“Dark Market: CyberThieves, CyberCops, and You”, Misha Glenny, 2011,
%A Misha Glenny
%C Suite 801, 110 Spadina Ave, Toronto, ON Canada M5V 2K4
%G 978-0-88784-239-9 0-88784-239-9
%I House of Anansi Press Ltd.
%O C$29.95 416-363-4343 fax 416-363-1017 www.anansi.ca
%O Audience n Tech 1 Writing 2 (see revfaq.htm for explanation)
%P 296 p.
%T “Dark Market: CyberThieves, CyberCops, and You”
There is no particular purpose stated for this book, other than the vague promise of the subtitle that this has something to do with bad guys and good guys in cyberspace. In the prologue, Glenny admits that his “attempts to assess when an interviewee was lying, embellishing or fantasising and when an interviewee was earnestly telling the truth were only partially successful.” Bear in mind that all good little blackhats know that, if you really want to get in, the easiest thing to attack is the person. Social engineering (which is simply a fancy way of saying “lying”) is always the most effective tactic.
It’s hard to have confidence in the author’s assessment of security on the Internet when he knows so little of the technology. A VPN (Virtual Private Network) is said to be a system whereby a group of computers share a single address. That’s not a VPN (which is a system of network management, and possibly encryption): it’s a description of NAT (Network Address Translation). True, a VPN can, and fairly often does, use NAT in its operations, but the carelessness is concerning.
This may seem to be pedantic, but it leads to other errors. For example, Glenny asserts that running a VPN is very difficult, but that encryption is easy, since encryption software is available on the Internet. While it is true that the software is available, that availability is only part of the battle. As I keep pointing out to my students, for effective protection with encryption you need to agree on what key to use, and doing that negotiation is a non-trivial task. Yes, there is asymmetric encryption, but that requires a public key infrastructure (PKI) which is an enormously difficult proposition to get right. Of the two, I’d rather run a VPN any day.
It is, therefore, not particularly surprising that the author finds that the best way to describe the capabilities of one group of carders was to compare them to the fictional “hacking” crew from “The Girl with the Dragon Tattoo.” The activities in the novel are not impossible, but the ability to perform them on demand is highly
This lack of background colours his ability to ascertain what is possible or not (in the technical areas), and what is likely (out of what he has been told). Sticking strictly with media reports and indictment documents, Glenny does a good job, and those parts of the book are interesting and enjoyable. The author does let his taste for mystery get the better of him: even the straight reportage parts of the book are often confusing in terms of who did what, and who actually is what.
Like Dan Verton (cf BKHCKDRY.RVW) and Suelette Dreyfus (cf. BKNDRGND.RVW) before him, Glenny is trying to give us the “inside story” of the blackhat community. He should have read Taylor’s “Hackers” (cf BKHAKERS.RVW) first, to get a better idea of the territory. He does a somewhat better job than Dreyfus and Verton did, since he is wise enough to seek out law enforcement accounts (possibly after reading Stiennon’s “Surviving Cyberwar,” cf. BKSRCYWR.RVW).
Overall, this work is a fairly reasonable updating of Levy’s “Hackers” (cf. BKHACKRS.RVW) of almost three decades ago. The rise of the financial motivation and the specialization of modern fraudulent blackhat activity are well presented. There is something of a holdover in still portraying these crooks as evil genii, but, in the main, it is a decent picture of reality, although it provides nothing new.
copyright, Robert M. Slade 2012 BKDRKMKT.RVW 20120201