As someone who both develops and uses secure computing platforms like privacy-focused cellphones, this was an amazing story -- information about multiAs someone who both develops and uses secure computing platforms like privacy-focused cellphones, this was an amazing story -- information about multiple law enforcement agencies going after niche secure phone networks (Phantom Secure, based on BlackBerry) and the huge sting where law enforcement largely ran a honeytrap secure cellphone (Anom, based on a fork of Android).
This book describes the technical and especially user and law enforcement landscape around these devices and the sting operation which ensued. It raises many legal issues (especially in the US, which actually has meaningful free speech protections, unlike most of the other nations involved), and many of these are still unresolved....more
This is a great book from an amazing technology journalist -- specifically covering the tools and procedures used to trace cryptocurrency transactionsThis is a great book from an amazing technology journalist -- specifically covering the tools and procedures used to trace cryptocurrency transactions (e.g. Bitcoin) for law enforcement purposes.
Despite the public protestations of law enforcement (and some Bitcoin advocates) Bitcoin isn't even as private as regular banking systems -- it's a global public transparent ledger of pseudonyms, fully linkable through connections to external systems, patterns, and "metadata" analysis. We're currently living in a privacy dark age valley of "too late for physical bearer assets, too soon for Zero Knowledge online assets". Cryptocurrency has an edge in being permissionless and censorship resistant in many cases, but it's far from private as deployed today.
This book shows through tracing dark net markets participants (Silk Road, AlphaBay, and others), exchanges, and other bitcoin and cryptocurrency transactions what the true state of privacy on the blockchain is. A major element is the founding and history of Chainalysis, one of the first dedicated tracing firms, from the tracing of loss Mt Gox exchange assets, but there's also extensive coverage of various law enforcement agencies and how they use traditional forensic accounting techniques, as well as chain analysis tools and subpoena and other investigatory powers, to find undesirable activity.
It was a little disappointing that de-anonymizing Monero transactions and other more privacy focused transactions wasn't more of a focus, but this is probably not covered as much in open forums.
The book and writing style focuses on personalities and events, rather than technology, so it's approachable and interesting for a general audience, but as an expert in the field (I work for a cryptoasset insurance company and have been involved in anonymous electronic cash since the mid 1990s), it's technically accurate as well.
One of the best books written on the larger (century-long) trends of how technology influences society. Essentially, a focus on how the technology of One of the best books written on the larger (century-long) trends of how technology influences society. Essentially, a focus on how the technology of violence (capex vs. opex, specialist personnel vs. mass armies, materiel vs. human, offense vs. defense) influence structures of governments, and thus overall society. The book goes into agricultural vs. industrial revolutions, changes in European and global structure, but then is primarily focused on the modern era -- the transition from broad-scale mass movement political structures where overall force amount is most relevant, to information-age systems where efficiency is most relevant.
As a consequence, individuals and small groups, which are very efficient but don't have comparable total force levels to existing nation states, will be able to exist as first-class participants in the world. Osama Bin Laden was an example from this book (before 9/11...) of an individual capable of challenging a nation state; plenty of others exist in the commercial and scientific sphere, such as Bill Gates who appears to be more significant in the Covid-19 situation than many governments, and even middle-tier tech companies being more significant than most governments in information/commerce.
This book was written in the early 1990s and has accurately predicted the past 25 years, and seems on track for the rest of the century. The one area not addressed was the rise of China, although this might just be a nationalist rear-guard action as suggested in the book for Western countries facing this change. Otherwise, a book full of highly specific and highly accurate predictions.
The one thing the book got wrong was at the end -- saying "becoming a programmer isn't necessarily the best way to exploit the change toward computerization" -- this was wrong, as it's a very useful skill (even if not one's primary role), in addition to the general problem-solving skills they advocate. I think this was just because the author isn't a technologist and thus doesn't appreciate the skills of programming beyond just rote coding. Otherwise, the book is full of excellent and highly actionable advice....more
This is an excellent overview of state-sponsored cyber attacks (NotPetya, Russian interference in US elections, Stuxnet, Iranian operations against ShThis is an excellent overview of state-sponsored cyber attacks (NotPetya, Russian interference in US elections, Stuxnet, Iranian operations against Sheldon Adelson, ...), and makes the consistent and well supported argument that 1) cyber isn't like nuclear or other WMD which are primarily deterrents vs. actually used 2) cyber isn't useful for deterrence because attacks can't be well calibrated or predicted, and can't demonstrate ability to escalate clearly if not complied with.
