widening cast of participants involved on various levels of criminal organization. Barrett Lyon, an American expert who has been on the cutting edge of combatting cyber crime, and Andy Crocker, a law enforcement officer assigned to Great Britain's National Hi-Tech Crime Unit (NHTCU) both would follow their leads to discover a foundation of organized crime working on new business models.
Menn begins with Barrett Lyon's trip to Costa Rica in late 2003 to meet with the American owners of internet poker sites conducting a lucrative business by providing off-shore internet gambling access to customers in the United States. The operators of one site, BetCRIS, had decided to fight hackers who were seriously disrupting their computer system in Denial of Service (DDoS) attacks. The company was in danger of having its web site seriously disrupted if it did not pay off hackers. Lyon was able to devise a system to save BetCRIS. He soon found himself very busy when the criminals continually improved their tactics to overcome Lyon's defenses. Protecting the gambling sites grew ever more serious, involving the application of increasing amounts of ingenuity and computer hardware to the fight. This was both a curse and a blessing. The amount of time, hardware and money needed to be found somewhere if the hackers were to be
stopped. There was no governmental involvement in fighting this type of crime, so the field was wide open for Lyons to go into business as a cyber warrior. He soon found himself in demand as his engineering genius allowed him to pile up positive results in the battle against DDoS.
Barrett Lyon's grateful clients at BetCRIS bankrolled him to start his business in the United States. He built up a wider list of clientele, but he belatedly came to the realization that his partners were mobbed up, and were controlling the financial part of his company for their aggrandizement. He was able to extricate himself from the company at significant personal financial cost and he gave information to the FBI on their activities. However, he wasn't able to get the FBI to seriously pursue the discovery he had made about the internet-based crime originating in Russia, or the potential security dangers connected to the supplanting of freelance extortionists using botnets to threaten DDoS attacks, with higher-level directed criminal threats capable of completely wiping out business web sites.
Great Britain was much more serious about combatting this threat. They formed the NHTC for this purpose. Lyon was contacted by them and provided them with his information on tracing his cyber criminal sources to Russia. Crocker was assigned to travel to Russia to pursue these leads. He made contact with prosecutors who collaborated with him in apprehending criminal operatives and bringing them to trial. This was no small feat in a country where the Russian mob took control of the hacking rings. The criminals there were aided by the labyrinthine government hierarchy. Official corruption is rife on all levels, and honest prosecutors, and police officers like Crocker, can be at serious personal risk when performing their jobs. The gratifying aspect of Crocker's Russian trek is that he was able to assist in the apprehension and successful prosecutions of several operatives.
Unfortunately, the story doesn't end with these convictions. The major revelation of "Fatal System Error" is that all of the detective work of Lyon and Crocker eventually shed light on only a portion of the criminal enterprises targeted by them. In Russia, for instance, huge stakes have placed the top levels of the major hacking enterprises under the government's intelligence and military arms. The government is involved indirectly by collaborating with, and protecting, the Russian Business Network (RBN), a cyber crime organization notorious for hosting illegal businesses. Centered in St. Petersburg, it originated as an ISP for enterprises involved in child pornography, spamming and phishing. It now specializes in wide spread personal identity theft for resale. The government is directly involved, through its FSB (Federal Security Service), successor to the KGB, in protecting criminals from arrest, including a major figure named King Arthur who was unsuccessfully hunted by Crocker.
The most chilling part of the book, to me, was the description of how these protected elements have been enlisted in turning the internet into a geopolitical weapon. Ethnic tensions between the Estonian government and citizens of Russian descent in 2007 led to sustained denial-of-service attacks on Estonian government websites. This first all-out cyber attack on an entire country also led to the inundation of bank, media and infrastructure companies from over a million computers from around the world. This attack has marked the introduction of cyberwarfare. Andy Crocker was quoted as saying this was probably a "proof of concept" for the RBN to demonstrate its abilities to the Russian government. This attack was followed by malicious cyber traffic aimed at Georgian government sites from RBN operatives after Russia's August 2008 invasion of that country.
