Fancy Bear Goes Phishing by Scott J Shapiro – hacking for beginners | Computing and the net books

One of the most important figures in the history of cybersecurity is Matthew Broderick. In the 1983 movie WarGames he played David Lightman, a high-school computer whiz who hacks into the Norad defence system by mistake and almost sets off a thermonuclear war. The movie started a national conversation about the vulnerability of computers. President Reagan asked his security advisers: “Could something like this really happen?” Members of Congress screened clips in subcommittee hearings, leading to the first federal legislation on cybercrime. Before he was Ferris Bueller, Broderick was the fresh face of hacking.

Five years later, a Cornell graduate student named Robert Morris Jr designed a self-replicating “worm” to explore the network that connected the country’s computers, but made a crucial coding error. The worm grew too fast; the network crashed. The first person a horrified Morris alerted was his father, who happened to be one of the US government’s leading experts on data security. Media reports about this real-life David Lightman and his “Morris worm” introduced Americans to an unfamiliar word: the internet.

The title of Scott Shapiro’s lively history is a little too whimsical for my palate but it does advertise his technique of using vivid case studies to dramatise a technically complex subject, from the troubled 16-year-old boy who hacked Paris Hilton’s phone data in 2005 to the Russian cyberespionage group (that would be Fancy Bear) that exfiltrated Democratic party secrets during the 2016 presidential election campaign, an act that may have crossed the border separating espionage from cyberwar. “Hacking is about humans,” Shapiro writes. As he tracks down interviewees, analyses court transcripts and parses countless lines of malware code, why these people did it is as interesting to him as how.

The word “hacker” was coined to describe the brilliant, mischievous coding mavericks who clustered around AI pioneer Marvin Minsky at MIT in the 1960s. Only in the 1990s did it become synonymous with cybercriminal. The stereotype of the resentful young misanthrope wreaking mayhem from his parents’ house holds up fairly well, it seems. “I didn’t think of [victims] as real people,” said Paras Jha, who unleashed the devastating Mirai botnet in 2016, “because everything I did was online in a virtual world.” This is the only species of crime where a teenager can outwit a multinational corporation and cause as much damage as a nation state. While “hacker” retains an outlaw cool, the language of viruses and bugs suggest contamination and disease. Shapiro argues that all these terms are misleading but then talks of “zombie computers” dispatching “bot armies”. The field invites dramatic metaphors.

Shapiro is a Yale law professor who founded a short-lived database-construction company in the 1980s but left computing behind and only taught himself hacking in his 50s in order to write this book. He is well equipped to deliver a hefty payload of cultural history, psychology, economics and computer science via the Trojan horse of true crime. His chronological big five hacks are springboards for the stories of pioneers such as Hungarian-American genius John von Neumann, whose invention of stored-program computing and theory of self-replicating automata made viruses possible, or a deft exploration of how virus writers exploit cognitive biases: unlike a worm, a virus is harmless until you click on it. “Computers are only as secure as the users who operate them,” Shapiro writes, “and the brain is extremely buggy.” Reading these stories of gullibility and incompetence, it seems miraculous that major data violations don’t happen all the time. Although one can no more abolish cybercrime than street crime, Shapiro concludes with several recommendations that would make it much more difficult.

His impish humour and freewheeling erudition suit a world saturated in pop culture: the words “virus” and “worm” were popularised by 1970s science fiction novels, while a prolific Bulgarian virus writer called Dark Avenger studded his creations with references to the music of Iron Maiden, and Paras Jha cut his teeth on Minecraft. Some hackers are agents of foreign powers; others are in it for the money; many just relish the notoriety. All of them have something in common with David Lightman: they see it as a game. Shapiro’s achievement is to tell you how it is played.

One of the most important figures in the history of cybersecurity is Matthew Broderick. In the 1983 movie WarGames he played David Lightman, a high-school computer whiz who hacks into the Norad defence system by mistake and almost sets off a thermonuclear war. The movie started a national conversation about the vulnerability of computers. President Reagan asked his security advisers: “Could something like this really happen?” Members of Congress screened clips in subcommittee hearings, leading to the first federal legislation on cybercrime. Before he was Ferris Bueller, Broderick was the fresh face of hacking.

Five years later, a Cornell graduate student named Robert Morris Jr designed a self-replicating “worm” to explore the network that connected the country’s computers, but made a crucial coding error. The worm grew too fast; the network crashed. The first person a horrified Morris alerted was his father, who happened to be one of the US government’s leading experts on data security. Media reports about this real-life David Lightman and his “Morris worm” introduced Americans to an unfamiliar word: the internet.

The title of Scott Shapiro’s lively history is a little too whimsical for my palate but it does advertise his technique of using vivid case studies to dramatise a technically complex subject, from the troubled 16-year-old boy who hacked Paris Hilton’s phone data in 2005 to the Russian cyberespionage group (that would be Fancy Bear) that exfiltrated Democratic party secrets during the 2016 presidential election campaign, an act that may have crossed the border separating espionage from cyberwar. “Hacking is about humans,” Shapiro writes. As he tracks down interviewees, analyses court transcripts and parses countless lines of malware code, why these people did it is as interesting to him as how.

The word “hacker” was coined to describe the brilliant, mischievous coding mavericks who clustered around AI pioneer Marvin Minsky at MIT in the 1960s. Only in the 1990s did it become synonymous with cybercriminal. The stereotype of the resentful young misanthrope wreaking mayhem from his parents’ house holds up fairly well, it seems. “I didn’t think of [victims] as real people,” said Paras Jha, who unleashed the devastating Mirai botnet in 2016, “because everything I did was online in a virtual world.” This is the only species of crime where a teenager can outwit a multinational corporation and cause as much damage as a nation state. While “hacker” retains an outlaw cool, the language of viruses and bugs suggest contamination and disease. Shapiro argues that all these terms are misleading but then talks of “zombie computers” dispatching “bot armies”. The field invites dramatic metaphors.

Shapiro is a Yale law professor who founded a short-lived database-construction company in the 1980s but left computing behind and only taught himself hacking in his 50s in order to write this book. He is well equipped to deliver a hefty payload of cultural history, psychology, economics and computer science via the Trojan horse of true crime. His chronological big five hacks are springboards for the stories of pioneers such as Hungarian-American genius John von Neumann, whose invention of stored-program computing and theory of self-replicating automata made viruses possible, or a deft exploration of how virus writers exploit cognitive biases: unlike a worm, a virus is harmless until you click on it. “Computers are only as secure as the users who operate them,” Shapiro writes, “and the brain is extremely buggy.” Reading these stories of gullibility and incompetence, it seems miraculous that major data violations don’t happen all the time. Although one can no more abolish cybercrime than street crime, Shapiro concludes with several recommendations that would make it much more difficult.

His impish humour and freewheeling erudition suit a world saturated in pop culture: the words “virus” and “worm” were popularised by 1970s science fiction novels, while a prolific Bulgarian virus writer called Dark Avenger studded his creations with references to the music of Iron Maiden, and Paras Jha cut his teeth on Minecraft. Some hackers are agents of foreign powers; others are in it for the money; many just relish the notoriety. All of them have something in common with David Lightman: they see it as a game. Shapiro’s achievement is to tell you how it is played.