Skip to main content

Book Review: “Inside Cyber Warfare: Mapping the Cyber Underworld (2009, 2010)” by Jeffrey Carr

Executive Summary:

I recommend this book for Cyber Security historians and cyber warfare lawyers. It is a bit disorganized and much broader then the title implies. I valued the sections on the importance open source cyber intelligence, the legal issues involved to conduct Cyber Warfare operations and the detailed discussion around Russia’s attacks on Estonia, Georgia and Kyrgyzstan. The details around North Korea’s attacks on South Korea and the US are also very good. But, if you are looking to understand the idea of Cyber War more thoroughly, this is not the book.


This is a third Cyber Warfare book that I have read since starting the blog back in December of last year (2012). Like I said in my review of Clarke’s book [1], a gaggle of books have hit the market that discuss the issue of cyber warfare in the last four years. Here are just a few:

  • Apr 2009: Cyberpower and National Security (National Defense University) by Franklin D. Kramer, Stuart H. Starr and Larry Wentz
  • Nov, 2009: Cyberdeterrence and Cyberwar by Martin C. Libicki
  • Jan, 2010: Inside Cyber Warfare: Mapping the Cyber Underworld by Jeffrey Carr
  • Apr, 2010: Cyber War: The Next Threat to National Security and What to Do About It by Richard A. Clarke and Robert Knake
  • Jul, 2010: Surviving Cyberwar by Richard Stiennon
  • Jun, 2011: Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners by Jason Andress and Steve Winterfeld
  • Sep, 2011: America the Vulnerable: Inside the New Threat Matrix of Digital Espionage, Crime, and Warfare by Joel Brenner

I have read three (Clarke’s [1], Winterfeld’s [2], and now Carr’s). Carr’s is by far the weakest of the lot that I have read. Don’t get me wrong, there is some good stuff in here, but in my mind, the book has two major faults that I see. First, it feels like it was written by committee. Carr’s name is on the title but he has adroitly pulled in some deep thinkers to write some of the chapters for him.
  • LT Cdr Matt Sklerov; a Military Lawyer who wrote his Master’s thesis on Cyber Warfare law (Chapters 4 and 13) [3][21].
  • Project Grey Goose Investigators; Open Source Intelligence investigation on the Russia – Georgia Cyber Wars (Chapter 5) [4][22].
  • Ned Moran; a Shadow Server alumnus and Georgetown Adjunct professor (Chapter 12) [5].
  • Alexander Klimburg – an Austrian Institute for International Affairs Fellow (Chapter13) [6].
  • Catherine Lotrionte, Visiting Law Professor at Georgetown University (Chapter 18) [7].
This is not a bad approach, but these kinds of books are a hodgepodge of writing styles and ideas. I have been involved in a lot of these writing projects in my own career – some successes but many spectacular failures - and in order for it to work, the primary editor has to work hard to tell a coherent story. In my opinion, Carr falls short in that goal.

Second, the Book title is misleading. It says it is about Cyber War but Carr covers way more than the Cyber Warfare topic. In the preface, Carr says that, 
“International acts of cyber conflict (commonly but inaccurately referred to as cyber warfare) are intricately enmeshed with cyber crime, cyber security, cyber terrorism and cyber espionage.” 
I fundamentally disagree with this notion. Hactivism is not warfare. Crime is not warfare. Espionage is not warfare. Terrorism is not warfare. These are all very different things and require nuanced and apportioned thinking to deal with them.

Carr points out that it is likely that a couple of governments have coopted some of their local hackers involved in cyber crime and cyber hactivism to participate in Cyber Warfare (Russia) and Cyber Espionage (China) activities. He also observes that the tools used by these actors in all four activities are similar in nature. But then he implies that because both of those things are likely to be true, then that ties all four motivations (cyber crime, cyber security, cyber terrorism and cyber espionage) into a tangled Gordian knot. I do not think this is true. Cyber Crime is enmeshed with Cyber War in the same way that other kinds of violent crime are enmeshed with regular war because both activities use guns. It is just not that entangled. Or if it is, Carr does not make the case for it.

