Cyberspies: The Secret History of Surveillance, Hacking, and Digital Espionage
By: Gordon Corera

Quick-take: History of computers through cybersecurity.

Dan's Review

The computer revolution was built on top of spying. That is the case put forth by Gordon Corera, and I must say, he makes a compelling case, and his research is thorough. As a professional working in the cybersecurity industry, I felt like knowing the history of my field would be useful. Fortunately, the book itself was quite interesting.

He starts us off in the first World War with the establishment of state-sponsored spy and codebreaking groups. Then comes the rise of the Enigma machine in Germany and later Tunny. Breaking these coded messages generated by this machine is quite tedious. Therefore, a programmable-adjustable machine was built to help with the computations. This machine was called Colossus. Thus, the first electronic computer was born. Its task was codebreaking and spying.

What follows is a cybersecurity arms race between Germany, USA, UK, and Soviet Union. One side's encryption gets better. The other side needs substantially more computational power to be able to break the encryption and continue spying. It even went so far as to ignore some advantages to make the other side think they weren’t compromised. Otherwise, they will change their encryption scheme and spying is back to zero.

A tidbit I did not know is that during the WWII spy race, the Soviets were never cracked. This is because they used one-time-pad encryption. Mathematically, if used correctly, this scheme is considered to be perfect, unbreakable encryption. The trade-off is that using it is extremely laborious. Only during mistakes in methodology and clever social engineering gave insights.

With the spy agencies firmly established, the post-war computer boom was set — with everything being woefully insecure. Good encryption was fully owned and governed by the NSA — this was a fact I actually did know about. They intentionally suppressed bit strength, what could be exported, and what companies were allowed to use it. The chief one was IBM. Apparently, IBM owned around 2/3 of the mainframe market, even with the UK government mandating favorability to their own computer industry. IBM was just too strong.

Time to fast-forward a bit. Something I knew but never actually read the history of… the current state of computer network and security techniques I use everyday was established in the 70s and 80s. A breakthrough idea that completely revolutionized security is the idea of public/private key encryption developed by Whitfield Diffie and Martin Hellman. With this technique, anybody may now send an encrypted message that only the receiver knows how to decrypt. As a bonus, authentication can be checked too. Apparently, Diffie had a bit of anti-government counter-culture idealism. It is the reason the masses were given the technique despite the NSA trying to get it first.

Fast forward some more… the very first computer virus/worm was the Morris Worm in 1988. Many of us know about it. A piece of trivia I did not know: Robert Morris was the son of a high-ranking official at the NSA (also named Robert Morris). Robert Morris became the first convicted felon for the Computer Fraud Act. He still managed to have a very successful computer science career.

Stuxnet was also an interesting virus. I only vaguely knew about it. What made this story fascinating was just how extremely complicated it was. Its goal was to subtly sabatoge Iranian uranium enrichment. It tried to damage the process just enough for failure but not enough to cause detection. Creating a virus that targeted and that level narrow... wow. Nothing is fully known, but the fallout seems to be that it "somewhat worked". It did cause damage, but probably not as much as desired. It was also supremely expensive.

Later the book spent an eternity talking about China. I will summarize this very labored section:

  • China is constnatly stealing data from us. Everything they can touch. They have a small army constantly at it.
  • One of the beneficiaries of stolen data is probably the telecom giant Huawei.
  • Huawei has since moved beyond copycatting and is pushing their own legit products.
  • The British government bought a lot of Huawei gear for their infastrucure.
  • Huawei probably does not have any nefarious backdoors. It'd be extremely difficult to hide and would tank their marketshare if found.

The final chapters of the book covered how cyber as a new military frontier, to be thought of as an equal to Land, Sea, Air. There is now "Cyber" thrown in. I found this part exhausting. You are trying to make the case that cyber is important, that is well and good, but way out in chapter 13 is not helpful. I'd think the reader is already in agreement.

Score: 4/5. Overall, this was an interesting book. It just needed better editing. The middle could use a hatchet and the rest a scapel. At least a third of the pages could have been left on the floor and the book would be a lot more enjoyable.

More Books

Check out another review.