Spies Among Us: How to Stop the Spies, Terrorists, Hackers, and Criminals You Don't Even Know You Encounter Every Day

In Spies Among Us, author Ira Winkler continues his unique knack for writing on deeply serious topics using his characteristic light and very readable style. This is what makes Winkler different and results in most readers either loving or hating his books. I count myself among the former group. As a long-time security professional, I consider Ira Winkler's work refreshing and informative. Throughout the book, Winkler restates some of his pet phrases from his earlier books; but that is simply an indication that he has some very important points to make. What is new in Spies Among Us is the very relevant theme: "Relax - it's not terrorism...but does that really mean it's okay?" Winkler effectively uses this theme to demonstrate that public perception has changed since the terrorist attacks of September 11, 2001. Whenever a large scale incident occurs (e.g., a power outage, computer virus, plane crash, etc.), our first thought now is "terrorist attack." Once we learn that the incident was not terrorist-related, we seem to breathe a collective sigh of relief and say "oh good...no big deal." However, large-scale non-terrorist-related attacks are far more likely to affect our everyday lives - and affect us in a big way, if we are not properly prepared for them. Everything from industrial espionage to natural disasters, from malicious computer attacks to major accidents, and from the identity theft epidemic to Internet scams can have a significant impact on our assets - as individuals, corporations, communities or government entities. We must not dismiss threats simply because they are not terrorist threats. Through real-world case studies, examples and experiences, Winkler walks the reader through questions such as "who are the adversaries," "how do they target us," and "what can we do about it?" Chapter 13, the final chapter, is appropriately titled: "Taking Action." As the author implies, all the knowledge in the world about threats, vulnerabilities and available protective measures is useless unless you do something about it. In the closing chapter, Winkler lays out a practical starting point for developing a common sense approach to protecting critical assets. Like most of Winkler's previous books, Spies Among Us strikes a perfect balance between a traditional security book (practical and useful, but also dry and tedious) and a spy novel (exciting, interesting and fast-paced, but not "real"). This book is the real thing and is packed with information that will appeal to a wide ranging audience - from security pros to novices, to people who simply want to enjoy an interesting read. One of the things I respect most about Winkler is that he is one of the very few IT Security experts around the world who truly appreciates the full spectrum of comprehensive security risk management. He doesn't demonstrate the typical tunnel vision of IT Security types who view the entire universe through the eyes of a network co

In the first couple of chapters, I realize that this is not a novel of spy vs.spy, but an actual resource book that makes 100 % sense. Mr. Winkler is speaking from experience and his background denotes a lot of it. I was very impressed with his style of writing and the material he covers. If anyone wants a career in Computer Security or Information Assurance, this book is a definite MUST READ and MUST HAVE in your library.

Read this book to appreciate what is (or should be) keeping your Information Security Manager awake at nights, and to understand what he/she probably wants (or ought) to do about it. Ira learnt his trade working for the US National Security Agency. His spooky background provides a somewhat disturbing undercurrent throughout the book but this is neither a James Bond training manual nor a shock horror exposé of the murky world of spies. It is in fact a very broad exposition highlighting the urgent need for all organizations to implement suitable information security controls. Chapter five "How the spies really get you" should be compulsory reading for all managers. In less than fifty pages, Ira explains how virtually anyone in or associated with the average organization may represent a vulnerability, some more than others. I challenge any experienced manager to read this chapter without thinking about probable weaknesses in their own organization, perhaps even in their own departments. If chapter five piques your interest, I guarantee you will enjoy the rest of the book. The previous four chapters set the scene, explaining that information security is far more than simply a matter of implementing system/network access controls. The next six chapters (part II of the book) present compelling case studies built (we are told) around genuine real-world situations. Ira is known for describing attack methods quite explicitly, meaning that having read the case studies, you will be in a similar position to those who actually committed these attacks. Each case concludes with a description of the vulnerabilities exploited. The final two chapters (part III) attempt to redress the balance by explaining how to address the risks presented in the rest of the book and so `stop the spies'. Given the broad nature of the threats and vulnerabilities described in parts I and II, it would be unrealistic to expect to get a complete set of answers in just two short chapters ... but that would miss the whole point of the book. Part III gives an overview of the main elements of most information security programs. In one, two or occasionally three paragraphs, Ira explains what the average Information Security Manager actually means by concepts such as single sign on and defense in depth. This book should provide a wake-up call to complacent managers who feel their organizations are somehow immune to industrial espionage, social engineers and even terrorist infiltration.

This book is sort of like the how-to or nuts & bolts book to serve as a companion to Kevin Mitnick's The Art Of Deception. Winkler explains how the spies, terrorists or other malcontents of the world are able to penetrate network defenses and compromise apparently "secure" networks to gain access to sensitive and confidential information. The book may be targeted primarily at information security professionals, but in my opinion that is short-sighted. The value of a book like this- one that demonstrates the ease with which information can be social-engineered from naive people- should be shared with the masses so that they develop an awareness and can help to combat such attacks. Spies among us provides an excellent look at the methods and techniques that can be used to exploit and infiltrate a government or corporate network, but more importantly Winkler provides a number or tools and techniques that the reader can apply to help prevent such attacks. Some of the information may be too technically "deep" for an average reader, but most of the book is fairly easy to read and the "cloak and dagger" stories may be appealing, if not frightening, to just about any reader. Definitely worth reading for just about anyone. [...]

So just how safe are you and your company/organization? My guess is, not very. Spies Among Us by Ira Winkler will definitely drive home that fact... Contents: Part 1 - Espionage Concepts: How To Be A Spy; Why You Can Never Be Secure; Death By 1000 Cuts; Spies And Their Friends; How The Spies Really Get You Part 2 - Case Studies: Spy vs. Spy; Nuclear Meltdown; Fill'er Up!; The Entrepreneur; The Criminal Face Of The Internet Age; Crimes Against Individuals Part 3 - Stopping The Spies: Taking Control; Taking Action; Index Winkler is someone who does "attacks" for a living. He routinely is hired by companies to do threat assessment on their systems and locations, and unfortunately he is often successful with far too little effort. These assessments could be just a simulated attack to gain access to secured locations and systems that could then be compromised, clear up to security of nuclear facility information and terrorist attacks on fueling facilities at airports. It's that last one that is scary, in that it was done in a post-9/11 environment, and went off without a hitch. We're just not in the "security mindset" in most cases. But rather than just go on about how easy it is to hack and crack systems, he also offers plenty of advice on how best to build a security program that is effective (both from a cost and result perspective). Each of the case studies ends with a summary that shows how something like this could happen, as well as what vulnerabilities were found and exploited. That piece by itself would be worth the cost of the book. But the final two chapters are where you'll benefit most. Winkler covers a multitude of counter-measures (personnel, physical, operational, technical) that can be implemented in order to have a more secure environment. The final chapter then explains how to implement a comprehensive program based on the value of your information and the amount of risk present. Rather than just saying "do this, this, and this", you get a customized approach based on your own unique situation. Really good stuff... As he states early on in the book, there's no way to be 100% safe and secure. But you can do far more than "hope for the best". This is the book that can help you understand just how dangerous things can be and how at risk you are...