REVIEW: "Dark Market: CyberThieves, CyberCops, and You", Misha Glenny
- BKDRKMKT.RVW 20120201
"Dark Market: CyberThieves, CyberCops, and You", Misha Glenny, 2011,
%A Misha Glenny
%C Suite 801, 110 Spadina Ave, Toronto, ON Canada M5V 2K4
%G 978-0-88784-239-9 0-88784-239-9
%I House of Anansi Press Ltd.
%O C$29.95 416-363-4343 fax 416-363-1017 www.anansi.ca
%O Audience n Tech 1 Writing 2 (see revfaq.htm for explanation)
%P 296 p.
%T "Dark Market: CyberThieves, CyberCops, and You"
There is no particular purpose stated for this book, other than the
vague promise of the subtitle that this has something to do with bad
guys and good guys in cyberspace. In the prologue, Glenny admits that
his "attempts to assess when an interviewee was lying, embellishing or
fantasising and when an interviewee was earnestly telling the truth
were only partially successful." Bear in mind that all good little
blackhats know that, if you really want to get in, the easiest thing
to attack is the person. Social engineering (which is simply a fancy
way of saying "lying") is always the most effective tactic.
It's hard to have confidence in the author's assessment of security on
the Internet when he knows so little of the technology. A VPN
(Virtual Private Network) is said to be a system whereby a group of
computers share a single address. That's not a VPN (which is a system
of network management, and possibly encryption): it's a description of
NAT (Network Address Translation). True, a VPN can, and fairly often
does, use NAT in its operations, but the carelessness is concerning.
This may seem to be pedantic, but it leads to other errors. For
example, Glenny asserts that running a VPN is very difficult, but that
encryption is easy, since encryption software is available on the
Internet. While it is true that the software is available, that
availability is only part of the battle. As I keep pointing out to my
students, for effective protection with encryption you need to agree
on what key to use, and doing that negotiation is a non-trivial task.
Yes, there is asymmetric encryption, but that requires a public key
infrastructure (PKI) which is an enormously difficult proposition to
get right. Of the two, I'd rather run a VPN any day.
It is, therefore, not particularly surprising that the author finds
that the best way to describe the capabilities of one group of carders
was to compare them to the fictional "hacking" crew from "The Girl
with the Dragon Tattoo." The activities in the novel are not
impossible, but the ability to perform them on demand is highly
This lack of background colours his ability to ascertain what is
possible or not (in the technical areas), and what is likely (out of
what he has been told). Sticking strictly with media reports and
indictment documents, Glenny does a good job, and those parts of the
book are interesting and enjoyable. The author does let his taste for
mystery get the better of him: even the straight reportage parts of
the book are often confusing in terms of who did what, and who
actually is what.
Like Dan Verton (cf BKHCKDRY.RVW) and Suelette Dreyfus (cf.
BKNDRGND.RVW) before him, Glenny is trying to give us the "inside
story" of the blackhat community. He should have read Taylor's
"Hackers" (cf BKHAKERS.RVW) first, to get a better idea of the
territory. He does a somewhat better job than Dreyfus and Verton did,
since he is wise enough to seek out law enforcement accounts (possibly
after reading Stiennon's "Surviving Cyberwar," cf. BKSRCYWR.RVW).
Overall, this work is a fairly reasonable updating of Levy's "Hackers"
(cf. BKHACKRS.RVW) of almost three decades ago. The rise of the
financial motivation and the specialization of modern fraudulent
blackhat activity are well presented. There is something of a
holdover in still portraying these crooks as evil genii, but, in the
main, it is a decent picture of reality, although it provides nothing
copyright, Robert M. Slade 2012 BKDRKMKT.RVW 20120201
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
Neurosis is the inability to tolerate ambiguity - Sigmund Freud