Monday, February 27, 2012

From CyberCrime Fighters: Tales from the Trenches by Felicia Donovan and Kristyn Bernier



From CyberCrime Fighters: Tales from the Trenches, by Felicia Donovan and Kristyn Bernier.  Indianapolis: Pearson/ Que, 2009.  paperback, 308 pps., including index.

I picked up this "gem" while browsing at a bookstore.  The title caught my eye.  I went through it and basically found a bit of sensational writing and nothing new.  The information contained in the book about how to be safe on the internet is already out there in abundance.  The authors come out as against P3P (peer-to-peer file-sharing) and also against the use of temporary and anonymous e-mailers.  The former stance is no surprise.  The latter stance is incongruent with the message to be safe from the bad cybercrime folks and stalkers on the web.  There was one item of interest to the aspiring hacker: the authors include the urls of several businesses that sell surveillance equipment.

Felicia Donovan and Kristyn Bernier use seventeen chapters and two appendices to tell us how to be safe on the Internet and how cybercriminals allegedly operate.  The chapters include ones on spam, sexual predators, online dating, identity theft, cyberstalking, and social networking.

Chapter Three devotes itself to "Cyber Crime Tools You Won't Believe."  The subtitles are: Wi-Fi Tracking, Packet Sniffing, Bluetooth Locating, What is an I.P. Address? [oh, the LULZ], Anonymizers and Anonymous Remailers, Fake Name Generators, and False Caller I.D.  Notably missing is information on social engineering.  That might have been a really helpful thing to include in a book which assumes that the public know nothing.  But alas, not there.  Not anywhere.

I was amused to find that folks who visit sites to do some "anonymous" searching or who use temporary e-mail addys are viewed as suspicious by law enforcement personnel, (pps 40-41).  Donovan and Bernier take for granted that people who use those services are visiting kiddie porn sites or generating hateful e-mails.  No mention is made of privacy denizens who view that where they go on the web is none of the business of their I.S.P. providers and perhaps are trying out the idea of obtaining a Virtual Private Network.  [Newsflash: many of the sites offering cloaking are hoping for return business as a subscriber to their VPN service].  And I've used temporary e-mail myself in order to temporarily access sites that require e-mail addys in order to sell the addys to spammers as a way to make money or wish to target me for ads based on my consumer profile ala Google Is Evil.  And there are folks who use temporary e-mail addys for reasons of safety e.g. they are being stalked by their exes.

The chapter on P2P mentions the RIAA as being the "piracy police" for audio recordings.  The authors tell us that in 1983, the RIAA began targeting college kids using P2P to share music files.  The RIAA folks log into the P2P networks and look around.  Once they locate evidence of sharing of music files, they obtain the IPs of the computer users who are involved in such activities.  If the IPs happen to be traced to university computers, the schools co-operate by [using logs of who was using the computers at the given time probably] locating the offending students and delivering the DMCA letters to them.

As of 2008, the book says, students in receipt of a DMCA letter could opt to settle out of court to the tune of $750 dollars USD per downloaded song or face court action via an RIAA lawsuit.  The authors admit to a judicial ruling that created a setback in the lawsuits still left standing at the time of the ruling.  In Atlantic vs. Howell, it was ruled that creating a file of music to share in itself is not a copyright violation.  Besides the obvious problem of downloading viruses and malware along with the coveted files, the authors say that the P2P networks can be confounding to the average legitimate user who then risks sharing more than s/he intended to.  An example is given of a hapless business employee who did just that.   
[see:https://www.eff.org/deeplinks/2008/04/big-victory-atlantic-v-howell-court-rejects-making for more if you are interested in the ruling].

sapphoq reviews says: All of the chapters are similar to the two that I cited in terms of sensational writing and highly biased stances.  There is nothing new to be had in "From CyberCrime Fighters: Tales from the Trenches".  If you must read this book, then borrow it from the library or read it at the bookstore [like I did for this review].  Better education can be had by reading true crime books and by visiting security sites and privacy sites on the Internet.
                                   A partial list of websites which advocate for the ability for folks to use pseudonyms and why they have chosen to do so will be included in my next post.

No comments: