Crimeware by Jakobsson and Ramzan
Kudos to Markus Jakobsson and Zlufikar Ramzan for the encyclopedic work “Crimeware, Understanding New Attacks and Defences.”
I originally wrote this review shortly after the book was published, and reread both the book and the review and remarked to myself how precient Jakobsson & Ramzan were in pointing out the attacks and defences required to stay safe online. Here is a pdf of this review:  [download id=”9″] —
Book Review: Crimeware, Understanding New Attacks and Defences
Markus Jakobsson & Zlufikar Ramzan

Five stars to Jakobsson & Ramzan for a most useful guide to understanding the underbelly of the internet. The strength exhibited by this book lies within the all-star lineup of contributors and the thorough dissection of the numerous forms of crimeware. Their book is a must read for anyone who has responsibility or an interest in protecting Personal Identifying Information (PII), Private Consumer Information (PCI) or Intellectual Property (IP).

As a self-described technological Neanderthal, I encountered only a few portions of the book which caused me to enter the world of “technological overload,” anyone with a modicum of information technology understanding will have no problem cruising through the chapters and fully comprehending the various data points. The highpoint of each being the *countermeasures* presented at the end of each chapter.

Some items which I would like to highlight, as they resonated with me:

  •  Whether you are fully familiar or a nascent understanding of crimeware and its many manifestations, Chapter 1 alone provides a concise overview. This introduction gets your mind in swing, and puts you in the zone, if you have only time to read one chapter – this is it. You’ll finish with a working knowledge and familiarity of crimeware.
  • Crimeware’s business model hit the sweet-spot. The explanation is clear. The monetization requirement of the perpetrators is accurate, and from my own perspective (i.e., that of one who invests heavily in the “why” side of these discussions), the content provides meaningful grist for future discussions.
  •  Education as a means to thwart crimeware makes imminent sense. Again the points advanced are spot-on, as the audience receiving *Security Training* must be exposed to the “why” before you try and project the “what” or the “do” upon them. I would add, that messaging, regardless of vehicle, be it cartoons, video, hoardings or print media, should be aligned to project the positive actions of a given scenario. The rationale being, individuals align with positive behaviors and outcomes and disassociate with a negative exemplar.
  • The endnotes are in reality an extraordinary extensive bibliography on the topic of crimeware, which alone is worthy of review.

In sum, Jakobsson/Ramzan have it right – crimeware is here, and it is here to stay. Perhaps if we collectively work together we may be able to hold back those in vesting in the development of crimeware. This collaborative guide is a great stepping-stone to the next level of trust and engagement.

Christopher Burgess
(NB: This book was provided to me by the publisher)