Brian Krebs

23 results back to index


pages: 523 words: 154,042

Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks by Scott J. Shapiro

3D printing, 4chan, active measures, address space layout randomization, air gap, Airbnb, Alan Turing: On Computable Numbers, with an Application to the Entscheidungsproblem, availability heuristic, Bernie Sanders, bitcoin, blockchain, borderless world, Brian Krebs, business logic, call centre, carbon tax, Cass Sunstein, cellular automata, cloud computing, cognitive dissonance, commoditize, Compatible Time-Sharing System, Computing Machinery and Intelligence, coronavirus, COVID-19, CRISPR, cryptocurrency, cyber-physical system, Daniel Kahneman / Amos Tversky, Debian, Dennis Ritchie, disinformation, Donald Trump, double helix, Dr. Strangelove, dumpster diving, Edward Snowden, en.wikipedia.org, Evgeny Morozov, evil maid attack, facts on the ground, false flag, feminist movement, Gabriella Coleman, gig economy, Hacker News, independent contractor, information security, Internet Archive, Internet of things, invisible hand, John Markoff, John von Neumann, Julian Assange, Ken Thompson, Larry Ellison, Laura Poitras, Linda problem, loss aversion, macro virus, Marc Andreessen, Mark Zuckerberg, Menlo Park, meta-analysis, Minecraft, Morris worm, Multics, PalmPilot, Paul Graham, pirate software, pre–internet, QWERTY keyboard, Ralph Nader, RAND corporation, ransomware, Reflections on Trusting Trust, Richard Stallman, Richard Thaler, Ronald Reagan, Satoshi Nakamoto, security theater, Shoshana Zuboff, side hustle, Silicon Valley, Skype, SoftBank, SQL injection, Steve Ballmer, Steve Jobs, Steven Levy, Stuxnet, supply-chain attack, surveillance capitalism, systems thinking, TaskRabbit, tech billionaire, tech worker, technological solutionism, the Cathedral and the Bazaar, the new new thing, the payments system, Turing machine, Turing test, Unsafe at Any Speed, vertical integration, Von Neumann architecture, Wargames Reagan, WarGames: Global Thermonuclear War, Wayback Machine, web application, WikiLeaks, winner-take-all economy, young professional, zero day, éminence grise

Moreover, the court orders in this case are currently “under seal,” meaning that they are secret. Just like hackers, FBI agents hide their tracks. But from public reporting we know that Peterson’s team got its break in the usual way—from a Mirai victim. The September 25 barrage on Brian Krebs’s blog enabled Google to record the location of every bot that had attacked it. Brian Krebs gave Google permission to share the location information with the FBI. With this information, the Anchorage cyber squad found the IP addresses of Mirai-infected devices in Alaska. To locate these devices, however, the agents needed more than IP addresses.

another assault on Rutgers: Katie Park, “Rutgers Network Crumples Under Siege by DDoS Attack,” The Daily Targum, March 30, 2015, https://dailytargum.com/article/2015/03/rutgers-network-crumples-under-siege-by-ddos-attack. a friend later reported: Brian Krebs, “Who Is Anna-Senpai, the Mirai Worm Author?,” Krebs on Security, January 18, 2017, krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author. conceal his identity: The post is here: “@Rutgers Community,” Pastebin, April 29, 2015, pastebin.com/9d0vRep8. Brian Krebs connected the post to Paras. See Krebs, “Who Is Anna-Senpai?” fourth attack on the Rutgers: Kelly Heyboer, “Who Hacked Rutgers: University Spending up to $3M to Stop Next Cyber Attack,” NJ.Com, August 23, 2015, https://www.nj.com/education/2015/08/who_hacked_rutgers_university_spending_up_to_3m_to.html.

Here’s What That Means,” The Washington Post, August 27, 2013. distributed zombie computers: Ellen Messmer, “Experts Link Flood of ‘Canadian Pharmacy’ Spam to Russian Botnet Criminals,” The New York Times, July 16, 2009. over three years: Brian Krebs, “Top Spam Botnet, ‘Grum,’ Unplugged,” Krebs on Security, July 19, 2012, krebsonsecurity.com/2012/07/top-spam-botnet-grum-unplugged; Brian Krebs, “Who’s Behind the World’s Largest Spam Botnet?,” Krebs on Security, February 1, 2012, http://krebsonsecurity.com/2012/02/whos-behind-the-worlds-largest-spam-botnet. issuing orders: Two main kinds of botnets are Server-Client, where the botmaster directly controls the bots through a C2, and Peer-to-Peer, where the botmaster uses the bots themselves to relay orders.


pages: 677 words: 206,548

Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It by Marc Goodman

23andMe, 3D printing, active measures, additive manufacturing, Affordable Care Act / Obamacare, Airbnb, airport security, Albert Einstein, algorithmic trading, Alvin Toffler, Apollo 11, Apollo 13, artificial general intelligence, Asilomar, Asilomar Conference on Recombinant DNA, augmented reality, autonomous vehicles, Baxter: Rethink Robotics, Bill Joy: nanobots, bitcoin, Black Swan, blockchain, borderless world, Boston Dynamics, Brian Krebs, business process, butterfly effect, call centre, Charles Lindbergh, Chelsea Manning, Citizen Lab, cloud computing, Cody Wilson, cognitive dissonance, computer vision, connected car, corporate governance, crowdsourcing, cryptocurrency, data acquisition, data is the new oil, data science, Dean Kamen, deep learning, DeepMind, digital rights, disinformation, disintermediation, Dogecoin, don't be evil, double helix, Downton Abbey, driverless car, drone strike, Edward Snowden, Elon Musk, Erik Brynjolfsson, Evgeny Morozov, Filter Bubble, Firefox, Flash crash, Free Software Foundation, future of work, game design, gamification, global pandemic, Google Chrome, Google Earth, Google Glasses, Gordon Gekko, Hacker News, high net worth, High speed trading, hive mind, Howard Rheingold, hypertext link, illegal immigration, impulse control, industrial robot, information security, Intergovernmental Panel on Climate Change (IPCC), Internet of things, Jaron Lanier, Jeff Bezos, job automation, John Harrison: Longitude, John Markoff, Joi Ito, Jony Ive, Julian Assange, Kevin Kelly, Khan Academy, Kickstarter, Kiva Systems, knowledge worker, Kuwabatake Sanjuro: assassination market, Large Hadron Collider, Larry Ellison, Laura Poitras, Law of Accelerating Returns, Lean Startup, license plate recognition, lifelogging, litecoin, low earth orbit, M-Pesa, machine translation, Mark Zuckerberg, Marshall McLuhan, Menlo Park, Metcalfe’s law, MITM: man-in-the-middle, mobile money, more computing power than Apollo, move fast and break things, Nate Silver, national security letter, natural language processing, Nick Bostrom, obamacare, Occupy movement, Oculus Rift, off grid, off-the-grid, offshore financial centre, operational security, optical character recognition, Parag Khanna, pattern recognition, peer-to-peer, personalized medicine, Peter H. Diamandis: Planetary Resources, Peter Thiel, pre–internet, printed gun, RAND corporation, ransomware, Ray Kurzweil, Recombinant DNA, refrigerator car, RFID, ride hailing / ride sharing, Rodney Brooks, Ross Ulbricht, Russell Brand, Salesforce, Satoshi Nakamoto, Second Machine Age, security theater, self-driving car, shareholder value, Sheryl Sandberg, Silicon Valley, Silicon Valley startup, SimCity, Skype, smart cities, smart grid, smart meter, Snapchat, social graph, SoftBank, software as a service, speech recognition, stealth mode startup, Stephen Hawking, Steve Jobs, Steve Wozniak, strong AI, Stuxnet, subscription business, supply-chain management, synthetic biology, tech worker, technological singularity, TED Talk, telepresence, telepresence robot, Tesla Model S, The future is already here, The Future of Employment, the long tail, The Wisdom of Crowds, Tim Cook: Apple, trade route, uranium enrichment, Virgin Galactic, Wall-E, warehouse robotics, Watson beat the top human players on Jeopardy!, Wave and Pay, We are Anonymous. We are Legion, web application, Westphalian system, WikiLeaks, Y Combinator, you are the product, zero day

Deep Web Harvesting,” BrightPlanet, July 31, 2013. 15 Whereas Silk Road: Andy Greenberg, “Inside the ‘DarkMarket’ Prototype, a Silk Road the FBI Can Never Seize,” Wired, April 24, 2014. 202 To that end, in mid-2014: Kim Zetter, “New ‘Google’ for the Dark Web Makes Buying Dope and Guns Easy,” Wired, April 17, 2014. 16 Certain criminal forums: Michael Riley, “Stolen Credit Cards Go for $3.50 at Amazon-Like Online Bazaar,” Bloomberg, Dec. 19, 2011. 17 Numerous illicit “torrents”: Ernesto, May 18, 2008, blog on TorrentFreak, accessed on June 27, 2014. 18 Another such site: “Inside the Mansion—and Mind—of Kim Dotcom, the Most Wanted Man on the Net,” Wired, Oct. 18, 2012. 19 Not only do they sell: Beth Stebner, “The Most Dangerous Drug in the World: ‘Devil’s Breath’ Chemical from Colombia Can Block Free Will, Wipe Memory, and Even Kill,” Mail Online, May 12, 2012. 20 Tor hidden sites: Forward-Looking Threat Research Team, “Deepweb and Cybercrime,” Trend Micro, 2013, 16. 21 Once stolen: Brian Krebs, “Peek Inside a Professional Carding Shop,” Krebs on Security, June 4, 2014. 22 Given the vast amounts: Max Goncharov, “Russian Underground Revisited,” Forward-Looking Threat Research Team, Trend Micro Research Paper. 23 The cards are sold: Brian Krebs, “Cards Stolen in Target Breach Flood Underground Markets,” Krebs on Security, Dec. 20, 2013; Dancho Danchev, “Exposing the Market for Stolen Credit Cards Data,” Dancho Danchev’s Blog, Oct. 31, 2011; “Meet the Hackers,” Bloomberg Businessweek, May 28, 2006; David S.

Millman, “Cybercriminals Work in a Sophisticated Market Structure,” Wall Street Journal, June 27, 2013. 79 Worse, it was the tool of choice: Dana Liebelson, “All About Blackshades, the Malware That Lets Hackers Watch You Through Your Webcam,” Mother Jones, May 21, 2014. 80 So good was the Blackshades RAT: “Syrian Activists Targeted with BlackShades Spy Software,” The Citizen Lab, June 19, 2012. 81 The rewards, however: Gregg Keizer, “Google to Pay Bounties for Chrome Browser Bugs,” Computerworld, Jan. 29, 2010. 82 Not to be outdone: Brian Krebs, “Meet Paunch: The Accused Author of the BlackHole Exploit Kit,” Krebs on Security, Dec. 6, 2013. 83 Dark Net chat rooms: Nicole Perlroth and David E. Sanger, “Nations Buying as Hackers Sell Flaws in Computer Code,” New York Times, July 13, 2013. 84 In 2012, the Grugq sold: Andy Greenberg, “Shopping for Zero-Days: A Price List For Hackers’ Secret Software Exploits,” Forbes, March 23, 2012. 85 Companies such as Vupen: Brian Krebs, “How Many Zero-Days Hit You Today,” Krebs on Security, Dec. 13, 2013. 86 The result, as pointed out: Josh Sanburn, “How Exactly Do Cyber Criminals Steal $78 Million?

Armed with all the details they needed, the hackers burrowed like rats through a multitude of interconnected networks until they arrived at the company’s internal server responsible for controlling the tens of thousands of individual point-of-sale terminals where customers swipe their credit cards at the register. Once there, attackers installed malware known as Trojan.​POSRAM, which copied all the card swipes taking place throughout Target stores nationwide and secretly exfiltrated the data to Russia, a breathtaking fraud that continued until the story was broken by the security researcher Brian Krebs. No doubt the Target attack is the highest-profile penetration of an HVAC system to date, but it is not the only one. We might like to believe that the government could do a better job in protecting its buildings from remote attacks, but evidence does not seem to suggest that is the case, even at those facilities one might expect to be among the most secure.


pages: 252 words: 75,349

Spam Nation: The Inside Story of Organized Cybercrime-From Global Epidemic to Your Front Door by Brian Krebs

barriers to entry, bitcoin, Brian Krebs, cashless society, defense in depth, Donald Trump, drop ship, employer provided health coverage, independent contractor, information security, John Markoff, mutually assured destruction, offshore financial centre, operational security, payday loans, pirate software, placebo effect, ransomware, seminal paper, Silicon Valley, Stuxnet, the payments system, transaction costs, web application

At Sourcebooks we believe one thing: BOOKS CHANGE LIVES. We would love to invite you to receive exclusive rewards. Sign up now for VIP savings, bonus content, early access to new ideas we're developing, and sneak peeks at our hottest titles! Happy reading! SIGN UP NOW! For my BizMgr Copyright © 2014 by Brian Krebs Cover and internal design © 2014 by Sourcebooks, Inc. Cover design by The Book Designers Sourcebooks and the colophon are registered trademarks of Sourcebooks, Inc. All rights reserved. No part of this book may be reproduced in any form or by any electronic or mechanical means including information storage and retrieval systems—except in the case of brief quotations embodied in critical articles or reviews—without permission in writing from its publisher, Sourcebooks, Inc.

