Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks

Suppose you are looking for a book that is a giant leap into the history of hacking. A book that takes a deep dive into exploited technology, hackers’ motivation, the impact on everyday society and national security. A book that is also easy to understand and follow. In that case, “Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks” by Scott J. Shapiro is the book for you. As the title states, this book is a history of five extraordinary hacks. It is also an accurate account that guides the reader into the mindset and motivation of the hacker, the then-current state of technology, as well as what was happening socially and globally. I have read many fiction and non-fiction books on cybersecurity, and this book elegantly weaves the creativity of a good storyteller with historical facts. It will not disappoint the reader.

The author analyzes five legendary hacks that significantly impacted the cybersecurity landscape, breaking each down with the precision of a military operations order. Just as an operations order assesses four key battlefield conditions – enemy forces, friendly forces, attachments and detachments, and terrain and weather – the author applies a similar framework to each hack. He examines the hacker, their mindset and motivation, the target or victim, other influencing factors, and the state of technology at the time, including its implementation, management and societal use. This structured approach provides a clear strategic understanding of each exploit and why it was significant at the time and now.

Each of the five hacks presented is distinct, each encouraging readers to draw their own conclusions on the root cause of the successful hack and its impact. This is particularly evident in the first hack, the Morris Worm. The author showcases then-college student Robert Tappan Morris’s ingenuity while also illustrating the duality of his legacy—hailed as a visionary yet also the first person convicted under the Computer Fraud and Abuse Act. Another hack delves into a country’s culture of innovation and its reliance on creating computer viruses as an economic livelihood. It also introduces the infamous hacker Dark Avenger. The third event introduced hacking to anyone who kept up with pop culture because it details the hacking of socialite Paris Hilton and the ensuing scandal of private photos, videos and data. The fourth hack made headlines because of nation-state adversaries (Guccifer 2.0) using hacking as a means to influence U.S. elections. The final hack examines the “Botnet Wars” and the escalation of attacks in scale and resources, and explores how the bar to entry into hacking has been lowered.

The book may seem like a doomsday narrative, but it is not. The book does show how hackers have historically exploited contemporary technology, often staying a step ahead of their targets, victims and defenders. But it offers hope by demonstrating how, by understanding the mindset of the threat actors and modifying our own behavior (and with improved technological safeguards), we can create a security-aware culture that can make us more resilient or immune to cybersecurity attacks.

I highly recommend this book to cybersecurity students, practitioners and individuals who are genuinely interested in exploring the hacker community, culture and motivation. The book is a good introduction and provides an abbreviated history of hacking. The pace of the book makes it easy to follow, with hacking jargon clearly explained. For cybersecurity professionals, the book is light on technical details but may enlighten on the motivation and the lasting impact particular hacks had on society and national security.

If you like the historical genre of cybersecurity, then I also recommend “Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage” by Clifford Stoll and “Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon” by Kim Zetter. If you enjoy good storytelling fiction that dives into the social and national security implications of hacking, then I recommend “Burn-In” by P.W. Singer and August Cole.