As someone who both develops and uses secure computing platforms like privacy-focused cellphones, this was an amazing story -- information about multiAs someone who both develops and uses secure computing platforms like privacy-focused cellphones, this was an amazing story -- information about multiple law enforcement agencies going after niche secure phone networks (Phantom Secure, based on BlackBerry) and the huge sting where law enforcement largely ran a honeytrap secure cellphone (Anom, based on a fork of Android).
This book describes the technical and especially user and law enforcement landscape around these devices and the sting operation which ensued. It raises many legal issues (especially in the US, which actually has meaningful free speech protections, unlike most of the other nations involved), and many of these are still unresolved....more
This is a great book from an amazing technology journalist -- specifically covering the tools and procedures used to trace cryptocurrency transactionsThis is a great book from an amazing technology journalist -- specifically covering the tools and procedures used to trace cryptocurrency transactions (e.g. Bitcoin) for law enforcement purposes.
Despite the public protestations of law enforcement (and some Bitcoin advocates) Bitcoin isn't even as private as regular banking systems -- it's a global public transparent ledger of pseudonyms, fully linkable through connections to external systems, patterns, and "metadata" analysis. We're currently living in a privacy dark age valley of "too late for physical bearer assets, too soon for Zero Knowledge online assets". Cryptocurrency has an edge in being permissionless and censorship resistant in many cases, but it's far from private as deployed today.
This book shows through tracing dark net markets participants (Silk Road, AlphaBay, and others), exchanges, and other bitcoin and cryptocurrency transactions what the true state of privacy on the blockchain is. A major element is the founding and history of Chainalysis, one of the first dedicated tracing firms, from the tracing of loss Mt Gox exchange assets, but there's also extensive coverage of various law enforcement agencies and how they use traditional forensic accounting techniques, as well as chain analysis tools and subpoena and other investigatory powers, to find undesirable activity.
It was a little disappointing that de-anonymizing Monero transactions and other more privacy focused transactions wasn't more of a focus, but this is probably not covered as much in open forums.
The book and writing style focuses on personalities and events, rather than technology, so it's approachable and interesting for a general audience, but as an expert in the field (I work for a cryptoasset insurance company and have been involved in anonymous electronic cash since the mid 1990s), it's technically accurate as well.
A good history of the history of semiconductors/computer chips, with a focus on the companies and geopolitical implications. The second half of the boA good history of the history of semiconductors/computer chips, with a focus on the companies and geopolitical implications. The second half of the book is primarily about the national security issues of concentration in Taiwan and Korea (due to China risk), sovereignty, China's efforts to build their own independent supply chain, and the military and economic risks of losing access to semiconductors....more
Amazingly well sourced. The definitive history of the formation of Ethereum and the drama between founding and approximately 2020. Lots of insight intAmazingly well sourced. The definitive history of the formation of Ethereum and the drama between founding and approximately 2020. Lots of insight into the personalities (and seems accurate for the ~4 of them I know reasonably well personally, so I'll assume accurate for the others), and for events. One of the most interesting revelations: the DAO Hacker is identified fairly conclusively for the first time as Tony Hoenisch, an Austrian living in Singapore, co-founder of TenX.
Shin is a great author and journalist and I'd love to see her write similar books about early Bitcoin and about other aspects of crypto....more
One of the best books written on the larger (century-long) trends of how technology influences society. Essentially, a focus on how the technology of One of the best books written on the larger (century-long) trends of how technology influences society. Essentially, a focus on how the technology of violence (capex vs. opex, specialist personnel vs. mass armies, materiel vs. human, offense vs. defense) influence structures of governments, and thus overall society. The book goes into agricultural vs. industrial revolutions, changes in European and global structure, but then is primarily focused on the modern era -- the transition from broad-scale mass movement political structures where overall force amount is most relevant, to information-age systems where efficiency is most relevant.
As a consequence, individuals and small groups, which are very efficient but don't have comparable total force levels to existing nation states, will be able to exist as first-class participants in the world. Osama Bin Laden was an example from this book (before 9/11...) of an individual capable of challenging a nation state; plenty of others exist in the commercial and scientific sphere, such as Bill Gates who appears to be more significant in the Covid-19 situation than many governments, and even middle-tier tech companies being more significant than most governments in information/commerce.
This book was written in the early 1990s and has accurately predicted the past 25 years, and seems on track for the rest of the century. The one area not addressed was the rise of China, although this might just be a nationalist rear-guard action as suggested in the book for Western countries facing this change. Otherwise, a book full of highly specific and highly accurate predictions.
The one thing the book got wrong was at the end -- saying "becoming a programmer isn't necessarily the best way to exploit the change toward computerization" -- this was wrong, as it's a very useful skill (even if not one's primary role), in addition to the general problem-solving skills they advocate. I think this was just because the author isn't a technologist and thus doesn't appreciate the skills of programming beyond just rote coding. Otherwise, the book is full of excellent and highly actionable advice....more
A truly exceptional book -- analyzing things by their defects is a generally good approach, and showing how the financial system works, what it optimiA truly exceptional book -- analyzing things by their defects is a generally good approach, and showing how the financial system works, what it optimizes for, and what is ultimately important is well illustrated through frauds. These frauds also have the advantage of being very interesting in their own right, as some things are repeated, but the exceptional ones have pretty unique aspects.