A lot of the information about these attacks is more thoroughly reported elsewhere, but it did include some interesting and new-to-me information about US vs. USSR economic/espionage operations in the 1980s (where the US intentionally fed bad data and components to USSR to make suboptimal decisions and failed equipment -- most of this is still classified and not reported anywhere in detail that I've found.)
Overall, I tend to agree with the author that cyber isn't particularly like nuclear in any way, and is much more like traditional intelligence/influence operations....more
Wow. This describes how FBI has essentially manufactured terror plots using a bunch of idiots, informants, and perverse incentives.
Essentially, most tWow. This describes how FBI has essentially manufactured terror plots using a bunch of idiots, informants, and perverse incentives.
Essentially, most terrorism cases in the US from 2002-now (especially 2002-2016) have been essentially started by tips or other intelligence, then FBI-directed informants working with the "terrorists" to articulate and develop terror plots specifically for the purpose of prosecution. In most cases, the "terrorists" are losers who would be incapable of doing anything serious on their own, although it's possible some of them would "shoot up a bunch of people with a rifle" or something instead of the "blowing up the Sears Tower" plots the FBI informants directed them into. It was almost comical how incompetent most of the "terrorists" are -- incapable of buying weapons on their own, and often homeless or poor to the extent that their main goal is scamming the "real terrorist" (FBI informant) for small amounts of money.
The biggest problems with this policy are that mostly it is done under the cover of "FBI community outreach", playing into fears that any contact with the FBI or other law enforcement could lead to bad things. In some cases, they managed to drive even pretty decent people who would work with FBI overtly into prosecution by trying to blackmail them (in order to force covert vs. overt cooperation to entrap others), which is pretty unconscionable. In addition to driving a wedge between FBI/USG and the muslim community, they also seem to the majority of the time be pushing people who would likely never have done anything serious into very high end conspiracies and resulting prosecutions/convictions. There is maybe an argument that they do some good by making the US a very dangerous place for actual terrorists to operate (by making it likely everyone is an FBI informant or that the risk of informants is so high to block any collaboration, forcing overseas links which can themselves be monitored), but it definitely seems like the damage caused by the FBI informant program is greater than any benefits. I'm not sure what the correct level of anti-terrorism stings throughout the US is, but it's definitely less than we have now, and should be much more focused on credible threats who have taken much more overt actions.
A lot of this seems to come from the incentive structures for FBI agents (forced to "produce results", independent of base rate of terrorism -- even in environments where there is no actual terrorism, they are expected to show investigations and prosecutions) as well as for informants (paid well for entrapping people). The ability of FBI to use immigration violations and other things to apply pressure for collaboration is another issue.
Ironically, these manufactured plots are then used to justify more funding/continued investigations by pointing at a high level of terrorism!
Sadly, the FBI's focus on counterterrorism also led to a decline in FBI's more traditional investigations -- public corruption, organized crime, etc. -- which has actually decreased security as well....more
I don't agree with everything Snowden did, and I don't know how complete this book is about his motivations and actions, but even with those caveats, I don't agree with everything Snowden did, and I don't know how complete this book is about his motivations and actions, but even with those caveats, it's an excellent book.
The most interesting aspect for me was not the factual description of what he did (although there are some never-before-read details), but his mindset and motivation to choose to betray the NDAs and chain of command while (possibly) honoring the oath of service. The technical details about his archiving system (it basically crawled a bunch of the published-within-IC sources and then indexed them, republishing for internal use, which allowed him perfect cover for exfiltration...) were still interesting, of course. That NSA had incredibly lax internal security and compartmentalization in the 1993-2013 period (due to losing all the cold war people and replacing them with...a specific demographic profile), CIA and State's technical incompetence, etc. are all pretty well supported by evidence. (Incidentally, the technical jack of all trades at CIA job sounds pretty amazing.)
