---

Keywords: IT security, hacking, cracking, cyber-crime Title: High-Tech Crimes Revealed Author: Steven Branigan Publisher: Addison Wesley ISBN: 0321218736 Media: Book Verdict: The law-enforcement side of the story - low on technical content

Buy US Buy UK

The most interesting and readable accounts of IT security are written by protagonists - from either side of the IT security fence. 'High-Tech Crimes Revealed' comes from an author who is firmly on the side of the forces of law and order. As a security consultant Steven Branigan has worked with the FBI and other agencies investigating a range of intrusions and attacks. It is this background which provides the core content of this book, which is part true-crime and part IT security manual.

Unfortunately the book fails to live up to its billing either as thrilling true-crime reportage or as a handbook for the security professional.

Firstly the stories that Branigan discusses are definitely the most interesting part of the book. Each story is interesting both in a narrative sense and also in what they reveal of the techniques of the crackers and of the law-enforcement agents on the other side. However these stories are peppered with additional material on various aspects of the law, facts and figures on hacking trends and so on.

As a security manual the book operates at a fairly high-level. This is not by any means written for the practicing network manager who wants a set of techniques and tools for intrusion detection and general security measures. Sure general principles can be picked up, but for specific technical content and tools you need to look elsewhere. On the plus side there is some good information on forensic investigations and what you can and can't do as regards collecting evidence.

However the major problems with the book arise from the author's attempts at criminology. Aside from prompting the obvious question as to how an expertise in Unix system programming qualifies someone as a criminologist, the author betrays such a complete identification with law enforcement that it actively gets in the way. And there are some outrageous generalisations on display, for example stating as fact that some criminals are genetically programmed to commit crime. The ideas of criminal profiling are applied to cyber-crime but the results are crass and don't really help in any practical sense.

To conclude then, while there are some interesting anecdotes on offer, this is a book that is hard to recommend. If you want to read the law enforcement side of the story then this is a good enough place to start. On the other hand if you want more technically focused material then you'll need to look elsewhere. Developers in particular would do well to take a look at the excellent 'Innocent Code' by Sverre Huseby.