Book review: Visual Threat Intelligence by Thomas Roccia

Thomas Roccia has written an interesting book called Visual Threat Intelligence that is both unusual and informative for security researchers of all experience levels. He is a Senior Security Researcher at Microsoft’s Threat Intelligence group, and the founder and curator of Unprotect.it, a database of malware evasion techniques.

Think of it as both a reference guide as well as a collection of carefully curated tools that can help infosec researchers get smarter about understanding potential threats (such as YARA, Sigma, and log analyzers) and the ways in which criminals use them to penetrate your networks.

For threat intel beginners, he describes the processes involved in breach investigation, how you gather information and vet it, and weigh various competing hypotheses to come up with what actually happened across your computing infrastructure. He then builds on these basics with lots of useful and practical methods, tools, and techniques.

One chapter goes into detail about the more notorious hacks of the past, including Stuxnet, the 2014 Sony hack, and WannaCry. There are timelines of what happened when, graphical representations of how the attack happened (such as the overview of the Shamoon atttack shown here), mapping the attack to the diamond model (focusing on adversaries, infrastructure, capabilities, and victims) and a summary of the MITRE ATT&CK tactics. That is a lot of specific information that is presented in a easily readable manner. I have been writing about cybersecurity for many years and haven’t seen such a cogent collection in one place of these more infamous attacks.

Roccia also does a deeper dive into his own investigation of NotPetya for two weeks during the summer of 2017. “It was the first time in my career that I fully realized the wide-ranging impact of a cyberattack — not only on data but also on people,” he wrote.

The book’s appendix contains a long annotated list of various open source tools useful for threat intel analysts. I highly recommend the book if you are interested in learning more about the subject and are looking for a very practical guide that you can use in your own investigations.

Book review: A Hacker’s Mind by Bruce Schneier

I have known Bruce Schneier for many years, and met him most recently just after he gave one of the keynotes at this year’s RSA show. The keynote extends his thoughts in his most recent book, A Hacker’s Mind, which he wrote last year and was published this past winter. (I reviewed some of his earlier works in a blog for Avast here.)

Even if you are new to Schneier, not interested in coding, and aren’t all that technical, you should read his book because he sets out how hacking works in our everyday lives.

He chronicles how hacks pervade our society. You will hear about the term Double Irish with a Dutch Sandwich (how Google and Apple and others have hacked and thus avoided paying US taxes), the exploits of the Pudding Guy (the person who hacked  American Airlines frequent flyer system by purchasing thousands of pudding cups to obtain elite status), or when the St. Louis Browns baseball team hacked things by hiring a 3’7″ batter back in 1951. There are less celebrated hacks, such as when investment firm Goldman Sachs owned a quarter of the total US aluminum supply back in the 2010’s to control its spot price. What was their hack? They moved it around several Chicago-area warehouses each day: the spot price depends on the time material is delivered. Clever, right?

Then there are numerous legislative and political hacks, such as the infamous voter literacy tests of the 1950s before the Civil Rights laws were passed. Schneier calls them “devilishly designed, selectively administered, and capriciously judged.”

“Our cognitive systems have also evolved over time,” he says, showing how they can be easily hacked, such as with agreements and contracts. This is because they can’t be made completely airtight, and we don’t really need that anyway: just the appearance of complete trust is usually enough for most purposes.

A good portion of his book concerns technology hacks, of course. He goes into details about how Facebook’s and You Tube’s algorithms are geared towards polarizing viewers, and the company not only knew this but specifically ignored the issue to optimize profits. The last chapters touch on AI issues, which he categorically says “will be used to hack us, and AI systems themselves will become the hackers” and find vulnerabilities in various social, economic and political systems. He makes a case for a hacking governance system that should be put in place — something which isn’t on the radar but should be.

“The more you can incorporate fundamental security principles into your systems design, the more secure you will be from hacking. Hacking is a balancing act. On the one hand, it is an engine of innovation. On the other, it subverts systems.” The trick is figuring out how to tip that balance.

Book review: The Revenge List

I liked the conceit about this murder mystery novel by Hannah Mary McKinnon entitled The Revenge List: The central character attends an anger-management support group and makes a list of people who have wronged her in the past and to whom she should forgive. Trouble is, the list falls into the wrong hands and people start having grave accidents. The mystery is who is doing these dastardly deeds, and what does this have to do with the character’s flaws, which are many. The action takes place in and around Portland Maine and the supporting cast is engaging and just quirky enough to sustain the plot points. It makes you question your own attitude towards forgiveness and how we resolve issues with our past connections. The family dynamics are also very true-to-life, which adds to the novel’s credibility and complexity. Highly recommended.

