http://www.powells.com/cgi-bin/partner?partner_id=28327&cgi=product&isbn=0-684-82464-7

@Large

The Strange Case of The World's Biggest Internet Invasion

David H. Freedman and Charles C. Mann

ISBN: 0-684-82464-7, Hardback: $24.00

From the inside cover: "At Large is the astonishing, never-before-revealed tale of perhaps the biggest and certainly the most disturbing computer attack to date, with ominous implications for the Internet, the digital highway over which much of the nation's business is now conducted..."

The idea of the book is to convey a story about a young man who methodically hacked various computer systems on the internet, hitting everything from prestigious colleges to military installations. Throughout the book, it goes back and forth between the hacker and the various admins and federal agents who are after him.

        To sum up the timeline of events:

        kid hacks system
        admin gets mad, tries to get feds to bust him
        kid hacks systems
        more admins get mad, try to get cert/feds to bust him
        kid hacks systems
        even more admins get mad, try to get cert/feds/cops to bust him
        feds do nothing
        kid hacks systems
        cert does nothing
        kid hacks systems
        cops do nothing
        kid hacks systems
        admins watch him more
        kid hacks systems
        few feds get ambitious, start investigation
        kid hacks systems
        feds monitor him
        kid hacks systems
        feds bust him
        kid is scared
        feds decide not to bust him

There you go. That sums up the entire book by leaving out an abundance of adjectives and dramatic writing. The kid was not a spy, did not work for anyone, and was only in it for the fun/challenge. Throughout the book, the authors attempt to convey a sense that the end of the world may come around by this one kids actions, yet are unable to convincingly communicate that. As they continually point out, the kid was just looking around. He was not a super duper huge big large giant spy (trying to use as many adjectives as they do).

As with most books like this, the authors seem to have lost a degree of technical accuracy. They call MS-DOS "Microsoft Digital Operating System" (uh, that's DISK, not digital) on page 68, and go on to say it is "currently the operating system for most personal computers". Furthermore, at one point they talk of two admins who were watching the hacker via log files. "There was no way to know who was logged into the system at the change time of the log-in program." The first reference talks about system logs (ie: syslog, messages, etc). They make no mention that the hacker destroyed any of the "*tmp" files. In that case, that elusive command 'last' would have provided the information the two 'genius' admins needed. But wait... if we jump to page 129 we see the same admin "[keep] invoking the Last command, which checks who recently came on-line." Little technical inaccuracies like that make technical people question the book. If they miss such trivial things like these, what else did they miss?

The last thing to consider about the entire story is when it took place. A specific time frame isn't mentioned, but it is more than obvious that it took place years back. This was before the FBI had considered putting together a crime unit, and very close to the whole MOD bust. That places it between 90 and late 91. At that time, the internet was learning about security. At that point in time, there were basically no security measures being taken on any system, while hacker tools grew stronger and stronger. There was more trading going on between hackers, more cooperation. Bottom line: it was fairly easy to break into places.

Compare it to now, in a world of firewalls, packet filters, strong real time encrypted data transfers, password shadowing, increased logging and auditing. Yet in today's internet, there are dozens of hackers that put "Phantom Dialer" to shame. Some of them break through firewalls, install trojans (that work), put up sniffers that are near impossible to find, and stay hidden on systems for years before leaving them. Supposed security experts have their machines compromised by these experts. Yet I am supposed to believe that a hacker kid 7 years ago was more of a threat than some of the ones today? Personally, I don't think so. I knew hackers back then, I know hackers today. And I would place all of my fear in today's if I had to.

Overall, this book sucked. After going some 200 pages, the ending came crashing down in the most un-dramatic fashion I have ever seen. Especially after all the drama that was poured into the first part of the book. No clear explanation was given as to why the feds didn't prosecute as the cover hinted it would do. Only speculation as to what on. In the final section, the authors go on to reveal that they couldn't get ahold of two key hackers they continually refer to. So now we have to question the accuracy of the details of their involvement. Add that up and we have an interesting story completely lacking in believability, with an inadequate ending that doesn't explain anything. If you are interested in the book, borrow my copy and read the Epilogue. It is a nice summary of concerns the internet faces... wait. Just pick up any white paper on internet security and you will get more details.


main page ATTRITION feedback