Computer fraud and hacking Books

Book SynopsisThe government of the People''s Republic of China (PRC) is a decade into a sweeping military modernisation program that has fundamentally transformed its ability to fight high tech wars. The Chinese military, using increasingly networked forces capable of communicating across service arms and among all echelons of command, is pushing beyond its traditional missions focused on Taiwan and toward a more regional defence posture. This book presents a comprehensive open source assessment of China''s capability to conduct computer network operations (CNO) both during peacetime and periods of conflict, and will hopefully serve as a useful reference to policymakers, China specialists, and information operations professionals.

Read more less

Book Synopsis

Read more less

Book SynopsisStep into the shoes of a master hacker as he breaks into an intelligent, highly defensive Windows environment. You'll be infiltrating the suspicious (fictional) offshoring company G & S Trust and their hostile Microsoft stronghold. While the target is fictional, the corporation's vulnerabilities are based on real-life weaknesses in today s advanced Windows defense systems. You'll experience all the thrills, frustrations, dead-ends, and eureka moments of the mission first-hand, while picking up practical, cutting-edge techniques for evading Microsoft's best security systems.Trade Review"How To Hack Like a Legend is a well written, story lead, day in a life of a hacker taking you into his hacking mindset and showing the reader even failure can be turned into a successful hack. This sort of hands-on material is normally only ever gained through experiences in real life. Above all, being able to get all this information down on paper and wrapping it all up with a fictional story really shows Sparc knows what he’s talking about."—Security Tutorials"Another great hacker plot by Spark Flow. This is the 7th book in his series on penetration testing, and like the rest it does not disappoint . . . Short, engaging, technical, and really fun."—LockBoxx: A Hacker's Blog"A good addition to his series. It covers many more topics to the existing others. This book is available to everyone because all tools and techniques presented are open sources."—OnlineBooksReview"What sets this book apart from other cyber security books is the unique plot it follows . . . The book is written for penetration testers and red teamers, but if you have some knowledge in IT do not hesitate to pick it up. It is a great read and Sparc Flow details step-by-step every line of code and obscure tip to make it understandable by everyone."—Tech Guide and Reviews"A good introduction to the entire process of infiltrating and compromising a network from beginning to end, and the kind of logical and creative thinking needed to successfully compromise a well secured environment."—Darlene Hibbs, Senior Cybersecurity Researcher, Fortra

Read more less

Book SynopsisIn the age of hacking and whistleblowing, the internet contains massive troves of leaked information containing goldmines of newsworthy revelations in the public interest - if you know how to unravel them. For investigative journalists or amateur researchers with or without prior programming knowledge, this book gives you the technical expertise to find and interrogate complex datasets, transforming unintelligible files into ground-breaking reports. Through hands-on assignments and examples that highlight real-world cases, information security expert and well-known investigative journalist Micah Lee guides you through the process of analysing leaked datasets from governments, companies, and political groups. You'll dig into hacked files from the BlueLeaks dataset of law enforcement records, analyse social media traffic from those behind the 2021 insurrection at the US Capitol, hear the exclusive story of privately leaked data from the anti-vaccine group America's Frontline Doctors, anTrade Review“Micah’s book is a fantastic and friendly introduction for journalists, activists, and anyone else who is interested in learning to analyze large data sets but has been too intimidated by the technical details. I hope this book will inspire more people to find the stories inside the data.”—Eva Galperin, Director of Cybersecurity at the Electronic Frontier Foundation “Masterfully breaks down how to handle a data leak and provides the reader with hands-on examples to hone their skills. If only I had this book when I broke the news of the Epik data breach!”—Steven Monacelli, Special Investigative Correspondent at the Texas Observer “For more than a decade, Micah Lee has been on the cutting edge of protecting journalists and their sources from surveillance. It's a gift to all of us that he has downloaded his wisdom into this highly readable and vitally important guide.”—Julia Angwin, Investigative Journalist at The New York Times “Thanks to whistleblowing leaks, gold mines of valuable digital data now exist. There is no better account than Micah Lee’s lively and readable how-to guide for arming journalists and researchers with the tools necessary to find, excavate, and make sense of this rich data. Sourced from Lee’s experiences mining data for his hard-hitting journalistic exposes, readers will come away inspired and equipped to follow in his footsteps.”—Gabriella Coleman, Harvard Professor, Founder of Hack_Curio, and Tor Project Board Member “As a journalist who has been working with data breaches for close to ten years, actually getting to grips with that data is often the hardest part of any reporting project. Lee's clear and concise book will be an invaluable resource for reporters or researchers just dipping into this sort of data, or those looking for new techniques. I will certainly be using some of the tools myself. Hacked and dumped datasets are rich sources of information that are in the public interest, and Lee's book will only increase the number of important stories others are able to extract from them.”—Joseph Cox, Senior Staff Writer at Motherboard/Vice Media “Seamlessly blends real-world stories of whistleblowers and data dumps with a top to bottom guide on how to approach those very scenarios yourself. From protecting sources to accessing leaked data, no page is wasted. A must-read for any researcher or journalist regardless of experience.” —Mikael Thalen, Tech and Security Reporter at The Daily Dot “The world is awash in hacked and leaked data, and any investigator or journalist hoping to handle it safely and find the newsworthy threads needs to buy this book. Micah's step-by-step approach to the ethics, safety and tooling is both approachable for the average person with even basic data skills and will also be useful for those with an advanced background. A guide like this was waiting to be written.”—AJ Vicens, Reporter at CyberScoop"A comprehensive yet highly digestible resource that I would wholeheartedly recommend to anyone remotely interested by modern journalism [practices]." —Julien Voisin, Artificial Truth“Of special interest for anyone concerned with the increasing issues around cyberspace and internet database security, Hacks, Leaks, and Revelations must be considered basic, fundamental reading.”—Midwest Book ReviewTable of ContentsIntroductionPart 1: Sources and DatasetsChapter 1: Protecting Sources and YourselfChapter 2: Acquiring DatasetsPart 2: Tools of the TradeChapter 3: The Command Line InterfaceChapter 4: Exploring Datasets in the TerminalChapter 5: Docker, Aleph, and Making Datasets SearchableChapter 6: Reading Other People's EmailsPart 3: Writing CodeChapter 7: An Introduction to PythonChapter 8: Working with Data in PythonPart 4: Structured DataChapter 9: BlueLeaks, Black Lives Matter, and the CSV File FormatChapter 10: BlueLeaks ExplorerChapter 11: Parler, the Insurrection of January 6, and the JSON File FormatChapter 12: Epik Fail, Extremism Research, and SQL DatabasesPart 5: Case StudiesChapter 13: Pandemic Profiteers and COVID-19 DisinformationChapter 14: Neo-Nazis and Their Chat RoomsAfterwordAppendixesAppendix A: Using the Windows Subsystem for LinuxAppendix B: Scraping the Web

