What do you think?
Rate this book
Inside Cyber Warfare: Mapping the Cyber Underworld
Get a fascinating and disturbing look into how state and nonstate actors throughout the world use cyber attacks to gain military, political, and economic advantages. In the third edition of this book, cyber warfare researcher Jeffrey Caruso explores the latest advances in cyber espionage and warfare that have emerged on the battlefields of Ukraine and the Middle East.
Inside Cyber Warfare features an exclusive deep dive into the wartime operations of an offensive cyber unit of Ukraine's Ministry of Defense as it works to defend the nation against Russian forces, particularly since the 2022
● See what happened when a Ukrainian cyber and special operations team worked together to destroy a secret missile laboratory
● Explore the legal status of cyber warfare and civilian hackers
● Discover how a cyber team with little money and limited resources learned to create fire from the manipulation of code in automated systems
● Distinguish reality from fiction regarding AI safety and existential risk
● Learn new strategies for keeping you and your loved ones safe in an increasingly complex and insecure world
Inside Cyber Warfare features an exclusive deep dive into the wartime operations of an offensive cyber unit of Ukraine's Ministry of Defense as it works to defend the nation against Russian forces, particularly since the 2022
● See what happened when a Ukrainian cyber and special operations team worked together to destroy a secret missile laboratory
● Explore the legal status of cyber warfare and civilian hackers
● Discover how a cyber team with little money and limited resources learned to create fire from the manipulation of code in automated systems
● Distinguish reality from fiction regarding AI safety and existential risk
● Learn new strategies for keeping you and your loved ones safe in an increasingly complex and insecure world
158 pages, Paperback
Published October 22, 2024
3 people are currently reading
25 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 9 of 9 reviews
April 3, 2025
Jeffrey Caruso concludes Inside Cyber Warfare: Mapping the Cyber Underworld (O'Reilly Media) with the stark observation, "I'm not optimistic about our future". After reading this concise and insightful book and having worked in information security for decades, I find his comment quite accurate.
How bad is the situation? Forty years ago, if China wanted to steal the designs for the latest US fighter jet, it would have had to send numerous spies to the US, have them settle, get apartments, and more. Then hope that it could penetrate the military contractor after a few years.
Today, with a combination of LinkedIn, TikTok, cloud storage, people who share way too much on social media, insecure mobile devices, and more, China can do that much more effectively, cheaply, and remotely.
The book starts with the sobering observation that we depend entirely on devices and systems that cannot be made safe from sabotage or attacks. It's not ironic that Dan Geer, who wrote the book's forward, was fired from his job in 2003 when he wrote that Microsoft's dominance with Windows was a threat to national security. Countless government and commercial data breaches and petabytes of breached data later, it's eminently clear that Geer was correct and ahead of his time.
The book takes a heavy focus on the Russia/Ukraine war, where cyberattacks have been an almost daily occurrence. This includes attacks that have taken down the power grid and using coordinated data from social media to launch a drone attack against enemy fighters.
In July 2024, then U.S. Director of National Intelligence Avril Haines said that the Islamic Republic of Iran had been encouraging and funding often violent pro-Hamas protests across the United States. Similarly, Russia has long used bots, trolls, and other techniques on social media to influence the public.
That, combined with the power of social media, reveals that we live in a world where our most popular media is run by attention-seeking algorithms that serve to further inflame division and hatred because increasing the user's screen time makes money. The downside for these vendors is that preventing the propagation of misinformation and deepfakes costs money.
Others and I recently ran into this when Meta flagged things related to the late, great Amit Yoran as violating their community standards. A piece I wrote in memory of Yoran was specifically flagged as violating their cybersecurity standards.
The book's first edition was published in 2009 and was quickly followed by a second edition in 2011. In the third edition, Caruso writes that the world and cybersecurity have changed significantly in the last 13 years.
Caruso advocates more government regulation of software and the industry's overall poor state in securing data. He writes that the state of security is dreadful, and the companies responsible for securing networks, products, and services are making record profits.
He compares it to the automobile sector before the passage of the National Traffic and Motor Vehicle Safety Act of 1966 when the government started to set car safety standards. He writes that the lack of regulation has enabled companies to tolerate poor coding practices and focus solely on sales, while the carnage of breaches and ransomware has spawned a separate growth industry of defenders and incident responders.
Holding the manufacturer of software products responsible for the safety and security of what it has built seems like common sense. It applies to every other industry except for the sector upon which every critical system relies—software.
While the book closes with his observation that he isn't optimistic, he does supply a three-step plan to deal with things. This includes reducing your attack surface, creating redundancies for critical systems, and diversifying your risks. These are not easy things to do. But do them, and you will find you are more secure than most organizations.
At 135 pages, this is a relatively quick read. Caruso could have easily made it five times the size had he wanted to include more examples of never-ending cyberattacks. But if the reader doesn't get the message in this essential read in 135 pages, they will never get it at any length.
How bad is the situation? Forty years ago, if China wanted to steal the designs for the latest US fighter jet, it would have had to send numerous spies to the US, have them settle, get apartments, and more. Then hope that it could penetrate the military contractor after a few years.
Today, with a combination of LinkedIn, TikTok, cloud storage, people who share way too much on social media, insecure mobile devices, and more, China can do that much more effectively, cheaply, and remotely.
The book starts with the sobering observation that we depend entirely on devices and systems that cannot be made safe from sabotage or attacks. It's not ironic that Dan Geer, who wrote the book's forward, was fired from his job in 2003 when he wrote that Microsoft's dominance with Windows was a threat to national security. Countless government and commercial data breaches and petabytes of breached data later, it's eminently clear that Geer was correct and ahead of his time.