This all goes to the notion of defining the problem space. What exactly is Cyber War? The security community has been debating this topic for over a decade and nobody can agree. The three books I have read so far on the subject have wide ranging definitions. In the Winterfeld / Andress book, the authors review many of the published definitions but throw their hands up in frustration and refuse to define it themselves. Carr defines it as this:
“Cyber Warfare is the art and science of fighting without fighting; of defeating an opponent without spilling their blood”

I do not like this one. This implies that anybody can conduct war: hactivists, commercial entities, non-state actors. Those guys can do damage for sure, but what they are doing is not warfare. I think Carr’s definition is too broad.

In Clarke’s book, he says it is this:
“[T]he term “cyber war” … refers to actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.”

I think this is pretty close for two reasons. First, Clark insists that nation states pursue cyber war activities and nobody else. This is important when countries deal with the legal authorities they need to conduct such operations. I am pretty sure that the Cyber Criminals, Hactivists and Terrorists of the world are not running their plans through their legal department before they execute them. But a nation state must if it wants to interact on the global stage. In David Sanger’s book “Confront and Conceal: Obama’s Secret Wars and Surprising Use of Military Power” published last summer [8], Sanger describes President Bush’s decision to move Operation Olympic Games (STUXNET) away from military channels and into the intelligence channels. President Bush made that decision because he did not have the authority to use military forces against a nation that the US was not officially at war with. But, he did have the authority through the intelligence arm in the same way he has the authority to conduct drone strikes in foreign lands and to assassinate Osama Bin Laden in Pakistan.

Second, Clark says that Cyber War activities must cause some sort of physical damage. I think that is dead-on because it separates propaganda activities (web defacements), espionage activities (document exfiltration) and criminal activities (credit card number theft) out of the warfare category. The only weakness in Clarke’s definition is that it says nothing about why a nation state would want to do such a thing. I would tweak it a bit to say this:
Cyber Warfare involves one or more nation states using cyber weapons to destroy each other’s national treasure to achieve some political purpose.

There must be some political goal in mind for any cyber activities that rise to the level of warfare. As Carl von Clausewitz said in his book, ”On War:”
“[…] war is simply the continuation of policy by other means [9].”

Thus it is true for cyber war also. But as Winterfeld and Andress would likely point out, there are probably many issues with my definition too. I do think that Carr’s definition is too broad and because of this, his book is much broader than the topic of Cyber Warfare. There are things that I did like though and the book is worth the read for them. As long as the reader understands where Carr is coming from, there are things to learn here.

He makes a good case for the power of Open Source Cyber Intelligence; a subject that is near and dear to my heart (I was the iDefense Intelligence Director for many years and later the GM. Open Source Intelligence is what we did [10]). Carr has a nice overview of Russia’s Cyber Warfare Capabilities. Sklerov’s chapter on the legalities of warfare and cyber warfare are probably worth the price of admission alone although you can just download his thesis and read it or yourself [3]. His discussion of the two key legal principals of war
“Jus ad bellum: governs the transition from peace to war”
“Jus in bello: governs the use of force during war”

and how they might apply in cyber space is fascinating.

Carr recaps Estonia [11][12][13] and Georgia [13], the examples that many experts roll out when they are looking to describe cyber warfare. He also includes the North Korea DDOS attacks against South Korea and the US as a potential example [14].