Read more less

Book SynopsisIn the City of London, the scent of money and power lingers in the corridors of the shiny office buildings and clings to the suits of the men who work in them. Chasing that scent is the only thing that matters. But not to Katy Daly. She has spent her life working in the City, but wealth and power are things granted to other people. Her childhood was shattered by the pursuit of them, and since then she's coasted along on a course of risk-avoidance and underachieving. Then Katy starts working for Riley Daniels, the beautiful and charismatic CEO of Byrsa, one of the most successful yet secretive tech companies in the world. Katy can't help but be fascinated by this clever, fiercely ambitious woman making it in a man's world. Riley has a way of making her wonder if there could be more to life than letting other people shape your destiny. But power comes at a cost. As Katy is drawn deeper into Riley's intoxicating world, she is forced to confront who she is, who she has become, and how far she will go to protect Riley's secrets - and her own.

Read more less

Book SynopsisIn the space of one election cycle, authoritarian governments, moneyed elites and fringe hackers figured out how to game elections, bypass democratic processes, and turn social networks into battlefields. Facebook, Google and Twitter – where our politics now takes place – have lost control and are struggling to claw it back. Prepare for a new strain of democracy. A world of datafied citizens, real-time surveillance, enforced wellness and pre-crime. Where switching your mobile platform will have more impact on your life than switching your government. Where freedom and privacy are seen as incompatible with social wellbeing and compulsory transparency. As our lives migrate online, we have become increasingly vulnerable to digital platforms founded on selling your attention to the highest bidder. Our laws don’t cover what is happening and our politicians don’t understand it. But if we don’t change the system now, we may not get another chance.Trade Review‘Excellent.’ * New Statesman *‘Democracy Hacked gets beyond the headlines – a compelling, informed and highly readable account of how democracy is being disrupted by the tech revolution, and what can be done to get us back on track. One of the best expositions I’ve read yet of what is the biggest political challenge of our generation.’ -- Jamie Bartlett, author of The People Vs Tech and The Dark Net‘Enormously wide-ranging and deeply researched, this is the definitive account of how digital technology has changed the entire political landscape, with profound consequences for democracy. From Brexit to Trump, and from Estonia to the Philippines, Martin Moore uncovers the real stories behind the fake ones. You’ll discover that the truth is often stranger than fiction and that the future is more open than you think.’ -- David Runciman, author of How Democracy Ends‘The world is belatedly waking up to some frightening realities about the intersection of digital technologies and the health of democracies. Martin Moore’s book is a sharp wake-up call – ambitious in its sweep and urgent in its important message.’ -- Alan Rusbridger, author of Breaking News‘Eye-opening… An important, timely, and clearly written look at a crucial subject.’ * Booklist *‘Moore demonstrates how data has affected elections across the world, in the Philippines, Turkey, India, Iran, Britain and beyond... Engrossing, instructive, and urgently necessary.’ * Kirkus *

Read more less

Book SynopsisWould you say your phone is safe, or your computer? What about your car? Or your bank? There is a global war going on and the next target could be anyone – an international corporation or a randomly selected individual. From cybercrime villages in Romania to intellectual property theft campaigns in China, these are the true stories of the hackers behind some of the largest cyberattacks in history and those committed to stopping them. You’ve never heard of them and you’re not getting their real names. Kate Fazzini has met the hackers who create new cyberweapons, hack sports cars and develop ransomware capable of stopping international banks in their tracks. Kingdom of Lies is a fast-paced look at technological innovations that were mere fantasy only a few years ago, but now make up an integral part of all our lives.Trade Review'Reads like a thriller... You probably couldn't tell a lot of the stories she tells as straightforward pieces of journalism... And, arguably, you learn far more about this world the way Fazzini tells it than you would in a sober news story.' * The Times *‘Kate Fazzini is the rare top-level reporter who can make you see, smell and feel a hidden world, not just understand it. Cybercrime (and security) has found its Michael Lewis.’ -- Bret Witter, co-author of the New York Times bestseller The Monuments Men"Written almost like a novel, Kingdom of Lies, offers a vivid account of how these gangs of black hat hackers spreading from Romania to China extort money from individuals like me and the most powerful Wall Street banks, and how the white hats are trying to stop these people who can halt global companies in their tracks and produce digital campaigns to sway popular opinion." * The Times *‘Kate Fazzini has crafted a gripping page-turner that is all too timely and real. Good luck putting it down – or going to sleep once you do.’ -- Marc Guggenheim, producer of Law & Order and executive producer of Wizards‘Kate Fazzini’s work breaking complex cybersecurity news down for a consumer audience is critical. She is tackling this unconventional topic by providing an alternative perspective on the threat, actors and convoluted dynamics.’ -- Dr Frederic Lemieux, Faculty Director of the Applied Intelligence and Cybersecurity Programs, Georgetown University‘Cybersecurity isn’t just ones and zeros, it’s also about the people who sit behind the keyboards – something Fazzini describes in vivid detail.’ -- Naveed Jamali, former US Naval Reserve intelligence officer and author of How to Catch a Russian Spy

