January 20, 2010, 10:40 AM — Book Review: Inside Cyber Warfare: Mapping the Cyber Underworld by Jeffrey Carr, O'Reilly 2010
If you think you have a good handle on how big a problem hacking has become for the world at large, think again. Inside Cyber Warfare is going to change your view completely. If you think it's just bored teenagers and introverted misfits that are attacking systems, you're dangerously out of touch. It's organized crime and the political underground. It's hackers hired or condoned by corrupt bureaucracies. And they're out to steal money and industrial secrets, fight battles over public opinion, destroy the effectiveness of enemy groups and break critical infrastructure.
"Cyber warfare" refers to any massively coordinated digital assault whether conducted by one government upon another or by some political or criminal group. The effects can be limited or widespread. Imagine cyber attacks that could shut down nuclear power plants or communications. Imagine banks and hospitals paralyzed by malware infestations. Cyber warfare goes well beyond embarrassing web site defacement.
Reading this book, you will not only get an idea of the scope of the problem, you will find yourself pondering some extremely timely and intricately complicated issues -- such as the conditions under which cyber attacks should be seen and treated as acts of war. You'll different between state (perpetrated by government resources) versus non-state (perpetrated by citizens) attackers. Questions like "Should host states that refuse to cooperate with victim states (i.e., sanctuary states) be held responsible for those attacks?" will nag you. You'll see how countries are trying to determine where to place cyber attacks on the attack "grid" and determine what kind of response is both reasonable and fair. The fact that the US and Russia offer different responses to this question is neither surprising nor comforting.
You'll read about a handful of attacks that illustrate what various groups are and have been doing. Estonia, for example, was the subject of an attack in 2006 after the Estonian government decided to move a Soviet-era monument to another location, upsetting the country's ethnic Russian citizens. You'll read about Russian and Chinese hackers and how they're encouraged. You'll be introduced to the concept of "active defense" (but without enough detail to determine the forms that this might take) and "trace programs" (but without addressing the complexity and reliability of trace programs).
You'll read about how social web sites are being mined, how China is committed to penetrating networks of more technologically advanced nations and how attacks often originate from systems in the US.