The book takes a heavy focus on the Russia/Ukraine war, where cyberattacks have been an almost daily occurrence. This includes attacks that have taken down the power grid and using coordinated data from social media to launch a drone attack against enemy fighters.
In July 2024, then U.S. Director of National Intelligence Avril Haines said that the Islamic Republic of Iran had been encouraging and funding often violent pro-Hamas protests across the United States. Similarly, Russia has long used bots, trolls, and other techniques on social media to influence the public.
That, combined with the power of social media, reveals that we live in a world where our most popular media is run by attention-seeking algorithms that serve to further inflame division and hatred because increasing the user's screen time makes money. The downside for these vendors is that preventing the propagation of misinformation and deepfakes costs money.
Others and I recently ran into this when Meta flagged things related to the late, great Amit Yoran as violating their community standards. A piece I wrote in memory of Yoran was specifically flagged as violating their cybersecurity standards.
The book's first edition was published in 2009 and was quickly followed by a second edition in 2011. In the third edition, Caruso writes that the world and cybersecurity have changed significantly in the last 13 years.
Caruso advocates more government regulation of software and the industry's overall poor state in securing data. He writes that the state of security is dreadful, and the companies responsible for securing networks, products, and services are making record profits.
He compares it to the automobile sector before the passage of the National Traffic and Motor Vehicle Safety Act of 1966 when the government started to set car safety standards. He writes that the lack of regulation has enabled companies to tolerate poor coding practices and focus solely on sales, while the carnage of breaches and ransomware has spawned a separate growth industry of defenders and incident responders.
Holding the manufacturer of software products responsible for the safety and security of what it has built seems like common sense. It applies to every other industry except for the sector upon which every critical system relies—software.
While the book closes with his observation that he isn't optimistic, he does supply a three-step plan to deal with things. This includes reducing your attack surface, creating redundancies for critical systems, and diversifying your risks. These are not easy things to do. But do them, and you will find you are more secure than most organizations.
At 135 pages, this is a relatively quick read. Caruso could have easily made it five times the size had he wanted to include more examples of never-ending cyberattacks. But if the reader doesn't get the message in this essential read in 135 pages, they will never get it at any length.
October 3, 2024
Short and superficial book that does not really go into depths. The last section about AI is just short and does not really focus on cyber warfare. AI is used a lot in hacking, but author barely wrote about that.
Also matrix multiplication function that spits out the next probable word (LLM's like ChatGPT) are not artificially intelligent. It felt that the author is not really aware of that fact and comically wrote, that "the scientists themselves don't understand how it works", which was off-putting.
Also matrix multiplication function that spits out the next probable word (LLM's like ChatGPT) are not artificially intelligent. It felt that the author is not really aware of that fact and comically wrote, that "the scientists themselves don't understand how it works", which was off-putting.
October 3, 2024
Confesso que esperava mais profundidade deste livro. Toca em vários aspetos da cibersegurança, especialmente no que toca ao seu uso como arma nos jogos geoestratégicos. Aí o livro deixa imenso por falar, é muito superficial, o que intriga dado ter sido publicado numa editora mais técnica. No entanto, faz uma interessante desmontagem da cibersegurança como indústria, mostrando a sua falta de regulação, a maneira como opera em pressupostos questionáveis que seriam inaceitáveis noutras áreas, e as consequências sociais e financeiras desta forma de trabalhar.
May 4, 2025
The book left a feeling like something is amiss here, like the main point. I'd say, IMHO, that this book is mostly felt like a ranting about wars that constantly change (that's true) and that the world and governments are not yet adapted to the thought that cyberwars are real and that it can possess risk to our lives (that's true).
But due to the fact that this book is really short, it was ok. So yeah, nothing to add, feels like a huge blog post of the author ranting about cyberwars and it is ok, but I wouldn't recommend buying it.
But due to the fact that this book is really short, it was ok. So yeah, nothing to add, feels like a huge blog post of the author ranting about cyberwars and it is ok, but I wouldn't recommend buying it.
June 2, 2025
I appreciated that Mr. Caruso gave readers a wide perspective on how vulnerable our critical services are, and why, and how Ukraine's military intelligence arm has evolved the science of cyberwarfare to the point that they can destroy a Russian weapons lab from 1,000 miles away.
This is not your standard cybersecurity textbook. It is so much more than than, and it's perfect for anyone who wants real-world examples of how cyber attacks have evolved since the Russian-Georgia war of 2008.
That it can be read quickly is a feature, not a flaw, in my opinion.
This is not your standard cybersecurity textbook. It is so much more than than, and it's perfect for anyone who wants real-world examples of how cyber attacks have evolved since the Russian-Georgia war of 2008.
That it can be read quickly is a feature, not a flaw, in my opinion.
November 7, 2025
This book has some very interesting things to say about the current state of the software development industry. That said, I feel it lacks depth at points, especially when detailing empirical research to back up the author's assertions.
January 20, 2026
The book lacks a lot of detail and depth in the topics that are presented. While it was enjoyable to read I wish it went deeper - the section on AI seemed very rushed and didn’t explain much at all, I don’t really understand why it was apart of the book.
November 21, 2024
If I was asked a chatgpt to write something russophobic, it couldn't write even 5% of this sh*ty book. Garbage.
This entire review has been hidden because of spoilers.
January 5, 2026
Inte så mycket nytt, trots en relativt ny 3e upplaga.
Displaying 1 - 9 of 9 reviews