What do you think?
Rate this book
Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks
An entertaining account of the philosophy and technology of hacking--and why we all need to understand it.
It's a signal paradox of our times that we live in an information society but do not know how it works. And without understanding how our information is stored, used, and protected, we are vulnerable to having it exploited. In Fancy Bear Goes Phishing, Scott J. Shapiro draws on his popular Yale University class about hacking to expose the secrets of the digital age. With lucidity and wit, he establishes that cybercrime has less to do with defective programming than with the faulty wiring of our psyches and society. And because hacking is a human-interest story, he tells the fascinating tales of perpetrators, including Robert Morris Jr., the graduate student who accidentally crashed the internet in the 1980s, and the Bulgarian "Dark Avenger," who invented the first mutating computer-virus engine. We also meet a sixteen-year-old from South Boston who took control of Paris Hilton's cell phone, the Russian intelligence officers who sought to take control of a US election, and others.
In telling their stories, Shapiro exposes the hackers' tool kits and gives fresh answers to vital questions: Why is the internet so vulnerable? What can we do in response? Combining the philosophical adventure of G�del, Escher, Bach with dramatic true-crime narrative, the result is a lively and original account of the future of hacking, espionage, and war, and of how to live in an era of cybercrime.
Includes black-and-white images
It's a signal paradox of our times that we live in an information society but do not know how it works. And without understanding how our information is stored, used, and protected, we are vulnerable to having it exploited. In Fancy Bear Goes Phishing, Scott J. Shapiro draws on his popular Yale University class about hacking to expose the secrets of the digital age. With lucidity and wit, he establishes that cybercrime has less to do with defective programming than with the faulty wiring of our psyches and society. And because hacking is a human-interest story, he tells the fascinating tales of perpetrators, including Robert Morris Jr., the graduate student who accidentally crashed the internet in the 1980s, and the Bulgarian "Dark Avenger," who invented the first mutating computer-virus engine. We also meet a sixteen-year-old from South Boston who took control of Paris Hilton's cell phone, the Russian intelligence officers who sought to take control of a US election, and others.
In telling their stories, Shapiro exposes the hackers' tool kits and gives fresh answers to vital questions: Why is the internet so vulnerable? What can we do in response? Combining the philosophical adventure of G�del, Escher, Bach with dramatic true-crime narrative, the result is a lively and original account of the future of hacking, espionage, and war, and of how to live in an era of cybercrime.
Includes black-and-white images
420 pages, Hardcover
First published May 23, 2023
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 30 of 211 reviews
February 10, 2023
Though Fancy Bear was highly skilled at phishing — the attempt to obtain sensitive information over email from another by impersonating a trustworthy person — its tradecraft was not rocket science. It wasn’t even computer science. It was cognitive science. Cognitive science is the systematic study of how humans think. From this perspective, the phishing emails sent by Fancy Bear to Clinton staffers were perfectly designed, almost as though they had been engineered in a psych lab to exploit multiple vulnerabilities of mental upcode. Fancy Bear caught its phish because its bait was so good.
Author Scott J. Shapiro (a professor of law and philosophy at Yale Law School and the director of Yale’s Center for Law and Philosophy and Yale’s CyberSecurity Lab) explains in the introduction to Fancy Bear Goes Phishing that although he had an early introduction to coding (his Dad had worked at Bell Labs and young Shapiro had access to basic computer parts before there even was a World Wide Web), it wasn’t until recently — with a professional interest in the future plausibility of cyberwars — that he really looked into the history of personal hacking, intranational cyberattacks, and the security measures put in place to protect against them. This book not only explains the history of hacking through the exposition of five different types of attacks over the years, but as a professor of the humanities, Shapiro explains the mental processes — the upcodes and downcodes, the heuristics and biases — that both lead to computer hacking and to our ongoing failure to defend against it. To the extent that Shapiro shares the history of hacking through the stories of true crimes and espionage, this made for quite an interesting read; however sometimes the technical (whether talking hacking code or human cognition) became a little dull and esoteric to me, but I will allow that another reader might want precisely this level of technical data. Overall, a fascinating read on a subject we should all know more about. (Note: I read an ARC through NetGalley and passages quoted may not be in their final forms.)
The most surprising result of my extended, even feverish, immersion in the technology, history, and philosophy of hacking is that I’m not panicking. On the contrary, I’ve concluded that much of what is said about hacking is either wrong, misleading, or exaggerated. I decided to write this book because I was excited about everything I’d discovered. But I also wanted to write it to correct these misapprehensions.
As a lazy summary, I’ll quote from the publisher’s blurb on the five hacks Shapiro covers: We meet the graduate student Robert Morris Jr., who created the so-called Morris Worm in the 1980s, accidentally crashing the internet, and becoming the target of the first federal prosecution for hacking; a Bulgarian hacker named “Dark Avenger” who invented the first mutating computer virus; a 16-year-old from South Boston who hacked Paris Hilton’s cell phone, and leaked its contents; a Rutgers undergraduate who nearly destroyed the internet in an attempt to take down the online game Minecraft; and the Russian intelligence officers who broke into the Democratic National Committee’s computer network and disrupted the 2016 presidential election. I suppose what I found most fascinating is just how easy it was for each of these hacking attempts to have been carried out successfully (from the surprising success of “mumbling” a password to a telephone agent in order to gain access to someone’s account, to the login information for video doorbells and smart toasters being posted freely online [to the boon of botnet operators]); and maybe not surprising that from Microsoft to Equifax, large corporations don’t put money into cybersecurity until it proves more costly not to. It was interesting to read that — other than the Fancy Bear attack — these (in)famous hacks were carried out by teenaged or young adult males; and that while these young men do appear to conform to a stereotype, hacking seems to be a phase of life that most will grow out of (many even making the switch to cybersecurity). And as for Fancy Bear sending phishing emails to members of the Democratic Party and America for Hillary: by international agreement, it isn’t even illegal to spy on or attempt to hack a foreign government (but it was considered tampering for the exfiltrated emails to have been released through WikiLeaks right before the 2016 election). A few interesting tidbits:
• The name UNIX began as a pun: because early versions of the operating system only supported one user — Ken Thompson — Peter Neumann joked that it was an “emasculated Multics,” or “UNICS.” The spelling was eventually changed to UNIX.
• In 1981, Gates spent $ 75,000 buying a lousy single-user operating system from a Seattle developer known as QDOS (for Quick and Dirty Operating System), adapted it for personal computers, and renamed it MS-DOS. In a masterstroke, he also licensed DOS to IBM for use in all of its personal computers, under the name PC-DOS. *
• Fancy Bear is a cyber-espionage group of the GRU. The GRU has long had a reputation as the most gonzo of the Russian intelligence services. Gennady Gudkov, a Russian opposition politician who served in the KGB, said GRU officers referred to themselves as the “badass guys who act .” “Need us to whack someone? We’ll whack him,” Gudkov said. “Need us to grab Crimea? We’ll grab Crimea.”
(* I didn’t realise that MSNBC was started by Bill Gates and Microsoft, and I sure didn’t know that “DOS” stood for Dirty Operating System.)
