Crime Dot Com
From Viruses to Vote Rigging, How Hacking Went Global
Distributed for Reaktion Books
Crime Dot Com
From Viruses to Vote Rigging, How Hacking Went Global
“Brilliantly researched and written.”—Jon Snow, Channel 4 News
“A comprehensive and intelligible account of the elusive world of hacking and cybercrime over the last two decades. . . . Lively, insightful, and, often, alarming.”—Ewen MacAskill, Guardian
On May 4, 2000, an email that read “kindly check the attached LOVELETTER” was sent from a computer in the Philippines. Attached was a virus, the Love Bug, and within days it had been circulated across the globe, paralyzing banks, broadcasters, and businesses in its wake, and extending as far as the UK Parliament and, reportedly, the Pentagon. The outbreak presaged a new era of online mayhem: the age of Crime Dot Com. In this book, investigative journalist Geoff White charts the astonishing development of hacking, from its conception in the United States’ hippy tech community in the 1970s, through its childhood among the ruins of the Eastern Bloc, to its coming of age as one of the most dangerous and pervasive threats to our connected world. He takes us inside the workings of real-life cybercrimes, drawing on interviews with those behind the most devastating hacks and revealing how the tactics employed by high-tech crooks to make millions are being harnessed by nation states to target voters, cripple power networks, and even prepare for cyber-war. From Anonymous to the Dark Web, Ashley Madison to election rigging, Crime Dot Com is a thrilling, dizzying, and terrifying account of hacking, past and present, what the future has in store, and how we might protect ourselves from it.
336 pages | 6 1/4 x 9 1/4
"Journalist White uses the stories of different hacks, dating from the 1980s to the 2016 election, to connect illicit activity on the earliest Internet forums to today's cyberattacks by hacktivists and state-sanctioned hacking teams. He humanizes this history by highlighting the people behind the tech: the Filipino student who unleashed the Love Bug, one of the first global cyberattacks to rely on psychological manipulation; the former cybercriminal who worked with the FBI to bring down Silk Road, a dark Web black market for illegal drugs (a scheme that involved him faking his own death); and the audio producer who lost thousands of dollars in a scam that exploited personal information stolen from telecommunications company TalkTalk. To secure, or 'harden,' systems against cybercrime, White writes, 'it's humans, not necessarily computers, that we need to harden up.'"
Sophie Bushwick | Scientific American
"In this book, investigative journalist White explores some of the more prominent hacking events of the past two decades. White does an excellent job of covering the hacking events, e.g., the Sony hack, the WannaCry virus, various distributed denial of service (DDOS) attacks, the Edward Snowden leaks, and the Russian involvement in the United States 2016 election. . . . White presents them in such a way as to make them easily understandable for a non-technical reader. Anyone who wants a casual read on how cybercrime affects our contemporary world should take the time to read this monograph. Recommended"
"Arguing that cybercrime has grown in power and in danger, journalist White offers a well-written, expertly researched examination of the topic. Relying on published reports and in-depth interviews, the author looks at three different facets: cybercrime gangs, 'hacktivist' movements, and ways in which nation states use cybercrimes. White is at his best when describing this seemingly legally sanctioned hacking, such as in Russia and North Korea. In vivid detail, he explores the 2015 raid on Bangladesh’s Central Bank; the movement Anonymous, which has made attacks on governments; and ways in which data is hacked for profit. . . . This is a fascinating, often gripping read, and a solid update to Brian Krebs’s Spam Nation. . . . For true crime and technology enthusiasts in search of an overview of cybercrime."
“Beginning with a tour of hacks from the 1980s through to the 2016 election (and a thrilling account of the 2015 Bangladesh Central Bank heist), this is a fascinating primer on the dangers of the cyber underworld, which includes hacktivist movements, cyber gangs, and nation-state attacks.”
Globe and Mail
"From pig poop to sunscreen to poker to hackers, the books we love dive deep to tell smart stories about how the world works."
WIRED, "26 of the Most Fascinating Books Read in 2020"
“Brilliantly written and researched, Crime Dot Com is a vivid insight into the scale of the threat to us all from crime born of and facilitated by the digital age.”
