Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Dark Market: CyberThieves, CyberCops, and You", Misha Glenny

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Han
    BKDRKMKT.RVW 20120201 Dark Market: CyberThieves, CyberCops, and You , Misha Glenny, 2011, 978-0-88784-239-9, C$29.95 %A Misha Glenny %C Suite 801, 110
    Message 1 of 1 , May 2, 2012
    • 0 Attachment
      BKDRKMKT.RVW 20120201

      "Dark Market: CyberThieves, CyberCops, and You", Misha Glenny, 2011,
      978-0-88784-239-9, C$29.95
      %A Misha Glenny
      %C Suite 801, 110 Spadina Ave, Toronto, ON Canada M5V 2K4
      %D 2011
      %G 978-0-88784-239-9 0-88784-239-9
      %I House of Anansi Press Ltd.
      %O C$29.95 416-363-4343 fax 416-363-1017 www.anansi.ca
      %O http://www.amazon.com/exec/obidos/ASIN/0887842399/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/0887842399/robsladesin03-20
      %O Audience n Tech 1 Writing 2 (see revfaq.htm for explanation)
      %P 296 p.
      %T "Dark Market: CyberThieves, CyberCops, and You"

      There is no particular purpose stated for this book, other than the
      vague promise of the subtitle that this has something to do with bad
      guys and good guys in cyberspace. In the prologue, Glenny admits that
      his "attempts to assess when an interviewee was lying, embellishing or
      fantasising and when an interviewee was earnestly telling the truth
      were only partially successful." Bear in mind that all good little
      blackhats know that, if you really want to get in, the easiest thing
      to attack is the person. Social engineering (which is simply a fancy
      way of saying "lying") is always the most effective tactic.

      It's hard to have confidence in the author's assessment of security on
      the Internet when he knows so little of the technology. A VPN
      (Virtual Private Network) is said to be a system whereby a group of
      computers share a single address. That's not a VPN (which is a system
      of network management, and possibly encryption): it's a description of
      NAT (Network Address Translation). True, a VPN can, and fairly often
      does, use NAT in its operations, but the carelessness is concerning.

      This may seem to be pedantic, but it leads to other errors. For
      example, Glenny asserts that running a VPN is very difficult, but that
      encryption is easy, since encryption software is available on the
      Internet. While it is true that the software is available, that
      availability is only part of the battle. As I keep pointing out to my
      students, for effective protection with encryption you need to agree
      on what key to use, and doing that negotiation is a non-trivial task.
      Yes, there is asymmetric encryption, but that requires a public key
      infrastructure (PKI) which is an enormously difficult proposition to
      get right. Of the two, I'd rather run a VPN any day.

      It is, therefore, not particularly surprising that the author finds
      that the best way to describe the capabilities of one group of carders
      was to compare them to the fictional "hacking" crew from "The Girl
      with the Dragon Tattoo." The activities in the novel are not
      impossible, but the ability to perform them on demand is highly

      This lack of background colours his ability to ascertain what is
      possible or not (in the technical areas), and what is likely (out of
      what he has been told). Sticking strictly with media reports and
      indictment documents, Glenny does a good job, and those parts of the
      book are interesting and enjoyable. The author does let his taste for
      mystery get the better of him: even the straight reportage parts of
      the book are often confusing in terms of who did what, and who
      actually is what.

      Like Dan Verton (cf BKHCKDRY.RVW) and Suelette Dreyfus (cf.
      BKNDRGND.RVW) before him, Glenny is trying to give us the "inside
      story" of the blackhat community. He should have read Taylor's
      "Hackers" (cf BKHAKERS.RVW) first, to get a better idea of the
      territory. He does a somewhat better job than Dreyfus and Verton did,
      since he is wise enough to seek out law enforcement accounts (possibly
      after reading Stiennon's "Surviving Cyberwar," cf. BKSRCYWR.RVW).

      Overall, this work is a fairly reasonable updating of Levy's "Hackers"
      (cf. BKHACKRS.RVW) of almost three decades ago. The rise of the
      financial motivation and the specialization of modern fraudulent
      blackhat activity are well presented. There is something of a
      holdover in still portraying these crooks as evil genii, but, in the
      main, it is a decent picture of reality, although it provides nothing

      copyright, Robert M. Slade 2012 BKDRKMKT.RVW 20120201

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      Neurosis is the inability to tolerate ambiguity - Sigmund Freud
      victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
    Your message has been successfully submitted and would be delivered to recipients shortly.