Menn clearly identifies the structure of the internet as the source of the problems he reports on. The core issue isn't a broken system as much as a system that never was intended to be secure. Vint Cerf, an author of the core internet protocols, is quoted in the book as showing surprise that the internet continues to function. The open-source mindset of the net, allowing it to operate for free, with the flexibility to link sources without permission, lends itself to hacking.
There is no easy solution to the increasing, organized criminalization taking place on the net. Government intervention is not necessarily a panacea. The U.S. government has provided other examples of this type of activity, which has been marked by throwing money at a problem and increasing bureaucracies, without any real increased protection. Regardless, Menn has documented Lyon's frustration regarding his involvement with the FBI. The growing criminal threat, especially since 2004, has been met by indifference by the Bush White House, and no major change in this position has occurred under the Obama administration to date. Even Andy Crocker's organization, the NHTC, has been disbanded, with its functions placed under a new law enforcement agency concerned with other priorities.
Internet security has also been undermined by the peddling of unsafe programs by software companies that have been legally protected from product liability responsibility by the courts.
Menn places hope, at least in the short term, of more coordinated movement by nascent communities and private sleuthing companies, like Lyon's, in identifying authors of viruses. Campaigns by determined private individuals can then provide protection while goading law enforcement into action. This approach has shown merit in anti-virus campaigns, such as the SoBig virus that Barrett Lyon's firm became noted for fighting.
Longer term, and more comprehensive, security may depend on starting over, redesigning an internet under a new protocol, according to Menn. This of course demands coordinated action and significant finances to accomplish, bringing us back probably to government, or a major foundation for investing in the research needed to build a new infrastructure. This approach could result in a "red internet" based on the current system, and a "green internet" where users know the identity of those who are communicating with them, as envisioned by Alan Paler, director of SANS Institute.
The technology and motivation to change are available for this to occur. Unfortunately, positive change toward the security infrastructure, civil or military, have usually occurred only after a calamity has goaded the populace into supporting action. In the case of cyber security, let's hope we can set a direction and agree to work collectively before that motivation becomes necessary.
April 25, 2018
I work in the tech industry and have an interest in cybercrime, especially tales from the front lines. I put some of that down to Cliff Stoll’s excellent account — still the best book I’ve read on the subject.
This professed to detail the story of the hunt for shadowy crime lords who use the web for their nefarious schemes, whether it be spam email, viruses, blackmail, identity or corporate theft and everything else besides (there’s some overlap with Krebs’ book).
What you actually get is a pretty turgid account of two people; one the founder of a company that defends websites against attack, the other a British detective trying to arrest the hackers identified as performing the attacks.
What it shows is the lack of engagement from law enforcement, the impotency of chasing criminals across multiple jurisdictions — especially those that are willing to turn a blind eye to such activities — and just how hard it is to bring the perpetrators to justice.
There’s very little technical information about what was done, from the attack angle, the defense or how they tracked the attackers down. It also focuses heavily on Russia and some of the former Eastern Bloc states — briefly mentioning China. Granted, they have been identified as a large source and the book was published in 2010, so is somewhat out of date.
A book simply isn’t the right medium for such a fast-moving topic, unless you’re detailing a specific attack, and then it needs to be a lot more detailed. This covers little ground, was out of date by the time it was printed and hasn’t aged too well — except to highlight the ongoing difficulties.
It’s not a particularly long book either. The quoted page count (304) includes all of the references and the index. The content only runs 251. That leaves the final chapter — where the author attempts some sort of treatise on what must be done to defend the web — as a rush of ideas that lack any evidence to support them.
While it would likely only appeal to those in the industry in the first place, this is a tough sell even to them. Worth skipping.
This professed to detail the story of the hunt for shadowy crime lords who use the web for their nefarious schemes, whether it be spam email, viruses, blackmail, identity or corporate theft and everything else besides (there’s some overlap with Krebs’ book).
What you actually get is a pretty turgid account of two people; one the founder of a company that defends websites against attack, the other a British detective trying to arrest the hackers identified as performing the attacks.
What it shows is the lack of engagement from law enforcement, the impotency of chasing criminals across multiple jurisdictions — especially those that are willing to turn a blind eye to such activities — and just how hard it is to bring the perpetrators to justice.
