Customer Reviews

Cyber Adversary Characterization: Auditing the Hacker Mind

5 star:		(1)
4 star:		(3)
3 star:		(1)
2 star:		(0)
1 star:		(1)

 

 

An uneven book. The preface and last chapter are by far the best parts. Noted technology commentator Richard Thieme ("Islands in the Clickstream") gives the preface. A mere 4 pages. But very eloquent and lucid. A joy to read. The last chapter is a semi-ficticious narrative of how a hacker breaks into various computers. Unix and network experts will like the depth and ingenuity described. It can be very educational, even for experienced sysadmins.

But other chapters are poorly done. For example, Chapter 2 is on Theoretical Characterisation Metrics. It repeatedly uses various conditional probabilities, but with a wrong notation. For a probability of B given A, it uses p(B)/A. The standard notation is P(B|A). Used for decades in statistics course. First year undergraduate level.

Other chapters, presumably written by different people, do use the correct notation. But Chapter 3, on the Cyber Food Chain, has an even more disturbing flaw. It has tables of what it calls mean inhibitor values. Derived from sets of values with only 1 significant figure. But the means are given to 4 significant figures! At best, the means only have 2. What this author is doing is imputing a false accuracy of 2 extra significant figures, or 100 times greater than actuality. More strictly, it is probably close to 1000 times greater, because the mean is really no better than one significant figure.

So what? Well, given that the authors goof on such elementary steps, it should give you serious reservations about their more "sophisticated" operations, where they discuss various metrics.

Another thing. One chapter's title is mis-spelled on the top of every page in the chapter. Irritating. Makes one wonder about the proof reading.

I finished reading Cyber Adversary Characterization - Auditing The Hacker Mind by Tom Parker, Eric Shaw, Ed Stroz, Matthew G. Devost, and Marcus H. Sachs. This is a very different book than anything I've seen, read, or reviewed...

Chapter breakout: Introduction; Theoretical Characterization Metrics; Disclosure and the Cyber Food Chain; Rating the Attack: Post-Incident Characterization Metrics; Asset Threat Characterization; Bringing It All Together: Completing the Cyber Adversary Model; WarmTouch: Assessing the Insider Threat and Relationship Management; Managing the Insider Threat; The Cyber Adversary in Groups: Targeting Nations' Critical Infrastructures; Characterizing the Extremes - Terrorists and Nation States; Return on Investment; Final Words; Glossary; Index

Most books that concern themselves with the "hacker mindset" do so with personality characterizations and attack methods. When you get done, you may understand how attacks occur, but you're no further along in doing a critical risk assessment of your particular environment. This book is the first I've seen that attempts to analyze the components mathematically in order to allow you to weight different scenarios against each other. The authors do a decent job in taking individual characteristics of the attacker, the environment, and the target, explaining how each component affects an attack scenario, and then giving a formula that can be used to assign a numeric value. While you may not agree with the interpretation, it's a rigorous approach to something that can be hard to quantify.

I haven't decided whether I approve of the WarmTouch chapter. It's a software package developed by the authors that attempts to chart threat assessment from a person based on email wording, actions, and other observed behavior. The idea is interesting, but I normally have issues with a book like this being used to push an author's product. I'll just say buyer beware in this case...

Bottom line... this would be a useful read for someone in security consulting and auditing, and would help an organization take a methodical view of their environment for risk assessment. There's not much on the book market like this volume.

This book attempts to discuss a topic of great interest to me. Since there are no other books in print that address this topic, I eagerly bought the book with great expectations. Unfortunatly I have been highly disappointed.

I highly recommend you avoid this book if you have an aversion to the gross butchering of the English language. I have found this book to be so far over the line of good writing that it is distracting. I haven't even been able to make it out of the second chapter! Sentence structures are unnecessarily complex and wordy. The text is replete with grammatical errors and misspellings. The author created terms to describe his concepts, yet the terms have other connotations, making it further difficult to understand. Parsing and understanding what the author is trying to say in certain passages is difficult at best. I'm sure if I had been in meetings with this author, I would know his language and intuitively understand what he means, but the new reader, devoid of that knowledge, is at a significant disadvantage. If this book had been properly edited, it would be about half its size. One has to ask what the publisher was thinking, or not.

