Customer Reviews

TANGLED WEB: Tales of Digital Crime from the Shadows of Cyberspace

5 star:		(6)
4 star:		(5)
3 star:		(3)
2 star:		(2)
1 star:		(0)

 

 

There is very little original thinking or detailed analysis in "Tangled Web." It is a pastiche of sound bites from security experts who are associates of the author. Chapter 2 goes a bit beyond sound bites, but it is still a rehash of other sources, and anyone who is moderately well-read in infosec will find that they have already been over all of this ground.

In addition to the quotes and sound bites, the author makes extensive use of the CSI/FBI survey (Power is the inspiration and driving force behind it). This study was conducted within a self-selecting audience that was expected to ESTIMATE the cost and frequency of the attacks they believe their organization experienced. It may be the best information we have, but it does not really represent a scientifically rigorous survey that can be accepted as providing an accurate understanding of the true cost or extent of computer crime. It looks impressive, but it is also designed to support the common agenda of Power's organization (the Computer Security Institute), and the FBI. Certainly the material is not intended to discourage people from attending CSI workshops.

Besides the lack of rigor in the much-quoted survey, the constant exaggeration of the monetary cost of hack-attack damages is misleading. Power delves into the pseudo-scientific again by using 7 significant figures to report on estimated costs of hacking sprees. I'm no fan of Mitnick, but quoting the inflated loss estimates provided by his victims does not make them fact. I think highly of Marcus Ranum, but he's hardly a cost accountant, so I question using his financial estimates on how much a hack attack costs a victim. To be fair, Power does follow the Ranum interview with an interview of an experienced accountant, but the fact is that nobody has any idea what the cost of information security failures really is.

If you are familiar with the CSI newsletter, you'll recognize the author's hand in this book--lots of quick anecdotes about bad things happening to good people, but no analysis. The writing follows this same newsletter writing style. Short sentences. Really short paragraphs. I find this writing style distracting, but it is a matter of personal preference, and it matches the material. This is a book that is easy to read in short bursts, which will be advantageous if you don't have a lot of time to spend on this subject.

This is a good book for an executive or neophyte who wants to read a single book that helps them understand the current nature of Internet crime, provides them a quick exposure to some of the personalities and philosophies of some prominent infocrime fighters, and concludes with solid suggestions on what needs to be done. But if you want to be a specialist in information security, then you need to read books with greater depth than this one.

This is not a meaty tome, it contains no original ideas, and the reported cost of Internet attacks is not substantiated. However, it is a quick and interesting read if you are curious and only have time for a single book.

This book is an absolute "tour-de-force". Not only has the author provided the most complete history of recent (90's) cybercrime and well-informed analysis of the costs to society (and us cyber-consumers!), but he manages to do it with style, movement and even a touch of sardonic humor.

The deep analysis and constant eye towards the "human factor" in cybercrime is powerful and important. The extent to which psychology and organizational behavior guide the development of cybercrime and the sadly "Keystone"-like countermeasures of the majority of organizational cyber-cops/marks is an important lesson. In Chapters 10 and 11, for example, we get a close look at how human frailties and organizational hubris/naivete leave even "techno-savvy" organizations open to massive, needless losses. HR departments around the country should take heart; there will be many off-site training sessions in the offing if corporate America is to secure itself, and slick new hardware/software represent only a fraction of what it's going to take.

When the book moves into the Global and Governmental arena, the full scope becomes almost overwhelming. Luckily the author keeps it moving quickly and presents the information with remarkable clarity/economy given the sheer range of material he's putting together.

This book may not absolutely keep you out of the tangled-web, but at least you'll have some idea of where the stickier strands in your neighborhood are and how to *just maybe* avoid them.

The critical review of the role of the (largely clueless and unknowing) media in the reportage of cybercrime is very welcome. Popular myths and misconceptions have got to go if this problem is to be properly illuminated and addressed.

Back in the 1970s, there was a television show called ScaredStraight, which brought together troubled youths and convictedfelons. The experience was supposed to shock the youths into becomingmodel citizens. In a similar vein, Tangled Web: Tales of DigitalCrime from the Shadows of Cyberspace is a scared straight lesson forcyberspace.

The book details the various types of computer crimes,including "hacktivism," espionage and sabotage, fraud, tradesecret theft, and computer break-ins. Case study after case studyreveals how every element of corporate America is at risk to someaspect of digital crime.

After reading Tangled Web, no manager canhonestly think computer crime could never happen to him orher. Whether it be via the activities of Vladimir Levin, the Russiancybercriminal who stole millions from Citibank, or those of Tim Lloyd,a disgruntled network administrator who caused millions in financiallosses to his employer, in incident after incident author RichardPower shows the reader how we are indeed in the midst of acyberwar.

As corporations rush to get on the informationsuperhighway, security is often neglected to the degree that manyorganizations don't have a position as elementary as chief securityofficer. Tangled Web shows in great detail the effects of excludinginformation systems security from a corporate infrastructure, and itisn't pretty...

This is a great book! I didn't know much about digital crime, just what I'd read about the Love Bug and things like that. But I couldn't put this book down!

It talks about the mind of the computer criminal and why people do things like break into computer systems and cause damage, and it tells you how much damage all this costs. But the best parts of the book are where it describes actual computer crime cases, like the one where the Russian broke into the bank and stole millions of dollars, using computers. It also tells you about cases of identity theft and espionage and computer warfare.