Read more less

Book SynopsisThis is the ultimate guide to protect your data on the web. From passwords to opening emails, everyone knows what they should do but do you do it?''A must read for anyone looking to upskill their cyber awareness'' Steve Durbin, Managing Director, Information Security ForumTons of malicious content floods the internet which can compromise your system and your device, be it your laptop, tablet or phone. How often do you make payments online? Do you have children and want to ensure they stay safe online? How often do you sit at a coffee shop and log onto their free WIFI? How often do you use social media on the train or bus? If you believe using an antivirus software will keep devices safe... you are wrong. This book will guide you and provide solutions to avoid common mistakes and to combat cyber attacks.This Guide covers areas such as: Building resilience into our IT Lifestyle Online Identity Cyber Abuse: Scenarios and Stories Protecting Devices Download and share Gaming, gamble and travel Copycat websites I Spy and QR Codes Banking, apps and Passwords Includes chapers from Nick Wilding, General Manager at AXELOS, Tim Mitchell, Content Director at Get Safe Online, Maureen Kendal, Director at Cybercare, Nick Ioannou, Founder of Boolean Logical, and CYBERAWARE.''Conquer the Web is a full and comprehensive read for anyone wanting to know more about cyber-security. It takes it time to explain the many acronyms and jargon that are associated with our industry, and goes into detail where necessary.'' Sarah Jane MD of Layer8 Ltd''Online fraud, cyber bullying, identity theft and these are the unfortunate by products of the cyber age. The challenge is how do we protect ourselves in the online world? Conquer the Web provides practical guidance in an easy to understand language that allows readers to take a small number of steps that will greatly increase their online security. A must read for anyone looking to upskill their cyber awareness.'' Steve Durbin MD of Information Security Forum Limited

Read more less

Book SynopsisOn 4 May 2000, an email that read ‘kindly check the attached LOVELETTER’ was sent from Philippines. Attached was a virus, the Love Bug, and within days it had paralysed banks, broadcasters and businesses across the globe. The age of Crime Dot Com had begun. Geoff White charts the astonishing development of hacking, from its birth among the ruins of the Eastern Bloc to its coming of age as the most pervasive threat to our connected world. He takes us inside the workings of real-life cybercrimes, revealing how the tactics of high-tech crooks are now being harnessed by nation states. From Ashley Madison to election rigging, Crime Dot Com is a thrilling account of hacking, past and present, and of what the future might hold.Trade Review‘Arguing that cybercrime has grown in power and in danger, journalist White offers a well-written, expertly researched examination of the topic. Relying on published reports and in-depth interviews, the author looks at three different facets: cybercrime gangs, 'hacktivist' movements, and ways in which nation states use cybercrimes. White is at his best when describing this seemingly legally sanctioned hacking, such as in Russia and North Korea. In vivid detail, he explores the 2015 raid on Bangladesh’s Central Bank; the movement Anonymous, which has made attacks on governments; and ways in which data is hacked for profit . . . This is a fascinating, often gripping read, and a solid update to Brian Krebs’s Spam Nation . . . For true crime and technology enthusiasts in search of an overview of cybercrime.’ — Library Journal ‘Journalist White uses the stories of different hacks, dating from the 1980s to the 2016 election, to connect illicit activity on the earliest Internet forums to today's cyberattacks by hacktivists and state-sanctioned hacking teams. He humanizes this history by highlighting the people behind the tech: the Filipino student who unleashed the Love Bug, one of the first global cyberattacks to rely on psychological manipulation; the former cybercriminal who worked with the FBI to bring down Silk Road, a dark Web black market for illegal drugs (a scheme that involved him faking his own death); and the audio producer who lost thousands of dollars in a scam that exploited personal information stolen from telecommunications company TalkTalk.’ — Scientific American ‘Beginning with a tour of hacks from the 1980s through to the 2016 election (and a thrilling account of the 2015 Bangladesh Central Bank heist), this is a fascinating primer on the dangers of the cyber underworld, which includes hacktivist movements, cyber gangs, and nation-state attacks.’ — Globe and Mail, Toronto ‘Brilliantly researched and written, Crime Dot Com is a vivid insight into the scale of the threat to us all from crime born of and facilitated by the digital age.’ — Jon Snow, Channel 4 News ‘Geoff White is one of the most authoritative reporters on cybercrime and Crime Dot Com is an informative, accessible and entertaining tour of the cyber underworld. If you want to understand everything from ransomware to nation state attacks on key infrastructure this is an excellent primer.’ — Rory Cellan-Jones, BBC News ‘Geoff White offers up a comprehensive and intelligible account of the elusive world of hacking and cybercrime over the last two decades. He ranges from the lone hacktivist to state-sponsored surveillance, from the Love Bug to the Lazarus Group, from Snowden’s revelations to the Huawei controversy. His book is, thankfully, jargon-free, keeping a tight focus on the humans involved rather than the technology. It is lively, insightful and, often, alarming.’ — Ewen MacAskill, former Chief Political Correspondent for the Guardian ‘Geoff White writes with insight and flair about a subject that concerns everyone – or should do. Criminals, hooligans, hostile state actors and terrorists attack our computers and networks every minute of every day. Our money, security and freedom are at risk. Yet the public is still pitifully unaware of the threats we face – and what we need to do to protect ourselves at an individual, business and government level. Crime Dot Com joins the dots, painting a well-informed, easy-to-understand and up-to-date picture of the mounting dangers caused by our complacency, greed and ignorance.’ — Edward Lucas, author of Deception: Spies, Lies and How Russia Dupes the West

Read more less

Book SynopsisCyberspace opens up infinitely new possibilities to the deviant imagination. With access to the Internet and sufficient know-how you can, if you are so inclined, buy a bride, cruise gay bars, go on a global shopping spree with someone else's credit card, break into a bank's security system, plan a demonstration in another country and hack into the Pentagon − all on the same day. In more than any other medium, time and place are transcended, undermining the traditional relationship between physical context and social situation. This book crosses the boundaries of sociological, criminological and cultural discourse in order to explore the implications of these massive transformations in information and communication technologies for the growth of criminal and deviant identities and behaviour on the Internet. This is a book not about computers, nor about legal controversies over the regulation of cyberspace, but about people and the new patterns of human identity, behaviour and association that are emerging as a result of the communications revolution.Table of Contents1. Crime, deviance and the disembodied self: transcending the dangers of corporeality 2. Policing the Net: crime, regulation and surveillance in cyberspace 3. Cyberpunters and cyberwhores: prostitution on the Internet 4. The electronic cloak: secret sexual deviance in cybersociety 5. Cyber-chattels: buying brides and babies on the Net 6. What a tangled web we weave: identity theft and the Internet 7. Cyberstalking: an international perspective 8. Maestros or misogynists? Gender and the social construction of hacking 9. Digital counter-cultures and the nature of electronic social and political movements 10. Investigating cybersociety: a consideration of the ethical and practical issues surrounding online research in chat rooms

Read more less

Book SynopsisThis book is concerned with the nature of computer misuse and the legal and extra-legal responses to it. It explores what is meant by the term 'computer misuse' and charts its emergence as a problem as well as its expansion in parallel with the continued progression in computing power, networking, reach and accessibility. In doing so, it surveys the attempts of the domestic criminal law to deal with some early manifestations of computer misuse and the consequent legislative passage of the Computer Misuse Act 1990. This book will be of interest to students of IT law as well as to sociologists and criminologists, and those who have a professional concern with preventing computer misuse and fraud.Trade Review'Provides a comprehensive, valuable and timely critical review of the legal and extra-legal governance of computer misuse.' − Professor Martin Wasik CBE, Keele UniversityTable of Contents1. Introduction Part 1: Constructing the Problem of Computer Misuse 2. The Emergence of the Problem of Computer Misuse 3. The Evolution of the Problem of Computer Misuse 4. Computer Misuse and the Criminal Law Part 2: The Governance of Computer Misuse 5. The Risk of Computer Misuse and its Governance 6. The Legal Governance of Computer Misuse: Beyond the Domestic Criminal Law 7. The Extra-legal Governance of Computer Misuse Part 3: Examining the Solution 8. The Constellation of Control

Read more less

Book Synopsis'Cyber war is coming,' announced a landmark RAND report in 1993. In 2005, the U.S. Air Force boasted it would now fly, fight, and win in cyberspace, the 'fifth domain' of warfare. This book takes stock, twenty years on: is cyber war really coming? Has war indeed entered the fifth domain?Cyber War Will Not Take Place cuts through the hype and takes a fresh look at cyber security. Thomas Rid argues that the focus on war and winning distracts from the real challenge of cyberspace: non-violent confrontation that may rival or even replace violence in surprising ways.The threat consists of three different vectors: espionage, sabotage, and subversion. The author traces the most significant hacks and attacks, exploring the full spectrum of case studies from the shadowy world of computer espionage and weaponised code. With a mix of technical detail and rigorous political analysis, the book explores some key questions: What are cyber weapons? How have they changed the meaning of violence? How likely and how dangerous is crowd-sourced subversive activity? Why has there never been a lethal cyber attack against a country's critical infrastructure?How serious is the threat of 'pure' cyber espionage, of exfiltrating data without infiltrating humans first? And who is most vulnerable: which countries, industries, individuals?Trade ReviewIn Cyber War Will Not Take Place, Thomas Rid throws a well-timed bucket of cold water on an increasingly alarmist debate. Just as strategic bombing never fulfilled its promise, and even air power at its apogee -- Kosovo in 1999, or Libya two years ago -- only worked with old-fashioned boots on the ground, Rid argues that the promise of cyber war is equally illusory... What Rid does, with great skill, is to pivot the discussion away from cyber war and towards cyber weapons.' -Financial Times; 'Thomas Rid is one of Britain's leading authorities on, and sceptics about, cyber-warfare. His provocatively titled book attacks the hype and mystique about sabotage, espionage, subversion and other mischief on the internet. Rid agrees that these present urgent security problems but he dislikes talk of "warfare" and the militarisation of the debate about dangers in cyberspace. Computer code can do lots of things, but it is not a weapon of war.' - The Economist; 'This book will be welcomed by all those who have struggled to get the measure of the cyber-war threat. As Thomas Rid takes on the digital doomsters he also provides a comprehensive, authoritative and sophisticated analysis of the strategic quandaries created by the new technologies.' -Sir Lawrence Freedman, Professor of War Studies, King's College London

