Select Page

{ < /cyberjutsu > } //

“Readers will greatly benefit from the wealth of tips and strategies Ben lays out. This is a timely contribution: cybersecurity is becoming one of the main pillars of our economy.

Ben McCarty, with his decade-long threat intelligence experience, is exceptionally well positioned to share the practical tips of how to think like a ninja and a hacker in order to protect both your information and the digital economy at large.”

– Malek Ben Salem, PhD Security R&D Lead Accenture

(From the Foreword)

{ < /what-is > } //

Like Sun Tzu’s Art of War for Modern Business, this book uses ancient ninja scrolls as the foundation for teaching readers about cyber-warfare, espionage and security.

Cyberjutsu is a revolutionary approach to information security based on authentic, formerly classified Ninja scrolls. It synthesizes today’s infosec field with the tactics and techniques used by ancient Japanese ninjas – history’s original Advanced Persistent Threat (APT). Written by Ben McCarty, a former NSA developer and the U.S. Army’s first cyber warfare specialist, this essential handbook for cyber defenders draws fascinating parallels between the stealth warriors of feudal Japan and modern cybersecurity concepts, analyzing how real ninjas practiced information assurance, infiltration, and espionage requiring covert access to heavily fortified organizations.

Aimed at infosec experts and non-technical readers alike, the book teaches over a dozen ancient approaches to modern security problems. You’ll see why mapping your network like an adversary can be used to your advantage; you’ll discover the effectiveness of social-engineering techniques used by ninjas to slip into castles; and you’ll engage in “castle” thought exercises that will teach you to think like a true cyber ninja.

What is "Advanced Persistent Threat"?

Cybersecurity is relatively young and still highly reactionary. Industry professionals often spend their days defusing imminent threats or forecasting future attacks based on what just happened. I wrote this book because I believe we have much to learn by taking a long view offered in these scrolls of information security’s first advanced persistent threat (APT).

{ < /free-chapter > } //

Chapter 13: Worm Agent

Make a minomushi, or worm agent (aka insider threat), out of an enemy.

A minomushi is someone who serves the enemy but is made a ninja working for your side. Thus the agent is exactly like a worm in the enemy’s stomach, which eats its belly from the inside out. —Bansenshūkai, Yo-nin I

Never short on evocative imagery, Bansenshūkai describes an open-disguise infiltration technique called “the art of a worm in your stomach” (or “worm agent”), which calls for shinobi to recruit enemy insiders to perform tasks on their behalf. Such recruitment took high emotional intelligence.

< /what-you’ll-learn >

In this book, you’ll learn:

 

  • How ninja-based security concepts map to the NIST 800-53 Framework

  • Anti-attribution tactics used by ninjas to protect their employer and punish the enemy

  • Secret infiltration techniques with flexible applications, like Shinobi

  • Overcoming identification challenges, double-sealed passwords, getting past “the guardhouse,” and other modernizations of ancient tactics

  • How to place network sensors and install backdoors like a ninja

  • Ninja command-and-control techniques

By trade, cyber defenders look toward problems of the future, but Cyberjutsu posits we have much to learn from brilliant warriors of the past.

< /the-official-bio >

Ben McCarty is an American author, veteran, inventor and cybersecurity professional.

He is a former cyber capability developer with the National Security Agency (NSA) and served as a cyber warfare specialist in the U.S. Army. He has multiple security certifications, patents and years of experience working in the security industry.

< /note >

To write this book, I read thousands of translated Japanese scrolls which were only declassified after WWII. As I read, it became clear that the instructions and secret techniques meant for ninjas were essentially on-the-ground training in information assurance, security, infiltration, espionage, and destructive attacks that relied on covert access to heavily fortified organizations—many of the same concepts I dealt with every day of my career in cybersecurity. These 400-year-old manuals were filled with insights about defensive and offensive security for which I could not find equivalents in modern information assurance practices. And because they were field guides that laid bare the tactics, techniques, and procedures (TTPs) of secret warfare, they were truly unique. In our business, nation-state cyber espionage units and other malicious actors do not hold webinars or publish playbooks that describe their TTPs. Thus, these ninja scrolls are singular and invaluable.

Cyberjutsu aims to turn the tactics, techniques, strategies, and mentalities of ancient ninjas into a practical cybersecurity field guide. Cybersecurity is relatively young and still highly reactionary. Industry professionals often spend their days defusing imminent threats or forecasting future attacks based on what just happened. I wrote this book because I believe we have much to learn by taking a long view offered in these scrolls of information security’s first advanced persistent threat (APT). The information warfare TTPs practiced by ancient ninjas were perfected over hundreds of years. The TTPs worked in their time—and they could be the key to leapfrogging today’s cybersecurity prevailing models, best practices, and concepts to implement more mature and time-tested ideas.

– Ben

A Note from the Author

Why I wrote Cyberjutsu: Cybersecurity for the Modern Ninja

“Ben’s main message is simple: think like a ninja. But what about this message justifies writing an entire book? For the full and thorough answer, you just have to read it. But I can tell you that, at a high level, the answer lies in the tactics and techniques that ninjas use to wage warfare.”

– Malek Ben Salem, PhD Security R&D Lead Accenture