Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats [NOOK Book]


Cybercrime and Espionage provides a wealth of knowledge related to the realities seen in the execution of advanced attacks, their success from the perspective of exploitation and their presence within all industry. This book will educate you on realities of advanced, next generation threats, which take form in a variety ways. The authors, working in conjunction with strategic technology partners have key insights into the realm of what these new threats, dubbed “Subversive Multi-Vector Threats" or ‘SMT’s. Whether...

See more details below
Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats

Available on NOOK devices and apps  
  • NOOK Devices
  • NOOK HD/HD+ Tablet
  • NOOK
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK Study
  • NOOK for Web

Want a NOOK? Explore Now

NOOK Book (eBook)
$59.95 price


Cybercrime and Espionage provides a wealth of knowledge related to the realities seen in the execution of advanced attacks, their success from the perspective of exploitation and their presence within all industry. This book will educate you on realities of advanced, next generation threats, which take form in a variety ways. The authors, working in conjunction with strategic technology partners have key insights into the realm of what these new threats, dubbed “Subversive Multi-Vector Threats" or ‘SMT’s. Whether the goal is to acquire and subsequently sell intellectual property from one organization to a competitor or the international black markets, to compromise financial data and systems, or undermine the security posture of a nation state by another nation state or sub-national entity, these threats are real and growing at an alarming pace.

  • Includes detailed analysis and examples of the threats in addition to related anecdotal information
  • Authors’ combined backgrounds of security, military, and intelligence, give you distinct and timely insights
  • Presents never-before-published information: identification and analysis of cybercrime and the psychological profiles that accompany them

Read More Show Less

Editorial Reviews

From the Publisher

"Risks have evolved. We haven’t. While we stabilize toward checkbox compliance, adversaries and IT accelerate onward. Adversaries know you’re compliant - and do not care - they’re counting on it. Let’s replace faith-based dogma with intellectual honesty. As fellow Cassandras, Will and John confront you with modern threat models and challenge you to adapt".--Joshua Corman, Research Director for Enterprise Security, The 451 Group

"During 2010 three specific names signaled a fundamental shift in the risks that come from dealing in an interconnected world: Project Aurora, Stuxnet, and Wikileaks. This book provides the insights of an intelligence analyst on what got us to this point, and forecasts what information security professionals will be dealing with in the near future".--James Turner, Advisor, IBRS

"Cybercrime and Espionage was probably the most comprehensive and relevant book on the cyber security landscape written to date. The authors captured the true essence of the methods and cyber trade craft backed with use case after use case. I find this book a must have for any security professional or executive that has the responsibility for ensuring the protection of their corporate infrastructure."--Alan Kessler VP & GM HP Networking Security Products Group/TippingPoint

"John and Will have done a great job in framing the threat landscape and pointing out just how far we have to go in order to truly understand the cyber threats confronting us, to better secure our networks, and to mitigate risk within our respective organizations. Cybercrime and Espionage is a great read and should provide a call to action for any executive management team. Well done."--Nick Lantuh, President of Netwitness Corporation

"Overall, this was a really interesting reading material. The authors managed to provide a fresh perspective on the intricacies surrounding modern cyber crime of today, but have not neglected the ‘big picture’."--Help Net Security

Read More Show Less

Product Details

  • ISBN-13: 9781597496148
  • Publisher: Elsevier Science
  • Publication date: 1/7/2011
  • Sold by: Barnes & Noble
  • Format: eBook
  • Pages: 272
  • File size: 5 MB

Meet the Author

Will Gragido possesses over 18 years of information security experience. A former United States Marine, Mr. Gragido began his career in the data communications information security and intelligence communities. After USMC, Mr. Gragido worked within several information security consultancy roles performing and leading red teaming, penetration testing, incident response, security assessments, ethical hacking, malware analysis and risk management program development. Mr.Gragido has worked with a variety of industry leading research organizations including International Network Services, Internet Security Systems / IBM Internet Security Systems X-Force, Damballa, Cassandra Security, HP DVLabs, and now RSA NetWitness, where he leads the RSA FirstWatch Advanced Threat Intelligence team.

Will has deep expertise and knowledge in operations, analysis, management, professional services & consultancy, pre-sales / architecture and strong desire to see the industry mature and enterprises & individuals become more secure. Will is a long-standing member of the ISC2, ISACA, and ISSA. Mr.Gragido holds the CISSP and CISA certifications, as well as accreditations in the National Security Agency's Information Security Assessment Methodology (IAM) and Information Security Evaluation Methodology (IEM). Additionally, Mr.Gragido is a Faculty Member of the IANS Institute where he specializes in advanced threat, botnet, and malware analysis. Mr.Gragido is a graduate of DePaul University and is currently preparing for graduate school. An internationally sought after speaker, Will is the co-author of Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats.

John Pirc has more than 15 years of experience in Security R&D, worldwide security product management, marketing, testing, forensics, consulting, and critical infrastructure architecting and deployment. Additionally, John is an advisor to HP’s CISO on Cyber Security and lectured at the US Naval Post Graduate School.

John extensive expertise in the Security field stems from past work experience with the Central Intelligence Agency in Cyber Security, as Chief Technology Officer at CSG LTD, Product Manager at Cisco, Product Line Executive for all security products at IBM Internet Security Systems, Director at McAfee's Network Defense Business Unit and currently the Director of Product Management at HP Enterprise Security Products leading the strategy for the organization's next generation security platforms.

In addition to a BBA from the University of Texas, John also holds the NSA-IAM and CEH certifications. He has been named security thought leader from SANS Institute and speaks at top tier security conferences worldwide and is most recently published in Forbes on Social Media security.

Read More Show Less

Read an Excerpt


An Analysis of Subversive Multivector Threats


Copyright © 2011 Elsevier, Inc.
All right reserved.

ISBN: 978-1-59749-614-8

Chapter One



• He Who Does Not Prevent a Crime When He Can, Encourages It

• What's Old Is New Again

• A Changing World

• Cybercriminal Statistics: U.S. and Abroad

• The Statistics of Cybercrime

• Separating the Wheat from the Chaff: Qualifying Amateurs and Professionals

• Trends in 2011

• Myopic to the Catastrophic: Advanced Persistent Threats

• Points of Confluence: Events That Have Shaped the Future of Privatized Cybercrime and Espionage

• Agendas in Next Generation Cybercriminal Activity

• The Coming Decade


The Roman statesman Marcus Tullius Cicero (b. 106 B.C.–d. 43 B.C.) when speaking on the nature of criminality, once said that "The enemy is within the gates; it is with our own luxury, our own folly, our own criminality that we have to contend." Put another way, Cicero had clearly identified what he believed to be the root cause for much of what ails all humanity. Cicero believed that the enemy—or the threat that comprised it—had already breached man's defenses as a race. Perhaps, it had compromised the perimeter defenses of early man long before Cicero's time and had firmly taken root in the ecosystem of mankind's very existence. He clearly states that it is man's desire toward luxury (in Cicero's days, just as in our own, the desire for luxury was ubiquitous and the means by which some sought to achieve and maintain it were, just as they are today, less than honorable and often exploitative in the best of cases), his willingness to commit folly (his willingness to participate in, orchestrate, and execute idiocy or madness), and his criminality (which just as in Cicero's day is today a direct result of our lack of ethics, morality, and a galvanized sense of right and wrong) that must be recognized, managed, and mastered. Failure to do so only encourages the proliferation of the behavior and the aftermath that it yields. Cicero knew this to be the case and was cautioning future generations to take heed of what was occurring within his world because if it could happen in Rome, it could, and would, happen anywhere. Cicero was a very wise man.

This quote with respect to the nature of criminality has, since the first time the authors encountered it, struck them as being both insightful and profound. Cicero had articulated in a ubiquitous manner the nature of those who willingly partake in criminal acts. Cicero's point is simple and warrants reiteration. For Cicero, humanity (regardless of how simple or complex the society) owns its criminality and its propensity toward it.