Read more less

Book Synopsis

Read more less

Book SynopsisThis book articulates how crime prevention research and practice can be reimagined for an increasingly digital world. This ground-breaking work explores how criminology can apply longstanding, traditional crime prevention techniques to the digital realm. It provides an overview of the key principles, concepts and research literature associated with crime prevention, and discusses the interventions most commonly applied to crime problems. The authors review the theoretical underpinnings of these and analyses evidence for their efficacy. Cybercrime Prevention is split into three sections which examine primary prevention, secondary prevention and tertiary prevention. It provides a thorough discussion of what works and what does not, and offers a formulaic account of how traditional crime prevention interventions can be reimagined to apply to the digital realm. Trade Review Table of ContentsSeries Editor PrefaceCHAPTER 1: SETTING THE SCENEIntroductionApproaches to crime preventionFactors associated with cyber-dependent offendingParameters of the reviewOverview of the bookReferencesPART I: PRIMARY FORMS OF PREVENTIONCHAPTER 2: SITUATIONAL CRIME PREVENTIONIntroductionTheoretical underpinnings of the interventionCurrent applicationsEvidence base for the interventionFuture applications and adaptations to digital contextsReferencesCHAPTER 3: UNIVERSAL COMMUNICATION STRATEGIESIntroductionTheoretical underpinnings of the interventionCurrent applicationsEvidence base for interventionFuture applications and adaptations to digital contextsReferencesPART II: SECONDARY FORMS OF PREVENTIONCHAPTER 4: EDUCATIONAL WORKSHOPSIntroductionTheoretical underpinnings of the interventionCurrent applicationsEvidence base for interventionFuture applications and adaptations to digital contextsReferencesCHAPTER 5: MENTORING PROGRAMSIntroductionTheoretical underpinnings of the interventionCurrent applicationsEvidence base for the interventionFuture applications and adaptations to digital contextsReferencesCHAPTER 6: TARGETED WARNINGS AND POLICE CAUTIONSIntroductionTheoretical underpinnings of the interventionCurrent applicationsEvidence base for the interventionFuture applications and adaptations to digital contextsReferencesPART III: TERTIARY FORMS OF PREVENTIONCHAPTER 7: POSITIVE DIVERSIONSIntroductionTheoretical underpinnings of the interventionCurrent applicationsEvidence base for interventionFuture applications and adaptations to digital contextsReferencesCHAPTER 8: RESTORATIVE JUSTICEIntroductionTheoretical underpinnings of the interventionCurrent applicationsEvidence base for interventionFuture applications and adaptations to digital contextsReferencesCHAPTER 9: DESIGNING AND EVALUATING CRIME PREVENTION SOLUTIONS FOR THE DIGITAL AGENavigating the cybercrime intervention minefieldSelecting the appropriate study designSourcing the best possible dataBeing attentive to ethical issuesAcknowledging generalisability concernsCharting a path forward for researchers and practitionersReferences

Read more less

Book SynopsisThe first section of this book addresses the evolution of CISO (chief information security officer) leadership, with the most mature CISOs combining strong business and technical leadership skills. CISOs can now add significant value when they possess an advanced understanding of cutting-edge security technologies to address the risks from the nearly universal operational dependence of enterprises on the cloud, the Internet, hybrid networks, and third-party technologies demonstrated in this book. In our new cyber threat-saturated world, CISOs have begun to show their market value. Wall Street is more likely to reward companies with good cybersecurity track records with higher stock valuations. To ensure that security is always a foremost concern in business decisions, CISOs should have a seat on corporate boards, and CISOs should be involved from beginning to end in the process of adopting enterprise technologies.The second and third sections of this book focus on building strong security teams, and exercising prudence in cybersecurity. CISOs can foster cultures of respect through careful consideration of the biases inherent in the socio-linguistic frameworks shaping our workplace language and through the cultivation of cyber exceptionalism. CISOs should leave no stone unturned in seeking out people with unique abilities, skills, and experience, and encourage career planning and development, in order to build and retain a strong talent pool. The lessons of the breach of physical security at the US Capitol, the hack back trend, and CISO legal liability stemming from network and data breaches all reveal the importance of good judgment and the necessity of taking proactive stances on preventative measures. This book will target security and IT engineers, administrators and developers, CIOs, CTOs, CISOs, and CFOs. Risk personnel, CROs, IT, security auditors and security researchers will also find this book useful.Table of ContentsCISOs – Leading from the front!.- More CISOs on Corporate Boards.- Cyber program turnaround by a new CISO.- CISOs - the next step!.- CISO Maturity Model.- CISO guidance on some Emerging and Disruptive Technologies.- See Something, Do Something.- My journey as a writer.- Defensive measures in the wake of the SolarWinds fallout.- Cyber Exceptionalism.- Special Needs, Disability, and Cybersecurity: often, a great fit.- Bias-free lexicon.- The grass is not always greener on the other side.- Let not any outage go to waste.- If you can’t hire them, then develop them.- Should you accept Counteroffers?.- Importance of 1:1 Conversations.- The Cyber Hygiene Mantra.- Cybersecurity lessons from the breach of physical security at US Capitol building.- Protect society, the commonwealth, and the infrastructure - post COVID-19.- Self-Service Recovery Options for Bricked Windows Devices.- Certification and Accreditation.- Hack back or not.- CISOs need Liability Protection.- Enable Secure work-from-home.

