Josephine Wolff is an assistant professor at Tufts University. And she’s Patrick’s friend. I decided to read Josephine’s book, You’ll See This Message When It Is Too Late (2018), because I wanted to learn more about cybersecurity–Josephine’s specialty. From page one, I found a compelling series of stories about companies and organizations affected by online attacks.
Josephine analyzes nine major data breaches from the recent past and classifies them into three different categories based on the hackers’ motivations and intentions. First, attacks for financial gain like those on TJ Maxx, the South Carolina Department of Revenue, and other ransomware shakedowns. Second, attacks for cyberespionage like DigiNotar and US OPM. Third, attacks that aim for online humiliation like Sony and Ashley Madison.
Josephine shows how these breaches were discovered, what mistakes were made in trying to deal with the breaches, and–more importantly–what could have been done to alleviate the attacks. The focus should be on “…what the perpetrators are after, which applications they primarily use to initiate access, and what infrastructural components and configurations they rely on to carry out their ultimate goals.” (p. 280).
Yes, cybersecurity continues to be a problem. It’s complex, complicated, and confusing. But Josephine Wolff understands this problem and her well-written, well-researched book provides some possible approaches to improve our defenses. If you’re looking for a clearly written, concise, and occasionally funny guide to cybersecurity, I highly recommend You’ll See This Message When It Is Too Late. GRADE: A
TABLE OF CONTENTS:
Series Editor’s Introduction ix
I Introduction: After the Breach 1
1 Lessons from Financially Motivated Cybercrimes 17
2 Operation Get Rich or Die Tryin’: How the TJX Breach Set the Stage for a Decade of Payment Card Conflict 19
3 “What They Aren’t Telling You Is Their Rules Are Archaic”: The South Carolina Department of Revenue Breach, IRS Fraud, and Identity Theft 39
4 The Most Wanted Cybercriminal in the World: GameOver ZeuS, Cryptolocker, and the Rise of Ransomware 59
II Lessons from Cyberespionage 79
5 Certificates Gone Rogue: The DigiNotar Compromise and the Internet’s Fragile Trust Infrastructure 81
6 No Doubt to Hack You, Writed by UglyGorilla: China’s PLA Unit 67398 and Economic Espionage 101
7 “Decades in the Making”: The Office of Personnel Management Breach and Political Espionage 121
III Lessons from Online Acts of Public Humiliation 143
8 Operation Stophaus: The Spamhaus Denial-of-Service Attacks 145
9 “An Epic Nightmare”: The Sony Breach and Ex-Post Mitigation 165
10 An Imperfect Affair: Ashley Madison and the Economics of Embarrassment 185
IV Who Should Safeguard Our Data? Distributing Responsibility and Liability 205
11 “Email the Way It Should Be”: The Role of Application Designers and Software Developers 207
12 Reasonable Security: The Role of Organizations in Protecting Their Data and Networks 225
13 “Happy Talk About Good Ideas”: The Role of Policymakers in Defending Computer Systems 243
14 Conclusion: “It Will Take All of Us” 269