Will Gragido - Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats

Acquiring Editor: Angelina Ward

Development Editor: Heather Scherer

Project Manager: Andre Cuello

Designer: Alisa Andreola

Syngress is an imprint of Elsevier

30 Corporate Drive, Suite 400, Burlington, MA 01803, USA

2011 Elsevier, Inc. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our Website: www.elsevier.com/permissions.

This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).

Notices

Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods or professional practices may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information or methods described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.

To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.

Library of Congress Cataloging-in-Publication Data

Application submitted

British Library Cataloguing-in-Publication Data

A catalogue record for this book is available from the British Library.

ISBN: 978-1-59749-613-1

Printed in the United States of America

11 12 13 14 10 9 8 7 6 5 4 3 2 1

For information on all Syngress publications visit our website at www.syngress.com

You will find this an interesting book; it covers a lot of ground, but pulls the information together in the end. Cybercrime and Espionage opens with a quote from Cicero from the first century B.C. The discussion of fraud and justice reaches back to the code of Hammurabi and a page later we read about the Smartphone. There are a few dominant themes:

The authors work diligently to build a strong foundation based on history to show us, while the technology is new. There is an unprecedented amount of information that shows that crimes we are exposed to are not so new; nothing about the iPad changes human behavior.

The authors have worked at advanced security companies and have access to the actual tools and attacks that are being used by criminals, Nation States, and organized groups to capture and exploit information.

Knowing that the technology will continue to change, the authors have developed frameworks to help clarify this complex information.

Case studies and actual examples, many of which went to court, are shared so that it is clear this is not opinion but what is actually happening.

With these themes in mind, do not be surprised if the discussion ranges from the Greek alphabet, the printing press, the history of the ARPANET, and the public switched network and then to the cutting-edge work of Bond and Danezis and why we fall prey to malware again and again. The discussion on compliance not equaling security is as clearly stated (and supported) as any I have seen, and this is such an important concept to understand because if you follow the money, a lot is invested in compliance. We are shown that physical and logical security are becoming less and less related. Two examples of why this can be a problem are the stories of Dong Chul Shin and Danielle Duann; both had insider access and were terminated from their organizations but were able to access IT resources via their organizations VPN.

is particularly chilling, this is where the authors cover state-sponsored information gathering, and they do not hold back. They remind us again this is not a new problem; human nature has not changed, and their poster children include Ethel and Julius Rosenberg, Klaus Fuchs, Clayton Lonetree, Aldrich Ames, and Clyde Lee Conrad. This is followed by a veritable whos who of significant groups, perhaps smaller than Nation State, involved in harvesting and exploiting information.

Cybercrime and Espionage also goes into some considerable depth to explain exactly how the criminal underground is able to harvest information about people like you or I. I havent seen this much explanatory information since Crimeware. We learn about the Advanced Persistent Threat, and rather than throwing a lot of technology at the reader, the authors break it down by its functionalities and support their premise with actual cases including Titan Rain. In . How can they keep making malware we cant detect? You will get to see the tools that are actually used.

Amazingly, the authors are able to pull it all together; and read the MOSAIC framework section. MOSAIC is designed to help an analyst correctly evaluate cybercrime and cyber attack information. It stands for

Motive awareness

Open source intelligence collection

Study

Asymmetrical intelligence correlation

Intelligence review and interrogation

Confluence

Or, as the authors say in the summary, remember to focus on the three dimensions of people, process and technology and your security efforts will be much improved. This book has lots of information on all three dimensions. It was a pleasure reading it and to develop this foreword, and I am sure you will find it advances your knowledge on cybercrime and espionage.

Stephen Northcutt, President, The SANS Technology Institute, a security graduate school

Thank you for picking up this book! We believe that if you are reading this page, you are an individual seeking to gain a greater degree of familiarity with cybercrime and espionage, and more likely than not, believe that the realities outweigh the fear, uncertainty, and doubt associated with these two topics. Our desire in writing this book was to initiate a conversation pertaining to the subject matter from a different perspective. Given that both of the authors have backgrounds with the Department of Defense (DoD), intelligence community, and the commercial information security industry, we felt it appropriate to begin asking tough questions while providing answers to nontrivial challenges. This is not a work of fiction. It is our belief that this book will aid in changing the perception of