Computer expert struggles to foil massive Internet attack in new novel

Counting from Zero brings Dashiell Hammet and Raymond Chandler into the computer age. 

Wikipedia Commons

The Anonymous collective, associated with international hacktivism, undertake protests with the goal of promoting Internet freedom and freedom of speech. Here Anonymous members wear Guy Fawkes masks popularized by V for Vendetta.

Mick O’Malley arrives at an Internet security conference in Hiroshima, only to discover his website is displaying a huge banner reading “Carbon is Poison,” not its usual content.

Realizing his server has been compromised, he is able to prevent the conference servers from being contaminated by unplugging them, but soon learns servers everywhere are already infected.

So begins Counting from Zero, a modern-day novel written by Internet expert Alan B. Johnston, PhD, adjunct instructor in the School of Engineering & Applied Science at Washington University in St. Louis, in which readers are given a glimpse of the techniques that are used to turn your laptop into a spam zombie or to mess up centrifuge speeds at an Iranian nuclear enrichment facility.

While many modern protagonists are supposed to have mad computer skills — think of Steig Larson’s Lisbeth Salander, for example, who breaks into corporate and personal computers at will — their hacks usually are far-fetched fantasies, described in just enough detail to give readers the illusion they understand what’s been done. Johnston, on the other hand has chosen to describing real hacking, paying his readers the compliment of assuming they will be able to follow him.

Mick, who holds two passports, spends most of his time traveling to international security conferences, consulting with private clients, and riding his Ducati through the countryside, bears more than a passing resemblance to his creator.

Johnston, who teaches occasional classes in electrical engineering, Internet communications and other topics, also holds two passports, is a frequent conference speaker, wrote a security protocol for voice-over IP, and owns several motorcycles, although not a Ducati.

The plot

The ostensible goal of the Hiroshima hack is to infect computers with a program that makes them act as spambots — spam-sending robots — that automatically send out hundreds of thousands of spam emails per hour.

The infected computers appear to be part of a botnet, a network of hacked, or zombie, computers, organized to receive commands and operate over the Internet.

Fantasy or reality? Security vendor McAfee says at least 18 percent of American computers are zombies, but those are just the ones that vendor is finding. Other sources say the percentage is higher.

According to the New York Times, we got a spam holiday between last Christmas and New Year’s because Rustock, a botnet believed to be controlled by Russian cybercriminals and the world’s leading source of spam, stopped sending spam Christmas eve. No one knows why. The botnet resumed transmission after the first of the year.

But the fictional Hiroshima botnet is worse than Rustock. There are signs that it is sending spam to conceal its real purpose, which is more sinister than spamming.

Mick takes it on himself to uncover the program and defeat its authors.

The challenge

Many elements of Counting from Zero are as familiar and comfortable as your favorite easy chair. The protagonist, himself, for example. Macho, noble, a loner, given to doomed romances and to defending the innocent, he has many replicas in detective fiction.

Instead of taking the edge off with a whiskey, Mick writes code to calm his nerves.

And defending the innocent takes the form of helping a teen hiding embarrassing Facebook posts from an employer who wants to “friend” him. Of course, nothing on the Internet can ever be truly “deleted,” but Mick uses his skills to make the posts vanish under what appears to be database corruption.

Although the protagonist and the situation may be familiar, readers won’t be able to follow the plot unless they’re willing to learn about private keys, peer-to-peer networks, keyloggers, Trojan horses and the other beasts in the computer zoo.

Johnston is betting that they will and has done his best to help them along.

The book is structured as a story interspersed with blog entries and emails. Chapters written from Mick’s point of view and numbered in hexadecimal, begin with Facebook posts chosen to conceal more than they reveal. Sprinkled among the chapters are encrypted emails from Micks’ fellow security experts signed with their private keys, his conversations or emails with his niece, and a series of entries in his computer security blog , where he answers questions from youngsters whose screen names are all variations on the word “raptor.”

For example, “wateraptor” asks: “What does it mean when my browser gives me an error message about a certificate? Should I just click OK?”

Mick’s answer (in little): “When I get one of these errors, I never click OK.” (Mick never does what the computer suggests he do.)

The colleagues, the niece and the raptors all function much like the maid in a Chekhov play; they provide an excuse for the main character to talk about his preoccupations — or, in this case, to fill in technical background without which the naïve reader will not be able to follow the plot.

But even the title of the novel requires a little explanation. It refers to the fact that programmers, unlike the rest of us, count from zero rather than one, and also to the term “zero day,” which is programmer-speak for a vulnerability that is discovered the same day that it is used by intruders.

Given the subject, the audience for Counting from Zero will be limited to those who are willing to learn how hacks really work, which is probably a small subset of those interested in reading thrillers.

The issue

But Counting from Zero implicitly raises an interesting question: if you use a computer for financial transactions and other sensitive tasks, can you afford to be clueless about computer security?

Last year, The New York Times reported that a computer worm called Stuxnet seemed to have been written to disable the centrifuges at an Iranian uranium enrichment facility.

The Stuxnet worm had been designed to spread indiscriminately across the Internet, although it did little harm to most computers. Many copies of the worm were found an Iranian computers, but some were also found on U.S. computers, including ones at Washington University.

The technical community concluded that the attack was so sophisticated it could have been carried out only by “a nation state or nation states.”

One of Mick’s side interests is Hiroshima and the Manhattan Project. Johnston never says so explicitly, but he is clearly reminding us that technology sometimes has dire, unintended consequences.

Is computer hacking the same level of threat as the bomb?

Some people clearly think so. Last June, Sen. Joe Lieberman introduced a bill which, if signed into law, would grant the President emergency powers over the Internet. The media called it the Kill-Switch bill.

Counting from Zero is available for downloading from the Internet for $5.99.