© The Financial Times Ltd 2015 FT and 'Financial Times' are trademarks of The Financial Times Ltd.
September 30, 2011 5:35 pm
Cybercrime, cyberwars and cybersecurity are now important, even life-and-death, issues. In June Leon Panetta, then head of the CIA, forecast that “the next Pearl Harbour we confront could well be a cyber-attack that cripples our power systems, our grid, our security systems, our financial systems, our governmental systems”. A new Cyber Command has been created in the US military, with $10.5bn annually marked for expenditure on information security over the next four years. The East West Institute think-tank claimed last month that “cyber criminals are moving at a faster pace than the policies that can restrain them”. Our exhilarating new world of free-flowing information is also, it seems, a vulnerable one.
You would expect threats such as these to exercise a greater hold on the public imagination. Here, after all, are vast strategies of attack and defence, enigmas wrapped in mysteries and topped with deceit; here, too, are activities whose most accomplished practitioners, whether good or bad guys (and a surprising number switch to and fro), must possess a natural creativity, technical super-competence and a gambler’s nerve.
What you see, however, are platoons of young, sometimes very young, men (and “men” is nearly always right) battering away at their keyboards with the intensity of concert pianists, speaking as little as possible. This is not a milieu that lends itself to drama. It tends to put a fuzz over most people’s minds, since most minds can’t comprehend what happens in cyber-operations in any kind of detail – and the detail is all, or nearly all.
Misha Glenny, a master reporter who has made it his business to penetrate hidden worlds, seeks to dispel the fuzz. In McMafia (2008) he tackled organised crime, which he claimed accounted for some 15-20 per cent of world gross domestic product. His approach, repeated now in DarkMarket: CyberThieves, CyberCops and You, is to zero in on a set of characters whose lives and work he describes in great detail, the fruit of much shoe leather and phone-bashing (as well as days at the screen). Since he has had to teach himself their codes, protocols and affectations, he is good at teaching us and does so without condescension.
The interlocking series of websites, organisations and individuals that his industry has uncovered make for a truly remarkable story. The criminals are in it for the money, of course, but they depend greatly on the sleepless work of geeks who, carried away by the thrill of their solitary communion with the screen and vying for primacy on the web as eagerly as a bevvy of chess grandmasters (and with some similar skills), construct the sites and links on which cybercrime – most of it credit card fraud – depends. Though they may lift no money themselves, they commit crimes; they are paid, and sometimes well. But their prime motivation appears to be competition with their peers and fascination with the boundless cyberspace in which they find themselves.
DarkMarket itself was a website or “carding board” for credit card fraudsters, launched in 2005 and serviced at first largely by a young man named Renukanth Subramaniam, aka JiLsi, a Tamil from Sri Lanka whose family narrowly escaped probable death at the hands of a vengeful army, and who emigrated to London. There, he put his huge creativity to criminal use, operating from a Java Bean Internet Café in north London and at one time reduced to penury while his work enriched fraudsters all round the world. DarkMarket was maintained by a range of extraordinarily bright people, some ruthless, some – like Subramaniam – naive, and was also inhabited, and at times steered, by special agent Keith Mularski of the FBI, who taught himself the ways of cybercrime and succeeded, narrowly, in closing down DarkMarket as a criminal enterprise some three years after it was born.
Glenny doesn’t wholly clear up his readers’ confusion; he may not quite have escaped it himself, since – as he admits – he found it impossible to unravel major skeins of the plot. He likes detail, and sometimes it overwhelms; here, as in McMafia, it can lead to much retracing of steps to get the narrative straight. But he has succeeded in illuminating much that was hidden. This is an early, at times magnificent pass at a new world, which will grow greatly as our lives become ever more entangled with the web.
The outsider reporting back has one set of problems; the insider describing the virtual terrains he makes his own, another. This is poignantly illustrated by Kevin Mitnick’s memoir Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker. Mitnick, raised by a poor, hard-working single mother, was gifted with great technical ability but was too impatient, perhaps too talented, to submit to regular schooling. In this part of his biography he resembles Julian Assange, without the WikiLeaks founder’s ruthlessness but with the same almost erotic desire to – as Assange writes in his “unauthorised autobiography”, published against his will last week – “give himself” to the computer.
From a very early age – his mid-teens – Mitnick was hacking cheerfully and promiscuously into other people’s networks. He hacked by night and by day; he hacked creatively, adventurously and criminally, not just in the act of breaking through codes to get into the voicemail and data networks of companies and individuals, but in burgling offices for information necessary to hack both wider and deeper. He often did it with hack buddies, as driven as he and with whom he spent most of the time when not on his own. He married a woman named Bonnie, not a hacker, who nevertheless put up with his long absences and his increasingly frequent arrests – until, reasonably, she didn’t any more, and he carried on hacking.
