Saturday, February 13, 2010

Fatal System Error

We read every day about Eastern European crime syndicates that are involved in cybercrime, cyberwarfare, and other nefarious activities on the Internet. In many ways these organizations are block boxes, with very little information reported on who they are and how they work. Joseph Menn in his new book, “Fatal System Error,” tells the stories of two individuals, Barrett Lyon and Andrew Crocker, who have gone toe-to-toe with the evil hackers of the East. Menn has created a thrilling and informative work that delves into the specifics of these two Internet heroes.

The book starts off telling the story of a young self-taught computer whiz named Barrett Lyon. Barrett becomes an expert in fighting off Denial of Service attacks. For those looking for an in-depth technical discussion of how Barrett wards off the attacks you will need to search elsewhere. The specific approaches that Prolexic takes are not described here; which in entirely appropriate in the context of how this story is told. Most of Barrett’s initial clients were in the Internet gambling business and were located out of the United States. He founds a company, Prolexic to provide a secure hosting environment to protect his clients from the Distributed Denial of Services attacks. Unfortunately for Barrett, the politics involved in running Prolexic get in the way of its mission and he decides to move on.
One of the main goals of the attackers was to extort money from the gambling sites. After many episodes of defending against the numerous extortion attempts Barrett tries to fight back. He contacts the FBI on many occasions, without much success. However, in researching the attacks on BetCRIS, one of clients, he gets the involvement of Andrew Crocker of England’s National Hi-Tech Crime Unit.

Menn expertly transitions the story to tales of Andrew Crocker. Crocker’s goal is to identity the criminals in Russia and bring them to justice. In the telling of this story, Menn sheds significant light on to why convicted these foes is such a challenge. At the core of the problem is that the Russian government does not want these people prosecuted. On the local level bribes of police and judicial employees keep the criminals out of jail. At the national level the criminal masterminds are protected by high-level operatives in the Russian government. They touch on the periphery of the Russian Business Network and speculate that the Russian government overlooks the illegal activities of these groups because they want to use this expertise to support political aims such as the suppression of dissent and information in places such as Georgia and Estonia.

One of the conclusions that Menn and the investigators come to is that the protocols of the Internet need to be redesigned. They were developed by the US government to build a distributed, resilient network, as which they have been an enormous success. The protocols were not developed with security in mind; it was not a consideration 35 years ago. Policing the Internet with current policies is extremely difficult if not impossible because the countries of the world have different objectives and place different emphasis on these crimes.
If you want a look into the Belly of the Beast, Fatal System Error
, is a great place to start.

No comments:

Post a Comment