Published by Sourcebooks, Inc. P.O. Box 4410, Naperville, Illinois 60567-4410 (630) 961-3900 Fax: (630) 961-2168 www.sourcebooks.com Library of Congress Cataloging-in-Publication Data Krebs, Brian. Spam nation : the inside story of organized cybercrime—from global epidemic to your front door / Brian Krebs. pages cm 1. Computer crimes—United States. 2. Internet fraud—United States. 3. Spam (Electronic mail) 4. Phishing. 5. Organized crime—United States. I. Title. HV6773.2.K74 2014 364.16’80973—dc23 2014023007 CONTENTS Chapter 1: Parasite Chapter 2: Bulletproof Chapter 3: The Pharma Wars Chapter 4: Meet the Buyers Chapter 5: Russian Roulette Chapter 6: Partner(ka)s in (Dis)Organized Crime Chapter 7: Meet the Spammers Chapter 8: Old Friends, Bitter Enemies Chapter 9: Meeting in Moscow Chapter 10: The Antis Chapter 11: Takedown Chapter 12: Endgame Epilogue: A Spam-Free World: How You Can Protect Yourself from Cybercrime Acknowledgments Sources About the Author WHO’S WHO IN THE CYBERWORLD PAVEL VRUBLEVSKY, a.k.a “RedEye”—Cofounder of ChronoPay, a high-risk card processor and payment service provider that was closely tied to the rogue antivirus industry.

The message read, in part: And in conclusion we would like to add, that while paragraph 1 of our rules has never been taken seriously before and was written as a joke, but related to recent events we would like to know how it was possible that five (5!) reputable experts-agents (including NASA experts and Mr. Brian Krebs) from the USA (where every tenth person speaks Russian, source: Wikipedia), could not figure out that on Crutop.nu in the SPAM sub-forum, discussions have nothing to do with mail spam or other cybercrimes? The story on Vrublevsky and ChronoPay’s key role in 3FN finally ran more than four months after I turned it in.


pages: 443 words: 116,832

The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics by Ben Buchanan

active measures, air gap, Bernie Sanders, bitcoin, blockchain, borderless world, Brian Krebs, British Empire, Cass Sunstein, citizen journalism, Citizen Lab, credit crunch, cryptocurrency, cuban missile crisis, data acquisition, disinformation, Donald Trump, drone strike, Edward Snowden, fake news, family office, Hacker News, hive mind, information security, Internet Archive, Jacob Appelbaum, John Markoff, John von Neumann, Julian Assange, Kevin Roose, Kickstarter, kremlinology, Laura Poitras, MITM: man-in-the-middle, Nate Silver, operational security, post-truth, profit motive, RAND corporation, ransomware, risk tolerance, Robert Hanssen: Double agent, rolodex, Ronald Reagan, Russian election interference, seminal paper, Silicon Valley, South China Sea, Steve Jobs, Stuxnet, subscription business, technoutopianism, undersea cable, uranium enrichment, Vladimir Vetrov: Farewell Dossier, Wargames Reagan, WikiLeaks, zero day

Mark Mazzetti and David Sanger, “U.S. Fears Data Stolen by Chinese Hacker Could Identify Spies,” New York Times, July 24, 2015. 45. Nakashima, “Hacks of OPM Databases Compromised 22.1 Million People.” 46. Brian Krebs, “China to Blame in Anthem Hack?” Krebs on Security, February 6, 2015; United States of America v. Fujie Wang, John Doe, US District Court Southern District of Indiana, indictment filed May 7, 2019. 47. Brian Krebs, “Premera Blue Cross Breach Exposes Financial, Medical Records,” Krebs on Security, March 17, 2015. 48. Krebs, “China to Blame in Anthem Hack?” 49. Aruna Viswanatha and Kate O’Keefe, “Before It Was Hacked, Equifax Had a Different Fear: Chinese Spying,” Wall Street Journal, September 12, 2018. 50.

Sergei Shevchenko, Hirman Muhammad bin Abu Bakar, and James Wong, “Taiwan Heist: Lazarus Tools and Ransomware,” BAE Systems blog, October 16, 2017. For local reporting on the case, see “Shalila Moonasinghe Removed as Litro Gas Chairman,” Daily News, October 11, 2017. 32. Taipei Times Staff, “Lai Orders Information Security Review,” Taipei Times, October 8, 2017. 33. Brian Krebs, “Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M,” Krebs on Security, July 24, 2018. 34. Brian Krebs, “FBI Warns of ‘Unlimited’ ATM Cashout Blitz,” Krebs on Security, August 12, 2018. 35. The best discussion of the mechanics of the entire Cosmos case comes from Saher Naumaan, a central member of the BAE team. See Saher Naumaan, “Lazarus On The Rise: Insights from SWIFT Bank Attacks,” presentation to BSides Belfast 2018, Belfast, Ireland, September 27, 2018; Adrian Nish and Saher Naumaan, “The Cyber Threat Landscape: Confronting Challenges to the Financial System,” Carnegie Endowment for International Peace, paper, March 25, 2019. 36.

He contacted Realtek, the company whose digital certificate Stuxnet had illicitly used, and was met with similar silence. It was only after he and his colleagues began posting analysis online that the cybersecurity community started to take notice.27 In July 2010, the well-respected journalist Brian Krebs wrote a small story about one of the exploits at the core of the worm.28 After that, Microsoft started examining the malicious code, as did other cybersecurity companies.29 One of those companies was Symantec, a large American firm. Unlike VirusBlokAda, Symantec had the resources to do a major investigation into the code, which it called Stuxnet, a word made up by combining some of the attackers’ file names.


pages: 448 words: 117,325

Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World by Bruce Schneier

23andMe, 3D printing, air gap, algorithmic bias, autonomous vehicles, barriers to entry, Big Tech, bitcoin, blockchain, Brian Krebs, business process, Citizen Lab, cloud computing, cognitive bias, computer vision, connected car, corporate governance, crowdsourcing, cryptocurrency, cuban missile crisis, Daniel Kahneman / Amos Tversky, David Heinemeier Hansson, disinformation, Donald Trump, driverless car, drone strike, Edward Snowden, Elon Musk, end-to-end encryption, fault tolerance, Firefox, Flash crash, George Akerlof, incognito mode, industrial robot, information asymmetry, information security, Internet of things, invention of radio, job automation, job satisfaction, John Gilmore, John Markoff, Kevin Kelly, license plate recognition, loose coupling, market design, medical malpractice, Minecraft, MITM: man-in-the-middle, move fast and break things, national security letter, Network effects, Nick Bostrom, NSO Group, pattern recognition, precautionary principle, printed gun, profit maximization, Ralph Nader, RAND corporation, ransomware, real-name policy, Rodney Brooks, Ross Ulbricht, security theater, self-driving car, Seymour Hersh, Shoshana Zuboff, Silicon Valley, smart cities, smart transportation, Snapchat, sparse data, Stanislav Petrov, Stephen Hawking, Stuxnet, supply-chain attack, surveillance capitalism, The Market for Lemons, Timothy McVeigh, too big to fail, Uber for X, Unsafe at Any Speed, uranium enrichment, Valery Gerasimov, Wayback Machine, web application, WikiLeaks, Yochai Benkler, zero day

Blair et al. (22 Feb 2017), “Update to the IP Commission Report: The theft of American intellectual property: Reassessments of the challenge and United States Policy,” National Bureau of Asian Research, http://www.ipcommission.org/report/IP_Commission_Report_Update_2017.pdf. 75A thief pretends to be: Federal Bureau of Investigation (14 Jun 2016), “Business e-mail compromise: The 3.1 billion dollar scam,” https://www.ic3.gov/media/2016/160614.aspx. Brian Krebs (23 Jun 2016), “FBI: Extortion, CEO fraud among top online fraud complaints in 2016,” Krebs on Security, https://krebsonsecurity.com/2017/06/fbi-extortion-ceo-fraud-among-top-online-fraud-complaints-in-2016. 75Or to divert the proceeds: Kenneth R. Harney (31 Mar 2016), “Scary new scam could swipe all your closing money,” Chicago Tribune, http://www.chicagotribune.com/classified/realestate/ct-re-0403-kenneth-harney-column-20160331-column.html. 75Turns out that the answer is: plenty: Brian Krebs (12 Oct 2012), “The scrap value of a hacked PC, revisited,” Krebs on Security, https://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited. 75Botnets can be used for all sorts of things: Dan Goodin (2 Feb 2018), “Cryptocurrency botnets are rendering some companies unable to operate,” Ars Technica, https://arstechnica.com/information-technology/2018/02/cryptocurrency-botnets-generate-millions-but-exact-huge-cost-on-victims. 75Hackers use bots to commit click fraud: White Ops (20 Dec 2016), “The Methbot operation,” https://www.whiteops.com/hubfs/Resources/WO_Methbot_Operation_WP.pdf. 76“The CaaS model provides easy access”: Rob Wainwright et al. (15 Mar 2017), “European Union serious and organized crime threat assessment: Crime in the age of technology,” Europol, https://www.europol.europa.eu/activities-services/main-reports/european-union-serious-and-organised-crime-threat-assessment-2017. 76They sell hacking tools: Nicolas Rapp and Robert Hackett (25 Oct 2017), “A hacker’s tool kit,” Fortune, http://fortune.com/2017/10/25/cybercrime-spyware-marketplace.

v=bDJb8WOJYdA (video), https://www.usenix.org/sites/default/files/conference/protected-files/enigma_slides_joyce.pdf (slides). 45It’s how the Chinese hackers breached: Brendan I. Koerner (23 Oct 2016), “Inside the cyberattack that shocked the U.S. government,” Wired, https://www.wired.com/2016/10/inside-cyberattack-shocked-us-government. 45The 2014 criminal attack against Target Corporation: Brian Krebs (5 Feb 2014), “Target hackers broke in via HVAC company,” Krebs on Security, https://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company. 45From 2011 to 2014, Iranian hackers stole: Jim Finkle (29 May 2014), “Iranian hackers use fake Facebook accounts to spy on U.S., others,” Reuters, http://www.reuters.com/article/iran-hackers/iranian-hackers-use-fake-facebook-accounts-to-spy-on-u-s-others-idUSL1N0OE2CU20140529. 45The 2015 hacktivist who broke into: Lorenzo Franceschi-Bicchierai (15 Apr 2016), “The vigilante who hacked Hacking Team explains how he did it,” Vice Motherboard, https://motherboard.vice.com/en_us/article/3dad3n/the-vigilante-who-hacked-hacking-team-explains-how-he-did-it. 45And the 2016 Russian attacks against: David E.

journalCode=isec. 73“I think both China and the United States”: Gideon Rachman (5 Jan 2017), “Axis of power,” New World, BBC Radio 4, http://www.bbc.co.uk/programmes/b086tfbh. 73“We have better cyber rocks to throw”: This quote is attributed to several people, but this is the earliest citation I could find: Fred Kaplan (12 Dec 2016), “How the U.S. could respond to Russia’s hacking,” Slate, http://www.slate.com/articles/news_and_politics/war_stories/2016/12/the_u_s_response_to_russia_s_hacking_has_consequences_for_the_future_of.html. 74In early 2018, the Indiana hospital Hancock Health: Charlie Osborne (17 Jan 2018), “US hospital pays $55,000 to hackers after ransomware attack,” ZDNet, http://www.zdnet.com/article/us-hospital-pays-55000-to-ransomware-operators. 74Ransomware is increasingly common: Brian Krebs (16 Sep 2016), “Ransomware getting more targeted, expensive,” Krebs on Security, https://krebsonsecurity.com/2016/09/ransomware-getting-more-targeted-expensive. 74Kaspersky Lab reported: Kaspersky Lab (28 Nov 2016), “Story of the year: The ransomware revolution,” Kaspersky Security Bulletin 2016, https://media.kaspersky.com/en/business-security/kaspersky-story-of-the-year-ransomware-revolution.pdf. 74Symantec found that average ransom amounts: Symantec Corporation (19 Jul 2016), “Ransomware and businesses 2016,” https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/ISTR2016_Ransomware_and_Businesses.pdf.


