So…I started “The Girl In the Spider’s Web” yesterday, and oh my God the level of crappiness when it comes to the computer hacking bits… Yes, believe it or not, my kinky gay romance cyberthriller “Would I Lie to You?” has more legitimate hacking scenarios in it than this book from a gigantic publishing house, which you would think would carve out some few dollars from its gigantic marketing budget to pay someone, anyone, to vet the tech…
So the whole idea is that Lisbeth Salander is so brilliant she can hack the NSA’s systems. Okay, fiction, I’ll allow it, regardless of how preposterous it sounds. My arms, however, are crossed and my scowl is in place. Prove to me that it’s possible.
So, right away, the level of dumbness starts to rise. The author has Lisbeth running two computers in her house, one of which was a “test machine” on which she…are you ready? “…on which she had installed a copy of the NSA’s server and operating system.”
Okay, so sure, she’s got a seven room apartment. And presumably the billion dollars she stole from a bad guy in a previous book could pay for a supercomputer, and let’s presume she got it on the black market and let’s presume she got some piano movers to pretend they were moving several dozen “pianos” into her…oh forget it.
First off there’s the idea of “The” NSA’s server. Anyone who’s worked at a large corporation for like five seconds knows there’s a file server, there’s a mail server, there’s no single server for anything. And whatever “operating system” the NSA is using, I would hazard that it’s probably written in a programming language exclusively used at the NSA for a chip set exclusively manufactured for the NSA. Which even your most brilliant savant would take a while to learn, never mind master, and which certainly couldn’t just be “copied” onto some off-the-shelf system.
O wait, it gets better. She hacks the system’s “root” and guess what? Like some terrible Hollywood movie, all the computers in the building go dark. Why? Because Salander has “root” access, which means she’s stolen the identity of “the” administrator who has all privileges and powers in the entire NSA system. Foofaraw and balderdash, because I can guarantee you that there’s no single admin in an agency of that size and security who can do that to all users at the touch of a button. (Well, possibly – Vance’s Rule #1 is, “Never underestimate the reach, scope and power of general incompetence.”)
And how did she get this access? By hacking into NSA’s “Active Directory – or its equivalent,” which is like saying, “I don’t know what it would be, but it’s their version of Windows, you know, so whatever.” Lazy, lazy, lazy.
And do you know what even your basic large sized company has (as Marc and Jesse so adeptly manipulated)? It’s called “failover.” Your system crashes, you flip to a “mirror” system. The idea that the NSA doesn’t have redundant systems is… Anyway.
And of course she could do all this remotely because no doubt the NSA lets people work from home on ultra super top secret shit. Not only that, but lets them do it without even “two factor authentication.” No RSA token, no fingerprint scanner, no chipped ID card you have to stick into a card reader attached to the machine, I mean, none of the shit even your normal corporation would demand that any low level flunky would have to go through to get remote access to anything.
And naturally, it’s easy to find (among the trillions of files – literally, trillions, probably – that the NSA holds) the most critical document because the file name (or file properties, it’s not clear) has TOP SECRET written all over it, along with NOFORN for no foreign distribution, because of course there’s lots of shit the NSA loves to share with citizens of other countries, so they have to make sure that particular document doesn’t get hoovered up into the dispatches.
I mean…oh. My. God. The atrocious LAZINESS of it has me in a RAGE! You know this guy got paid like seventy two trillion dollars to write this book…couldn’t he have hired, I don’t know, someone with at least as much fundamental knowledge of computing possessed by such as I, a lowly romance writer, to do some research for him? Couldn’t the snootiest, snobbiest literary house in America, Alfred A. Knopf, have applied the level of fact checking to it to which they’d subject even the most self-indulgent memoir full of “luminous prose” and “lovely sentences”?
Well, here’s the good news. This shit has lit a FIRE under my ass for “Strength in Numbers.” There’s going to be a fortune in Bitcoins secreted in a single wallet on a single USB drive, a wallet address which is in turn encrypted six ways to Sunday, and much of Marc and Jesse’s adventure is going to be about not only chasing that USB drive around in “Da Vinci Code” style, but about unwinding and unpacking the encryption. I’m creating a bunch of clever systems of encryption such as this one:
- Create an account at E*TRADE or Ameritrade. Buy a bunch of really cheap stocks, none more than a few dollars a share.
- Share the login with the person with whom you want to communicate.
- Buy 400 shares of a stock with the symbol NETE.
- Buy 400 shares of AEZS.
- Buy 100 shares of REXX.
- Buy 200 shares of CLNE.
- Buy 400 shares of WRES.
- Buy 300 shares of OHRP.
- Buy 100 shares of BIOS.
- Buy 300 shares of ESCR.
- Send whatever signal you’re using (email, text, a taped X on a window “X files style) that there’s a message ready.
- The other person logs into the account, and sees the transaction history, and decodes the message…
And guess what? You’ve just sent a coded message, that is easy to decrypt but…has been sent in such a manner that no NSA spy dude or any other “formal thinker” is going to think to look for. Nobody (as far as I know, who knows what the NSA does…) would ever think to scan stock trading accounts for hidden messages. They’re listening to calls and monitoring texts and chat rooms and social media posts. No alarm goes off when someone goes to an Internet cafe and logs into to his Ameritrade account. Which is why it’s the absolutely most perfect way to hide a message. Sometimes the genius is not in how well you bury something in the expected place, but in burying it where nobody will ever look…
Can you decode it? I’ll give you the answer tomorrow 🙂
My point is…In preparation for this book, I’ve read one half of one book on cryptography and cryptanalysis, I failed algebra in high school and never took another math class, and I’ve come up with something cooler and more probable than anything in a mainstream “thriller” whose main protagonist is the most brilliant hacker in the history of everything ever.
And all I had to do was read one…single…book. So yeah. I’m really motivated to do Marc and Jesse’s story now. Maybe it’s because I’m a guy, but RAGE really lights a fire under my creative ass. All that money, and here I am, scrabbling for a ha’penny, and I’m working harder to get shit right in a gay romance…