Book details of 'Tangled Web: Tales of Digital Crime from the Shadows of Cyberspace'
|Title||Tangled Web: Tales of Digital Crime from the Shadows of Cyberspace|
Shop for this book
As an Amazon Associate I earn from qualifying purchases
Back to shelf Computer history/fun
The Virtual Bookcase Reviews of 'Tangled Web: Tales of Digital Crime from the Shadows of Cyberspace':
Reviewer amazon.com wrote:
Part true crime, part call to arms, Tangled Web: Tales of Digital Crime from the Shadows of Cyberspace looks over the firewall from both sides to examine the brave
new crooks and their pursuers. Author Richard Power, editorial director of San Francisco's Computer Security Institute, is simultaneously engaging and shaky--a
rare and lovely combination. Between interviews with hackers and security experts, Power plies the reader with numbers that suggest that the world's networks are
swarming with money-sucking leeches, most of which are never even noticed, and certainly not caught. If his voice never quite becomes hysterical, it's to preserve
his credibility; after all, Power's Institute needs a strong public awareness of cybercrime in order to stay in business.
This is not to say that Tangled Web is inaccurate or strongly biased. The author gives credit, where it is due, to law enforcement agencies and security consultants
who have made some genuine progress in preventing crime and apprehending criminals. Fortunately, it's tough, as of yet, to commit violent crimes over a network,
but the reader still will find reason to think twice before glossing over security procedures, even at home. Power provides example countermeasures for all desired
levels of connection, value, and privacy; and, while some are out of reach of individuals and smaller businesses, others cost only a little time or convenience. As with
health insurance, it's better to take care of it beforehand, and Tangled Web should inspire even the most confident reader to action.
Reviewer Rob Slade wrote:
This book gives a reasonably balanced review of the perception of
security experts in regard to the level of computer or communications
involved crime going on in our networked world. That is because this
is not so much a book, as an extended compilation article. Power
reproduces interviews with, or grabs quotations from the written works
of, a great many forensic and security specialists or researchers.
Very large chunks of the book are taken from previously published
Note also that I say "balanced," and not "complete."
Part one appears to be intended as a general introduction to computer
related crime. Chapter one is the usual statement that it goes on,
mercifully brief. Despite an interview with Sarah Gordon and
extensive quoting from Donn Parker, chapter two's look at
cybercriminals focusses rather narrowly on the fact that people who do
crimes aren't normal. The CSI (Computer Security Institute)/FBI
Computer Crime and Security Survey is introduced with many graphs and
tables in chapter three. The description does mention, but doesn't
emphasize, the fact that the survey was self-selecting and self-
reporting, and therefore only marginally more informative than an
opinion poll. Chapter four tries to look at costs.
The title of part two seems to indicate a deeper analysis of criminals
and system breakers. Chapter five touches on the infamous Operation
Sundevil (the law enforcement disaster that was the inspiration behind
Bruce Sterling's "The Hacker Crackdown," cf. BKHKRCRK.RVW), and the
even more infamous Morris Internet Worm: is Power trying to equate
police activity with system breaking? Three penetration episodes that
led to the arrest of young crackers are described in chapter six.
Some stories of theft of credit card numbers, bank fraud, and advanced
phone phreaking are given in chapter seven, but these are cobbled
together from published interviews with police, and have little
technical background. There is a little bit about nuisances and
vandalism, and a lot about distributed denial of service, in chapter
eight. Chapter nine tells the stories of the Melissa and Love Bug
email worms. As with the earlier tales in the book, the material is
technically weak, and has other errors of fact as well. (I exclude
the respective CERT advisories, which are reproduced in full.)
Part three is about spies and espionage. However, chapter ten, which
talks about spies, doesn't really have anything to say about computer
penetration. The stories are all very terse mentions of spying culled
from general news reports. The tales of insider fraud, in chapter
eleven, vary in length and don't really present any more than trivial
information. Infowar gets a mix of anecdotes and speculation in
Part four looks at personal attacks. Both chapter thirteen, on
identity theft, and chapter fourteen, on child pornography, are short
and oddly unhelpful.
Part five turns to defensive activities. Chapter fifteen concentrates
on where the security department should be on the corporate org chart.
Global law enforcement recounts a few presentations by non-US law
enforcement people in chapter sixteen. There are more details on US
government security offices and activities, in chapter seventeen, but
not many. Countermeasures, in chapter eighteen, is a "once over
lightly" of the entire security field. The epilogue, entitled "The
Human Factor," is vague.
If you haven't been paying any attention to computer security, this
book is a quick read that will get you a very rough idea of what is
going on in the areas of greatest concern to large corporations. If
it scares a few people that will be all to the good: it certainly
doesn't help you to start doing anything about security. Presumably
it is the general public, with little knowledge of computer security,
that is the intended audience. However, the lack of structure and
uneven quality and depth of information make it difficult to know what
those readers will take from this book.
If, of course, you have been paying any attention at all, this is
pretty old news.
copyright Robert M. Slade, 2001
Add my review for Tangled Web: Tales of Digital Crime from the Shadows of Cyberspace