On a recent plane trip back from Las Vegas I read the book titled “Worm” by Mark Bowden.
Rather than elaborate on detail surrounding the specific content, I wanted to share with you some quick observations to help you decide whether to read the book or not.
- I’m still very afraid of Conficker
- This book is great for experts and non-technical people interested in how Conficker was and is actively being dealt with. The book describes the technical nature of Conficker in easy to understand terms all while keeping enough information/topics/background included to keep those with more experience engaged
- The Cabal (aka The Conficker Working Group aka X-Men) are amazing. These individuals work as a team to combat the largest/most sophisticated botnet ever publicly disclosed
- Some members of the Cabal used personal credit cards to help purchase domains that would help fight Conficker variants from downloading new updates/instructions – This was very noble and amazing thing
- There is still a very large need to have a formal collaboration system in place to deal with these cyber threats. The book describes how experts from across the world collaborated via listserve and phone calls. While this was effective at the time (the Cabal were able to formulate a plan and execute it), but I don’t think it’s a sustainable model. The NCFTA was mentioned in the text as an entity that could help with collaboration. My concern is what if the author of Conficker gaines the ability to invoke a distributed denial of service on the internet – those trying to collaborate are dispersed across the world — things could get very difficult quickly. Having a centralized entity established as a nexus to collaborate with stakeholders during a large scale cyber investigation just “makes sense”
- The book included copies of email communications and summaries of meetings/phone conversations. This was very helpful to me because it helps me better understand how these “mutants” (read the book to understand why I used the term) came to the decisions they did. It also provides a documented “timeline” that allows for a “lessons learned” opportunity. The Department of Homeland Security posted a lessons learned document that can be reviewed via this blog post.
Overall I would give this book a 3.5 out of 5 stars. There were some very distracting typographical errors but not so much that it took away from the context of the book. The research and presentation was excellent. Interviews of all of the key players was done and some technical history was properly inserted to give the reader enough background to understand what was being discussed. In closing – I recommend reading this book to better understand the process of how the best of the best investigate cyber events. There are a few digital forensic/cyber investigation books that take this approach – and in my opinion we need more.