Cybertwists

Cybertwists_CoverWhat are the facts behind the cyberattacks that regularly hit the news headlines? Although the technology keeps changing, the principles behind the hacks remain remarkably consistent. This book provides a lively illustration of the manifold techniques with which both criminals and secret services infiltrate other people’s computers, accessing and sometimes manipulating their data.

Starting with the basics and shunning superfluous technical information, it describes hacking procedures in just enough detail to leave the reader with an accurate sense of how they work and backs up the explanations with engaging accounts of past attacks on companies, governments and individuals. The topics covered include:

  • How attackers abuse the fabric of the internet to forge messages and bring down websites
  • How viruses, worms, ransomware and individual hackers exploit loopholes in existing software
  • How blockchain enables Bitcoin, and how Bitcoin and Tor keep criminals anonymous on the dark web
  • How encryption works and how encryption methods have been cracked
  • How the Internet of Things is a hacker’s dream and cyberwar is a nation’s nightmare

Contents

I. SECRETS

The Caesar cipher and the Sicilian Mafia • Recording the enciphered text • The ‘Ndrangheta and the San Luca code • Running keys • One-time pads and the Venona project • The Enigma machine • The Bletchley Park project • Block-based encryption methods • Initialization vectors • Encrypting streams of information • Private and public keys • The NSA and Perfect Forward Secrecy • Steganography and the Al-Qaeda porn video • The Navajo code talkers and Bernardo Provenzano again • Encryption standards • Quantum computing • Bullrun • Secret encryption methods • Government restrictions on encryption

II. PROGRAMS

Malware: viruses and worms • Evolutionary theory applied to the virtual world • Spying with rootkits • Ransomware: Love Letter and CryptoLocker • HummingBad and botnets • Drive-by downloads and key loggers • The fuzzy line between malware and useful software • Prosumware • Zero-days and other vulnerabilities • Buffer overflows, Code Red and Homebrew Wii • Heartbleed • Sneaking commands into input data • Cross-site scripting and Lionaneesh • Viral tweets • Cookies and tokens • SQL injection • LinkedIn and TalkTalk • Why so many companies fall victim

III. IDENTITIES

Brute force and UK phone mailboxes • Sony Pictures • Password hashes • Rainbow tables • Salts • Work factors • Timing attacks • Cross-site request forgery and Facebook profiles • Security questions • Initial passwords • Permissive Action Links • Home router default passwords • Biometric identification • E-passports • Keeping biometrics safe • Something you have and banking scams • Secure tokens • Something only you have, EMV and chipTAN • Certificates • Phishing, spear phishing and whaling • Extended validation and free certificate services • Certificate revocation

IV. MESSAGES

Smurf, Fraggle and the Ping of Death • Firewalls, DDoS attacks and Anonymous • Protocols and covert channels • DNS and the Banamex attack • Cache poisoning • The Kaminsky vulnerability • DNSSEC • Fast flux and the Storm Worm • Georestrictions • Traffic analysis • Onion routing and Tor • Sybil attacks, jurisdictional arbitrage and leaky pipes • Tracking down Tor users • U.S. election hacking allegations • Hidden services, introductions and rendezvous points • Demasking hidden services • Blockchain, Bitcoin and Ethereum • AlphaBay, Silk Road and the Dread Pirate Roberts • The evil side of the dark web

V. OBJECTS

Local networks, Wi-Fi and sniffing • TURMOIL, TURBINE and FOXACID • MAC addresses, local IP addresses and ARP spoofing • IP version 4, IP version 6 and the Carna botnet • Quantum key distribution • Tricking the quantum sensors • COTTONMOUTH, TEMPEST and electrosmog • Keypads and USB sticks • Social engineering • Self-destructing peripherals and Stuxnet • Cyberwar, electricity grids and nuclear power stations • Nuclear weapons • EternalBlue, WannaCry and HMS Queen Elizabeth • NotPetya • The Internet of Things and My Friend Cayla • Baby monitors and Weeping Angel • Vehicles, key fobs and remote carjacking

About the author

RichardHudsonRichard Paul Hudson studied an eclectic mix of ancient and modern European languages at Trinity College, Cambridge before embarking on a career in software development and attaining the elite CISSP computer security qualification. He now works as a Principal IT Consultant at msg systems in Munich. As a humanities graduate turned techie, he is optimally placed to explain cyberattacks and hacking to the world beyond.