Least expected angle was just how impressive his wife is. NSA's initial angle was "stripper", which brings a whole set of assumptions. However, this was pretty clearly inaccurate -- she's an intelligent and thoughtful person (although not involved in Snowden's exfiltration of data or escape), and based on actions since the incident (moving to Russia, marrying Snowden a year later, ...), seems
His descriptions of contracting culture and the gov/contractor split, hypertrophy and metastasis of the IC and contractors, etc all are strongly supported by evidence (and my personal experience as a contractor with the government for several years).
What is missing, and calls into question the veracity of the whole account, is the exact process of deciding to do all of this. In the book, it was that he accidentally saw a STLW (Stellar Wind) document, related to one of the most morally and legally questionable programs post-Church conducted by the USG (and for which individuals should be prosecuted and likely hanged), then just started searching for and consuming information for his own education (to see if these programs really existed), and only then decided to leak. That's possible, but it's not strongly supported. The mysterious occurrence of epilepsy around this time which motivated him to spend time on self-reflection and switching to a role with less of everything except access to this data, etc. seems a bit too convenient. This is the one area where I'm still a bit suspicious of the whole affair (either that an external power was involved, or that other NSA insiders supported him), but the story as told could also be the truth -- it's just difficult or impossible to validate.
Overall, one of the best books about the complex and evolving interplay between young, relatively powerless individuals who have technical competence and thus effective technical control over large institutions like government vs. the official power structures, the failures of USG/IC, and one of the biggest news stories in civil liberties since the 1970s....more
This book is definitely a 5 star book (deep insights into how NSA, CIA, the US IC, and intelligence overall worked in the late 90s/00s, including the This book is definitely a 5 star book (deep insights into how NSA, CIA, the US IC, and intelligence overall worked in the late 90s/00s, including the immediate response to 9/11).
(I wouldn’t rate the author’s career as 5 stars. Hayden is complex, and I’m honestly not sure if he was a horrible NSA Director or merely a middling one at a challenging time, but he did seem to be a good CIA Director. Partially at NSA he seemed to have been dealt a basically broken organization that had failed to keep up with the world in the 1990s (as the threat evolved from the military and central government of the USSR on dedicated systems to a much more diverse threat using commercial systems), but he managed to both under-react before 9/11 and overreact afterward, turning NSA into an effective battlefield support organization but also realizing the formerly abstract threat of an NSA which could basically ignore the constitution when it felt like it. Fortunately there were enough people within NSA and government (including Hayden) that they didn’t choose to use their power for evil, but they absolutely created tools which could be flipped secretly and unilaterally to suppress all civil dissent. However, he certainly wasn’t the only one responsible for this shift within the government, and probably wasn’t even one of the primary forces pushing in that direction — he was just one of the primary implementors who possibly could have stopped it.)
Exceptionally good book about the growth (cancerous metastasis, really) of the security state and secrecy, specifically how it affects democracy. EsseExceptionally good book about the growth (cancerous metastasis, really) of the security state and secrecy, specifically how it affects democracy. Essentially, so much information is hidden primarily to protect institutional agendas that America is no longer a meaningful democracy in the most important area of government function, national security. Having been a (small) part of that system, there's nothing wrong with his argument....more
I read this when it first came out, then re-read. As a book, it's probably a 4-5. Greenwald himself has a lot of flaws but was undoubtedly (and somewhI read this when it first came out, then re-read. As a book, it's probably a 4-5. Greenwald himself has a lot of flaws but was undoubtedly (and somewhat accidentally, or at least despite his own efforts) at the center of one of the most important stories of modern times. There isn't very much new in this book vs. the huge amount of press coverage on the issue, and I definitely find the Snowden and Poitras takes more interesting than Greenwald's, but due to the overall importance of the issue, it's worth reading this book too....more