When cybersecurity experts are asked to identify the weakest link in any computer network, they euphemistically cite “the human element.” Computers are only as secure as the users who operate them. But the brain is extremely buggy. It is almost tragicomically vulnerable.
Beyond the extraordinary stories of famous hacks, the second focus of Fancy Bear Goes Phishing concerns cybersecurity and “the human element”. From corporations that only invest the bare minimum in keeping our data safe to the heuristics that shortcut individual decision-making, the “black hats” will always find new vulnerabilities to exploit. Shapiro draws the difference between cyber-enabled crimes (traditional crimes facilitated by computers) and cyber-dependent crimes (unauthorised access, spamming, malware), but as we spend more and more of our lives online, we’re becoming more vulnerable to attacks from both groups (who apparently tend to work together and share skillsets: the hacker might need a real world money-launderer, the ransomware attacker might hire a D-DoS service to pressure a target). And while there are those who think that bulletproof anti-hacking tech must be somewhere on the horizon (what critic Evgeny Morozov has called “solutionism”), Shapiro warns against this kind of wishful thinking:
Solutionism not only makes us less secure, it also eclipses our moral agency and sense of responsibility. Treating security and privacy as mere technical obstacles, solutionists delegate difficult political questions to engineers. Engineers do know how computers work. They are technologically literate. But they are also engineers. They are trained to build and operate machines, not to ponder their ethical costs and consequences. Not only are political questions put in the wrong hands; we are left with the impression that there are no interesting moral issues even to discuss. Politics becomes engineering; moral reasoning becomes software development.
Shapiro ends by using a proof from Alan Turing to demonstrate that there is no such thing as bulletproof anti-hacking tech anyway; hackability is built in to computational systems and we need to employ more thoughtful “upcode” to mitigate harm going forward. The good news: Shapiro doesn’t believe that there is an all out cyberwar in our future. The bad news: hacking is a feature of our connected lives — it has been since the very beginning — and we need to get better at recognising danger. The journey to these conclusions does make for an interesting read.
January 6, 2024
I saw this book recommended by Waterstones on Twitter (no, I'll never call it anything else) and despite not being a computer geek, I've always been interested in real-life hacking. You know, as opposed to 99% of what we see in movies. *lol*
As someone born in the 80s, I'm one of those weird in-betweeners who grew up without computers and internet and then sort of grew with them. However, just by how my family lived, I was late to the party and I never learned anything about code etc. Nevertheless, I still remember the early days when people would get excited about the animated avatars AOL offered. *lol*
But that is not what this book is talking about. Instead, it gives us 5 cases of hacking that changed the world (or should have) by showing us the dangers of using something we don't really understand and therefore telling us about the importance of safeguarding. I mean, you don't just drive a car, you also lock it even if you might not know in technical detail how the lock works, right?
Same with the internet, programs or apps as they are called nowadays and more. We use the internet at home and when we work and how some people don't think about their own data security is staggering. I see it at work every year when we have our company-sponsored awareness training. You know, stuff like "how many digits should a strong password have".
Here, we learn of how a college student basically crashed the internet with a worm (the "Morris worm") that was nothing but a science experiment back in the 80s (he was heavily fined, more than he should have been if you ask me, but at least is now a teaching professor at MIT). Fun fact, that boy was the son of the chief scientist for computer security at the National Security Agency. *LOL*
Then we learn about a Bulgarian hacker calling himself "Dark Avenger" who wreaked havoc in the 90s with malware.
The third example is the 2005 hack into Paris Hilton's cellphone that had some nude pictures released (still an up-to-date topic for many celebrities).
Another case is a networked supercomputer developed in 2016 by three teenagers that secretly conscripted so-called smart appliances (I had no idea TOASTERS could qualify as that).
And, of course, the author also talks about the Russian hackers that released Hilalry Clinton's e-mails amongst other things thereby most probably influencing the 2016 election.
There are other examples, such as the ILOVEYOU virus in e-mail attachments in the 2000s (I remember being warned about it in school, it was a big deal). And every one of the examples is well detailed (but not to a degree that it bores or annoys the layman reader) and nicely illustrates that the technological side is only the half of it.
The author actually knows what he's talking about as he was a computer science major in college. He even became an entrepreneur in that field, constructing databases for clients that included Time-Life Books. Then, he kinda fell off the wagon and got back into "the game" in his 50s! For some reason, he seems to have thought that he therefore had to make up for lost time and did so by hacking the Yale Law School website. *cackles* I seriously loved hearing about his dedication to the subject in the introduction and very much appreciated how he always made sure that any layman could understand what he was talking about.
I also loved the connections the author drew to the human side of hacking, such as laws, psychology, behaviorisms and more. And he's absolutely right when saying that the actual tech only gets you so far: the best computer isn't worth shit if you don't have the right cyberhygiene to go with it.
This should be required reading in any school and for any adult, too.
As someone born in the 80s, I'm one of those weird in-betweeners who grew up without computers and internet and then sort of grew with them. However, just by how my family lived, I was late to the party and I never learned anything about code etc. Nevertheless, I still remember the early days when people would get excited about the animated avatars AOL offered. *lol*
But that is not what this book is talking about. Instead, it gives us 5 cases of hacking that changed the world (or should have) by showing us the dangers of using something we don't really understand and therefore telling us about the importance of safeguarding. I mean, you don't just drive a car, you also lock it even if you might not know in technical detail how the lock works, right?
Same with the internet, programs or apps as they are called nowadays and more. We use the internet at home and when we work and how some people don't think about their own data security is staggering. I see it at work every year when we have our company-sponsored awareness training. You know, stuff like "how many digits should a strong password have".
Here, we learn of how a college student basically crashed the internet with a worm (the "Morris worm") that was nothing but a science experiment back in the 80s (he was heavily fined, more than he should have been if you ask me, but at least is now a teaching professor at MIT). Fun fact, that boy was the son of the chief scientist for computer security at the National Security Agency. *LOL*
Then we learn about a Bulgarian hacker calling himself "Dark Avenger" who wreaked havoc in the 90s with malware.
The third example is the 2005 hack into Paris Hilton's cellphone that had some nude pictures released (still an up-to-date topic for many celebrities).
Another case is a networked supercomputer developed in 2016 by three teenagers that secretly conscripted so-called smart appliances (I had no idea TOASTERS could qualify as that).
And, of course, the author also talks about the Russian hackers that released Hilalry Clinton's e-mails amongst other things thereby most probably influencing the 2016 election.
There are other examples, such as the ILOVEYOU virus in e-mail attachments in the 2000s (I remember being warned about it in school, it was a big deal). And every one of the examples is well detailed (but not to a degree that it bores or annoys the layman reader) and nicely illustrates that the technological side is only the half of it.
The author actually knows what he's talking about as he was a computer science major in college. He even became an entrepreneur in that field, constructing databases for clients that included Time-Life Books. Then, he kinda fell off the wagon and got back into "the game" in his 50s! For some reason, he seems to have thought that he therefore had to make up for lost time and did so by hacking the Yale Law School website. *cackles* I seriously loved hearing about his dedication to the subject in the introduction and very much appreciated how he always made sure that any layman could understand what he was talking about.
