The Lure: The True Story of How the Department of Justice Brought Down Two of The World's Most Dangerous Cyber Criminals |
List Price: | $24.99 |
Price: | $15.66 & eligible for FREE Super Saver Shipping on orders over $25. Details |
Availability: Usually ships in 24 hours
Ships from and sold by Amazon.com
21 new or used available from $15.66
Average customer review:(4 customer reviews)
Product Description
Beginning in the fall of 1999, a number of Internet-related businesses and financial institutions in the United States suffered computer intrusions or "hacks" that originated from Russia. The hackers gained control of the victims' computers, copied and stole private data that included credit card information, and threatened to publish or use the stolen credit cards or inflict damage on the compromised computers unless the victims paid money or gave the hackers a job. Some of the companies gave in and paid off the hackers. Some decided not to. The hackers responded by shutting down parts of their networks and using stolen credit card numbers to order thousands of dollars' worth of computer equipment. THE LURE is the true, riveting story of how these Russian hackers, who bragged that the laws in their country offered them no threat, and who mocked the inability of the FBI to catch them, were caught by an FBI lure designed to appeal to their egos and their greed. The story of the sting operation and subsequent trial is told for the first time here by the Department of Justice's attorney for the prosecution. This fascinating story reads like a crime thriller, but also offers a wealth of information that can be used by IT professionals, business managers, lawyers, and academics who wish to learn how to protect systems from abuse, and who want to respond appropriately to network incidents. It also provides insight into the hacker's world and explains how their own words and actions were used against them in a court of law; the evidence provided is in the raw, uncensored words of the hackers themselves. This is a multi-layered true crime story, a real-life law and order story that explains how hackers and computer thieves operate, how the FBI takes them down, and how the Department of Justice prosecutes them in the courtroom.
Amazon Exclusive: Q&A with Author Steve Schroeder
Amazon.com:
|
Steve Schroeder:
I wrote The Lure primarily because it is a great story. Had the events not actually happened, they would make the basis for a good novel. I worked hard to keep the language accessible so that non-techies could enjoy it.
In addition, when the case was prosecuted, it generated a lot of publicity--most of it positive--and my colleagues and I who worked on it began to get invitations to speak about the investigation and trial. We appeared at universities and security conferences throughout the nation, and two of us, Phil Attfield and I, were even invited to Taipei to make presentations. Each time that we did so, the attendees would pester us for materials to use in their own training programs. There is, it seems, a dearth of real-world computer crime materials available for training. The reason for the short supply of real logs and other forensic evidence is simple. Computer intrusion cases are complex, and most of them are settled by means of a guilty plea prior to trial, as was the case in the [Kevin] Mitnick prosecution. Under Federal privacy laws governing criminal investigative files, those files are protected from public disclosure unless they are admitted into evidence at a trial or other court proceeding. Consequently, the logs and other forensic evidence in the vast majority of cases are not available for use in training and classroom settings. This book is an effort, among other things, to make much information available.
Amazon.com:
Your career as a prosecutor began before cybercrime became well known. What was it like to make the move into dealing with this new kind of crime?
Steve Schroeder:
I believe that learning is a lifelong process that helps to keep one engaged. About two-thirds of the way through my career, I had an opportunity to redefine myself when the agencies with which I was working on two major fraud cases began using databases to organize the evidence. I had to learn how to manipulate the databases from the command prompt in order to keep up. So, when two young hackers broke into the Unix-based computer system at the Federal Courthouse in the early '90s, I got the case. ("Didn't Schroeder work with computers?") I began working closely with the Computer Crime Unit in the Department of Justice, and was able to go to a number of weeklong computer and computer crime training sessions, including one at the FBI Academy. As I began to work almost exclusively on computer crime issues, my job was not to become a techie but to learn enough so that I could talk to and understand the techies. Because it was such a new field, one who concentrated on it could quickly rise above the pack. It was a lot of fun.
Amazon.com:
What's the most difficult problem that law enforcement faces when confronting computer crime?
Steve Schroeder:
Computer crimes, in many respects, are crimes without borders. In any event, computers do not recognize borders and computer crimes are commonly multi-jurisdictional. So simply figuring out how to obtain evidence from another state or nation is a constant problem. In addition, the difficulty in obtaining evidence from other legally constituted government entities compounds the ultimate problem in computer crime cases--attribution. While it is usually possible to identify the computer from which criminal acts are being committed by obtaining connectivity logs, law enforcement must also prove whose butt was in the chair in front of that computer at the relevant time. This is often not a technical problem, but one more familiar to traditional police work.
