Rate this book

DarkMarket: Cyberthieves, Cybercops And You (2011)

by Misha Glenny(Favorite Author)

3.66 of 5 Votes: 5

ISBN

1847921264 (ISBN13: 9781847921260)

languge

English

genre

History & Biography

publisher

Bodley Head

review 1: I found this book deeply disturbing, in a way that says "truth is stranger than fiction". All the more disturbing because it is real, rather like having a nightmare only to awake to find that it wasn't a dream after all.I can't suggest that I understood all of the technicalities but it was clear enough that there is a new underworld out there. An underworld that dabbles in things very dear to all of us, like swiping your credit card without fear. The apparent extent of the problem and the inability of various agencies to really combat it will give you a fright. Very compelling reading and more exciting than quite a few novels I have scanned in the recent past. But I guarantee you one thing after reading it, you aren't going to be so keen to bandy your stuff about the inter... morenet or let your credit card out of sight when making a purchase.
review 2: Published in 2011, an action-packed account of the events and characters involved in the rise, operation and decimation of several high-profile online marketplaces that provided a venue for scammers, credit card fraudsters, hackers, and such cyber criminals, to build reputations, form connections, and exchange goods and services. Key insights from the book: Cultural, political, legal and societal differences between countries give rise, as with any criminal activity, to loopholes that lawbreakers exploit. Certain countries adopt lax attitudes towards cyber crime, and have neither the interest nor the resources to devote towards combating it. Some countries turn a blind eye to it as long as their national companies and infrastructure are not the ones being targeted. In countries where corruption is common within political and law enforcement bodies, criminal activity is not only ignored but abetted. Protected by powerful backers, some criminals might operate ‘beyond the law.’ Even if criminals are tracked down, if they are based in a country that lacks an extradition agreement with the country of their pursuers, then they have free reign, essentially, to continue their activities. With luck and care, as long as circumstances remain favourable, wrong-doers may conduct their business unmolested. Examples of features that are country-specific:-In an earlier era, although illegal activities were perpetrated throughout most of the world, French criminals were generally francophone, used the Minitel system rather than the Internet, and used American credit cards, not French ones. The Minitel system was more secure, and had a smaller user base, making it a less attractive target. Thus, cybercrime in France was initially restricted in its scope, to a relatively national level.-The FSB uses the SORM-2 system to acquire and store data from ISPs each time they are requested. All Russian ISPs must comply with this regulation, and have to pay a fee to fund the cost of the system. Encryption is illegal in Russia and possession of a file with a digital lock on it is a crime. Russian cybercriminals are free to clone credit cards, hack bank accounts and distribute as much spam as they want, as long as their victims are located in western Europe and the US.-ISPs in the UK are required to store all data regarding computer traffic for between 6 months to 2 years, and the data is accessible by government agencies under national legislation. Details such as the time and volume of traffic are monitored, although the content is not. Collaboration between governmental intelligence agencies and international counterparts can be patchy. The US SS and the FBI, for example, have sometimes failed to share information with each other, resulting in competition and redundancy. They sometimes investigated each other's undercover agents without realising it. Intelligence agencies in France, Germany, and the UK, would have to work with each or one of these organisations, instead of dealing with a single entity, resulting in extra overhead and consumption of resources. Services that were popular amongst those engaged in criminal activities included hushmail, ICQ, IRC, and E-Gold. ICQ and IRC are dynamic- unless exchanges are saved intentionally, no trace of the conversation is left. Ironically, these services did not always confer as much anonymity as users believed. Following the arrest of E-Gold founder Douglas Jackson in 2006, for example, government agencies had full access to its records, unbeknownst to most users. The Canadian webmail provider, hushmail, provided the police with log records after mounting pressure, in 2007. Safemail is an encrypted email system, owned and run b a company in Tel Aviv. If an Israeli court subpoenaed certain information, then presumably it would be possible to obtain and crack the mail. The underlying message is, that services are run by companies and people, and even if a system is allegedly failsafe and secure in theory, when implemented, theory is confronted by the messy squishy real world, which often offers affordances for one to pry open the cracks. If, for example, law enforcement agencies infiltrate or are involved in the setting up or running of such services themselves, then hackability is practically built into the system.A common characteristic of the websites described in the book (such as DarkMarket, CarderPlanet, Shadowcrew, and CardersMarket), was the provision of a platform that allowed otherwise solitary cyber criminals to form ‘opportunistic packs.’ Glenny describes the evolution of services developed on each site, and embellishes the narrative with colourful depictions of the individual personalities behind them. For example, a highly-valued service was the provision of an escrow system, similar to that offered by a bank or a marketplace such as eBay and Amazon: site administrators acted as a neutral third party, overseeing transactions between members, and thus replacing inefficient and unrealistic trust-based direct interactions with an impersonal, reliable workaround. Skills could be combined and traded: those with a background in programming, hacking, or engineering could design and sell software and equipment, while those equipped with street smarts but lacking in that sort of technical know-how could purchase or rent equipment and carry out thefts in the flesh. Purveyors of stolen credit card details could sell their wares to buyers, who in turn performed the physical and risky act of withdrawing cash. Sellers of skimming devices could dispatch their machines to those who lacked the ability and time to design, build, and engineer their own, but who were willing to install them on ATMs. A strategy used by DarkMarket at one stage (when it achieved a monopoly over the distribution of skimmers), was to sell the machines together with a PIN pad that was designed to be installed over the existing, legitimate one. Encrypted PINs would be recorded on the fake pad, and the buyers of skimmers had to send the data back to the sellers for decryption. The sellers would then organise and take a cut of the cash-out through ‘mules,’ thus creaming off illegal transactions. Money mules are oft-unsuspecting people who respond to advertisements offering money for little work, in which money is deposited into their bank account before being forwarded on, and the mules take a percentage as their cut.A theme common to this book and McMafia is that of the economic and social landscape in countries like Brazil, Russia, India and China, where access to relatively high levels of education are combined with rising material aspirations amidst massive wealth disparities, thus creating fertile conditions for the proliferation of cybercrime. Digital interactions may be extremely challenging to track down. But if they are linked to real-world activities, such as packaging and mailing of skimming devices, then investigators can devise creative solutions when hunting their quarry. For example, in 2008, inspections of confiscated ATM skimming machines in Turkey revealed that certain models were being made in large numbers, implying that they were made in a factory, possibly in Romania or Bulgaria. The police identified the three largest shipping firms in the city of Istanbul, training the staff of courier companies to spot a skimmer (usually registered as a vehicle or machine spare part), and gave them instructions on what to do if they saw one. This eventually yielded the phone number and CCTV image of a suspect, and the arrest of several operators of an organised-crime syndicate. Striking parallels exist between the world of cyber crime and that of WWII code-breaking and espionage. Various players need to communicate information in secret and pit their coding skills against those of their adversaries. Interactions between agents occur in physical reality, as well as electronically. Thus the identities of your contacts are rarely assured- spies might be posing as someone else, communications might be intercepted and read or altered, and all this second-guessing and need for outwitting the opponent leads to an arms race with targets that are constantly shifting. Events in the digital realm have significant consequences in reality, whether they result in the movement of sums of money or the clapping of criminals into prison; the loss of soldiers or the end of a war.Minor gripes:Glenny’s riveting, slightly sensational style of writing makes this a highly-readable page-turner, on one hand, but also occasionally results in stylistic choices that detract from clarity. For example, he has a tendency of introducing new characters with dramatic flourish, structuring sentences so that a vivid description precedes their identity, and phrases it in such a way that the reader, coming across a name for the first time, hesitates for a moment, wondering if this character had already been mentioned before. One gets the distinct impression that Glenny has polished the technique of creating a snazzy sound bite by writing for magazines and newspapers- by creating a little puzzle, he engages the reader and sets the mental cogs moving. While that works fine for articles, which are relatively short, it carries less well into a book of over two hundred pages that is stuffed with dozens of characters, many of whom have screen names as well as complex and less-than-transparent real-life identities. In addition, when referring to individuals, he sometimes switches between first and last names. If you’re reading DarkMarket for the first time and are serious about keeping track of who’s who, I’d advise keeping a list of characters as they appear. There was exactly one sentence in the book that I disagreed with and found absurd- “...With further research, this could mean that it will be possible to identify hacker personality types among children who are still at school.” I can just imagine kids being administered with a hackers’ version of Myers-Briggs, and told that they belong to the ‘hacker’ or the ‘leave-untouched-er’ category. As with MBTI, all I can say is, ‘a fat lot of good that would do.’In summary: Enlightening, engaging, and extremely enjoyable. Does not go deeply into technical detail, provides basic descriptions of technology to facilitate understanding. Focused on the narrative and historical events, clearly the culmination of much research, interviewing, and sorting and organisation of facts and documents. less

Download links for: DarkMarket: Cyberthieves, Cybercops and You

Advertising