Saturday, May 11, 2013
The Death of the Internet 1st edition, Markus Jakobsson
When I first heard about the book The Death of the Internet, it had all the trappings of a second-rate book; a histrionic title and the fact that it had nearly 50 contributors. I have seen far too many books that are pasted together by myriad disparate authors, creating a jerry-rigged book with an ISBN, but little value or substance.
The only negative thing about the book is the over the top title, which I think detracts from the important message that is pervasive in it. Other than that, the book is a fascinating read. Editor Markus Jakobsson (Principal Scientist for Consumer Security at PayPal) was able to take the collected wisdom from a large cross-section of expert researchers and engineers, from different countries and nationalities, academic and corporate environments, and create an invaluable and unique reference.
The premise of the book is that the Internet is a cesspool of inefficient management and vulnerabilities that threaten to undermine its use.
In the preface, Jakobsson asks the obvious question: is the title a joke? He writes that ultimately, if the Internet can't be secured, and that the underlying amount of crime and fraud make the Internet useless and dangerous, then it indeed will lead to the tipping point where the result would be the death of the Internet. Where is that point? Nobody knows.
Chapter 1 observes that if a hostile country or organization wants to hurt us, they may find that the easiest way of doing so is by attacking the Internet, and our very dependence on the Internet invites attacks. We are more vulnerable to these attacks as our dependence on the Internet grows.
Chapter 3 provides an in-depth look at how criminals profit off the Internet and provides an intriguing overview of how click fraud works. While the click fraud rate at one point was as high as 30%, it is still in the range of 20%. The book notes that while the overall click fraud rate has been on the decline, there is the emergence of new schemes and those that focus on display ads. The click fraud schemes are so effective that the fraudsters are operating large scale automated attacks in a way that is difficult for the ad networks to distinguish between fraudulent and real clicks, thus producing high revenue for the fraudsters.
The chapter also provides an interesting look at the malware industry. It notes that malware development and distribution is highly organized and controlled by criminal groups that have formalized and implemented business models to automate cybercrime. The authors detail the interaction between the various components in a typical cybercrime business model, in which individual groups of criminals coordinate their efforts. The outcome is a product known as CaaS - crimeware as a service.
Many have often called the Internet the Wild West. Chapter 4 details the Internet infrastructure and cloud, in which the amorphous cloud images may help fuel the false perception that the Internet is a lawless and unaccountable entity that exists beyond policy. The book notes that what is breaking the Internet is not lack of policy, but lack of enforcement and accountability. Internet criminals appears to exists outside the policy structure when the reality is that they are embedded in it and their livelihood in fact depends on the Internet functioning regularly, quickly and efficiently.
While much of the book is focused on cybercrime and fraud, the book also points fingers at ICANN (Internet Corporation for Assigned Names and Numbers) for in some ways facilitating this Internet crime wave. ICANN is the organization that coordinates the Domain Name System (DNS), Internet Protocol (IP) addresses, space allocation, protocol identifier assignment, generic (gTLD) and country code (ccTLD) Top-Level Domain name system management, and root server system management functions. Their premise is that ICANN is more interested in generating revenue and profits than in security.
Due to systemic failures, cybercriminals often hide behind false WHOIS information held by Registrars who do not perform adequate due diligence or enforcement. This is primarily due to the fact that the more domain names that are sold create more revenue for the Registrars. Chapter 4 notes that this weak oversight by ICANN is also one of the biggest threats to the stability of the Internet. The chapter quotes a Godaddy executive who stated that proactive measures to make Internet registries more accurate would not be affordable or useful.
The book provides an analysis of social spam, which has become more pervasive with the emergence of Web 2.0. People are sharing vast amounts of personal data that opens them to these spam attacks. Since the defining characteristic of Web 2.0 is its social nature, it encourages people to share information, collaborate and form social links. These features of social media have the implication that they create a large network of connections between users and content that is controlled almost entirely by the users. This places great power in the hands of well-intentioned users to engage with others and express themselves. But it also provides an opportunity for spammers to exploit the social web for their own interests. As a result, social web applications have become tempting targets for spam and other forms of Internet pollution.
Another fascinating observation around Web 2.0 is that the authors were able to perform use analysis, in which they were able to identify pieces of information about the users which are not necessarily shared directly by their profiles. Items such as sleeping patterns, daily routines, physical locations, and much more are able to be extracted via metadata and other external analysis.