He Who Does Not Prevent a Crime When He Can, Encourages It

Seneca, the Roman philosopher (first century A.D.), once said "He who does not prevent a crime when he can, encourages it." In Seneca's view inaction equated to action that ultimately encouraged (when speaking about crime) the perpetuation of criminal activity. Actions are ultimately influenced by a number of variables—some much more within the boundaries of our immediate control than others. Some are fed and fueled by our ethics and morality while others are influenced by a lack thereof. Regardless crime is, as Cicero asserts, an enemy that warrants immediate attention and the battle begins within each one of us. Criminality in all its forms ultimately comes back to man's interpretation of law and governance and what is or is not perceived as being allowable in relation to the accepted norms set forth by law. At a primitive level, it is an extension of the struggle between that which is deemed "good" and that which is deemed "evil." It is a terrifically powerful idea to grasp—one that forces each of us to conceptualize our own proximity to "good" and "evil" and to "right" and "wrong" while considering the idea itself with respect to its universal implications. It is an idea that transcends time and one which future generations (just as those that have come before them) will struggle against. Though this may sound inconceivable, we must bear in mind that not all is lost and that just as Cicero pointed out, the enemy is and always has been within the gates, and also that where there is life there exists hope. It is this idea that we will strive to explore, flesh out, and extol throughout the entirety of this work.

Criminal activity is a reality of the world in which we live. So too is espionage and often the two are not mutually exclusive. This is not a new concept. It is however a reccurring theme which bears repeating. One question we are often asked is whether there is any hope in combating this activity. People are curious as to whether this is possible either in the traditional sense or in those areas in which there has been a unique evolution such as that within cyberspace and the Internet—and the answer is yes, there is hope; however, it comes at a price. Moreover, it is not a trivial undertaking and should not be presented in a light that either under-emphasizes or over-aggrandizes it.

Our attitudes and approach to these challenges must evolve as well and like Cicero, we must recognize first that the enemy lies within before we begin to master those who threaten us from external vantage points. We must steel ourselves in the knowledge that we must cultivate and develop a sense of vigilance that lends itself to the development and proliferation of those who seek to combat the actions of the criminally inclined. In doing so, we encourage and enable ourselves to detect, identify, and prevent criminal activity and gain a greater degree of insight into the psychological motivations and drivers at work within these individuals and groups while enabling a more robust understanding of the tactics, strategies, and plans being executed on a global basis to accomplish their means. Never before has the world been more ripe for the taking by sophisticated entities bent on profiting at all costs, in defiance of local and international law, let alone socially accepted definitions of normative behavior associated with ethics and morality. As a result, a new breed of information security professionals must be armed and equipped with the tools necessary for addressing these adversaries and their actions.

What's Old Is New Again

At this point in the chapter, you may be wondering just why we are discussing the philosophical aspects associated with criminality in a book dedicated to cybercrime and espionage. It is a valid question and one that requires an equally valid response. To begin with, as we have established, humanity is its own greatest threat. This is likely not a huge shock to you, the reader, if you have read any philosophy in school or turned on the evening news. However, it is important that we stress this point as it is the basis for understanding much (if not all) of what influences criminal activity. In many respects, the same root influencers are present when speaking about traditional criminal activity or next generation criminality such as that which is most often associated with cybercrime and espionage. As a result, we must diligently work to mitigate the risks associated with those behaviors, which fall into categories defined as being criminal and deviant from the norm. Equally important is our understanding that engaging in criminal activity is a choice. It is not something that just happens, though there are rare occasions when this is the case.

Throughout recorded history, human beings have achieved incredible milestones, demonstrating the superiority of our species in both evolving and adapting to our changing environment. We see this in every aspect of our world and it should come as no surprise that we excel in subverting laws and governance with the same ease and elegance as in other areas in which we continue to push the envelope of achievement. Examples of human determination and drive can be cited all the way back to the Neolithic era (roughly 10,000 years ago), when man matured from hunter-gatherer to farmer. As our societal trends and patterns continued to evolve and grow along with our natural migratory patterns, so did our technological advances. Crude implements gave way to more consistently designed and manufactured tools. Techniques and ideologies were developed to aid in ensuring bounty. While these aspects of humanity flourished (to its credit), so too did its challenges, in particular those dealing with morality, good, and evil in the eyes of the law as it existed at that time.

