Customer Reviews

Inside Cyber Warfare: Mapping the Cyber Underworld

5 star:		(6)
4 star:		(4)
3 star:		(2)
2 star:		(3)
1 star:		(1)

 

 

I bought this book trying to further my understanding of Cyber Warfare and how it has become integral force multiplier/enabler in today's digital battlefield. Unfortunately, I quickly realized that this book was basically a regurgitation of what is available on the Internet with a little "googling". The book itself is tiresome to read and feels like you are just trying to weed through so much "chaff" as you attempt to find something compelling to take away. Granted, I think if you have done no initial reading on the subject and it is totally new to you- this book may be a good primer. Seriously though, if you are a student that wants to gain a better understanding of how cyberspace plays a role in a geo-political strategic context- this is not the book for you. If Jeffrey Carr is an expert in Cyber Warfare- he needs to way up the ante on another book and make it more than just a conglomeration of articles that are pretty much freely available on the Internet.

I have been in computer networking for 15 years. I am quite a book worm and have been reading about the industry and the technology the whole time.

I have consistently found O'Reilly books to be the WORST. They are incomprehensible, uninformative, and boring. The cover art is always 100% irrelevant to the topic. Weird.

I can't imagine WHY they are still in business. Yuck.

There are many talented technical writers out there. Seems none of them work with O'Reilly.

At the time of this writing, one of the biggest stories in the media is that Google and several other large technology companies were attacked by Chinese hackers. Although this seems to have caught almost everyone by surprise, it's no surprise to those of us in the trenches, responding to these types of incidents every day. "Inside Cyber Warfare: Mapping the Cyber Underworld" is by far the best available guide to this highly sophisticated threatscape.

The book's author is Jeffrey Carr, author of the well-known IntelFusion blog ([...]) and founder of Project Grey Goose, both of which provide high quality intelligence analyses on a number of cyberwar-related topics. The book reviews, organizes and expands upon many issues already covered on his blog, but does so in a way that actually adds value. This isn't a retread of old postings; it's an entirely new creation.

I used the term "intelligence analysis", and that's really what this book is: one big dossier on the means, motives, opportunities and identities of some of the major players in the cyber warfare arena. Specifically, this book's focus is on nation-states with known cyberwar capabilities, such as China, Russia and the United States. However, there is also some limited coverage both of other countries (e.g., North Korea) and other actors, such as organized crime.

The first couple of chapters begin by providing some basic background on cyberwar, defining terms, citing recent examples (such as the Russian attacks on Georgian websites in 2008) and discussing the transition from direct action by states to state-sponsored third party actors. This last concept is perhaps the most critical one in the entire book: states rarely do their own dirty work anymore. They tend to work through third parties, which is much less risky because it offers them plausible deniability. This is a major feature of today's cyberwar, and the book does an excellent job explaining why this happens and what the ramifications are for the victims of these attacks. This is a critical theme that carries through much of the rest of the book.

Chapters 3 and 4 focus more on the legalities of cyber warfare, definitions and relevant treaties. In fact, Chapter 4 (Responding to International Cyber Attacks as Acts of War) is one of the standout sections of the book. Written by guest author Lt. Cdr. Matthew Sklerov, USN, this chapter draws on numerous examples of case law and legal opinions to make a compelling case that the best defense against a cyberwar is to actively identify the aggressor and to attack them right back. Readers conditioned to think of legal arguments as dry and boring are in for a real treat, as this is quite a fascinating read.

The next several chapters establish a framework for performing intelligence investigations into the sources and motives behind cyber attacks, then explore several fruitful mechanisms for performing this research, such as by performing reconnaissance on relevant hacker forums, building social network graphs and the ever-popular "follow the money" approach. In doing so, Carr often shows how these mechanisms are really double-edged swords, providing as much or more benefit to the adversary as to the investigator. You can find some of this material elsewhere (Hacking: The Next Generation (Animal Guide) has quite a lot to say about social networks, for example), but in context with the rest of the book, these chapters still work quite well.

Finally, the last few chapters explore the role of cyberwar at the national level. Carr discusses and gives examples of relevant military doctrine from Russia, China and the US, showing how each nation views the key questions from different perspectives. Chapter 13 (Advice for Policy Makers from the Field) is particularly interesting, as three prominent experts each tackle one controversial cyberwar issue and give advice directly to policy makers, using this book as a sort of open letter.

