Book review: Fancy Bear Goes Phishing by Scott Shapiro – a tour de force of hacking and the information age
“It’s Russia! It’s Russia!”, my friend insisted as our connection to the BBC flickered during Finland’s performance in this year’s Eurovision final. I was quick to back them up, Finland had just joined Nato, after all, and the BBC had warned the risk of a cyberattack was their main worry in the lead up to the competition. “Maybe too many people are on the wifi,” someone else, lacking imagination, suggested.
They were correct: Eurovision resumed, the UK finished second to last, and order was restored.
It is this kind of agitation Scott Shapiro aims to combat in his new book Fancy Bear Goes Phishing, which examines the history of hacking and cyberattacks in the brave new world we now inhabit.
Told in five hacks, which range from Russian interference in the 2016 US election to the teenage boy who hacked Paris Hilton’s phone, Shapiro by no means underplays the legitimate dangers and threats that cyberattacks and hackers present, but he is also keen to emphasise that panic is unproductive.
Often, Shapiro shows, powerful cyber attacks assumed to be the work of malicious nationstates turn out to be little more than the activities of teenage boys, looking for fame, friends, or just a way to pass the time. Whether or not this represents a comfort is open to debate, but what Shapiro makes clear is that sensationalism will not get us any closer to tackling the problem.
Indeed, one of our most prevalent vulnerabilities to cyberattacks is ignorance, and this is what Fancy Bear Goes Phishing sets out to amend.
A professor of law and philosophy at Yale Law School, Shapiro also leads Yale’s Cybersecurity Lab, where he teaches students how to hack. An impressive range in expertise, and one that leaves Shapiro in
a unique position to skillfully guide the reader through the history of hacking, with all the tech nitty gritty included.
Shapiro distinguishes between “downcode”, technical computer code, and “upcode”, the social, cultural, legal and moral codes which govern how we use computers. One of the overarching takeaways is that downcode is only ever as good as its upcode. In short, computer software is only as smart as the humans who make and use it, and humans can be pretty dumb.
One of the key factors that enabled the hacking of the 2016 Democratic election campaign, Shapiro writes, was not a technical fault nor a sophisticated attack, it was a typo. When emailing Hilary Clinton’s campaign chair John Podesta to alert him to a suspicious email he had received asking him to change his password, an IT employee wrote “this is a legitimate email”, leaving out the crucial “not”. The moral of the story is clear: cybersecurity is a human problem.
As such, Fancy Bear Goes Phishing is a fundamentally human tale. Shapiro gives an insightful discussion into the psychology of hacking, but also dips into the semantics, arguing that the language of ‘viruses’, ‘worms’ and ‘infection’ has perpetuated our fear rather than improved our understanding of computers. Indeed, a flair for the dramatics proves an unlikely must for many high-profile hackers, with the Dark Avenger and Guccifer (a portmanteau of Gucci and Lucifer) among the characters featured.
Shapiro devotes significant attention to the legitimate threats behind many of these – ‘Fancy Bear’ is the hacking unit of the Russian state, for instance – but he also shows how in the majority of cases hacking is not a branch of the dark arts. Sensationalising the dangers of hacking not only obscures the matter further, but it can also lead us to ignore or villainise the humans that lie behind these hacks, who are often more bored than they are malicious.
These teenage boys can do substantial damage, make no mistake – destroying important pieces of work, stealing data, leaking intimate photos – but Shapiro shows that a disconnection between the physical and cyber worlds is often at the root of these crimes. When faced with the reality of their crimes in court, hackers are usually remorseful, with many admitting they had never considered their real-life implications.
Equally, in tackling cybercrime we mustn’t lean into its science-fictionalised depiction, but root ourselves in reality, which Shapiro shows is often mundane. Computers are not invincible, hackers are human, and the UK’s just not that good at Eurovision.
Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks by Scott Shapiro, published by Allen Lane 23 May 2023.