Inside Cyber Warfare (2nd Edition)
By Jeffery Carr
(O’Reilly, paperback, list price $39.99; Kindle edition, list price $31.99)
A global war for survival is in full battle, and you — or at least one or more of your computers — may now be right at the front line, already in the fight.
Actually, in cyber warfare, there is no “front line.” As this important book makes unnervingly clear, attacks on business and military data, on financial systems, and on personal information now can — and do — come at any time from anywhere on the planet.
The attackers can be governments, military units, criminal groups, terrorist organizations, hacker gangs, lone-wolf thieves and even mischief makers with little or no agenda except chaos. And what seems to be a damaging infiltration from one nation actually may be controlled by, and coming from, computers in several other nations.
Indeed, some recently successful and damaging attacks against supposedly well-secured systems have been launched from sites very difficult to identify, using networks of infected computers scattered across several continents, including the United States. And the owners of the infected computers had no idea their machines were involved.
Jeffrey Carr’s updated book is aimed at political and military leaders, policy makers, and corporate executives responsible for securing data systems and sensitive information. Yet everyday computer users need to read it, too, to have a clearer sense of what we are all up against now. We must understand the risks well enough to help pressure lawmakers, corporate leaders and others to make good choices regarding data security and protecting intellectual property.
The author is a cyber intelligence expert and consultant whose specialty is investigating “cyber attacks against governments and infrastructures by state and non-state hackers.”
Carr’s well-written second edition covers such topics as: the cyber-warfare capabilities of a wide range of nation-states, from Australia and Nigeria to China, the Russian Federation and the United States; how organized crime operates and profits in cyberspace; the difficulty of responding to international cyber attacks as acts of war; and national and international legal issues that affect cyber warfare.
Some foreign governments, Carr points out, are believed to condone and even sponsor cyber attacks. Others are well aware of the digital lawbreakers operating within their borders, yet prosecute only a selected few cases. For example, Carr notes, “in the Russian Federation, the police are interested only in arresting hackers for financial crimes against Russian companies. Hacking attacks cloaked in nationalism are not only not prosecuted by Russian authorities, but they are encouraged…” through a variety of proxies.
Against technically savvy, well-funded and government-coddled hackers, your outdated virus protection software and your dogs’-names passwords are very thin, very porus shields, indeed.
Carr offers a number of recommendations to American policymakers who must wrestle with Internet and data security issues, plus protection of intellectual property. One of his strongest recommendations is a call for the Department of Defense to throw Windows out the Pentagon’s windows and replace it with Red Hat Linux.
“Red Hat Linux,” he writes, “is a proven secure OS with less than 90% of the bugs found per 1,000 lines of code than in Windows. Many decision makers don’t know that it is the most certified operating system in the world, and it’s already in use by some of the US government’s most secretive agencies.” He adds: “Linux certainly has its vulnerabilities, but the math speaks for itself. Shoot Windows and eliminate the majority of the malware threat with one stroke.”
He also wants sharp crackdowns on “US companies that provide Internet services to individuals and companies who engage in illegal activities, provide false WHOIS information, and other indicators that they are potential platforms for cyber attacks.”
But anyone who connects a computer to the Internet and is active on social media needs to be aware of the risks and high stakes involved in the cyber warfare now being fought between and among governments, criminal groups, terrorist organizations, hacker gangs and lone-wolf troublemakers.
Even as you read this, your personal computer or your company’s servers may be secretly helping North Korea, Iran, China, a drug cartel or a lone, bored hacker launch a cyber attack somewhere else in the world.
You may not be a high-value data target. Yet, even with just one laptop computer, you can become an unwilling and unknowing foot soldier for the wrong side.
These are scary thoughts, and you can’t wish them away. Read this important book to get the big, unnerving picture.
Then start thinking–fast–of ways to better protect your computers, data, intellectual property and personal information.
– Si Dunn‘s latest book is a detective novel, Erwin’s Law. His other published works include Jump, a novella, and a book of poetry, plus several short stories, including The 7th Mars Cavalry, all available on Kindle. He is a screenwriter, a freelance book reviewer, and a former technical writer and software/hardware QA test specialist.