9781789144437
9781789142860
From Anonymous to the Dark Web, a dizzying account of hacking—past, present, and future.
“Brilliantly researched and written.”—Jon Snow, Channel 4 News
“A comprehensive and intelligible account of the elusive world of hacking and cybercrime over the last two decades. . . . Lively, insightful, and, often, alarming.”—Ewen MacAskill, Guardian
On May 4, 2000, an email that read “kindly check the attached LOVELETTER” was sent from a computer in the Philippines. Attached was a virus, the Love Bug, and within days it had been circulated across the globe, paralyzing banks, broadcasters, and businesses in its wake, and extending as far as the UK Parliament and, reportedly, the Pentagon. The outbreak presaged a new era of online mayhem: the age of Crime Dot Com. In this book, investigative journalist Geoff White charts the astonishing development of hacking, from its conception in the United States’ hippy tech community in the 1970s, through its childhood among the ruins of the Eastern Bloc, to its coming of age as one of the most dangerous and pervasive threats to our connected world. He takes us inside the workings of real-life cybercrimes, drawing on interviews with those behind the most devastating hacks and revealing how the tactics employed by high-tech crooks to make millions are being harnessed by nation states to target voters, cripple power networks, and even prepare for cyber-war. From Anonymous to the Dark Web, Ashley Madison to election rigging, Crime Dot Com is a thrilling, dizzying, and terrifying account of hacking, past and present, what the future has in store, and how we might protect ourselves from it.
“Brilliantly researched and written.”—Jon Snow, Channel 4 News
“A comprehensive and intelligible account of the elusive world of hacking and cybercrime over the last two decades. . . . Lively, insightful, and, often, alarming.”—Ewen MacAskill, Guardian
On May 4, 2000, an email that read “kindly check the attached LOVELETTER” was sent from a computer in the Philippines. Attached was a virus, the Love Bug, and within days it had been circulated across the globe, paralyzing banks, broadcasters, and businesses in its wake, and extending as far as the UK Parliament and, reportedly, the Pentagon. The outbreak presaged a new era of online mayhem: the age of Crime Dot Com. In this book, investigative journalist Geoff White charts the astonishing development of hacking, from its conception in the United States’ hippy tech community in the 1970s, through its childhood among the ruins of the Eastern Bloc, to its coming of age as one of the most dangerous and pervasive threats to our connected world. He takes us inside the workings of real-life cybercrimes, drawing on interviews with those behind the most devastating hacks and revealing how the tactics employed by high-tech crooks to make millions are being harnessed by nation states to target voters, cripple power networks, and even prepare for cyber-war. From Anonymous to the Dark Web, Ashley Madison to election rigging, Crime Dot Com is a thrilling, dizzying, and terrifying account of hacking, past and present, what the future has in store, and how we might protect ourselves from it.
Reviews
Excerpt
INTRODUCTION
There is a reason cybercrime has surged up the news agenda. It’s not just because of society’s growing dependence on vulnerable technology. And it’s not just because journalists, politicians and powerful institutions are increasingly targeted by hackers. Cybercrime has boomed thanks to a little-noticed confluence of the world’s most powerful hacker groups. In the years since the turn of the millennium, a cross-pollination of tools and tactics between these shadowy operators has shaped the technological threat we see today, elevating cybercrime to an omnipresent hazard. As our society has moved online, they have begun striking at the critical services on which we all rely: our hospitals, power stations, news media and political processes.
There are three forces driving this new wave of attacks: organized cybercrime gangs, ‘hacktivist’ movements and nation-state hackers.
Organized crime has been present from almost the earliest days of computer hacking and has now become firmly entrenched, as its members have realized how much safer it is to rob people and institutions virtually, rather than in person. Their tactics run on a high-volume, low-margin model: if they can steal £5 from a million people the victims might not even notice, but the hackers are still £5 million richer. This has spawned a sophisticated industry that runs its lucrative criminal enterprises like Silicon Valley start-ups. But as the gangs’ indiscriminate attack tools have leaked out, the losses have been far more than simply financial.
Hacktivist groups may have started out as digital protest movements, but their tactics were quickly adopted by cybercriminals and are now being heavily exploited by others with more cynical and sinister motives. Their ability to create publicity and co-opt journalism to their cause has had ruinous effects on their victims, who’ve seen their corporate reputations trashed, and in some cases their companies destroyed entirely
Perhaps most worrying of all, nation states are increasingly getting in on the act, adding hacking teams to the arsenal of weapons available to their military and intelligence establishments. These are not illicit, backroom operations, but rather highly skilled, professional and well-funded outfits. In the past, their work was often stealthy and tightly focused on selected targets. But as you’ll see in this book, that is not how it’s remained.
