Try our new AI-powered search
beta
IN “THE REPUBLIC” Plato asked readers to consider the implications of the ring of Gyges, which makes its wearer invisible. How would (and should) people act if they knew that their bad behaviour would never be found out? In the digital world such anonymity is not a fantastical idea but a real possibility. The virtual ring of Gyges, and its consequences, is just one of the themes explored by these five engrossing books about cyber-security. They cover issues ranging from cyberwar and online crime to cryptography and efforts to “hack” people who know login credentials. These books portray the cyber world as a site of many simultaneous battles, in which attackers, whether criminals or states, often have an advantage over the institutions that are their targets. States and legitimate businesses spend enormous amounts to defend themselves but present a large number of “attack surfaces”. Aggressors need to find just one vulnerability. Many successful attacks never make the news. Much depends, these books show, on who prevails in these electronic wars.
The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics. By Ben Buchanan. Harvard University Press; 406 pages; $24.95 and £15.99
The catastrophic “cyber Pearl Harbour” of which some have long and loudly warned has not occurred. Gnawing squirrels probably cause more blackouts than hackers do. Even so, states are quietly mounting digital attacks on other states, infrastructure and businesses in world-changing ways, argues Ben Buchanan of Georgetown University in this riveting book. The attackers come in all sizes. Smaller states have less to lose from cyber-aggression against bigger ones than they would from a conventional attack. North Korea tried the low-tech scam of counterfeiting American banknotes, then shifted to infiltrating SWIFT, a global computer network that manages money transfers. The regime hoped both to steal money, in which it succeeded, and to undermine trust in financial systems, which it failed to do. In the early 2000s America’s National Security Agency apparently placed a backdoor in Dual EC, a random-number generator used by cryptographers to develop codes. Hackers discovered it and publicised their find. Cyber-attacks by states are in effect hybrids, combining the secrecy of espionage with some of the destructive power of war. The scope of the damage they can cause, unlike that of a bomb, is unpredictable. Although attacks are often thwarted, states are bound to continue mounting them.
The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats. By Richard Clarke and Robert Knake. Penguin Random House; 352 pages; $19 and £25
Soon artificial-intelligence programs and quantum computers may learn to crack sophisticated encryptions. You might expect Richard Clarke and Robert Knake, former White House cyber-security chiefs, to urge America’s military and intelligence leaders to do far more to counter that threat. Instead, the authors of “The Fifth Domain” mostly press the private sector to beef up “resilience”. As the only man-made domain of warfare, the cyber realm, they argue, can be refashioned by businesses to impede attackers. The Pentagon, an organisation designed for war, is ill suited to lower the risk of cyber-conflict, the authors argue. Pentagon officials would no doubt disagree. But the book makes a strong case that businesses and individuals can significantly and cheaply reduce America’s vulnerability. Some companies are doing a good job. Boeing, a planemaker, Siemens, a German multinational, and Ericsson, a telecoms company, escaped the NotPetya malware attack in 2017. But good cyber-defence, the authors say, is much too rare in the corporate world.
Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency. By Andy Greenberg. Doubleday; 384 pages; $19. Random House USA; £27
Bitcoin and other cryptocurrencies no longer offer the anonymity that some enthusiasts had sought from them. That’s one lesson to be drawn from this true-crime thriller by Andy Greenberg, who writes for WIRED magazine. He follows investigators who nab crooks by scrutinising shady transactions recorded on blockchain—a sort of electronic ledger—and other digital evidence. The sleuths are as colourful as the underworlds they probe are dark. The book’s real star is Chainalysis, a firm based in New York whose software is widely used by government agents. It combs through records of cryptocurrency movements on blockchains to “cluster” virtual addresses that appear to be connected to a single person. Investigators can then serve subpoenas on institutions such as cryptocurrency exchanges to find out who that person is. Unlike a blockchain’s creator, they must keep records of users’ identities. The book describes at length one corner of the dark web where people use cryptocurrency to buy access to videos of sexual abuse of children and even infants. Although Mr Greenberg does not go into graphic detail, these passages are not pleasant reading.
Social Engineering: The Science of Human Hacking. By Christopher Hadnagy. Wiley; 320 pages; $37 and £29
This manual describes how hackers manipulate people to obtain passwords or access to their workplaces. Christopher Hadnagy is the boss of Social-Engineer, a consultancy in Orlando, Florida that helps companies and governments that are keen to learn competitors’ secrets or identify weaknesses in their own cyber-defences do just that. Tricks of the trade include hacking into home or office webcams to discover information about a person, and gaining that person’s trust, typically by sending someone to impersonate a repairman or some other service provider. To make the impression convincing Mr Hadnagy advises “method acting”—driving the right sort of car, wearing the right sort of clothes and using the right sort of body language. This makes for an engaging but disconcerting book. If you’re trying to fool people, don’t let considerations of diversity, equity and inclusion get in the way, says Mr Hadnagy: if someone is posing as a boss, make sure he’s a middle-aged white male. A target’s children, he writes, “are often great resources for attack vectors”.
The Code Book. By Simon Singh. Knopf Doubleday; 432 pages; $19. HarperCollins; £10.99
This history of the age-old struggle between codemakers and codebreakers—“linguistic alchemists, a mystical tribe attempting to conjure sensible words out of meaningless symbols”—is a delight. Published in 1999 and adapted for television, “The Code Book”, by Simon Singh, a British journalist, has become a classic. In affairs of state, and especially war, the concocting and cracking of codes has often been pivotal. So has the invention of systems that hide the very existence of messages. In the 16th century an Italian scientist devised a way to write underneath the shell of a boiled egg. Nazis shrank text into microdots concealed in printed full stops. America’s FBI, tipped off to look for a tell-tale gleam on a letter, discovered the ruse in 1941. “The Code Book” ends by peering into a future that may now be drawing close. Quantum computing may soon be able to crack today’s codes, and devise new ones that are unbreakable.
Also try
An article explores how ransomware could cripple countries as well as companies. Here Britain’s former cyber-chief argues that cyberspace is getting safer. Estonia’s prime minister says that Ukraine is giving democratic countries a master-class in cyber-defence. And Britain has set forth sound principles for how a state should wage cyber-warfare, this leader argues. British ministers, however, are sloppy about cyber-security. ■
Discover stories from this section and more in the list of contents
There’s much more to the country than Bali’s beaches, as these six books demonstrate
Six books provide an introduction to a troubled, nuclear-armed country
Our pick of eight rib-tickling tales
Published since September 1843 to take part in “a severe contest between intelligence, which presses forward, and an unworthy, timid ignorance obstructing our progress.”
To enhance your experience and ensure our website runs smoothly, we use cookies and similar technologies.
Copyright © The Economist Newspaper Limited 2024. All rights reserved.
