This book was one of the first hacker books I read – and it still stands as the best. Following the discovery, tracing and eventually unmasking of a highly sophisticated computer espionage ring, this story is thrilling, and best of all: true. The book is still surprisingly relevant, and many of the method Clifford Stoll use to track down the hackers would still be viable today. The story starts with a simple calculation error in University of Berkeleys computer systems, and ends in a manhunt that lasted over a year, and during that time Clifford interfaced with a dozen or more three-letter agencies (CIA, FBI, NSA, CID and more). This book is one of the reasons that I wanted to work with informations security, and I’m looking forward to the day that someone can write a similarly enthralling tale of a post-2000 security incident (hello all wannabe writers, here’s a hint: Stuxnet).
While this book is a brief to get through at a mere 160 pages, it contains an important message that I couldn’t agree with more: To open up the information security profession. Adam Shostack and Andrew Stewart challenges many of the dogmas that the industry is based on, and also offer concrete advice on how to avoid falling in the same trap as everyone else. The pages in this book are jammed with insight and deeply troubling answers on why the security profession largely has failed to accomplish protection for the Internet’s users.
OK, this is not a hacker book at all. It’s certainly not technological, and it’s primarily meant for a non-scientific crown; economists (*shudder*). But it’s largely relevant for anyone that works within security as it about the consequence of the highly unlikely but high impact events, aka “Black Swans”. Most risk analysis concentrate on the risks that are treatable, but there’s always some risks that are so improbable (even though the impact may be catastrophic) that no risk treatment is needed. Nicolas Taleb argues that the failure to acknowledge these black swans are not only irrational, but that it also can lead to some of the greatest catastrophes because of their high impact. A must-read for not only hackers, but for everyone that doesn’t want to be wiped out by an “unforeseeable” event.
Forget The DaVinci Code: This brick of a book is an essential read if you like riddles, codes and mysteries. Who doesn’t? But be warned, the book is big and you deserve a medal if you are able to read it from start to finish. But the motivation should be clear: Every good hacker should know his/her cryptology, and this book is the de facto non-technical reference, providing the history of codes and cryptography from ancient times to the age of the computer. The history of breaking codes are told in a surprisingly understandable and fascinating way. You’ll be surprised of the impact codes and code-breaking has played in the history of men, from Egyptian hieroglyphs to the Enigma machines to the facilitation of secure Internet services. To be able to understand cryptography will enable you to understand much of the fabric that we take for granted today and appreciate all the work that has been to applied to secure your everyday card+pin transactions.
I had to throw in a work of fiction here as well, hackers need to relax sometimes too. The Stieg Larsson books are not only well written, but also not totally unbelievable in terms of the hacking stunts that are pulled off. Well, it’s fiction of course, but the methods the main character Lisbeth Salander (aka “Wasp”) uses are very realistic and resemble the methods a real hacker would have used to get even on his/her adversaries. And she uses a MacBook Pro, got to love that.
Have I forgotten something? Do you disagree? Do you have any additions? Use your voice in the comments below.