I also loved the connections the author drew to the human side of hacking, such as laws, psychology, behaviorisms and more. And he's absolutely right when saying that the actual tech only gets you so far: the best computer isn't worth shit if you don't have the right cyberhygiene to go with it.
This should be required reading in any school and for any adult, too.
May 16, 2023
3.5 rounded down. I should know better by now to read a book blurb and expect it to reflect the contents of the book. I get my hopes up or imagine something the book isn't. What I was hoping for was this
"With lucidity and wit, he establishes that cybercrime has less to do with defective programming than with the faulty wiring of our psyches and society"
What I got was a history of computers, two case studies that were the exact opposite of the above statement and a reflection at the end about how there is nothing we can to do stop State actors (Russia, China, U.K., etc) from accessing our computers because of the resources they bring to bear.
The book was fairly disjointed at the beggining and was in solid 2-3 star territory but he brought some of it back together at the end for a minor save. I found the most interesting chapter/passage a relatively straight lift from Behavioral Economics by Kahneman.
Only recommended to a beginning computer security student/employee
"With lucidity and wit, he establishes that cybercrime has less to do with defective programming than with the faulty wiring of our psyches and society"
What I got was a history of computers, two case studies that were the exact opposite of the above statement and a reflection at the end about how there is nothing we can to do stop State actors (Russia, China, U.K., etc) from accessing our computers because of the resources they bring to bear.
The book was fairly disjointed at the beggining and was in solid 2-3 star territory but he brought some of it back together at the end for a minor save. I found the most interesting chapter/passage a relatively straight lift from Behavioral Economics by Kahneman.
Only recommended to a beginning computer security student/employee
May 19, 2023
Thanks to NetGalley and Macmillan Audio for the ARC. It hasn't affected the content of my review.
This was so incredibly informative and useful. My main takeaway from reading this actually has more to do with me than the content of the book, and that's holy cow I've just blithely swanning about the internet for almost 30 years having NO IDEA how it actually works, and just completely taking it for granted. Even as a person who considers herself pretty on top of cyber security, you know, for an average person. I use a Password Manager! I encrypt emails with sensitive information! I never click on the links!
So, this was eye-opening in that regard, and I learned a TON about how the Internet actually works and how it was built and evolved, all while learning about how hackers and other actors, both bad and good, exploit loopholes both in the technology, and perhaps even more importantly, in human behavior (called here upcode, vs. the downcode of software and hardware and programming).
Highly, highly recommend this one.
This was so incredibly informative and useful. My main takeaway from reading this actually has more to do with me than the content of the book, and that's holy cow I've just blithely swanning about the internet for almost 30 years having NO IDEA how it actually works, and just completely taking it for granted. Even as a person who considers herself pretty on top of cyber security, you know, for an average person. I use a Password Manager! I encrypt emails with sensitive information! I never click on the links!
So, this was eye-opening in that regard, and I learned a TON about how the Internet actually works and how it was built and evolved, all while learning about how hackers and other actors, both bad and good, exploit loopholes both in the technology, and perhaps even more importantly, in human behavior (called here upcode, vs. the downcode of software and hardware and programming).
Highly, highly recommend this one.
May 23, 2023
We can be thankful that Scott Shapiro wanted to be accurate. For his book Fancy Bear Goes Phishing, this Yale University philosophy and law professor returned to school to learn coding – the art and science of it, its lingo, and its nuances. Pretty much everything has changed since he took up coding as a kid in the 80s. This re-education effort has allowed him understand what has been going on in the world, both real and cyber, and transmit in nice plain English how everything has been falling apart.
He does it by teaching readers the basics of coding, like the difference between code and data. This is key to how to understand, if not actually devise malware, including worms, viruses, vorms and ransomware. It’s not exactly a treat, but Shapiro makes it move briskly, and it helps readers understand the very different attacks they read about. He also profiles the hackers in depth, following their trackdowns to arrest and conviction, and how precisely they damaged computers, the internet, and the roadkill of innocent bystanders, by the millions.
Hacking is not necessarily intuitive or straightforward. For example, Shapiro says “If you want to start a fight among antivirus researchers, ask them to define virus. If you want that fight to turn into a brawl, ask them to distinguish viruses from worms.” For the record, not all malware is viral. Viruses need to be able to self-replicate to be viruses, as well as to infect other programs. Worms seek to exploit network vulnerabilities, as opposed to hardware or software vulnerabilities. Worms have the bigger job and are much larger than viruses, which, like medical viruses, are dumbfoundingly simple and tiny beasts. Viruses just have to trick humans into installing and executing them.
The spine of it all is five major internet hacks, many of which might be familiar to readers because they extended to the world at large, well beyond the forums and chat rooms of the internet. They include The Morris Worm, the first takedown of the internet, long before everyone had their own computer. The Minecraft Wars sought to kill off competing servers. The Paris Hilton Scandal, The Bulgarian Connection, the Internet of Things/ Denial of Service exploits, and of course Fancy Bear and the evisceration of the Democratic Party in 2016. What they mostly have in common is anonymous male teenagers becoming a threat bigger than a world war. The internet was so sloppy, so unprepared for malice and so rushed to gain market share that security and elegant code took a back seat, or more accurately, no seat at all.
Fancy Bear is a code name for the Russian GRU unit that spends all its time infiltrating computer networks, sites and services all over the world (Cozy Bear is the same kind of unit, but at Russia’s FSB, the successor to the KGB). Their bizarre mandate is to shake the confidence of users in other political systems and somehow come to appreciate Russia’s lovely status, stability and power. Fancy Bear is just one player, albeit a global one. Far bigger exploits have been committed by simple, single teenagers who know how to bamboozle a customer service rep, write a short (less than 2000 kb) program to crush a system, and weaponize the internet of things into slave machines to run massive denial of service attacks on whomever they want to extort money from - to make it go away.
The teens all dreamed up their schemes themselves. They all acted with zero concern for anyone else, and while they all might have begun it for the thrill of it all, they sometimes graduated to wanting the big bucks. Fancy Bear wanted nothing less than the dissolution of the American electoral system. It even invented Guccifer2 to taunt the internet with its power to destabilize.
Shapiro explains it is a truism that every country has departments that do this to other countries. The USA has the biggest and the “best”. It is expert at disinformation and hacking. It is a truism that international law does actually permit spying between countries, if only because the signers knew that no one would stop. And it is a truism that most countries have made it illegal for other nations to spy on them (while they expand their own spying of others). What a great example they all set. Is it any wonder that teenagers feel free to dive right in?
About the only thing I did not like in Fancy Bear Goes Phishing was Shapiro’s rose-colored glasses over cyberwar. His position is that only weak nations wage cyberwars against the powerful, because they know they can’t wage real war against them. Therefore, the USA, for example is probably safe from its entire electrical grid being taken down. Because no one wants to suffer the response from America. This might work in a Logic class at Yale, but in the real world, not only does anything go, but every weapon ever invented gets deployed. No exceptions. If they build it, they use it. Players do not always act in their own best interests. Rogue teenagers can gum up carefully crafted policies. Wildcard maniacs cannot be predicted or prevented. Fortunehunters don’t care about weak vs strong. Neither do the rich. Applying logic to this cauldron of instability is laughable. It’s another “What could possibly go wrong” moment.