Jon Snow, Channel 4 News (UK)
“White offers up a comprehensive and intelligible account of the elusive world of hacking and cybercrime over the last two decades. He ranges from the lone hacktivist to state-sponsored surveillance, from the Love Bug to the Lazarus Group, from Snowden’s revelations to the Huawei controversy. His book is, thankfully, jargon-free, keeping a tight focus on the humans involved rather than the technology. It is lively, insightful and, often, alarming.”
Ewen MacAskill, former chief political correspondent for the "Guardian"
“White writes with insight and flair about a subject that concerns everyone—or should do. Criminals, hooligans, hostile state actors and terrorists attack our computers and networks every minute of every day. Our money, security and freedom are at risk. Yet the public is still pitifully unaware of the threats we face—and what we need to do to protect ourselves at an individual, business, and government level. Crime Dot Com joins the dots, painting a well-informed, easy-to-understand, and up-to-date picture of the mounting dangers caused by our complacency, greed, and ignorance.”
Edward Lucas, author of "Deception: Spies, Lies and How Russia Dupes the West"
"White is one of the most authoritative reporters on cybercrime and Crime Dot Com is an informative, accessible, and entertaining tour of the cyber underworld. If you want to understand everything from ransomware to nation-state attacks on key infrastructure this is an excellent primer."
Rory Cellan-Jones, BBC News
There is a reason cybercrime has surged up the news agenda. It’s not just because of society’s growing dependence on vulnerable technology. And it’s not just because journalists, politicians and powerful institutions are increasingly targeted by hackers. Cybercrime has boomed thanks to a little-noticed confluence of the world’s most powerful hacker groups. In the years since the turn of the millennium, a cross-pollination of tools and tactics between these shadowy operators has shaped the technological threat we see today, elevating cybercrime to an omnipresent hazard. As our society has moved online, they have begun striking at the critical services on which we all rely: our hospitals, power stations, news media and political processes.
There are three forces driving this new wave of attacks: organized cybercrime gangs, ‘hacktivist’ movements and nation-state hackers.
Organized crime has been present from almost the earliest days of computer hacking and has now become firmly entrenched, as its members have realized how much safer it is to rob people and institutions virtually, rather than in person. Their tactics run on a high-volume, low-margin model: if they can steal £5 from a million people the victims might not even notice, but the hackers are still £5 million richer. This has spawned a sophisticated industry that runs its lucrative criminal enterprises like Silicon Valley start-ups. But as the gangs’ indiscriminate attack tools have leaked out, the losses have been far more than simply financial.
Hacktivist groups may have started out as digital protest movements, but their tactics were quickly adopted by cybercriminals and are now being heavily exploited by others with more cynical and sinister motives. Their ability to create publicity and co-opt journalism to their cause has had ruinous effects on their victims, who’ve seen their corporate reputations trashed, and in some cases their companies destroyed entirely
Perhaps most worrying of all, nation states are increasingly getting in on the act, adding hacking teams to the arsenal of weapons available to their military and intelligence establishments. These are not illicit, backroom operations, but rather highly skilled, professional and well-funded outfits. In the past, their work was often stealthy and tightly focused on selected targets. But as you’ll see in this book, that is not how it’s remained.
In recent decades these three groups have emerged and grown in influence as humanity has become increasingly connected and reliant on technology. Now, the worlds they inhabit are starting to merge. Organized crime has adopted the powerful techniques of nation-state hackers. Hacktivists have descended into attacks indistinguishable from those of organized crime. Nation states have harnessed the public shaming tactics of the hacktivists and the devastating, often indiscriminate tools of the online crooks.
The term ‘cybercrime’ might once have been associated mainly with credit card fraud and online bank theft. But thanks to the bleed-across between these three different groups, it’s increasingly difficult to draw clear lines of separation. As this book shows, cybercrime is no longer just about money – what’s being hacked is, in some cases, the very fabric of society.
This book goes inside the murky world of these disparate hacker movements, exploring the fascinating and sometimes littleknown stories of how their crimes are carried out and how they came to collide with each other. It starts with the hippie hackers of the 1970s and traces the path all the way through to the present day – and to our possible futures.
To be clear: it is a male-dominated world. Right now you will find few women, not only among the criminal hacker community but in the legitimate cybersecurity industry. There is evidence that the gender balance is changing, but only gradually.