pages: 598 words: 134,339

Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World by Bruce Schneier

23andMe, Airbnb, airport security, AltaVista, Anne Wojcicki, AOL-Time Warner, augmented reality, behavioural economics, Benjamin Mako Hill, Black Swan, Boris Johnson, Brewster Kahle, Brian Krebs, call centre, Cass Sunstein, Chelsea Manning, citizen journalism, Citizen Lab, cloud computing, congestion charging, data science, digital rights, disintermediation, drone strike, Eben Moglen, Edward Snowden, end-to-end encryption, Evgeny Morozov, experimental subject, failed state, fault tolerance, Ferguson, Missouri, Filter Bubble, Firefox, friendly fire, Google Chrome, Google Glasses, heat death of the universe, hindsight bias, informal economy, information security, Internet Archive, Internet of things, Jacob Appelbaum, James Bridle, Jaron Lanier, John Gilmore, John Markoff, Julian Assange, Kevin Kelly, Laura Poitras, license plate recognition, lifelogging, linked data, Lyft, Mark Zuckerberg, moral panic, Nash equilibrium, Nate Silver, national security letter, Network effects, Occupy movement, operational security, Panopticon Jeremy Bentham, payday loans, pre–internet, price discrimination, profit motive, race to the bottom, RAND corporation, real-name policy, recommendation engine, RFID, Ross Ulbricht, satellite internet, self-driving car, Shoshana Zuboff, Silicon Valley, Skype, smart cities, smart grid, Snapchat, social graph, software as a service, South China Sea, sparse data, stealth mode startup, Steven Levy, Stuxnet, TaskRabbit, technological determinism, telemarketer, Tim Cook: Apple, transaction costs, Uber and Lyft, uber lyft, undersea cable, unit 8200, urban planning, Wayback Machine, WikiLeaks, workplace surveillance , Yochai Benkler, yottabyte, zero day

Lance Duroni (3 Apr 2014), “JPML centralizes Target data breach suits in Minn.,” Law360, http://www.law360.com/articles/524968/jpml-centralizes-target-data-breach-suits-in-minn. banks are being sued: Brian Krebs (8 Jan 2014), “Firm bankrupted by cyberheist sues bank,” Krebs on Security, http://krebsonsecurity.com/2014/01/firm-bankrupted-by-cyberheist-sues-bank. Brian Krebs (20 Jun 2014), “Oil Co. wins $350,000 cyberheist settlement,” Krebs on Security, http://krebsonsecurity.com/2014/06/oil-co-wins-350000-cyberheist-settlement. Brian Krebs (13 Aug 2014), “Tenn. firm sues bank over $327K cyberheist,” Krebs on Security, http://krebsonsecurity.com/2014/08/tenn-utility-sues-bank-over-327k-cyberheist.

NSA’s BULLRUN program: James Ball, Julian Borger, and Glenn Greenwald (5 Sep 2013), “Revealed: How US and UK spy agencies defeat internet privacy and security,” Guardian, http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security. Nicole Perlroth, Jeff Larson, and Scott Shane (5 Sep 2013), “N.S.A. able to foil basic safeguards of privacy on Web,” New York Times, http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html. British, Russian, Israeli: Brian Krebs (28 May 2014), “Backdoor in call monitoring, surveillance gear,” Krebs on Security, http://krebsonsecurity.com/2014/05/backdoor-in-call-monitoring-surveillance-gear. they have employees secretly: Peter Maass and Laura Poitras (10 Oct 2014), “Core secrets: NSA saboteurs in China and Germany,” Intercept, https://firstlook.org/theintercept/2014/10/10/core-secrets.

NSA’s term is: NSA whistleblower Bill Binney described it thus: “… when you can’t use the data, you have to go out and do a parallel construction, [which] means you use what you would normally consider to be investigative techniques, [and] go find the data. You have a little hint, though. NSA is telling you where the data is … .” Alexa O’Brien (30 Sep 2014), “Retired NSA technical director explains Snowden docs,” Second Sight, http://www.alexaobrien.com/secondsight/wb/binney.html. Dread Pirate Roberts: Brian Krebs (14 Oct 2014), “Silk Road lawyers poke holes in FBI’s story,” Krebs on Security, http://krebsonsecurity.com/2014/10/silk-road-lawyers-poke-holes-in-fbis-story. surveillance intended to nab terrorists: Rob Evans and Paul Lewis (26 Oct 2009), “Police forces challenged over files held on law-abiding protesters,” Guardian, http://www.theguardian.com/uk/2009/oct/26/police-challenged-protest-files.


pages: 322 words: 84,752

Pax Technica: How the Internet of Things May Set Us Free or Lock Us Up by Philip N. Howard

Aaron Swartz, Affordable Care Act / Obamacare, Berlin Wall, bitcoin, blood diamond, Bretton Woods, Brian Krebs, British Empire, butter production in bangladesh, call centre, Chelsea Manning, citizen journalism, Citizen Lab, clean water, cloud computing, corporate social responsibility, creative destruction, crowdsourcing, digital map, Edward Snowden, en.wikipedia.org, Evgeny Morozov, failed state, Fall of the Berlin Wall, feminist movement, Filter Bubble, Firefox, Francis Fukuyama: the end of history, Google Earth, Hacker News, Howard Rheingold, income inequality, informal economy, information security, Internet of things, John Perry Barlow, Julian Assange, Kibera, Kickstarter, land reform, M-Pesa, Marshall McLuhan, megacity, Mikhail Gorbachev, mobile money, Mohammed Bouazizi, national security letter, Nelson Mandela, Network effects, obamacare, Occupy movement, off-the-grid, packet switching, pension reform, prediction markets, sentiment analysis, Silicon Valley, Skype, spectrum auction, statistical model, Stuxnet, Tactical Technology Collective, technological determinism, trade route, Twitter Arab Spring, undersea cable, uranium enrichment, WikiLeaks, zero day

York, “Syria’s Twitter Spambots,” Guardian, April 21, 2011, accessed September 30, 2014, http://www.theguardian.com/commentisfree/2011/apr/21/syria-twitter-spambots-pro-revolution. 37. Qtiesh, “Spam Bots Flooding Twitter to Drown Info About #Syria Protests.” 38. Brian Krebs, “Twitter Bots Drown Out Anti-Kremlin Tweets,” Krebs on Security, December 8, 2011, accessed September 30, 2014, http://krebsonsecurity.com/2011/12/twitter-bots-drown-out-anti-kremlin-tweets/;Mike Orcutt, “Twitter Mischief Plagues Mexico’s Election,” MIT Technology Review, June 21, 2012, accessed September 30, 2014, http://www.technologyreview.com/news/428286/twitter-mischief-plagues-mexicos-election/; Brian Krebs, “Twitter Bots Target Tibetan Protests,” Krebs on Security, March 20, 2012, accessed September 30, 2014, http://krebsonsecurity.com/2012/03/twitter-bots-target-tibetan-protests/; Torin Peel, “The Coalition’s Twitter Fraud and Deception,” Independent Australia, August 26, 2013, accessed September 30, 2014, http://www.independentaustralia.net/politics/politics-display/the-coalitions-twitter-fraud-and-deception,5660; “Jasper Admits to Using Twitter Bots to Drive Election Bid,” Inside Croydon, November 26, 2012, accessed September 30, 2014, http://insidecroydon.com/2012/11/26/jasper-admits-to-using-twitter-bots-to-drive-election-bid/; W.

“A Call to Harm: New Malware Attacks Target the Syrian Opposition,” Citizen Lab, June 21, 2013, accessed September 30, 2014, https://citizenlab.org/2013/06/a-call-to-harm/. 28. Alex Cheng and Mark Evans, Inside Twitter: An In-Depth Look at the 5% of Most Active Users (Toronto: Sysomos, August 2009), accessed September 30, 2014, http://www.sysomos.com/insidetwitter/mostactiveusers/. 29. Brian Krebs, “Twitter Bots Target Tibetan Protests,” Krebs on Security, March 20, 2012, accessed September 30, 2014, http://krebsonsecurity.com/2012/03/twitter-bots-target-tibetan-protests/. 30. Mike Orcutt, “Twitter Mischief Plagues Mexico’s Election,” MIT Technology Review, June 21, 2012, accessed September 30, 2014, http://www.technologyreview.com/news/428286/twitter-mischief-plagues-mexicos-election/. 31.

Dean Nelson, “China ‘Hacking Websites in Hunt for Tibetan Dissidents,’” Telegraph, August 13, 2013, accessed September 30, 2014, http://www.telegraph.co.uk/news/worldnews/asia/china/10240404/China-hacking-websites-in-hunt-for-Tibetan-dissidents.html. 28. Iain Thomson, “AntiLeaks Boss: We’ll Keep Pummeling WikiLeaks and Assange,” Register, August 13, 2012, accessed September 30, 2014, http://www.theregister.co.uk/2012/08/13/antileaks_wikileaks_attack_response/. 29. Brian Krebs, “Amnesty International Site Serving Java Exploit,” Krebs on Security, December 22, 2011, accessed September 30, 2014, http://krebsonsecurity.com/2011/12/amnesty-international-site-serving-java-exploit/. 30. @indiankanoon, “IK Servers Are Getting DDoSed Using the DNS Reflection Attack,” Indian Kanoon (October 19, 2013), accessed September 30, 2014, https://twitter.com/indiankanoon/status/391497714451492865. 31.


Engineering Security by Peter Gutmann

active measures, address space layout randomization, air gap, algorithmic trading, Amazon Web Services, Asperger Syndrome, bank run, barriers to entry, bitcoin, Brian Krebs, business process, call centre, card file, cloud computing, cognitive bias, cognitive dissonance, cognitive load, combinatorial explosion, Credit Default Swap, crowdsourcing, cryptocurrency, Daniel Kahneman / Amos Tversky, Debian, domain-specific language, Donald Davies, Donald Knuth, double helix, Dr. Strangelove, Dunning–Kruger effect, en.wikipedia.org, endowment effect, false flag, fault tolerance, Firefox, fundamental attribution error, George Akerlof, glass ceiling, GnuPG, Google Chrome, Hacker News, information security, iterative process, Jacob Appelbaum, Jane Jacobs, Jeff Bezos, John Conway, John Gilmore, John Markoff, John von Neumann, Ken Thompson, Kickstarter, lake wobegon effect, Laplace demon, linear programming, litecoin, load shedding, MITM: man-in-the-middle, Multics, Network effects, nocebo, operational security, Paradox of Choice, Parkinson's law, pattern recognition, peer-to-peer, Pierre-Simon Laplace, place-making, post-materialism, QR code, quantum cryptography, race to the bottom, random walk, recommendation engine, RFID, risk tolerance, Robert Metcalfe, rolling blackouts, Ruby on Rails, Sapir-Whorf hypothesis, Satoshi Nakamoto, security theater, semantic web, seminal paper, Skype, slashdot, smart meter, social intelligence, speech recognition, SQL injection, statistical model, Steve Jobs, Steven Pinker, Stuxnet, sunk-cost fallacy, supply-chain attack, telemarketer, text mining, the built environment, The Death and Life of Great American Cities, The Market for Lemons, the payments system, Therac-25, too big to fail, Tragedy of the Commons, Turing complete, Turing machine, Turing test, Wayback Machine, web application, web of trust, x509 certificate, Y2K, zero day, Zimmermann PGP

[409] “Adobe Revoking Code Signing Certificate Used To Sign Malware”, Fahmida Rashid, 27 September 2012, http://www.securityweek.com/adoberevoking-code-signing-certificate-used-sign-malware. [410] “Security Advisory: Revocation of Adobe code signing certificate”, Adobe Corporation, 27 September 2012, http://www.adobe.com/support/security/advisories/apsa12-01.html. [411] “Inappropriate Use of Adobe Code Signing Certificate”, Brad Arkin, 27 September 2012, http://blogs.adobe.com/asset/2012/09/inappropriateuse-of-adobe-code-signing-certificate.html. [412] “Bit9 and Our Customers’ Security”, Patrick Morley, 8 February 2013, https://blog.bit9.com/2013/02/08/bit9-and-our-customers-security. [413] “Security Firm Bit9 Hacked, Used to Spread Malware”, Brian Krebs, 8 February 2013, http://krebsonsecurity.com/2013/02/security-firmbit9-hacked-used-to-spread-malware. [414] “Bit9 Breach Began in July 2012”, Brian Krebs, 20 February 2013, http://krebsonsecurity.com/2013/02/bit9-breach-began-in-july-2012. [415] “Bit9 Security Incident Update”, Harry Sverdlove, 25 February 2013, https://blog.bit9.com/2013/02/25/bit9-security-incident-update. [416] “Backdoor.Hikit: New Advanced Persistent Threat”, Branko Spasojevic, 24 August 2012, http://www.symantec.com/connect/blogs/backdoorhikitnew-advanced-persistent-threat. [417] “How to: Create Temporary Certificates for Use During Development”, Microsoft Corporation, 2007, http://technet.microsoft.com/enus/subscriptions/ms733813%28v=vs.85%29.aspx. [418] “Rootkit.TmpHider”, discussion thread, 12 July 2010, http://www.wilderssecurity.com/showthread.php?