There’s very little technical information about what was done, from the attack angle, the defense or how they tracked the attackers down. It also focuses heavily on Russia and some of the former Eastern Bloc states — briefly mentioning China. Granted, they have been identified as a large source and the book was published in 2010, so is somewhat out of date.
A book simply isn’t the right medium for such a fast-moving topic, unless you’re detailing a specific attack, and then it needs to be a lot more detailed. This covers little ground, was out of date by the time it was printed and hasn’t aged too well — except to highlight the ongoing difficulties.
It’s not a particularly long book either. The quoted page count (304) includes all of the references and the index. The content only runs 251. That leaves the final chapter — where the author attempts some sort of treatise on what must be done to defend the web — as a rush of ideas that lack any evidence to support them.
While it would likely only appeal to those in the industry in the first place, this is a tough sell even to them. Worth skipping.
May 25, 2018
It was a fortuitous circumstance to finish this book the same day that the US DOJ said it had seized an internet domain that directed a dangerous botnet of a half-million infected home and office network routers, controlled by hackers believed tied to Russian intelligence.
Perhaps the Russians have improved as partners in fighting internet crime since the book was written and this take down was easy. The perspective gained by reading the author's account of two individuals who worked tirelessly in the middle to end of the last decade combating cyber crime doesn't lead one to think so especially with Putin in control of nearly everything in or associated with the country of Russia. With the murky ties to Russian intelligence, and the protection illustrated in the book, US authorities probably had their hands full.
The writing was solid and the story clearly told. I enjoyed the read, but was left slightly depressed at the amount and level of corruption that helps or helped shield the perpetrators.
Perhaps the Russians have improved as partners in fighting internet crime since the book was written and this take down was easy. The perspective gained by reading the author's account of two individuals who worked tirelessly in the middle to end of the last decade combating cyber crime doesn't lead one to think so especially with Putin in control of nearly everything in or associated with the country of Russia. With the murky ties to Russian intelligence, and the protection illustrated in the book, US authorities probably had their hands full.
The writing was solid and the story clearly told. I enjoyed the read, but was left slightly depressed at the amount and level of corruption that helps or helped shield the perpetrators.
January 3, 2020
This book started off very interesting. It's about the history of cyber criminals and tracking them down. As the book goes on, it gets into more detail about who the cyber criminals are (mafia, etc.) and goes on to describe their other criminal activities. It all ties together, but got too detailed for my interest.
September 23, 2024
There's a few good stories told here, each related to Internet crime to different extents. Some of the book follows a kid with clear talent in technology, whereas some of it was more to do with taking down organised crime in Russia. It was all interesting, but I was hoping for more of a focus on Internet crime than the proceedings of court cases, and would have liked a lot more technical detail.
June 21, 2021
There was some seriously worrisome things happening in the net over the past decade, including from tech people in Sac. Yet we don't hear about it in the media at all. This author is someone to watch, because he's watching what's happening, even if it doesn't hit the major headlines.
This entire review has been hidden because of spoilers.
June 21, 2018
Good book, depicting internet crimes.
February 12, 2021
Starts of well, some interesting parts for sure, but I don’t think it has aged well. Skip it and go for something else.
May 7, 2021
Good book. Breaks down how a lot of the corruption on the dark web operates nicely.
December 12, 2022
informative
December 30, 2014
This book centers around two cyber warriors, American Barrett Lyon and Englishman Andy Crocker, and their tracking “Russian” computer hackers. It seemed to me that Barrett’s focus was on stopping the attacks, while Andy tracked the perps down and prosecuted them. Barrett spent a lot of time assisting offshore gambling websites that had been subjected to DDoS attacks. If I’m understanding things, a DDoS attack is when multiple computers barrage a single server requesting service, overwhelming it and taking it offline. Done at the right time of the year, this could cost gambling sites millions of dollars a day.
