A few months ago, Infosecurity was given the chance to review a preview chapter of an upcoming book. In that chapter, author Geoff White covered his experience of seeking out and meeting the author of 2000’s “LoveBug” virus, and the content was so engaging that it was actually quite hard to cut his text down to the required amount of words to write the article.
With White’s book CrimeDotCom now available, and Infosecurity among the recipients of the early copies, we had the chance to read it. Speaking from a personal perspective, I’m a “one to two months per book” type of reader, but with this fresh off the press, I actually got through it in a week. That is partly down to the fact that I was keen to read it in order to write this review, but also because it was an incredibly engaging and factual read.
In terms of the content, White takes the reader on a run through the last 20 years in cybersecurity. We start with the LoveBug, and are slowly moved through the evolution from the people-centric attack, where there are obvious people behind the attacks – the opening chapter is called “Meet the Hackers” after all – and then taken on to the tactics used. Why is this tactic used? One line states: "It's not about the tech, it's about the people."
The evolution of cybercrime is detailed well, from the beginnings at the start of this new century with LoveBug we’re taken on a rollercoaster ride through the concepts of “card not present” fraud and the accompanying online marketplaces where such transactions are enabled, to more of the change towards to the monetization of cybercrime. This is not where the book begins its conclusion, as White pushes us further into where political actions move to espionage and nation state attacks.
To reference the earlier point about this being about the people and not the technology, White faces the typical journalist struggle of getting some sort of confirmation to his points. This sees him face various dead ends when seeking perspective, interview or clarity, even when going to the North Korean embassy in west London at one point.
Following his many years as an investigative reporter, White is able to draw on his own experience of covering the various tales he describes in this book from his own reporting career. One person he is able to connect with is Jake Davis, the former member of hacking crew LulzSec, while his experience of covering major stories such as the Stuxnet attack and the Ashley Madison breach are well conveyed as examples.
His experience is also clear when he talks about the issues surrounding modern journalism, in chapter nine “Weaponizing Data” he mentions that dealing with data sources requires the writer to “question the source or their motivation”, and later on where journalists were effectively giving fuel to the actions of hacktivist groups. “The new possibilities created by internet anonymity make it all the more important for journalists to check the veracity of the data,” White says, citing the “always on” nature of modern news reporting, and how “the pressures and dynamics of the news media have been well understood by the hackers.”
In CrimeDotCom, you’ll find a lot of the stories to be familiar, but White has a way of telling the stories to make them engaging. Therefore this would be an excellent read for someone just getting into the industry, or who wants to remind themselves of what has happened and how far we have come in the last ten years.