Don't you sometimes wish you knew the background stories to some big hacks? You've heard about the 1988 Morris Worm, the Paris Hilton sex tape and photos, the Internet of Things botnets, the Minecraft Wars, the Bulgarian virus factories, Fancy Bear sending phishing emails, but what is the context behind them? In the times of hybrid warfare, perhaps looking back at the last few decades of hacks could provide some strong background on the origins and motivations of the perpetrators as well as the techniques way back then. It all depends on when you think the information age or the Internet started, but the basics are found here on these pages.

Scott J. Shapiro has tackled this problem in creating a 430+-page book "Fancy Bear Goes Phishing - The Dark History of the Information Age, in Five Extraordinary Hacks." He has chosen the lens of five major hacks to provide background, often in narrative (shall this reviewer say 'popular science?') form, mixed with snippets of computer code, illustrative diagrams, screenshots, and other supporting materials. The book is divided into 10 chapters (with the five major hacks bleeding over from one chapter to another), with an introduction, a conclusion, and an epilogue. There is a set of endnotes, 70 pages long, that show the sources with more in-depth information for those who prefer reading the original reports, plus an index.

The "Introduction" of the book starts with the "Brilliant Project," the inception of the so-called "Morris Worm" that took down the Internet in November 1988 and led to the creation of the CERT Coordination Center. Over the next two chapters "The Great Worm" and "How the Tortoise Hacked Achilles," the story continues with understanding the inception, the mitigation, and the legal aftermath of the "Morris Worm," with Robert Morris Jr., a Cornell University PhD Student at the time, at center stage.

In the next two chapters, "The Bulgarian Virus Factory" and "The Father of Dragons", the reader learns about first efforts to create computer viruses and worms, as well as ways to contain them. The author takes the reader on an excursion into various dark (and not so dark) chapters of computer security history, showing the evolution of sometimes funny, sometimes very destructive pieces of malware. With names such as Vesselin Bontchev and Sarah Gordon on one side, and on the other their nemesis Dark Avenger, the story continues. The mysterious and elusive central character, Dark Avenger, is one of the creators of malicious software, sometimes motivated to write more malicious software by the continued efforts to fight him.

The chapters "Winner Take All" and "Snoop Dogg Does His Laundry" goes down a different road for the next hack: simple account (reset) passwords and SQL injection. We are talking about the T-Mobile Sidekick and backend database hacks from the early 2000s, leaking Paris Hilton's private photos among others. Then came the Melissa and ILOVEYOU viruses turning into super-spreaders as more and more users join the Internet, many (too many?) unaware of its dangers at the time.

The chapters "How to Mudge" and "Kill Chain" continue the email idea, but enter the domain of phishing, in other words social engineering. Here the reader "meets" Fancy Bear, the malicious character from the title of the book. Fancy Bear helped penetrate the American Democratic National Convention by using a phishing ruse. What followed was a release of a series of emails from within the US Democratic Party in fall of 2016, at the time of the US national election, which is put into several contexts here.

In "The Minecraft Wars" and "The Attack of the Killer Toasters" we veer off to the attacks on the Internet infrastructure via Distributed Denial of Service [DDoS, one of my favorite topics -SD]. In the mid 2010s, the targets of DDoS malware (source of the traffic, making large sites such as Brian Krebs' site or the Dyn DNS servers go offline with heavy DDoS traffic) were now the Internet of Things devices, such as routers, cameras, digital video recorders, and perhaps connected toasters. The main contender is the Mirai botnet, which still exists in many variations to this day.

Wrapping up, in the "Conclusion: The Death of Solutionism" the author tries to find a path forward, mentioning that many companies offer solutions to the Internet problems mentioned here, but will they work. An "Epilogue" follows.

This book is aimed at a broader audience, but it does delve deeper into technical details for those who understand the techniques. The background stories certainly fill the gap left behind when one reads scientific papers on hacking topics and one wonders, "what REALLY happened here?" The extensive references at the end of the book will lead the reader to more technical knowledge, should their interest be piqued.

I very much enjoyed reading this book. The book is light and entertaining reading and provides anecdotal background information for why we do some of the things we do on the Internet. And maybe how certain incidents played out. Read it for yourself.