Skip to main content

Book Review: “Little Brother (2008)” by Cory Doctorow

Executive Summary: I enjoyed this book. The story is gripping and the tech is realistic. It is not a must-read for cyber security professionals, but it is an enjoyable one. At the very least, it provides some insight into the “anonymous” culture and introduces young folks to the ideas of the hacking culture. When it is hitting on all cylinders though, it makes the reader pause and consider what he is willing to give up in terms of personal rights in order to feel safer. Read this novel for insight into the history of computer security and the motivations behind Cyber Hactivism. The author also describes real techniques that hackers could use today. The story is intended for young adults but cyber security professionals will benefit (See this description of categories that I think will interest cyber security professions).

I admire what Mr. Doctorow is attempting with this novel. At some level, he is telling a modern-day story set in the 2000s with a hacker philosophy that came out of Silicon Valley in the late 1970s. For those unfamiliar, that philosophy is beautifully described in two other historically fascinating books: “Fire in the Valley (1984) [1]” and “Hackers (2010) [2].” Both books tell the story about the people that built the internet before it became “The Internet.” The main characters in “Little Brother” are teenagers living in San Francisco who are the next generation, but they have the same spirit. They are driven to learn how things work and are not afraid to hack “the system” to see what will happen. They are not criminals but they are also not afraid to subvert the rules they consider to be oppressive. When a 9/11-type event hits the city, chaos erupts. The US government swarms all over the Bill of Rights [5] in a well-intentioned effort to protect the citizenry. Our heroes quickly learn that everything the government does in the name of security should not automatically trump other issues that are just as valuable in our society like privacy and the assumption of innocence until proven guilty. They organize themselves, anonymous-like, to fight back as they learn a healthy distrust of the US government.

Doctorow is a bit over the top about what the US Government does in reaction to the second 9/11 event: a terrorist attack that blows up the Bay Bridge and collapses part of the BART tunnel killing over a thousand people. Security forces round up “suspicious” citizens and hold them at Alcatraz for questioning. Echoes of Guantanamo bounce but, in this story, government officials are holding US citizens. Law Enforcement organizations track local residents wherever they go through mandatory RFID (Radio Frequency Identification) devices [4] and they electronically monitor suspects without a warrant. But I understand why he does it. It is clear that Doctorow does not like the way the US Government has intruded into our everyday real lives with legislation like the Patriot Act [5]. I get the sense that he paints an extreme situation in this story for drama but also to outline how bad it could get if US citizens passively sit back and let Congress pass these types of laws designed to make us feel more secure at the expense of chipping away at the Bill of Rights. He uses this story to show how citizens can protest against these ideas when they otherwise would feel powerless.

He also plays with the idea of what a hero is. The story is told from the perspective of Marcus Yallow (aka w1n5ton, aka M1k3y). Security forces round up Yallow and some of his friends immediately after the Bay Bridge attack and question them at Alcatraz. In a world of action movies where the hero easily withstands horrendous torture and never gives up any information (James Bond in Casino Royale comes to mind [6]), Doctorow realistically depicts how quickly Yallow gives up the passwords to his laptop and phone when all hope is removed from his personal equation. Yallow later plays the more traditional hero role as he organizes the underground to fight back. But he does not do that alone. He organizes his “people” who feel powerless alone but together, can mount a force to be reckoned with.

As an aside, Doctorow wrote and published this book just before the Anonymous movement really took off as a protest organization [3]. His story is prescient and uncannily shows how a group of self-labeled, disenfranchised people -- that are kind of quirky and share a love of technology -- can organize themselves to make a difference in the world.

All of that is fine and well, but what is fun about this story is the tech. Bookstore clerks would classify “Little Brother” as a Young Adult novel and it is clear that Doctorow is trying to pass some of the hacking philosophy on to the younger generation. The United States Military Academy is using “Little Brother” as a course text to teach the hacking mindset to its cadets [7]. I can see why. Most of the techniques described by Doctorow to monitor people on the Internet, to hide from prying government eyes, or to hack the system can be done today.

In terms of monitoring, Doctorow describes recent biometric advances in gait recognition to identify individuals walking in public spaces [8] and what somebody might do to fool the system. He paints a frightening picture about how our society has let governments install practically invisible surveillance cameras everywhere and how our heroes use simple tricks to detect them [10][13]. He describes one scene where Yallow, by sheer luck, detects an installation of a hardware keystroke logger inside the keyboard of his laptop [9]. Finally, he shows how Yallow and his friends circumvent system administrator’s eavesdropping attempts on the student’s public-school-provided laptop [11].

