Publisher's Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product. In-depth counterintelligence tactics to fight cyber-espionage "A comprehensive and unparalleled overview of the topic by experts in the field."-- Slashdot Expose, pursue, and prosecute the perpetrators of advanced persistent threats (APTs) using the tested security techniques and real-world case studies featured in this one-of-a-kind guide. Reverse Organized Cyber Threat Counter-Exploitation shows how to assess your network’s vulnerabilities, zero in on targets, and effectively block intruders. Discover how to set up digital traps, misdirect and divert attackers, configure honeypots, mitigate encrypted crimeware, and identify malicious software groups. The expert authors provide full coverage of legal and ethical issues, operational vetting, and security team management.
Reverse Deception is the second book from Sean Bodmer. As the press release touts, this book is to be "... a definitive field manual for performing pro-active cyber counterintelligence against organized and persistent threats without wearing a black hat." In a full reading this book seems to be more of an introduction to Advanced Persistent Threats then an in-depth, step-by-step technical "field manual" for Counter-Exploitation. Despite this misnomer, this book does provide a valuable introduction to APT.
The first chapter starts with the "current" state of cyber threats (as of 2012 (for this edition). Most of this chapter is spent listing some of the most popular cyber operations and malware groups, and providing a quick overview of what happened and how the author categorizes them.
Chapter 2 covers the general idea of deception and uses Joint Publication 3-13.4 to specifically define Military Deception. Next the author gives examples of traditional deception and then relies on a typical tech manual crutch by providing the "Applying to Cyber" section to each category to try and relate physical warfare to cyber warfare. While I understand the author is trying to tie in a complex logical concept into something more concrete, I would argue that the audience that picks this book up will be a little more apt at understanding the concepts without having to shoehorn in some crude analogies. Next comes some history including the same "Applying to Cyber" section and then listing some better known "Maxims" of deception. Finally, some weird "Understanding the Information Picture" attempts to explain bias', optimism, and pessimism with some arbitrary, basic math. Much of this chapter is common sense for a seasoned security expert. At the very least read the section about Military Deception and skip the rest.
Chapter 3 actually starts getting into the meat, and addresses Counterintelligence from the real world and works hard at applying those principles to the cyber world in the section, unsurprisingly titled, "Applying Counterintelligence to the Cyber Realm." The value in this chapter is 1) the author lays out a plan on how to qualify an APT based on 9 categories, 2) the author provides some resources to start gathering your own intelligence, some of which are outdated by the time the author was writing this book.
Chapter 4 mangles its way through applying Criminal Profiling with cyber criminal profiling. (A quick read through is sufficient, unless you have a specific need to develop a plan for profiling all those threats your company are constantly getting hit with in which case you need a professional and not this book. This chapter could be an book in itself with it's own case studies (Cockoo's Egg style of story telling is what I would want to see here with analysis sprinkled in to really show how this process is done) but here it is not given much service with it's quick synopsis. The end of this chapter provides the reader with three (3) pages of reference material, and the majority of them are actual criminal profiling books and articles. Chapter 5 addresses dealing with lawyers (aka, read the law and involve your own lawyers early).
Chapter 6 glosses over your "Hacking Exposed" book that everyone in CompSec seems to own a copy of, provides some sort of general hierarchy/structure to malware teams, and generally shows the reader some of the tools and attack vectors that attackers use.
Chapter 7 contains four case studies with postmortems to illustrate the concepts within the addressed case study. Chapter 8 talks about tools that the security professional can use and a little synopsis about what they do, with some considerations on how to use said tool. Useful for beginners, anyone with experience can skim through this looking for some tool that they have not used yet.Chapter 9 uses the SpyEye trojan as another case study in classifying threats and to spell out various steps that were taken to detect this threat, and how the trojan works. Funny enough, this chapter seems to be the directors cut of Damballa's blog post.
From chapter 10 and on is the major selling point of the book. Chapter 10 fills out Chapter 4 with more information about profiling, and delivers more information about actual cyber-intelligence to build profiles on attackers threatening organizations. This is more of what I was expecting from the book. Being this far away from chapter 4 seems to be a disservice to the reader, but the intended audience might have needed all the extra information.
Overall, this is a decent book to get someone who is brand new to cyber security up to functioning with a new team. It is not a fully captivating read, and I found it hard to continue on to the next paragraph some times. For a seasoned security professionally who is getting more into APT, or joining an existing team, there are still good nuggets of information to be found but they will be able to skim through quite a few chapters. If you are already breaking apart malware and doing analysis and tracking APT's, this book is below your level.
I have been an IT professional for 17 years. Though not in security, I pride myself in being well rounded, and found Reverse Deception helpful in that endeavor. If I was a CIO, I would make this a must read for the people in my organization. This is not just for tech geeks, but the law department as well.