With Carr’s book (and the other two I have read these past few months), I am starting to collect a pretty good timeline of Cyber Warfare milestones:

Open Source Cyber Warfare milestones:

  • (1999): “Unrestricted Warfare” Book by Chinese military leaders that crystalizes China’s thoughts on asymmetric warfare [15].
  • (2003): US Compromises Iraq Email System prior to launch of 2d Iraq War [1].
  • (2007): Industrial strength generator destroyed by Malcode in a Lab; US contractor proves cyber destruction is possible [16].
  • (2007): DDOS attack against Estonia; attribution: likely Russian government [11][12][13] .
  • (2007): US-Israeli DOS attack against Syrian Air Defense Systems [17][18].
  • (2008): DDOS attack against Georgia; attribution: likely Russian government [13].
  • (2009): DDOS attack against US-South Korea; attribution: likely North Korean government [14].
  • (2009): DDOS attack against Kyrgyzstan; attribution: likely Russian government [19]
  • (2010): Sabotage attack (Stuxnet) against Iran; attribution: likely US-Israeli governments [8][20].

When you look at that list, what jumps out at me is that the US, Russia and Israel are all over it. China normally gets all of the headlines because of that country’s Cyber Espionage activities and Carr highlights those in the book too. But there is a good reason he spends so much time on Russia’s capabilities in this book. Russia has been active in the Cyber Warfare space since 2007.


In short, Carr’s book is worth the read although it is a bit disorganized and much broader then the title implies. I valued the sections on the importance open source cyber intelligence, the legal issues involved to conduct Cyber Warfare operations and the detailed discussion around Russia’s attacks on Estonia, Georgia and Kyrgyzstan. The details around North Korea’s attacks on South Korea and US are also very good. It is a must-read for Cyber Security historians and I would recommend it to cyber security lawyers for Sklerov’s legal chapters. But, if you are looking to understand the idea of Cyber War more thoroughly, this is not the book.


Inside Cyber Warfare: Mapping the Cyber Underworld is a Cybersecurity Canon Candidate. Please visit the official page sponsored by Palo Alto Networks to read all the books from the Canon project.


[1] “Book Review: “Cyber Warfare: The Next Threat to National Security and What to Do about It (2010)” by Richard Clarke and Robert Knake,” By Rick Howard, Terebrate, 21 January 2013, Last Visited 16 March 2013

[2] “Book Review: “Cyber Warfare: Techniques, Tactics and Tools for the Security Practitioners" (2011)” by Jason Andress and Steve Winterfeld,” By Rick Howard, Terebrate, 26 January 2013, Last Visited 24 March 2013

[3] “SOLVING THE DILEMMA OF STATE RESPONSES TO CYBERATTACKS: A JUSTIFICATION FOR THE USE OF ACTIVE DEFENSES AGAINST STATES WHO NEGLECT THEIR DUTY TO PREVENT,” By Lieutenant Matthew J. Sklerov, The Judge Advocate General's School, United States Army, April 2009, Last Visited 23 March 2013

[4] “Project Grey Goose Phase II Report: The Evolving State of Cyber Warfare.” By greylogic, Project Grey Goose, 20 March 2009, Last Visited 23 March 2013

[5] “Ned Moran.” @moranned, Twitter, Last Visited 23 March 2013

[6] “Cyberpower and National Cyber Security in International Relations,” By Alexander Klimburg, Watson Institute, March 20 2013, Last Visited 23 March 2013

[7] “Catherine B Lotrionte,” Georgetown University, Last Visited 23 March 2013

[8] “Confront and Conceal: Obama’s Secret Wars and Surprising Use of Military Power,” by David Sanger, Crown Publishing, June 5 2012.

[9] “On War,” by Carl Von Clausewitz, Edited and Translated by Michael Howard and Peter Paret, Princeton University Press, 1976.

[10] “iDefense Security Intelligence Services,” Verisign, Last Visited 23 March 2013

[11] “Cyberwar Timeline,” By Mark Clayton, The Christian Science Monitor, 7 March 2011, Last Visited 19 January 2013

[12] “Massive DDoS attacks target Estonia; Russia accused,” By Nate Anderson, Ars Technica, May 2007, Last Visited 16 March 2013

[13] “Establishing a Cyber Warfare Doctrine,” By Adrew Colarik and Lech Janczewski, Journal of Strategic Security, Volume 5, Issue 1, pg 31-48, 2012, Last Visited 19 January 2013

