02/20/2023

Ingenious coding, buggy software, and gullibility take the spotlight in this colorful retrospective of hacking. Shapiro (Legality), director of the cybersecurity lab at Yale’s Center for Law and Philosophy, revisits spectacular computer intrusions and the characters responsible for them, including a Cornell grad student’s 1988 experiment gone awry that crashed the fledgling internet; the battle of wits between Bulgarian hacker Dark Avenger and the computer scientist who worked to defeat his destructive viruses; a Boston 16-year-old’s hacking of nude photos from Paris Hilton’s cellphone; and the exposure of Democratic National Committee emails during the 2016 U.S. presidential election by the Russian military’s Fancy Bear hacking team. He emphasizes the human forces behind the technology, describing the callow malevolence of hackers, the cognitive blind spots that phishing attacks manipulate to get people to click on bogus email links, and the reluctance of profit-hungry corporate executives to pay for cybersecurity. Shapiro’s snappy prose manages the extraordinary feat of describing hackers’ intricate coding tactics and the flaws they exploit in a way that is accessible and captivating even to readers who don’t know Python from JavaScript. The result is a fascinating look at the anarchic side of cyberspace. (May)

"Shapiro is funny and unflaggingly fascinated by his subject, luring even the nonspecialist into technical descriptions of coding by teasing out connections between computer programming and, say, the paradox of Achilles and the tortoise . . . A single paragraph moves nimbly from Putin to Descartes to The Matrix . . . Readers [. . .] will find that their expectations have been entertainingly subverted." —Jennifer Szalai, The New York Times

"Scott Shapiro is a pretty rare bird—an eminent legal scholar who is also a geek . . . [He] manages to carve a readable path through the conceptual undergrowth . . . [Fancy Bear Goes Phishing is] an impressive achievement . . . [An] absorbing tour of cyberspace’s netherworld." —John Naughton, The Observer

"[Shapiro] masterfully blends consideration of two sorts of code, software and legal . . . His narrative zips between technical explanations, legal reasoning and the ideas of thinkers including René Descartes and Alan Turing . . . [Shapiro] succeeds in making [hacking] intelligible to non-specialist readers." —The Economist

“Scott Shapiro’s lively history . . . [uses] vivid case studies to dramatise a technically complex subject . . . His chronological big five hacks are springboards for the stories of pioneers such as . . . John von Neumann . . . or a deft exploration of how virus writers exploit cognitive biases . . . His impish humour and freewheeling erudition suit a world saturated in pop culture . . . All [hackers] have something in common . . . they see it as a game. Shapiro’s achievement is to tell you how it is played.” —Dorian Lynskey, The Guardian

"Gripping . . . Fancy Bear Goes Phishing offers level-headed suggestions to reduce cybercrime, decrease cyber-espionage and mitigate the risks of cyberwar, arguing that we need to move beyond an obsession with technical fixes and focus instead on the outdated and vulnerable upcode that shapes the shoddy downcode we live with now." —Richard Lea, The Wall Street Journal

"This scintillating book [. . . ] manages to hack the reader . . . [Fancy Bear Goes Phishing] is a profound work on the idea of technology . . . If you think that books involving discussions of law must be boring, then Shapiro is a good antidote since he is a very humanist and humane writer . . . Erudite, witty, and arch." —Stuart Kelly, The Scotsman

“Like Virgil guiding Dante through the bowels of a medieval Renaissance Hell, Scott J. Shapiro steers readers of Fancy Bear Goes Phishing through . . . the feral realm of cyberhacking . . . [Readers] will walk away with enhanced insight into our disquieting digital environment . . . a wise book.” —Howard Schneider, The Progressive

"Ingenious coding, buggy software, and gullibility take the spotlight in this colorful retrospective of hacking . . . Shapiro’s snappy prose manages the extraordinary feat of describing hackers’ intricate coding tactics and the flaws they exploit in a way that is accessible and captivating even to readers who don’t know Python from JavaScript. The result is a fascinating look at the anarchic side of cyberspace." —Publishers Weekly