It was fascinating reading about the methodologies, politics, and ways of tracking down criminals (most always to somewhere near Russia). My only confusion was that early on, the author spent a lot of time going into the history and environment of online gambling. While interesting, it made me keep checking the book jacket to make sure this wasn’t a book about online gambling. Finally, at around the halfway mark, it got very interesting when it centered on Andy’s quest to identify and take down the geniuses that pummel websites into submission, stopping only after a several thousand dollar payment.
In the book, you’ll learn about various computer terms like DDoS, IRCs, botnets, malware, and spam. Viruses called Bagle, Melissa, MyDoom, SoBig, and Sasser.
Companies, both good and bad, like BetCRIS, CarderPlanet, Prolexic, Digital Gaming Solutions, Shadowcrew, and the all-encompassing, all-powerful Russian Business Network.
Governmental organizations like the FSB, MVD, SOCA, CERT, and the FBI. The stars of the show, to me, were the brilliant computer hackers with their colorful nicknames Grasman (Bra1n), Stepanenko (Boa), Milutin (Milsan), Maksakov (eXe), Havard, Oko (Stran), (Zet), and )King Arthur), who came from places like Latvia, Kazakhstan, and St Petersburg (Russia).
One of the more troubling stories was how it seemed the US government didn’t put a high priority of fighting hacking. They might provide lip service, but Barrett and Andy didn’t get much help at all from the US government, particularly the FBI, which they did not speak of very fondly.
In the end, it was a good book with nice insight into the hacking world of the early 2000’s.
It was fascinating reading about the methodologies, politics, and ways of tracking down criminals (most always to somewhere near Russia). My only confusion was that early on, the author spent a lot of time going into the history and environment of online gambling. While interesting, it made me keep checking the book jacket to make sure this wasn’t a book about online gambling. Finally, at around the halfway mark, it got very interesting when it centered on Andy’s quest to identify and take down the geniuses that pummel websites into submission, stopping only after a several thousand dollar payment.
In the book, you’ll learn about various computer terms like DDoS, IRCs, botnets, malware, and spam. Viruses called Bagle, Melissa, MyDoom, SoBig, and Sasser.
Companies, both good and bad, like BetCRIS, CarderPlanet, Prolexic, Digital Gaming Solutions, Shadowcrew, and the all-encompassing, all-powerful Russian Business Network.
Governmental organizations like the FSB, MVD, SOCA, CERT, and the FBI. The stars of the show, to me, were the brilliant computer hackers with their colorful nicknames Grasman (Bra1n), Stepanenko (Boa), Milutin (Milsan), Maksakov (eXe), Havard, Oko (Stran), (Zet), and )King Arthur), who came from places like Latvia, Kazakhstan, and St Petersburg (Russia).
One of the more troubling stories was how it seemed the US government didn’t put a high priority of fighting hacking. They might provide lip service, but Barrett and Andy didn’t get much help at all from the US government, particularly the FBI, which they did not speak of very fondly.
In the end, it was a good book with nice insight into the hacking world of the early 2000’s.
December 21, 2010
Menn's book documents our new century's Denial of Service (DoS) attacks on Internet sites and it looks at some current trends in cybercrime. Pretty scary stuff...
Early chapters follow Barrett Lyon as he becomes a master at warding off DoS attacks and how this directly leads him into two shady worlds:
The world of internet gambling sites and their Mafia connected bosses, whose high money attraction made them a natural attack target and Lyon's expertise a welcome salve, and second,
The underworld of the Russian hacker/extortion kings, which found control of internet-based robot servers a natural approach to stage DoS extortion attacks on high-value targets.
In these chapters we learn of early (2004) attacks and how little law enforcement cared about or was able to do in response. Later chapters show England's gallant response to one extortion ring and its trail back to Russia and the effort involving more than one year long groundbreaking prosecution in the Russian court system to put a few of the hackers in jail.
I have two main problems with the book. First, for me, the book was not technical enough and it glossed over attack procedures and sleuthing approaches in a cavalier fashion that, while perhaps generously categorized as literally correct descriptions, were closer to being errors in concepts. Second, while Menn's writing is yeoman-like, it does not either draw the reader into the characters, nor provide a rich set of verbal images to facilitate understand of complicated concepts.