As the story unfolds, Doctorow describes the paranoia that Yallow and friends experience as they organize themselves to protest. No matter what Communications Security (COMSEC) measures they take, nobody can quite shake the feeling that somebody is watching them. It does not stop them from trying though. They tunnel Internet connections through the DNS (Domain Name System) [12], they hide themselves from network surveillance by using TOR [14] and they encrypt their hard drives on their laptops and mobile phones [15][16].

For general purpose hacking, Doctorow makes tinkering with technology sound less scary to the average person and actually something that a young person could consider doing themselves. He describes how Yallow builds his own laptop [17], how anybody can thwart Radio Frequency Identification (RFID) Trackers [4] with homemade Faraday Pouches [18], that denying cell service on a target phone is possible [19] and that it is really easy to fake-out caller ID systems [20]. He gives a decent explanation of cryptology [21] and how spam filters use Bayesian Statistics to weed out the junk email [22].

I enjoyed this book. The story is gripping and the tech is realistic. It is not a must-read for cyber security professionals, but it is an enjoyable one. At the very least, it provides some insight into the “anonymous” culture and introduces young folks to the ideas of the hacking culture. When it is hitting on all cylinders though, it makes the reader pause and consider what he is willing to give up in terms of personal rights in order to feel safer.


Sources:

[1] “Fire in the Valley: The Makers of the Personal Computer,” Paul Friedberg and Michael Swain, ISBN13: 9780071358927, November 29, 2000 by McGraw-Hill
http://books.google.com/books/about/Fire_in_the_valley.html?id=3HZQAAAAMAAJ (Free Download)

[2] “Hackers,” by Stephen Levy, ISBN: 0-385-19195-2, 1984, Anchor Press / Doubleday
http://books.google.com/books?id=mShXzzKtpmEC&printsec=frontcover&dq=Hackers&hl=en&sa=X&ei=5h-uUL6EPYS29QTq-YHwBQ&ved=0CDYQ6AEwAA

[3] “How Anonymous Picks Targets, Launches Attacks, and Takes Powerful Organizations Down,” by Quinn Norton, July 2012, Wired 
http://www.wired.com/threatlevel/2012/07/ff_anonymous/all/

[4] “The RFID Hacking Underground ,” by Annalee Newitz, May 2006, Wired
http://www.wired.com/wired/archive/14.05/rfid.html

[5] “The Bill of Rights,” by Frederick Augustus Muhlenberg (Speaker of the House of Representatives), John Adams (Vice-President of the United States, and President of the Senate), John Beckley (Clerk of the House of Representatives), Sam. A. Otis (Secretary of the Senate), March 1789
http://usgovinfo.about.com/blfirstbor.htm

[5] “USA Patriot Act (H.R. 3162),” 107th Congress, October 2001, Electronic Privacy Information Center
http://epic.org/privacy/terrorism/hr3162.html

[6] “Casino Royale,” 2006, IMDb
http://www.imdb.com/title/tt0381061/

[7] “Embracing the Kobayashi Maru,” by Cynthia Irvine, 2011
http://www.rumint.org/gregconti/publications/201107_Kobayashi.pdf

[8] “Walk the Walk: Gait Recognition Technology Could Identify Humans at a Distance,” by Jane Sanders, Georgia Tech Research News, October 11 2011
http://gtresearchnews.gatech.edu/newsrelease/GAIT.htm

[9] “hardware keylogger / keyboard recorder,” sourceforce, 2003
http://sourceforge.net/projects/strokey/

[10] “World’s Smallest Digicam Is the Size of a Pin-head,” by Terrence O’Brien, July 2007,
http://www.switched.com/2007/07/31/worlds-smallest-digicam-is-the-size-of-a-pin-head/

[11] “School shows off its laptop surveillance tactics,” by Chris Matyszczyk, CNET, 26 Feb 2010
http://news.cnet.com/8301-17852_3-10460729-71.html

[12] “Black Ops of DNS,” by Dan Kaminsky, Blackhat, 2004
https://www.blackhat.com/html/bh-media-archives/bh-archives-2004.html#USA-2004

