Customer Reviews

Black Ice: The Invisible Threat of Cyber-Terrorism

5 star:		(13)
4 star:		(2)
3 star:		(0)
2 star:		(1)
1 star:		(2)

 

 

Verton's book is full of hyperbole, repetition, unsupported statements, and contradictions. It is poorly written, poorly organized, and poorly edited. His "research" consists mostly of quoting his own magazine articles (29 times) and the magazine he writes for (16 times). By comparison, he quotes from only three books. Example of hyperbole: In commmenting on a admittedly fictional scenario called Dark Winter, the author claims that, "entire communities and cities could be rendered as helpless as those affected by the Black Death of the 14th century, a bubonic plague that killed one third of Europe's population." Yet, he fails to support that claim with any evidence or even a reference to the report on the exercise.

He repeats the same story about an al Qaeda interview with an Italian journalist in his introduction and again at p. 98. He writes nearly the same sentence about radical terrorists living in the U.S. once in the main text on p. 5 and again in a footnote on the same page. He tells a story about the Ptech company at p. 111 and again at p. 223-25, and uses nearly the identical paragraph in each. Where is the editing to catch these duplications?

Worse yet, his uses the Ptech story to draw two contradictory conclusions. In the first telling, he says that Ptech is an example of al Qaeda using American companies as fronts for terrorist financing. He claims that "evidence was uncovered" to show this connection. Yet, two pages later, he asserts that the FBI has been "unsuccessful in finding any evidence linking Ptech to terrorism financing." Then in the second telling of the Ptech story, he uses it as an example of how the War on Terrorism has turned into a "virtual witch-hunt," using a "scorched-earth strategy" [more hyperbole] that has "left many innocent casualties in its wake." The reader is left confused whether Ptech serves as an example of al Qaeda using American companies as fronts for terrorist financing, or an example of the War on Terrorism spoiling the reputation of innocent American enterprises.

Even his definition of cyber-terrorism is contradicted by his own material. He defines cyber-terrorism as either the use of cyber-tools to destroy critical infrastructure, or traditional terrorism that has a destructive effect on electronic and Internet infrastructure. See Introduction at xx. But in his appendix, he quotes the FBI definition of cyber-terrorism, which is narrower--the use of cyber-tools to shut down or destroy critical national infrastructures.

From his overly broad definition of cyber-terrorism, the author strays into three fictional scenarios of terrorism that seem to be the centerpiece of his book. They are supposed to scare us into thinking that cyber-terrorism can really happen. But if they are fictional, how can they alarm us? And, even as fiction, none of them even fits the FBI's definition of cyber-terrorism. The first, Black Ice, starts with a ice storm, not a cyber-attack. The second, Blue Cascades, was described vaguely as "a cyber system failure ... caused by a prolonged power outage." The third, Dark Winter, was a smallpox outbreak.

Many years ago, a famous fast food restaurant ran an ad that said, "where's the beef?" After reading this book, I have to ask, "where's the cyber-attack?"

Cyberterrorism, does it exist? A weapons-grade hype or a nightmare from the near future, which we are all soon to face? This fascinating book seeks to answer the above question by collecting and evaluating many stories during author's "6 year research" trying to piece the puzzle together.

Undoubtfully, the book is written by a journalist, thus it sometimes feels sensationalistic, "newspaperish" and fluffy. Some things (such as the "doomsday" scenario from chapter 1 and "al-Qaeda certified hackers") are "lighter" than others, but all are well-written and fun to read. At times, it feels that the author seeks to replace proving things by quoting many potentially unreliable sources talking about the thing. Thus "such and such ex-government guy said cyberterrorism is real" subtly mutates into "cyberterrorism is real!" Similarly, if a PC was discovered in some hideout or it becomes known that terrorists surfed the web, suddenly the specter of cyber-terror rises high, although the facts themselves can be interpreted in a less ominous manner.

Another subject covered extensively in the book is whether al-Qaeda is really going in the direction of cyberterror. I find the case built by the author somewhat convincing, but not completely compelling. However, if truck bombs against data storage facilities and IT infrastructure as well as EMP weapons are added to the fray (as suggested in the book), suddenly cyberattacks are not about hacking anymore and the damage potential rises dramatically.

As for the conclusion, one of the main points I realized after reading the book is that everything is modern society is so a) interdependent and b) dependent upon computers that a push applied in a certain place from within the "cyber-world" does stand a chance of wrecking something in a "real world". Thus, while cyberterrorism might remain a myth, possibilities of doing damage to physical infrastructure by purely virtual actions will grow and multiply - a scary thought indeed.

Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org

This guy is among the best tech journalists out there and this book is proof. Nobody has documented the cyber-terrorist threat like this. And from the negative comments I've seen here on Amazon it is clear that those people didn't read the book or care to acknowledge the compelling nature of the argument.

