China’s Cyberwarfare Capability (China in the 21st Century)

China's Cyberwarfare Capability (China in the 21st Century)The government of the People's Republic of China (PRC) is a decade into a sweeping military modernisation program that has fundamentally transformed its ability to fight high tech wars. The Chinese military, using increasingly networked forces capable of communicating across service arms and among all echelons of command, is pushing beyond its traditional missions focused on Taiwan and toward a more regional defence posture. This book presents a comprehensive open source assessment of China‘s capability to conduct computer network operations (CNO) both during peacetime and periods of conflict, and will hopefully serve as a useful reference to policymakers, China specialists, and information operations professionals.

Price: $43.00

Click here to buy from Amazon

Cyber Warriors at War

Cyber Warriors at WarDr. Berg P. Hyacinthe (PhD, Florida State University; LLD Candidate, Assas School of Law, CERSA-CNRS, La Sorbonne) is internationally recognized as an eminent and multidisciplinary scientific investigator. A U.S. patent holder featured in Harvard's Smithsonian/NASA Astrophysics Data System, Dr. Hyacinthe recently served as Assistant Professor and Scientific Advisor to Taibah University's Strategic Science & Advanced Technology Unit. Dr. Hyacinthe held several positions at County and State levels of the U.S Government in the Information Technology arena. He has been featured in conferences held at the U.S. Naval Postgraduate School, Monterey (author); Defence Academy of the United Kingdom, Shrivenham (invited session Chair); and National Defence College, Helsinki (session Chair). In CYBER WARRIORS AT WAR, he draws on the triangular relationship between technology, law, and Information Age warfare to propose solutions against potential charges of having committed Information Operations (IO) war crimes and/or IO crimes against humanity. According to Dr. Hyacinthe, the success of pre-emptive strikes and decisive military operations depends profoundly upon both reliable human intelligence and the versatile skills of 21st century “cyber warriors” whose IO activities are conducted through modern warfare's pentagonal synchrony – land, sea, air, cyberspace, and outer space. Unfortunately, these operations are commonly effectuated under a legal reasoning that is ambiguous in important ways: a threat to the national security of the United States of America and to the entire international community. Hence, as this Essay argues, the evolution of modern computer systems as weapons of war compels wary jurists to turn to the laws that should govern development and use of lethal information technologies. Further, this Essay examines how certain military operations within Information Warfare (IW) require new legal framework, and recounts specific events involving various types of IW conduct and cyber attack: an interesting exposé to jurists, military personnel, policymakers, and the growing and diverse body of information professionals around the world.

Price: $29.99

Click here to buy from Amazon

Die Kunst der Täuschung.

Die Kunst der TäuschungIn Die Kunst der Täuschungdreht sich alles um die Möglichkeit, jemandes Vertrauen mit Lügen zu erschleichen, um dieses Vertrauen dann zum eigenen Spaß und Vorteil zu missbrauchen. Hacker beschönigen dieses Vorgehen mit der Bezeichnung “soziales hacken” und der wohl bekannteste Hacker, Kevin Mitnick, analysiert in seinem Buch diese Technik mit zahlreichen Beispielszenarien.

Schon die ersten Dutzend Beispiele eignen sich, Sicherheitsbeauftragten von Unternehmen jede Lebenslust zu nehmen. Oft behauptet und mit diesem Buch erneut bestätigt: Menschliches Verhalten und die Sicherheitsvorkehrungen widersprechen sich grundsätzlich. Unternehmen sind dazu da, ein Produkt oder einen Service anzubieten und sind dabei auf freundliche und hilfsbereite Mitarbeiter angewiesen, um die Produkte oder Services an Frau und Mann zu bringen. Menschen sind sozial orientierte Tiere und brauchen Zuneigung und Anerkennung. Die menschliche Seite der Unternehmenssicherheit kontrollieren zu wollen, bedeutet, jemandem etwas vorzuenthalten. Das ist gleichbedeutend mit der versuchten Quadratur des Kreises.

Angesichts Mitnicks Ruf als Hacker-Guru ist bei einem Angriff der kleinste gemeinsame Nenner für Hacker, die sich der Sozialmanipulation bedienen, der Computer. Die meisten Szenarien in Die Kunst der Täuschung funktionieren ebenso bei computerfreien Organisationen und waren wahrscheinlich schon den Phöniziern bekannt. Die heutige Technik macht es jedoch schlichtweg einfacher. Telefonieren ist schneller als Briefe schreiben und große Organisationen sind gleichbedeutend mit vielen organisationsfremden Kontakten.

