The Association of Former Intelligence Officers (AFIO) Notes featured the newest book written by Bob Wallace and Keith Melton, "Spy Sites of Washington, DC" as their book of the week.  The book is the third in a series of "Spy Sites" books and, like its predecessors "Spy Sites of New York" and "Spy Sites of Philadelphia", provides the most comprehensive view into the real "business" of espionage.  It's a must read! 

David E. Hoffman, author of The Billion Dollar Spy: A True Story of Cold War Epionage and Betrayal wrote:

"Wallace and Melton are expert chroniclers of the spy business.  Spy Sites of Washington, DC is admirably detailed and thoroughly enjoyable.  If you loved their book Spycraft on the intricate world of espionage tradecraft, you will find Spy Sites an essential guide to the intelligence landmarks of Washington."

For those who are unable to view the AFIO write-up, please take a look:


Spy Sites of Washington, DC: A Guide to the Capital Region's Secret History

by Robert Wallace and H. Keith Melton

(Georgetown University Press; Feb 2017)

The ideal late Christmas Gift to self and colleagues.

"Wallace and Melton are expert chroniclers of the spy business. Spy Sites of Washington, DC is admirably detailed and thoroughly enjoyable. If you loved their book Spycraft on the intricate world of espionage tradecraft, you will find Spy Sites an essential guide to the intelligence landmarks of Washington." -- David E. Hoffman, author of The Billion Dollar Spy: A True Story of Cold War Espionage and Betrayal (see Hoffman event Dec 11 in this WIN issue)  

"This delightfully informative book is a Who's Who of spy vs. spy skullduggery in the world's most powerful city. Spy experts Robert Wallace and H. Keith Melton take us on a mesmerizing tour of traitors and tradecraft revealing the wheres and whys of Washington's second-oldest profession. It's a must read for both the curious and serious researchers. Bravo!" -- Pete Earley, New York Bestselling author of Family of Spies: Inside the John Walker Spy Ring and Confessions of A Spy: The Real Story of Aldrich Ames

Washington, DC stands at the epicenter of world espionage. Mapping this history from the halls of government to tranquil suburban neighborhoods reveals scores of dead drops, covert meeting places, and secret facilities - a constellation of clandestine sites unknown to even the most avid history buffs. Until now.

Spy Sites of Washington, DC traces over two centuries of secret history from the Mt. Vernon study of spymaster George Washington to the Cleveland Park apartment of the "Queen of Cuba." With two hundred twenty main entries as well as listings for dozens more spy sites, intelligence historians Robert Wallace and H. Keith Melton weave incredible true stories of derring-do and double-crosses that put even the best spy fiction to shame. Maps and more than three hundred photos allow readers to follow in the winding footsteps of moles and sleuths, trace the covert operations that influenced wars hot and cold, and understand the tradecraft used by traitors and spies alike in the do-or-die chess games that changed the course of history.

Informing and entertaining, Spy Sites of Washington, DC is the comprehensive guidebook to the shadow history of our nation's capital.

The book may be pre-ordered here.


For kinetic weapons like tanks, production costs generally outweigh research and development. For cyber weapons, R&D is almost everything.

Max Smeets’ take on the cost of cyber weapons is a thoughtful piece about the economics of cyber warfare, and the article is a useful point of departure on this topic. However, a few additional points not discussed by Smeets are worth considering, and they all point in the direction of higher costs that his piece might predict.

Begin with the fact that the economics for cyber weapons usable in a military context are fundamentally different than for kinetic weapons. With the latter, military power is highly correlated with number—specifically, the number of identical units of a given weapon. One hundred tanks (with crews, logistics, etc.) provides more military power than one tank. That is, for kinetic weapons, military power accrues as the result of procurement processes.

Not so for cyber weapons. No one would argue that a nation has more cyber power in a military sense if it has 100 identical CD-ROMs with a software-based cyber weapon on it. For cyber weapons, military power accrues as the result of research and development (R&D) processes.

