You have heard of this book from watching one or both of the movies that have sprung from it, but do yourself a favor: take the time to read through this one. It is a fantastic story involving a complex mystery and engaging real-world characters. The overarching theme though is the spotlight that the author, Stieg Larsson, places on Swedish culture’s egregious acceptance of violence against women. Lisbeth Salander is the tattooed girl referred to in the book’s title. She is an orphan, a ward of the state, a hacker with a photographic memory who works for a private investigation firm, and a young woman who refuses to be a victim. She is an amazing character, a real woman with strengths and flaws but who can be held up to us all as an example to admire and to aspire to in regard to her drive, intelligence, and agency. It is written well, despite being translated into English from Swedish, and because the hacking described within is not exaggerated and could actually work, it is worthy of consideration for the cyber security canon. You should have read this by now.
When I read The Girl with the Dragon Tattoo the first time a few years ago, I got the idea that there must be a lot of books published involving hackers and how they hack. I started to seek them out to see if any of them were any good. What I discovered was that you could categorize these hacker books into two broad categories. In one category, the author does not really understand hacking at all and does not even attempt to describe how anything is done. I call this the Harry Potter School of Hacking; the hackers do a lot of hand-waving and say a lot of magic words like “Sending spike now!” or “Breaking encryption, this will just take a couple of seconds,” but you never really see how they accomplish those tasks. A good example of this kind of hacker storytelling is The Zenith Angle by Bruce Sterling. I loved the story, but Harry Potter might as well have been the main character because the hacking accomplished is magically done. In the other category, the author has spent some time trying to understand hacking culture and to describe exactly how the hacker did what he or she did. A good example of this kind of storytelling is The Blue Nowhere by Jeffery Deaver. Deaver gets the technical details right by describing real-world and fictional tools that the two main hackers use against each other. The Girl with the Dragon Tattoo falls into this latter bucket. It is fantastic story, and Larsson gets the technical details right.
The Girl with the Dragon Tattoo is a ripping-good detective story set in the vicinity of Stockholm, Sweden, during a time when the only way to connect to the Internet from your home was with inexpensive modem lines or expensive ADSL lines. Once an English reader like me gets past the strange-sounding Swedish names, like Dragan Armansky, Hans-Erik Wennerström, Mikael Blomkvist, Lisbeth Salander, and Henrik Vanger, the story moves along quite nicely.
It revolves around a disgraced journalist, Blomkvist, who agrees to take a research case from a very old family patriarch, Vanger. The case involves the disappearance of Vanger’s favorite niece, Harriet, some forty years prior. At a family gathering on their private island, Harriet disappeared without a trace. The local law enforcement officials suspected a runaway, then suicide, then murder but were unable to find any meaningful clues one way or the other. Vanger suspects murder and is convinced that someone in his own family was behind the crime, but because the family members all vehemently hate each other and have a long list of fetishes and prejudices, any one of them could have had the motive to do it. For the seven years before Harriet disappeared, she gave Vanger a framed exotic flower to hang on his wall for his birthday. For the next thirty-seven years after Harriet’s disappearance, he anonymously received another framed exotic flower in the mail on his birthday. Each flower is a reminder that Harriet is gone, that Vanger has no clue what happened, and that the person sending the flower may be the killer. Before he dies, which could be very soon, Vanger wants resolution and hires Blomkvist to solve the case.
With the mystery laid out, Larsson walks the reader through what he really wants to talk about: the egregious acceptance in Swedish culture of violence against women. The working title to the book before he published it was Men Who Hate Women, so you know what Larsson had in mind. Lisbeth Salander is the tattooed girl referred to in the book’s title. She is an orphan, a ward of the state, a hacker with a photographic memory who works for a private investigation firm, and a young woman who refuses to be a victim. She is an amazing character, a real woman with strengths and flaws but who can be held up to us all as an example to admire and to aspire to in regard to her drive, intelligence, and agency. Blomkvist hires her to help him with the Vanger mystery, and although the story is told from Blomkvist’s perspective, the story is really about Salander.
The story is so engulfing that when I read it for the first time, I got through about 75 percent of it and realized that I had not seen a lot of hacking by the Tattoo Girl. All that Larsson did describe was a lot of innuendo. Phrases like “The Tattoo Girl hacked my password and looked at my hard drive” pepper the narrative. He would never explain how she hacked it. I was ready to chalk the entire thing up to a good read, but put it squarely in the Harry Potter School of Hacking stories, when I arrived at the second climax of the story. There are two parallel plots running through the book, and the final climax is where the hacking comes in. Larsson describes in fairly good detail how the Tattoo Girl was able to defeat Hans-Erik Wennerström’s email encryption scheme, install a piece of stealthy malcode over time, remotely control the bad guy’s Dell laptop with her Apple MacBook (I think there is a political statement in there somewhere), and reroute his money stored in numerous bank accounts around the world to her equally numerous anonymous accounts that she had sole control over. Wennerström is the source of Blomkvist’s disgrace that started the book. The hacking description is realistic and could have worked in the real world.
If you like mysteries and if you like stories about hackers, you have to read this book. Be warned though, there are a number of scenes that Larsson describes in gory detail regarding the sexual abuse of women. If you can’t stand that kind of thing, stay away. Don’t say that I didn’t warn you. And do yourself a favor; watch both movie versions of the book: the original 2009 Swedish version with Noomi Rapace as Salander and the American 2011 remake with Rooney Mara as Salander. Both actresses provide a compelling and completely different take on Salander, and it is fascinating to watch. Because the book is a very good, well-written story, despite being translated into English from Swedish, and because the hacking described within is not exaggerated and could actually work, it is worthy of consideration for the cyber security canon. You should have read this by now.
I worked for iDefense (a VeriSign Inc. business unit) the first time that I wrote about The Girl with the Dragon Tattoo. Jason Greenwood, the current general manager and an old friend of mine, has graciously allowed me to reuse some of the original content from that essay for this updated blog post. iDefense is still one of the best commercial cyber security intelligence outfits out there. If you have cyber intelligence needs, you should consider calling them.
 “The Zenith Angle,” by Bruce Sterling, Goodreads, published January 2004 by Del Ray, last visited 21 March 2014,
 “Book Review: The Blue Nowhere by Jeffery Deaver (2001),” by Rick Howard, Terebrate, 11 January 2014, last visited 21 March 2014,
 “Books You Should Have Read By Now,” by Rick Howard, Terebrate, 16 February 2014, last visited 21 March 2014,
“Let's play corpse and robbers,” by Peter Guttridge, The Observer, 5 January 2008, last visited 15 March 2014,
“Vanished,” by Alex Berenson, The New York Times, 14 September 2008, last visited 15 March 2014,