Fancy Bear goes phishing The dark history of the information age, in five extraordinary hacks

Ingenious coding, buggy software, and gullibility take the spotlight in this colorful retrospective of hacking. Shapiro (Legality), director of the cybersecurity lab at Yale's Center for Law and Philosophy, revisits spectacular computer intrusions and the characters responsible for them, including a Cornell grad student's 1988 experiment gone awry that crashed the fledgling internet; the battle of wits between Bulgarian hacker Dark Avenger and the computer scientist who worked to defeat his destructive viruses; a Boston 16-year-old's hacking of nude photos from Paris Hilton's cellphone; and the exposure of Democratic National Committee emails during the 2016 U.S. presidential election by the Russian military's Fancy Bear hacking team. He emphasizes the human forces behind the technology, describing the callow malevolence of hackers, the cognitive blind spots that phishing attacks manipulate to get people to click on bogus email links, and the reluctance of profit-hungry corporate executives to pay for cybersecurity. Shapiro's snappy prose manages the extraordinary feat of describing hackers' intricate coding tactics and the flaws they exploit in a way that is accessible and captivating even to readers who don't know Python from JavaScript. The result is a fascinating look at the anarchic side of cyberspace. (May)

A cybersecurity expert delves into the mechanics, psychology, and impact of computer hacking. Shapiro, a professor at Yale Law School and director of Yale's Center for Law and Philosophy and its CyberSecurity Lab, is well situated to explore the downside of the internet. In his latest book, the author looks at some famous cases and players in the shadowy archives of hacking--e.g., when a graduate student accidentally crashed the internet in the 1980s; the invention of the first mutating computer-virus engine by a Bulgarian with the handle Dark Avenger; and Fancy Bear, a group probably affiliated with Russian military intelligence, which broke into the Democratic National Committee system in 2016. Each of these illustrated a technical aspect of hacking, but taken together, they show the breadth of motivations. While some hacks are for money and espionage, most Americans hackers are young men who arrived at it through online game forums and started to do it for the technical challenge and to earn the respect of their peers. This profiling raises the possibility of early identification and recruitment into the cybersecurity side. However, Shapiro believes that hackers will always be a step ahead and that a "constant patch-and-pray" strategy will eventually lose. Instead, writes the author, cybersecurity measures must be built into computer systems from an early stage. As a possible template, he points to recent legislation in California that requires "devices connected to the internet sold or offered for sale in [the state] to have 'reasonable security features.' " Another avenue is to require corporations to report about their policies to manage cybersecurity risks. These are good ideas, but one suspects that the devil will be in the implementation details. Overall, this is an engrossing read, although there are parts that are dauntingly technical. Shapiro gives readers plenty to think about the next time they turn on their computers. An authoritative, disturbing examination of hacking, cybercrime, and techno-espionage. Copyright (c) Kirkus Reviews, used with permission.