Fancy Bear Goes Phishing

December 1, 2022

In this grand digital age of information, most of us still don't understand how technology works, which makes us vulnerable to cyberattacks. Director of the Yale Center for Law and Philosophy and its CyberSecurity Lab, Shapiro is here to explain why the internet is so vulnerable; how information is stored, used, and protected; and what we can do to protect ourselves. And that entails introducing us to some of the notorious hackers of the last decades.

Copyright 2022 Library Journal, LLC Used with permission.

February 20, 2023
Ingenious coding, buggy software, and gullibility take the spotlight in this colorful retrospective of hacking. Shapiro (Legality), director of the cybersecurity lab at Yale’s Center for Law and Philosophy, revisits spectacular computer intrusions and the characters responsible for them, including a Cornell grad student’s 1988 experiment gone awry that crashed the fledgling internet; the battle of wits between Bulgarian hacker Dark Avenger and the computer scientist who worked to defeat his destructive viruses; a Boston 16-year-old’s hacking of nude photos from Paris Hilton’s cellphone; and the exposure of Democratic National Committee emails during the 2016 U.S. presidential election by the Russian military’s Fancy Bear hacking team. He emphasizes the human forces behind the technology, describing the callow malevolence of hackers, the cognitive blind spots that phishing attacks manipulate to get people to click on bogus email links, and the reluctance of profit-hungry corporate executives to pay for cybersecurity. Shapiro’s snappy prose manages the extraordinary feat of describing hackers’ intricate coding tactics and the flaws they exploit in a way that is accessible and captivating even to readers who don’t know Python from JavaScript. The result is a fascinating look at the anarchic side of cyberspace.

March 15, 2023
A cybersecurity expert delves into the mechanics, psychology, and impact of computer hacking. Shapiro, a professor at Yale Law School and director of Yale's Center for Law and Philosophy and its CyberSecurity Lab, is well situated to explore the downside of the internet. In his latest book, the author looks at some famous cases and players in the shadowy archives of hacking--e.g., when a graduate student accidentally crashed the internet in the 1980s; the invention of the first mutating computer-virus engine by a Bulgarian with the handle Dark Avenger; and Fancy Bear, a group probably affiliated with Russian military intelligence, which broke into the Democratic National Committee system in 2016. Each of these illustrated a technical aspect of hacking, but taken together, they show the breadth of motivations. While some hacks are for money and espionage, most Americans hackers are young men who arrived at it through online game forums and started to do it for the technical challenge and to earn the respect of their peers. This profiling raises the possibility of early identification and recruitment into the cybersecurity side. However, Shapiro believes that hackers will always be a step ahead and that a "constant patch-and-pray" strategy will eventually lose. Instead, writes the author, cybersecurity measures must be built into computer systems from an early stage. As a possible template, he points to recent legislation in California that requires "devices connected to the internet sold or offered for sale in [the state] to have 'reasonable security features.' " Another avenue is to require corporations to report about their policies to manage cybersecurity risks. These are good ideas, but one suspects that the devil will be in the implementation details. Overall, this is an engrossing read, although there are parts that are dauntingly technical. Shapiro gives readers plenty to think about the next time they turn on their computers. An authoritative, disturbing examination of hacking, cybercrime, and techno-espionage.

COPYRIGHT(2023) Kirkus Reviews, ALL RIGHTS RESERVED.

April 15, 2023
Shapiro, philosophy professor at Yale Law School, set out to answer three questions: decades after the internet's invention, why does it remain so insecure? How do hackers access data from anywhere? What could be done in response to these vulnerabilities? Using five significant hacks, he outlines the history of the internet and the parallel evolution of hacking and cybercrime. Shapiro describes the Morris Worm, a self-replicating program that infected computers across the U.S. within hours of its release by a Cornell graduate student in 1988. He explains how weak security in T-Mobile's phones allowed a 16-year-old to steal Paris Hilton's cell phone data. Another example centers on how the Russian military intelligence unit Fancy Bear used phishing schemes to hack the DNC and Clinton campaign emails during the 2016 election. Shapiro explores cyberwar, the psychology of hackers, and the impact of tech giants such as Microsoft and AOL. Written for readers without deep technical backgrounds, this is an engaging and thought-provoking examination of the human elements of technology.

COPYRIGHT(2023) Booklist, ALL RIGHTS RESERVED.

July 14, 2023

Shapiro (law and philosophy, Yale Law School; Legality) tracks the history of hackers and their motivation. The book concentrates on the five most prevalent types of cybercrimes that involve attacking computers with viruses that spy, steal, and release personal and business information--a threat to individuals and businesses alike. The book chronicles only one U.S. government action to counter these tactics: the 1986 Computer Fraud and Abuse Act that made it a federal crime to engage in any unauthorized activity on government computers. Shapiro references research conducted by Oxford University sociologist Jonathan Lusthaus, who wanted to understand hackers' motivations. Lusthaus interviewed 250 people arrested for being cyberthieves in Eastern Europe and found that they there were not doing it for either altruistic or exploitive reasons. Instead, they were trying to test, refine, and improve their technical expertise in order to find jobs that paid enough in the cybersecurity field. VERDICT This introduction to the hacker history and hackers' incentives is a welcome addition for computers and technology collections. Will likely appeal to many types of readers.--Claude Ury

Copyright 2023 Library Journal, LLC Used with permission.