Hacked, Attacked and Abused
- Article 52 of 77
- Information Age, October 2002
Hacked, Attacked and Abused is no technical manual for computer security, but a combination of history textbook and management primer that is both readable and informative.
Anti-virus software stops viruses - but only if virus definitions are up-to-date, and users do not disable or circumvent the software. Virtual private networks with 128-bit encryption are secure - until a hacker guesses or obtains a password. Any system can be made impenetrable to outside attack, but be vulnerable to a malevolent insider. Only through proper security management and monitoring can IT systems be secure.
These are the principal messages of Hacked, Attacked and Abused. The book's subtitle - Expert advice on how to make your computer system secure - is a little misleading, however. This is no technical manual advising you on router configuration files and which network ports to have open. It is a combination of history textbook and management primer that largely manages to be both readable and informative.
To educate the reader about the security hazards of modern computing, the book's author, Peter Lilley, who has been involved “in the prevention, detection and investigation of global business crime and money laundering for 20 years”, provides a series of cautionary tales from the history of 'cyber-crime'. These range from the fleecing of customers of the European Union Bank, the world's first off-shore Internet bank - which never actually existed - to blackmailers who break into computer systems then demand money in exchange for information on how they did it.
Lilley's delivery is somewhat patchy as he serves up a jumble of advice, personal opinion (including aspersions on TV show Big Brother), and the occasional confession that he does not really know that much about this technical stuff. His associate James Lilley has done most of the research.
Nevertheless, the author's advice has value. He avoids the temptation (to which security 'gurus' often succumb) of getting too technical. This is always far better left to more specialist tomes, because it can put off both the non-technical reader and the skilled reader who knows that sketchy advice on how to read firewall logs is not enough to secure the average enterprise system. Instead, Lilley brings the benefits of his experience in mainstream security cases to the digital environment, which is in many cases far more useful.
The book ends with checklists of issues that every IT director concerned about security should consider; a set of appendices that include a useful glossary; a somewhat less useful guide to computer penal codes around the world; a pointless list of general purpose news web sites and search engines; and the bizarre choice of a list of country domain endings.
Despite its failings, Hacked, Attacked and Abused is a good start for anyone who wants to know how weak security may already be at their organisation - and for anyone who wants to avoid security breaches in future.