ISACA Journal
Volume 4, 2,015 

Book Reviews 

The Lure: The True Story of How the Department of Justice Brought Down Two of the World’s Most Dangerous Cyber Criminals 

Steve Schroeder | Reviewed by A. Krista Kivisild, CISA, CA, CPA 

On a day in late November 1999, the system administrator for an Internet cafe in Seattle, Washington, USA, was about to perform some housekeeping, when he received a message that popped up in his command-line interface from someone who inquired about the system’s security and asked him to Internet Relay Chat (IRC) on the subject. What followed over the next three years was an investigation to identify who was responsible for sending this message; determine what other businesses they targeted; and, eventually, lure those responsible onto American soil to obtain enough evidence of the crimes committed, ultimately resulting in a trial, conviction and eventual sentencing. The Lure: The True Story of How the Department of Justice Brought Down Two of the World’s Most Dangerous Cyber Criminals is the story of these events and the case that would become a sensation among IT professionals and law enforcement agents, as told by the lead prosecutor in the trial.

What makes this book a compelling read is the detail and breadth of knowledge the author used to paint a picture for the reader about what led to the initial event and the world’s approach to security and computer crime in the US at the time these crimes occurred. The story reads like a prosecutor presenting the case to a jury. The readers get the complete story of the different hacking activities conducted at various companies, actual testimony from witnesses during the trial and evidence from the government’s exhibits supporting the case. Along this entertaining journey, the reader is educated on the history of computer crime and prosecuting such crimes in the US. While many people may know some aspects of this event and subsequent trial, Schroeder is able to provide a more complete picture of the attacks, which could be particularly beneficial to today’s generation of young professionals who have always lived in the world of the Internet.

The reader is led through the discovery of how many companies were hacked, the involvement of the hackers, who was really in charge of these hacks and the details of the crimes committed. Readers also learn the reality of trying complex cases in a court, and this book provides much of the information jurors for this case would have seen. This book allows readers to see the complete investigation process, which is especially useful for those involved in only a portion of an investigation, such as security/audit, governance and controls, or compliance.

Interestingly, the method of operation of the hackers really was not much different than approaches used today—a random phishing expedition targeting those companies whose weaknesses were found and exploited. The only difference is that one could argue today this type of activity can be carried out with a much wider net and using different tools, such as social media, to identify potential targets.

The Lure is an interesting jaunt through computer crime and hacking history in the US. This book entertains as well as educates the reader. If the US is not the reader’s area of practical focus, the book may be of slightly less interest. However, it still offers a highly entertaining, informative and captivating read.

Editor’s Note

The Lure: The True Story of How the Department of Justice Brought Down Two of the World’s Most Dangerous Cyber Criminals is available from the ISACA Bookstore. For information, visit, email or telephone +1.847.660.5650.

Reviewed by A. Krista Kivisild, CISA, CA, CPA, who has had a diverse career in audit while working in government, private companies and public organizations. Kivisild has experience in IT audit, governance, compliance/regulatory auditing, value-for-money auditing and operational auditing. She has served as a volunteer instructor, training not-for-profit boards on board governance concepts; has worked with the Alberta (Canada) Government Board Development Program; and has served as the membership director and CISA director for the ISACA Winnipeg (Manitoba, Canada) Chapter.


Add Comments

Recent Comments

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and from opinions endorsed by authors’ employers or the editors of the Journal. The ISACA Journal does not attest to the originality of authors’ content.