[Dailydave] Book Review: @war by Shane Harris

Dave Aitel dave at immunityinc.com
Mon Jan 5 11:58:53 EST 2015 

http://www.amazon.com/War-Shane-Harris-ebook/dp/B00HP6T7V0/ref=sr_1_1_twi_1?ie=UTF8&qid=1420467848

For a book about America's failing trust with our own intelligence team,
this book is a hard book to trust. That's not to say it's not well
researched: a third of the book is footnotes. But at least HALF the
footnotes are simply "from author's interviews", often from interviews
with anonymous "former officials". The first chapter is about how the
use of real-time SIGINT revolutionized warfare in the modern age, and
the rest of the book is really about how we can't seem to make any
inroads in protecting ourselves.

There's a saying in the intelligence world about how SIGINT doesn't lie,
but HUMINT does. And that's because while it's rare that you will lie to
yourself in your internal memorandum and emails, divulging content from
what two sources say means you have to triangulate their points of view
and often end up in nonsense land. Shane Harris falls right into this
trap, and relying on sources so heavily also means that it has a
penchant for breathless hyperbole that is going to make anyone from the
computer security field roll their eyes and sigh mightily about twice a
page. "OMG! THE CHINESE ARE BETTER AT THE HAXING." is a direct quote, I
think. After his interview with Seghoian, he can't help but mention in
every chapter the "thousands of 0day" the NSA is "stockpiling", as if
0day wasn't just another word for "I know something about a computer
that might be useful". Shane posits: "The chances are good that if
another country or terrorist group knocks out the lights in a US city,
it will use an exploit purchased from a company that also sells them to
the NSA." Is that so, Shane, or is that maybe complete bullshit?

That's the kind of hilarious commentary you get throughout the book.
Chris Rouland, for example, is a "top-notch hacker".

Basically the book can't decide if it is the US Magazine of computer
security journalistic round-ups, with human interest profiles of various
ex-feds who now work for Crowdstrike and Mandiant or if it is a serious
work of historical journalism and policy recommendations. Who is this
book for? People in the field will find some of the information in the
book interesting, as it's not well covered elsewhere, but hardly need to
read for the thousandth time about how phishing works. People not in the
computer security field will ... not read this book full of insider gossip.

And, like US Magazine, the audience is assumed to be entirely Americans.
Aside from the obligatory misunderstanding (!?!?) of what the NSA bought
from Vupen and the constant mentioning of the Chinese APT groups you
don't see any non-US people even making the "They're just like Us!"
section, not even Brits.

Some of the best bits are in chapter 10, when he details the battle
between Keith Alexander (NSA) and Jane Holl Lute (DHS). "Who wore it
better?" he asks, while at the same time pointing out the luddite-ish
Lute's struggle to make Alexander admit that his technocratic
NSA-centric plan for the future of cyber defenses was an insultingly
daft non-starter among the business community. But he fails to examine
any technical reasons why: for example, it's telling that
Mandiant/Crowdstrike/AV/etc. are all looking at examining host behavior,
not looking to block attacks and malware traffic on the wire, like
Alexander was proposing. Even Keith Alexander's
patents-everyone-whines-about are about host behavior and not traffic
analysis.

It's a technology book surprisingly devoid of cogent analysis of
technology, and Shane fails to challenge his sources even when evidence
should have pointed him in that direction. For example, he goes over
(and is clearly for) the NSA-Task-Force's recommendations, and then
points out that Obama adopted none of them. But he doesn't examine why
that might be (aka, a lot of the suggestionswere pretty silly
<https://lists.immunityinc.com/pipermail/dailydave/2013-December/000546.html>). 


So to sum up: This is an interesting book if you are geeky enough to
know what Mandiant does, but also secretly subscribe to People Magazine.
But despite his efforts, Shane can't make a case one way or another
except by showing his sources, which he can't do. A telling analogy to
the situation the intelligence community finds itself in, all by itself.

-dave


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20150105/a3e1adba/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20150105/a3e1adba/attachment.sig>

More information about the Dailydave mailing list