TANGLED WEB: Tales of Digital Crime from the Shadows of Cyberspace [Hardcover]

Richard Power (Author)

Book Description

ISBN-10: 078972443X | ISBN-13: 978-0789724434 | Publication Date: September 2000 | Edition: 1st

With the intense growth of e-business, we hear about an increase in hacking and technology-based criminal incidents. Institutions such as Citibank and Ebay have faced intrusions that have cost them millions of dollars in damages. With the onset of these criminal attacks, there is an increase in demand for products and services that provide more information for people. Tangled Web: Tales of Digital Crime from the Shadows of Cyberspace portrays the shadow side of cyberspace by taking you into the lairs of hackers, crackers, researchers, private investigators, law enforcement agents and intelligence officers. The book covers what kinds of cyber-crimes are going to affect business on the Internet, their cost, how they are investigated, and the motivation of hackers and virus writers. Also covered are the problems faced by law enforcement, corporate cyber security professionals, and real-world examples of cyber crimes and lessons learned.

Editorial Reviews

Amazon.com Review

Part true crime, part call to arms, Tangled Web: Tales of Digital Crime from the Shadows of Cyberspace looks over the firewall from both sides to examine the brave new crooks and their pursuers. Author Richard Power, editorial director of San Francisco's Computer Security Institute, is simultaneously engaging and shaky--a rare and lovely combination. Between interviews with hackers and security experts, Power plies the reader with numbers that suggest that the world's networks are swarming with money-sucking leeches, most of which are never even noticed, and certainly not caught. If his voice never quite becomes hysterical, it's to preserve his credibility; after all, Power's Institute needs a strong public awareness of cybercrime in order to stay in business.

This is not to say that Tangled Web is inaccurate or strongly biased. The author gives credit, where it is due, to law enforcement agencies and security consultants who have made some genuine progress in preventing crime and apprehending criminals. Fortunately, it's tough, as of yet, to commit violent crimes over a network, but the reader still will find reason to think twice before glossing over security procedures, even at home. Power provides example countermeasures for all desired levels of connection, value, and privacy; and, while some are out of reach of individuals and smaller businesses, others cost only a little time or convenience. As with health insurance, it's better to take care of it beforehand, and Tangled Web should inspire even the most confident reader to action. --Rob Lightner

Review

"A fascinating account of cybercrime that is packed with previously unpublished material about some of the biggest cases—a great read!" -- Dorothy Denning, Professor of Computer Science, Georgetown University

See all Editorial Reviews

Product Details

• Hardcover: 431 pages
• Publisher: Que Corporation; 1st edition (September 2000)
• Language: English
• ISBN-10: 078972443X
• ISBN-13: 978-0789724434
• Product Dimensions: 9.6 x 6.4 x 1.5 inches
• Shipping Weight: 3.3 pounds
• Average Customer Review: 3.9 out of 5 stars  See all reviews (16 customer reviews)
• Amazon Best Sellers Rank: #934,848 in Books (See Top 100 in Books)

More About the Author

Richard Power is a trusted journalist, an acclaimed author and speaker, and an adviser to governments and corporations. He has delivered briefings and led training in forty countries. Power writes and speaks about security, sustainability and spirituality. He has been quoted in world news media, including The Wall Street Journal, The Financial Times, New York Times, Washington Post, Reuters and Associated Press, and interviewed on broadcast media including CNN, PBS, NPR, and BBC.
He writes bi-monthly features for CSO Magazine, and serves as a member of CSO's Technical Advisory Board.
The emphasis in Power's writing on cyber security, privacy and risk is on the ways in which technology is changing society and culture, how the 21st Century risk matrix differs from the 20th Century risk matrix, and what the implications are for security and privacy.
Power's personal blog, Words of Power (http://words-of-power.blogspot.com) is widely respected as a source of commentary on human rights (with an emphasis on Darfur, Burma, etc.), sustainability (with an emphasis on the Climate Crisis), progressive politics (with an emphasis on the health of our democratic institutions, in particular the news media) and the spiritual challenges of the 21st Century (e.g., how to lead in a world where leaders have largely abdicated that responsibility).
Power's Left-Handed Security: Overcoming Fear, Greed and Ignorance in an Age of Global Crisis is available via Lulu.com --
http://stores.lulu.com/store.php?fStoreID=1450759
Much of his work now focuses on the intersection of security, sustainability and spirituality, as well as what Shamanism, Kashmir Shaivism, Vajrayana Buddhism and other ancient wisdom traditions have to offer us in the 21st Century.

Customer Reviews

Most Helpful Customer Reviews

17 of 18 people found the following review helpful:

3.0 out of 5 stars Entertaining, but not a textbook on information warfare, November 15, 2000

By 

J. G. Heiser (Sunninghill, Berks) - See all my reviews
(REAL NAME)   

This review is from: TANGLED WEB: Tales of Digital Crime from the Shadows of Cyberspace (Hardcover)

There is very little original thinking or detailed analysis in "Tangled Web." It is a pastiche of sound bites from security experts who are associates of the author. Chapter 2 goes a bit beyond sound bites, but it is still a rehash of other sources, and anyone who is moderately well-read in infosec will find that they have already been over all of this ground.

