In Spies Among Us, Ira Winkler uses examples from his work as an undercover security analyst for the National Security Agency to expose the world of the modern-day spy. He also reveals many fraudulent activities and technologies that spies use to access personal and commercial data.
In part one, Winkler shows how easy it is to get private information. He quickly dismisses the fictional versions of spies like Sydney Bristow of Alias or James Bond. The spies among us do not wait to be uncovered by their enemy; they don't fight and kick their way through doors to get information; nor do they need to speak foreign languages, change their identity, or break a code. More often they get what they need by simpler routes, like sifting through garbage or hacking into computers. According to Winkler, it is surprisingly easy to get a fraudulent social security number and credit card.
Part two focuses on case examples involving crimes against individuals and businesses. One begins to see the value in the wide variety of security measures that are available. For instance, in a case he calls "The Black Bag Operation," Winkler and a crew infiltrated a company's computer network control center, which was left unattended due to construction in the building. Not only did they find a bunch of exposed cable wires (which could have easily been cut), but they also saw that all the computers had been left unattended with usernames and passwords taped to their monitors.
In part three, Winkler offers ideas on how to tighten security in your business and in your life. To take precautions against hackers, phishers, spammers, and the like, he suggests a checklist he's dubbed "Ira's Four Golden Rules":
- install anti-virus software and update it regularly
- install a personal firewall system to your machine
- install anti-spyware software and update it routinely
- back your computer up regularly
These rules are common sense "technical countermeasures." Winkler ends by saying, "The trick is to keep security in perspective. Use defense in depth that ignores the hype and is based on the conscious acceptance of potential loss. This way, you and your organization can keep your information reasonably secure for a reasonable cost."—Sara Grant