With an almost metronomic regularity, events occur demonstrating that our gleaming cyber-world may not be as safe as we would like. Consider headlines in the past month: “stolen credentials were used to eavesdrop on the Gmail accounts of 300,000 people,” or, “Chinese military suspected in hacker attacks on U.S. satellites.” And so on.
Now, two insightful and entertaining books – Dark Market: Cyberthieves, Cybercops, and You, by Misha Glenny, and Worm: The First Digital World War, by Mark Bowden – detail critical but different episodes in the recent history of growing cyber-insecurity. Both are written by accomplished authors. Both are highly readable, based on interviews with participants and, while providing clear discussions of the relevant technology, focus on the actions and personalities of the actors: criminals and the computer scientists, engineers and law enforcement trying to stop them.
In this way, both differ from almost all other recent books on cyber-threats (including that of this reviewer). They are a welcome addition to the body of publications on cyber-security for anyone desiring to know more than generalities about why effective computer security remains so elusive. But in the fast-evolving world of cyber-security, keep in mind that both books are histories; they do not capture what is going on now. What they do capture is the sense of the people involved, both good and bad, while providing understandable discussions of the underlying technologies.
Dark Market is British writer Glennie’s history of how cyber-crime went from being the domain of lone-wolf hackers to becoming a highly organized criminal underworld – a multinational transmogrification that was started in 2000 in Ukraine by a small group of visionary criminals, and continues to this day, although most of the story told here ends in 2008. The cyber-underworld today is a potent economic force, and may, many experts think, evolve in tandem with terrorism. Dark Market examines its origins.
In many ways, Dark Market is as much about criminal psychology as about cyber-security, and should be read as such. The eponymous Dark Market was for much of the past decade an invitation-only Web-based marketplace for assisting in the theft of and subsequent monetization of stolen credit cards. It organizers were an amazingly diverse and largely virtual group of hackers with monikers like Cha0, Freddybb, and Matrix001. Agent Keith Mularski (American) and Inspector Bilal Sen (Turkish) are key players in the police pursuit, but the chase involves Canadian, British, German and French law enforcement. “The Law” here is presented not in administrative generalities but as individuals with their own strengths and foibles.
In relating this history, Dark Market makes any number of insightful diagnoses, as in the personal competitions between hackers, or the reasons why law-enforcement agencies have such difficulty working together. There are many entertaining stories – for instance, that the lack of co-operation between the U.S. Secret Service and the Federal Bureau of Investigation in their international investigations was such that eventually someone in the British government had to call the White House to complain.
While Dark Market is about the decades-long history of cyber-criminals building new organizations, with law enforcement largely trying to catch up, Worm is a history of one critical episode in the cyber-security arms race. The Conflicker Worm emerged in November, 2008, and from the beginning was a leap in computer threats, very efficiently and automatically taking over control of large numbers of vulnerable computers on the Internet.
Such “botnets” give control to someone – who knows who? – perhaps many continents away. Such was Conflicker’s speed and sophistication that it threatened to crash the Internet by the very volume of messages it generated. But who designed Conflicker, and why? And how to stop it? These were the issues that a small group of very nerdish good guys sought to answer. Worm is their story. It gives away nothing from the book to say that at the end they had only partial success in dealing with a threat that to this day remains an enigma.
The story told by distinguished U.S. journalist Mark Bowden ( Black Hawk Down) does not have the breadth and scope of Dark Market. We don't know, and possibly never will, who created Conflicker, or even why it was built. Consequently, we see only one side of the story. Worm is told from the perspective of a very small number of self-styled American geeks coming together in a haphazard way to stop a threat to the networks they cared about.
But Worm is not a sanitized history; these men eventually fought bitterly among themselves, some even possibly betraying the effort. By documenting the group in part through their e-mails, Worm presents a vivid blow-by-blow account. Based on my personal experience (while at the White House, I spent several weeks in January, 2000, involved in a much smaller-scale equivalent to what Bowden describes), the narrative has the ring of truth.
In relating what really happens in fighting computer threats, Worm also discusses, in an understandable but complete way, the underlying technology. And, like Dark Market, it is filled with insights. For instance, an underlying theme throughout is why “the Glaze” – the look non-techies give when any computer subject comes up – is so omnipresent yet so harmful to real progress in computer security.
I did note some errors and distortions. The title is misleading; Conflicker does not represent the first digital world war. The Commerce Department is not responsible for U.S. government computer security. And I know some of the federal officials described, and they are not quite as feckless and bumbling as presented.
Which points to a more serious limitation of both books. Any narrative based even partly on individual recollections of events years in the past runs the risk of a slanted perspective, despite the best intentions of the author.
Note too that cyber-security is made up of a fast-moving and multifaceted set of issues. The last pages of Dark Market caution that a criminal organization such as the one described is already today an anachronism; the criminal world moves as quickly as any Silicon Valley firm. I suspect the same is true of the threat described in Worm.
Still, both these books are worth reading and vastly entertaining. Cyber-insecurity is a growing threat, and deserves a far more informed public than the issue has had yet.
Jeffrey Hunker is the author of Creeping Failure: How We Broke the Internet and What We Can Do to Fix It. He was a senior director at the White House National Security Council in the Clinton administration, responsible for national cyber security policy. He currently does research, consults and writes on issues of cyber and national security. He lives in Pittsburgh, Pa., and likes the Steelers.