Recently,
over the course of a week, three different people told
me I
*had* to read this book. Obviously, somebody likes it.
Well,
there are some reasonable points about members of the
blackhat
community, such as the various activities and types,
the generally
opportunistic skill level, obsessive behaviour (although
the"
addiction" theme is a bit overplayed) and the usual
types of
motivations. (While the book does note that blackhats
engage in
different activities, the insistence on a kind of "superhacker" who
does everything is a central feature of the book.) However,
despite
serious attempts to use real technology, such as the
packet nature of
network transmissions, routers, and steganographic embedding,
a great
deal of the technical errors are simply annoying. The
Computer
Emergency Response Team does not deny that is its name:
in fact, both
name and acronym are trademarked, and CERT suggests other
offices call
themselves computer incident response teams. Hackers
don't get
callouses on the ends of their fingers. (Guitarists,
yes. Harpists,
yes. Quilters, yes. Typists, no. In addition, typing
speed has
never been a measure of "hacking" skill.) Nobody
would bother to hide
SATAN anywhere over a period of years: it has been freely
available
and the program is so old it is no longer very useful,
anyway--which
objection would apply to most security breaking tools.
Exploits are
very version-specific, and are seldom useful for long
periods of time.
Winchester hard drives are not a big deal: at one point
they were, but
at another they were the most commonly available drives
for personal
computers.
The
network forensics that are used in this work to track
people are
neither clearly explained, nor very accurate. The significance
of
domain names is overrated, while there is no mention
of IP addresses
at all. An attack on law enforcement systems carried
out through the
Computer Crime Unit investigating office is extremely
unlikely: the
perpetrator obviously already has access to the law enforcement
systems (he has previously erased files and interfered
with
investigations), even an hour is too little time to completely
investigate multiple large networks, and a simple air
gap would be
enough to prevent the intrusion--and would be standard
in such an
office. A software package intended to destroy a computer
does
physical damage to it. Deaver does have an explanation
that might be
reasonable--except that it wouldn't work.
At one point
there is a derisive comment about "Eurotrash
hackers" who
try to use (presumably American) idioms and get them
wrong. This is
rather ironic in view of the fact that Deaver makes so
many mistakes
with both technical and blackhat jargon. The title of
the book itself
is supposed to be a synonym for cyberspace (although
it is explained,
rather late in the book, simply as a reference thought
up by one of
the characters).
On
the other hand, Deaver's familiarity with more standard
forensic
science does contribute some points of interest to the
story. Digital
forensics does have some relation to the fibres, DNA,
and bug work, so
those common areas of concern are covered well.
The
plot twists, betrayals, and characterization that Deaver
uses to
such good effect in the "Lincoln Rhyme" series
of mysteries are
present to some extent in this book, but the author seems
to be
uncomfortable with the technical and online world, and
therefore the
story ultimately does not ring true.
The
Internet Review Project would like to thank Chuck Wilmink
for his
generous contribution to this ongoing research.
copyright Robert M. Slade, 2003 BKBLUNWH.RVW 20030325
|
