“Hacking” is the practice of gaining access to a computer system by methods other than the legitimate ones that it presents to the outside world or by compromising a legitimate method. For example, accessing a server connected to the Internet from a web browser usually requires entering a user identification (ID) and a password. The server presents a page to the browser asking for these two items. A hacker not knowing the ID and password might make guesses at either. Knowing the ID, the hacker might use a program to enter various passwords, hoping to find the correct one. Or, the hacker might try to trick the ID’s owner into disclosing the credentials. Because servers may have multiple ways to be connected, a sophisticated hacker can use several approaches to gain entry, including trying to exploit so-called backdoor points of entry. Hackers try to access computers illicitly for multiple reasons, such as to experiment, for financial gain, or from a sense of maliciousness, for example, the desire to cause chaos or destruction.

Fancy Bear goes phishing is nominally about hacking and hackers, but it is also about much more. It presents a history of the growth of the Internet to show how hacking started and grew along with its targets. It discusses various types of hacking tools, such as viruses, worms, vulnerability exploits, and combinations of these. The early Internet consisted of computers located in government and educational research labs. In those environments, the primary goal was to create a working system to explore connectivity and communication. Security was a minor consideration given the limited audience of researchers who could get access. Nonetheless, the first warning of security’s importance came early. The release of the Morris worm was an experiment to test network and computer penetration that went wrong. The worm flowed across the network, trying to gain access to connected computers. Once installed, it tried to make further accesses and spread itself. A flaw in its programming caused it to proliferate wildly, greatly consuming resources and causing infected systems to become unusable. This experiment caused the first test of US anti-hacking law.

As the Internet grew, commercial enterprises began to connect, giving rise to a much larger audience of users. Most simply wanted to access services, but some were criminals looking to steal; others were disaffected or bored teenagers and adults who wanted to cause chaos or destruction for its own sake. These miscreants found a happy playground because the original design of the Internet infrastructure lacked any significant integral security, leaving many vulnerabilities to be explored and exploited. Software providers such as Microsoft, given their focus on individual personal computers (PCs) and producing products quickly, paid scant attention to security until their expansion into corporate-level software forced a change in focus.

As the Internet grew to encompass commercial uses and access to infrastructure such as electrical grids, nation-state sponsored hacking for purposes of espionage and attacking enemies appeared. The “Fancy Bear” named in the title is the western designation for the hacking unit of the Russian GRU (the military intelligence agency). One of their most serious exploits, recounted in detail, was hacking into the servers of the US Democratic National Committee (DNC) in an attempt to influence the 2016 presidential election. This hack began with “social engineering” using the technique of “phishing,” constructing an email and website that fooled a person into disclosing his email logon password. With that the hackers were able to gain much wider access to the email server’s content. Humans are often a weak link in security systems. Strong security can be cumbersome to use, causing people to work around it, defeating the purpose. Russian government hackers were also responsible for successfully attacking Ukraine’s electrical power grid.

The book tells its story engagingly. It begins in Bulgaria as that country transitioned away from its communist government. Many young people were suddenly unemployed but computer savvy. One thing led to another, making Bulgaria an early hotbed of virus writing. The book is well written and a straightforward read. One minor criticism is that the text is rather heavy with computer jargon, including some created by the author just for his exposition. Those interested in the history of the Internet or hacking will find this book both entertaining and informative.

More reviews about this item: Amazon