Is there blame? Lots. Congress all but totally fails to live up to its responsibilities to regulate cyberspace. Corporate greed recognized this instantly, and abandoned any kind of security measures in favor getting more and more defective and unsecured products out there in the race to be the biggest. (Once again, I cite the Sirius Cybernetics Corporation’s galaxy wide success. It was due to their fundamental design flaws being completely hidden by their superficial design flaws. The Hitchhiker’s Guide To The Galaxy already saw this in the 1970s. Congress, not so much.) The winner take all mentality subsumed all else. To become the standard, to have a lock on their markets. To own the client. It’s just garden-variety monopoly, totally enabled in this fresh and wide open arena of cyberspace. It was and remains the opportunity of a lifetime.
Edward Snowden’s revelations showed endless examples of egregious overreach, abuse of privilege, and outright lies. And that was just by democratic governments. The very existence of secret courts and secret court orders, where not even the accused are allowed to know their own involvement, continues to be a major stain on America, along with surveillance of - everyone. The false façade of cyberspace (“Information wants to be free!”) is aided and abetted by negligent and malicious government. If there’s blame, that’s where it lies.
All these things opened the hangar doors for bored male teenagers to notice they could have it all too. It was so silly that firms actually published the factory-set login information on their websites for their smart products. Hackers collected them and published lists of logins and passwords, ranked by their accuracy and reliability. In creating their gigantic botnets, hackers took over hundreds of thousands of smart toasters, security cameras, doorbells, coffee makers and thermostats, instructing them to send their data to denial of service targets, flooding them with garbage data and causing them to crash. The owners of the appliances never even knew. But then, they probably never even knew what their own passwords were and so did not change them.
For some this book will be nostalgic, with perhaps some new details, particularly regarding the personal stories of the hackers, a worthy read in its own right. For most, it will at last explain what it all means in the context of out of control corporate and personal greed. It will appeal to several different audiences and satisfy all their inclinations and needs. It is fast paced, helpful, and accessible. It makes sense of it all.
Shapiro is of the opinion that it is not possible to win the hacker battles definitively. Rather, he says, there are different approaches to what he calls the three categories: crime, espionage, and war. Their differing goals require different countermeasures, and therefore different deterrents and tactics. It’s another aspect of this book that makes it different from the pontificating books I have read before it.
The real hope of cyberspace is breaking it of its winner take all mentality. Just like any society, be it Man or beast, widely distributed varieties of DNA will save it from being wiped out by a single virus or bacterium. Having multiple brands of computer, multiple operating systems and multiple network protocols can help prevent any attack from taking down everything in a few minutes. Like he shows the Mirai botnet did – repeatedly and relentlessly. Because it could.
We can learn from this book.
David Wineberg
If you liked this review, I invite you to read more in my book The Straight Dope. It’s an essay collection based on my first thousand reviews and what I learned. Right now it’s FREE for Prime members, otherwise — cheap! Reputed to be fascinating and a superfast read. And you already know it is well-written. https://www.amazon.com/Straight-Dope-...
He does it by teaching readers the basics of coding, like the difference between code and data. This is key to how to understand, if not actually devise malware, including worms, viruses, vorms and ransomware. It’s not exactly a treat, but Shapiro makes it move briskly, and it helps readers understand the very different attacks they read about. He also profiles the hackers in depth, following their trackdowns to arrest and conviction, and how precisely they damaged computers, the internet, and the roadkill of innocent bystanders, by the millions.
Hacking is not necessarily intuitive or straightforward. For example, Shapiro says “If you want to start a fight among antivirus researchers, ask them to define virus. If you want that fight to turn into a brawl, ask them to distinguish viruses from worms.” For the record, not all malware is viral. Viruses need to be able to self-replicate to be viruses, as well as to infect other programs. Worms seek to exploit network vulnerabilities, as opposed to hardware or software vulnerabilities. Worms have the bigger job and are much larger than viruses, which, like medical viruses, are dumbfoundingly simple and tiny beasts. Viruses just have to trick humans into installing and executing them.
The spine of it all is five major internet hacks, many of which might be familiar to readers because they extended to the world at large, well beyond the forums and chat rooms of the internet. They include The Morris Worm, the first takedown of the internet, long before everyone had their own computer. The Minecraft Wars sought to kill off competing servers. The Paris Hilton Scandal, The Bulgarian Connection, the Internet of Things/ Denial of Service exploits, and of course Fancy Bear and the evisceration of the Democratic Party in 2016. What they mostly have in common is anonymous male teenagers becoming a threat bigger than a world war. The internet was so sloppy, so unprepared for malice and so rushed to gain market share that security and elegant code took a back seat, or more accurately, no seat at all.
Fancy Bear is a code name for the Russian GRU unit that spends all its time infiltrating computer networks, sites and services all over the world (Cozy Bear is the same kind of unit, but at Russia’s FSB, the successor to the KGB). Their bizarre mandate is to shake the confidence of users in other political systems and somehow come to appreciate Russia’s lovely status, stability and power. Fancy Bear is just one player, albeit a global one. Far bigger exploits have been committed by simple, single teenagers who know how to bamboozle a customer service rep, write a short (less than 2000 kb) program to crush a system, and weaponize the internet of things into slave machines to run massive denial of service attacks on whomever they want to extort money from - to make it go away.
The teens all dreamed up their schemes themselves. They all acted with zero concern for anyone else, and while they all might have begun it for the thrill of it all, they sometimes graduated to wanting the big bucks. Fancy Bear wanted nothing less than the dissolution of the American electoral system. It even invented Guccifer2 to taunt the internet with its power to destabilize.
Shapiro explains it is a truism that every country has departments that do this to other countries. The USA has the biggest and the “best”. It is expert at disinformation and hacking. It is a truism that international law does actually permit spying between countries, if only because the signers knew that no one would stop. And it is a truism that most countries have made it illegal for other nations to spy on them (while they expand their own spying of others). What a great example they all set. Is it any wonder that teenagers feel free to dive right in?
About the only thing I did not like in Fancy Bear Goes Phishing was Shapiro’s rose-colored glasses over cyberwar. His position is that only weak nations wage cyberwars against the powerful, because they know they can’t wage real war against them. Therefore, the USA, for example is probably safe from its entire electrical grid being taken down. Because no one wants to suffer the response from America. This might work in a Logic class at Yale, but in the real world, not only does anything go, but every weapon ever invented gets deployed. No exceptions. If they build it, they use it. Players do not always act in their own best interests. Rogue teenagers can gum up carefully crafted policies. Wildcard maniacs cannot be predicted or prevented. Fortunehunters don’t care about weak vs strong. Neither do the rich. Applying logic to this cauldron of instability is laughable. It’s another “What could possibly go wrong” moment.