Read more less

Book SynopsisUm einen Hacker zu überlisten, müssen Sie sich in dessen Denkweise hineinversetzen. Deshalb lernen Sie mit diesem Buch, wie ein Bösewicht zu denken. Der Fachmann für IT-Sicherheit Kevin Beaver teilt mit Ihnen sein Wissen über Penetrationstests und typische Schwachstellen in IT-Systemen. Er zeigt Ihnen, wo Ihre Systeme verwundbar sein könnten, sodass Sie im Rennen um die IT-Sicherheit die Nase vorn behalten. Denn nur wenn Sie die Schwachstellen in Ihren Systemen kennen, können Sie sich richtig dagegen schützen und die Hacker kommen bei Ihnen nicht zum Zug! Table of ContentsÜber den Autor 9 Einführung 23 Über dieses Buch 24 Törichte Annahmen über den Leser 24 Symbole, die in diesem Buch verwendet werden 25 Wie es weitergeht 25 Teil I: Den Grundstock für Sicherheitstests legen 27 Kapitel 1 Einführung in Schwachstellen- und Penetrationstests 29 Begriffserklärungen 29 »Hacker« 30 »Böswillige Benutzer« 31 Wie aus arglistigen Angreifern ethische Hacker werden 32 Ethisches Hacken im Vergleich zur Auditierung 32 Betrachtungen zu Richtlinien 33 Compliance und regulatorische Aspekte 33 Warum eigene Systeme hacken? 33 Die Gefahren verstehen, denen Ihre Systeme ausgesetzt sind 34 Nicht-technische Angriffe 35 Angriffe auf Netzwerkinfrastrukturen 35 Angriffe auf Betriebssysteme 36 Angriffe auf Anwendungen und spezielle Funktionen 36 Prinzipien bei Sicherheitsbewertungen 36 Ethisch arbeiten 37 Die Privatsphäre respektieren 37 Bringen Sie Ihre Systeme nicht zum Absturz 38 Die Arbeitsabläufe bei Schwachstellen- und Penetrationstests 38 Die Planformulierung 39 Die Auswahl von Werkzeugen 41 Planumsetzung 43 Ergebnisauswertung 43 Wie es weitergeht 44 Kapitel 2 Die Denkweise von Hackern nachvollziehen 45 Ihre Gegenspieler 45 Wer in Computersysteme einbricht 48 Hacker mit unterschiedlichen Fähigkeiten 48 Die Motivation der Hacker 49 Warum machen sie das? 50 Angriffe planen und ausführen 53 Anonymität wahren 55 Kapitel 3 Einen Plan für Ihre Sicherheitstests entwickeln 57 Zielsetzungen festlegen 57 Festlegen, welche Systeme getestet werden sollen 60 Teststandards formulieren 62 Zeitpläne für Ihre Tests festlegen 63 Spezifische Tests ausführen 63 Tests blind oder mit Hintergrundwissen durchführen 65 Standortauswahl 65 Auf entdeckte Schwachstellen reagieren 66 Törichte Annahmen 66 Werkzeuge für Sicherheitsgutachten auswählen 67 Kapitel 4 Die Methodik des Hackens 69 Die Bühne für das Testen vorbereiten 69 Sehen, was andere sehen 71 Systeme scannen 72 Hosts 73 Offene Ports 73 Feststellen, was über offene Ports läuft 74 Schwachstellen bewerten 76 In das System eindringen 78 Teil II: Erste Sicherheitstests durchführen 79 Kapitel 5 Daten sammeln 81 Öffentlich verfügbare Daten sammeln 81 Soziale Medien 81 Suche im Web 82 Webcrawler 83 Websites 84 Netzwerkstrukturen abbilden 84 Whois 85 Datenschutzrichtlinien 86 Kapitel 6 Social Engineering 87 Eine Einführung in Social Engineering 87 Erste Tests im Social Engineering 88 Warum Social Engineering für Angriffe genutzt wird 89 Die Auswirkungen verstehen 90 Vertrauen aufbauen 91 Die Beziehung ausnutzen 92 Social-Engineering-Angriffe durchführen 94 Ein Ziel festlegen 95 Informationen suchen 95 Maßnahmen gegen Social Engineering 99 Richtlinien 99 Aufmerksamkeit und Schulung der Nutzer 100 Kapitel 7 Physische Sicherheit 103 Grundlegende physische Sicherheitsschwachstellen identifizieren 104 Physische Schwachstellen in den eigenen Büros aufspüren 105 Gebäudeinfrastruktur 105 Versorgung 107 Raumgestaltung und Nutzung der Büros 108 Netzwerkkomponenten und Computer 110 Kapitel 8 Kennwörter 115 Schwachstellen bei Kennwörtern verstehen 116 Organisatorische Schwachstellen von Kennwörtern 116 Technische Schwachstellen bei Kennwörtern 117 Kennwörter knacken 118 Kennwörter auf herkömmliche Weise knacken 118 Kennwörter technisch anspruchsvoll ermitteln 121 Kennwortgeschützte Dateien knacken 130 Weitere Optionen, an Kennwörter zu gelangen 132 Mit schlechten Kennwörtern ins Unheil 136 Allgemeine Gegenmaßnahmen beim Knacken von Kennwörtern 137 Kennwörter speichern 138 Kennwortrichtlinien erstellen 138 Andere Gegenmaßnahmen ergreifen 140 Betriebssysteme sichern 141 Windows 141 Linux und Unix 142 Teil III: Netzwerkhosts hacken 143 Kapitel 9 Netzwerkinfrastruktur 145 Schwachstellen der Netzwerkinfrastruktur 146 Werkzeuge auswählen 147 Scanner und Analysatoren 147 Schwachstellenbestimmung 148 Das Netzwerk scannen und durchwühlen 148 Portscans 149 SNMP scannen 155 Banner-Grabbing 157 Firewall-Regeln testen 158 Netzwerkdaten untersuchen 160 Der Angriff auf die MAC-Adresse 166 Denial-of-Service-Angriffe testen 173 Bekannte