References 235 [620] “User Education Is Not the Answer to Security Problems”, Jakob Nielsen, 25 October 2004, http://www.useit.com/alertbox/20041025.html. [621] “AOL Names Top Spam Subjects For 2005”, Antone Gonsalves, Information Week TechWeb News, 28 December 2005, http://www.informationweek.com/news/showArticle.jhtml?articleID=175701011. [622] “Should E-Mail Addresses Be Considered Private Data?”, Brian Krebs, 19 October 2007, http://voices.washingtonpost.com/securityfix/2007/10/database_theft_leads_to_target.html. [623] “Deconstructing the Fake FTC E-mail Virus Attack”, Brian Krebs, 5 November 2007, http://voices.washingtonpost.com/securityfix/2007/11/deconstructing_the_fake_ftc_em.html. [624] “Using Cartoons to Teach Internet Security”, Sukamol Srikwan and Markus Jakobsson, Cryptologia, Vol.32, No.2 (April 2008), p.137. [625] “Phishing education for banking customers useless”, Michael Crawford, Computerworld, 7 February 2007, http://www.networkworld.com/news/2007/020707-phishing-education-for-banking-customers.html. [626] “Active Content: Really Neat Technology or Impending Disaster”, Charlie Kaufman, invited talk at the 2001 Usenix Annual Technical Conference, June 2001. [627] Microformats, http://microformats.org/wiki/Main_Page. [628] “Microformats: Empowering your Markup for Web 2.0”, John Allsop, Friends of Ed Press, 2007. [629] “Vulnerability CVE-2004-0615”, US-CERT/NIST, 29 June 2004, http://cve.mitre.org/cgi-bin/cvename.cgi?

An Empirical Investigation of OpenID”, San-Tsai Sun, Eric Pospisil, Ildar Muslukhov, Nuray Dindar, Kirstie Hawkey and Konstantin Beznosov, Proceedings of the 7th Symposium on Usable Privacy and Security (SOUPS’11), July 2011, Article No.4. [213] “A Case (Study) For Usability in Secure Email Communication”, Apu Kapadia, IEEE Security and Privacy, Vol.5, No.2 (March/April 2007), p.80. [214] “Sights unseen”, Siri Carpenter, Monitor on Psychology, Vol.32, No.4 (April 2001), p.54. [215] “Fundamental Surprises”, Zvi Lanir, Center for Strategic Studies, University of Tel Aviv, 1986. [216] “Excession”, Iain Banks, Orbit, 1997. [217] “Self-certifying File System”, David Mazieres, PhD thesis, MIT, May 2000. [218] “The ChoicePoint Dilemma: How Data Brokers Should Handle the Privacy of Personal Information”, Paul Otto, Annie Antón and David Baumer, IEEE Security and Privacy, Vol.5, No.5 (September/October 2007), p.15. [219] “Web Fraud 2.0: Digital Forgeries”, Brian Krebs, 21 August 2008, http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_digital_forgeries.html. [220] “Cops Pull Plug on Rent-a-Fraudster Service for Bank Thieves”, Kim Zetter, Wired, 19 April 2010, http://www.wired.com/threatlevel/2010/04/callservicebiz/. [221] “(Un)trusted Certificates”, Eddy Nigg, 23 December 2008, https://blog.startcom.org/?


pages: 362 words: 86,195

Fatal System Error: The Hunt for the New Crime Lords Who Are Bringing Down the Internet by Joseph Menn

Brian Krebs, dumpster diving, fault tolerance, Firefox, John Markoff, Menlo Park, offshore financial centre, pirate software, plutocrats, popular electronics, profit motive, RFID, Silicon Valley, zero day

To his surprise, an EST executive called and asked what the problem was. The agent flew to meet him in Estonia, where the executive told him that he had re-leased the server to a customer in Moscow whom he only dealt with over ICQ. Armin and his allies got better results when they provided information on EST to Brian Krebs, a Washington Post tech security writer who gave the Atrivo and McColo studies the broadest exposure. Krebs reported on hundreds of malicious sites at EST Domains, then followed up with a report that EST Chief Executive Vladimir Tsastsin had recently been convicted of credit card fraud and forgery.

I was fortunate to be aided by many of the most able private researchers, not all of whom are paid for their work, including Joe Stewart, Rafal Rohozinski, Don Jackson, Jart Armin, Paul Ferguson, Avivah Litan, and Dmitri Alperovich. My fellow journalistic specialists also do an important service for followers like me and for the world at large. Among the very best are Brian Krebs, John Markoff, Jon Swartz, Byron Acohido, Kevin Poulsen, Kim Zetter, John Leyden, and Robert McMillan. I am grateful to my former colleagues at the Los Angeles Times, who supported my early reporting and allowed me a leave to write; my new friends at the Financial Times, who gave me time to finish; Lindsay Jones and others at PublicAffairs; my agent Jill Marsal; Chris Gaither, who served as an unpaid manuscript editor; and those close to me who dealt with my prolonged distraction and repeated absences.

CHAPTER 11 196 as high as possible, at King Arthur: Sources include Pohamov, others in Russian and U.K. law enforcement, and Lyon. 196 a man in his early twenties living in the Russian republic of Dagestan: A U.S. official with another federal agency confirmed that identification for its publication here, as did a colleague of Crocker’s at the NHTCU. 196 signaling an end to the subject: Crocker described this scene to colleagues. 196 The committee never pursued the case: Interviews with Russian law enforcement. 198 much to Andy’s amusement: Sources for this section include Lyon and another person at the party. 199 give his country another chance: Interview with Pohamov. 200 had to be numbered by hand: Crocker described the Russian format when discussing previous submissions. Other details are from Crocker’s law enforcement allies. 200 including Milsan: U.S. law enforcement sources. 201 within days of its release: According to security firm Commtouch. 201 Small businesses were increasingly targeted in account transfers: See such Brian Krebs articles on the topic as http://voices.washingtonpost.com/securitynx/2009/09/more_business_banking_victims.html?. 201 far less than half of 1 percent of the perpetrators: The Gartner study by Litan. 202 the top country for hacking: Interviews with Zenz, Henry, and others. 203 “political protection at a very strong level”: Interviews with U.K. and U.S. law enforcement, private researchers including Jart Armin, Paul Ferguson, David Bizeul, Don Jackson, and Zenz, along with written reports from those five and others.


pages: 587 words: 117,894

Cybersecurity: What Everyone Needs to Know by P. W. Singer, Allan Friedman

4chan, A Declaration of the Independence of Cyberspace, air gap, Apple's 1984 Super Bowl advert, barriers to entry, Berlin Wall, bitcoin, blood diamond, borderless world, Brian Krebs, business continuity plan, Chelsea Manning, cloud computing, cognitive load, crowdsourcing, cuban missile crisis, data acquisition, do-ocracy, Dr. Strangelove, drone strike, Edward Snowden, energy security, failed state, fake news, Fall of the Berlin Wall, fault tolerance, Free Software Foundation, global supply chain, Google Earth, information security, Internet of things, invention of the telegraph, John Markoff, John Perry Barlow, Julian Assange, Khan Academy, M-Pesa, military-industrial complex, MITM: man-in-the-middle, mutually assured destruction, Network effects, packet switching, Peace of Westphalia, pre–internet, profit motive, RAND corporation, ransomware, RFC: Request For Comment, risk tolerance, rolodex, Seymour Hersh, Silicon Valley, Skype, smart grid, SQL injection, Steve Jobs, Stuxnet, Twitter Arab Spring, uranium enrichment, vertical integration, We are Anonymous. We are Legion, web application, WikiLeaks, Yochai Benkler, zero day, zero-sum game

On the other hand, since the world of cybersecurity is not a unified one, why should we expect a single approach to solve all the problems that have emerged, or frankly even to be possible? Approach It as a Public-Private Problem: How Do We Better Coordinate Defense? For a few weeks, a single blogger was the savior of the Internet. But, as with all superheroes, he actually needed a little bit of help. In 2008, Washington Post reporter Brian Krebs, who blogs at the Security Fix site, became curious about a single company that was poisoning the Internet and why everyone else was letting them get away with it. The company in question was McColo, a web hosting company physically based in California with a client list that, as Krebs wrote, “includes some of the most disreputable cyber-criminal gangs in business today.”

It’s not enough for single actors or organizations to try to build higher walls or better malware detection on their own. Attackers adapt. Moreover, attackers exploit boundaries of control and responsibility, setting up a collective action problem. By bringing together the necessary actors and information, Brian Krebs was able to spur effective action, leveraging cooperation against the right fulcrum. While cyberspace seems diffuse and decentralized—simultaneously one of the key advantages and insecurities of the Internet—there are often bottlenecks of control, choke points where the defenders can concentrate resources to gain an advantage.

By working together to find standards that meet evolving needs but still allow firms to flourish, the public and private sectors can find a good balance. The key point is that cybersecurity requires coordination and action outside of the immediate victims or even owners of the networks under attack. Brian Krebs didn’t have the power of the government behind him, but his actions mattered because he mobilized a network that could target key choke points by malicious actors in cyberspace. But some problems of scale or target move the matter from the easily resolved situations where private parties have incentives to come together, like the ISPs in the McColo case or banks in financial fraud, to situations where the incentives might not be sufficient or the threat touches on public security concerns.


pages: 274 words: 85,557

DarkMarket: Cyberthieves, Cybercops and You by Misha Glenny

Berlin Wall, Bretton Woods, Brian Krebs, BRICs, call centre, Chelsea Manning, Fall of the Berlin Wall, illegal immigration, James Watt: steam engine, Julian Assange, military-industrial complex, MITM: man-in-the-middle, pirate software, Potemkin village, power law, reserve currency, Seymour Hersh, Silicon Valley, Skype, SQL injection, Stuxnet, urban sprawl, white flight, WikiLeaks, zero day

Like many others, he believed that the person behind Lord Cyric lived in Montreal, Canada, but his enquiries of the Royal Canadian Mounted Police cyber division brought him no joy. In fact, although Cyric’s IP addresses could be traced to Montreal, they would occasionally show up as being located in Toronto, which is where some sleuths suspected he really lived. Several carders picked up and ran with the rumour that Lord Cyric was in reality Brian Krebs, a journalist writing on cyber security who at the time worked for The Washington Post. There was no evidence for this – indeed, quite the contrary, for Krebs is far too serious a writer to risk ruining his reputation by becoming involved with the people he is actually investigating. There followed a slew of rumours, but nobody ever got to the bottom of who Lord Cyric really was or what he was doing.

I would recommend two books dealing specifically with cyber crime, Kevin Poulsen’s Kingpin and Joseph Menn’s Fatal System Error. For a broader introduction into some of the challenges emerging as a consequence of Internet technology, Jonathan Zittrain’s The Future of the Internet: And How to Stop It should be the first port of call. Other blogs of real value include Krebsonsecurity by Brian Krebs; Bruce Schneier’s newsletter, Crypto-gram; the blog of F-Secure, the Finnish Computer Security company; and, finally, Dancho Danchev and Ryan Naraine’s Zero Day blog on Znet. ACKNOWLEDGEMENTS Writing this book presented many challenges which I could never have met had it not been for the generous assistance I received from a number of friends and colleagues around the world.


pages: 264 words: 79,589

Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Kevin Poulsen

Apple II, Brian Krebs, Burning Man, corporate governance, dumpster diving, Exxon Valdez, fake news, gentrification, Hacker Ethic, hive mind, index card, Kickstarter, McMansion, Mercator projection, offshore financial centre, packet switching, pirate software, Ponzi scheme, Robert Hanssen: Double agent, Saturday Night Live, Silicon Valley, SQL injection, Steve Jobs, Steve Wozniak, Steven Levy, traffic fines, web application, WikiLeaks, zero day, Zipcar

District Court for the Eastern District of New York. 3 it was Jonathan James who would pay the highest price: See the author’s “Former Teen Hacker’s Suicide Linked to TJX Probe,” Wired.com, July 9, 2009 (http://www.wired.com/threatlevel/2009/07/hacker/). 4 They recruit ordinary consumers as unwitting money launderers: For more detail on these so-called “money mule” scams, see the blog of former Washingtonpost.com reporter Brian Krebs, who has covered the crime extensively: http://krebsonsecurity.com/. 5 the Secret Service had been paying Gonzalez an annual salary of $75,000 a year: First reported in Kim Zetter, “Secret Service Paid TJX Hacker $75,000 a Year,” Wired.com, March 22, 2010. 6 filed by the attorneys general of 41 states: Sources include Dan Kaplan, “TJX settles over breach with 41 states for $9.75 million,” SC Magazine, June 23, 2009 (http://www.scmagazineus.com/tjx-settles-over-breach-with-41-states-for-975-million/article/138930/). 7 another $40 million to Visa-issuing banks: Mark Jewell, “TJX to pay up to $40.9 million in settlement with Visa over data breach,” Associated Press, November 30, 2007. 8 Heartland had been certified PCI compliant: Sources include Ellen Messmer, “Heartland breach raises questions about PCI standard’s effectiveness,” Network World, January 22, 2009 (http://www.networkworld.com/news/2009/012209-heartland-breach.html). 9 Hannaford Brothers won the security certification even as hackers were in its systems: Sources include Andrew Conry-Murray, “Supermarket Breach Calls PCI Compliance into Question,” InformationWeek, March 22, 2008. 10 The restaurants filed a class-action lawsuit: http://www.prlog.org/10425165-secret-service-investigation-lawsuit-cast-shadow-over-radiant-systems-and-distributo.html.