This is most unfortunate. The threat of cyber attacks against national interests and critical infrastructure is very high. Having a book that proposes a systematic methodology to help identify and address those threats would be most useful.

Cyber Adversary Characterization is a topic which many of the books authors have been studying for a number of years. You will notice that the backgrounds of the authors differ significantly, something which was entirely intentional. The authors of Auditing the Hacker Mind and the members of the working group to which all authors of the book belong bring a vast amount of knowledge relating to threat analysis and risk mitigation to the table. This has allowed us to examine the semantics of the cyber adversary from multiple points of view; allowing us to identify the multiple elements which really contribute to explaining what the modern cyber adversary 'looks like' and why.

In addition to its more obvious audience of the information security community, Cyber Adversary Characterization: Auditing the Hacker Mind has been written for a wide audience - from Information Technology managers, to regular systems administrators. Perhaps you are responsible for budgeting for the security related outgoings of a department; can you honestly say that you are able to attribute every dollar to a real, characterized threat? Could you tell a senior manager where you think the threat might come from, the tools they might use and indeed, the precise assets that they might target?

Our aim is to allow you to look at your technological assets from a new perspective - that being the perspective of the cyber adversary them self. As a result, we hope you will attain the capability to make informed decisions regarding the way in which you can better protect your systems and justify any changes you make.

In addition to its use for the theoretical characterization of threats to key assets, we also believe that the theory we have developed proves to be of great use in the unfortunate cases where incidents have occurred. Through studying the way in which we have dissected the cyber adversary, we hope that you will be able to look at attack data in an objective manner, identifying such things as the skill level of the adversary involved, answering why the adversary initiated an attack against the target in the first place - and perhaps most importantly if the attack was a success, how to fend of the adversary if they return.

We hope you find this publication of use. We believe that the information contained within it is of great value; and really can help in bettering the way in which people look at protecting their business critical computer networks, from the cyber adversary of today and tomorrow.

I'm not a statistician or a risk expert, so I mainly view this book in terms of illuminating possible areas of risk. It was interesting to see how a threat could be evaluated, but I spent most of my time reading the initial threats portion at the beginning of each chapter. These were interesting enough.

The text is a little uneven, which is most likely from the multiple authors. The graphics are poor quality. And the organization could use some work.

I would have liked to have been inspired to appreciate the characterization portions of the book, but I was not moved to do so.

Know thy enemy. This is only part of a famous quote by Sun Tzu. It is often quoted and is quite appropriate when discussing Cyber Adversary Characterization: Auditing The Hacker Mind (Tom Parker, Eric Shaw, et al, Syngress Press, 2004, 356 Pages, ISBN 1931836116). But to truly appreciate this book, which includes an account of Kevin Mitnick's first hand description of one of his attacks, you need to think about the entire quote from The Art of War: "Know thy self, know thy enemy. A thousand battles, a thousand victories."

The battle against hackers is not a single battle, but an on-going series of battles against an enemy that is often unseen and unknown. What the authors of this book attempt to do is offer a glimpse in the minds of hackers, what predisposes them to their behaviours, and an understanding of how this knowledge might be used to gain an advantage over this unseen enemy. To do so requires discussions of real events, psychology and modeling.

As such, this book is not for everyone, especially those who want an easy read. Psychological modeling is a difficult task to not only do, but to understand. The authors do their best in making this as easy as possible to understand, but I know I still had to re-read some sections multiple times. If you read this book, you will not walk away citing parts verbatim, but you will have a good desk reference to use when needed.

What is especially valuable in this book is the coverage of threats, both internal and external. The authors not only discuss this in terms and concepts, but offer methods to model and prioritize the threats. Have you ever thought about how myopic and narrow approaches can actually put you at greater risk?

Who Should Read This Book?

This is not a book for generalists. It really is for security specialists and students of security who want to get more than a superficial knowledge of the subject. Perhaps it might even be of interest to students of sociology and psychology. Tzu also said, "The opportunity to secure ourselves against defeat lies in our own hands, but the opportunity of defeating the enemy is provided by the enemy himself." That is the reason this book is one for the library of .serious students of the topic. If you do not fit any of these categories, you might want to steer clear. If you don't, know what you are getting into.

Scorecard

Par on an Par 4