Back
Scott J. Shapiro: Fancy Bear Goes Phishing (2023, Farrar, Straus & Giroux) 4 stars

Fancy Bear Goes Phishing is an entertaining account of the philosophy and technology of hacking—and …

The dark side of the information age in five extraordinary hacks

4 stars

Em português → sol2070.in/2023/07/O-lado-escuro-da-era-da-informa%C3%A7%C3%A3o-em-cinco-hacks-extraordin%C3%A1rios

That is the subtitle of the non-fiction book "Fancy Bear Goes Phishing" (2023) by Scott J. Shapiro. It's a fairly accurate description of the content. This "dark side" refers more to the fragility and vulnerabilities of information systems, which end up allowing the most varied types of hacking, but the dark world of varied types of hackers is also well portrayed, even in the most internal aspects, such as motivations and resentments, with a lot of dialogue with the work of researchers who studied this in depth.

The author is a professor of law and philosophy, but also shows himself to be a genuine computer geek. In addition to his familiarity with the subject since his youth, he has delved deeper into the topic of digital security in preparation for this book. So there is no shortage of technical details of the intrusions portrayed and, due to his teaching experience, Shapiro manages to keep it interesting and, at the same time, didactic.

I just didn't like the forays into the intricacies of law as much, but they don't compromise the book.

The author's thesis is that the most fundamental vulnerability of computer networks is not in the technologies themselves, but in what he calls the "upcode", which is the dominant culture in a given institution (for example, the idea that digital security is something secondary), as opposed to the "downcode", the code or technology used.

He demonstrates this by analyzing the entire context of these major intrusions, starting with the first network virus, which exploited Unix sendmail in 1988, to botnet attacks with the power to break a country's internet, which appeared less than ten years ago.

For anyone interested in digital security, hacking or would just like to know more about it, it's worth it. And not only as an introduction, there are several tasty stories and technical details also for those with more experience.