"Corporate espionage" by Ira Winkler
Sep. 14th, 2015 08:03 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
blatherskiteJust finished reading "Corporate Espionage", by former NSA analyst and current "white hat" hacker Ira Winkler. It's about the many ways both hackers (those who penetrate computers for the fun of it and bragging rights) and crackers (those who penetrate computers for malicious purposes) sneak into companies and extract potentially billions of dollars of proprietary information -- and in the case of banks, sometimes literal millions of dollars.
But it's about much more than that: it's a detailed treatise on how spies of all sorts sneak into (penetrate) companies by exploiting vulnerabilities. And the most serious vulnerabilities are almost inevitably human, not technological, though some of the technological vulnerabilities have human help in remaining vulnerabilities. Understanding the way people work and respond to both co-workers and other people lets hackers and crackers use "social engineering" techniques to gain access to areas where they don't belong and escape with astonishing amounts of information.
The book was written in 1997, so it's a bit out of date in some areas (e.g., Winkler discusses modems as a major point of vulnerability), but the basic principles remain valid (now it's cable modems or routers that are key points of vulnerability). It's also a fascinating updating of Bruce Sterling's "The Hacker Crackdown" (1992), but written by someone who lives the life rather than by a journalist. (No diss at all intended for Sterling, who really did his homework.)
What's really disturbing is how little has changed in the 20-some years since these books were published. Although Winkler doesn't provide hard or verifiable (i.e., referenced) data in most cases, billions of dollars were being lost annually even back in the 1990s, and the losses have probably grown by at least an order of magnitude since. Anyone who doubts this should contemplate the recent rash of penetrations of U.S. government computers, which have full-time and highly motivated security staffs protecting them; Edward Snowden; the recent antics of Chinese government-sponsored crackers; and the whole "Anonymous" movement.
What's even more disturbing is that we're currently in a "cold war" situation, with most of the hacking and cracking being done by amateurs or by professionals with very limited goals (e.g., stealing specific trade secrets). One can only imagine what would happen if a true cyberwar erupts.
And imagination is why I'm sharing this review here. Winkler's book is a great resource for writers if your only prior experience with cracking comes from Hollywood, which rarely gets any of the details right. (I've just started watching "Mr. Robot", which looks to be that rara avis -- something where the writers actually understand what they're writing about. Thus far, it looks excellent.) Winkler gets the key details right, and in a very disturbing way. But he's not just a fear-monger. He concludes the book with a long list of advice on how companies and governments could be doing better to protect their -- and our -- data.
Highly recommended source material if you want to write about cracking and cyberwar. Or if you just want to suggest the need to improve your employer's protection by anonymously leaving a copy of this book on the president's or CEO's desk.
But it's about much more than that: it's a detailed treatise on how spies of all sorts sneak into (penetrate) companies by exploiting vulnerabilities. And the most serious vulnerabilities are almost inevitably human, not technological, though some of the technological vulnerabilities have human help in remaining vulnerabilities. Understanding the way people work and respond to both co-workers and other people lets hackers and crackers use "social engineering" techniques to gain access to areas where they don't belong and escape with astonishing amounts of information.
The book was written in 1997, so it's a bit out of date in some areas (e.g., Winkler discusses modems as a major point of vulnerability), but the basic principles remain valid (now it's cable modems or routers that are key points of vulnerability). It's also a fascinating updating of Bruce Sterling's "The Hacker Crackdown" (1992), but written by someone who lives the life rather than by a journalist. (No diss at all intended for Sterling, who really did his homework.)
What's really disturbing is how little has changed in the 20-some years since these books were published. Although Winkler doesn't provide hard or verifiable (i.e., referenced) data in most cases, billions of dollars were being lost annually even back in the 1990s, and the losses have probably grown by at least an order of magnitude since. Anyone who doubts this should contemplate the recent rash of penetrations of U.S. government computers, which have full-time and highly motivated security staffs protecting them; Edward Snowden; the recent antics of Chinese government-sponsored crackers; and the whole "Anonymous" movement.
What's even more disturbing is that we're currently in a "cold war" situation, with most of the hacking and cracking being done by amateurs or by professionals with very limited goals (e.g., stealing specific trade secrets). One can only imagine what would happen if a true cyberwar erupts.
And imagination is why I'm sharing this review here. Winkler's book is a great resource for writers if your only prior experience with cracking comes from Hollywood, which rarely gets any of the details right. (I've just started watching "Mr. Robot", which looks to be that rara avis -- something where the writers actually understand what they're writing about. Thus far, it looks excellent.) Winkler gets the key details right, and in a very disturbing way. But he's not just a fear-monger. He concludes the book with a long list of advice on how companies and governments could be doing better to protect their -- and our -- data.
Highly recommended source material if you want to write about cracking and cyberwar. Or if you just want to suggest the need to improve your employer's protection by anonymously leaving a copy of this book on the president's or CEO's desk.