Is there blame? Lots. Congress all but totally fails to live up to its responsibilities to regulate cyberspace. Corporate greed recognized this instantly, and abandoned any kind of security measures in favor getting more and more defective and unsecured products out there in the race to be the biggest. (Once again, I cite the Sirius Cybernetics Corporation’s galaxy wide success. It was due to their fundamental design flaws being completely hidden by their superficial design flaws. The Hitchhiker’s Guide To The Galaxy already saw this in the 1970s. Congress, not so much.) The winner take all mentality subsumed all else. To become the standard, to have a lock on their markets. To own the client. It’s just garden-variety monopoly, totally enabled in this fresh and wide open arena of cyberspace. It was and remains the opportunity of a lifetime.
Edward Snowden’s revelations showed endless examples of egregious overreach, abuse of privilege, and outright lies. And that was just by democratic governments. The very existence of secret courts and secret court orders, where not even the accused are allowed to know their own involvement, continues to be a major stain on America, along with surveillance of - everyone. The false façade of cyberspace (“Information wants to be free!”) is aided and abetted by negligent and malicious government. If there’s blame, that’s where it lies.
All these things opened the hangar doors for bored male teenagers to notice they could have it all too. It was so silly that firms actually published the factory-set login information on their websites for their smart products. Hackers collected them and published lists of logins and passwords, ranked by their accuracy and reliability. In creating their gigantic botnets, hackers took over hundreds of thousands of smart toasters, security cameras, doorbells, coffee makers and thermostats, instructing them to send their data to denial of service targets, flooding them with garbage data and causing them to crash. The owners of the appliances never even knew. But then, they probably never even knew what their own passwords were and so did not change them.
For some this book will be nostalgic, with perhaps some new details, particularly regarding the personal stories of the hackers, a worthy read in its own right. For most, it will at last explain what it all means in the context of out of control corporate and personal greed. It will appeal to several different audiences and satisfy all their inclinations and needs. It is fast paced, helpful, and accessible. It makes sense of it all.
Shapiro is of the opinion that it is not possible to win the hacker battles definitively. Rather, he says, there are different approaches to what he calls the three categories: crime, espionage, and war. Their differing goals require different countermeasures, and therefore different deterrents and tactics. It’s another aspect of this book that makes it different from the pontificating books I have read before it.
The real hope of cyberspace is breaking it of its winner take all mentality. Just like any society, be it Man or beast, widely distributed varieties of DNA will save it from being wiped out by a single virus or bacterium. Having multiple brands of computer, multiple operating systems and multiple network protocols can help prevent any attack from taking down everything in a few minutes. Like he shows the Mirai botnet did – repeatedly and relentlessly. Because it could.
We can learn from this book.
David Wineberg
If you liked this review, I invite you to read more in my book The Straight Dope. It’s an essay collection based on my first thousand reviews and what I learned. Right now it’s FREE for Prime members, otherwise — cheap! Reputed to be fascinating and a superfast read. And you already know it is well-written. https://www.amazon.com/Straight-Dope-...
August 25, 2023
“cybercrime has less to do with defective programming than with the faulty wiring of our psyches and society”
Main questions explored:
1- why the internet is so insecure?
2- how hackers do what they do?
3- what could be done?
This book explores cybercrime's roots within the societal structure and human psychology. The book starts off with earlier chapters narrating different events that seems initially unrelated then gradually converge towards a cohesive narrative reaching the end. Intriguingly, the book begins with focusing on computer history which takes an unexpected turn as the narrative unfolds. The story gradually transforms into a reflection of the challenges posed by state actors and their vast resources. Shapiro pull it off with his approach of elucidating intricate technical subjects tho in my opinion, some parts of the chapters might be a bit technical for beginners. The narrative definitely illuminates the exploration of infamous hacks, uncovering unexpected hackers behind all of the major cyberattacks. Shapiro weave hacking events with insights of profound analysis of cyber-espionage and the intricacies of human decision-making very well that it adds depth to the overall story.
Would highly recommend to those who are interested to dip into computer science or cybersecurity. For tech professionals, it may sounds redundant and will not offer much value tech-wise though I would still recommend to pick this up to explore and ponder on the social as well as psychological impacts. In short, the book does not only delves into the world of cybercrimes but also presents a meticulously crafted, captivating, and informative examination of the interplay between technology, psychology, and society. It effortlessly connects technical concepts with relatable anecdotes making it an amazing read for those who seek to understand the captivating and constantly evolving landscape of cybersecurity. Definitely an informative and insightful read that provides fresh perspectives and opens up our eyes on the the topic of internet safety in the fast-evolving world of cyber threats.
Thank you Times Reads for the ARC!
Main questions explored:
1- why the internet is so insecure?
2- how hackers do what they do?
3- what could be done?
This book explores cybercrime's roots within the societal structure and human psychology. The book starts off with earlier chapters narrating different events that seems initially unrelated then gradually converge towards a cohesive narrative reaching the end. Intriguingly, the book begins with focusing on computer history which takes an unexpected turn as the narrative unfolds. The story gradually transforms into a reflection of the challenges posed by state actors and their vast resources. Shapiro pull it off with his approach of elucidating intricate technical subjects tho in my opinion, some parts of the chapters might be a bit technical for beginners. The narrative definitely illuminates the exploration of infamous hacks, uncovering unexpected hackers behind all of the major cyberattacks. Shapiro weave hacking events with insights of profound analysis of cyber-espionage and the intricacies of human decision-making very well that it adds depth to the overall story.
Would highly recommend to those who are interested to dip into computer science or cybersecurity. For tech professionals, it may sounds redundant and will not offer much value tech-wise though I would still recommend to pick this up to explore and ponder on the social as well as psychological impacts. In short, the book does not only delves into the world of cybercrimes but also presents a meticulously crafted, captivating, and informative examination of the interplay between technology, psychology, and society. It effortlessly connects technical concepts with relatable anecdotes making it an amazing read for those who seek to understand the captivating and constantly evolving landscape of cybersecurity. Definitely an informative and insightful read that provides fresh perspectives and opens up our eyes on the the topic of internet safety in the fast-evolving world of cyber threats.
Thank you Times Reads for the ARC!
June 14, 2023
If you read one book this year make it Professor Shapiro’s latest. Erudite, gripping, and thoroughly enjoyable — this is probably the best introduction to the critically important field of cybersecurity in print right now.
September 21, 2023
Bad writing and some insane definitions in the first 40 pages (upcode?? The Judge uploaded his upcode??). No thanks
August 21, 2023
I found this book interesting and informative, with explanations accessible to the lay person. The history is accurate and end notes extensive. Picked up on impulse from the library, this was well worth the week it took to read.
Topics include Robert Morris' worm of 1988, the multiple Bulgarian DOS viruses, Office macro viruses, the TMobile hack, botnets, phishing, and Russian hackers targeting the Ukraine and later US elections. In addition to the circumstances and history, the methods are also described in very accessible terms. Readers of this book will be able to understand buffer overruns and SQL injections, anti-virus signature searches, bot net bots hiding in memory, denial of service attacks and the many ways phishing can be successful.
