Saturday, January 11, 2014

Book Review: The Blue Nowhere by Jeffery Deaver (2001)

Executive Summary 

The Blue Nowhere is a cyber thriller set in the time of the Internet bubble of the 1990s. Jeffery Deaver is an accomplished novelist who knows how to tell a story, and he does a great job with a cyber theme. A hacker turned serial-killer chooses to kill his victims based on computer history milestones. As the body count rises, the cops recruit a different hacker from jail to help them investigate the murders. What results is a hacker-on-hacker blitzkrieg where hackers try to one-up each other in a series of social engineering and hacking operations. Deaver gets the technical details right describing real-world and fictional tools that each hacker uses to best the other. He even manages to accurately depict the relationship between the hacking and gaming cultures that was prominent during the decade. Security professionals will not learn anything new here, but they will fondly remember the way things were back in the day. The Blue Nowhere is a good candidate for the cyber security canon, and I highly recommend it. 

Introduction 

Jeffery Deaver is best known in literary circles as a crime novelist. If you are not familiar with him, you might recognize his name from the mostly forgettable movie that Hollywood made out of his book The Bone Collector, which stared Denzel Washington and Angelina Jolie in 1999. He is not normally associated with technical thrillers, but he turned his writing skills in this book to a manhunt-type story where the serial killer in question is also a world-class hacker. The Blue Nowhere is a cyber thriller written by an accomplished novelist about the hacking culture. It is interesting to compare this to other more recent cyber thrillers written by cyber experts who are writing their first novels, such as Richard A. Clarke’s Breakpoint (2007)[1] and Mark Russinovich’s Zero Day (2011)[2] and Trojan Horse (2012).[3] Compared to Clarke and Russinovich, Deaver knows how to flesh out his characters. The Blue Nowhere feels more like real people in a cyber story as opposed to a cyber premise populated with cookie-cutter characters like those in Breakpoint, Zero Day, and Trojan Horse

The Story 

When the cops realize they have a serial-killer-hacker on the loose, they break another hacker out of jail temporarily to be their subject-matter expert. What results is a hacker-on-hacker escalation where hackers try to one-up each other in a series of social engineering and hacking operations. 

As was the custom in the 1980s, self-proclaimed hackers gave themselves nicknames. The nickname of the serial-killer-hacker is “phate,” intentionally spelled with a “ph” instead of an “F.” Members of the “cracker” subculture that emerged in this decade were mostly teenagers determined to play and share games and other programs they did not pay for. “Cracking” the software so that others members could use it gave the group their name. Members merged skateboard jargon and hacker jargon into a unique lexicon called “leet-speak” where letter substitutions were common on bulletin board communication systems: “ph” for “f”, “z” for “s”, “e” for “3”, etc. [4] On the good-guy side, the recruited hacker is Wyatt Gillette (a.k.a. ValleyMan and renegade334). 

Two sub-plots that make the story rich is a decent love story between Wyatt and his estranged wife and a feel-good father-son mentorship side-story between the lead detective and Wyatt. But the primary manhunt story line is good and Deaver gets the computing and hacking-culture details right. 

The Tech 

He does a good job of aligning the hacking culture with the gaming culture of the time. During the 80s and 90s, many of the same people who were involved in the hacking community were also involved in the gaming community. That relationship is not as common these days, but back then, there was a lot of overlap. You could usually count on the fact that if a hacker had any skill at all, he or she also spent some significant time crawling through multi-user dungeons (MUDs), which are text-based adventure games that are the precursor to the World of Warcraft-styled games of today.[5] It turns out that phate and Wyatt both logged significant hours in their MUD of choice called “Access.” In this game, the main point was to sneak up on your opponents and get close enough to assassinate them, to get access to them. phate decided that he needed to play Access in the real world and set off on a killing spree.

The story is set in the late 90s in and around the Silicon Valley, and Deaver does a good job setting just the right tone for the hacker and computer industry culture during that Internet bubble period (1997–2000).[6] He even takes the time to provide little historic tidbits regarding the evolution of computing. phate plans his killing to coincide with significant milestones in computing history: 

  • February 1946: Electronic Numerical Integrator and Computer (ENIAC): The University of Pennsylvania announces the first electronic general-purpose computer to the world. [7] 
  • June 1951; UNIVersal Automatic Computer I (UNIVAC I): The US Census Bureau officially put into service the first commercial computer. [8] 
  • August 1981: The IBM Personal Computer (IBM PC): IBM announces the first affordable home computer for the masses. [9] 
phate and Wyatt use a mix of real hacker and forensics tools—like Norton Commander, [10] SATAN (Security Administrator Tool for Analyzing Networks), [11] restore(8), [12] and HyperTrace [13]—and fake tools that sound genuine—like Vi-Scan 5.0, the FBI Forensic Detection Package, and the DOD Partition and File Allocation Analyzer—to do battle with each other. Back when I used to be technical, I routinely ran Norton Commander on my disk operating system (DOS) computers and SATAN on my UNIX networks. For a non-techie, Deaver does a great job of explaining what a computer BIOS is, how hackers and crackers of all sorts had thick calluses on their fingertips because of how much time they spent in front of their computers, and how hackers stash their tools of the trade all over the Internet so that they can quickly grab them from any location in the world. However, his coup de gr√Ęce was his explanation of TrapDoor. 