Book review: Stalked by Revenge by Lynn Lipinski

Stalked by Revenge (Zane Clearwater Mystery Book 3) by [Lynn Lipinski]This is the third book in a series of mystery novels featuring Zane Clearwater, a character who has had a shady past. It can be read independently of the others and there is a fourth is in the works. The story centers on Clearwater’s family, including a gun-packing grandmother and a private detective who comes to the aid of the family to stop a revengeful assailant who starts out in prison at the story’s beginning. Lipinski’s descriptive prose is first-rate, and the various characters are well drawn, with some very realistic challenges in their lives. By the end of the book you will feel that you know them and have a lot of empathy for their circumstances. Fans of mystery novels will enjoy this book, and I highly recommend it.

Buy it from Amazon here.

Book review: A Likely Story by Leigh McMullan Abramson

A Likely Story: A Novel by [Leigh McMullan Abramson]I really enjoyed this new novel which has characters and a plot line I found appealing, as a full time freelance writer for many decades.

The story is about a famous novelist and his ne’er-do-well daughter who is in her mid 30s, trying to figure out her life and try to finish her first book, which seems to have been started ages ago. It is set against the death of her mom, and interwoven we are privy to the draft of a novel (which plays an important role in the character’s lives without giving away any spoilers). The description of literary life in NYC and all its trappings and ridiculousness resonated with me, as do the challenges of 30-somethings.

The novel concerns the relationship of the famous writer to his wife and daughter, how the three of them collaborated on various projects, and the perception of the dad towards his family members. That is about all I can say in this review, but it is deliciously wicked, real, and poignant. Being related to the writer and enduring his oversize ego drives many of the plot points along. At one point the daughter feels that “writing was like being on a submarine, where she spent years being submerged, silent and secret, working toward the day where she would have something to show for all her time underwater.” The novel is interesting, amusing, and thoughtful and I highly recommend it.

Book review: All That Is Mine I Carry With Me

This novel by William Landay has plot points that approach numerous other thrillers — such as the missing title character in Gone Girl — but takes things just a bit further in telling the tale of a missing mom who is presumed killed by her husband. You hear from various family members in the first person, but again it is done to introduce some interesting plot twists that I don’t want to spoil you with here. Initially I was a bit annoyed by the mixed narrator style but came to appreciate it about halfway through the novel. The narrative arc covers decades as we move way beyond the actual missing/murder conundrum and into the finer aspects of the children and other family members’ personalities, relationships, and whether they think the dad did the deed or not. Having the dad as a criminal defense lawyer is also a nice touch too!. Highly recommended.

Book review: Who Will Accompany You by Meg Stafford

Who Will Accompany You?: My Mother-Daughter Journeys Far from Home and Close to the Heart

This book is the work of a mother’s separate travels with her two daughters: one visits Nepal and Bhutan, the other to Colombia. The two kids take the trips for specific reasons: to learn about total happiness and to work for an NGO that is helping with war-torn conflicts. The travels are enlightening for all parties concerned and are what Meg Stafford — who has written a regular column for years — says is an ongoing kaleidoscope of learning together with her daughters. She is a therapist, so her work listening and analyzing people comes through quite loudly in this memoir.

The travels aren’t your usual tourist romps through colorful foreign lands, but offer real insights into both the people they encounter along the way and the lessons they have learned about themselves and their own family relationships. “The more we know ourselves, the easier it is to connect with others, and the more connected we are with them,” she writes.

Regarding happiness, “the best way to predict it is to follow the example of someone who is currently where you will be in the future.”

There is also a lot describing problem-solving.  “everything depends on how you use your mind. The way to solve the problems in your life is to open your heart to others.”

And this insight: “Parents cannot eliminate risk. We can shore up our children so that when they encounter it they can make better and more informed choices.

The women learn that tragedy is the same in any language, but humor doesn’t translate so easily, and there are lots of moments across this spectrum.

The title comes from answering the question about who we will accompany, not just in physical travel across the world but across our life. “We cannot always know but we can hold them close when they are near, so we can still hold them when they are far with arms outstretched.”

For those who enjoy memoirs and appreciate travel, this is a very appealing book.

Book review: The exploits of Space Rogue (Cris Thomas)

Space Rogue: How the Hackers Known As L0pht Changed the World by [Cris Thomas]The hacker Cris Thomas, known by his hacker handle Space Rogue, has a new book out that chronicles his rise into infosec security. I have interviewed him when I was writing for IBM’s Security Intelligence blog about his exploits. IBM’s X-Force has been his employer for many years now where he works for numerous corporate clients, plying the tools and techniques he refined when he was one of the founding members of the hacking collective L0pht.