Evidence that this struggle existed long ago can be seen in the ancient Chaldean/Babylonian text, the Code of Hammurabi (ca. 1750 B.C.). This work, also known as the Codex Hammurabi, has some 282 laws, some with scaled degrees of severity, depending on a person's social station. Some examples of the Code of Hammurabi are given here:

• If anyone ensnares another, putting a ban upon him, but cannot prove it, then he that ensnared him shall be put to death.

• If anyone brings an accusation against a man and the accused goes to the river and leaps into it and sinks, then his accuser shall take possession of his house. However, if the river proves that the accused is not guilty, and he escapes unhurt, then he who had brought the accusation shall be put to death, while he who leaped into the river shall take possession of the house that had belonged to his accuser.

• If anyone brings an accusation of any crime before the elders and does not prove what he has charged, he shall, if a capital offense is charged, be put to death.

• If a builder builds a house for someone, and does not construct it properly, and the house that he built falls in and kills its owner, then the builder shall be put to death. (Another variant of this is that if the owner's son dies, then the builder's son shall be put to death.)

• If a son strikes his father, his hands shall be hewn off.

• If a man gives his child to a nurse and the child dies in her hands, but the nurse unbeknown to the father and mother nurses another child, then they shall convict her of having nursed another child without the knowledge of the father and mother and her breasts shall be cut off.

• If anyone steals the minor son of another, he shall be put to death.

• If a man takes a woman as his wife but has no intercourse with her, then this woman is no wife to him.

• If a man strikes a pregnant woman, thereby causing her to miscarry and die, then the assailant's daughter shall be put to death.

• If a man puts out the eye of an equal, his eye shall be put out.

• If a man knocks the teeth out of another man, his own teeth will be knocked out.

• If anyone strikes the body of a man higher in rank than he, he shall receive 60 blows with an ox-whip in public.

• If a freeborn man strikes the body of another freeborn man of equal rank, he shall pay one gold mina (an amount of money).

• If a slave strikes the body of a freed man, his ear shall be cut off.

• If anyone commits a robbery and is caught, he shall be put to death.

• If anyone opens his ditches to water his crop, but is careless, and the water floods his neighbor's field, he shall pay his neighbor corn for his loss.

• If a judge tries a case, reaches a decision, and presents his judgment in writing, and it is later discovered that his decision was in error, and that it was his own fault, then he shall pay 12 times the fine set by him in the case and be removed from the judge's bench.

• If during an unsuccessful operation a patient dies, the arm of the surgeon must be cut off.


Excerpted from CYBERCRIME AND ESPIONAGE by WILL GRAGIDO JOHN PIRC Copyright © 2011 by Elsevier, Inc.. Excerpted by permission of SYNGRESS. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

Read More Show Less

Table of Contents

Chapter 1. Introduction: Cybercrime and Espionage and the New Security 101 Chapter 2. Evolution Revolution: Maturity of Communications Systems and the Emergence of Advanced Web Technology Chapter 3. The Silent Killer: How Regulatory Compliance Has Worsened The State of Information Security Chapter 4. Mediating the Great Divorce: The Convergence of Physical and Logical SecurityNon-State Sponsored: Stealing Chapter 5: Information Is Our Business….and Business Is Good: Asymmetric Forms of Gathering Information Chapter 6: State Sponsored Intelligence Types Chapter 7: Cyber X: Criminal Syndicates, Nation states, Sub-National Entities and Beyond Chapter 8: Rise of the Subversive Multi-Vector Threat Chapter 9: Seven Commonalities of Subversive Multi-Vector Threats Chapter 10: Examples of Compromise and Presence of Subversive Multi-Vector Threats Chapter 11: Hiding in Plain Sight: Next Generation Techniques and Tools for Avoidance and Obfuscation Chapter 12: Weapons of Our Warfare: Next Generation Techniques and Tools for Detection, Identification and Analysis

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)