The following text is an extract from the volume “It WAS NOT a book for hackers”, by Stefano Fratepietro. The volume is the first in the new Maggioli Editore series; the Cyber editorial series, directed by Gerardo Costabile, presents itself as a point of reference for all those who wish to delve deeper into issues related to cybersecurity, artificial intelligence, cyber threat intelligence, investigations and technological fraud.
1. The true cost of a cyber attack
We had met the protagonists of the misadventure I am about to talk about thanks to one of our channel business partners and we had started working together a few years ago, doing small things for them, from some penetration tests – whose vulnerabilities we will never know if they were resolved over time, because they never bought the recheck – to cyber security system activities of various types, including a selective and non-exhaustive collection of system logs of some parts of the company. At the head of the IT structure there was a person we will call Alberto, a great technician who was born working within that reality and grew up with it. Alberto knew every single centimeter of his data center, managing it with the diligence of a good family man, using all the tools that the company made available to him without complaining too much. Alberto’s peculiarity is that he was not in all respects the IT manager, because there was a structure similar to a shadow government, a subspecies of alternative Board of Directors which, in some cases, had more powers than the CEO himself. In this group of leaders of the shadow government there was a Subject (with a capital S) who we will call Omar, (…)
Problems arise when the purchasing office begins to have delusions of omnipotence, thinking that it is able to manage all issues at 360 degrees, including Information Technology and cyber security, without having adequate support for understanding the complex topics. Technological selection and strategic choices absolutely cannot go through these channels, because they do not have the expertise and never will. The risk is that, in the event that a service needs to be purchased, for example a penetration test, for the purchasing office the only factor that determines the choice is the price, therefore they find themselves choosing a service sold at 10,000 euros compared to another offered at 20,000 euros without asking the question: “What is the real difference between the two?”. They treat the topic as if they had to buy a kilo of lemons. They are always lemons, so I buy the one that costs the least and I did my duty today too. Hence the concept of “lemon market”, conditions of information asymmetry in the market, in particular when the seller enjoys a greater quantity and quality of information on the good offered to the buyer, but the buyer has not the faintest idea. . In many cases, those who sell cyber find themselves having discussions with people of this type on a daily basis. If then, as in the case of Omar, they think they also know about technology and have such skills as to be able to also carry out the strategic selection upstream, then the company is in a lot of trouble, and in fact…
It’s a “very normal” pandemic weekend, yet in the middle of winter the temperatures are nothing short of spring-like, it hasn’t rained for months but everything is in vain because we are literally covered in restrictions and it’s better to stay at home to avoid infections. As in the best weeks of cyber attacks – which, I remember, always start on the weekend -, the phone call arrived requesting urgent help. The company was completely at a standstill. All the servers were blocked, the data was encrypted and the attackers had already sent a file containing all the instructions to be contacted to “discuss” their situation and how much money to pay to be able to restart.
2. Source volume of the extract
The book was written with the aim of telling true events and compelling stories where cybersecurity and digital investigations are told using simple and informative language. Stefano, in each story, tells a piece of himself and his many years of experience in the sector.
Cyber attacks, overseas investigations and sophisticated viruses will accompany the reader in a series of gripping adventures whose protagonists sometimes seem to have come out of television series and blockbuster films.
It WAS NOT a book for hackers
Between false myths and inflated stories about cybercrime, everything and its opposite is told, distorting the perception of the reality of the phenomenon. The book was written with the aim of telling real events and compelling stories where computer security and digital investigations are told using simple and informative language. In each story, Stefano tells a piece of himself and his many years of experience in the sector. Cyber attacks, overseas investigations and sophisticated viruses will accompany the reader in a series of exciting adventures whose protagonists sometimes seem to have come out of television series and champion films. incassi.Stefano Fratepietro Defined as a “good hacker”, cited by “La Repubblica” among the 50 people in Italian cybersecurity to follow, he is known internationally as the father and founder of the DEFT Linux project, one of the most used computer investigation systems in the world . Entrepreneur, contract professor for the University of Bologna and for the CINEAS Consortium of the Polytechnic of Milan, he has participated as a technical consultant in cases of national and international fame such as the “Volkswagen Dieselgate” case and Telecom Italia – Sismi. He is a cybersecurity consultant for television and radio companies such as “Report”, “Le Iene”, “Omnibus La7” and “Radio Rai”.
Stefano Fratepietro | Maggioli Editore 2024
Do you want to receive constant updates?
Save this page in your Reserved Area of Diritto.it and you will receive notifications for all publications on the subject.
Furthermore, with our Newsletters you will receive all the regulatory and jurisprudential news on a weekly basis!
Subscribe!