The story of Max Vision would have listed heavily to his criminal side were it not for Tim Spencer and Marty Roesch, who shared their experience of Max as white-hat hacker, and Kimi Mack, who spoke candidly about her marriage to Max. My thanks also to security wunderkind Marc Maiffret, who helped isolate some of Max’s exploits. The underworld that Kingpin delves into has been illuminated by a number of first-rate journalists, including Bob Sullivan, Brian Krebs, Joseph Menn, Byron Acohido, Jon Swartz, and my Wired colleague Kim Zetter. Finally, my thanks to my wife, Lauren Gelman, without whose loving support and sacrifice this book would not have been possible, and to Sadelle and Asher, who will find their computer use closely supervised until they’re eighteen.


pages: 81 words: 24,626

The Internet of Garbage by Sarah Jeong

4chan, Aaron Swartz, Brian Krebs, Compatible Time-Sharing System, crowdsourcing, John Markoff, Kickstarter, Network effects, Silicon Valley, Social Justice Warrior

But today spam is largely understood as robotically generated text issued from “botnets” of compromised computers that have been unknowingly recruited into transmitting mind-bogglingly large amounts of unwanted messages advertising Viagra, genital enhancements, Nigerian get-rich-quick schemes, or linking to malware in order to steal passwords or simply recruit yet another computer into the mechanical zombie horde. Spam has become the realm of Russian crime rings (as documented by Brian Krebs in many places, including his book Spam Nation), a multi-million-dollar industry that is combated in turn by billions of dollars in anti-spam technology. Of course, the old definition of spam still lingers. For example, someone might be chided for “spamming a mailing list,” when they themselves are not a robot attempting to evade a filter, nor a commercial mailer advertising a product or a service.


pages: 499 words: 144,278

Coders: The Making of a New Tribe and the Remaking of the World by Clive Thompson

"Margaret Hamilton" Apollo, "Susan Fowler" uber, 2013 Report for America's Infrastructure - American Society of Civil Engineers - 19 March 2013, 4chan, 8-hour work day, Aaron Swartz, Ada Lovelace, AI winter, air gap, Airbnb, algorithmic bias, AlphaGo, Amazon Web Services, Andy Rubin, Asperger Syndrome, augmented reality, Ayatollah Khomeini, backpropagation, barriers to entry, basic income, behavioural economics, Bernie Sanders, Big Tech, bitcoin, Bletchley Park, blockchain, blue-collar work, Brewster Kahle, Brian Krebs, Broken windows theory, call centre, Cambridge Analytica, cellular automata, Charles Babbage, Chelsea Manning, Citizen Lab, clean water, cloud computing, cognitive dissonance, computer vision, Conway's Game of Life, crisis actor, crowdsourcing, cryptocurrency, Danny Hillis, data science, David Heinemeier Hansson, deep learning, DeepMind, Demis Hassabis, disinformation, don't be evil, don't repeat yourself, Donald Trump, driverless car, dumpster diving, Edward Snowden, Elon Musk, Erik Brynjolfsson, Ernest Rutherford, Ethereum, ethereum blockchain, fake news, false flag, Firefox, Frederick Winslow Taylor, Free Software Foundation, Gabriella Coleman, game design, Geoffrey Hinton, glass ceiling, Golden Gate Park, Google Hangouts, Google X / Alphabet X, Grace Hopper, growth hacking, Guido van Rossum, Hacker Ethic, hockey-stick growth, HyperCard, Ian Bogost, illegal immigration, ImageNet competition, information security, Internet Archive, Internet of things, Jane Jacobs, John Markoff, Jony Ive, Julian Assange, Ken Thompson, Kickstarter, Larry Wall, lone genius, Lyft, Marc Andreessen, Mark Shuttleworth, Mark Zuckerberg, Max Levchin, Menlo Park, meritocracy, microdosing, microservices, Minecraft, move 37, move fast and break things, Nate Silver, Network effects, neurotypical, Nicholas Carr, Nick Bostrom, no silver bullet, Northpointe / Correctional Offender Management Profiling for Alternative Sanctions, Oculus Rift, off-the-grid, OpenAI, operational security, opioid epidemic / opioid crisis, PageRank, PalmPilot, paperclip maximiser, pattern recognition, Paul Graham, paypal mafia, Peter Thiel, pink-collar, planetary scale, profit motive, ransomware, recommendation engine, Richard Stallman, ride hailing / ride sharing, Rubik’s Cube, Ruby on Rails, Sam Altman, Satoshi Nakamoto, Saturday Night Live, scientific management, self-driving car, side project, Silicon Valley, Silicon Valley ideology, Silicon Valley startup, single-payer health, Skype, smart contracts, Snapchat, social software, software is eating the world, sorting algorithm, South of Market, San Francisco, speech recognition, Steve Wozniak, Steven Levy, systems thinking, TaskRabbit, tech worker, techlash, TED Talk, the High Line, Travis Kalanick, Uber and Lyft, Uber for X, uber lyft, universal basic income, urban planning, Wall-E, Watson beat the top human players on Jeopardy!, WeWork, WikiLeaks, women in the workforce, Y Combinator, Zimmermann PGP, éminence grise

them back to you: Doug Olenick, “Simple, but Not Cheap, Phishing Kit Found for Sale on Dark Web,” SC Magazine, April 26, 2018, accessed August 19, 2018, https://www.scmagazine.com/simple-but-not-cheap-phishing-kit-found-for-sale-on-dark-web/article/761520; Kishalaya Kundu, “New Phishing Kit on Dark Web Lets Anyone Launch Cyber Attacks,” Beebom, April 30, 2018, accessed August 19, 2018, https://beebom.com/new-phishing-kit-dark-web; Ionut Arghire, “New Advanced Phishing Kit Targets eCommerce,” SecurityWeek, April 25, 2018, accessed August 19, 2018, https://www.securityweek.com/new-advanced-phishing-kit-targets-ecommerce. of all intrusion groups: Internet Threat Security Report: Volume 23 (March 2018), Symantec, accessed August 19, 2018, https://www.symantec.com/security-center/threat-report. of gray indeed: Brian Krebs, “Who Is Anna-Senpai, the Mirai Worm Author?,” Krebs on Security, January 17, 2017, accessed August 19, 2018, https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author; Brian Krebs, “Mirai IoT Botnet Co-authors Plead Guilty,” Krebs on Security, December 17, 2017, accessed August 19, 2018, https://krebsonsecurity.com/2017/12/mirai-iot-botnet-co-authors-plead-guilty; Mark Thiessen, “3 Hackers Get Light Sentences after Working with the FBI,” Associated Press, September 19, 2018, accessed October 2, 2018, https://apnews.com/b6f03f9a13e04b19afed3375476b4132; Garrett M.

When the owner of a site that Jha had attacked explained that there were real-life consequences for these digital onslaughts, he replied with cynicism. “Well, I stopped caring about other people a long time ago,” he wrote. “My life experience has always been get fucked over or fuck someone else over.” The law eventually caught up with him. Brian Krebs, a prominent journalist who investigates the world of malware, spent months patiently rooting up Jha’s identity (like all malware authors, he’d kept it a deep secret). After the authorities arrested Jha, he and his Mirai partners were sentenced five years of probation and 62.5 workweeks of community service; as it happens, they had already flipped and begun helping the FBI “on cybercrime and cybersecurity matters,” as the sentencing memorandum noted.


pages: 340 words: 96,149

@War: The Rise of the Military-Internet Complex by Shane Harris

air gap, Amazon Web Services, barriers to entry, Berlin Wall, Brian Krebs, centralized clearinghouse, Citizen Lab, clean water, computer age, crowdsourcing, data acquisition, don't be evil, Edward Snowden, end-to-end encryption, failed state, Firefox, information security, John Markoff, Julian Assange, military-industrial complex, mutually assured destruction, peer-to-peer, Silicon Valley, Silicon Valley startup, Skype, Stuxnet, systems thinking, undersea cable, uranium enrichment, WikiLeaks, zero day

. [>] Shell, Schlumberger, and other: Zain Shauk, “Phishing Still Hooks Energy Workers,” FuelFix, December 22, 2013, http://fuelfix.com/blog/2013/12/22/phishing-still-hooks-energy-workers/. [>] In a rare public appearance: Berlin spoke at a cyber security conference at the Newsuem in Washington, DC, on May 22, 2013. [>] A few months after the intrusions: Brian Krebs, “Chinese Hackers Blamed for Intrusion at Energy industry Giant Telvent,” KrebsonSecurity, September 26, 2012, http://krebsonsecurity.com/2012/09/chinese-hackers-blamed-for-intrusion-at-energy-industry-giant-telvent/. [>] But the country also needs: World Bank, “GDP Growth,” http://data.worldbank.org/indicator/NY.GDP.MKTP.KD.ZG [>] China is the world’s second-largest: US Energy Information Administration, http://www.eia.gov/countries/country-data.cfm?

. [>] Earlier in the year a pair: Nicole Perlroth, “Electrical Grid Is Called Vulnerable to Power Shutdown,” Bits, New York Times, October 18, 2013, http://bits.blogs.nytimes.com/2013/10/18/electrical-grid-called-vulnerable-to-power-shutdown/. [>] “There isn’t a computer system”: McConnell spoke at a cyber security conference sponsored by Bloomberg in Washington, DC, October 30, 2013. [>] Investigators concluded that the hackers: Brian Krebs, “Target Hackers Broke in Via HVAC Company,” KrebsonSecurity, February 5, 2014, http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/. [>] In February 2014 a Senate committee report: Craig Timberg and Lisa Rein, “Senate Cybersecurity Report Finds Agencies Often Fail to Take Basic Preventative Measures,” Washington Post, February 4, 2013, http://www.washingtonpost.com/business/technology/senate-cybersecurity-report-finds-agencies-often-fail-to-take-basic-preventive-measures/2014/02/03/493390c2-8ab6-11e3-833c-33098f9e5267_story.html. [>] At a security conference in Washington, DC: Alexander spoke in Washington, DC, at the Newsuem on October 8, 2013, http://www.youtube.com/watch?


pages: 392 words: 114,189

The Ransomware Hunting Team: A Band of Misfits' Improbable Crusade to Save the World From Cybercrime by Renee Dudley, Daniel Golden

2021 United States Capitol attack, Amazon Web Services, Bellingcat, Berlin Wall, bitcoin, Black Lives Matter, blockchain, Brian Krebs, call centre, centralized clearinghouse, company town, coronavirus, corporate governance, COVID-19, cryptocurrency, data science, disinformation, Donald Trump, fake it until you make it, Hacker News, heat death of the universe, information security, late fees, lockdown, Menlo Park, Minecraft, moral hazard, offshore financial centre, Oklahoma City bombing, operational security, opioid epidemic / opioid crisis, Picturephone, pirate software, publish or perish, ransomware, Richard Feynman, Ross Ulbricht, seminal paper, smart meter, social distancing, strikebreaker, subprime mortgage crisis, tech worker, Timothy McVeigh, union organizing, War on Poverty, Y2K, zero day

“While we will never condone”: “Free Ransomware Help for Healthcare Providers During the Coronavirus Outbreak,” Emsisoft blog, March 18, 2020, blog.emsisoft.com/en/35921/free-ransomware-help-for-healthcare-providers-during-the-coronavirus-outbreak/. “You hit us”: Sam Varghese, “Big US Travel Management Firm CWT Pays Out U.S. $4.5m to Ransomware Gang,” iTWire.com, August 2, 2020, itwire.com/business-it-news/security/big-us-travel-management-firm-cwt-pays-out-us$4-5m-to-ransomware-gang.html. “We can confirm”: Brian Krebs, “Ransomware Group Turns to Facebook Ads,” Krebs on Security, November 10, 2020, krebsonsecurity.com/2020/11/ransomware-group-turns-to-facebook-ads/. 330 miles per hour: Autumn Bows, “Here’s How the Koenigsegg Jesko Absolut Will Reach 330MPH,” HotCars, October 12, 2020, hotcars.com/heres-how-the-koenigsegg-jesko-absolut-will-reach-330mph/.

