Operation Desolation


Paul Baccas

Sophos, UK
Editor: Helen Martin


Paul Baccas reviews a short story by Windows systems internals expert and Microsoft Technical Fellow, Mark Russinovich: Operation Desolation.

Title: Operation Desolation: The Case of the Anonymous Bank Defacement

Author: Mark Russinovich

Publisher: Thomas Dunne Books

ASIN: B0080K37P2

This short story is set in Las Vegas at ‘CyberCon’, a conference hosted by a fictional security training and consulting company and sponsored by a major US Department of Defense contractor. We see the return of the hero of Russinovich's first novel, Zero Day, the cyber maven Jeff Aiken, with passing appearances from Daryl Haugen. In the story, Daryl has left her job at the National Security Agency and joined Jeff in a professional and personal partnership. The events take place in the two-year period between Zero Day and the author's latest novel, Trojan Horse.

The story attempts to tackle a number of newsworthy issues: the banking crisis, hacktivism and the Anonymous group. The issues are covered in rather broad brush strokes – and if we believe that the author has followed the tip ‘write about what you know’, one might conclude that he had been burned in the banking crisis.

A nice touch is that there is a teaser in this story for Trojan Horse, in that there is mention of the Android vulnerability that is crucial to its plot.

Operation Desolation is another dynamic and engaging story from Russinovich – once started, it is hard to put down.



Latest articles:

VB2019 paper: APT cases exploiting vulnerabilities in region‑specific software

Some APT attacks are carried out by exploiting vulnerabilities in region-specific software. Government agencies frequently use such localized software, and this tends to be the target of attackers. In Japan, there have been many cases where attacks…

Detection of vulnerabilities in web applications by validating parameter integrity and data flow graphs

Web application vulnerabilities are an important entry vector for threat actors. In this paper researchers Abhishek Singh and Ramesh Mani detail algorithms that can be used to detect SQL injection in stored procedures, persistent cross-site scripting…

VB2019 paper: Cyber espionage in the Middle East: Unravelling OSX.WindTail

It’s no secret that many nation states possess offensive macOS cyber capabilities, though such capabilities are rarely publicly uncovered. However, when such tools are detected, they provide unparalleled insight into the operations and techniques…

VB2019 paper: 2,000 reactions to a malware attack – accidental study

This paper presents an analysis of 1,976 unsolicited answers received from the targets of a malicious email campaign, who were mostly unaware that they were not contacting the real sender of the malicious messages. Many of the victims were unaware…

VB2019 paper: Why companies need to focus on a problem they don't know they have

There is a type of crime, breach of company policy, misuse of company assets and security threat that is often overlooked: as one in 500 employees use their work computer to handle child sexual abuse material. This crime and misuse of company assets…

Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.