The book describes a few major categories of fraud -- long firm (aka the "bustout" from Boston), counterfeiting (which goes beyond just "producing fakes" but a variety of subversions of chain of provenance), control fraud (where someone takes a firm over and then uses it to do a variety of things beyond simple embezzlement -- a great example of principal-agent), and crimes against the market itself.
Several of the examples are exceptionally well known (Ponzi, Theranos) but I enjoyed learning about the Portuguese Banknote Affair, Poyais, Pigeon King International, Boston Ladies’ Deposit Company, and especially the Great Salad Oil Swindle.
As the author said, the book is useful for understanding how the economy works, and leads you into developing some effective anti-fraud controls. A great point is that the ideal level of fraud is not zero, since that implies very high anti-fraud costs, but a level somewhat above zero, and that the amount of anti-fraud measures in an industry have something to do with the society in which they operate (high trust societies actually need more anti-fraud machinery than low trust ones to catch frauds; before the modern era, no one trusted anyone in anything except shipping to the point where complex fraud was a serious concern.)
Overall, one of my favorite books of the year (so far)....more
This is an excellent overview of state-sponsored cyber attacks (NotPetya, Russian interference in US elections, Stuxnet, Iranian operations against ShThis is an excellent overview of state-sponsored cyber attacks (NotPetya, Russian interference in US elections, Stuxnet, Iranian operations against Sheldon Adelson, ...), and makes the consistent and well supported argument that 1) cyber isn't like nuclear or other WMD which are primarily deterrents vs. actually used 2) cyber isn't useful for deterrence because attacks can't be well calibrated or predicted, and can't demonstrate ability to escalate clearly if not complied with.
A lot of the information about these attacks is more thoroughly reported elsewhere, but it did include some interesting and new-to-me information about US vs. USSR economic/espionage operations in the 1980s (where the US intentionally fed bad data and components to USSR to make suboptimal decisions and failed equipment -- most of this is still classified and not reported anywhere in detail that I've found.)
Overall, I tend to agree with the author that cyber isn't particularly like nuclear in any way, and is much more like traditional intelligence/influence operations....more
A good introduction (and really the definitive account) of the cDc, one of the more self-referential and entertaining hacker groups of the 90s (techniA good introduction (and really the definitive account) of the cDc, one of the more self-referential and entertaining hacker groups of the 90s (technically 1984-now, but seemed at peak in the late 90s). Interesting for a variety of reasons, particularly how accomplished some of their members are -- heads of security, research, etc. for both large enterprises and security companies, DARPA, and a Congressman (and later Senatorial and Presidential candidate). As someone who was never in cDc but was around during a lot of these events (and know many of the members directly), this seems like a very true-to-life book about a weirder-than-life topic....more
One of the best books about modern infosecurity threats -- a detailed investigation into the activities of GRU in attacking infrastructure around the One of the best books about modern infosecurity threats -- a detailed investigation into the activities of GRU in attacking infrastructure around the world (primarily in Ukraine), their motivations, and where the threat is evolving....more
I don't agree with everything Snowden did, and I don't know how complete this book is about his motivations and actions, but even with those caveats, I don't agree with everything Snowden did, and I don't know how complete this book is about his motivations and actions, but even with those caveats, it's an excellent book.
The most interesting aspect for me was not the factual description of what he did (although there are some never-before-read details), but his mindset and motivation to choose to betray the NDAs and chain of command while (possibly) honoring the oath of service. The technical details about his archiving system (it basically crawled a bunch of the published-within-IC sources and then indexed them, republishing for internal use, which allowed him perfect cover for exfiltration...) were still interesting, of course. That NSA had incredibly lax internal security and compartmentalization in the 1993-2013 period (due to losing all the cold war people and replacing them with...a specific demographic profile), CIA and State's technical incompetence, etc. are all pretty well supported by evidence. (Incidentally, the technical jack of all trades at CIA job sounds pretty amazing.)
Least expected angle was just how impressive his wife is. NSA's initial angle was "stripper", which brings a whole set of assumptions. However, this was pretty clearly inaccurate -- she's an intelligent and thoughtful person (although not involved in Snowden's exfiltration of data or escape), and based on actions since the incident (moving to Russia, marrying Snowden a year later, ...), seems
His descriptions of contracting culture and the gov/contractor split, hypertrophy and metastasis of the IC and contractors, etc all are strongly supported by evidence (and my personal experience as a contractor with the government for several years).
What is missing, and calls into question the veracity of the whole account, is the exact process of deciding to do all of this. In the book, it was that he accidentally saw a STLW (Stellar Wind) document, related to one of the most morally and legally questionable programs post-Church conducted by the USG (and for which individuals should be prosecuted and likely hanged), then just started searching for and consuming information for his own education (to see if these programs really existed), and only then decided to leak. That's possible, but it's not strongly supported. The mysterious occurrence of epilepsy around this time which motivated him to spend time on self-reflection and switching to a role with less of everything except access to this data, etc. seems a bit too convenient. This is the one area where I'm still a bit suspicious of the whole affair (either that an external power was involved, or that other NSA insiders supported him), but the story as told could also be the truth -- it's just difficult or impossible to validate.
Overall, one of the best books about the complex and evolving interplay between young, relatively powerless individuals who have technical competence and thus effective technical control over large institutions like government vs. the official power structures, the failures of USG/IC, and one of the biggest news stories in civil liberties since the 1970s....more