The summer season is upon us, and we thought some of these classic books, news articles or podcasts could be on your summer reading list. Here are some of our picks.
The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage, by Clifford Stole
An astronomer by training, Clifford Stole managed computers at the Lawrence Berkeley National Laboratory (LBNL) in California. One day in 1986 his supervisor asked him to resolve an accounting error of 75 cents in the computer usage accounts. Stoll traced the error to an unauthorized user - a hacker who had acquired access to the LBNL system by exploiting a vulnerability in the movemail function of the original GNU Emacs.
This book is considered a classic; when it was published in 1989, it was one of the first, if not the first, documented cases of a computer break-in, and Stoll seems to have been the first to keep a daily logbook of the hacker's activities. Stoll made contact with the FBI, the CIA, and the NSA, and other federal agencies in the course of his investigation.
This Is How They Tell Me the World Ends: The Cyberweapons Arms Race, by Nicole Perlroth
Nicole Perlroth’s book, “written in the hot, propulsive prose of a spy thriller,” according to The New York Times, tells the story of the cyberweapons market-the most secretive, government-backed market on earth-and a terrifying first look at a new kind of global warfare. For decades, under cover of classification levels and nondisclosure agreements, the United States government became the world's dominant hoarder of zero-days. U.S. government agents paid top dollar- first thousands, and later millions of dollars-to hackers willing to sell their lock-picking code and their silence. Then the United States lost control of its hoard and the market. Now those zero-days are in the hands of hostile nations and mercenaries who do not care if your vote goes missing, your clean water is contaminated, or our nuclear plants melt down. Filled with spies, hackers, arms dealers, and a few unsung heroes, and written like a thriller and a reference, This Is How They Tell Me the World Ends is an astonishing piece of journalism. Based on years of reporting and hundreds of interviews, Nicole Perlroth lifts the curtain on a market in shadow, revealing the urgent threat faced by us all if we cannot bring the global cyber arms race to heel.
The next two book recommendations come from the article “Five Books Every Cybersecurity Buff Must Read” from Cal State Long Beach. We’ve selected the two that feel most relevant and interesting, although be sure to check out the full list of recommendations.
The Art of Deception, by Kevin D. Mitnick
Mitnick shares exhilarating accounts of a series of successful cyberattacks on governments and businesses. Mitnick expertly narrates these events from the victim and the attacker’s point of view, giving his readers a look inside the mind of a true con artist. In addition to caution tales, the book also includes recommendations for how to guard against both common and uncommon cyberattacks. If you have any interest in how hackers work to exploit your information and/or expanding your knowledge around protecting your personal or professional information, this book is for you.
We Are Anonymous, by Parmy Olson
Olson offers an extraordinary and robust account of how a handful of hackers worldwide joined forces to commit cybercrime and create chaos across the globe. Although this is a novel, it is based on Olson’s real life experience meeting with some of the most notorious hackers in history and includes exclusive interviews with all six members of LulzSec. Olson offers readers a history lesson and an entirely new perspective on how they perceive their digital privacy in the midst of a propulsive story. If you enjoy reading about high profile criminal activity through the lens of an investigative journalist, We Are Anonymous is for you.
For those who may not have enough time to read some of these books, we recommend some recent articles about the cyber industry.
According to Forbes, the $50 billion retail behemoth Simon Property has granted police access to its AI car surveillance feeds from Flock Safety, which is monitoring vehicles visiting Simon malls via Flock Safety’s license plate recognition system. Shopping malls, of course, are heavily surveilled places, with visitors watched by CCTV cameras and security guards watching for shoplifters. Simon Property, America's biggest mall owner and a $50 billion retail giant, has chosen to take that surveillance a step further by using AI-powered cameras to send footage of visitors' cars directly to local police, according to emails Forbes obtained via public records requests.
Ron Reiter was a childhood hacker in Israel. He was recruited into the IDF’s elite Unit 8200 for his military service. Now he is CTO and co-founder of the cybersecurity firm Sentra. Reiter’s career is not atypical – starting in early years he started just messing with friends’ computers to be “more interesting,” becoming a hacker in his teens and early twenties, and then going on to co-found a cybersecurity company. The details, however, are less typical. When asked if he was a hacker, he replied, “Yes, I am a professional hacker.”