[14] “North Korea launched cyber attacks, says south,” By Associated Press, theGuardian, 11 July 2009

[15] “Unrestricted Warfare,” By Qiao Liang and Wang Xiangsui, published 22 August 2002 by Pan American Publishing Company

[16] “Staged Cyber Attack Reveals Vulnerability in Power Grid,” By CNN, YouTube, September 2007, Last Visited 16 March 2013

[17] “Israeli sky-hack switched off Syrian radars countrywide Backdoors penetrated without violence.” By Lewis Page, The Register, 22 November 2007

[18] “Israeli sky-hack switched off Syrian radars countrywide Backdoors penetrated without violence.” By Lewis Page, The Register, 22 November 2007

[19] “DDoS attack boots Kyrgyzstan from net: Russian bears blamed,” By Dan Gooden, The Register, January 2009, Last Visited 23 March 2013

[20] “A Declaration of Cyber-War” by Michael Gross, Vanity Fair, April 2011, Last visited 20 January

[21] “Video: Lt.Cmdr. Matthew Sklerov.” By Lewis Page, Joint Hometown News Service, 7 November 2011, Last Visited 23 March 2013

[22] “Ex-CIA tracker now targeting poachers with Project Grey Goose.” By Ken Dilanian, The Los Angeles Times, 16 May 2012, Last Visited 23 March 2013


Popular posts from this blog

Books You Should Have Read By Now

When I started Terebrate back in January 2010, I always intended it to be a place to put my book reviews on whatever I was reading. Since then, a lot has happened in my professional life. I changed jobs, twice. I presented my collection of cybersecurity book reviews at the annual RSA Conference and suggested that the cybersecurity community ought to have a list of books that we all should have read by now. My current employer, Palo Alto Networks, liked the idea so much that they decided to sponsor it. We ended up creating the the Rock and Roll Hall of Fame for cybersecurity books. We formed a committee of cybersecurity experts from journalists, CISOs, researchers and marketing people who were all passionate about reading. My collection became the the candidate list and for the past two years, the committee, with the help of community voting, has selected books from the candidate list to be inducted into something we are calling the Cybersecurity Canon. It has been very exciting.

This i…

Book Review: Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Kevin Poulsen (2011)

Executive Summary
Kingpin tells the story of the rise and fall of a hacker legend: Max Butler. Butler is most famous for his epic, hostile hacking takeover in August 2006 of four of the criminal underground’s prominent credit card forums. He is also tangentially associated with the TJX data breach of 2007. His downfall resulted from the famous FBI sting called Operation Firewall where agent Keith Mularski was able to infiltrate one of the four forums Butler had hacked: DarkMarket. But Butler’s transition from pure white-hat hacker into something gray—sometimes a white hat, sometimes a black hat—is a treatise on the cyber criminal world. The author of Kingpin, Kevin Poulsen, imbues the story with lush descriptions of how Butler hacked his way around the Internet and pulls the curtain back on how the cyber criminal world functions. In much the same way that Cuckoo's Egg reads like a spy novel, Kingpin reads like a crime novel. Cyber security professionals might know the highlights of…

Book Review: “We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous and the Global Cyber Insurgency (2012)” by Parmy Olson

Executive Summary: 

This book is a must read for all cyber security professionals. It does not cover the entire Anonymous movement, but by focusing on the evolution of the Anonymous Franchise and the rise and fall of the LulzSec hacking group, Ms. Olson captures the essence of the hacktivist culture and what motivates its supporters. If you seek to understand the Hacktivist movement, this book is a primer.


The Anonymous Franchise really hit its stride between the years of 2010 and 2011. Hacktivism began earlier than that of course (1994 was the first documented case that I could find [12]), but it did not strike fear into the hearts of CEOs, CSOs and government officials until that two year run. It was the perfect storm of technology, disenfranchised youngish people, “Internet Pranks as an Art Form,” empowerment and the hacking culture that came together into a gigantic hairball of activity and energy that caused governments from around the world to double-clutch on some of th…