However, Menn does a good job of listing a range of past attacks and summarizing the state of the world of and the influence of underground criminal rings in DoS attacks and in later identity theft attacks.
Early chapters follow Barrett Lyon as he becomes a master at warding off DoS attacks and how this directly leads him into two shady worlds:
The world of internet gambling sites and their Mafia connected bosses, whose high money attraction made them a natural attack target and Lyon's expertise a welcome salve, and second,
The underworld of the Russian hacker/extortion kings, which found control of internet-based robot servers a natural approach to stage DoS extortion attacks on high-value targets.
In these chapters we learn of early (2004) attacks and how little law enforcement cared about or was able to do in response. Later chapters show England's gallant response to one extortion ring and its trail back to Russia and the effort involving more than one year long groundbreaking prosecution in the Russian court system to put a few of the hackers in jail.
I have two main problems with the book. First, for me, the book was not technical enough and it glossed over attack procedures and sleuthing approaches in a cavalier fashion that, while perhaps generously categorized as literally correct descriptions, were closer to being errors in concepts. Second, while Menn's writing is yeoman-like, it does not either draw the reader into the characters, nor provide a rich set of verbal images to facilitate understand of complicated concepts.
However, Menn does a good job of listing a range of past attacks and summarizing the state of the world of and the influence of underground criminal rings in DoS attacks and in later identity theft attacks.
April 5, 2015
See full review at my blog site: http://terebrate.blogspot.com/
If you are interested in the evolution of cyber crime, Fatal System Error is a good first reference. The author, Joseph Menn, is able to capture the early years as the cyber criminal community was just beginning to productize its cyber business, to professionalize it so that it ran more like a business. He tells the story through two early cyber security practitioners: a very young Barrett Lyon—a cyber security services businessman who built one of the first denial of service protection companies called Prolexic Technologies—and Andy Cocker—at the time, an agent for the UK's National Hi-Tech Crime Unit. Lyon gets sucked into protecting organized crime operations that dabbled in offshore gambling and pornography, and Cocker used old-fashioned police work to arrest some of the early cyber criminals when the FBI seemed completely impotent at the prospect. Menn also manages to sprinkle in a discussion of some of the most significant cyber security milestones between 1995 and 2009, such as the emergence of the Russian Business Network and the identification of the Chinese Network Crack Program Hacker group. Fatal System Error is a vital historical reference for the cyber security community regarding the evolution of cyber crime. It is worthy of being a part of the cyber security canon, and you should have read it by now.
If you are interested in the evolution of cyber crime, Fatal System Error is a good first reference. The author, Joseph Menn, is able to capture the early years as the cyber criminal community was just beginning to productize its cyber business, to professionalize it so that it ran more like a business. He tells the story through two early cyber security practitioners: a very young Barrett Lyon—a cyber security services businessman who built one of the first denial of service protection companies called Prolexic Technologies—and Andy Cocker—at the time, an agent for the UK's National Hi-Tech Crime Unit. Lyon gets sucked into protecting organized crime operations that dabbled in offshore gambling and pornography, and Cocker used old-fashioned police work to arrest some of the early cyber criminals when the FBI seemed completely impotent at the prospect. Menn also manages to sprinkle in a discussion of some of the most significant cyber security milestones between 1995 and 2009, such as the emergence of the Russian Business Network and the identification of the Chinese Network Crack Program Hacker group. Fatal System Error is a vital historical reference for the cyber security community regarding the evolution of cyber crime. It is worthy of being a part of the cyber security canon, and you should have read it by now.
January 22, 2011
This book provides a readable history of crime on the internet, starting with the denial of service attacks against gambling sites, moving on to identity theft attacks and ending on the chilling notes of cyber-war. The initial tale is told through the eyes of a couple of individuals working on the side of good who were successful in tracking and even prosecuting a few of those working on the side of evil. They are hampered on every turn by ignorance, incompetence and inconsistency among police and governments. There we find in the former soviet world that the criminals first were ignored then protected and finally coopted by the government, when it was realized that the power weapons could be turned to state purposes.
Other states are also clearly active (including especialy China) and the criminals are have not shut down. If there is less splash it is because they now see stealthiness as a strategy.
