Tangled Web: Tales of Digital Crime from the Shadows of Cyberspace

Tangled Web discusses the roles of computer, Internet, and telecommunications technologies in the realm of computer crime - including pornography, identity theft, hacking, credit card data theft, altering Web pages, deliberate shutting down of services, fraudulent money transfers, worm and virus infections, and sabotage carried out by disgruntled employees. Actual accounts of real people perpetrating such crimes, including interviews, drives home the impact that criminal computer activity can have on the lives of so many other people.

Power describes in detail the kind of people involved in committing computerized crime - their motivations, how they go about their work, some of the law enforcement strategies involved in catching them, and the consequences of their actions - including monetary losses, downtime, and threats to human safety.

The book contains a helpful glossary of terminology specifically related to computer crime. A listing of resources provides readers with a wealth of additional information about computer crime, threats to online privacy, and measures that can be taken to help prevent future breaches of safety and security. Inclusion of the Computer Fraud and Misuse Act and other U.S. laws and treaties spells out the serious nature of criminal computer crime and some of the steps the federal government has taken to discourage further criminal activity.

I found the book quite chilling. I couldn't easily put it down. Anyone familiar with Simson Garfinkel's Database Nation (O'Reilly & Associates), will find this book thoroughly intriguing, thought-provoking, and compelling reason enough to take more serious measures to protect their computer systems and data against possible attack. Extraordinary reading and relevant to our culture today!

Rating:
Summary: A wake-up call to management who don¿t appreciate infosec
Review: Back in the 1970s, there was a television show called ScaredStraight, which brought together troubled youths and convictedfelons. The experience was supposed to shock the youths into becomingmodel citizens. In a similar vein, Tangled Web: Tales of DigitalCrime from the Shadows of Cyberspace is a scared straight lesson forcyberspace.

The book details the various types of computer crimes,including "hacktivism," espionage and sabotage, fraud, tradesecret theft, and computer break-ins. Case study after case studyreveals how every element of corporate America is at risk to someaspect of digital crime.

After reading Tangled Web, no manager canhonestly think computer crime could never happen to him orher. Whether it be via the activities of Vladimir Levin, the Russiancybercriminal who stole millions from Citibank, or those of Tim Lloyd,a disgruntled network administrator who caused millions in financiallosses to his employer, in incident after incident author RichardPower shows the reader how we are indeed in the midst of acyberwar.

As corporations rush to get on the informationsuperhighway, security is often neglected to the degree that manyorganizations don't have a position as elementary as chief securityofficer. Tangled Web shows in great detail the effects of excludinginformation systems security from a corporate infrastructure, and itisn't pretty...

Rating:
Summary: Nothing New Here - Just FUD
Review: FUD is known in the hacker world as "Fear, Uncertainty and Doom" - mostly it's used to refer to media reports on any hacker exploit. You've read the articles - some newbie hacker scripts his way into a server and the report just about gaurantees you that the next step is going to be a premature firing of nuclear weapons. Well, this book does little to quell that line of thinking. It's an interesting collection of stories, but little else. It plays too much on general mis-information and that's never good. I give it three stars only because it's got a lot of "history" in it regarding hacks and exploits...be warned though - the FUD is heavy and thick. Best Regards, turtlex.

