Dawn of the Code War, by John P. Carlin, former Assistant Attorney General for National Security under Barack Obama, begins with a brief history of how the internet came to be, and tells the story of how law enforcement and the Intelligence Community (IC) have grown and transformed on many fronts: from being insular organizations to information-sharing, both interdepartmentally and between other members of the IC, as well as the private sector; from physical criminal investigations to cyberthreats; and from antiquated record-keeping on vintage computer systems to more modern methods.
The book is an easy and engaging read, as Carlin gives an insider's view and walks the reader through the nuances of several major cyber attacks, including the actors, methods, and usually catastrophic results. It's a great recap and explanation of the terms that may have been heard in passing, such as Stuxnet, Mirai, Zeus, and the ever-present fake news. The book is conveniently broken down into chapters that address each principal nation-state threat – China, North Korea, Iran and Russia – and the similarities and differences in their methods and motivations.
The author gives some reasons for the low rate of prosecution of nation-state actors. He portrays the IC as a snarling dog on a leash being held by the diplomats and economic advisors who fear repercussions such as loss of access to China's market, fear for the safety of their employees, or simply fear the unknown. Some have even willingly traded their intellectual property in exchange for market access.
Carlin's main solutions to the problem of cyberthreats, naming and shaming and imposing sanctions, hinge on one of the most difficult aspects of prosecuting cybercrime – that of attribution, or being certain about whose fingers were on the keyboard when the attack occurred. He goes into some detail, explaining how each hacker's code has a recognizable style and how his team examines the "hop points", routers that the hackers use, that reveal their other activities and tie them to the crime as well as enlisting the help of private sector tech firms, such as Mandiant and other sources, like Human Intelligence, to correlate their suspicions.
Industry experts remain skeptical, however. The electronic packets that contain the malware, according to Bruce Schneier do not have reliable return addresses, and there's no way to tell if the computer that sent the package hasn't, itself, been hacked. Carlin trumpets the certainty with which the Sony hack can be attributed to North Korea. Other security professionals have reason to doubt. Sony has made many enemies among the hacker community. In 2005, Sony put DRM on their CDs, and they sued 17-year-old George Hotz and several others for hacking their Playstations. Anonymous struck Sony on their behalf, followed by LulzSec, who gained information from more than one million accounts, which they say was unencrypted and easy to find. Passwords were stored in plain text. Sony was an easy target and perceived as a bully by the hacker community. Thus, means, motive and opportunity.
Attribution is made even more difficult when politics are involved, and the Commander-in-Chief dismisses the integrity of IC intelligence, as is the case with the recent Russian attack on U.S elections. Senate Majority Leader Mitch McConnell, questioning the evidence that Russia was involved, and went as far as to accuse the IC of taking sides, saying, "You intelligence people shouldn't let yourself be used."
Carlin makes some other interesting points. While he notes the common observation that humans, being lazy, forgetful and distractible, will always be the weak link in the security chain, he observes that the hackers are human, too, and possess the same vulnerabilities. Another point is that, along with training users to be more aware of the threats, more cooperation is required between the government and private sectors. This may prove difficult, because, as Carlin states, "...of the nine or so agencies that exist to deal with cybersecurity, some want to help, but others want to punish." He postulates that as more cases are brought, more companies will realize that they are not alone, and there will be less stigma and embarrassment attached to the incidents.
In the long term, Carlin is holding out hope for a technologically innovative Moon shot solution, but in the meantime, along with the aforementioned sanctions, he states that better resilience is needed so that organizations are able to recover quickly when the inevitable breach occurs, and more thorough risk management determinations will help organizations prioritize assets. Also recommended are solutions such as Domain-based Message Authentication (DMARC) which makes domain spoofing impossible.
Despite the current, bleak cybersecurity climate, he remains optimistic. Given that he has a young daughter who stands to inherit our digital future, the alternative is too unpleasant to consider.
Download the free Kindle app and start reading Kindle books instantly on your smartphone, tablet, or computer - no Kindle device required.
Read instantly on your browser with Kindle for Web.
Using your mobile phone camera - scan the code below and download the Kindle app.
Loading your book clubs
There was a problem loading your book clubs. Please try again.
Not in a club? Learn more
Join or create book clubs
Choose books together
Track your books
Bring your club to Amazon Book Clubs, start a new book club and invite your friends to join, or find a club that’s right for you for free.
About the author
Follow authors to get new release updates, plus improved recommendations.
Reviews with images
A MUST read!
Former Assistant Attorney General for National Security and author of Dawn of the Code War has written a very detailed book about the current state of cybersecurity by tracing the development of law enforcement against cyber crimes. He explains the issues by referencing back to the earlier attacks since 1980’s such as the famous national-scale computer crime committed by Robert T. Morris, the son of NSA scientist. He also speaks greatly about terrorism side of cyber and its historic evolution of this effort in the National Security Division and the government. Foreign adversaries such as Iran, China, Russia and North Korea are highlighted as potential threats across the intelligence community. An entire chapter is dedicated to cyber crime activities committed by the Iranian government who have politically have had a turbulent relationship with the U.S since the Iranian revolution in 1979. This 403 page book is an easy for all age groups who want to understand the severity of current cybersecurity and the U.S's involvement along with other allied governments who are gradually working to make improved laws to protect its citizens for adverse circumstances.
Top reviews from the United States
There was a problem filtering reviews right now. Please try again later.
Reviewed in the United States on October 1, 2019
Reviewed in the United States on November 12, 2019
Reviewed in the United States on October 1, 2019
Former Assistant Attorney General for National Security and author of Dawn of the Code War has written a very detailed book about the current state of cybersecurity by tracing the development of law enforcement against cyber crimes. He explains the issues by referencing back to the earlier attacks since 1980’s such as the famous national-scale computer crime committed by Robert T. Morris, the son of NSA scientist. He also speaks greatly about terrorism side of cyber and its historic evolution of this effort in the National Security Division and the government. Foreign adversaries such as Iran, China, Russia and North Korea are highlighted as potential threats across the intelligence community. An entire chapter is dedicated to cyber crime activities committed by the Iranian government who have politically have had a turbulent relationship with the U.S since the Iranian revolution in 1979. This 403 page book is an easy for all age groups who want to understand the severity of current cybersecurity and the U.S's involvement along with other allied governments who are gradually working to make improved laws to protect its citizens for adverse circumstances.
Images in this review
Reviewed in the United States on October 1, 2019
Reviewed in the United States on July 5, 2020
Top reviews from other countries
Aubry Pierre
More of an autobiography than a comprehensive piece of research
Reviewed in France on January 5, 2021