,” Lawfare, April 26, 2021, lawfareblog.com/when-should-us-cyber-command-take-down-criminal-botnets. it penetrated the botnet: Ellen Nakashima, “Cyber Command Has Sought to Disrupt the World’s Largest Botnet, Hoping to Reduce Its Potential Impact on the Election,” Washington Post, October 9, 2020. false information: Brian Krebs, “Attacks Aimed at Disrupting the Trickbot Botnet,” Krebs on Security, October 2, 2020, krebsonsecurity.com/2020/10/attacks-aimed-at-disrupting-the-trickbot-botnet/. “an increased and imminent”: “Ransomware Activity Targeting the Healthcare and Public Health Sector,” Cybersecurity & Infrastructure Security Agency, Alert (AA20-302A), October 28, 2020, cisa.gov/uscert/ncas/alerts/aa20-302a.


pages: 494 words: 121,217

Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency by Andy Greenberg

2021 United States Capitol attack, Airbnb, augmented reality, bitcoin, Bitcoin Ponzi scheme, Black Lives Matter, blockchain, Brian Krebs, Cody Wilson, commoditize, computerized markets, COVID-19, crowdsourcing, cryptocurrency, Edward Snowden, Elon Musk, Ethereum, ethereum blockchain, forensic accounting, Global Witness, Google Glasses, Higgs boson, hive mind, impulse control, index card, Internet Archive, Jeff Bezos, Julian Assange, Large Hadron Collider, machine readable, market design, operational security, opioid epidemic / opioid crisis, pirate software, Ponzi scheme, ransomware, reserve currency, ride hailing / ride sharing, rolodex, Ross Ulbricht, Satoshi Nakamoto, Skype, slashdot, Social Justice Warrior, the market place, web application, WikiLeaks

But while they all used the first clustering method suggested in Satoshi’s original Bitcoin white paper, only the Irish team had briefly suggested the change-making method in its 2012 study and, unlike the UCSD team, didn’t actually implement that technique. Meiklejohn says she wasn’t in fact aware of the Irish team’s mention of change-based clustering at the time she was working on the technique. CHAPTER 9 Cyber Narc In late July 2013, an independent security journalist named Brian Krebs found an unwelcome, if not entirely unexpected, gift in the mail. Inside a thin envelope postmarked from Chicago was a copy of Chicago Confidential, the weekly magazine insert distributed to subscribers of the Chicago Tribune. Taped to a jewelry ad on the back of the magazine were a baker’s dozen of small plastic bags, covered in a pattern of black and gold skulls.

GO TO NOTE REFERENCE IN TEXT Another theft of 18,500 bitcoins: Ibid. GO TO NOTE REFERENCE IN TEXT “Even our relatively small experiment”: Ibid. GO TO NOTE REFERENCE IN TEXT CHAPTER 9: CYBER NARC Each one contained a teaspoon: Brian Krebs, “Mail from the (Velvet) Cybercrime Underground,” Krebs on Security, July 30, 2013, krebsonsecurity.com. GO TO NOTE REFERENCE IN TEXT “(I like having them nipping”: Greenberg, “Interview with a Digital Drug Lord.” GO TO NOTE REFERENCE IN TEXT I’d ordered one gram of pot: Andy Greenberg, “Here’s What It’s Like to Buy Drugs on Three Anonymous Online Black Markets,” Forbes, Aug. 14, 2013, forbes.com.


pages: 590 words: 152,595

Army of None: Autonomous Weapons and the Future of War by Paul Scharre

"World Economic Forum" Davos, active measures, Air France Flight 447, air gap, algorithmic trading, AlphaGo, Apollo 13, artificial general intelligence, augmented reality, automated trading system, autonomous vehicles, basic income, Black Monday: stock market crash in 1987, brain emulation, Brian Krebs, cognitive bias, computer vision, cuban missile crisis, dark matter, DARPA: Urban Challenge, data science, deep learning, DeepMind, DevOps, Dr. Strangelove, drone strike, Elon Musk, en.wikipedia.org, Erik Brynjolfsson, facts on the ground, fail fast, fault tolerance, Flash crash, Freestyle chess, friendly fire, Herman Kahn, IFF: identification friend or foe, ImageNet competition, information security, Internet of things, Jeff Hawkins, Johann Wolfgang von Goethe, John Markoff, Kevin Kelly, Korean Air Lines Flight 007, Loebner Prize, loose coupling, Mark Zuckerberg, military-industrial complex, moral hazard, move 37, mutually assured destruction, Nate Silver, Nick Bostrom, PalmPilot, paperclip maximiser, pattern recognition, Rodney Brooks, Rubik’s Cube, self-driving car, sensor fusion, South China Sea, speech recognition, Stanislav Petrov, Stephen Hawking, Steve Ballmer, Steve Wozniak, Strategic Defense Initiative, Stuxnet, superintelligent machines, Tesla Model S, The Signal and the Noise by Nate Silver, theory of mind, Turing test, Tyler Cowen, universal basic income, Valery Gerasimov, Wall-E, warehouse robotics, William Langewiesche, Y2K, zero day

DARPA, “Home | DRC Finals,” accessed June 14, 2017, http://archive.darpa.mil/roboticschallenge/. 217 “automatically check the world’s software”: David Brumley, “Why CGC Matters to Me,” ForAllSecure, July 26, 2016, https://forallsecure.com/blog/2016/07/26/why-cgc-matters-to-me/. 217 “fully autonomous system for finding and fixing”: David Brumley, “Mayhem Wins DARPA CGC,” ForAllSecure, August 6, 2016, https://forallsecure.com/blog/2016/08/06/mayhem-wins-darpa-cgc/. 217 vulnerability is analogous to a weak lock: David Brumley, interview, November 24, 2016. 218 “There’s grades of security”: Ibid. 218 “an autonomous system that’s taking all of those things”: Ibid. 218 “Our goal was to come up with a skeleton key”: Ibid. 219 “true autonomy in the cyber domain”: Michael Walker, interview, December 5, 2016. 219 comparable to a “competent” computer security professional: David Brumley, interview, November 24, 2016. 219 DEF CON hacking conference: Daniel Tkacik, “CMU Team Wins Fourth ‘World Series of Hacking’ Competition,” CMU.edu, July 31, 2017. 219 Brumley’s team from Carnegie Mellon: Ibid. 219 Mirai: Brian Krebs, “Who Makes the IoT Things Under Attack?” Krebs on Security, October 3, 2016, https://krebsonsecurity.com/2016/10/who-makes-the-iot-things-under-attack/. 219 massive DDoS attack: Brian Krebs, “KrebsOnSecurity Hit With Record DDoS,” Krebs on Security, September 21, 2016, https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/. 219 most IoT devices are “ridiculous vulnerable”: David Brumley, interview, November 24, 2016. 219 6.4 billion IoT devices: “Gartner Says 6.4 Billion Connected,” Gartner, November 10, 2015, http://www.gartner.com/newsroom/id/3165317. 220 “check all these locks”: David Brumley, interview, November 24, 2016. 220 “no difference” between the technology: Ibid. 220 “All computer security technologies are dual-use”: Michael Walker, interview, December 5, 2016. 220 “you have to trust the researchers”: David Brumley, interview, November 24, 2016. 220 “It’s going to take the same kind”: Michael Walker, interview, December 5, 2016. 221 “I’m not saying that we can change to a place”: Ibid. 221 “It’s scary to think of Russia”: David Brumley, interview, November 24, 2016. 221 “counter-autonomy”: David Brumley, “Winning Cyber Battles: The Next 20 Years,” unpublished working paper, November 2016. 221 “trying to find vulnerabilities”: David Brumley, interview, November 24, 2016. 221 “you play the opponent”: Ibid. 221 “It’s a little bit like a Trojan horse”: Ibid. 222 “computer equivalent to ‘the long con’”: Brumley, “Winning Cyber Battles: The Next 20 Years.” 222 “Make no mistake, cyber is a war”: Ibid. 222 F-35 . . . tens of millions of lines of code: Jacquelyn Schneider, “Digitally-Enabled Warfare: The Capability-Vulnerability Paradox,” Center for a New American Security, Washington DC, August 29, 2016, https://www.cnas.org/publications/reports/digitally-enabled-warfare-the-capability-vulnerability-paradox. 223 Hacking back is when: Dorothy E.


pages: 568 words: 164,014

Dawn of the Code War: America's Battle Against Russia, China, and the Rising Global Cyber Threat by John P. Carlin, Garrett M. Graff

1960s counterculture, A Declaration of the Independence of Cyberspace, Aaron Swartz, air gap, Andy Carvin, Apple II, Bay Area Rapid Transit, bitcoin, Brian Krebs, business climate, cloud computing, cotton gin, cryptocurrency, data acquisition, Deng Xiaoping, disinformation, driverless car, drone strike, dual-use technology, eat what you kill, Edward Snowden, fake news, false flag, Francis Fukuyama: the end of history, Hacker Ethic, information security, Internet of things, James Dyson, Jeff Bezos, John Gilmore, John Markoff, John Perry Barlow, Ken Thompson, Kevin Roose, Laura Poitras, Mark Zuckerberg, Menlo Park, millennium bug, Minecraft, Mitch Kapor, moral hazard, Morris worm, multilevel marketing, Network effects, new economy, Oklahoma City bombing, out of africa, packet switching, peer-to-peer, peer-to-peer model, performance metric, RAND corporation, ransomware, Reflections on Trusting Trust, Richard Stallman, Robert Metcalfe, Ronald Reagan, Saturday Night Live, self-driving car, shareholder value, side project, Silicon Valley, Silicon Valley startup, Skype, Snapchat, South China Sea, Steve Crocker, Steve Jobs, Steve Wozniak, Steven Levy, Stewart Brand, Stuxnet, The Hackers Conference, Tim Cook: Apple, trickle-down economics, Wargames Reagan, Whole Earth Catalog, Whole Earth Review, WikiLeaks, Y2K, zero day, zero-sum game

David Ensor, “Al Qaeda Letter Called ‘Chilling,’” CNN, October 12, 2005, edition.cnn.com/2005/WORLD/meast/10/11/alqaeda.letter/. 6. Rita Katz and Michael Kern, “Terrorist 007, Exposed,” Washington Post, March 26, 2006, www.washingtonpost.com/wp-dyn/content/article/2006/03/25/AR2006 032500020.html. 7. Brian Krebs, “Terrorism’s Hook into Your Inbox: U.K. Case Shows Link Between Online Fraud and Jihadist Networks,” Washington Post, July 5, 2007, www.washington post.com/wp-dyn/content/article/2007/07/05/AR2007070501153_pf.html. 8. Gordon Corera, “The World’s Most Wanted Cyber-jihadist,” BBC News, January 16, 2008, www.news.bbc.co.uk/2/hi/americas/7191248.stm. 9.

“Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation: Prepared for the U.S.-China Economic and Security Review Commission,” Northrop Grumman, October 9, 2009, nsarchive2.gwu.edu/NSAEBB/NSAEBB424/docs/Cyber-030.pdf. 95. Poulsen, Kingpin, 74. 96. See Misha Glenny, DarkMarket: How Hackers Became the New Mafia (Vintage, 2012), 41. 97. Brian Krebs, Spam Nation: The Inside Story of Organized Cybercrime—From Global Epidemic to Your Front Door (Sourcebooks, 2014), 17. 98. Ibid., 26. 99. Ibid., 20. 100. Joseph B. Tompkins and Linda A. Mar, “The 1984 Federal Computer Statute: A Partial Answer to a Pervasive Problem,” The John Marshall Journal of Information Technology & Privacy Law, vol. 6, no. 3, 1986, repository.jmls.edu/cgi/view content.cgi?


pages: 237 words: 64,411

Humans Need Not Apply: A Guide to Wealth and Work in the Age of Artificial Intelligence by Jerry Kaplan

Affordable Care Act / Obamacare, Amazon Web Services, asset allocation, autonomous vehicles, bank run, bitcoin, Bob Noyce, Brian Krebs, business cycle, buy low sell high, Capital in the Twenty-First Century by Thomas Piketty, combinatorial explosion, computer vision, Computing Machinery and Intelligence, corporate governance, crowdsourcing, driverless car, drop ship, Easter island, en.wikipedia.org, Erik Brynjolfsson, estate planning, Fairchild Semiconductor, Flash crash, Gini coefficient, Goldman Sachs: Vampire Squid, haute couture, hiring and firing, income inequality, index card, industrial robot, information asymmetry, invention of agriculture, Jaron Lanier, Jeff Bezos, job automation, John Markoff, John Maynard Keynes: Economic Possibilities for our Grandchildren, Kiva Systems, Larry Ellison, Loebner Prize, Mark Zuckerberg, mortgage debt, natural language processing, Nick Bostrom, Own Your Own Home, pattern recognition, Satoshi Nakamoto, school choice, Schrödinger's Cat, Second Machine Age, self-driving car, sentiment analysis, short squeeze, Silicon Valley, Silicon Valley startup, Skype, software as a service, The Chicago School, The Future of Employment, Turing test, Vitalik Buterin, Watson beat the top human players on Jeopardy!, winner-take-all economy, women in the workforce, working poor, Works Progress Administration

Mark Twain famously said, “It is my … hope … that all of us … may eventually be gathered together in heaven … except the inventor of the telephone.” Were he alive today, I’m confident he would include the inventor of the CAPTCHA. Regarding the use of low-skilled low-cost labor to solve these, see Brian Krebs, “Virtual Sweatshops Defeat Bot-or-Not Tests,” Krebs on Security (blog), January 9, 2012, http://krebsonsecurity.com/2012/01/virtual-sweatshops-defeat-bot-or-not-tests/. 5. OFFICER, ARREST THAT ROBOT 1. E. P. Evans, The Criminal Prosecution and Capital Punishment of Animals (1906; repr., Clark, N.J.: Lawbook Exchange, 2009). 2.


pages: 269 words: 79,285

Silk Road by Eileen Ormsby

4chan, bitcoin, blockchain, Brian Krebs, corporate governance, cryptocurrency, disinformation, drug harm reduction, Edward Snowden, fiat currency, Firefox, incognito mode, Julian Assange, litecoin, Mark Zuckerberg, Network effects, off-the-grid, operational security, peer-to-peer, Ponzi scheme, power law, profit motive, Right to Buy, Ross Ulbricht, Satoshi Nakamoto, stealth mode startup, Ted Nelson, trade route, Turing test, web application, WikiLeaks

Several stores offer stolen or counterfeit Apple products. One advertiser offers to steal goods to order, another offers bomb-making lessons and yet another says they can arrange for an enemy to be visited by a SWAT team. (This seemed a bit far-fetched, but ‘swatting’ is a real phenomenon in the United States, as security expert and blogger Brian Krebs discovered in March 2013. He had annoyed many hackers and shady websites over the years with his investigations, so someone placed a 911 call using instant message chats via a relay service designed for hearing-impaired and deaf callers. They said Russians had broken into Krebs’ house, killing his wife.


pages: 306 words: 82,909

A Hacker's Mind: How the Powerful Bend Society's Rules, and How to Bend Them Back by Bruce Schneier

4chan, Airbnb, airport security, algorithmic trading, Alignment Problem, AlphaGo, Automated Insights, banking crisis, Big Tech, bitcoin, blockchain, Boeing 737 MAX, Brian Krebs, Capital in the Twenty-First Century by Thomas Piketty, cloud computing, computerized trading, coronavirus, corporate personhood, COVID-19, cryptocurrency, dark pattern, deepfake, defense in depth, disinformation, Donald Trump, Double Irish / Dutch Sandwich, driverless car, Edward Thorp, Elon Musk, fake news, financial innovation, Financial Instability Hypothesis, first-past-the-post, Flash crash, full employment, gig economy, global pandemic, Goodhart's law, GPT-3, Greensill Capital, high net worth, Hyman Minsky, income inequality, independent contractor, index fund, information security, intangible asset, Internet of things, Isaac Newton, Jeff Bezos, job automation, late capitalism, lockdown, Lyft, Mark Zuckerberg, money market fund, moral hazard, move fast and break things, Nate Silver, offshore financial centre, OpenAI, payday loans, Peter Thiel, precautionary principle, Ralph Nader, recommendation engine, ride hailing / ride sharing, self-driving car, sentiment analysis, Skype, smart cities, SoftBank, supply chain finance, supply-chain attack, surveillance capitalism, systems thinking, TaskRabbit, technological determinism, TED Talk, The Wealth of Nations by Adam Smith, theory of mind, TikTok, too big to fail, Turing test, Uber and Lyft, uber lyft, ubercab, UNCLOS, union organizing, web application, WeWork, When a measure becomes a target, WikiLeaks, zero day

Sanusi, Mohd Nor Firdaus Rameli, and Yusarina Mat Isa (13 Apr 2015), “Fraud schemes in the banking institutions: Prevention measures to avoid severe financial loss,” Procedia Economics and Finance, https://www.semanticscholar.org/paper/Fraud-Schemes-in-the-Banking-Institutions%3A-Measures-Sanusi-Rameli/681c06a647cfef1e90e52ccbf829438016966c44. 33this is known as “jackpotting”: Joseph Cox (14 Oct 2019), “Malware that spits cash out of ATMs has spread across the world,” Vice Motherboard, https://www.vice.com/en_us/article/7x5ddg/malware-that-spits-cash-out-of-atms-has-spread-across-the-world. 33Another attack: Dan Goodin (22 Jul 2020), “Thieves are emptying ATMs using a new form of jackpotting,” Wired, https://www.wired.com/story/thieves-are-emptying-atms-using-a-new-form-of-jackpotting. 34US Secret Service began warning: Brian Krebs (27 Jan 2018), “First ‘jackpotting’ attacks hit U.S. ATMs,” Krebs on Security, https://krebsonsecurity.com/2018/01/first-jackpotting-attacks-hit-u-s-atms. 34Barnaby Jack demonstrated: Kim Zetter (28 Jul 2010), “Researcher demonstrates ATM ‘jackpotting’ at Black Hat conference,” Wired, https://www.wired.com/2010/07/atms-jackpotted. 7.


pages: 317 words: 98,745

Black Code: Inside the Battle for Cyberspace by Ronald J. Deibert

4chan, air gap, Any sufficiently advanced technology is indistinguishable from magic, Brian Krebs, call centre, citizen journalism, Citizen Lab, cloud computing, connected car, corporate social responsibility, crowdsourcing, cuban missile crisis, data acquisition, digital divide, disinformation, end-to-end encryption, escalation ladder, Evgeny Morozov, failed state, Firefox, Gabriella Coleman, global supply chain, global village, Google Hangouts, Hacker Ethic, Herman Kahn, informal economy, information security, invention of writing, Iridium satellite, jimmy wales, John Gilmore, John Markoff, Kibera, Kickstarter, knowledge economy, Lewis Mumford, low earth orbit, Marshall McLuhan, military-industrial complex, MITM: man-in-the-middle, mobile money, mutually assured destruction, Naomi Klein, new economy, Occupy movement, off-the-grid, Panopticon Jeremy Bentham, planetary scale, rent-seeking, Ronald Reagan, Ronald Reagan: Tear down this wall, Silicon Valley, Silicon Valley startup, Skype, smart grid, South China Sea, Steven Levy, Streisand effect, Stuxnet, Ted Kaczynski, the medium is the message, Turing test, Twitter Arab Spring, undersea cable, unit 8200, We are Anonymous. We are Legion, WikiLeaks, Yochai Benkler, zero day

In January 2012, Jan Droemer and Dirk Kollberg reported on their own detailed investigation of the Koobface perpetrators in “The Koobface Malware Gang Exposed,” Sophos Lab, January 2012, http​://www​.sophos​.com/m​ediali​brary/PD​Fs/other​/sophos​koobfa​ceart​icle_​re​v​_na.​pdf​?dl​=tr​ue. 2 Electrons may move at the speed of light, but legal systems crawl at the speed of bureaucratic institutions: The lack of international co-operation around cyber security is discussed in Brian Krebs, “From (& To) Russia, With Love,” Washington Post, March 3, 2009, http​://voic​es.wa​shingto​npost.​com/se​curity​fix​/2009​/03/​from_​to_ru​ssia​_wit​h_l​o​ve.html. See also Jeremy Kirk, “UK Police Reveal Arrests Over Zeus Banking Malware,” Computer World, November 18, 2009, http​://www.​compute​rworld.c​om/s/ar​ticle​/91​410​92/​UK​_pol​ice​_​revea​l​_​arres​ts​_o​ver​_​Zeus​_​ban​ki​ng​_​mal​ware; and Omar El-Akkad, “Canadian Firm Helps Disable Massive Botnet,” Globe and Mail, March 3, 2010, http​://ww​w.glob​eandmai​l.com​/​news​/​techn​ology​/​canad​ian-firm-he​lps-dis​able​-massive​-bot​net​/ar​ticl​e14​888​38. 3 Specialists working for Facebook, Jan Droemer, and other security researchers: In January 2012, Facebook outed the identity of the Koobface perpetrators in “Facebook’s Continued Fight Against Koobface,” January 17, 2012, https​://www.​facebook.​com/note​.php?


pages: 364 words: 99,897

The Industries of the Future by Alec Ross

"World Economic Forum" Davos, 23andMe, 3D printing, Airbnb, Alan Greenspan, algorithmic bias, algorithmic trading, AltaVista, Anne Wojcicki, autonomous vehicles, banking crisis, barriers to entry, Bernie Madoff, bioinformatics, bitcoin, Black Lives Matter, blockchain, Boston Dynamics, Brian Krebs, British Empire, business intelligence, call centre, carbon footprint, clean tech, cloud computing, collaborative consumption, connected car, corporate governance, Credit Default Swap, cryptocurrency, data science, David Brooks, DeepMind, Demis Hassabis, disintermediation, Dissolution of the Soviet Union, distributed ledger, driverless car, Edward Glaeser, Edward Snowden, en.wikipedia.org, Erik Brynjolfsson, Evgeny Morozov, fiat currency, future of work, General Motors Futurama, global supply chain, Google X / Alphabet X, Gregor Mendel, industrial robot, information security, Internet of things, invention of the printing press, Jaron Lanier, Jeff Bezos, job automation, John Markoff, Joi Ito, Kevin Roose, Kickstarter, knowledge economy, knowledge worker, lifelogging, litecoin, low interest rates, M-Pesa, machine translation, Marc Andreessen, Mark Zuckerberg, Max Levchin, Mikhail Gorbachev, military-industrial complex, mobile money, money: store of value / unit of account / medium of exchange, Nelson Mandela, new economy, off-the-grid, offshore financial centre, open economy, Parag Khanna, paypal mafia, peer-to-peer, peer-to-peer lending, personalized medicine, Peter Thiel, precision agriculture, pre–internet, RAND corporation, Ray Kurzweil, recommendation engine, ride hailing / ride sharing, Rubik’s Cube, Satoshi Nakamoto, selective serotonin reuptake inhibitor (SSRI), self-driving car, sharing economy, Silicon Valley, Silicon Valley startup, Skype, smart cities, social graph, software as a service, special economic zone, supply-chain management, supply-chain management software, technoutopianism, TED Talk, The Future of Employment, Travis Kalanick, underbanked, unit 8200, Vernor Vinge, Watson beat the top human players on Jeopardy!, women in the workforce, work culture , Y Combinator, young professional

In addition, the hackers stole: Mark Hosenball, “Target Vendor Says Hackers Breached Data Link Used for Billing,” Reuters, February 6, 2014, http://www.reuters.com/article/2014/02/06/us-target-breach-vendor-idUSBREA1523E20140206. Profits fell 46 percent in: Elizabeth A. Harris, “Faltering Target Parts Ways with Chief,” New York Times, May 6, 2014, http://www.nytimes.com/2014/05/06/business/target-chief-executive-resigns.html?ref=technology&_r=0. The company could still face: Brian Krebs, “Target Hackers Broke in via HVAC Company,” Krebs on Security (blog), February 5, 2014, http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/. It lost billions of dollars: Susan Taylor, Siddharth Cavale, and Jim Finkle, “Target’s Decision to Remove CEO Rattles Investors,” Reuters, May 5, 2014, http://www.reuters.com/article/2014/05/05/us-target-ceo-idUSBREA440BD20140505.


pages: 320 words: 87,853

The Black Box Society: The Secret Algorithms That Control Money and Information by Frank Pasquale

