What are the facts behind the cyberattacks that regularly hit the news headlines? Although the technology keeps changing, the principles behind the hacks remain remarkably consistent. This book provides a lively illustration of the manifold techniques with which both criminals and secret services infiltrate other people’s computers, accessing and sometimes manipulating their data.
Starting with the basics and shunning superfluous technical information, it describes hacking procedures in just enough detail to leave the reader with an accurate sense of how they work and backs up the explanations with engaging accounts of past attacks on companies, governments and individuals. The topics covered include:
Contents
I. SECRETS
The Caesar cipher and the Sicilian Mafia • Recording the enciphered text • The ‘Ndrangheta and the San Luca code • Running keys • One-time pads and the Venona project • The Enigma machine • The Bletchley Park project • Block-based encryption methods • Initialization vectors • Encrypting streams of information • Private and public keys • The NSA and Perfect Forward Secrecy • Steganography and the Al-Qaeda porn video • The Navajo code talkers and Bernardo Provenzano again • Encryption standards • Quantum computing • Bullrun • Secret encryption methods • Government restrictions on encryption
II. PROGRAMS
Malware: viruses and worms • Evolutionary theory applied to the virtual world • Spying with rootkits • Ransomware: Love Letter and CryptoLocker • HummingBad and botnets • Drive-by downloads and key loggers • The fuzzy line between malware and useful software • Prosumware • Zero-days and other vulnerabilities • Buffer overflows, Code Red and Homebrew Wii • Heartbleed • Sneaking commands into input data • Cross-site scripting and Lionaneesh • Viral tweets • Cookies and tokens • SQL injection • LinkedIn and TalkTalk • Why so many companies fall victim
III. IDENTITIES
Brute force and UK phone mailboxes • Sony Pictures • Password hashes • Rainbow tables • Salts • Work factors • Timing attacks • Cross-site request forgery and Facebook profiles • Security questions • Initial passwords • Permissive Action Links • Home router default passwords • Biometric identification • E-passports • Keeping biometrics safe • Something you have and banking scams • Secure tokens • Something only you have, EMV and chipTAN • Certificates • Phishing, spear phishing and whaling • Extended validation and free certificate services • Certificate revocation
IV. MESSAGES
Smurf, Fraggle and the Ping of Death • Firewalls, DDoS attacks and Anonymous • Protocols and covert channels • DNS and the Banamex attack • Cache poisoning • The Kaminsky vulnerability • DNSSEC • Fast flux and the Storm Worm • Georestrictions • Traffic analysis • Onion routing and Tor • Sybil attacks, jurisdictional arbitrage and leaky pipes • Tracking down Tor users • U.S. election hacking allegations • Hidden services, introductions and rendezvous points • Demasking hidden services • Blockchain, Bitcoin and Ethereum • AlphaBay, Silk Road and the Dread Pirate Roberts • The evil side of the dark web
V. OBJECTS
Local networks, Wi-Fi and sniffing • TURMOIL, TURBINE and FOXACID • MAC addresses, local IP addresses and ARP spoofing • IP version 4, IP version 6 and the Carna botnet • Quantum key distribution • Tricking the quantum sensors • COTTONMOUTH, TEMPEST and electrosmog • Keypads and USB sticks • Social engineering • Self-destructing peripherals and Stuxnet • Cyberwar, electricity grids and nuclear power stations • Nuclear weapons • EternalBlue, WannaCry and HMS Queen Elizabeth • NotPetya • The Internet of Things and My Friend Cayla • Baby monitors and Weeping Angel • Vehicles, key fobs and remote carjacking
About the author
Richard Paul Hudson studied an eclectic mix of ancient and modern European languages at Trinity College, Cambridge before embarking on a career in software development and attaining the elite CISSP computer security qualification. He now works as a Principal IT Consultant at msg systems in Munich. As a humanities graduate turned techie, he is optimally placed to explain cyberattacks and hacking to the world beyond.