In recent decades these three groups have emerged and grown in influence as humanity has become increasingly connected and reliant on technology. Now, the worlds they inhabit are starting to merge. Organized crime has adopted the powerful techniques of nation-state hackers. Hacktivists have descended into attacks indistinguishable from those of organized crime. Nation states have harnessed the public shaming tactics of the hacktivists and the devastating, often indiscriminate tools of the online crooks.
The term ‘cybercrime’ might once have been associated mainly with credit card fraud and online bank theft. But thanks to the bleed-across between these three different groups, it’s increasingly difficult to draw clear lines of separation. As this book shows, cybercrime is no longer just about money – what’s being hacked is, in some cases, the very fabric of society.
This book goes inside the murky world of these disparate hacker movements, exploring the fascinating and sometimes littleknown stories of how their crimes are carried out and how they came to collide with each other. It starts with the hippie hackers of the 1970s and traces the path all the way through to the present day – and to our possible futures.
To be clear: it is a male-dominated world. Right now you will find few women, not only among the criminal hacker community but in the legitimate cybersecurity industry. There is evidence that the gender balance is changing, but only gradually.
Writing a book on cybercrime that is simultaneously comprehensive, compelling and concise presents challenges. Hacking attacks that others might consider pivotal have been left out entirely; timelines have been collapsed to speed the story along; and perhaps most heinous of all, much technical detail has been omitted in order to keep this book accessible.
If you are a techie, please bear in mind that this book is aimed at a general audience. Hopefully you will forgive its deficiencies, in the knowledge that less tech-savvy readers might gain from it an insight into and respect for the world you understand so well.
For the non-technical reader: if (as I hope) this fires your enthusiasm for the endlessly fascinating and increasingly important world of cybersecurity, there is a short Further Reading list to be found at the end of the book.
As will become apparent, the cybercrime threat is now so large and so pervasive that our governments, employers and the tech companies themselves stand little chance of protecting us from every attack. If we’re not careful, as technology takes a greater place in the running of our world it is the criminal hackers – those who understand, control and manipulate technology – who will dictate its future. It’s up to us to defend ourselves, and knowledge is the first step.
CHAPTER ONE: MEET THE HACKERS
It’s 30 degrees in the shade and I’m standing, sweating, at the entrance to a sprawling street market in the Quiapo district of Manila, capital of the Philippines.
On a piece of paper I’ve written the name of the person I’m searching for: a Filipino man named Onel de Guzman. I’ve heard he might have worked among the mass of stalls spread out before me . . . maybe . . . several years ago.
I start showing the piece of paper to people at random. It seems an impossible task. The wildest of goose chases.
I don’t know what de Guzman looks like now, because the only photo I have of him is almost twenty years old. Even worse: in the grainy shot, taken at a chaotic press conference, de Guzman is wearing sunglasses and covering his face with a handkerchief.
The young student had good reason to hide. He’d been accused of unleashing the Love Bug, a high-profile and extremely successful virus that had infected an estimated 45 million computers worldwide and caused billions of dollars’ worth of damage.
The virus was groundbreaking. Not because of its technical complexity or the disruption it caused, but because it showed how to utilize something far more powerful than code. It perfectly exploited a weakness not in computers, but in the humans who use them – a tactic that has been used in countless cybercrimes since. But de Guzman had never admitted to anything. He’d mumbled his way through the press conference, given a couple of non-committal interviews to the media and escaped without prosecution. Then he’d gone to ground and hadn’t surfaced in two decades. No social media, no online profile. A ghost in the digital world he’d once been accused of terrorizing.
It had taken me a year to get any kind of lead as to his whereabouts. There were rumours he was in Germany, that he worked for the UN in Austria, that he’d moved to the United States or even that he’d been hired by Microsoft. And now I was stumbling through a market in Manila, showing his name in the hope someone would recognize it.
If I could find him, maybe I could ask him about the virus and whether he understood its impact. And perhaps I could get him to tell me, after twenty years, whether he was really the one behind it.
But as I brandished his name, all I got were blank looks and suspicious questions. Then one of the market stallholders grinned at me.
