Dear Partners in thought,
I would like to talk to you about “Kingdom of Lies” from Kate Fazzini, formerly a cybersecurity consultant and now the chief reporter on cybersecurity matters for CNBC and a lecturer in Applied Intelligence at Georgetown University. Her book is about being “behind the scenes” of the hackers and counter-hackers in the world today and getting a glimpse, as a hidden guest, of what goes on with these characters on a daily basis.
As you know, cybersecurity is a subject close to my heart having been a seed investor in a UK cybersecurity start-up focused on preventing cyber attacks by making corporates (with a focus on the weaker SMEs that form the supply chain of large groups that are at risk of contagion) and government departments throughout the West, stronger and more resilient to cyber attacks by applying the leading UK Cyber Essentials standards, Britain being arguably the leading cybersecurity country in the West today *. Cybersecurity is never boring and new developments keep happening on a daily basis, the latest being the rise of “false flag” operations where a hacking group hacks another hacking group so their attacks could be passed for theirs, which is a new refinement in cyber warfare. It took two years for the UK’s National Cyber Security Centre and the U.S.’s National Security Agency, the two leading national cyber security agencies, to identify that Oilrig, a hacker group deemed to be linked to Iran was in effect hacked by The Turla Group, which has been linked to Russian intelligence, that exploited Oilrig’s tools to launch cyber attacks in 20 countries with a focus on the Middle East. This story underlines the challenges of establishing clear attribution for cyber attacks, now more than ever, all the more as hackers downplay their affiliations with states, preferring their images as “hacktivists” or “patriotic hackers” like many in Russia (linked to electoral disruptions in the UK, the U.S. or France in recent years) or like with the de facto Bashar al-Assad sponsored Syrian Electronic Army.
KF’s book as she puts it is one of “unnerving adventures in the world of cybercrime”. It is quite different from the usual fare as it shows black and white hats in action, so-called ethical hackers, cyber-criminals passing for penetration agents who just hacked so you could be stronger afterwards (for a fee and freeing your files of course), government-sponsored hackers – the whole gamut. Quite a young one too… We go deeply into the cybersecurity apparatus of a top US bank (renamed Now Bank…) where politics is also key and cyber specialists are quickly replaced by big ex-government names to run these outfits (with budget battles like in any corporate organisations)…We run into ex-CIA and law enforcement officers reborn as cyber warriors for financial institutions. “Startup centres” in Romania (a Transylvanian “Hackerville”), Russian government experts crossing back and forth between the white (read government-sponsored work) and black worlds (where they simply made money but were never harassed by the local authorities). Chinese waiters (happening to be ex-PLA military) at Shanghai Western-liked bars enhancing their revenues by stealing data from Western companies and naive customers using plugs they should not, first for government and then to monetise it… Various ways of making money from social engineering, stealing files, threatening to release embarrassing emails from business leaders, emptying ATMs…The author makes the case that many cyber criminals and good guys are not all IT or computer specialists, saying that one can be an “expert” (or say proficient) in six weeks and what counts is personality and drive. We read about Renée, this young Romanian teenager who became famous for her persuasion skills, making sure targets were not only paying fully to get their stolen information freed but were also happy about it and the experience.
Kingdom of Lies is quite an entertaining book, even if lacking a bit of structure and is often compared to Michael Lewis’s work in the financial sphere like with “Liar’s Poker” and other pieces such as the one on the sub-debt crisis: “The Big Short”. In other words, non-fiction looking like fiction…(sadly!). It is definitely a good read for those who want to educate themselves on cyber warfare but are not necessarily willing to go deeply into the tech side of the subject matter.
For more information on Cyber Essentials Direct Limited, please visit http://www.cyberessentialsdirect.com and their latest branded product, 360 Cyber Protection http://www.360cyberprotection.eu . I will be very happy to introduce you to CEDL should the entity you work for or those you know had a preventive need in matters cybersecurity. Similarly should you have any needs in security strategy formulation and all facets of security, including protection of all sorts, I will be very happy to introduce you to Head Security Solutions, a new full services security company established by a close friend who is also a former senior British law enforcement officer with City of London and national roles in the fields of intelligence, counter-terrorism and economic crime among other key areas and Chief Security Officer (CSO/CISO) at Virgin Money http://www.headsecuritysolutions.com