My story covered his return visit to testify to Congress in 2018. Thomas and his colleagues originally testified there back in 1998. The book’s cover art shows this pivotal moment, along with the hacker handles shown as nameplates. The story of how this meeting came to pass is one of the book’s more interesting chapters, and the transcript of their testimony is included in an appendix too.

I also wrote this post about another member of L0pht named Mudge, during his time as a security consultant for Twitter. L0pht is infamous for developing a series of hacking tools, such as Windows NT password crackers (which Thomas goes into enormous detail about the evolution and enhancement of this tool) and a website called Hacker News Network. Thomas describes those formative years with plenty of wit and charm in his new book, which also serves as a reminder of how computer and network security has evolved — or not as the case may be made.

That cracking tool carried L0pht over the course of some twenty plus years. It began as “a small little piece of proof of concept code, hurriedly produced within a few weeks, and went from an exercise to prove a point, security weaknesses in a major operating system, to shareware, to a commercial success,” he writes.

One of his stories is about how L0pht had its first major penetration test of the Cambridge Technology Partners network. The company would go on to eventually purchase Novell and numerous other tech firms. The hackers managed to get all sorts of access to the CTP network, including being able to listen to voicemails about the proposed merger. The two companies were considering the acquisition of L0pht but couldn’t come to terms, and the hackers had left a backdoor in the CTP network that was never used but left on because by then their testing agreement had expired. Fun times.

The early days of L0pht were wild by today’s standards: the members would often prowl the streets of Boston and dumpster dive in search of used computer parts. They would then clean them up and sell them at the monthly MIT electronics flea market. Dead hard drives were one of their specialties — “guaranteed to be dead or your money back if you could get them working.” None of their customers took them up on this offer, however.

One point about those early hacking days — Thomas writes that the “naïveté of hackers in the late ’90s and early 2000s didn’t last long. Hackers no longer explore networks and computer systems from  their parents’ basements (if they ever did); now it is often about purposeful destruction at the bequest of government agencies.”

He recounts the story of when L0pht members brought federal CyberCzar Richard Clarke to their offices in the 1990s. Clarke was sufficiently impressed and told Thomas, “we have always assumed that for a group or organization to develop the capabilities that you just showed us would take the resources only available to a state-sponsored actor. We are going to have to rethink all of our threat models.” Exactly.

There are other chapters about the purchase of L0pht by @stake and Thomas’ eventual firing from the company, then taking eight years to get a college degree at age 40, along with the temporary rebirth of the Hacker News Network and going to work for Tenable and now at IBM.

Thomas ends his book with some words of wisdom. “Hackers are not the bad guys. Most of the great inventors of our time, such as Alexander Graham Bell, Mildred Kenner, and Nichola Tesla, could easily be considered hackers. Criminal gangs who are running ransomware campaigns or are stealing credit cards are just that, criminals. They just happen to use a computer instead of a crowbar. They are not hackers, not to me anyway. L0pht’s message of bringing security issues to light and getting them fixed still echoes throughout the industry and is more important today than ever.” If you are at all interested in reading about the early days of the infosec industry, I highly recommend this book.

Book review: Drinking Games by Sarah Levy

My stepson died last year of throat cancer, brought on by years of alcohol and tobacco abuse. I say this because I thought this was going to be a hard book to read — part memoir, part 12-step navigational handbook, part Big Thoughts. That doesn’t sound like I liked the book, but I did, and thought Levy spoke to me about my stepson and his various demons that he fought and lost. She fought and has won, but it was a hard fight, filled with many missteps and disastrous mistakes.
Alcohol abuse isn’t pretty. Those of us who have been touched by it can’t really understand why it happens to the people we love, and our feeble attempts at trying to help are often doomed from the start. Levy’s book shows how she had the strength of character to fight back — and while she had many years of dismal failures, eventually she figured out a plan. It may not be the plan that you can get behind, but like I said, the navigational aspects of this book are useful guideposts. Even if you are lucky not to have someone you know with these circumstances, I think you will find this book interesting, engaging, and at times pretty darn funny. Highly recommended.

Book review: Sam by Allegra Goodman

Sam: A Novel by [Allegra Goodman]In this novel by Allegra Goodman, we follow the life of Sam during 15 or so years of her young life as she grows up in a dysfunctional family with a special-needs younger brother and her single mother who is trying to make ends meet working two low-end jobs. Sam is a talented rock climber: the story takes place on Boston’s North Shore and we see her grow into some prowess as she develops her climbing abilities and strength. Sam is an interesting character: nothing comes without a lot of pain and hard work, which makes her accomplishments all that more satisfying, both to her and to the reader. The family dynamics: the kids have two different but deadbeat dads that come in and out of the narrative. I really enjoyed the plot, characters, and situations as Sam grows up, finds love and adventure. Highly recommended.