These arrests testified to the fact that he was becoming notorious; quite soon, the book steers away from descriptions of great hacks and their supportive burglaries to the cat-and-mouse games Mitnick played with the FBI – except that, dealing as it was with the world’s greatest hacker, the flat-footed bureau often played Tom to Mitnick’s Jerry, all size and claws and futile threats. In particular, he spends much of his time and far too much of the book obsessing about Eric, who poses as a super-hacker but is, as he discovers in stages, a flatfoot. Mitnick outwits him, of course, but in the end there are too many Toms, he’s caught, the book is thrown at him and he’s put away – though he avoids the life sentence with which he has at times been threatened. He serves his time, gets out and is now living happy ever after as a much sought-after consultant and interviewee on cybersecurity. In a preface, Steve Wozniak, Apple’s co-founder, says Mitnick’s post-prison life is “pretty cool”: it doesn’t come cooler than that.
If I have made this sound interesting, put it down to 1/1000 compression. Very large stretches of it are catatonic. I have no reason to question Mitnick’s assertions that he is just as clever as he says he is, nor that he is the world’s greatest hacker; but though the book gets the skilled aid of William M Simon, a member of the as-told-to tribe, the ascent to the Hacktheon cannot be made compelling. Mitnick has lived, and is perhaps still living, a life rich in danger, tension and discovery; but the same can be said of badgers, and they cannot communicate it, either.
The formidable difficulties of dramatising the cyberworld make the achievement of Shumeet Baluja in writing The Silicon Jungle all the greater. Not that it is a tremendous literary achievement; but it rolls along smoothly enough, it has some tension and its quite complex plot is handled well enough to be fairly comprehensible. The author is a research scientist at Google, and the campus of Ubatoo, the Google simulacrum in which the novel plays out, is what he describes best. The story follows Stephen, super-smart new hire at Ubatoo, as he plunges deeper and deeper into moral hazard (and, just like Kevin Mitnick, the loss of his girl), in worlds in which concerns for civil liberties, cybercrime, cyberterrorism and cybersecurity are hopelessly intermingled.
In the course of the journey, Baluja illustrates well the obsessive nature of advanced internet work, where the huge banks of information to which Ubatoo/Google has access can be manipulated to produce intimate profiles on almost everything and everyone – as Stephen realises, “a kingdom of pure raw information”, to which he had been given the key. As Baluja comments in a preface – “it is important to remind ourselves that the technology, policies and sheer enormity of the amount of personal detail amassed about all of us is new. It’s breathtaking. It’s unexpected. All of us, those who are being watched and those who are watching us are, quite literally, in uncharted territory.” The novel, he says, is a heuristic exercise in showing what this territory can become when a Stephen – a brilliant, narrow-focus idealist and nice guy – is let loose in it without a compass.
Hackers, an increasingly influential subspecies, like to discriminate between good and bad members of their tribe: the first protect, the second invade, privacy (though it never seems as neat as that). Dr K, the nom de keystroke of a veteran specialist, stresses this distinction a little self-righteously in The Real Hackers’ Handbook, a book that, though padded out a good deal in this fourth edition to give it bulk, is nevertheless informative and quite comprehensive about the cyberworld. One important thing he makes clear: the absolute default position of those who live by the web is that all authority is at least potentially evil: “Corporations and governments cannot be trusted to use technology to the benefit of ordinary people.”
The weirdness and paranoia of the hackers’ world – populated by websites with names such as Phrack, Hack-Tic, the Cult of the Dead Cow, Chaos Computer Club and Legion of Doom – is partly explicable by the insight the web-fingered folk have into the one the rest of us inhabit. Net security companies estimate that more than a quarter of computers have malware; some of that enables the machine to spy on all we do online, and report back to whoever has planted it. We have spies in our rooms, unsleepingly going about their foul work.
The Real Hackers’ Handbook is on the alarmist side on the potential for cyberwarfare. Dr K sees an increasing likelihood of cyberwars between the Palestinians and Israel, India and Pakistan, and almost everybody and the US. How this will play out is unknown but there are straws blowing. The successful attack on Iran’s nuclear capacity with the Stuxnet virus – a virus so complex and lethal it needed, according to Glenny, the resources of a nation to create it – caused a major breakdown. A Russian-sourced attack on tiny Estonia in 2007 took out the operations of two banks, disrupted mobile phone traffic, caused the shutdown of communication links and fouled the operations of both government and the media for some days.
Dr K, an ethical hacker, asks himself why he, and others both on the light and dark sides, do it. He comes up with the George Mallory answer on why he tried to climb Everest: because it’s there. Mallory died, in 1924, in the attempt. These sometimes bleak books tell us that we who must live by cyber, must also, if not die, at least lose by it.
John Lloyd is an FT contributing editor
DarkMarket: Cyberthieves, Cybercops and You, by Misha Glenny, Bodley Head, RRP£20, 304 pages
The Silicon Jungle, by Shumeet Baluja, Princeton University Press, RRP£19.95, 350 pages
Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker, by Kevin Mitnick, Little, Brown, RRP£19.99, 432 pages
The Real Hackers’ Handbook, by Dr K, Carlton, RRP£9.99, 272 pages
Please don't cut articles from FT.com and redistribute by email or post to the web.