A thread running through this work is the mind behind the hack, most often young and male. The author also describes the rules the computer uses and the "rules" society lives by, from morals to laws. A lot of success these hackers had was from a lack of laws and laxity of behavior, especially when dealing with personal data that should have been kept secure.
The author is a professor of law and professor of philosophy, with a specialization in cybersecurity, and he founded the Yale CyberSecurity Lab. He has both the knowledge and the language to explain it to non-legal experts. This may be the best book I've read all year - highly recommended!
Topics include Robert Morris' worm of 1988, the multiple Bulgarian DOS viruses, Office macro viruses, the TMobile hack, botnets, phishing, and Russian hackers targeting the Ukraine and later US elections. In addition to the circumstances and history, the methods are also described in very accessible terms. Readers of this book will be able to understand buffer overruns and SQL injections, anti-virus signature searches, bot net bots hiding in memory, denial of service attacks and the many ways phishing can be successful.
A thread running through this work is the mind behind the hack, most often young and male. The author also describes the rules the computer uses and the "rules" society lives by, from morals to laws. A lot of success these hackers had was from a lack of laws and laxity of behavior, especially when dealing with personal data that should have been kept secure.
The author is a professor of law and professor of philosophy, with a specialization in cybersecurity, and he founded the Yale CyberSecurity Lab. He has both the knowledge and the language to explain it to non-legal experts. This may be the best book I've read all year - highly recommended!
May 22, 2023
This book felt very disjointed and was not what I was expecting. The description made it seem more like a history of hacking, through the story of five hacks. Instead it is very technical. It also does not seem to flow smoothly for the bits that are based on the history of hacking. Maybe if you're interested in the more technical side of things this book will be for you.
Thanks to NetGalley and the publisher, Farrar, Straus and Giroux, for an ARC in exchange for my honest review.
Thanks to NetGalley and the publisher, Farrar, Straus and Giroux, for an ARC in exchange for my honest review.
January 16, 2025
In Fancy Bear Goes Phishing, Scott J. Shapiro turns his Yale Law class on cyber security into an accessible nonfiction book. He explores the history, mechanics, and philosophy of hacking, as well as the vulnerabilities of the digital infrastructure that underpin modern society. The premise is we're all digital natives know, but we're ignorant of the mechanics of our world. This knowledge/ignorance paradox will only become more exaggerated over time. However, I'm not sure it is that meaningful given the complexity inherent to any successful capitalist polity.
Shapiro does a decent job of making the technical insights meaningful to readers without experiences with hacking or computer science. The chain of historical anecdotes (e.g. Morris Worm, Stuxnet, and Russia hacking the DNC) knit the work together reasonably well. The book of course harps on the idea that hacking is not merely a technical problem but also a social and human one. We are deeply intertwined with the structures and limitations of the internet and computer systems but ultimately things have to happen in the real-world to matter. We'll see how long this distinction will endure though (in the coming age of AI agents).
Shapiro introduces an important metaphor with respect to the computing "stack," dividing it into "upcode" (human systems plus to some extent software and applications visible to users or "the code above your fingertips on the keyboard") and "downcode" (deeper infrastructure like operating systems and hardware - "code generated below your fingertips"). Shapiro explains how cyberattacks can target any part of this stack, from phishing attacks on users (upcode) to vulnerabilities in firmware or hardware (downcode). Increasingly, the vulnerabilities are on the upcode side, but the way the computing stack (scaling, sharing, and profiting drove design choices) was designed and the human systems around them will always create vulnerabilities.
I'm not well read in these sorts of books, but this seemed like a decent primer on cybersecurity issue and provided some reasonable insights into how these interface with our existing institutions and human nature. There is a lot more to these subjects of course, but this was a reasonable and accessible introduction.
Shapiro does a decent job of making the technical insights meaningful to readers without experiences with hacking or computer science. The chain of historical anecdotes (e.g. Morris Worm, Stuxnet, and Russia hacking the DNC) knit the work together reasonably well. The book of course harps on the idea that hacking is not merely a technical problem but also a social and human one. We are deeply intertwined with the structures and limitations of the internet and computer systems but ultimately things have to happen in the real-world to matter. We'll see how long this distinction will endure though (in the coming age of AI agents).
Shapiro introduces an important metaphor with respect to the computing "stack," dividing it into "upcode" (human systems plus to some extent software and applications visible to users or "the code above your fingertips on the keyboard") and "downcode" (deeper infrastructure like operating systems and hardware - "code generated below your fingertips"). Shapiro explains how cyberattacks can target any part of this stack, from phishing attacks on users (upcode) to vulnerabilities in firmware or hardware (downcode). Increasingly, the vulnerabilities are on the upcode side, but the way the computing stack (scaling, sharing, and profiting drove design choices) was designed and the human systems around them will always create vulnerabilities.
I'm not well read in these sorts of books, but this seemed like a decent primer on cybersecurity issue and provided some reasonable insights into how these interface with our existing institutions and human nature. There is a lot more to these subjects of course, but this was a reasonable and accessible introduction.
May 23, 2023
A fascinating look at the history of hacking and internet security. And in spite of some of the alarming topics this book discusses, Shapiro offers some encouragement about how things are not as bad as we might think. But vigilance is always recommended.
Thanks to Libro.fm for providing me with an advance review copy of the audiobook.
Thanks to Libro.fm for providing me with an advance review copy of the audiobook.
January 24, 2025
Interessante opsomming en beschrijving van 5 historische hacks. Het is duidelijk te merken dat de auteur een achtergrond in filosofie heeft, want naast een feitelijke, uitvoerige én technische omschrijving wordt er ook met enige regelmaat gebruik gemaakt van psychologische én filosofische invalshoeken. Dit maakt het ook voor de minder technische lezer boeiend.
March 5, 2023
(Note: I received an advanced reader copy of this book courtesy of NetGalley)
Fancy Bear Goes Phishing is a loose story of the history of computing written around five "hacks" of increasing sophistication. The background, modus operandi and vulnerabilities exploited by each of the hacks are explained.
Despite the massive technological changes which have swept society, human nature remains largely the same. Across the decades, many of the hacks follow the same pattern, and often the point of attack is what the author calls the "up code", which is essentially humans and human-led organisations which use computers, as opposed to the "down code" (the software and hardware of the computer systems). Although there have been problems with down code, it's generally poor practices by people or manufacturers which are the attack surface for the bad actors featured here, as well as their contemporaries. Poor security/passwords, and clicking on links in emails are still commonplace.
The hackers are also looked at in some detail - and their motivations. Most of the hackers are the cliched teenage boys you'd expect. In the beginning, they tended to be lone wolves a la War Games, but as computers got more sophisticated and it became easier to communicate they worked in tandem more and could manipulate huge organisations - typically from a bedroom in their parents' house.
There's a lot in this book about the infamous 2016 US Election and there has been so much said and written about it, that it was good to read a coherent account of what actually happened. It certainly became a lot clearer to me after reading the relevant sections what the Russians did (and why) and what happened to the Democratic National Committee.