Schwachstellen von Routern, Switches und Firewalls erkennen 175 Unsichere Schnittstellen ermitteln 175 Aspekte der Preisgabe von Daten durch SSL und TLS 176 Einen allgemeinen Netzwerkverteidigungswall einrichten 176 Kapitel 10 Drahtlose Netzwerke 179 Die Folgen von WLAN-Schwachstellen verstehen 180 Die Auswahl Ihrer Werkzeuge 180 Drahtlose Netzwerke aufspüren 182 Sie werden weltweit erkannt 182 Lokale Funkwellen absuchen 183 Angriffe auf WLANs erkennen und Gegenmaßnahmen ergreifen 185 Verschlüsselter Datenverkehr 187 Wi-Fi Protected Setup 193 Die drahtlosen Geräte von Schurken 195 MAC-Spoofing 200 Physische Sicherheitsprobleme 204 Angreifbare WLAN-Arbeitsstationen 205 Kapitel 11 Mobilgeräte 207 Schwachstellen von Mobilgeräten abschätzen 207 Kennwörter von Laptops knacken 208 Auswahl der Werkzeuge 208 Gegenmaßnahmen anwenden 213 Telefone, Smartphones und Tablets knacken 214 iOS-Kennwörter knacken 215 Display-Sperre bei Android-Geräten einrichten 219 Maßnahmen gegen das Knacken von Kennwörtern 219 Teil IV: Betriebssysteme hacken 221 Kapitel 12 Windows 223 Windows-Schwachstellen 224 Werkzeugauswahl 225 Kostenlose Microsoft-Werkzeuge 225 Komplettlösungen 226 Aufgabenspezifische Werkzeuge 226 Daten über Ihre Windows-Systemschwachstellen sammeln 227 Das System untersuchen 227 NetBIOS 230 Null-Sessions entdecken 233 Zuordnung, auch Mapping oder Einhängen 233 Informationen sammeln 234 Maßnahmen gegen Null-Session-Hacks 236 Freigabeberechtigungen überprüfen 237 Windows-Vorgaben 237 Testen 238 Fehlende Patches nutzen 239 Metasploit verwenden 241 Maßnahmen gegen das Ausnutzen fehlender Patches 245 Authentifizierte Scans ablaufen lassen 247 Kapitel 13 Linux und macOS 249 Linux-Schwachstellen verstehen 250 Werkzeugauswahl 250 Daten über Ihre System-Schwachstellen unter Linux und macOS sammeln 251 Das System durchsuchen 251 Maßnahmen gegen das Scannen des Systems 255 Nicht benötigte und unsichere Dienste ermitteln 256 Suchläufe 256 Maßnahmen gegen Angriffe auf nicht benötigte Dienste 258 Die Dateien .rhosts und hosts.equiv schützen 260 Hacks, die die Dateien hosts.equiv und .rhosts verwenden 261 Maßnahmen gegen Angriffe auf die Dateien .rhosts und hosts.equiv 262 Die Sicherheit von NFS überprüfen 263 NFS-Hacks 263 Maßnahmen gegen Angriffe auf NFS 264 Dateiberechtigungen überprüfen 264 Das Hacken von Dateiberechtigungen 264 Maßnahmen gegen Angriffe auf Dateiberechtigungen 265 Schwachstellen für Pufferüberläufe finden 266 Angriffe 266 Maßnahmen gegen Buffer-Overflow-Angriffe 266 Physische Sicherheitsmaßnahmen überprüfen 267 Physische Hacks 267 Maßnahmen gegen physische Angriffe auf die Sicherheit 267 Allgemeine Sicherheitstests durchführen 268 Sicherheitsaktualisierungen für Linux 269 Aktualisierungen der Distributionen 270 Update-Manager für mehrere Plattformen 270 Teil V: Anwendungen hacken 271 Kapitel 14 Kommunikations- und Benachrichtigungssysteme 273 Grundlagen der Schwachstellen bei Messaging-Systemen 273 Erkennung und Abwehr von E-Mail-Angriffen 274 E-Mail-Bomben 274 Banner 278 SMTP-Angriffe 280 Die besten Verfahren, Risiken bei E-Mails zu minimieren 290 Voice over IP verstehen 292 VoIP-Schwachstellen 292 Maßnahmen gegen VoIP-Schwachstellen 296 Kapitel 15 Webanwendungen und Apps für Mobilgeräte 299 Die Werkzeuge für Webanwendungen auswählen 300 Web-Schwachstellen auffinden 301 Verzeichnis traversieren 301 Maßnahmen gegen Directory Traversals 305 Eingabe-Filter-Angriffe 305 Maßnehmen gegen Eingabeangriffe 313 Angriffe auf Standardskripte 314 Maßnahmen gegen Angriffe auf Standardskripte 315 Unsichere Anmeldeverfahren 316 Maßnahmen gegen unsichere Anmeldesysteme 319 Allgemeine Sicherheitsscans bei Webanwendungen durchführen 320 Risiken bei der Websicherheit minimieren 321 Sicherheit durch Obskurität 321 Firewalls einrichten 322 Quellcode analysieren 323 Schwachstellen von Apps für Mobilgeräte aufspüren 323 Kapitel 16 Datenbanken und Speichersysteme 325 Datenbanken untersuchen 325 Werkzeuge wählen 326 Datenbanken im Netzwerk finden 326 Datenbankkennwörter knacken 327 Datenbanken nach Schwachstellen durchsuchen 329 Bewährte Vorkehrungen zur Minimierung der icherheitsrisiken bei Datenbanken 329 Sicherheit für Speichersysteme 330 Werkzeuge wählen 331 Speichersysteme im Netzwerk finden 331 Sensiblen Text in Netzwerkdateien aufspüren 332 Bewährte Vorgehensweisen zur Minimierung von Sicherheitsrisiken bei der Datenspeicherung 335 Teil VI: Aufgaben nach den Sicherheitstests 337 Kapitel 17 Die Ergebnisse präsentieren 339 Die Ergebnisse zusammenführen 339 Schwachstellen Prioritäten zuweisen 341 Berichterstellung 342 Kapitel 18 Sicherheitslücken beseitigen 345 Berichte