Wednesday, April 23, 2008

Zero Day Threat by Acohido and Swartz

I read the book Zero Day Threat (ZDT) by Byron Acohido and Jon Swartz. I really liked the book! Zero Day Threat is about the underground cyber-economy. It makes some surprising points grounded in real truths. I liked that the book paints a complete picture, i.e., how malware,
identity theft, and "drop off" gangs collaborate to facilitate
a well oiled cyber-economy. Since my research area is security,
I was very familiar with the different types of malware brought up in Zero Day Threat. However, this book gave me a complete picture of the problem.

I particularly appreciated two features of the book:

Structure: Each chapter is broken into three sections: exploiters,
enablers, and expeditors. Exploiter sections focus on crooks (such
as scam artists and drug addicts) and how they benefit from the
underground economy. The Enablers sections focus on credit card
companies, banks, and credit bureaus, and how their current practices
enable the underground cyber-economy. Expediters
are guys (good and bad) that allow the cybercrooks to exploit
vulnerabilities in an expeditious manner. I thought this structure
was just brilliant! It really brings out the correlation between
various factors and actors that enable the underground cyber-economy.

Narrative Style: I really enjoyed various anecdotes in the book.
There are several stories about people being scammed or getting
lured into the profitable cyber-underground. For example, there is a story of
a "drop off" gang in Edmonton which is narrated throughout the
book. These anecdotes make the book very interesting and provide
a "human side" to the cyber-underground.

I highly recommend this book.