Viele der von Mitnick vorgeschlagenen Sicherheitstipps hören sich erst sinnvoll an, bis man darüber nachdenkt, wie man sie denn praktisch umsetzen kann. Denn dann fällt auf, dass wirkungsvollere Sicherheitsvorkehrungen gleichzeitig die Effizienz einer Organisation reduziert. Eine Gleichung, die in der konkurrenzbasierten Wirtschaft nicht aufgeht. Ganz abgesehen davon, dass niemand in einer Organisation arbeiten will, in der das oberste Gesetz “Traue niemandem” heißt. Mitnick zeigt auf, wie leicht Sicherheitsvorkehrungen durch Vertrauen aufs Spiel gesetzt werden. Ohne Vertrauen können Menschen jedoch nicht zusammenleben und -arbeiten. In der Realität müssen sich effektiv arbeitende Organisationen damit abfinden, dass absolute Sicherheit ein Mythos ist und nur bessere Versicherungen einen Ausweg aus dem Dilemma darstellen. –Steve Patient


Click here to buy from Amazon

The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability – CRS Report

The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability - CRS ReportIn September 2010, media reports emerged about a new form of cyber attack that appeared to target Iran, although the actual target, if any, is unknown. Through the use of thumb drives in computers that were not connected to the Internet, a malicious software program known as Stuxnet infected computer systems that were used to control the functioning of a nuclear power plant. Once inside the system, Stuxnet had the ability to degrade or destroy the software on which it operated. Although early reports focused on the impact on facilities in Iran, researchers discovered that the program had spread throughout multiple countries worldwide.

From the perspective of many national security and technology observers, the emergence of the Stuxnet worm is the type of risk that threatens to cause harm to many activities deemed critical to the basic functioning of modern society. The Stuxnet worm covertly attempts to identify and exploit equipment that controls a nation’s critical infrastructure. A successful attack by a software application such as the Stuxnet worm could result in manipulation of control system code to the point of inoperability or long-term damage. Should such an incident occur, recovery from the damage to the computer systems programmed to monitor and manage a facility and the physical equipment producing goods or services could be significantly delayed. Depending on the severity of the attack, the interconnected nature of the affected critical infrastructure facilities, and government preparation and response plans, entities and individuals relying on these facilities could be without life sustaining or comforting services for a long period of time. The resulting damage to the nation’s critical infrastructure could threaten many aspects of life, including the government’s ability to safeguard national security interests.

Iranian officials have claimed that Stuxnet caused only minor damage to its nuclear program, yet the potential impact of this type of malicious software could be far-reaching. The discovery of the Stuxnet worm has raised several issues for Congress, including the effect on national security, what the government’s response should be, whether an international treaty to curb the use of malicious software is necessary, and how such a treaty could be implemented. Congress may also consider the government’s role in protecting critical infrastructure and whether new authorities may be required for oversight.

Price: $0.99

Click here to buy from Amazon

Malicious Bots: An Inside Look into the Cyber-Criminal Underground of the Internet

Malicious Bots: An Inside Look into the Cyber-Criminal Underground of the InternetOriginally designed as neutral entities, computerized bots are increasingly being used maliciously by online criminals in mass spamming events, fraud, extortion, identity theft, and software theft. Malicious Bots: An Inside Look into the Cyber-Criminal Underground of the Internet explores the rise of dangerous bots and exposes the nefarious methods of  “botmasters”. This valuable resource assists information security managers in understanding the scope, sophistication, and criminal uses of bots.

With sufficient technical detail to empower IT professionals, this volume provides in-depth coverage of the top bot attacks against financial and government networks over the last several years. The book presents exclusive details of the operation of the notorious Thr34t Krew, one of the most malicious bot herder groups in recent history. Largely unidentified by anti-virus companies, their bots spread globally for months, launching massive distributed denial of service (DDoS) attacks and warez (stolen software distributions). For the first time, this story is publicly revealed, showing how the botherders got arrested, along with details on other bots in the world today. Unique descriptions of the criminal marketplace – how criminals make money off of your computer – are also a focus of this exclusive book!

With unprecedented detail, the book goes on to explain step-by-step how a hacker launches a botnet attack, providing specifics that only those entrenched in the cyber-crime investigation world could possibly offer.

Authors Ken Dunham and Jim Melnick serve on the front line of critical cyber-attacks and countermeasures as experts in the deployment of geopolitical and technical bots. Their work involves advising upper-level government officials and executives who control some of the largest networks in the world. By examining the methods of Internet predators, information security managers will be better able to proactively protect their own networks from such attacks.

Price: $69.95

Click here to buy from Amazon