Adam Curtis, Affordable Care Act / Obamacare, Alan Greenspan, algorithmic trading, Amazon Mechanical Turk, American Legislative Exchange Council, asset-backed security, Atul Gawande, bank run, barriers to entry, basic income, Bear Stearns, Berlin Wall, Bernie Madoff, Black Swan, bonus culture, Brian Krebs, business cycle, business logic, call centre, Capital in the Twenty-First Century by Thomas Piketty, Chelsea Manning, Chuck Templeton: OpenTable:, cloud computing, collateralized debt obligation, computerized markets, corporate governance, Credit Default Swap, credit default swaps / collateralized debt obligations, crowdsourcing, cryptocurrency, data science, Debian, digital rights, don't be evil, drone strike, Edward Snowden, en.wikipedia.org, Evgeny Morozov, Fall of the Berlin Wall, Filter Bubble, financial engineering, financial innovation, financial thriller, fixed income, Flash crash, folksonomy, full employment, Gabriella Coleman, Goldman Sachs: Vampire Squid, Google Earth, Hernando de Soto, High speed trading, hiring and firing, housing crisis, Ian Bogost, informal economy, information asymmetry, information retrieval, information security, interest rate swap, Internet of things, invisible hand, Jaron Lanier, Jeff Bezos, job automation, John Bogle, Julian Assange, Kevin Kelly, Kevin Roose, knowledge worker, Kodak vs Instagram, kremlinology, late fees, London Interbank Offered Rate, London Whale, machine readable, Marc Andreessen, Mark Zuckerberg, Michael Milken, mobile money, moral hazard, new economy, Nicholas Carr, offshore financial centre, PageRank, pattern recognition, Philip Mirowski, precariat, profit maximization, profit motive, public intellectual, quantitative easing, race to the bottom, reality distortion field, recommendation engine, regulatory arbitrage, risk-adjusted returns, Satyajit Das, Savings and loan crisis, search engine result page, shareholder value, Silicon Valley, Snapchat, social intelligence, Spread Networks laid a new fibre optics cable between New York and Chicago, statistical arbitrage, statistical model, Steven Levy, technological solutionism, the scientific method, too big to fail, transaction costs, two-sided market, universal basic income, Upton Sinclair, value at risk, vertical integration, WikiLeaks, Yochai Benkler, zero-sum game

Harris and Nicole Perlroth, “For Target, the Breach Numbers Grow,” New York Times, January 1, 2014, http://www.nytimes.com /2014 /01/11/business/target-breach-affected-70 -million-customers.html?_r=0. 59. Thomas R. McLean & Alexander B. McLean, “Dependence on Cyberscribes-Issues in E-Security,” 8 J. Bus. & Tech. L. (2013): 59 (discussing instances of medical information on the black market); Brian Krebs & Anita Kumar, “Hackers Want Millions for Data on Prescriptions,” Wash. Post, May 8, 2009, at B1. 60. Misha Glenny, DarkMarket: How Hackers Became the New Mafi a (New York: Vintage Books, 2012) 2 (“this minuscule elite (call them geeks, technos, hackers, coders, securocrats, or what you will) has a profound understanding of a technology that every day directs our lives more intensively and extensively, while most of the rest of us understand absolutely zip about it.”). 61.


pages: 503 words: 131,064

Liars and Outliers: How Security Holds Society Together by Bruce Schneier

Abraham Maslow, airport security, Alvin Toffler, barriers to entry, behavioural economics, benefit corporation, Berlin Wall, Bernie Madoff, Bernie Sanders, Brian Krebs, Broken windows theory, carried interest, Cass Sunstein, Chelsea Manning, commoditize, corporate governance, crack epidemic, credit crunch, CRISPR, crowdsourcing, cuban missile crisis, Daniel Kahneman / Amos Tversky, David Graeber, desegregation, don't be evil, Double Irish / Dutch Sandwich, Douglas Hofstadter, Dunbar number, experimental economics, Fall of the Berlin Wall, financial deregulation, Future Shock, Garrett Hardin, George Akerlof, hydraulic fracturing, impulse control, income inequality, information security, invention of agriculture, invention of gunpowder, iterative process, Jean Tirole, John Bogle, John Nash: game theory, joint-stock company, Julian Assange, language acquisition, longitudinal study, mass incarceration, meta-analysis, microcredit, mirror neurons, moral hazard, Multics, mutually assured destruction, Nate Silver, Network effects, Nick Leeson, off-the-grid, offshore financial centre, Oklahoma City bombing, patent troll, phenotype, pre–internet, principal–agent problem, prisoner's dilemma, profit maximization, profit motive, race to the bottom, Ralph Waldo Emerson, RAND corporation, Recombinant DNA, rent-seeking, RFID, Richard Thaler, risk tolerance, Ronald Coase, security theater, shareholder value, slashdot, statistical model, Steven Pinker, Stuxnet, technological singularity, The Market for Lemons, The Nature of the Firm, The Spirit Level, The Wealth of Nations by Adam Smith, The Wisdom of Crowds, theory of mind, Timothy McVeigh, too big to fail, traffic fines, Tragedy of the Commons, transaction costs, ultimatum game, UNCLOS, union organizing, Vernor Vinge, WikiLeaks, World Values Survey, Y2K, Yochai Benkler, zero-sum game

Rick Frei (2010), “Witness Intimidation and the Snitching Project,” written testimony submitted to the Subcommittee on Drugs and Crime, U.S. Senate Committee on the Judiciary. Con artists try David Maurer (1940), The Big Con: The Story of the Confidence Man, Bobbs Merrill. Fake anti-virus software Brian Krebs (3 Aug 2011), “Fake Antivirus Industry Down, But Not Out,” Krebs on Security. Internet money laundering Mitchell Zuckoff (15 May 2005), “Annals of Crime: The Perfect Mark,” The New Yorker, 36–42. doctrine of necessity Leslie Wolf-Phillips (1979), “Constitutional Legitimacy: A Study of the Doctrine of Necessity.”


pages: 527 words: 147,690

Terms of Service: Social Media and the Price of Constant Connection by Jacob Silverman

"World Economic Forum" Davos, 23andMe, 4chan, A Declaration of the Independence of Cyberspace, Aaron Swartz, Airbnb, airport security, Amazon Mechanical Turk, augmented reality, basic income, Big Tech, Brian Krebs, California gold rush, Californian Ideology, call centre, cloud computing, cognitive dissonance, commoditize, company town, context collapse, correlation does not imply causation, Credit Default Swap, crowdsourcing, data science, deep learning, digital capitalism, disinformation, don't be evil, driverless car, drone strike, Edward Snowden, Evgeny Morozov, fake it until you make it, feminist movement, Filter Bubble, Firefox, Flash crash, game design, global village, Google Chrome, Google Glasses, Higgs boson, hive mind, Ian Bogost, income inequality, independent contractor, informal economy, information retrieval, Internet of things, Jacob Silverman, Jaron Lanier, jimmy wales, John Perry Barlow, Kevin Kelly, Kevin Roose, Kickstarter, knowledge economy, knowledge worker, Larry Ellison, late capitalism, Laura Poitras, license plate recognition, life extension, lifelogging, lock screen, Lyft, machine readable, Mark Zuckerberg, Mars Rover, Marshall McLuhan, mass incarceration, meta-analysis, Minecraft, move fast and break things, national security letter, Network effects, new economy, Nicholas Carr, Occupy movement, off-the-grid, optical character recognition, payday loans, Peter Thiel, planned obsolescence, postindustrial economy, prediction markets, pre–internet, price discrimination, price stability, profit motive, quantitative hedge fund, race to the bottom, Ray Kurzweil, real-name policy, recommendation engine, rent control, rent stabilization, RFID, ride hailing / ride sharing, Salesforce, self-driving car, sentiment analysis, shareholder value, sharing economy, Sheryl Sandberg, Silicon Valley, Silicon Valley ideology, Snapchat, social bookmarking, social graph, social intelligence, social web, sorting algorithm, Steve Ballmer, Steve Jobs, Steven Levy, systems thinking, TaskRabbit, technological determinism, technological solutionism, technoutopianism, TED Talk, telemarketer, transportation-network company, Travis Kalanick, Turing test, Uber and Lyft, Uber for X, uber lyft, universal basic income, unpaid internship, women in the workforce, Y Combinator, yottabyte, you are the product, Zipcar

Sept. 13, 2013. propublica.org/article/everything-we-know-about-what-data-brokers-know-about-you. 215 TSA sells to debt collectors: Susan Stellin. “Security Check Now Starts Long Before You Fly.” New York Times. Oct. 21, 2013. nytimes.com/2013/10/22/business/security-check-now-starts-long-before-you-fly.html. 215 Experian investigation: Brian Krebs. “Experian Sold Consumer Data to ID Theft Service.” KrebsonSecurity. Oct. 20, 2013. krebsonsecurity.com/2013/10/experian-sold-consumer-data-to-id-theft-service. 215 Identity thieves in Vietnam: Sean Vitka. “Experian-Acquired Data Broker Sold Social Security Numbers to Identity Thieves.” Slate.


pages: 492 words: 153,565

Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon by Kim Zetter

air gap, Ayatollah Khomeini, Brian Krebs, crowdsourcing, data acquisition, Doomsday Clock, drone strike, Edward Snowden, facts on the ground, false flag, Firefox, friendly fire, Google Earth, information retrieval, information security, John Markoff, Julian Assange, Kickstarter, Loma Prieta earthquake, machine readable, Maui Hawaii, military-industrial complex, MITM: man-in-the-middle, Morris worm, pre–internet, RAND corporation, rolling blackouts, Silicon Valley, skunkworks, smart grid, smart meter, South China Sea, Stuxnet, Timothy McVeigh, two and twenty, undersea cable, unit 8200, uranium enrichment, Vladimir Vetrov: Farewell Dossier, WikiLeaks, Y2K, zero day

They had to go public with the news.15 So on July 12, Ulasen posted a brief announcement about the zero-day to his company’s website and to an online English-language security forum, warning that an epidemic of infections was about to break out.16 He divulged few details about the hole it was attacking, to avoid giving copycat hackers information that would help them exploit it. But members of the forum grasped the implications quickly, noting that it had the potential to be “deadly to many.” Three days later, tech journalist Brian Krebs picked up the announcement and wrote a blog post about it, summarizing what little was known about the vulnerability and exploit at the time.17 The news raced through the security community, causing everyone to brace for a wave of assaults expected to come from the worm and copycat attacks using the same exploit.18 In the meantime, the head of an institute in Germany that researched and tested antivirus products brokered an introduction between Ulasen and his contacts at Microsoft, prompting the software company to begin work on a patch.19 But with news of the vulnerability already leaked, Microsoft decided to release an immediate advisory about the critical flaw to customers, along with a few tips advising them how to mitigate their risk of infection in the meantime.


pages: 651 words: 186,130

This Is How They Tell Me the World Ends: The Cyberweapons Arms Race by Nicole Perlroth

4chan, active measures, activist lawyer, air gap, Airbnb, Albert Einstein, Apollo 11, barriers to entry, Benchmark Capital, Bernie Sanders, Big Tech, bitcoin, Black Lives Matter, blood diamond, Boeing 737 MAX, Brexit referendum, Brian Krebs, Citizen Lab, cloud computing, commoditize, company town, coronavirus, COVID-19, crony capitalism, crowdsourcing, cryptocurrency, dark matter, David Vincenzetti, defense in depth, digital rights, disinformation, don't be evil, Donald Trump, driverless car, drone strike, dual-use technology, Edward Snowden, end-to-end encryption, failed state, fake news, false flag, Ferguson, Missouri, Firefox, gender pay gap, George Floyd, global pandemic, global supply chain, Hacker News, index card, information security, Internet of things, invisible hand, Jacob Appelbaum, Jeff Bezos, John Markoff, Ken Thompson, Kevin Roose, Laura Poitras, lockdown, Marc Andreessen, Mark Zuckerberg, mass immigration, Menlo Park, MITM: man-in-the-middle, moral hazard, Morris worm, move fast and break things, mutually assured destruction, natural language processing, NSO Group, off-the-grid, offshore financial centre, open borders, operational security, Parler "social media", pirate software, purchasing power parity, race to the bottom, RAND corporation, ransomware, Reflections on Trusting Trust, rolodex, Rubik’s Cube, Russian election interference, Sand Hill Road, Seymour Hersh, Sheryl Sandberg, side project, Silicon Valley, Skype, smart cities, smart grid, South China Sea, Steve Ballmer, Steve Bannon, Steve Jobs, Steven Levy, Stuxnet, supply-chain attack, TED Talk, the long tail, the scientific method, TikTok, Tim Cook: Apple, undersea cable, unit 8200, uranium enrichment, web application, WikiLeaks, zero day, Zimmermann PGP

A special thanks also to my competitors, who helped flesh out these pages, and push me every day to be a better writer and reporter. It will never be fun matching one another’s stories at 10 P.M. on a Sunday, but ultimately, we are all on the same side. A special shout-out to Joe Menn, Andy Greenberg, Kevin Poulsen, Brian Krebs, Kim Zetter, Ellen Nakashima, and Chris Bing. The idea for this book started when Danielle Svetcov invited me to dinner. Various agents had solicited my interest in writing a book before, but nobody like Danielle. When I first Googled her, I saw she had represented the authors of several cookbooks, including for some of my favorite San Francisco chefs.