TrapDoor is a fictionalized tool that phate develops to track his victims and enemies. phate essentially creates a man-in-the-middle attack by compromising many of the major Internet Service Provider (ISP) border-gateway-protocol (BGP) routers (like Sprint, AT&T, Qwest, and others).[14] These are the routers that form the Internet’s backbone by connecting ISPs. Once phate discovers the IP address of the victim’s computer, he instructs his botnet of BGP routers to watch for traffic to and from that address. If the botnet sees traffic from that IP address, the botnet redirects that traffic to phate’s own servers for collection and then returns the traffic to the normal packet stream. The victim notices nothing because phate is not on the victim’s computer. That would be a nice trick if a hacker figured out how to do it. In his endnotes, Deaver explains that TrapDoor is not a real tool and that he does not know if any hacker has subsequently built it, nor does he name anybody who might have given him the idea for it. However, it seems unlikely that a crime novelist could develop that attack blueprint without talking to somebody who is at least thinking about how it might be done. 

Conclusion 

The Blue Nowhere is a really good cyber thriller that gets the technical details right. I put this square on the shelf with other novels about hackers that do not exaggerate the craft. It also has the added benefit of being written by an accomplished novelist who knows a thing or two about plot, character development, and pace. It describes a time that we have mostly forgotten about these days: a time of modems, DOS, bulletin board systems, and the Internet bubble. For the cyber security history buffs in the crowd, Deaver provides a nice window into the hacking culture of the time. It is a good candidate for the cyber security canon, and I highly recommend it. 

Note 

I worked for iDefense (a VeriSign Inc. business unit) the first time that I wrote about The Blue Nowhere. Jason Greenwood, the current general manager and an old friend of mine, has graciously allowed me to reuse some of the original content from that essay for this updated blog post. iDefense is still one of the best commercial cyber security intelligence outfits out there. If you have cyber intelligence needs, you should consider calling those guys. 

Sources: 

[1] "Book Review: ‘Breakpoint (2017)’ by Richard Clarke," by Rick Howard, Terebrate, 1 January 2013, last visited 5 January 2014, 

[2] "Book Review: ‘Zero Day (2011)’ by Mark Russinovich," by Rick Howard, Terebrate, 17 February 2013, last visited 5 January 2014, 

[3] "Book Review: ‘Trojan Horse (2012)’ by Mark Russinovich," by Rick Howard, Terebrate, 28 February 2013, last visited 5 January 2014, 

[4] "Chapter 9: Crackers, Phreaks, and Lamers," by Eric Raymond, The Jargon File (version 4.4.7), last visited 5 January 2014, 

[5] “A Brief (and very Incomplete) History of MUDs,” in alt.mud, by Bill Wisner, 29 September 1990, Last Visited 11 January 2014, 

[6] “Income Distribution and the Information Technology Bubble,” by James K. Galbraith and Travis Hale, LBJ School of Public Affairs, the University of Texas at Austin, working paper 27, 14 January 2004, last visited 4 January 2014, 

[7] “The ENIAC Story,” by Martin H. Weik, Ordnance Ballistic Research Laboratories, Aberdeen Proving Ground, MD, 1961, last visited 4 January 2014, 

[8] "50th anniversary of the UNIVAC I," by CNN, CNN.COM/SCI-TECH, 14 June 2001, last visited 5 January 2014, 

[9] “Philip Donald Estridge,” The History of Computing Project, 9 April 2005, last visited 5 January 2014, 

[10] “The History and Development of Norton Commander,” by Dr Nikolai Bezroukov, The Orthodox File Manager (OFM) Paradigm, Softpanorama, 7 July 2013, last visited 5 January 2014, 

[11] “SATAN (Security Administrator Tool for Analyzing Networks),” Dan Farmer, USENET posting, 8 March 1995] last visited 4 January 2014, 

[12] “RESTORE (8),” NetBSD System Manager’s Manual, 30 April 2007, last visited 4 January 2014, 

[13]: “Hypertrace version 2.01,” AnalogX, 2009, last visited 4 January 2014, 

[14] “Major Internet Backbone MAPs,” by Russ Haynal, Information Navigators, last visited 4 January 2014, 

References 

"abbreviated hacker language," Urban Dictionary, 25 October 2006, last visited 5 January 2014, 

"Hacker vs. cracker," by Chad Perrin, IT Security, TechRepublic, April 17, 2009, Last Visited 11 January 2014, 
http://www.techrepublic.com/blog/it-security/hacker-vs-cracker/ 

"Phishing: A Hacker’s Favorite Sport," by EzFim, EzFimBlog.com, 16 September 2013, last visited 5 January 2014, 


No comments:

Post a Comment