“This is an engrossing read . . . An authoritative, disturbing examination of hacking, cybercrime and techno-espionage.” —Kirkus Reviews

"The question of trust is increasingly central to computing, and in turn to our world at large. Fancy Bear Goes Phishing offers a whirlwind history of cybersecurity and its many open problems that makes for unsettling, absolutely riveting, and—for better or worse—necessary reading." —Brian Christian, author of Algorithms to Live By and The Alignment Problem

"Fancy Bear Goes Phishing is an essential book about high-tech crime: lively, sometimes funny, readable, and accessible. Shapiro highlights the human side of hacking and computer crime, and the deep relevance of software to our lives." —Bruce Schneier, author of A Hacker's Mind: How the Powerful Bend Society's Rules and How to Bend them Back

"Scott Shapiro's Fancy Bear Goes Phishing fills a critical hole in cybersecurity history, providing an engaging read that explains just why the internet is as vulnerable as it is. Accessible for regular readers, yet still fun for experts, this delightful book expertly traces the challenge of securing our digital lives and how the optimism of the internet's early pioneers has resulted in an online world today threatened by spies, criminals, and over-eager teen hackers." —Garrett Graff, co-author of The Dawn of the Code War

07/14/2023

Shapiro (law and philosophy, Yale Law School; Legality) tracks the history of hackers and their motivation. The book concentrates on the five most prevalent types of cybercrimes that involve attacking computers with viruses that spy, steal, and release personal and business information—a threat to individuals and businesses alike. The book chronicles only one U.S. government action to counter these tactics: the 1986 Computer Fraud and Abuse Act that made it a federal crime to engage in any unauthorized activity on government computers. Shapiro references research conducted by Oxford University sociologist Jonathan Lusthaus, who wanted to understand hackers' motivations. Lusthaus interviewed 250 people arrested for being cyberthieves in Eastern Europe and found that they there were not doing it for either altruistic or exploitive reasons. Instead, they were trying to test, refine, and improve their technical expertise in order to find jobs that paid enough in the cybersecurity field. VERDICT This introduction to the hacker history and hackers' incentives is a welcome addition for computers and technology collections. Will likely appeal to many types of readers.—Claude Ury

2023-02-21
A cybersecurity expert delves into the mechanics, psychology, and impact of computer hacking.

Shapiro, a professor at Yale Law School and director of Yale’s Center for Law and Philosophy and its CyberSecurity Lab, is well situated to explore the downside of the internet. In his latest book, the author looks at some famous cases and players in the shadowy archives of hacking—e.g., when a graduate student accidentally crashed the internet in the 1980s; the invention of the first mutating computer-virus engine by a Bulgarian with the handle Dark Avenger; and Fancy Bear, a group probably affiliated with Russian military intelligence, which broke into the Democratic National Committee system in 2016. Each of these illustrated a technical aspect of hacking, but taken together, they show the breadth of motivations. While some hacks are for money and espionage, most Americans hackers are young men who arrived at it through online game forums and started to do it for the technical challenge and to earn the respect of their peers. This profiling raises the possibility of early identification and recruitment into the cybersecurity side. However, Shapiro believes that hackers will always be a step ahead and that a “constant patch-and-pray” strategy will eventually lose. Instead, writes the author, cybersecurity measures must be built into computer systems from an early stage. As a possible template, he points to recent legislation in California that requires “devices connected to the internet sold or offered for sale in [the state] to have ‘reasonable security features.’ ” Another avenue is to require corporations to report about their policies to manage cybersecurity risks. These are good ideas, but one suspects that the devil will be in the implementation details. Overall, this is an engrossing read, although there are parts that are dauntingly technical. Shapiro gives readers plenty to think about the next time they turn on their computers.

An authoritative, disturbing examination of hacking, cybercrime, and techno-espionage.