Matt Curtin: Brute Force: Cracking the Data Encryption Standard (2005)

In the 1960s, it became increasingly clear that more and more information was going to be stored on computers, not on pieces of paper. With these changes in technology and the ways it was used came a need to protect both the systems and the information. For the next ten years, encryption systems of varying strengths were developed, but none proved to be rigorous enough. In 1973, the NBS put out an open call for a new, stronger encryption system that would become the new federal standard. Several years later, IBM responded with a system called Lucifer that came to simply be known as DES (data encryption standard).

The strength of an encryption system is best measured by the attacks it is able to withstand, and because DES was the federal standard, many tried to test its limits. (It should also be noted that a number of cryptographers and computer scientists told the NSA that DES was not nearly strong enough and would be easily hacked.) Rogue hackers, usually out to steal as much information as possible, tried to break DES. A number of “white hat” hackers also tested the system and reported on their successes. Still others attacked DES because they believed it had outlived its effectiveness and was becoming increasingly vulnerable. The sum total of these efforts to use all of the possible keys to break DES over time made for a brute force attack.

In 1996, the supposedly uncrackable DES was broken. In this captivating and intriguing book, Matt Curtin charts DES’s rise and fall and chronicles the efforts of those who were determined to master it.

Publisher Springer, 2005
Copernicus Series
ISBN 0387201092, 9780387201092
291 pages

wikipedia
publisher
google books

PDF

McAfee: Revealed: Operation Shady RAT (2011)

“What we have witnessed over the past five to six years has been nothing short of a historically unprecedented transfer of wealth — closely guarded national secrets (including from classified government networks), source code, bug databases, email archives, negotiation plans and exploration details for new oil and gas field auctions, document stores, legal contracts, SCADA configurations, design schematics and much more has “fallen off the truck” of numerous, mostly Western companies and disappeared in the ever-growing electronic archives of dogged adversaries.

What is happening to all this data — by now reaching petabytes as a whole — is still largely an open question. However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team’s playbook), the loss represents a massive economic threat not just to individual companies and industries but to entire countries that face the prospect of decreased economic growth in a suddenly more competitive landscape and the loss of jobs in industries that lose out to unscrupulous competitors in another part of the world, not to mention the national security impact of the loss of sensitive intelligence or defense information.

Yet, the public (and often the industry) understanding of this significant national security threat is largely minimal due to the very limited number of voluntary disclosures by victims of intrusion activity compared to the actual number of compromises that take place. With the goal of raising the level of public awareness today we are publishing the most comprehensive analysis ever revealed of victim profiles from a five year targeted operation by one specific actor — Operation Shady RAT, as I have named it at McAfee (RAT is a common acronym in the industry which stands for Remote Access Tool). ” (author)

Revealed: Operation Shady RAT: An investigation of targeted intrusions into 70+ global companies, governments and non-profit organizations during the last 5 years
White paper
by Dmitri Alperovitch, VP Threat Research, McAfee
Published 2 August 2011
14 pages

author’s blog entry
author’s tweet
further coverage (Vanity Fair)
further coverage (Security Week)
further coverage (Reuters)
further coverage (Guardian)

PDF (updated on 2017-11-24)

Kevin Poulsen: Kingpin: How One Hacker Took Over the Billion Dollar Cyber Crime Underground (2011)

Former hacker Kevin Poulsen has, over the past decade, built a reputation as one of the top investigative reporters on the cybercrime beat. In Kingpin, he pours his unmatched access and expertise into book form for the first time, delivering a gripping cat-and-mouse narrative—and an unprecedented view into the twenty-first century’s signature form of organized crime.

The word spread through the hacking underground like some unstoppable new virus: Someone—some brilliant, audacious crook—had just staged a hostile takeover of an online criminal network that siphoned billions of dollars from the US economy.

The FBI rushed to launch an ambitious undercover operation aimed at tracking down this new kingpin; other agencies around the world deployed dozens of moles and double agents. Together, the cybercops lured numerous unsuspecting hackers into their clutches. . . . Yet at every turn, their main quarry displayed an uncanny ability to sniff out their snitches and see through their plots.

The culprit they sought was the most unlikely of criminals: a brilliant programmer with a hippie ethic and a supervillain’s double identity. As prominent “white-hat” hacker Max “Vision” Butler, he was a celebrity throughout the programming world, even serving as a consultant to the FBI. But as the black-hat “Iceman,” he found in the world of data theft an irresistible opportunity to test his outsized abilities. He infiltrated thousands of computers around the country, sucking down millions of credit card numbers at will. He effortlessly hacked his fellow hackers, stealing their ill-gotten gains from under their noses. Together with a smooth-talking con artist, he ran a massive real-world crime ring.

And for years, he did it all with seeming impunity, even as countless rivals ran afoul of police.

Yet as he watched the fraudsters around him squabble, their ranks riddled with infiltrators, their methods inefficient, he began to see in their dysfunction the ultimate challenge: He would stage his coup and fix what was broken, run things as they should be run—even if it meant painting a bull’s-eye on his forehead.

Through the story of this criminal’s remarkable rise, and of law enforcement’s quest to track him down, Kingpin lays bare the workings of a silent crime wave still affecting millions of Americans. In these pages, we are ushered into vast online-fraud supermarkets stocked with credit card numbers, counterfeit checks, hacked bank accounts, dead drops, and fake passports. We learn the workings of the numerous hacks—browser exploits, phishing attacks, Trojan horses, and much more—these fraudsters use to ply their trade, and trace the complex routes by which they turn stolen data into millions of dollars. And thanks to Poulsen’s remarkable access to both cops and criminals, we step inside the quiet, desperate arms race that law enforcement continues to fight with these scammers today.

Ultimately, Kingpin is a journey into an underworld of startling scope and power, one in which ordinary American teenagers work hand in hand with murderous Russian mobsters and where a simple Wi-Fi connection can unleash a torrent of gold worth millions.

Publisher Crown Publishing Group, 2011
ISBN 0307588688, 9780307588685
288 pages

author
publisher
google books

PDF (EPUB)