There are also sorts of interesting asides and tangents. If you love writing or using software you'll love this book. If you are interested in geopolitics Fancy Bear will also be of interest to you, there's a lot there about nation-states and spying on one another which is only going to get bigger and more important in the coming years.
It was a journey through the last few decades for me, revisiting half-forgotten memories of software past. I wrote my first line of code in 1982 and not many weeks have gone by since when I have not added to my oeuvre or learned something new. I have written in Assembler, C, used floppy disks and Unix, sent emails in the 1990s and scoured bulletin boards and Usenet when they were in vogue. I remember desperately backing machines up onto floppies in preparation for Friday the 13th. I was never a hacker but I did "improve" a virus once and sent it back out into the wild, so I understand something of the mentality of the subjects of this book.
Fancy Bear is a well-researched volume where the author explains at length what happened (and how it was done) in each of the hacks and knits them together with a convincing narrative which connects each incident with similarities of both the victims and the perpetrators. The author does offer some suggestions at the end on what can but done, but I suspect the arms race between the hackers and the hacked will continue. An ever-changing army of teenage boys on the front line will continue to take on establishment individuals and organisations for a while yet.
In the meantime, use strong passwords and turn on two-factor authentication.
Fancy Bear Goes Phishing is a loose story of the history of computing written around five "hacks" of increasing sophistication. The background, modus operandi and vulnerabilities exploited by each of the hacks are explained.
Despite the massive technological changes which have swept society, human nature remains largely the same. Across the decades, many of the hacks follow the same pattern, and often the point of attack is what the author calls the "up code", which is essentially humans and human-led organisations which use computers, as opposed to the "down code" (the software and hardware of the computer systems). Although there have been problems with down code, it's generally poor practices by people or manufacturers which are the attack surface for the bad actors featured here, as well as their contemporaries. Poor security/passwords, and clicking on links in emails are still commonplace.
The hackers are also looked at in some detail - and their motivations. Most of the hackers are the cliched teenage boys you'd expect. In the beginning, they tended to be lone wolves a la War Games, but as computers got more sophisticated and it became easier to communicate they worked in tandem more and could manipulate huge organisations - typically from a bedroom in their parents' house.
There's a lot in this book about the infamous 2016 US Election and there has been so much said and written about it, that it was good to read a coherent account of what actually happened. It certainly became a lot clearer to me after reading the relevant sections what the Russians did (and why) and what happened to the Democratic National Committee.
There are also sorts of interesting asides and tangents. If you love writing or using software you'll love this book. If you are interested in geopolitics Fancy Bear will also be of interest to you, there's a lot there about nation-states and spying on one another which is only going to get bigger and more important in the coming years.
It was a journey through the last few decades for me, revisiting half-forgotten memories of software past. I wrote my first line of code in 1982 and not many weeks have gone by since when I have not added to my oeuvre or learned something new. I have written in Assembler, C, used floppy disks and Unix, sent emails in the 1990s and scoured bulletin boards and Usenet when they were in vogue. I remember desperately backing machines up onto floppies in preparation for Friday the 13th. I was never a hacker but I did "improve" a virus once and sent it back out into the wild, so I understand something of the mentality of the subjects of this book.
Fancy Bear is a well-researched volume where the author explains at length what happened (and how it was done) in each of the hacks and knits them together with a convincing narrative which connects each incident with similarities of both the victims and the perpetrators. The author does offer some suggestions at the end on what can but done, but I suspect the arms race between the hackers and the hacked will continue. An ever-changing army of teenage boys on the front line will continue to take on establishment individuals and organisations for a while yet.
In the meantime, use strong passwords and turn on two-factor authentication.
June 22, 2023
Disclaimer: this review is written by someone who worked in I.T. for 40 years and 4 months, mainly as a programmer/developer.
My dislikes:
I dispute the author’s definition of batch processing: he implies it refers to a batch of programs / jobs, I believe it to refer to a batch of data.
The story he told to help people distinguish between code and data was rubbish. The analysis of what each is seemed very complicated, very theoretical.
His weird terminology: upcode, downcode, walled garden. The second means machines and their associations such as operating systems, programs etc., the first means everything else in the world E.g. humans, laws etc.
His other stories E.g. two pages on Rousseau. Why?
His need to describe the physical attributes of people mentioned.
My likes:
A trip down memory lane E.g. referring to floppy disks, all the Microsoft patches that used to need to be installed, old computers and operating systems.
My dislikes:
I dispute the author’s definition of batch processing: he implies it refers to a batch of programs / jobs, I believe it to refer to a batch of data.
The story he told to help people distinguish between code and data was rubbish. The analysis of what each is seemed very complicated, very theoretical.
His weird terminology: upcode, downcode, walled garden. The second means machines and their associations such as operating systems, programs etc., the first means everything else in the world E.g. humans, laws etc.
His other stories E.g. two pages on Rousseau. Why?
His need to describe the physical attributes of people mentioned.
My likes:
A trip down memory lane E.g. referring to floppy disks, all the Microsoft patches that used to need to be installed, old computers and operating systems.
February 24, 2024
Teach a Bear to Phish...
This really is a great cybersecurity book.
Very historical and interesting.
A few of the stories I already knew, but it was very good to go further and I ended up learning a lot when reading this.
Reminded me a lot of We Are Bellingcat: Global Crime, Online Sleuths, and the Bold Future of News. I liked it even more than Bellingcat.
Would definitely recommend this one if you are in tech or cybersecurity.
4.1/5
This really is a great cybersecurity book.
Very historical and interesting.
A few of the stories I already knew, but it was very good to go further and I ended up learning a lot when reading this.
Reminded me a lot of We Are Bellingcat: Global Crime, Online Sleuths, and the Bold Future of News. I liked it even more than Bellingcat.
Would definitely recommend this one if you are in tech or cybersecurity.
4.1/5
July 11, 2023
4.4★: SCARY AS HECK!!! CURRENTLY QUESTIONING EVERYTHING I HAVE IN THE CLOUD! This book was eye-opening. I’m shocked that some of the biggest hacks so far were done by 16-year-old boys. It was interesting to hear about how cyber-security-savvy Hillary Clinton’s team actually was as that is not how the media characterized her in the emailgate scandal, and how complex those hacking events were. And I will NEVER question or skimp on multi-factor authentication again! I was also surprised by a few things with Bill Gates and Microsoft in the early Internet days. I didn’t have much interest in Paris Hilton, but that story was fascinating as well.
This book was just published on 5/23/23, so about seven weeks ago. It has a 4.13-star rating by 193 people and I hope more people read it. It did fall short of a 5-star rating from me due to a couple chapters that were *YAWN* overly technical. And I wasn’t sure if his “upcode” and “downcode” terms were unique to him; I think it would’ve been better with plain English.