What I also liked is that it gives you lots of sources where you can find out more about computer crime, and it includes the laws that apply to these kinds of crimes. I can't recommend it highly enough.

This really is the "topic du jour" and it clearly is an important one, but like some of the other readers I found Schneier's book (Secrets & Lies) to be much more informative, both for senior managers and those involved in the day-to-day issues. For most of the book I got the feeling I was being lectured by a security guard explaining a lot of the concepts, and I found some of the fiscal impact figures to be sketchy at best. I think the proof of this is the readjustment of the demonstrable financial impact when persuing court cases - these numbers tend to be a fraction of those presented within the text.

If one knows nothing on the subject and wants to hear "the inside scoop" on a number of news stories, it is an okay start. To my mind, the best part of the book were the appendices and the references to other resources throughout the book - those other resources are a lot more valuable than the text in the book itself.

Tangled Web is an excellent treatment of the kinds of crimes and the kinds of criminals that are popping up in cyberspace. Richard Power, an respected expert in computer security, combines descriptions of his own experiences with publicly-reported accounts of digital crimes into a fascinating tour of the dark side of cyberspace. He gives the reader the benefit of his years of research into the damage caused by computer crime; the book gives detailed, frightening statistics about the havoc computer criminals have already caused, along with well-grounded speculation about what kinds of damage we may see in the future.

The book contains chapters that deal with the different types of computer crime--hacking and cracking, viruses, identity theft, child pornography, sabotage, cybervandalism, corporate espionage and information warfare. In addition to describing specific cases involving the commission of these crimes, Power explains how law enforcement officers investigate the crimes and apprehend those who commit them. He includes a variety of "real world" sources, CERT advisories, excerpts from an affidavit submitted in support of a search warrant and even excerpts from a transcript generated by an FBI wiretap used in the Phonemasters investigation, which focused on hackers who were stealing and selling private information.

For those who want to know more, the book includes a lengthy set of appendices, which contain a variety of material, including federal laws and treaties dealing with digital crime. The appendices also list web sites and publications that provide additional information on the topics Power discusses.

Advances made in computer and Internet technologies have contributed to the expansion of gathering, storing, processing, and exchanging all types of information. Unfortunately, there are many unscrupulous people around these days who make unlawful attempts to obtain certain information, damage information and computer systems, obstruct services, cause mischief, and otherwise interfere with normal electronic communications.

Tangled Web discusses the roles of computer, Internet, and telecommunications technologies in the realm of computer crime - including pornography, identity theft, hacking, credit card data theft, altering Web pages, deliberate shutting down of services, fraudulent money transfers, worm and virus infections, and sabotage carried out by disgruntled employees. Actual accounts of real people perpetrating such crimes, including interviews, drives home the impact that criminal computer activity can have on the lives of so many other people.

Power describes in detail the kind of people involved in committing computerized crime - their motivations, how they go about their work, some of the law enforcement strategies involved in catching them, and the consequences of their actions - including monetary losses, downtime, and threats to human safety.

The book contains a helpful glossary of terminology specifically related to computer crime. A listing of resources provides readers with a wealth of additional information about computer crime, threats to online privacy, and measures that can be taken to help prevent future breaches of safety and security. Inclusion of the Computer Fraud and Misuse Act and other U.S. laws and treaties spells out the serious nature of criminal computer crime and some of the steps the federal government has taken to discourage further criminal activity.

I found the book quite chilling. I couldn't easily put it down. Anyone familiar with Simson Garfinkel's Database Nation (O'Reilly & Associates), will find this book thoroughly intriguing, thought-provoking, and compelling reason enough to take more serious measures to protect their computer systems and data against possible attack. Extraordinary reading and relevant to our culture today!

Richard Power does a wonderful job of name-dropping through the entire book. Instead of presenting the interesting stories of cybercrime, all you get are dry facts and figures about how much money you're wasting by not protecting you network. Most of the figures are unsubstantiated and presented out of context - they have been plucked from a yearly survey conducted by Power.

If you want to read about digital crime/security then I recommend Bruce Schneier's "Secret's and Lies: Digital Security in a Networked World" or Steven Levy's "Crypto : How the Code Rebels Beat the Government - Saving Privacy in the Digital Age."

In the last ten years I was involved in Cyber Crimes Investigations in my country.Part of the years I was responsible of the Cyber Crimes Team in our National Police.Today I teach Computer Law in my Country.In any lecture and presentation I make almost every week,people are asking for a clear book concern Cyber Crimes with data,examples ect.I read most of the books.Only now I can send people to a real book.Not heavy.Useful for Judge,Lawyer,Student,Police officer,Security Officer ect.Its the great contribution to the fight against Cyber Crimes.I think this is the book of the year in Cyber Crimes.It has not to be a book for scientist.It has to be for the man on the street and update.Its update.well done.

FUD is known in the hacker world as "Fear, Uncertainty and Doom" - mostly it's used to refer to media reports on any hacker exploit. You've read the articles - some newbie hacker scripts his way into a server and the report just about gaurantees you that the next step is going to be a premature firing of nuclear weapons. Well, this book does little to quell that line of thinking. It's an interesting collection of stories, but little else. It plays too much on general mis-information and that's never good. I give it three stars only because it's got a lot of "history" in it regarding hacks and exploits...be warned though - the FUD is heavy and thick. Best Regards, turtlex.