Rating:
Summary: Great Summary...Too Long...Somewhat Outdated
Review: I just finished reading Tangled Web by Richard Power. I thoroughly enjoyed most of it. He presents a very technical, a possibly boring subject in a very realistic and easy-to-read light. Many cyber-crime books either blow the topic way out of proportion and pander to the uneducated and gullible. They would have the same sort of audience that stocked up on supplies in the waning days of 1999 waiting for the Y2K bug to end the world. Powers does not do that. Nor does he play the issue down as some have. His information is backed by statistics, mostly presented in easy-to-read summary charts and tables. He prefaces the discussions of the various aspects of crimes with anecdotes that draw you into the topic, making you want to learn more. Overall, it is a very accurate, informative, and fun read.
My primary two concerns with the book that kept me from the 5-star rating are (1) The chapters are long winded. (2) Some of the information is outdated.
I wish that the author would have cut every section down in size by about 25%. Remember high school, when the teacher assigned a 5-page essay but you only had 4 pages of information? I don't know what the cause is, but this seems to be what Power did for many of the chapters. It takes away from the readability, but not significantly enough for me to suggest against this book.
Simply due to the rapidly changing environment of networking, computer technology, and the internet, this book is necessarily mildly outdated, since it was written in 2000. However, this problem is not great. This is not a technical
"how to stop cybercrime" book. It is more of an overview of what cybercrime is, what it can look like, and what it isn't. Therefore, even if the nuances of the crimes or the nuances of the preventions have changed, the bird's-eye view of them has changed very little. This also should not keep you from this book.
If you are interested in the subject buy this book. Now that so many copies are available so inexpensively by purchasing used, there is nothing to keep from reading this.

Rating:
Summary: The best book of this year in Cyber Crimes
Review: In the last ten years I was involved in Cyber Crimes Investigations in my country.Part of the years I was responsible of the Cyber Crimes Team in our National Police.Today I teach Computer Law in my Country.In any lecture and presentation I make almost every week,people are asking for a clear book concern Cyber Crimes with data,examples ect.I read most of the books.Only now I can send people to a real book.Not heavy.Useful for Judge,Lawyer,Student,Police officer,Security Officer ect.Its the great contribution to the fight against Cyber Crimes.I think this is the book of the year in Cyber Crimes.It has not to be a book for scientist.It has to be for the man on the street and update.Its update.well done.

Rating:
Summary: A real eye opener on Digital weakness
Review: Just amazing. This book and also the author acknowledges that there are more digital crimes happening every day then reported. I enjoyed this book and would certainly recommend it to all IT people to read this book especially who works in "DIGITAL SECURITY".

Rating:
Summary: A description of where the real digital action is
Review: Nothing sums up the power of the Internet more than the realization that someone who cannot legally own property can find programs that can be used to cause hundreds of millions of dollars of digital damage. Not since the days of young monarchs has it been possible for a teenager to do such things. However, while tales like this get the most publicity, it is unfortunate that it hides a grim reality. Most attacks of this type do nothing but exploit security holes caused by poor design or sloppy programming.
The fact that crime, deceit and general nastiness have appeared in the computing culture should come as no surprise. Human nature being what it is, the darker side of human experience will follow them into whatever venture that they explore. While the majority of the most public cases of digital crime are described in this book, the most interesting are those that are only hinted at. Given that most information is now stored digitally and most competition between nations is now economic, it is hardly surprising that nations are employing cyberspooks to obtain information about what others are doing. While the descriptions here are only fragmentary, they are enough so that those familiar with computer security will be able to piece together much of what is going on.
However, the real action is most certainly in the areas of industrial espionage. While the bulk of publicity is about amateur hackers and virus writers and pilfered credit card numbers, the amount of industrial espionage that is going on exceeds these simple crimes in dollar values. When the value of an industrial secret can be worth hundreds of millions to billions of dollars the theft of even one no doubt dwarfs the cost of all Internet credit card fraud. The recent case of Oracle operatives divining secrets from the dumpsters at Microsoft is the most obvious and while it has comical aspects, it does point out how ruthless the competition is. I found the descriptions of industrial espionage just as fascinating as the tales of government intelligence gathering. Anyone with information of value that is on a computer should read these tales of what can be done against them.
In conclusion, there is a many front war going on in the area of digital security. The most visible involves viruses and hacker attacks, which are generally carried out by people with lower level skill sets. The real action is taking place among professionals working in the shadows, stealing secrets and covering their tracks. That is the real interesting thing about this book, and the results of their efforts are beginning to affect governments, and can have substantial changes on which countries and companies emerge as the dominant players.

Rating:
Summary: Read like a balance sheet
Review: Richard Power does a wonderful job of name-dropping through the entire book. Instead of presenting the interesting stories of cybercrime, all you get are dry facts and figures about how much money you're wasting by not protecting you network. Most of the figures are unsubstantiated and presented out of context - they have been plucked from a yearly survey conducted by Power.