FUN SIDEBAR: It also had a bit of psychology and philosophy in it, and it had me ponder the question: ‘ARE HUMANS FUNDAMENTALLY RATIONAL?’ It’s funny that it’s something I’ve always just taken for granted, probably from a lifetime of arrogant, speciesist indoctrination. My answer is now NO. History is filled with irrationality across every culture I’ve learned about so far. We react emotionally and try to pass it off as logical choice. We have deeply imbedded biases that practically take dynamite to change. We make thousands of decisions on limited and faulty data ALL THE TIME — ego, emotions, biases, disinformation, misinformation, myths, and legends. Humans are distinguished from other animals by their capacity for reason, but it doesn’t mean we always use it and when we do, we don’t always use it correctly (that feels like it could be a meme). Obviously, we have been able to choose the correct course of action enough of the time to survive and reproduce. We are a successful species, but JUST BARELY. How many times have we been on the brink of World War 3 or nuclear annihilation? I feel like it has been just as much LUCK! And how much of that survival was instinct? Drives and reflexes for food, water, sleep, fight or flight, etc. — how much of that is hard-wired physical self-preservation (i.e. animal instinct?) Look how much has transpired in the world in the last few years: the pandemic, civil unrest, racial reckoning, climate change realities. Wouldn’t a rational choice to co-exist on the planet mean choosing to unlearn our biases and learn how to cooperate for the greater good? Isn’t a greater part of America driven by fear and/or denial? If we were fundamentally rational, the epidemic of school and other mass shootings wouldn’t be happening IMO.
This book was just published on 5/23/23, so about seven weeks ago. It has a 4.13-star rating by 193 people and I hope more people read it. It did fall short of a 5-star rating from me due to a couple chapters that were *YAWN* overly technical. And I wasn’t sure if his “upcode” and “downcode” terms were unique to him; I think it would’ve been better with plain English.
February 4, 2024
As someone who doesn't really keep up with cyber crime news, this book was mostly new material to me! However as a developer, there were a lot of explanations of how computers or coding works that I didn't need. I do think they were simply explained so that a layperson could keep up with everything in the book, though, so you don't need any skills or industry knowledge to engage with the text.
This book is written very conversationally like your friend (or me) who constantly interrupts their own train of thought to go on an interesting tangent. Whether or not the tangent will prove to be relevant to the greater picture is unclear, lol.
eg One of my favourite details in this was that while talking about an influential person, the author causally mentions his rival (who does not have any effect on the anecdotes mentioned). However, my dude was apparently so paranoid of being poisoned that he would only eat his wife's cooking and subsequently died of starvation after she spent six months in the hospital.
This book is written very conversationally like your friend (or me) who constantly interrupts their own train of thought to go on an interesting tangent. Whether or not the tangent will prove to be relevant to the greater picture is unclear, lol.
eg One of my favourite details in this was that while talking about an influential person, the author causally mentions his rival (who does not have any effect on the anecdotes mentioned). However, my dude was apparently so paranoid of being poisoned that he would only eat his wife's cooking and subsequently died of starvation after she spent six months in the hospital.
December 4, 2023
This book was such a delight. Shapiro contextualizes computer hacking in a way I’ve never seen done – going seamlessly from the deepest nuts and bolts of how processors work all the way up the “stack” to how humans engage in acts of resistance against those with more power and how states engage in warfare. This is going to be my new go-to for anyone who wants to understand the modern cybersecurity landscape across technical, cultural, and geopolitical axes. It’s also funny and a bit silly at just the right frequency to be engaging rather than annoying. I can’t recommend it enough, an absolute tour de force.
Read
November 28, 2023Read this as an attempt to learn more about computers and computer security in a way that wouldn't make my eyes glaze over. I definitely learned a lot from it but it was generally disjointed from the middle on, which I guess makes sense considering how complicated computing has become since the days of the Morris Worm. Ironically I thought the section on the Fancy Bear hack that gave the book its title was one of the worst. I found the chapters about DDoS attacks toward the end the most interesting.
July 23, 2024
Read this if you want to know, in great detail, the history and current state of hacking written by a very funny professor of cybersecurity
The most poignant chapters are close to the end because they are close to the current day - the news often has reported nation state operators as the operatives when in many cases (but not the 2016 US election) it’s lonely male teens
This book is written for a lay audience but I wouldn’t recommend it to people who don’t like a) logic puzzles or b) diagrams of systems
I read this because I work in a semi-related field and it gave me a new appreciation for cybersecurity
Four stars because not everyone loves operating systems as much as you, bro
The most poignant chapters are close to the end because they are close to the current day - the news often has reported nation state operators as the operatives when in many cases (but not the 2016 US election) it’s lonely male teens
This book is written for a lay audience but I wouldn’t recommend it to people who don’t like a) logic puzzles or b) diagrams of systems
I read this because I work in a semi-related field and it gave me a new appreciation for cybersecurity
Four stars because not everyone loves operating systems as much as you, bro
September 15, 2023
Disappointing
This book was endlessly digressive, in a pretty bad way. I was bored by a lot of it except when I was angry about being so bored. Five extraordinary hacks is a fine subject but I've literally just finished the book and I'm not sure I remember all the hacks. Wait. No, I definitely don't remember them all. I just get so frustrated by books that don't really know when to end. You get to the end of chapter ten and you think, Oh, the conclusion's next, okay, quick wrap up and we're done. But the wrap up is also an endlessly digressive and repetitive thirty-something pages long and, as someone who edits plenty of stuff, I know that section could have been and SHOULD HAVE BEEN five pages long, tops. The text is 329 pages long. It could have been maybe 230. Lose 100 pages with careful editing and maybe I'd buy it.
This book was endlessly digressive, in a pretty bad way. I was bored by a lot of it except when I was angry about being so bored. Five extraordinary hacks is a fine subject but I've literally just finished the book and I'm not sure I remember all the hacks. Wait. No, I definitely don't remember them all. I just get so frustrated by books that don't really know when to end. You get to the end of chapter ten and you think, Oh, the conclusion's next, okay, quick wrap up and we're done. But the wrap up is also an endlessly digressive and repetitive thirty-something pages long and, as someone who edits plenty of stuff, I know that section could have been and SHOULD HAVE BEEN five pages long, tops. The text is 329 pages long. It could have been maybe 230. Lose 100 pages with careful editing and maybe I'd buy it.
December 5, 2023
Solid starter overview for the topic.
July 5, 2024
A great mix of technological detail and storytelling, instead of a breathless pseudo-spy thriller. Readers will be entertained and learn something.
November 10, 2024
Great. More things to worry about.
Good book, engaging and well written.
Good book, engaging and well written.
December 7, 2024
It's mostly for non-techies but I highly recommend the "Conclusion" chapter to everyone.
February 21, 2023
This book is a history of the internet focusing on certain hackers, and the motivation of this behavior. Interestingly enough the Ukrainian/Russian War has spurred the level of hacking for political reasons and created the term hactivist. Satellite signals in particular are used for navigation and are a target for hackers. Even SPACEX was hacked by some University of Texas researchers.
September 24, 2023
A fascinating introduction to cybersecurity, featuring Shapiro's usual humour and accessible explanations of the relevant technical concepts and their interplay with legal and social norms.
March 11, 2024
Fun and accessible, would recommend to people not already fans of the world's most powerful exclusive legal positivist
May 28, 2024
20% political propaganda. 30% entertaining content. 50% filler
Displaying 1 - 30 of 211 reviews