"Inside Cyber Warfare: Mapping the Cyber Underworld" is the best book I've seen for those of us charged with defending against the highest-end threats to information security. It provides a comprehensive intelligence briefing on actors, capabilities, motivations and possible responses to acts of cyberwar. I highly recommend this for government, military and corporate readers who are responsible for either securing their own networks or for setting security policy. The threat is real, and these groups are active. Inside Cyber Warfare is the guide you need to help you understand the context in which your organization operates on the modern battlefield.

Before reading this book I had very little knowledge of each of the attacks mentioned in the book, and even less knowledge regarding what long way we still have to go in establishing those laws for cyberspace war liek we have done for conventional warfare. A real eye opener since I am more on the technical side of things in the security realm. Real world issues are presented in an easy to read manner and pave the way for you to have a better behind-the-scenes understanding when, for instance, you see in the news that the pentagon has allowed us to respond to a cyber attack with traditional force. An ah-hah moment indeed.

The internet binds our government, businesses and people together crossing national boundaries easily, presenting challenges for our legal and defense regimes. Our infrastructure and our economy linked via the internet offers great benefits and exposes us to great risks which are exploited by intelligence services, criminal organizations and terrorist groups. For the past 10 plus years information skirmishes have been fought across the globe and we have been mostly unaware. It is critical that we understand the environment in which we live and that we educate our leaders to construct proper defenses or we will continue to be vulnerable

Inside Cyber Warfare was a difficult book to read. It's written in a sort of encyclopedic style, with major topics followed by a series of examples. The mix of examples, along with the dry writing style, comes across a little like a monotonic pubic speaker. The absence of vocal intonations, inflection and varying pitch puts you in a coma about a third of the way through the speech. It's the same with the writing style in this book. It's definitely not bedtime reading.

Some of the topics in Inside Cyber Warfare, however, are interesting. For instance, I enjoyed the discussion of the Russian/Georgia War of 2008. The Russians launched a computer attack against Georgian government websites. The attack was strategic, and effective, and defined cyberspace as the new battleground in asymmetric warfare. I also liked the chapters titled, "The Rise of the Non-State Hacker," and "Weaponizing Malware." But there definitely weren't any "wow moments," when I set the book aside and said to myself, "Now that was really something."

However, that's not to say that Inside Cyber Warfare is all bad, or boring to the bone. To the contrary, there's quite an interesting discussion of China, Israel, Russia, The Estonian cyber war of 1967, the Russia-Georgia War of 2008, Iran and North Korea. They've all got their cyber war issues. In those pages you'll read all about Denial of Service attacks (DDoS), SQL injection, and cross-site scripting, networks and IP addressing. It would help if you knew a little about those things, especially DDoS. Not to worry, though, you can still get through the book.

Inside Cyber Warfare also contains an introduction to the juxtaposition of cyber war, cyber crime, and cyber terrorism. There is a distinction between the three, although sometimes it's difficult for even the experts to separate one from the other. For instance, if a mischievous hacker in state A launches a DDoS attack on a target in state B that just happens to kill somebody, or causes a massive disruption in essential pubic services such as water, power, medical, etc., which one of those categories would such an attack it fit into? Does motive play a factor: mischief vs. malicious? When does simple mischief become a crime, or an act of terrorism, or an all out cyber war? What if the hacker worked for the government of state A? Would state B have the legal right to launch a counter attack against state A? You may have never thought about such things before now, but after reading this book you will at least be aware of some of ins and outs of those engrossing topics. I certainly feel more informed, so to me, the book was worth the effort.

For all my complaining, I did enjoy the book. I just wish it would have been an easier read.

Carr's work is very much based in a close analysis of technology and technologically enabled opponents. Accordingly it largely treats solutions not as policy issues, but as technical ones facing the defense establishment. This is both its strength, and its weakness.

The strengths of Inside Cyber Warfare, however, are many. The work analyzes many examples of cyber conflicts. It also has very close analysis of the organizations and cyber conflict doctrines of potential adversaries, to Carr, clearly China and Russia. While Clarke and Knake saw a large part of the critical threat from cyber conflict to be a result of the wide dispersion of both tools and motives for engaging in cyber attacks among highly varied non-state actors around the world, Carr focuses upon potentially adversarial states.

On balance, this is a very useful book. It provides a hard-nosed counterpoint to anyone suspecting that Clarke and Knake are ultimately appeasers, and a good insight into the very widespread, perhaps dominant, Realist perspective on cyber conflicts. Anyone wishing to fully understand cyber conflict and the various schools of thought on it should not neglect it. But it is probably most useful not as a manual or a final statement on cyber war, but as a resource which can open up a wide variety of sources and perspectives.

For a full review see Interface: [...]