If you're blind to the future, you won't be interested in reading this book or giving it any credit, and that's probably par for the course for you.

But if you are an independent thinker who understands the nature of the terrorist threat, you will want to read this book and you will undoubtedly benefit and learn something from it.

Dan has an amazing gift as a journalist and also to explain technical material in an approachable manner. I've read or been briefed on a lot of this material at one time or another, but to have it in one place, well laid out, with example after example, really helped me focus on just how vulnerable our country and my organization is. The "shock" value of this material is high, but he took no shortcuts in making his case. Buy the book, read the book, then grab your organization's disaster recovery and business continuity plans and get out your red pen. I promise you will be inspired to improve those plans.

If I had a criticism of the book it would be the ending, it is a bit too much gloom and doom. So, I propose the following alternate ending:

Each of us has the ability and the responsibility to make our environment a bit more resistant to attack. The actions we can take range from reviewing our web pages to make sure we are not giving too much information away to simply running Windows update. Don't let a week go by without doing something, anything, to strengthen your defenses.

Without a doubt a book of monumental importance to the nation during this time of war and increased threat from terrorism. I recommend this book to anybody who is interested in homeland security and how terrorism may be changing and evolving its strategy against the U.S.

Well-written, full of intrigue and first-hand interviews with top security officials from both the Clinton and Bush administrations. Verton had unfettered access to those directly involved in the Sept. 11 response, including Richard Clarke.

You will not find another book on this subject that is this well researched and written. And because Verton is a journalist, he wrote this book so that you don't have to be a computer expert to understand the issues.

Buy this book. You will not be disappointed.

Dan Verton, journalist and author of The Hacker Diaries: Confessions of Teenage Hackers, has written a very enlightening book in Black Ice: The Invisible Threat of Cyber-Terrorism.

The book begins with a fictitious attack that is multi-faceted and very well orchestrated. While it is somewhat sensationalist or alarmist, the point of the story is to show what is possible- not probable. Verton illustrates how cyber-attacks against key communications and critical infrastructure sites can be used in conjunction with conventional attacks to maximize the ensuing damage and confusion.

After capturing your attention with the story of what could be, Verton goes on to describe various government and private sector studies and disaster-preparedness exercises that have proven time and time again what a fragile state the infrastructure is in and how the domino effect of one area can cascade to take out entire regions.

One of the main points of the book is to show how the critical infrastructure is inter-dependent. If a main gas pipeline is destroyed, electrical power plants lose their source of energy. Once the electricity is shut down the telephone, cell phone, Internet and many other industries will shut down. Water treatment facilities will not be able to function. The list goes on and on.

This is an enlightening book that everyone should read. It is important for the powers that be to understand this domino effect and take steps to protect against cyber-terrorism of this sort.

(...)

MUST READ!! Should be mandatory reading for ALL IT Managers and anyone involved in System design, Disaster Recovery Planning, Company Operations, or anyone involved in making decisions. This book should sound the alarm to everyone who reads it. I found the book to be well written, very entertaining, and factual.
The detailed events and status of the IT and Telecommunications surrounding 9/11 were all to real. This book should cause all who read this to reevaluate their own environments and their interdependcies on other infrastructures.

Full of hype, lack of research and poor writing. His chapter on wireless security for example has many technical errors. He makes a note that wireless SSIDs are password which is not true. SSID were never designed to be passwords and have no security value whatsoever. I can only imagine that other claims in the book are also poorly researched.

Anyone who witnessed 9/11 knows that its success was attributed to the shear physical and human desctruction and the impact the video of the imploding towers played again and again on tv. I find it hard to believe that the country would be be as terrified if we couldn't access our ATM account. I'll buy the arguement that terrorists could use information warefare to enhance an attack but given limited resources, I'd rather have the money spent on where the real risks lie.

Before 9-11 This Book might not be looked at the same way it is today. Black Ice :The Invisible Threat of Cyber Terrororism brings around many misconceptions why an attack on our most important infrastructure could be carried out by Terrorists and not an Impossibilty. While This Book deals mostly with What if Scenerios, It also makes you think of things you thought were impossible. Take for example the sophistication of Hacking and Breaking into Our most Vital Systems. Terrorists know you must have training at a very high level and will Train Them at Schools in the U.S. Itself. Sound Familiar?
That's the sought of future thinking that this book will have you turning page after page and many ways o limit or stop a future attack on the internet. A great book with insightful information.

I have read this book and the reviews on Amazon.com. The author makes a good argument for enhanced cyber security in the USA. This is an issue that will be ignored by policy makers and the general public until an attack makes people pay attention to the realities of a computer controlled civilization. While other reviewers blast the writing style and hypothetical situations in the book it seems they have missed the point. It is not if a devastating cyber attack will occur, it is when.