Crime dot com

by Mark Rowe

Author: Geoff White

ISBN No: 9781789142853

Review date: 29/03/2024

No of pages: 344

Publisher: Reaktion

Publisher URL:
http://www.reaktionbooks.co.uk/display.asp?ISB=9781789142853

Year of publication: 18/05/2021

Brief:

price

£18.99

It’s easy to feel that cyber crime has got out of hand; ‘too many monsters, not enough heroes’, as Geoff White the journalist author of Crimedotcom puts it. He devotes much of his book to the ‘monsters’, who are making too many gains to want to stop, even if they are caught (and so few are).

That’s not only the organised criminals who make money out of cybercrime. Hackers may want to use the media to spread the story of data leaks, for whatever reason. “Governments aren’t giving up hacking either.” Whereas the Edward Snowden affair may have been a revelation to western liberal publics about state surveillance, the author suggests that for some regimes it was a wake-up call, ‘to the potential for snooping on and controlling populations at home and abroad in our increasingly digitised world’. Besides, the tools of cybercrime offer ‘exceptional value for money compared to conventional weapons’. Why spend money on military jets to bomb your enemy (which also looks bad) if you can ‘take down’ their internet connection, and thus their online banking and other critical national infrastructure.

The book’s epilogue does end with what all of use as cyber users can do against hackers. Most important; ‘be very careful with emails’, because hackers have long and often relied on exploiting the human behind the computer; ’email spam is the number one infection vector for hackers’. The author argues: “We need to move away from the quaint idea that our inboxes can somehow be protected by our Internet companies, email providers or IT support departments.” No amount of filtering with stop everything, and it only takes one click for an organisation to get infected. As it’s pithily put, ‘each of us is now our own security guard’. The advice for an individual as for a corporation is to keep software up to date, use strong passwords and make regular back-ups, and keep them somewhere safe and disconnected – that is, where ransomware cannot reach.

Of yet more interest to Professional Security readers, the ‘uncomfortable truth’ for organisations is that ‘conventional risk assessment is no longer going to work’. For nation states may hack,with no profit motive; hacktivists may break in to steal whatever they can lay their hands on, or even for fun. The author gives the NHS as an example of how ‘increasingly hard’ it is to judge your risk of being hacked – Wannacry showed in 2017 that hospitals will come under attack, even though they might feel safe for moral reasons from a physical attack. Such ethics evidently do not apply in cyber.

A useful idea offered is that organisations might have an ‘if’ and a ‘when’ team. The ‘if’ team mainly of tech people works on the basis that hacking is preventable, and carries out staff training to watch out for and recognise and report phishing emails. The ‘when’ team meanwhile is more PR and legal, as it assumes that the hacker will get through, and plans for what to do, when that happens – inform the regulator and customers, restore services. While those teams may appear different, they are urged to mix, if only to prevent bad PR (as after the 2015 TalkTalk hack).

As the author adds, that approach may not mean a big cybersecurity investment; but it may pay dividends if (or when) you are hacked, by appeasing the data protection regulator. The book also closes with advice for the media – warning against it becoming ‘the puppet of the hackers’ – and points out that governments have to work out parameters for intruding into people’s digital lives (‘we hope our own governments use this power wisely’).

Finally, the epilogue makes plain that cybercrime is not going to stop; there is no ‘Big Wall solution’. “Our modern, data-rich world is too full of increasingly complex inter-reliant technologies and unpatched holes to prevent the hackers getting through.”

Chapter headings:

1 Meet the Hackers
2 Fall of the Berlin Firewall
3 Ocean’s 11 Dot Com
4 Digital Extortion
5 Your Data for Sale
6 Beyond the Dark Web
7 The Internet Hate Machine
8 Lights Out
9 Weaponizing Data
10 Hack the Vote

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing