Home Podcasts Videos Guest Posts Q&A My Take Bio Contact

Book Excerpts


GUEST ESSAY: The true cost of complacency, when it comes to protecting data, content

By John Safa

Facebook was lucky when the Information Commissioner’s Office (ICO)—the UK’s independent authority set up to uphold information rights in the public interest—hit the U.S. social media company with a £500,000 fine.

Related: Zuckerberg’s mea culpa rings hollow

This penalty was in connection with Facebook harvesting user data, over the course of seven years — between 2007 and 2014. This user data became part of the now infamous Cambridge Analytica scandal.

Facebook was very lucky, indeed, that its misdeeds happened before May 25, 2018. On that date, the EU General Data Protection Regulation (GDPR) came into force.

If its violation had happened after that, the fine could have been up to £17 million or 4 percent of global turnover. Yet, even with the prospect of stupendously steep fines hanging over the heads, insecure enterprises still don’t grasp the true cost of data privacy complacency.

According to research by one law firm, pre-GDPR regulatory fines had almost doubled, on average, between 2017 and 2018, up from £73,191 to £146,412. Those figures pale when stacked against the potential bottom line impact that now exists. …more

MY TAKE: Once upon a time, circa 2003-2004, botnets emerged as the engine of cybercrime

By Byron V. Acohido

Betty Carty figured she ought to be in the digital fast lane.

Last Christmas, Carty purchased a Dell desktop computer, then signed up for a Comcast high-speed Internet connection. But her new Windows XP machine crashed frequently and would only plod across the Internet.

(Editor’s note: This 2,200 word article was originally published, Sept. 8, 2004,  in print form as a USA TODAY Money section cover story, part of one of a three part series on the emergence of botnets for systemic criminal use. Botnets are today much larger, stealthier and more sophisticated. They actually pivot off cloud-based services — and they continue to be the engine that drives most forms of Internet-centric hacking.)

Dell was no help. The PC maker insisted — correctly — that Carty’s hardware worked fine.

But in June, Comcast curtailed Carty’s outbound e-mail privileges after pinpointing her PC as a major source of e-mail spam. An intruder had turned Carty’s PC into a “zombie,” spreading as many as 70,000 pieces of e-mail spam a day.

Related article: The care and feeding of botnets in 2017

The soft-spoken Carty, 54, a grandmother of three from southern New Jersey, was flabbergasted. “Someone had broken into my computer,” she says.

Since early 2003, wave after wave of infectious programs have begun to saturate the Internet, causing the number of PCs hijacked by hackers and turned into so-called zombies to soar into the millions — mostly in homes like Carty’s, at small businesses and on college campuses. And, much like zombies of voodoo legend, they mindlessly do the bidding of their masters and help commit crimes online.

Personal computers have never been more powerful — and dangerous. Just as millions of Americans are buying new PCs and signing up for ultrafast Internet connections, cybercrooks are stepping up schemes to take control of their machines — and most consumers don’t have a clue.

“We thought things were bad in 2003, but we’ve seen a sharp uptick in 2004. I’m worried things will get much worse,” says Ed Skoudis, co-founder of consulting firm Intelguardians

Carty’s PC could have been taken over in myriad ways. She could have been fooled into opening a virus-infected e-mail. She might have innocently surfed to a Web page bristling with contagious code. Or she may have done nothing at all. One of dozens of network worms, voracious, self-replicating programs that pinball around the Web searching for security holes in Windows PCs, may have found one on her new PC. …more

VIDEO: Can Shape Security revolutionize Web defense?

By Byron V. Acohido

Shape Security. Remember that name. The Silicon Valley start-up emerged from stealth mode this morning to publicly unveil details of its plan to revolutionize cybersecurity.

If Shape can deliver, its technology could radically disrupt the engine that drives cybercrime: botnets.

Related video: Shape Security creates first “botwall’

A botnet is a sprawling network of thousands of infected PCs or Web servers, referred to as bots. The top dozen or so cybercriminal rings command massive botnets honed to automate and scale up the delivery of spam scams, the carrying out of denial-of-service attacks, the booby-trapping of legit websites and the hijacking of online financial accounts.

Botnets can’t be stopped largely because the bad guys have mastered a technique, called polymorphism, by which they continually …more

The Internet’s 40th anniversary timeline of milestones

The Associated Press and Symantec have each compiled timelines to mark the 40th anniversary of the creation of the Internet. The compilation below begins with LastWatchdog’s description of the current threat landscape. Combined and supplementing the timelines reveal how a military grade experiment, designed with an open architecture that preserves s anonymity, evolved into a global force, embraced with equal fervor by corporations, braggarts and criminals.

Summer of 2009: Bad URLs swamp the Internet. Through the first half of 2009, IBM’s X-Force team tracks a 508% leap in the number of new malicious Web links versus the first half of 2008. Most bad links function as relays to other Web pages …more

Hacking for bragging rights gives way to hacking for ill-gotten profits

Book Excerpt
Chapter 1-Built For Speed
Pages 14- 21
Zero Day Threat: The Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity

ISBN- 13: 978-1-4027-5695-5

White Hats, Black Hats, Gray Hats


The year is 1999-the close of the twentieth century. “Livin’ la Vida Loca,” Harry Potter, and The Blair Witch Project dominate pop culture. John F. Kennedy, Jr., piloting a small plane to a Martha’s Vineyard wedding, crashes; his wife, her sister, and he die in the tragic accident. Major news organizations hype what turns out to be an inert Y2K threat. Antitrust regulators bear down on Microsoft for using illegal monopolistic practices, while tech darlings …more

Seeking to impress his girlfriend, Samy worm creator introduces huge new attack surface

Book Excerpt
Chapter 15
Pages 189-196
Zero Day Threat: The Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity

ISBN- 13: 978-1-4027-5695-5

Silly Samy

In another sort of counterintuitive development, a vast new sector opened up where cybercriminals could roam, but it did not derive from the work of a brilliant, handsomely paid mercenary programmer. It blossomed thanks to a popularity-starved script kiddie from Los Angeles, nicknamed Samy, who at age nineteen had too much free time on his hands.

Samy was one of the 32 million denizens-including a good many teenagers and adolescents-who populated the MySpace social networking site. MySpace used a hot new technology called AJAX, which stands …more

How hacker wannabes become profit-driven cyberthieves

Book Excerpt
Chapter 4
Pages 46- 49
Zero Day Threat: The Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity

ISBN- 13: 978-1-4027-5695-5

Self-anointed Avenger
Fall 2003, Edmonton

Socrates at the Beverly Motel, Edmonton

The oldest of three children in a stable, churchgoing family, Socrates recalls getting hooked on computers as a young kid. Introverted, soft-spoken, and respectful of his parents, Socrates taught himself about all things digital. He became savvy enough around computers to land a job as a technical engineering draftsman not long after graduating from high school. He earned enough to get himself an apartment and buy a state-of-the-art desktop …more