Featured image of post Fancy Bear Goes Phishing - a book about hacking that tries to do literary gymnastics

Fancy Bear Goes Phishing - a book about hacking that tries to do literary gymnastics

Describing hacking accurately is hard, like almost all technically challenging topics. This books does a good job, but loses itself sometimes in uncoordinated side-stories.

TL;DR

⭐ ⭐ ⭐ 🔳 🔳

🖥 Describes hacking accurately, with sufficient technical detail

👨‍💻 Goes into the human side of things, and combines the tech-stuff with the human story

🧠 The author has done his research, and clearly knows his stuff

📑 The book lacks structure. This makes it difficult to keep the interest of the reader. An example: a random multi-page sub-chapter about SQL injections while he was actually talking about the Paris Hilton hack, where the problem was insecure cloud access, not SQL injection vulnerability.

✌ The audience is quite niche: people who are ok be explained TCP/IP in a paragraph but don’t know what an SQL injection is

Why I bought the book

Hacking is burglary. But while thieves normally don’t have superhuman powers in Hollywood movies, the same cannot be said for hackers. The worst offender that comes to my mind right now is this clip from NCIS:

ncis_gif

Damn, that’s terrible. The best I know of is Mr. Robot, but that is quite apocalyptic in its good-vs-evil setup; the “evil” company is literally called Evil Corp. Great TV show though!

So what is hacking? I know the “basics”, since I have sat through many security trainings at my various jobs. But what actually happens? And how is “the sausage” made? After reading the sample on my Kindle, I was sufficiently intrigued to give it a shot. (Link to book).

The premise

Cybersecurity books, of which there are many, tend to fall in one of two camps. Either they have joyless eat-your-vegetables style or a breathless, run-for-the-hills-now one. Fancy Bear Goes Phishing seeks to avoid both extremes. [Excerpt from the book]

I think that’s a good starting point. The author then asks three questions in the beginning:

  1. Why is the internet insecure?
  2. How do hackers do what they do?
  3. What can be done to prevent hacking?

My opinion

This topic is full of stories, big and small, which show all its various facets. So the biggest challenge is actually not finding cool stories, but creating a compelling narrative, i.e. a structure where the reader can follow along.

This is where the book is falling short. The stories are there, even some technical detail and annotated code in the appendix, but instead of going through 5 different “big” hacks, I would have prefered to see a structure around the various attack vectors, rather than a chronological approach.

Having said this, there was a ton of things to learn in the book. One of the biggest ones was that Microsoft knowlingly traded security for feature development, causing billions of hours of the “Blue Screen of Death” all around the world. They did this because they could not be held liable under American law, and therefore decided not to care. At some point they did, and the blue screen started disappearing.

Also the details around state-sponsored hacking are fascinating to read: the fact that it is accepted that all the countries hack each other. And many more stories like this.

I think the book has all the knowledgle it needs, but I don’t think I’ll recommend it as a gift simply because the last 100 pages or so really felt loooooong.