By the time one gets to chapter 5, they have read 200 pages detailing the problems with security and privacy around the Internet core. Exacerbating this is the role of the end user where the chapter notes that if people are offered the choice of convenience or security, then security will lose. The average Internet user is more lazy than security aware; not at all an encouraging observation.
Chapter 7 details one of the banes that have plagued information security; poor user interfaces. It details the four sins of security application user interfaces: popup assault, security by verbosity, walls of checkboxes and all or nothing switches. The book is worth purchasing just for this section.
The book ends with some thoughts for the future, but there is no magic wand or quick happy endings that Jakobsson and his band of ultra-smart contributors offer. Throughout the book, the contributors do though write how there are ways to secure the Internet, but those take thorough and comprehensive strategies and design. There are countermeasures for most of the threats and vulnerabilities detailed and the book provides an unparalleled view of the current state of Internet security.
Situational awareness is defined as the perception of environmental elements with respect to time and/or space, the comprehension of their meaning, and the projection of their status after some variable has changed. For those looking for a book to gain situation awareness about the dangers of the Internet, one is hard pressed to find a better title than The Death of the Internet.
As a contributor to this book and an editor on previous Markus Jakobsson works I can attest to the high quality and thoroughness of the information. Just take a look at the list of field experts who wrote each chapter and it is obvious that Markus has a great skill for coordinating teams with different perspectives. The writers from various backgrounds, including researchers from Michigan State, Northeastern, Princeton, Berkeley, and Indiana U. are just a selection of the talent. Contributors from Thailand, India, Iran, France, Switzerland, Spain and Sweden put a truly global edge on this book. Just reviewing the biographies of these folks makes me proud to be part of such an endeavor. The title of this book is not an exaggeration or simple shock piece. We have all become used to the Internet and expect it to be there all the time. It simply "works" and has robustness and redundancy behind it. However, at the same time it is surprisingly fragile. The Internet is a great and bold idea but one fraught with danger. We hand over information and trust to this thing in spite of persistent news that it is threatening. This book looks at what is behind those threats, how they work, what tools the criminals use, and how the proliferation of criminal exploitation actually endangers the network in general. The individual sections of this book give shape to the chatter heard in the news "Nigerian Scams," "Malware," "Spam," "Click-Fraud." At least one of these has likely touched every reader, and now you can find out the whole story behind all of them. But Death of The Internet is not just about all the bad stories. The entire second half of the book is dedicated to solutions. Each threat discussed can be met and effectively defeated. The point is to recognize the issues and devise comprehensive strategies. An important detail here is that it all depends on the Internet user demanding better, but first you must be informed. Death of The Internet is an overall reading adventure, compelling for the savvy technical expert but also written for curious minds who do not live in the world of network jargon.
Over the last 30+ years, many good engineers worked very hard to bring the internet to life. In the early days just getting computers to reliably transfer files was a victory. Now the internet is broadly used for commerce and the features continue to accelerate. In the hurry to build out this complex functionality, security was neglected, so there should be little surprise that there are many holes to be exploited for fraud. As the title implies, security could be a major speed bump for the continued growth of the internet if security professionals don't keep up with the new threats. Individual compromises of privacy or financial accounts information is an inconvenience, but broad systemic attacks could cause unresolveable damage.
Because the security threats are so diverse, it is difficult for security types to keep up with the breadth of problems outside their area. For example, an encryption expert may have little knowledge of current trends in spear phishing attacks or clickjacking. This book provides a good compilation of current and emerging threats in a single place for people casually interested in security as well as pros.
Dr. Jakobsson has put together a broad set of current security topics with in depth explanations from domain experts. The book provides coverage of many topics that security people may want to scan but also has in depth explanation for each area. It can be used for a quick background across topics or for an in depth understanding. While the book is good for security experts, there is very little confusing jargon so an interested novice can readily understand the concepts. The topics are all very current or newly emerging threats, but since threats are often slow to get fully addressed and new variations arise the topics will remain relevant for a long time.
Product Details :
Paperback: 392 pages
Publisher: Wiley-IEEE Computer Society Pr; 1 edition (July 17, 2012)
Language: English
ISBN-10: 1118062418
ISBN-13: 978-1118062418
Product Dimensions: 7.4 x 0.8 x 9.2 inches
More Details about The Death of the Internet 1st edition
or
Download The Death of the Internet 1st edition PDF Ebook
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment