Lorilee Woods

Menu
Home
Software Evaluation
Book Review
Policy Analysis
Future Forecast
INLS 187

Book Review:

 

CYBERSHOCK:

Surviving Hackers, Phreakers, Identity Thieves, Internet Terrorists, and Weapons of Mass Disruption

 

by Winn Schwartau

 

 

REVIEW:

Schwartau, Winn. (2000) CyberShock: Surviving hackers, phreakers, identity thieves, internet terrorists and weapons of mass disruption. Thunder's Mountain Press: New York.

 

 

WHO’S IT FOR?

This book gives an overview of the "hacker" culture, namely what a hacker is, what they do and how to deal with them.  Schwartau is writing to an audience that has limited knowledge of what computer and personal security entails.  It is for the "5.99 billion people on the planet who have no idea what PCCIP, TCP/IP, CGI, FTP, DES, or API mean, and who probably don't care" (p. xxii).  Schwartau writes this book to make people scared; “Hopefully by the end of this book you will know who to be scared of, what the real personal, corporate, and national hacking issues are, and what you can do about it.” (p. 51)

 

WHAT IS HACKING?

He goes over a broad set of definitions of what a hacker is and maintains that most people with a little curiosity have a little hacker in them.  “Doing more with less” (p. 9) and using creativity to solve problems as in engineering and innovativeness are related to the process of hacking.  “Hacking is the abuse of technology” (p. 34) and it requires knowledge, creativity, and the capability. 

 

WHO ARE HACKERS?

Schwartau warns against stereotyping hackers as white males with dysfunctional upbringings, involved with drugs and alcohol, are smart but perform low in school, have addictive behaviors, are narcissistic, and don't have a life (p. 36).  But he acknowledges that some of them are “driven by their emotional need for bragging rights and recognition” (p. 38) while avoiding the necessary details of the exploit.

 Schwartau gives an excellent description of the types of hackers that exist in his section “Hackers (Haxorz, Haxors)” on page 36.  Here is a list of the hackers that he includes:

  • Elite (uber hacker)
  • White Hats
  • Black Hats
  • Ethical Hackers
  • Crackers
  • Phreakers
  • Script Kiddies, Wannabes, Push-Button Hackers 
  • Warez Dudez 
  • Criminals
  • Terrorist Hacking
  • Nation-State Hacking
  • US Information Warriors 
  • Hacker Gangs

  

DANGERS

He outlines the dangers of having apathy towards hacking.  Even in government agencies there are slow response rates to instances of “hacking” and many do not know that they have received an unwanted invasion.  Identity theft is a big aspect he covers to help people be aware of personal information.  Big corporations that require Social Security Numbers for their consumers risk an invasion to personal privacy.  It is easy for anyone to pretend that they are someone else over the phone with the right information.  This can create a world of damage to credit records and personal finances. 

 

HOW THEY DO IT

Hackers accomplish their goals by being anonymous; “There are many different ways to make yourself anonymous on the Internet, depending upon your goals and motivations” (p. 155).  Hackers can use various methods to take advantage of personal information.  While taking advantage of telephone systems was one of the original ways to hack, there are many other complex tools (p. 195).  There are tools out there that are designed to crack personal passwords are “now freely available and highly sophisticated” (p. 166).  Hackers can “sniff” (p. 176) a network and find out passwords, dialogues, and other unsuspecting information.  Viruses can be malicious programs that are put onto your computer and makes copies of itself, and they are on the rise (p. 212).  Trojans are programs that run without your knowledge, and can expose your computer to debilitating problems (p. 201). And while cryptography seems to be a secure way to send your email, there are ways to hack into encrypted information by just the stupidity of leaving your password near your computer (p. 241). 

 

BIGGER PROBLEMS

Schwartau goes over some of the “bigger” or more violent ways that criminals or in this case terrorists can breach the security of the U.S. by crashing computers.  He calls them “weapons of mass disruption” (p. 286).  An example of one of these weapons is an EMP, an Electro-Magnetic Pulse bombs, and “instead of causing a tremendous physical explosion, the EMP bomb radiates intense pulses of high-energy electromagnetic energy that spells death and destruction to computers, radar and all things electronic” (p. 286).  These weapons could be a major problem, but the actual threat of them is based mostly on speculation.

 

 

 

CRITIQUES:

USES

Schwartau does an excellent job of defining the complex nature of the phenomenon of hacking.  He goes into who does it, why people do, and how they do it.  There are good aspects to hacking and bad ones, and he does not let the reader stick to stereotypes of hacking.   

Also, his descriptions of the types of hacking that normal people are vulnerable to are in simple English.  This can help the average person understand the tools that are used in hacking without having to already know technical terms.  Schwartau gives tips and guidelines on how to protect personal privacy both online and off.  There are also resources at the end of each section that can guide the reader further to protecting themselves from invasions.

 

SHORTCOMINGS

At times he seems to muddle his definitions.  He says “hacking is the abuse of technology” (p. 34) and asserts that scientists, engineers, and corporations can be a part of that, but then only includes “anyone truly proficient in software coding (programming), debugging systems, or identifying vulnerabilities and weaknesses in networks and computers” as people who fit the definition (p. 36).

Schwartau takes the complex definition of “hacker” very personally.  He asserts that “in our souls, many of us are hackers by our very nature” (p. 5) and compares its complexity to love and sex.  While I agree with him that hacking is a very complex and misunderstood concept, I am skeptical to accept his comparison to such universal and timeless concepts of human nature.

There are also some instances when Schwartau includes stories to give examples of his argument that seem irrelevant to the context of the book.  He includes a transcript of a telephone conversation with information that is little more than a prank call by grown men at a hacker convention (p. 63).  Another transcript he uses is one that outlines his conversation with a security guard harassing him about his technology research documents at an airport.  While these two examples were a good laugh, he fails to specifically acknowledge their relevance and relate them back to what hacking is.  Especially since his readers are “average” in their knowledge and experiences with information security, these instances have little significance to the topic at hand.  Are they really breaches of security?  I suppose with a broad definition of hacking, they could be.

 

 

SUGGESTIONS

Similarly he likes to make fun of the “stupidity” or ignorance of people’s knowledge of computers even though he is including these people in his reading audience.  For instance, Schwartau states that, “It astounds me that people are under the impression that a human can catch a computer virus and get ill” (p. 216).  And, in conclusion to a transcript of a HelpDesk conversation where the caller is having trouble with using a computer in a power outage, "Tell them you're TOO STUPID TO OWN A COMPUTER! [slam]” (p. xxvi).  Schwartau could use fewer attacks to people who lack common sense and more attention to the issues of hacking.

 Overall, the book was great at describing the vulnerabilities that information systems and computers have, but it could be more uniform in its content.  Schwartau jumps from personal security measures that involve ripping up important personal documents to terrorist attacks against the United States infrastructure.  While this topic is interesting, he does not stick with topics that individual “average” people deal with.  In other instances he gives tips to better secure computers from attacks, but in this case individuals are unable to protect themselves from this.  Also, he states that “None of the allegations could be proved” (p. 309) and “never been confirmed in non-classified forums” (p. 310) so the reader is left speculating just how big of a problem these weapons are.