zu Maßnahmen werden lassen 345 Patchen für Perfektionisten 346 Patch-Verwaltung 347 Patch-Automatisierung 347 Systeme härten 348 Die Sicherheitsinfrastrukturen prüfen 349 Kapitel 19 Sicherheitsprozesse verwalten 351 Den Prozess der Sicherheitsbestimmung automatisieren 351 Bösartige Nutzung überwachen 352 Sicherheitsprüfungen auslagern 354 Die sicherheitsbewusste Einstellung 356 Auch andere Sicherheitsmaßnahmen nicht vernachlässigen 357 Teil VII: Der Top-Ten-Teil 359 Kapitel 20 Zehn Tipps für die Unterstützung der Geschäftsleitung 361 Sorgen Sie für Verbündete und Geldgeber 361 Geben Sie nicht den Aufschneider 361 Zeigen Sie, warum es sich das Unternehmen nicht leisten kann, gehackt zu werden 362 Betonen Sie allgemeine Vorteile der Sicherheitstests 363 Zeigen Sie, wie insbesondere Sicherheitstests Ihrem Unternehmen helfen 363 Engagieren Sie sich für das Unternehmen 364 Zeigen Sie sich glaubwürdig 364 Reden Sie wie ein Manager 364 Demonstrieren Sie den Wert Ihrer Anstrengungen 365 Seien Sie flexibel und anpassungsfähig 365 Kapitel 21 Zehn Gründe, warum nur Hacken effective Tests ermöglicht 367 Die Schurken hegen böse Absichten, nutzen beste Werkzeuge und entwickeln neue Methoden 367 Einhaltung von Vorschriften und Regeln bedeutet in der IT mehr als Prüfungen mit anspruchsvollen Checklisten 367 Schwachstellen- und Penetrationstests ergänzen Audits und Sicherheitsbewertungen 368 Kunden und Partner interessiert die Sicherheit Ihrer Systeme 368 Das Gesetz des Durchschnitts arbeitet gegen Ihr Unternehmen 368 Sicherheitsprüfungen verbessern das Verständnis für geschäftliche Bedrohungen 369 Bei Einbrüchen können Sie auf etwas zurückgreifen 369 Intensive Tests enthüllen die schlechten Seiten Ihrer Systeme 370 Sie sind auf die Vorteile kombinierter Schwachstellen- und Penetrationstests angewiesen 370 Sorgfältiges Testen kann Schwachstellen aufdecken, die ansonsten vielleicht lange übersehen worden wären 370 Kapitel 22 Zehn tödliche Fehler 371 Keine Genehmigung vorab einholen 371 Davon ausgehen, dass im Testverlauf alle Schwachstellen gefunden werden 371 Anzunehmen, alle Sicherheitslöcher beseitigen zu können 372 Tests nur einmal ausführen 372 Glauben, alles zu wissen 372 Tests nicht aus der Sicht von Hackern betrachten 373 Die falschen Systeme testen 373 Nicht die richtigen Werkzeuge verwenden 373 Sich zur falschen Zeit mit Produktivsystemen befassen 374 Tests Dritten überlassen und sich dann nicht weiter darum kümmern 374 Kapitel 23 Anhang: Werkzeuge und Ressourcen 375 Allgemeine Hilfen 375 Anspruchsvolle Malware 376 Bluetooth 376 Datenbanken 376 DoS-Schutz (Denial of Service) 377 Drahtlose Netzwerke 377 Exploits 378 Gesetze und Vorschriften 378 Hacker-Zeugs 378 Kennwörter knacken 378 Keylogger 379 Linux 379 Live-Toolkits 380 Messaging 380 Mobil 380 Netzwerke 381 Patch-Management 382 Protokollanalyse 383 Quellcode-Analyse 383 Schwachstellendatenbanken 383 Social Engineering und Phishing 384 Speicherung 384 Systeme härten 384 Verschiedenes 384 Voice over IP 385 Wachsamkeit der Benutzer 385 Websites und Webanwendungen 385 Windows 386 WLAN 386 Wörterbuchdateien und Wortlisten 387 Zertifizierungen 388 Stichwortverzeichnis 389

Read more less

Book SynopsisCyber attacks and IT breakdowns threaten every organization. The incidents accumulate and often form the prelude to complex, existence-threatening crises. This book helps not only to manage them, but also to prepare for and prevent cyber crises. Structured in a practical manner, it is ideally suited for crisis team members, communicators, security, IT and data protection experts on a day-to-day basis. With numerous illustrations and checklists.This book is a translation of the original German 1st edition Cyber Crisis Management by Holger Kaschner, published by Springer Fachmedien Wiesbaden GmbH, part of Springer Nature in 2020. The translation was done with the help of artificial intelligence (machine translation by the service DeepL.com). A subsequent human revision was done primarily in terms of content, so that the book will read stylistically differently from a conventional translation. Springer Nature works continuously to further the development of tools for the production of books and on the related technologies to support the authors.Table of Contents- Textbook cyber crises - First things first: the human factor in (cyber) crisis management - Cyber Crisis Response - Crisis Preparation - Cyber Crisis Prevention - Post Crisis Care: post-crisis care and follow-up - At a glance: Seven Deadly Sins of Cyber Crisis Management.

Read more less

Book Synopsis

Read more less

Book Synopsis

Read more less