MattCASmith

One of the few upsides of the whole 2020 situation is that I’ve had a lot more time to read. Periods that I would usually have spent commuting, out with friends, or cramming in chores between getting home and going to bed became downtime that I could devote to good books. It was a small silver lining to a year that became something of an endurance test in staying at home and finding ways to amuse myself.

I read more books in 2020 than I have since I was at college or university, so naturally, some of them were more notable, enjoyable, or informative than others. With that in mind, I thought I’d close off the year by sharing some of my favourite cyber security and tech titles. Also, it doesn’t look like my schedule will change any time soon, so if you have any suggestions for my 2021 reading list, please let me know!

Ghost in the Wires

I’ll start with a book that should require little introduction for many of you, but had somehow passed me by until now. Ghost in the Wires is the memoir of Kevin Mitnick, possibly the most famous hacker of all time. It tells the story of his time hacking various people and corporations for the sheer thrill of it and evading the American authorities attempting to track him down. This had been on my list for years, and I narrowly missed out on picking up a signed copy at Black Hat last year (I actually passed Mitnick in a corridor shortly afterwards), but I finally got my hands on a copy in the summer.

You’re unlikely to learn much from the book in a technical sense, partly because that’s not the point and partly because Mitnick’s tale takes place in the late 1980s and early 1990s, so many of the technologies and attacks mentioned are outdated. But Ghost in the Wires is a real page-turner akin to many a fictional action thriller. It is rightly held as a classic of the genre, and should serve as a powerful reminder of the damage a skilled social engineer can cause to an unprepared organisation.

Chaos Monkeys

Antonio Garcia Martinez’s humourous and often shocking account of his time on the Silicon Valley start-up scene is far less cyber-focused, but no less thrilling. It would be easy to compare this book to the HBO sitcom Silicon Valley, but the difference is that everything in Chaos Monkeys is true. It also includes rare insights into personal dealings with some of the most famous faces in tech.

Martinez covers his journey from Goldman Sachs to his own start-up and eventually to Facebook, with many intriguing details along the way. Despite his stories of some of the more scandalous behaviour in the California bubble, it’s nearly impossible to read this without becoming inspired by the big dreams and hard work of tech founders, and it was even the indirect inspiration for the latest iteration of this blog.

Countdown to Zero Day

As a former cyber security journalist, I know just how hard it is to combine ground-level technical detail, organisational and industry fallout, and developments in the global geopolitical landscape into a compelling story. That’s why what Kim Zetter has done here is an even bigger triumph. She tells the story of Stuxnet in a way that will satisfy industry veterans and casual observers alike, framing the campaign with detail that provides valuable context for subsequent events such as the NotPetya incident.

Countdown to Zero Day does a fantastic job of providing an account of the Stuxnet campaign at all levels, from the corridors of the US government and Department of Defense to the Iranian nuclear facilities it targeted and the researchers at companies like Symantec racing to decipher how the malware worked. While it doesn’t touch the low-level technical details (understandably - that would fill a book all to itself), Zetter’s account breaks down the core functionality of Stuxnet - much of which also applies more broadly to other malware variants - in a way that both techies and non-techies will understand.

Code: The Hidden Language of Computer Hardware and Software

Have you ever wondered how computers actually use all those ones and zeroes to allow us to send emails, edit Word documents, and write new programs in C++? Charles Petzold’s book covers more ground than just about any I’ve ever read, beginning with relatively simple systems like Morse code and, over the course of fewer than 400 pages, building a theoretical telegraph system, processor, RAM, and eventually a computer akin to those we use every day. It really is quite staggering to think about.

While the detail presented in Code isn’t something most of us will consider in the course of our daily lives, it does help to dispel the “magic box” effect surrounding PCs and smartphones. For my colleagues in the cyber security industry, it also provides a great overview of the relationship between binary and machine language, assembly, and high- and low-level programming languages, as well as where data is stored in CPU registers and RAM when code is run - fundamentals for malware analysts and bug hunters.

Practical Packet Analysis

No Starch Press is always a good bet for solid technology and cyber security books, and the publisher’s website often serves as my starting point when I’m looking for something technical to read. I read a couple of their titles this year, but the highlight has to be Practical Packet Analysis, which I worked through during some leave in the summer. At face value, the book is billed as a guide to using Wireshark to solve network problems, but it actually covers a lot more than that.

For anybody new to networking, I think the opening chapters provide about the clearest explanation of the OSI model, TCP/IP, and common protocols that you’ll find anywhere. This is followed by an extensive rundown of Wireshark’s interface and features, including a guide on where and how to capture network traffic, as well as a series of scenarios where packet analysis helps to diagnose network problems, complete with downloadable PCAP files to follow along and get some practice in.