Overall this book is easy to read, does not delve into technical hows and whys and brings the general reader useful information about the world. The final section on remedies was almost as scary. The structural and political problems are large.
Overall a worthy read, but perhaps this is only the introduction.
Other states are also clearly active (including especialy China) and the criminals are have not shut down. If there is less splash it is because they now see stealthiness as a strategy.
Overall this book is easy to read, does not delve into technical hows and whys and brings the general reader useful information about the world. The final section on remedies was almost as scary. The structural and political problems are large.
Overall a worthy read, but perhaps this is only the introduction.
Read
February 7, 2016Great inside look at Internet crime and two persons tracking these criminals out. Book tells the stories of Barrett Lyon and Andy Crocker.
Barret was a whiz kid, who fought against numerous DDoS attacks and tried to build a security business of it. Since most DDoS targets were online casinos and betting sites, the book gives also a look at hazy backgrounds of some well-known online poker-sites.
Andy was a seasoned agent from UK National Hi-Tech Crime Unit, who tracked down several criminals behind DDoS attacks, extortions and identity thefts. Especially interesting was to read about Andy's time at Russia and how he managed to make friends and arrests despite Russian bureaucracy and bribed officials.
The book is about fairly recent history, between 2003 and 2009. You get some background of CarderPlanet, Russian Business Network and other criminal acts you have heard before, if you happen to be in information security. Reader will also get an understanding, how hard it is to fight against Internet crime. Especially when co-operation between states don't work smoothly and some criminals may even be protected by politicians or other high officials.
Barret was a whiz kid, who fought against numerous DDoS attacks and tried to build a security business of it. Since most DDoS targets were online casinos and betting sites, the book gives also a look at hazy backgrounds of some well-known online poker-sites.
Andy was a seasoned agent from UK National Hi-Tech Crime Unit, who tracked down several criminals behind DDoS attacks, extortions and identity thefts. Especially interesting was to read about Andy's time at Russia and how he managed to make friends and arrests despite Russian bureaucracy and bribed officials.
The book is about fairly recent history, between 2003 and 2009. You get some background of CarderPlanet, Russian Business Network and other criminal acts you have heard before, if you happen to be in information security. Reader will also get an understanding, how hard it is to fight against Internet crime. Especially when co-operation between states don't work smoothly and some criminals may even be protected by politicians or other high officials.
January 8, 2017
While I disliked how the author jumped around in time to describe events, the content of the book is really good. Tracking cyber criminals is no easy task and reporting concrete facts is even more difficult. The author tells compelling stories about Barrett Lyon and Andy Crocker, a couple individuals who worked really hard to put Russian hackers in prison.
This also covers the beginning of the period we currently live in, where malware writers started making money. The game of cat and mouse is on as they find new ways to make money and we find new ways to stop them.
I enjoyed the section on Russia where the difficulties in prosecuting hackers are spelled out. Some hackers are beyond the reach of the law due to political connections. But there are hints of hackers that are connected to the state security apparatus as the Russian government looks the other way while enjoying plausible deniability when the hackers work for the state. While this book was written in 2010, this is an especially salient topic at present given the Russian hack of the DNC and the attempted influence on the election. Spoiler: Don't expect any arrests in Russia.
This also covers the beginning of the period we currently live in, where malware writers started making money. The game of cat and mouse is on as they find new ways to make money and we find new ways to stop them.
I enjoyed the section on Russia where the difficulties in prosecuting hackers are spelled out. Some hackers are beyond the reach of the law due to political connections. But there are hints of hackers that are connected to the state security apparatus as the Russian government looks the other way while enjoying plausible deniability when the hackers work for the state. While this book was written in 2010, this is an especially salient topic at present given the Russian hack of the DNC and the attempted influence on the election. Spoiler: Don't expect any arrests in Russia.