‘The virus guy? Yeah, I know him.’
Before continuing with Onel de Guzman’s story, it’s important to understand a little about the technological and, more importantly, social tectonic plates that shifted in the years before the Love Bug hit the headlines in 2000.
Such viruses are a relatively recent phenomenon, but they are not without a history. The modern hacker has been decades in the making, and represents a synthesis of several distinct groups. To really understand cybercrime you have to understand how those groups emerged, and to do that, you have to go back to the beginning.
In late 1969, a few months after humans first set foot on the moon, scientists in the u.s. made a breakthrough that would arguably have a greater impact on civilization than NASA’s moonshot.
The Department of Defense had been looking for a reliable way of sending messages between its disparate network of computers. Experts hit upon the idea of breaking the messages up into equal-sized chunks and sending them from one computer to another in a series of hops, using the telephone system. The idea of linking up computers along phone lines wasn’t new: the issue had always been how to do it on a large scale, and with a system that could easily expand to include new entrants. With this new approach, any computer that signed up to a common system could join the group, and thus send and receive chunks of data. This paved the way for smooth and speedy growth as it spread beyond the military. It would create an interconnected network of computers, or ‘Internet’, and the system for relaying the messages from one to the other was known as ‘Internet Protocol’ (IP). Each machine that signed up would have a unique address (an IP address), and to send a chunk from one computer to another would simply involve attaching the right address, so that all the other computers in the chain knew where to send it....
There is a reason cybercrime has surged up the news agenda. It’s not just because of society’s growing dependence on vulnerable technology. And it’s not just because journalists, politicians and powerful institutions are increasingly targeted by hackers. Cybercrime has boomed thanks to a little-noticed confluence of the world’s most powerful hacker groups. In the years since the turn of the millennium, a cross-pollination of tools and tactics between these shadowy operators has shaped the technological threat we see today, elevating cybercrime to an omnipresent hazard. As our society has moved online, they have begun striking at the critical services on which we all rely: our hospitals, power stations, news media and political processes.
There are three forces driving this new wave of attacks: organized cybercrime gangs, ‘hacktivist’ movements and nation-state hackers.
Organized crime has been present from almost the earliest days of computer hacking and has now become firmly entrenched, as its members have realized how much safer it is to rob people and institutions virtually, rather than in person. Their tactics run on a high-volume, low-margin model: if they can steal £5 from a million people the victims might not even notice, but the hackers are still £5 million richer. This has spawned a sophisticated industry that runs its lucrative criminal enterprises like Silicon Valley start-ups. But as the gangs’ indiscriminate attack tools have leaked out, the losses have been far more than simply financial.
Hacktivist groups may have started out as digital protest movements, but their tactics were quickly adopted by cybercriminals and are now being heavily exploited by others with more cynical and sinister motives. Their ability to create publicity and co-opt journalism to their cause has had ruinous effects on their victims, who’ve seen their corporate reputations trashed, and in some cases their companies destroyed entirely
Perhaps most worrying of all, nation states are increasingly getting in on the act, adding hacking teams to the arsenal of weapons available to their military and intelligence establishments. These are not illicit, backroom operations, but rather highly skilled, professional and well-funded outfits. In the past, their work was often stealthy and tightly focused on selected targets. But as you’ll see in this book, that is not how it’s remained.
In recent decades these three groups have emerged and grown in influence as humanity has become increasingly connected and reliant on technology. Now, the worlds they inhabit are starting to merge. Organized crime has adopted the powerful techniques of nation-state hackers. Hacktivists have descended into attacks indistinguishable from those of organized crime. Nation states have harnessed the public shaming tactics of the hacktivists and the devastating, often indiscriminate tools of the online crooks.
The term ‘cybercrime’ might once have been associated mainly with credit card fraud and online bank theft. But thanks to the bleed-across between these three different groups, it’s increasingly difficult to draw clear lines of separation. As this book shows, cybercrime is no longer just about money – what’s being hacked is, in some cases, the very fabric of society.
This book goes inside the murky world of these disparate hacker movements, exploring the fascinating and sometimes littleknown stories of how their crimes are carried out and how they came to collide with each other. It starts with the hippie hackers of the 1970s and traces the path all the way through to the present day – and to our possible futures.
To be clear: it is a male-dominated world. Right now you will find few women, not only among the criminal hacker community but in the legitimate cybersecurity industry. There is evidence that the gender balance is changing, but only gradually.
