BKCYWRFR.RVW 20101204 "Inside Cyber Warfare", Jeffrey Carr, 2010, 978-0-596-80215-8, U$39.99/C$49.99 %A Jeffrey Carr greylogic.us %C 103 Morris Street, Suite A, Sebastopol, CA 95472 %D 2010 %G 978-0-596-80215-8 0-596-80215-3 %I O'Reilly & Associates, Inc. %O U$39.99/C$49.99 800-998-9938 fax: 707-829-0104 nuts@ora.com %O http://www.amazon.com/exec/obidos/ASIN/0596802153/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0596802153/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0596802153/robsladesin03-20 %O Audience n Tech 1 Writing 2 (see revfaq.htm for explanation) %P 212 p. %T "Inside Cyber Warfare: Mapping the Cyber Underworld" The preface states that this text is an attempt to cover the very broad topic of cyber warfare with enough depth to be interesting without being technically challenging for the reader. Chapter one provides examples of cyber attacks (mostly DDoS [Distributed Denial of Service]), and speculations about future offensives. More detailed stories are given in chapter two, although the reason for the title of "Rise of the Non-State Hacker" isn't really clear. The legal status of cyber warfare, in chapter three, deals primarily with disagreements about military treaties. A guest chapter (four) gives a solid argument for the use of "active defence" (striking back at an attacker) in cyber attacks perceived to be acts of war, based on international law in regard to warfare. The author of the book is the founder of Project Grey Goose, and chapter five talks briefly about some of the events PGG investigated, using them to illustrate aspects of the intelligence component of cyber warfare (and noting some policy weaknesses, such as the difficulties of obtaining the services of US citizens of foreign birth). The social Web is examined in chapter six, noting relative usage in Russia, China, and the middle east, along with use and misuse by military personnel. (The Croll social engineering attack, and Russian scripted attack tools, are also detailed.) Ownership links, and domain registrations, are examined in chapter seven, although in a restricted scope. Some structures of systems supporting organized crime online are noted in chapter eight. Chapter nine provides a limited look at the sources of information used to determine who might be behind an attack. A grab bag of aspects of malware and social networks is compiled to form chapter ten. Chapter eleven lists position papers on the use of cyber warfare from various military services. Chapter twelve is another guest article, looking at options for early warning systems to detect a cyber attack. A host of guest opinions on cyber warfare are presented in chapter thirteen. Carr is obviously, and probably legitimately, concerned that he not disclose information of a sensitive nature that is detrimental to the operations of the people with whom he works. (Somewhat ironically, I reviewed this work while the Wikileaks furor over diplomatic cables was being discussed.) However, he appears to have gone too far. The result is uninteresting for anyone who has any background in cybercrime or related areas. Those who have little to no exposure to security discussions on this scale may find it surprising, but professionals will have little to learn, here. copyright, Robert M. Slade 2010 BKCYWRFR.RVW 20101204