In addition to the quotes and sound bites, the author makes extensive use of the CSI/FBI survey (Power is the inspiration and driving force behind it). This study was conducted within a self-selecting audience that was expected to ESTIMATE the cost and frequency of the attacks they believe their organization experienced. It may be the best information we have, but it does not really represent a scientifically rigorous survey that can be accepted as providing an accurate understanding of the true cost or extent of computer crime. It looks impressive, but it is also designed to support the common agenda of Power's organization (the Computer Security Institute), and the FBI. Certainly the material is not intended to discourage people from attending CSI workshops.

Besides the lack of rigor in the much-quoted survey, the constant exaggeration of the monetary cost of hack-attack damages is misleading. Power delves into the pseudo-scientific again by using 7 significant figures to report on estimated costs of hacking sprees. I'm no fan of Mitnick, but quoting the inflated loss estimates provided by his victims does not make them fact. I think highly of Marcus Ranum, but he's hardly a cost accountant, so I question using his financial estimates on how much a hack attack costs a victim. To be fair, Power does follow the Ranum interview with an interview of an experienced accountant, but the fact is that nobody has any idea what the cost of information security failures really is.

If you are familiar with the CSI newsletter, you'll recognize the author's hand in this book--lots of quick anecdotes about bad things happening to good people, but no analysis. The writing follows this same newsletter writing style. Short sentences. Really short paragraphs. I find this writing style distracting, but it is a matter of personal preference, and it matches the material. This is a book that is easy to read in short bursts, which will be advantageous if you don't have a lot of time to spend on this subject.

This is a good book for an executive or neophyte who wants to read a single book that helps them understand the current nature of Internet crime, provides them a quick exposure to some of the personalities and philosophies of some prominent infocrime fighters, and concludes with solid suggestions on what needs to be done. But if you want to be a specialist in information security, then you need to read books with greater depth than this one.

This is not a meaty tome, it contains no original ideas, and the reported cost of Internet attacks is not substantiated. However, it is a quick and interesting read if you are curious and only have time for a single book.

8 of 8 people found the following review helpful:

5.0 out of 5 stars A Godsend for those wishing to avoid (maybe) the snares..., September 19, 2000

By 

"curtisj@usfca.edu" (sf, ca United States) - See all my reviews

This review is from: TANGLED WEB: Tales of Digital Crime from the Shadows of Cyberspace (Hardcover)

This book is an absolute "tour-de-force". Not only has the author provided the most complete history of recent (90's) cybercrime and well-informed analysis of the costs to society (and us cyber-consumers!), but he manages to do it with style, movement and even a touch of sardonic humor.

The deep analysis and constant eye towards the "human factor" in cybercrime is powerful and important. The extent to which psychology and organizational behavior guide the development of cybercrime and the sadly "Keystone"-like countermeasures of the majority of organizational cyber-cops/marks is an important lesson. In Chapters 10 and 11, for example, we get a close look at how human frailties and organizational hubris/naivete leave even "techno-savvy" organizations open to massive, needless losses. HR departments around the country should take heart; there will be many off-site training sessions in the offing if corporate America is to secure itself, and slick new hardware/software represent only a fraction of what it's going to take.

When the book moves into the Global and Governmental arena, the full scope becomes almost overwhelming. Luckily the author keeps it moving quickly and presents the information with remarkable clarity/economy given the sheer range of material he's putting together.

This book may not absolutely keep you out of the tangled-web, but at least you'll have some idea of where the stickier strands in your neighborhood are and how to *just maybe* avoid them.

The critical review of the role of the (largely clueless and unknowing) media in the reportage of cybercrime is very welcome. Popular myths and misconceptions have got to go if this problem is to be properly illuminated and addressed.

7 of 8 people found the following review helpful:

4.0 out of 5 stars A wake-up call to management who dont appreciate infosec, December 15, 2000

By 

Ben Rothke "Author of 'Computer Security: 20 ... (USA) - See all my reviews
(REAL NAME)   

This review is from: TANGLED WEB: Tales of Digital Crime from the Shadows of Cyberspace (Hardcover)

Back in the 1970s, there was a television show called ScaredStraight, which brought together troubled youths and convictedfelons. The experience was supposed to shock the youths into becomingmodel citizens. In a similar vein, Tangled Web: Tales of DigitalCrime from the Shadows of Cyberspace is a scared straight lesson forcyberspace.

The book details the various types of computer crimes,including "hacktivism," espionage and sabotage, fraud, tradesecret theft, and computer break-ins. Case study after case studyreveals how every element of corporate America is at risk to someaspect of digital crime.

After reading Tangled Web, no manager canhonestly think computer crime could never happen to him orher. Whether it be via the activities of Vladimir Levin, the Russiancybercriminal who stole millions from Citibank, or those of Tim Lloyd,a disgruntled network administrator who caused millions in financiallosses to his employer, in incident after incident author RichardPower shows the reader how we are indeed in the midst of acyberwar.

As corporations rush to get on the informationsuperhighway, security is often neglected to the degree that manyorganizations don't have a position as elementary as chief securityofficer. Tangled Web shows in great detail the effects of excludinginformation systems security from a corporate infrastructure, and itisn't pretty...