So what? In the weapons acquisition process, R&D costs are amortized over multiple copies of a weapon. The effectiveness of a cyber weapon is a very strong function of the target’s characteristics. For example, the smallest change in configuration of the target can under many circumstances completely negate the effectiveness of a cyber weapon against it. To successfully attack two cyber targets that are almost identical may require two very different cyber weapons employing two different approaches to achieving their destructive effects. The coupling between weapons effectiveness and target characteristics is much weaker for kinetic weapons.

The consequence is that as a general rule, a targetable cyber weapon has to be customized to its target(s) to a much greater degree, and thus any given cyber weapon is likely to be usable over a much smaller target set than for a kinetic weapon. Thus, the cost of a cyber weapon, which is almost entirely in R&D cannot be amortized over as many targets as would be the case for a kinetic weapon. This fact necessarily increases the cost-per-target destroyed.


WHEN THE BOTNET named Mirai first appeared in September, it announced its existence with dramatic flair. After flooding a prominent security journalist’s website with traffic from zombie Internet of Things devices, it managed to make much of the internet unavailable for millions of people by overwhelming Dyn, a company that provides a significant portion of the US internet’s backbone. Since then, the number attacks have only increased. What’s increasingly clear is that Mirai is a powerfully disruptive force. What’s increasingly not? How to stop it.

Mirai is a type of malware that automatically finds Internet of Things devices to infect and conscripts them into a botnet—a group of computing devices that can be centrally controlled. From there this IoT army can be used to mount distributed denial of service (DDoS) attacks in which a firehose of junk traffic floods a target’s servers with malicious traffic. In just the past few weeks, Mirai disrupted internet service for more than 900,000 Deutsche Telekom customers in Germany, and infected almost 2,400 TalkTalk routers in the UK. This week, researchers published evidence that 80 models of Sony cameras are vulnerable to a Mirai takeover.

These attacks have been enabled both by the massive army of modems and webcams under Mirai’s control, and the fact that a hacker known as “Anna-senpai” elected to open-source its code in September. While there’s nothing particularly novel about Mirai’s software, it has proven itself to be remarkably flexible and adaptable. As a result, hackers can develop different strains of Mirai that can take over new vulnerable IoT devices and increase the population (and compute power) Mirai botnets can draw on.

Internet of Bots
The rise of Internet of Things malware is reminiscent of the viruses, worms, and intense email spam that plagued early internet users. Most PCs weren’t adequately secured, and companies racing to join the dot-com bubble didn’t necessarily understand the importance of internet security. The same is true now, but with webcams and routers instead of desktops.

What’s distinctly different in this tech generation, though, is how users interact with infected devices. An infected PC often malfunctions, slows down, or notifies users (either through operating system security alerts or through the malware itself in the case of something like ransomware). All of this encourages people to act. It’s standard practice to install some sort of security software on enterprise PCs, and anti-virus measures are popular at home as well.




With the holidays approaching, the focus will be on lucrative online shopping, email ransomware, phishing for credentials, and infection by holiday-lurking malware.

 Knowing what cybercriminals are targeting today is easy. Their attacks are loud, impactful, and have the elegance of a herd of bulls crashing through a glassware shop. The tougher challenge is figuring out where they will take aim tomorrow. Knowing where cyberthreats will attack in the future gives the necessary insights to be one step ahead of their mayhem. 

The Short Term

With the holidays approaching, the focus will be on lucrative online shopping, email ransomware, phishing for credentials, and infection by holiday-lurking malware. It is also a time for dark markets to thrive, selling unmentionables to those looking for illegal items for holiday celebrations. 

We must all expect malware-ridden holiday sale emails and websites. Be on the lookout for fake shipping invoices or urgent messages from merchants. Shady ecommerce sites advertising insane deals as bait will look to harvest credit card accounts, emails, and maybe convince you to install some “helpful” software. Phishing will increase a notch, and look for a new wave of ransomware to hold family pictures, personal files, and entire systems for extortion. Identity theft will add to the rise of new credit card applications to do some unauthorized shopping. In the next couple of months, all these financially motivated threats will increase, so now is the time to be on your guard.

Businesses Beware

Businesses must worry about the increased amount of ecommerce fraud, ransomware that extorts money to unlock important files, and the ever present risk of data breaches. Healthcare, retail, and financial sectors will be targeted the most, but all businesses are in