Writing a book on cybercrime that is simultaneously comprehensive, compelling and concise presents challenges. Hacking attacks that others might consider pivotal have been left out entirely; timelines have been collapsed to speed the story along; and perhaps most heinous of all, much technical detail has been omitted in order to keep this book accessible.
If you are a techie, please bear in mind that this book is aimed at a general audience. Hopefully you will forgive its deficiencies, in the knowledge that less tech-savvy readers might gain from it an insight into and respect for the world you understand so well.
For the non-technical reader: if (as I hope) this fires your enthusiasm for the endlessly fascinating and increasingly important world of cybersecurity, there is a short Further Reading list to be found at the end of the book.
As will become apparent, the cybercrime threat is now so large and so pervasive that our governments, employers and the tech companies themselves stand little chance of protecting us from every attack. If we’re not careful, as technology takes a greater place in the running of our world it is the criminal hackers – those who understand, control and manipulate technology – who will dictate its future. It’s up to us to defend ourselves, and knowledge is the first step.
CHAPTER ONE: MEET THE HACKERS
It’s 30 degrees in the shade and I’m standing, sweating, at the entrance to a sprawling street market in the Quiapo district of Manila, capital of the Philippines.
On a piece of paper I’ve written the name of the person I’m searching for: a Filipino man named Onel de Guzman. I’ve heard he might have worked among the mass of stalls spread out before me . . . maybe . . . several years ago.
I start showing the piece of paper to people at random. It seems an impossible task. The wildest of goose chases.
I don’t know what de Guzman looks like now, because the only photo I have of him is almost twenty years old. Even worse: in the grainy shot, taken at a chaotic press conference, de Guzman is wearing sunglasses and covering his face with a handkerchief.
The young student had good reason to hide. He’d been accused of unleashing the Love Bug, a high-profile and extremely successful virus that had infected an estimated 45 million computers worldwide and caused billions of dollars’ worth of damage.
The virus was groundbreaking. Not because of its technical complexity or the disruption it caused, but because it showed how to utilize something far more powerful than code. It perfectly exploited a weakness not in computers, but in the humans who use them – a tactic that has been used in countless cybercrimes since. But de Guzman had never admitted to anything. He’d mumbled his way through the press conference, given a couple of non-committal interviews to the media and escaped without prosecution. Then he’d gone to ground and hadn’t surfaced in two decades. No social media, no online profile. A ghost in the digital world he’d once been accused of terrorizing.
It had taken me a year to get any kind of lead as to his whereabouts. There were rumours he was in Germany, that he worked for the UN in Austria, that he’d moved to the United States or even that he’d been hired by Microsoft. And now I was stumbling through a market in Manila, showing his name in the hope someone would recognize it.
If I could find him, maybe I could ask him about the virus and whether he understood its impact. And perhaps I could get him to tell me, after twenty years, whether he was really the one behind it.
But as I brandished his name, all I got were blank looks and suspicious questions. Then one of the market stallholders grinned at me.
‘The virus guy? Yeah, I know him.’
Before continuing with Onel de Guzman’s story, it’s important to understand a little about the technological and, more importantly, social tectonic plates that shifted in the years before the Love Bug hit the headlines in 2000.
Such viruses are a relatively recent phenomenon, but they are not without a history. The modern hacker has been decades in the making, and represents a synthesis of several distinct groups. To really understand cybercrime you have to understand how those groups emerged, and to do that, you have to go back to the beginning.
In late 1969, a few months after humans first set foot on the moon, scientists in the u.s. made a breakthrough that would arguably have a greater impact on civilization than NASA’s moonshot.
The Department of Defense had been looking for a reliable way of sending messages between its disparate network of computers. Experts hit upon the idea of breaking the messages up into equal-sized chunks and sending them from one computer to another in a series of hops, using the telephone system. The idea of linking up computers along phone lines wasn’t new: the issue had always been how to do it on a large scale, and with a system that could easily expand to include new entrants. With this new approach, any computer that signed up to a common system could join the group, and thus send and receive chunks of data. This paved the way for smooth and speedy growth as it spread beyond the military. It would create an interconnected network of computers, or ‘Internet’, and the system for relaying the messages from one to the other was known as ‘Internet Protocol’ (IP). Each machine that signed up would have a unique address (an IP address), and to send a chunk from one computer to another would simply involve attaching the right address, so that all the other computers in the chain knew where to send it....