January 29, 2017
If you think the claims that Russian hackers affected the results of the recent American elections are lies or that it's impossible. Or, that the West are so far ahead of any hackers that Russia or China have, think again. If you think that much of the hacking that is done on governments and businesses around the world is done without knowledge from government agencies think again. Either through corruption or business ties or governmental encouragement most big hacking groups could be closed down if it wasn't beneficial to many high ranking people to keep them going. This book though seven years out of date, will still give you reason for concern. You will realise that at that time the major governmental agencies of the west, just were not aware of just how far behind they were. They seemed unaware that millions of computers are effectively and unbeknownst to most of us, under control of hacker groups and that millions of credit card details are being sold around the world on the dark net and the credit card companies really don't care much because the retailers are usually onthe hook for credit card fraud! A well written and entertaining read.
February 15, 2017
Good read. Frightening, as this just reinforces how bad cybercrime and cyberwar are.
May 3, 2010
The Internet has become the ultimate mob hangout, a dangerous venue where U.S. Mafiosi, vicious Russian gang members and illegal hackers from many nations, especially from Eastern Europe, ply their dirty deeds. Cybersecurity reporter Joseph Menn examines cybercrime, exposing the bad guys while telling exciting stories about two intrepid investigators – Barrett Lyon, a U.S.-based “white hat” security hacker, and Andy Crocker, a British cybersecurity agent – who have successfully waged war against cybercriminals. Menn’s book is both fascinating and disturbing, with its discussion of “zombie armies” of computers, and its exotically named online desperadoes, like CumbaJohnny. getAbstract recommends this gripping saga to those who want to protect themselves from cybercrime. This outstanding book’s only deficiency is, ironically, its remarkable, overwhelming abundance of complex detail. If you think you need a cast list, tech manual and dictionary of arcane online terms, never mind; just hang on for a scary, revealing ride.
January 18, 2011
This book taught me a great deal about the current state of cyber warfare and how it evolved from the money laundering and illegal gambling industry continued by today's mobs. I had no idea that mobs were still out to get money in shady ways that hurts people and destroys lives. As far as state-sponsored cyber crime, I had some idea that Russia and China were the leaders, but I didn't realize how current these threats are to the real-world.
As one of the creators of the Internet is quoted to say in the book, the world really does depend on an experiment that was never refined for public use, resulting in a very dangerous environment that has been met with a "head in the sand" kind of policy for multiple White House administrations. Be careful out there!
I have to admit I had hoped for a few more technical details throughout the book, but I can definitely understand how omitting such details makes the book more accessible to the regular reader. Some language throughout, but that's to be expected when quoting individuals of less than pristine character (mobsters and hackers).
As one of the creators of the Internet is quoted to say in the book, the world really does depend on an experiment that was never refined for public use, resulting in a very dangerous environment that has been met with a "head in the sand" kind of policy for multiple White House administrations. Be careful out there!
I have to admit I had hoped for a few more technical details throughout the book, but I can definitely understand how omitting such details makes the book more accessible to the regular reader. Some language throughout, but that's to be expected when quoting individuals of less than pristine character (mobsters and hackers).
May 5, 2015
I was half way though this book when I had to stop. It was reading like a history book rather than a story like it had started with the main character Barrett Lyon. I recognized some of the facts he was quoting in the book as real. It was then I went back to check and this book was listed on Wikipedia as non-fiction. Doah!
Then the book started to make sense when I started processing the facts in the story as non-fiction.
This problem with this book is the description and cover leads the reader to believed that it is a fiction story, a thriller. I started reading it a such.
Once I switched gears that it was a non-fiction story or a collection of many real stories, the book made more sense. I stopped expecting the main characters to play a bigger part in the book as the story was jumping everywhere. Realizing it was non-fiction, then I was able to better enjoy the book.
The author really needs to make it more clear that the stories are real stories of real people and this book might get better reviews.
Then the book started to make sense when I started processing the facts in the story as non-fiction.
This problem with this book is the description and cover leads the reader to believed that it is a fiction story, a thriller. I started reading it a such.
Once I switched gears that it was a non-fiction story or a collection of many real stories, the book made more sense. I stopped expecting the main characters to play a bigger part in the book as the story was jumping everywhere. Realizing it was non-fiction, then I was able to better enjoy the book.
The author really needs to make it more clear that the stories are real stories of real people and this book might get better reviews.
Displaying 1 - 30 of 101 reviews