Cyber Canon Book Review: “Crimedotcom: From Viruses to Vote Rigging, How Hacking Went Global” (2020) by Geoff White


Book written by Geoff White

Book review by Helen Patton


Bottom Line

Good Niche Book. I don't recommend this nonfiction book for the Cybersecurity Canon Hall of Fame, but if you are interested in the topic, this is a good one to read.


I wanted to find a book that would help me better understand the crime elements of cybersecurity – what they were, why they existed, what kinds of risks they posed.  I’m happy that I stumbled upon “CrimeDotCom” by Geoff White – it answers most of my questions and gives a great reference for anyone looking into these general topics.  His book is a nice summary of the last 20 years of cybercrime, the impact of those crimes on our society, and the motivations behind the criminals.  While I don’t recommend this as a hall of fame candidate, I do recommend it for those interested in learning more about the history of cybercrime.

One of the first things I appreciate about this book is that Geoff White is a British journalist, and his viewpoints and articles are not US-centric.  He gives a variety of examples of cybercrime from around the globe.  His stories start in the Philippines, move through Bangladesh, Britain, Russia, the United States, and back again.

The second thing I appreciate about this book is that he writes in a story-telling style.  His topics are not a dry technical analysis of techniques and tactics, but a nuanced evaluation of cyber crime and the people within the industry.   He interviews the hackers and their victims and discusses the personal and societal causes and impact of cybercrimes. The book is well researched, and his accounting of various types of cybercrime is substantive (considering each topic could be a book on its own).

The third thing I appreciated about his book is that his research has led him deep into the history of each topic, and so there are many references to iconic figures in cybersecurity history woven throughout his stories.  From Cult of the Dead Cow to MalwareTech, from Silk Road to Snowden – there are a lot of stories that he touches on, and it gives the reader a roadmap for future discovery.

The book ranges in topics from professional criminals to nation state agents, from the 2000’s to the current day.  In each story, he gives the background of the type of crime, what prompted the creation of the hacking method, and what the personal circumstances of the hackers were at the time.  He shares a piece of the law enforcement methods in place at the time of the attack (or not), and how the hacker managed to evade detection and arrest.  He also examines the aftermath of an attack – what happened to the hackers, their victims, the changes to laws post-event, and the impact to companies and governments.

The only omission that stops me from recommending this book for the Cybersecurity Canon Hall of Fame is that White does not spend any time discussing how the security professionals within the governments or victim organizations prepared for or responded to an attack.  The level of the writing is like a Sunday paper expose, and less like an in-depth security analysis of attack methodologies and defense methods.  This means that the book makes a great historical reference, and provides general awareness for the reader, but does not reach the standard of being a required resource for security professionals.  Other books that go deep into these topics will provide that level of information, and should be considered as alternative reading resources.

Overall, “CrimeDotCom” is an engrossing read, with a great coverage of the major cybercrime events of the last couple of decades.  It is a nice read for anyone wanting to get a bird’s eye view of the kinds of activities the security community has been wrestling with, and helps a reader understand the cybercrime landscape.  For security professionals, the book may not be detailed enough in the techniques and protocols of security organizations, and so for this reason I think it is a great Niche book, but not a Cybersecurity Canon Hall of Fame Candidate.

This is the format guide for writing book reviews for the Cybersecurity Canon Project. It contains the names of key elements to include in your review, the format for those key elements, and examples of what a typical entry would look like. Use this format. Write your book review in a text document, a Microsoft Word Document, or a Google Docs document and send it to Helen Patton:

You will hear from a Canon Committee member within five business days that they received the review.


More Books

Hackable: How to Do Application Security Right
Exponential Organizations