Shapiro is a professor of law and philosophy at Yale Law School, and he also leads Yale’s Cybersecurity Lab, which does research into security and information technology. He previously co-authored the 2017 book The Internationalists, a history of the laws of war that looks ahead to whether the same rules will govern cyber conflicts.
As City AM’s reviewer writes, this is “an impressive range in expertise, and one that leaves Shapiro in a unique position to skillfully guide the reader through the history of hacking, with all the tech nitty gritty included.”
Shapiro concludes that the cybersecurity problem can’t be solved, only managed by considering human behavior. “Cybersecurity is not a primarily technological problem that requires a primarily engineering solution,” he writes, as quoted by Ars Technica. “It is a human problem that requires an understanding of human behavior.” His go-to adage in the text: “Hacking is about humans.”
As The Economist and The Guardian explain, the book walks through five major hacks:
- The Internet’s first worm, known as the Morris worm, created in 1988 in an experiment gone wrong by a Cornell University student
- The Dark Avenger, a pseudonymous Bulgarian virus writer who wiped out computer data in the 1990s
- The 2005 hack of celebrity Paris Hilton’s mobile phone data, which exposed nude photographs
- The 2016 hack of Hillary Clinton’s presidential campaign, which led to the damaging release of emails
- The 2016 “Mirai botnet,” in which three young men amassed an army of computers that could be used to take down websites
Shapiro distinguishes between what he calls “downcode,” the actual software used in cyberattacks, and “upcode,” the human cognition and norms that allow the attacks to occur.
The Guardian identifies four takeaways from Shapiro’s book. First, as he writes, “Hacking is not a dark art, and those who practice it are not 400lb wizards or idiot savants.” Second, hacking is a business, perpetrated by rational actors who want money. Third, to reduce the threat of cyberattacks, governments will have to criminalize the failure to safeguard information. And fourth, as the newspaper puts it: “Mass media plays a really malignant role by providing an endless loop of scare stories and zero understanding of the problem.”