I found this book to be very disappointing in many regards. I expect a certain degree of quality in O'Reilly books and this one did not meet it. It's a thin book, and although there is some interesting content, enough to pass a couple of hours of late-night reading, the level of writing is about that of a mediocre Wikipedia article. The style is more appropriate for a blog or uneven journalistic account than a published book. Typos, very obvious ones, abounded throughout the text. The price is exorbitant for such a shallow pass at the subject.

I did not find it to be an intellectually stimulating work, and its best value was in directing me to other resources referenced by the work.

My guess is that the publisher wanted to capitalize off a cool subject, but this fails to attack the subject in any significant way.

Seldom would I describe a guidebook from the excellent O'Reilly Technology Series as "Ripped from the Headlines"; but this fast-paced
news analysis and technology public policy book is just that. It describes the behavior methods and practices of "State" and "Non-State" Actors on the International scene as they exploit the weaknesses of the Internet and Web Infrastructure for Political and Criminal purposes. It describes in a moderate level of technical detail the exploits of political and criminal hacker teams, some working for their own profit and political purposes, others under the direct authority of a Nation State especially during the recent period of 2002-2009 in the Middle East, China and the states of the FSU. The author Jeffry Carr is a leading analyst of Cyber Warfare and Cyber Terrorism, the Principal of the Grey Logic Consulting firm that addresses the needs of large companies and governments, and author of the widely read IntelFusion blog.

Other reviewers may have been confused by the nature of the subject matter addressed by this short but excellent and well-written volume it is not a technologist's guide to hacking activities, nor is is it a spy novel, but it carefully and interestingly relates the dimensions of a current political and economic problem brought about by the activities of political entities, criminal and terroristic elements. It will enable the reader to become well informed about an important Technology and Public Policy issue which pervades today's headlines.

--Ira Laefsky
MSE/MBA IT Consultant and Former Senior Staff Member of Arthur D. Little and DIGITAL Equipment

Jeff Carr is a great digital security intelligence analyst and I've been fortunate to hear him speak several times. We've also separately discussed the issues he covers in Inside Cyber Warfare (ICW). While I find Jeff's insights very interesting and valuable, I think his first book could have been more coherent and therefore more readable. I believe Jeff should write a second edition that is more focused and perhaps more inclusive.

ICW's best feature is its attention to threats. A lot of digital security professionals think "malware" or "exploit" when they hear the term "threat," but threats are really parties with the capability and intention to exploit a vulnerability in an asset. In other words, threats are people, not code. Jeff spends a lot of time talking about Russian threats, somewhat less on Chinese threats, and then less on other threats. As was mentioned in a previous review, a more balanced approach might have been more effective. Jeff does describe groups outside Russia and China, but not to the attention they probably merit.

One problem I had with ICW was its tendency to cite the same incidents repeatedly. Seeing a certain event mentioned several times throughout the book made me wonder if multiple authors were involved, or if tighter focus was needed. I also felt the book lacked a clear organizing principle. It seemed like the chapter titles were more of a container than a roadmap. If you want to see a report which could be a model for future editions of ICW, read the free "Capability of the People Republic of China to Conduct Cyber Warfare" by Northrop Grumman.

Chapter 4 by Matthew Sklerov was one of the more interesting sections. I liked citations of analytical models for unconventional attack (instrument-based, effects-based, and strict liability); the six criteria for determining if cyber attack is armed attack (severity, immediacy, directness, invasiveness, measurability, and presumptive legitimacy); and scope, duration, and intensity as measurements.

Unfortunately I think the author's conclusions are misguided. He proposes that "a cyber attack can be imputed to the state of origin rather than trying to conclusively attribute it" (p 62). This is important because "host-states that refuse to cooperate with victim-states are stating their unwillingness to prevent cyber attacks and have declared themselves as sanctuary states. Once a state demonstrates that it is a sanctuary state through its inaction, other states can impute responsibility to it" (p 68). This doesn't seem reasonable. Just because a nation doesn't want to cooperate doesn't mean it is responsible for a cyber attack.

Sklerov also puts too much faith in so-called "trace programs [that] can track attacks back to their point of origin" (p 69). It sounds like he is referring to network-based methods to identify DDoS attack sources, but that is 1) difficult and 2) only representative of a small fraction of the sorts of attacks one has to deal with in cyberspace. Finally, Sklerov promotes "active defense" but never really explores what that means. He seems to assign more value to an attacking system than is warranted, especially since many attacking systems are victims themselves and ultimately disposable.

I'm giving ICW 3 stars but I still think the book is valuable. I'd like to see my concerns addressed in a second edition, which I expect would be more focused and easier to read.