Title: Stealing the Network: The Complete Series Collector's Edition
Authors: Johnny Long, Ryan Russell, Timothy Mullen (among many others not acknowledged on the cover)
Publisher: Syngress Publishing
Release Date: May 18th, 2009
ISBN: 978-1597492997

I have just finished a marathon session of reading “Stealing the Network: The Complete Series Collector’s Edition” and I have a very conditional review of it:  It’s a must-have if you don’t already own the previous editions of these guilty pleasures.  If you are already a fan, however, prepare to be let-down by the compilation.

The stories of the Stealing the Network series entertain in the same way that “war stories” from fellow hackers and security professionals often keeps a more intimate audience’s interest: by mixing intriguing situations with juicy technical detail that can serve as a useful take-away.  No one will accuse these books of containing fine literature, but that’s not really the point.  The stories are well written enough to keep you wanting to know what will happen next, while the technical information is as accurate as you’re likely to see in fiction.  Segments involving hacking are written and illustrated with enough attention to detail and length to serve as introductory educational tutorials for the topics (including web application hacking, reverse engineering, and wireless security).  Most of these scenarios are believable as parts of larger-scale operations.

The first book of the series consists of independent short-stories based around characters of the authors’ creation.  The other three books in the compilation tell an over-arching story of a larger “operation”, which involves many characters and their independent stories.  The second book, “How to Own a Continent”, is probably my favorite, along with the first (“How to Own a Box”), for keeping things simple, technical, and focusing on the individual stories.  The third book, “How to Own an Identity” suffers from having worse editing then the rest of the series, and may lose some readers’ interest.  The fourth book (“How to Own a Shadow”) reads a lot better, and wraps the overall story up well, however it focuses only on a relative handful of the series’ characters.

As a compilation, this Collector’s Edition leaves much to be desired.  While the original description for this edition described the books contained within as being “author-annotated”, this is not the case.  The individual books are reproduced exactly as they were in their original editions, with no additional commentary from the authors, and with all the same problems as the originals.  For example, screenshots in the first chapter of the first book are the same illegible black squares that were in the original edition of the book published 7 years ago.  The annotations along with other features described in the original description (emails, photographs) that would provide a lot of interesting background material, would have made this compilation a must-buy.

The extra content that you are receiving is a brief new forward by Jeff Moss, and a “Final Chapter” by Ryan Russell.  The new chapter is about 20 pages long, and gives the story-line a proper ending.  I won’t ruin anything about it, but I will say that I enjoyed it.  Syngress has promised in the description of the book to make this content available separately in electronic form in six months.

The included DVD is described on the back-cover copy as being “full” of behind-the-scenes stories.  In reality, you will only find 20 minutes of interviews with a few of the authors.  I enjoyed these interviews, however, much like the print companion, I felt like more should have been done.  Also beware that there are problems with the audio on the DVD.  When played on my MacBook, there was noticeable crackling/popping in the audio of the DVD.  The same noise was present, but less noticeable when played through a stand-alone DVD player through a television.

To summarize, I like the books, and find them as entertaining as I did when they were originally published, and I like the new hardcover binding.  I do think that it is unfortunate that the “Stealing the Network: The Complete Series Collector’s Edition” does not meet its potential to be more than the sum of its parts.  There seems to have been intent at some point to add value to the set, but it wound up simply being a rough concatenation of the individual books.

If you haven’t read these books, then I very much recommend picking up this set.  It’s 1,000 pages of interesting stories and technical material.  If you already have the previous editions of the Stealing the Network Series, however, you might find it hard to justify paying for them again.


Lately, I’ve really enjoyed having The Consumerist in my RSS reader.  There’s always a lot of great stories about companies screwing over people, people getting in contact with the right people to straighten things out, and nice tips and tricks for when it happens to you.  It’s one of my favorite non-security-related blogs in my reader, however today it had a post that’s definitely of-interest for my security blog followers:

Take a look at that thing!  Very cool.  Has it’s own memory and a usb port to dump the data it records.  It would have been very tempting to keep it and reverse engineer it if I had found it :-) .  This sort of thing is definitely something the bank and police (not to mention bank customers!) need to know about, though.


I guest-lectured the computer security class here today, and with it being the day Conficker.C starts looking for a payload, I figured it would be an excellent opportunity to deviate from the normal lesson plan.  With the well-written Honeynet Project and SRI papers out there that describe the technical details of Conficker.C, it’s a great time to expose the students to malware analysis.  There’s some really interesting and clever things that this worm/botnet does, and discussion of it filled an hour’s lecture nicely.

As I promised to the class and to several people on Twitter, I’ve made the slides available here:

…although I fear it won’t be as useful without having been there.  It’s more visual aid and points for discussion than a standalone set of slides you can just read.  Either way, enjoy!

One thing I’d like to talk about in addition to this: the speculation about what Conficker.C will actually do.  The pendulum has been swinging between two extremes of media speculation (“will destroy the internet”-like garbage) and equally ridiculous complete dismissal (“nothing has happened and nothing will”).  Many security professionals, including those that are blogging and posting to twitter, are swinging a little bit too far to the latter I think.  It seems just as dangerous to completely dismiss it as it is to give it too much hype.

Here’s a few things one needs to keep in mind when speculating about Conficker.C and its effects:

  • April 1st isn’t the only important day.  It attempts to find a payload every midnight (local time).  April 1st is just the first day that it does this–it’s not necessarily the day the operator/originator will register domain(s) and deploy a payload.  He/she/they can do this, at their leisure, from now until enough of the infected machines are fixed or go offline to make it not worth it (some time).
  • There’s no reason for the operator to walk away from it.  There’s tons of computers infected, and a really solidly-written means of getting potential payloads spread around.  A lot has been invested in this, and there’s some significant power and revenue to be claimed by whoever can sign a payload for it.
  • Chances are, it’s not going to be loud.  There’s no money in melting the Internet or indiscriminately destroying Windows installations.  This isn’t the Slammer worm choking large parts of the internet with UDP packets spreading itself.  Nowadays folks want to make money with malware, and that means routing spam, harvesting information, and things like that.  The longer an infected computer acts normally, the longer the malware can stay there, run, and generate revenue

So there you have it.  It’s not likely to destroy the Internet, but I would also be very surprised if we don’t see a payload distributed (widely) through it at some point.

© 2012 McGrew Security Suffusion theme by Sayontan Sinha