Skip to main content

Book Review: The Girl with the Dragon Tattoo (2005) by Stieg Larsson


Executive Summary

You have heard of this book from watching one or both of the movies that have sprung from it, but do yourself a favor: take the time to read through this one. It is a fantastic story involving a complex mystery and engaging real-world characters. The overarching theme though is the spotlight that the author, Stieg Larsson, places on Swedish culture’s egregious acceptance of violence against women. Lisbeth Salander is the tattooed girl referred to in the book’s title. She is an orphan, a ward of the state, a hacker with a photographic memory who works for a private investigation firm, and a young woman who refuses to be a victim. She is an amazing character, a real woman with strengths and flaws but who can be held up to us all as an example to admire and to aspire to in regard to her drive, intelligence, and agency. It is written well, despite being translated into English from Swedish, and because the hacking described within is not exaggerated and could actually work, it is worthy of consideration for the cyber security canon. You should have read this by now.

Introduction

When I read The Girl with the Dragon Tattoo the first time a few years ago, I got the idea that there must be a lot of books published involving hackers and how they hack. I started to seek them out to see if any of them were any good. What I discovered was that you could categorize these hacker books into two broad categories. In one category, the author does not really understand hacking at all and does not even attempt to describe how anything is done. I call this the Harry Potter School of Hacking; the hackers do a lot of hand-waving and say a lot of magic words like “Sending spike now!” or “Breaking encryption, this will just take a couple of seconds,” but you never really see how they accomplish those tasks. A good example of this kind of hacker storytelling is The Zenith Angle by Bruce Sterling.[1] I loved the story, but Harry Potter might as well have been the main character because the hacking accomplished is magically done. In the other category, the author has spent some time trying to understand hacking culture and to describe exactly how the hacker did what he or she did. A good example of this kind of storytelling is The Blue Nowhere by Jeffery Deaver.[2] Deaver gets the technical details right by describing real-world and fictional tools that the two main hackers use against each other. The Girl with the Dragon Tattoo falls into this latter bucket. It is fantastic story, and Larsson gets the technical details right.

The Story

The Girl with the Dragon Tattoo is a ripping-good detective story set in the vicinity of Stockholm, Sweden, during a time when the only way to connect to the Internet from your home was with inexpensive modem lines or expensive ADSL lines. Once an English reader like me gets past the strange-sounding Swedish names, like Dragan Armansky, Hans-Erik Wennerström, Mikael Blomkvist, Lisbeth Salander, and Henrik Vanger, the story moves along quite nicely.  

It revolves around a disgraced journalist, Blomkvist, who agrees to take a research case from a very old family patriarch, Vanger. The case involves the disappearance of Vanger’s favorite niece, Harriet, some forty years prior. At a family gathering on their private island, Harriet disappeared without a trace. The local law enforcement officials suspected a runaway, then suicide, then murder but were unable to find any meaningful clues one way or the other. Vanger suspects murder and is convinced that someone in his own family was behind the crime, but because the family members all vehemently hate each other and have a long list of fetishes and prejudices, any one of them could have had the motive to do it. For the seven years before Harriet disappeared, she gave Vanger a framed exotic flower to hang on his wall for his birthday. For the next thirty-seven years after Harriet’s disappearance, he anonymously received another framed exotic flower in the mail on his birthday. Each flower is a reminder that Harriet is gone, that Vanger has no clue what happened, and that the person sending the flower may be the killer. Before he dies, which could be very soon, Vanger wants resolution and hires Blomkvist to solve the case. 

With the mystery laid out, Larsson walks the reader through what he really wants to talk about: the egregious acceptance in Swedish culture of violence against women. The working title to the book before he published it was Men Who Hate Women, so you know what Larsson had in mind. Lisbeth Salander is the tattooed girl referred to in the book’s title. She is an orphan, a ward of the state, a hacker with a photographic memory who works for a private investigation firm, and a young woman who refuses to be a victim. She is an amazing character, a real woman with strengths and flaws but who can be held up to us all as an example to admire and to aspire to in regard to her drive, intelligence, and agency. Blomkvist hires her to help him with the Vanger mystery, and although the story is told from Blomkvist’s perspective, the story is really about Salander.

The Tech

The story is so engulfing that when I read it for the first time, I got through about 75 percent of it and realized that I had not seen a lot of hacking by the Tattoo Girl. All that Larsson did describe was a lot of innuendo. Phrases like “The Tattoo Girl hacked my password and looked at my hard drive” pepper the narrative. He would never explain how she hacked it. I was ready to chalk the entire thing up to a good read, but put it squarely in the Harry Potter School of Hacking stories, when I arrived at the second climax of the story. There are two parallel plots running through the book, and the final climax is where the hacking comes in. Larsson describes in fairly good detail how the Tattoo Girl was able to defeat Hans-Erik Wennerström’s email encryption scheme, install a piece of stealthy malcode over time, remotely control the bad guy’s Dell laptop with her Apple MacBook (I think there is a political statement in there somewhere), and reroute his money stored in numerous bank accounts around the world to her equally numerous anonymous accounts that she had sole control over. Wennerström is the source of Blomkvist’s disgrace that started the book. The hacking description is realistic and could have worked in the real world.