If you want to read about digital crime/security then I recommend Bruce Schneier's "Secret's and Lies: Digital Security in a Networked World" or Steven Levy's "Crypto : How the Code Rebels Beat the Government - Saving Privacy in the Digital Age."

Rating:
Summary: Fascinating account of computer crime
Review: Tangled Web is an excellent treatment of the kinds of crimes and the kinds of criminals that are popping up in cyberspace. Richard Power, an respected expert in computer security, combines descriptions of his own experiences with publicly-reported accounts of digital crimes into a fascinating tour of the dark side of cyberspace. He gives the reader the benefit of his years of research into the damage caused by computer crime; the book gives detailed, frightening statistics about the havoc computer criminals have already caused, along with well-grounded speculation about what kinds of damage we may see in the future.

The book contains chapters that deal with the different types of computer crime--hacking and cracking, viruses, identity theft, child pornography, sabotage, cybervandalism, corporate espionage and information warfare. In addition to describing specific cases involving the commission of these crimes, Power explains how law enforcement officers investigate the crimes and apprehend those who commit them. He includes a variety of "real world" sources, CERT advisories, excerpts from an affidavit submitted in support of a search warrant and even excerpts from a transcript generated by an FBI wiretap used in the Phonemasters investigation, which focused on hackers who were stealing and selling private information.

For those who want to know more, the book includes a lengthy set of appendices, which contain a variety of material, including federal laws and treaties dealing with digital crime. The appendices also list web sites and publications that provide additional information on the topics Power discusses.

Rating:
Summary: Entertaining, but not a textbook on information warfare
Review: There is very little original thinking or detailed analysis in "Tangled Web." It is a pastiche of sound bites from security experts who are associates of the author. Chapter 2 goes a bit beyond sound bites, but it is still a rehash of other sources, and anyone who is moderately well-read in infosec will find that they have already been over all of this ground.

In addition to the quotes and sound bites, the author makes extensive use of the CSI/FBI survey (Power is the inspiration and driving force behind it). This study was conducted within a self-selecting audience that was expected to ESTIMATE the cost and frequency of the attacks they believe their organization experienced. It may be the best information we have, but it does not really represent a scientifically rigorous survey that can be accepted as providing an accurate understanding of the true cost or extent of computer crime. It looks impressive, but it is also designed to support the common agenda of Power's organization (the Computer Security Institute), and the FBI. Certainly the material is not intended to discourage people from attending CSI workshops.

Besides the lack of rigor in the much-quoted survey, the constant exaggeration of the monetary cost of hack-attack damages is misleading. Power delves into the pseudo-scientific again by using 7 significant figures to report on estimated costs of hacking sprees. I'm no fan of Mitnick, but quoting the inflated loss estimates provided by his victims does not make them fact. I think highly of Marcus Ranum, but he's hardly a cost accountant, so I question using his financial estimates on how much a hack attack costs a victim. To be fair, Power does follow the Ranum interview with an interview of an experienced accountant, but the fact is that nobody has any idea what the cost of information security failures really is.

If you are familiar with the CSI newsletter, you'll recognize the author's hand in this book--lots of quick anecdotes about bad things happening to good people, but no analysis. The writing follows this same newsletter writing style. Short sentences. Really short paragraphs. I find this writing style distracting, but it is a matter of personal preference, and it matches the material. This is a book that is easy to read in short bursts, which will be advantageous if you don't have a lot of time to spend on this subject.

This is a good book for an executive or neophyte who wants to read a single book that helps them understand the current nature of Internet crime, provides them a quick exposure to some of the personalities and philosophies of some prominent infocrime fighters, and concludes with solid suggestions on what needs to be done. But if you want to be a specialist in information security, then you need to read books with greater depth than this one.

This is not a meaty tome, it contains no original ideas, and the reported cost of Internet attacks is not substantiated. However, it is a quick and interesting read if you are curious and only have time for a single book.