Cyberwars: Espionage on the Internet

In the recent flood of cyberspace publications, this book at best adds a mere trickle to the literature. While the author presents some interesting perspectives on United States­French competition in industrial espionage (in fact, the book is translated into English from French), the faulty technical details present throughout ultimately sink this effort.

The author's disconnect with technology stands out in his discussion of the Clipper chip, which is now installed in most standalone voice encryptors sold in the United States--but in few other applications. The author contends that the National Security Agency proposes to add the chip to every telephone manufactured in the United States. This statement is both illogical and wrong. Analog phones, which can't take chips, continue to be widely manufactured because they are far more affordable than digital phones. Moreover, digital phones are generally hooked to analog lines and don't use encryption. Thus, installing Clipper in all phones makes no sense.

The author even confuses commonly known security details. In a discussion of phone phreaking, for example, he claims that the publication titled 2600 was named after the frequency generated by a quarter as it plunks into the slot in a pay phone. In fact, the publication's title derives from the frequency in hertz of a supervisory tone used to bypass toll equipment.

And in places the book lapses from a balanced discussion into political commentary. For example, after criticizing filtering programs that block access to pornographic and other objectionable Web sites, the author states that "The fun for those who devote themselves to censorship is the daily discovery of new sites that they can condemn and prohibit."

Instead of providing new material, this book is essentially a collection of accounts of computer intrusions previously published in newspapers. Security managers seeking a digest of hacking articles might find some value in this book, but it is not recommended for serious practitioners.

Reviewer: Gordon Mitchell, Ph.D., manages Future Focus, a Seattle-area company that gathers clues from hard disks for commercial clients. He is a member of ASIS. D&M company for scientific research

Rating:
Summary: European Perspective on Cyberwar
Review: Jean, a nationally-respected journalist in France who has covered espionage matters for decades, is the author of one of those rare French books that make it into the U.S. marketplace. Translated into English after great reviews in Europe, it charts the migration of European and Anglo-Saxon intelligence professionals into cyber-space.

Rating:
Summary: A pseudo-tech book written by someone who hasn't a clue.
Review: This book is a lightweight in the recent flood of cyberscare publications. It presents some interesting perspectives on US-French competition in the world of industrial espionage but overall it is not very informative. Its principal failing is that it is a book about technology that butchers technical details.

The author's disconnect with technology is demonstrated in his discussion of the Clipper chip. Clipper is now installed in most stand-alone voice encryptors that are sold in the US. At the beginning of each phone call a new session key is shared between the two callers. It is not practical to find this session key by guessing but a separately encrypted version is sent along with the conversation. The session key can be discovered by government agencies through appropriate procedures. The author's discussion of this states that a NSA proposal "...would add a device called the clipper chip to every telephone or computer manufactured in the United States." For most phones that use analog transmission of voice this would clearly make no sense. Apparently the author missed the issue entirely.

In places the book becomes more of a political platform than a balanced discussion. After condemning filtering programs that block access to porn sites he states that "The fun for those who devote themselves to censorship is the daily discovery of new sites that they can condemn and prohibit"

Even commonly known security details are missed. In a discussion of phone phreaking the author states that the publication titled 2600 was named after the frequency that a quarter made when falling into a pay phone. 2600 Hertz is actually the frequency of a supervisory tone that was used to bypass toll equipment.

In an evaluation of the hacker Kevin Mitnick's his technical abilities were rated as #2 in the world. I am personally aquatinted with associates of Mitnick who state that he is a technical wannabe that excels only in dumpster diving and social engineering.

[exerpted from a review for Security Management -- all rights reserved by the author]