Conclusion

If you like mysteries and if you like stories about hackers, you have to read this book. Be warned though, there are a number of scenes that Larsson describes in gory detail regarding the sexual abuse of women. If you can’t stand that kind of thing, stay away. Don’t say that I didn’t warn you. And do yourself a favor; watch both movie versions of the book: the original 2009 Swedish version with Noomi Rapace as Salander and the American 2011 remake with Rooney Mara as Salander. Both actresses provide a compelling and completely different take on Salander, and it is fascinating to watch. Because the book is a very good, well-written story, despite being translated into English from Swedish, and because the hacking described within is not exaggerated and could actually work, it is worthy of consideration for the cyber security canon.[3] You should have read this by now.

Note

I worked for iDefense (a VeriSign Inc. business unit) the first time that I wrote about The Girl with the Dragon Tattoo. Jason Greenwood, the current general manager and an old friend of mine, has graciously allowed me to reuse some of the original content from that essay for this updated blog post. iDefense is still one of the best commercial cyber security intelligence outfits out there. If you have cyber intelligence needs, you should consider calling them.

Sources

[1] “The Zenith Angle,” by Bruce Sterling, Goodreads, published January 2004 by Del Ray, last visited 21 March 2014,
https://www.goodreads.com/book/show/218568.The_Zenith_Angle?ac=1

[2] “Book Review: The Blue Nowhere by Jeffery Deaver (2001),” by Rick Howard, Terebrate, 11 January 2014, last visited 21 March 2014,
http://terebrate.blogspot.jp/2012/11/book-review-blue-nowhere-by-jeffery.html

[3] “Books You Should Have Read By Now,” by Rick Howard, Terebrate, 16 February 2014, last visited 21 March 2014,
http://terebrate.blogspot.jp/2014/02/books-you-should-have-read-by-now.html

References

“Let's play corpse and robbers,” by Peter Guttridge, The Observer, 5 January 2008, last visited 15 March 2014,
http://www.theguardian.com/books/2008/jan/06/fiction.features

“Vanished,” by Alex Berenson, The New York Times, 14 September 2008, last visited 15 March 2014,
http://www.nytimes.com/2008/09/14/books/review/Berenson-t.html?_r=0








Popular posts from this blog

Books You Should Have Read By Now

When I started Terebrate back in January 2010, I always intended it to be a place to put my book reviews on whatever I was reading. Since then, a lot has happened in my professional life. I changed jobs, twice. I presented my collection of cybersecurity book reviews at the annual RSA Conference and suggested that the cybersecurity community ought to have a list of books that we all should have read by now. My current employer, Palo Alto Networks, liked the idea so much that they decided to sponsor it. We ended up creating the the Rock and Roll Hall of Fame for cybersecurity books. We formed a committee of cybersecurity experts from journalists, CISOs, researchers and marketing people who were all passionate about reading. My collection became the the candidate list and for the past two years, the committee, with the help of community voting, has selected books from the candidate list to be inducted into something we are calling the Cybersecurity Canon. It has been very exciting.

This i…

Book Review: Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Kevin Poulsen (2011)

Executive Summary
Kingpin tells the story of the rise and fall of a hacker legend: Max Butler. Butler is most famous for his epic, hostile hacking takeover in August 2006 of four of the criminal underground’s prominent credit card forums. He is also tangentially associated with the TJX data breach of 2007. His downfall resulted from the famous FBI sting called Operation Firewall where agent Keith Mularski was able to infiltrate one of the four forums Butler had hacked: DarkMarket. But Butler’s transition from pure white-hat hacker into something gray—sometimes a white hat, sometimes a black hat—is a treatise on the cyber criminal world. The author of Kingpin, Kevin Poulsen, imbues the story with lush descriptions of how Butler hacked his way around the Internet and pulls the curtain back on how the cyber criminal world functions. In much the same way that Cuckoo's Egg reads like a spy novel, Kingpin reads like a crime novel. Cyber security professionals might know the highlights of…

Book Review: The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage (1989) by Clifford Stoll

Executive Summary

This book is a part of the cyber security canon. If you are a cyber security professional, you should have read this by now. Twenty years after it was published, it still has something of value to say on persistent cyber security problems like information sharing, privacy versus security, cyber espionage and the intelligence dilemma. Rereading it after 20 years, I was pleasantly surprised to learn how pertinent that story still is. If you are not a cyber security professional, you will still get a kick out of this book. It reads like a spy novel, and the main characters are quirky, smart, and delightful.



Introduction

The Cuckoo’s Egg is my first love. Clifford Stoll published it in 1989, and the first time I read it, I devoured it over a weekend when I should have been writing my grad school thesis. It was my introduction to the security community and the idea that somebody had to protect these new-fangled gadgets called computers. Back in those days, authors put their …