[13] “How to Detect a Hidden Camera at Work,” by Adam Cloe, eHow, Mar 2011
http://www.ehow.com/how_4797127_detect-hidden-camera-work.html

[14] “TOR: Anonymity Online,” Tor Project, Nov 2012
https://www.torproject.org/

[15] “How to Encrypt a Hard Drive,” by Nick Mediati, PCWorld, Jun 2011
http://www.pcworld.com/article/226785/encrypt_your_hard_drives.html

[16] “How to Encrypt Your Smartphone,” by Alex Wawro, PCWorld, Oct 2011
http://www.pcworld.com/article/242650/how_to_encrypt_your_smartphone.html

[17] “How to Build a Computer,” by Marshall Brain and Jonathan Strickland, howStuffWorks, last viewed: December 2012
http://electronics.howstuffworks.com/how-to-tech/build-a-computer.htm


[18] “Faraday Bags: Pouches with RFID-Blocking Mesh Liner,” BBC, by Joel Johnson, 16 March 2009 http://gadgets.boingboing.net/2009/03/16/faraday-bags-pouches.html 

[19] “DOS A Cell Phone Easily (Script Kiddies Rejoice),” You Look Like I Need A Drink, 20 February 2006 
http://chalkline.blogspot.com/2006/02/dos-cell-phone-easily-script-kiddies.html 


[20] “Disguise Your Caller ID,” SpoofCard 
http://www.spoofcard.com/ 

[21] “Introduction to Cryptology Basic Principles, by Himanshu Arora, 18 July 2012
http://www.thegeekstuff.com/2012/07/cryptography-basics/ 

[22] “What in the World is Bayesian Statistics,” by Corinne Hodgson, cshassociates, 15 Mar 2012 
http://www.cshassociates.com/what-in-the-world-is-bayesian-statistics

Comments

Popular posts from this blog

Books You Should Have Read By Now

When I started Terebrate back in January 2010, I always intended it to be a place to put my book reviews on whatever I was reading. Since then, a lot has happened in my professional life. I changed jobs, twice. I presented my collection of cybersecurity book reviews at the annual RSA Conference and suggested that the cybersecurity community ought to have a list of books that we all should have read by now. My current employer, Palo Alto Networks, liked the idea so much that they decided to sponsor it. We ended up creating the the Rock and Roll Hall of Fame  for cybersecurity books. We formed a committee of cybersecurity experts from journalists, CISOs, researchers and marketing people who were all passionate about reading. My collection became the the candidate list and for the past two years, the committee, with the help of community voting, has selected books from the candidate list to be inducted into something we are calling the Cybersecurity Canon. It has be

Book Review: The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage (1989) by Clifford Stoll

Executive Summary This book is a part of the cyber security canon. If you are a cyber security professional, you should have read this by now. Twenty years after it was published, it still has something of value to say on persistent cyber security problems like information sharing, privacy versus security, cyber espionage and the intelligence dilemma. Rereading it after 20 years, I was pleasantly surprised to learn how pertinent that story still is. If you are not a cyber security professional, you will still get a kick out of this book. It reads like a spy novel, and the main characters are quirky, smart, and delightful. Introduction The Cuckoo’s Egg is my first love. Clifford Stoll published it in 1989, and the first time I read it, I devoured it over a weekend when I should have been writing my grad school thesis. It was my introduction to the security community and the idea that somebody had to protect these new-fangled gadgets called computers. Back in those days, author

Book Review: Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Kevin Poulsen (2011)

Executive Summary Kingpin tells the story of the rise and fall of a hacker legend: Max Butler. Butler is most famous for his epic, hostile hacking takeover in August 2006 of four of the criminal underground’s prominent credit card forums. He is also tangentially associated with the TJX data breach of 2007. His downfall resulted from the famous FBI sting called Operation Firewall where agent Keith Mularski was able to infiltrate one of the four forums Butler had hacked: DarkMarket. But Butler’s transition from pure white-hat hacker into something gray—sometimes a white hat, sometimes a black hat—is a treatise on the cyber criminal world. The author of Kingpin , Kevin Poulsen, imbues the story with lush descriptions of how Butler hacked his way around the Internet and pulls the curtain back on how the cyber criminal world functions. In much the same way that Cuckoo's Egg reads like a spy novel, Kingpin reads like a crime novel. Cyber security professionals might know the