TechCrunch has another angle on Flock Safety, the multibillion-dollar startup. As of May 15, 2024, Flock Safety uses solar powered Solar Condor cameras, and wireless 5G networks which makes the cameras easier to install. Using solar power means that the company’s plan to “blanket the country” with cameras is easier than it once was. The Condor camera system is powered by “advanced AI and ML that is constantly learning with cutting-edge video analytics” to adapt to changing needs, and that “With solar deployment, Condor cameras can be placed anywhere.” However, the company has drawn resistance and scrutiny from some privacy advocates, including the ACLU.
As reported by The Record, more than 90 percent of submissions to the U.S. government's National Vulnerabilities Database have not been analyzed or enriched since the agency announced cutbacks in February, new research shows. The National Vulnerability Database — a critical information resource for cybersecurity defenders — has been forced to limit its operations due to funding shortages and an influx of vulnerabilities. The Cybersecurity and Infrastructure Security Agency (CISA) pledged to take other actions to help add information to vulnerability management processes. Lawmakers have argued that the National Institute of Standards and Technology (NIST) — which maintains the vulnerability database — should be fully funded to address the current issues.
According to CNBC, Microsoft has come under fire recently from both the U.S. government and rival companies for its failure to stop a Chinese hack of its systems last summer. One change the tech giant is making in response: linking executive compensation more closely to cybersecurity. In April, a government review board described a hack of Microsoft last summer attributed to China as “preventable.” The U.S. Department of Homeland Security’s Cyber Safety Review Board pointed to “a cascade of errors” and a corporate culture at Microsoft “that deprioritized enterprise security investments and rigorous risk management.” The decision by Microsoft to link executive compensation to successful cybersecurity performance is prompting discussions at other firms.
According to MSN, cyberattacks targeting water utilities across the country have increased in frequency and severity, according to the U.S. Environmental Protection Agency (EPA). On May 20 the agency warned community water systems to take immediate steps to reduce cybersecurity vulnerabilities and protect the nation's public drinking water supplies. In a news release, the EPA said it issued an enforcement alert detailing "urgent cybersecurity threats and vulnerabilities" to community drinking water systems. The agency found that some water systems failed to change default passwords and cut off access to former employees in addition to only using single logins for all staff. A majority of water systems — over 70 percent — inspected by the EPA since last September violated standards in the Safe Drinking Water Act, according to the alert.
When the activities of Russian hacker groups are exposed in a major public report and tied to a government agency—such as the Russian military's Sandworm unit, which has targeted Ukrainian electrical utilities to trigger three blackouts over the past decade, or the Russian foreign intelligence service's APT29, which is believed to have carried out the notorious SolarWinds supply chain attack—they tend to slink into the shadows and lay low until their next operation. Only this time they responded to Wired.
Trying to stay on top of all the threats of the digital world can be a headache. According to NordVPN, at least one of these podcasts should cure the headache.
Here’s a take from CTO Club on the top 20 podcasts. These 20 podcasts are recommended from the CTO Club and detail what top cybersecurity podcasts say about IoT, online privacy, and the security industry.
For those who want to hear from cybersecurity professionals, their career journeys, challenges they've faced, and their views on the current and future state of cybersecurity. Douglas Brush brings a personal touch to each interview, offering listeners the chance to learn directly from the experiences and wisdom of seasoned security experts.
According to CSO, these are the 12 best podcasts as recommended by CISOs/security leaders.
So, enjoy your summer and the reading and listening. While you’re at it, we realize that many of you have extra time during the summer and it’s a good time to make plans for the upcoming year. Don’t forget to include CYRIN in those plans. Now is a good time to get a quick demonstration, some access to the system and a real understanding of what CYRIN training can do for you.
Our tools and our virtual environment are perfect for a mobile, remote workforce. People can train at their pace, with all the benefits of remote work, remote training, and flexibility. Cyber is a team effort; to see what our team can do for you take a look at our course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself!