Tangled Web: Tales of Digital Crime from the Shadows of Cyberspace [Hardcover]

In addition to the quotes and sound bites, the author makes extensive use of the CSI/FBI survey (Power is the inspiration and driving force behind it). This study was conducted within a self-selecting audience that was expected to ESTIMATE the cost and frequency of the attacks they believe their organization experienced. It may be the best information we have, but it does not really represent a scientifically rigorous survey that can be accepted as providing an accurate understanding of the true cost or extent of computer crime. It looks impressive, but it is also designed to support the common agenda of Power's organization (the Computer Security Institute), and the FBI. Certainly the material is not intended to discourage people from attending CSI workshops.

Besides the lack of rigor in the much-quoted survey, the constant exaggeration of the monetary cost of hack-attack damages is misleading. Power delves into the pseudo-scientific again by using 7 significant figures to report on estimated costs of hacking sprees. I'm no fan of Mitnick, but quoting the inflated loss estimates provided by his victims does not make them fact. I think highly of Marcus Ranum, but he's hardly a cost accountant, so I question using his financial estimates on how much a hack attack costs a victim. To be fair, Power does follow the Ranum interview with an interview of an experienced accountant, but the fact is that nobody has any idea what the cost of information security failures really is.

If you are familiar with the CSI newsletter, you'll recognize the author's hand in this book--lots of quick anecdotes about bad things happening to good people, but no analysis. The writing follows this same newsletter writing style. Short sentences. Really short paragraphs. I find this writing style distracting, but it is a matter of personal preference, and it matches the material. This is a book that is easy to read in short bursts, which will be advantageous if you don't have a lot of time to spend on this subject.

This is a good book for an executive or neophyte who wants to read a single book that helps them understand the current nature of Internet crime, provides them a quick exposure to some of the personalities and philosophies of some prominent infocrime fighters, and concludes with solid suggestions on what needs to be done. But if you want to be a specialist in information security, then you need to read books with greater depth than this one.

This is not a meaty tome, it contains no original ideas, and the reported cost of Internet attacks is not substantiated. However, it is a quick and interesting read if you are curious and only have time for a single book.

The deep analysis and constant eye towards the "human factor" in cybercrime is powerful and important. The extent to which psychology and organizational behavior guide the development of cybercrime and the sadly "Keystone"-like countermeasures of the majority of organizational cyber-cops/marks is an important lesson. In Chapters 10 and 11, for example, we get a close look at how human frailties and organizational hubris/naivete leave even "techno-savvy" organizations open to massive, needless losses. HR departments around the country should take heart; there will be many off-site training sessions in the offing if corporate America is to secure itself, and slick new hardware/software represent only a fraction of what it's going to take.

When the book moves into the Global and Governmental arena, the full scope becomes almost overwhelming. Luckily the author keeps it moving quickly and presents the information with remarkable clarity/economy given the sheer range of material he's putting together.

This book may not absolutely keep you out of the tangled-web, but at least you'll have some idea of where the stickier strands in your neighborhood are and how to *just maybe* avoid them.

The critical review of the role of the (largely clueless and unknowing) media in the reportage of cybercrime is very welcome. Popular myths and misconceptions have got to go if this problem is to be properly illuminated and addressed.

The book details the various types of computer crimes,including "hacktivism," espionage and sabotage, fraud, tradesecret theft, and computer break-ins. Case study after case studyreveals how every element of corporate America is at risk to someaspect of digital crime.

After reading Tangled Web, no manager canhonestly think computer crime could never happen to him orher. Whether it be via the activities of Vladimir Levin, the Russiancybercriminal who stole millions from Citibank, or those of Tim Lloyd,a disgruntled network administrator who caused millions in financiallosses to his employer, in incident after incident author RichardPower shows the reader how we are indeed in the midst of acyberwar.

As corporations rush to get on the informationsuperhighway, security is often neglected to the degree that manyorganizations don't have a position as elementary as chief securityofficer. Tangled Web shows in great detail the effects of excludinginformation systems security from a corporate infrastructure, and itisn't pretty...