Amazon.com:
The two Russian hackers you helped capture and put away had cracked and manipulated systems around the world, while apparently untroubled by the laws of Russia. Are national borders a constant challenge when dealing with international cybercriminals? Do some countries provide havens for computer crime?
Steve Schroeder:
National borders are a constant challenge. Our multiple attempts to get help from the Russian authorities in the case which is the subject of The Lure went unanswered. The situation today is much better than it was then. The United States is working actively with nations all over the world, encouraging them to enact computer crime statutes and working out the procedures by which digitized evidence can be quickly preserved and exchanged between nations.
Because international law often requires reciprocity (acts must be crimes in both jurisdictions), it is critical that as many nations as possible enact computer crime statutes. In the mid '90s I was unable to extradite a young scoundrel from New Zealand who had caused immense damage to the University of Washington network, because hacking was not a crime in his own country. (It is now.) There are certainly still countries in the world where attacks on computers located somewhere else are not prosecuted.
Even at the state level in this country there are barriers. The states only have jurisdiction (legal authority) to compel evidence within their own borders. While they can get evidence from other states through cooperative agreements, the process can be cumbersome and expensive.
Amazon.com:
How well are governments and the law able to keep up with the rapid advances in technology?
Steve Schroeder:
Federal law has done surprisingly well in keeping up. The Federal Computer Fraud and Abuse Act was enacted in 1984, and has been amended a number of times, usually to expand its coverage. The Act's definitions (of "computer," for example) were broad enough to continue to apply even as the technology continued to evolve. Congress also enacted the Stored Communications Act in 1986, establishing privacy protections for email, nearly ten years before it was commonly used.
Governments struggle to keep up with technology. Equipment and training are often given a low priority, especially in these days of declining revenues. This will continue to be a serious problem.
Amazon.com:
The two hackers exploited security holes that, at least in some cases, were relatively common at the time. What's your opinion on the state of credit card and computer security today?
Steve Schroeder:
The two hackers in the book exploited vulnerabilities that were known and for which patches had been published. One software package (SQL) installed with a user name of "sa" for system administrator and a blank password field. Approximately one-quarter of the packages were installed on business servers without those fields being changed. That made it trivially easy for hackers to break into those systems. The high incidence of system administrators' not keeping their networks current as to upgrades and security patches continues to be a problem. It is commonplace to read in the news about the compromise of a large database of credit card transactions. Many companies, however, especially the larger ones like Amazon.com and PayPal, do an excellent job of protecting the private financial information of their customers.
Amazon.com:
With your experience in combating computer crime, what advice would you offer to readers concerned for the security of their own accounts or businesses?
Steve Schroeder:
- Keep your anti-virus software up to date. Anti-virus software that is out of date is only marginally better than no protection at all.
- Use a firewall.
- Use a complex password that is at least 12 characters long and does not consist of common words or names. It should contain upper- and lowercase letters as well as numbers and characters. You can use the first letters of words in a sentence, a phrase, or even a line of poetry as a memory aid.
- Make sure that your Wi-Fi hub has good security and can only be accessed by registered machines.
- Shred unsolicited credit card offers and other financial documents. Better yet, contact the credit reporting agencies and tell them not to release your information unless you actually apply for credit.
- Small business proprietors need to understand that the use of SSL encryption or other "secure" services such as "https" protect data from being compromised only while it is in transit, but do nothing to secure the information while it's in storage on their own servers.
- Small businesses often ignore the need for good, professional security measures because they are expensive for the business and inconvenient for the users, and do not generate revenue. A single system "incident," however, can cause catastrophic losses for a small or medium-sized business. Good security for your system is a wise and prudent investment.
- Transaction records should be strongly encrypted in storage, as well as in transmission, or removed entirely from machines that are accessible from the Internet as soon as they have cleared.
- Upgrades and security patches to operating systems and other software must constantly be kept up to date.
And yes, I do use my credit card on the Internet.
Product Details
- Amazon Sales Rank: #168134 in Books
- Published on: 2011-02-14
- Original language: English
- Number of items: 1
- Binding: Paperback
- 560 pages
Customer Reviews
Most helpful customer reviews
4 of 4 people found the following review helpful.
Fascinating Story and a Primer for Internet Investigations
By Hackerbuff
This is a story about a groundbreaking investigation and prosecution set in what were the relatively early days of Internet commercial activity. Steve Schroeder outlines a rare instance of several FBI and US Attorney offices joining together to conduct a highly complex, global investigation of Internet extortion, hacking and theft, and cutting-edge organized criminal activity. He walks the reader through how the agents and prosecutors used existing investigative tools in what was (and still is) often a very dysfunctional international arena where cross-border cooperation was almost non-existent. He outlines a rare lure of the individual involved from Russia who had breached scores of banks and credit card processing centers, the engines of what was then a nascent and very fast growing Internet economy. He describes what is the first recorded international law enforcement cross-border seizure of data, weaving exciting successes with what are often mundane and even humorous challenges criminal investigators face in their work. This book is a must read for anyone who wants to be an Internet investigator or cyber prosecutor. The Gorshkov care was exceptional then, but seem even rarer today. An excellent account about what really happens in a criminal investigation and prosecution of internet criminal activity. It is a fun read and would make an excellent movie.
0 of 0 people found the following review helpful.
Fantastic, if you're the niche audience... otherwise a good read
By scot16897
This book is for a core audience of professionals, and for those people, it's darn near perfect. (The publisher is CoursePTR, and according to its website, the PTR stands for Professional Technical Reference.) For those with a passing interest in it only, it is a good, if challenging read.
You will find it to fascinating if you are 1) a computer security person, 2) a lawyer interested in cybercrime, or 3) a person with a keen interest in either of these fields.
If this is you, you will find this book deeply engrossing and instructive for the following reasons:
A) The author, the lead prosecutor on the case, has thoroughly mastered the subject matter and presents it in a manner which is as straightforward as computer intrusions can be.
B) The story itself is very interesting. In an age of e-commerce, this was one of the first tales of its kind in which the whole story is learned, and not just the victim's perspective.
C) It addresses how the U.S. legal system adapts to new technology while preserving the protection of U.S. Constitutional interests.
D) Readers will be educated a great deal not only about computer intrusion, but also the law and court procedure,
Having said that, the narrative doesn't necessarily lend itself to a wide audience, nor is it necessarily intended to.
The book is split into distinctive sections, the Investigation and the Trial. While the Investigation reads quite easily, the Trial section bogs down with a re-telling of the investigation, from a witness by witness perspective. It doesn't flow or grip the reader, the repetition does create some tedium, and it does get too detailed at times.
If you are mildly interested, it's probably about 3.5 stars. If you have serious interest, buy it immediately, as it is a 5 star read.
0 of 0 people found the following review helpful.
Gripping
By Mr. W. B. Vandergraaf
This book is the story of how the FBI tricked two young Russian credit card hackers by posing as potential employers in the USA. This subterfuge resulted in their "voluntary extradition" to the US where they happily displayed their hacking credentials. Despite being caught 'red handed', they pleaded not guilty and went on, as such persons do, to perpetuate their dishonesty by trying to lie their way through the Court system, which of course sometimes succeeds. The author, one of the prosecuting attorneys goes on to describe the sophistry employed by the brazen defendants and their skilled counsel. Though the duty of the prosecutor is sacred, all too often the practice of the defense is profane, with insinuation, bullying and deceit the unpleasant but common tools of this trade. The investigation and trial was a legal minefield. The author walks us through this minefield with genuine enthusiasm and skill.
The actions taken by the Government at the time caused a furore in Russia. Even today, despite having a well resourced Department 'K', the apparent unwillingness of Russia to co-operate with anyone else to fight organised crime of any type is perplexing. Too busy perhaps investigating the too frequent unsolved assassinations of non compliant independent journalists?
This story is as relevant today as it was 10 years ago. This milieu of cyberthieves is now, unfortunately more organised, widespread and defensive than ever. It sends out a challenge to Police Chiefs everywhere to get ready and stay ready.
You might think that this type of book would be soporific, but I couldn't put it down. Mr Schroeder helpfully sprinkles the narrative with the relevant legal principles, which is especially interesting for those who aren't familiar with US law.
A great read and well worth putting on the public record. Well done to the FBI team and the prosecutors who secured these convictions.
This book is a must for anyone interested in or engaged in cyber securty, investigations and prosecutions.
No comments:
Post a Comment