Writing a book on cybercrime that is simultaneously comprehensive, compelling and concise presents challenges. Hacking attacks that others might consider pivotal have been left out entirely; timelines have been collapsed to speed the story along; and perhaps most heinous of all, much technical detail has been omitted in order to keep this book accessible.
If you are a techie, please bear in mind that this book is aimed at a general audience. Hopefully you will forgive its deficiencies, in the knowledge that less tech-savvy readers might gain from it an insight into and respect for the world you understand so well.
For the non-technical reader: if (as I hope) this fires your enthusiasm for the endlessly fascinating and increasingly important world of cybersecurity, there is a short Further Reading list to be found at the end of the book.
As will become apparent, the cybercrime threat is now so large and so pervasive that our governments, employers and the tech companies themselves stand little chance of protecting us from every attack. If we’re not careful, as technology takes a greater place in the running of our world it is the criminal hackers – those who understand, control and manipulate technology – who will dictate its future. It’s up to us to defend ourselves, and knowledge is the first step.
CHAPTER ONE: MEET THE HACKERS
It’s 30 degrees in the shade and I’m standing, sweating, at the entrance to a sprawling street market in the Quiapo district of Manila, capital of the Philippines.
On a piece of paper I’ve written the name of the person I’m searching for: a Filipino man named Onel de Guzman. I’ve heard he might have worked among the mass of stalls spread out before me . . . maybe . . . several years ago.
I start showing the piece of paper to people at random. It seems an impossible task. The wildest of goose chases.
I don’t know what de Guzman looks like now, because the only photo I have of him is almost twenty years old. Even worse: in the grainy shot, taken at a chaotic press conference, de Guzman is wearing sunglasses and covering his face with a handkerchief.
The young student had good reason to hide. He’d been accused of unleashing the Love Bug, a high-profile and extremely successful virus that had infected an estimated 45 million computers worldwide and caused billions of dollars’ worth of damage.
The virus was groundbreaking. Not because of its technical complexity or the disruption it caused, but because it showed how to utilize something far more powerful than code. It perfectly exploited a weakness not in computers, but in the humans who use them – a tactic that has been used in countless cybercrimes since. But de Guzman had never admitted to anything. He’d mumbled his way through the press conference, given a couple of non-committal interviews to the media and escaped without prosecution. Then he’d gone to ground and hadn’t surfaced in two decades. No social media, no online profile. A ghost in the digital world he’d once been accused of terrorizing.
It had taken me a year to get any kind of lead as to his whereabouts. There were rumours he was in Germany, that he worked for the UN in Austria, that he’d moved to the United States or even that he’d been hired by Microsoft. And now I was stumbling through a market in Manila, showing his name in the hope someone would recognize it.
If I could find him, maybe I could ask him about the virus and whether he understood its impact. And perhaps I could get him to tell me, after twenty years, whether he was really the one behind it.
But as I brandished his name, all I got were blank looks and suspicious questions. Then one of the market stallholders grinned at me.
‘The virus guy? Yeah, I know him.’
Before continuing with Onel de Guzman’s story, it’s important to understand a little about the technological and, more importantly, social tectonic plates that shifted in the years before the Love Bug hit the headlines in 2000.
Such viruses are a relatively recent phenomenon, but they are not without a history. The modern hacker has been decades in the making, and represents a synthesis of several distinct groups. To really understand cybercrime you have to understand how those groups emerged, and to do that, you have to go back to the beginning.
In late 1969, a few months after humans first set foot on the moon, scientists in the u.s. made a breakthrough that would arguably have a greater impact on civilization than NASA’s moonshot.
The Department of Defense had been looking for a reliable way of sending messages between its disparate network of computers. Experts hit upon the idea of breaking the messages up into equal-sized chunks and sending them from one computer to another in a series of hops, using the telephone system. The idea of linking up computers along phone lines wasn’t new: the issue had always been how to do it on a large scale, and with a system that could easily expand to include new entrants. With this new approach, any computer that signed up to a common system could join the group, and thus send and receive chunks of data. This paved the way for smooth and speedy growth as it spread beyond the military. It would create an interconnected network of computers, or ‘Internet’, and the system for relaying the messages from one to the other was known as ‘Internet Protocol’ (IP). Each machine that signed up would have a unique address (an IP address), and to send a chunk from one computer to another would simply involve attaching the right address, so that all the other computers in the chain knew where to send it....