The Girl with the PGP Encryption Programme
Off the Beat: Bruce Byfield's Blog
Earlier this week, a neighbor loaned me Stieg Larsson's The Girl With the Dragon Tattoo, the mystery that everyone seems to be reading this summer. Mostly, it's an intelligent light read -- even if the climax does occur three-quarters of the way through-- and the book is very lucky in its translator, Reg Keeland. However, my enjoyment is diminished by the sometimes less than expert treatment of computer security issues
Larsson gets some things right when he discusses computers. His detailed stats for a state of the art Mac in 2005 sound correct to my memory, and his assumption that most people do not protect their computers with a password, much less any other security measures is -- unfortunately -- still true today.
However, when he starts talking about computer security, his touch becomes less sure. For instance, the revelation that the title character is a "hacker" (he means "cracker," of course), is meant to be astounding when it occurs halfway through the book. You can tell, because the sentence that reveals the fact is italicized, and contains one of the rare instances of swearing in the book.
Yet, considering that the title character conducts security investigations for a living, and has a reputation for finding obscure information, any half-aware reader had deduced the fact long before it is revealed. Even five years ago, when computer users were even less security-conscious than they are now, the fact would have been obvious. Yet apparently Larsson assumes that most readers would miss what most IT professionals would find obvious.
Crackers and Magicians
The trouble is not only that Larsson is dealing with issues that he barely understands, but also that he cannot resist the Hollywood touches. His crackers are anti-social Goths, at least one of whom -- the title character -- is described as having Asperger's Syndrome. They break into any computer effortlessly, and juggle money from one account to another in a matter of moments, unhampered by any delays for verification or any other form of security.
In fact, in Larsson's book, "hacker" is almost synonymous with "magician." For instance, one of them who is known as Plague "invented a type of cuff that you fasten around the broadband cable . . . . Everything that [the user] sees is registered by the cuff, which forwards the data to a server."
How this cuff is supposed to work through the cable insulation is not explained. It sounds, though, like a hardware version of a packet sniffer. A few bits at a time, it creates a mirror drive on a server that integrates with the machine's browser.
Soon, the user is "no longer working on his own computer," the title character explains, "in reality he's working on our server. His computer will run a little slower, but it's virtually not noticeable. And when I'm connected to the server, I can tap his computer in real time. Each time [he] presses a key on his computer I see it on mine."
All very well, I can't help thinking, but what if the one being cracked tries to use material that was uploaded from a USB drive or a DVD? From the description, such material wouldn't be on the mirrored drive unless the user uploaded it to a site or sent it as an attachment. For that matter, what happens if Internet service is interrupted or the server the mirror is on goes down?
Similarly, towards the end of the book, the investigative journalist who is the second major character becomes aware that a rival has compromised the network of his magazine. Presumably briefed by the title character, he instructs the staff to install "the PGP encryption programme" so that they can communicate privately.
Besides the stiffness with which PGP is mentioned (which is presumably necessary to tell ordinary readers what it is without stopping for an explanation), what strikes me here is that both the journalist and Larsson seem to forget that the magazine's computers are already compromised. Not only is the fact that the staff are suddenly encrypting email likely to tip off the rival that his activities have been discovered, but what is stop the rival from finding the encryption keys on the hard drive?
The title character makes similar mistakes when she conducts a sting in person. I mean, what is the point of a wig or false breasts or covering your tattoos with makeup if you publicly demonstrate a noticeable talent like a photographic memory?
In the end, the mentions of security, crackers, and PGP are simply there for verisimilitude, to create an illusion of expertise that will convince average readers. All too clearly, too, Larsson is working at the borders of his understanding. That is obvious because, after the discussion of PGP at the magazine, he mentions in an aside that using PGP on a compromised computer is useless. It is as though he sketchily researched security matters, but never absorbed enough of what he learned to notice the major plot hole he created.
Getting Things Right
The majority of readers, I am sure, are content with equating cracking with magic, and never notice when Larsson strains credulity or makes mistakes. So why point out the lapses?
For one thing, the lapses make clear that Larsson did not always do his job. Getting the details right, even when relatively few people will notice, is a matter of artistic integrity, of doing the job properly. Most novelists don't want to distract even a few readers from their story if they can possibly prevent it. Moreover, by learning enough, writers can often improve their plots or correct errors.
More importantly, for those who make a career out of computers, popular references to technical issues are an indicator of exactly what the general public knows (not much, apparently). Personally, I felt mildly pleased to see PGP mentioned in a bestselling paperback, but I would have been far more thrilled -- and less distracted from the story -- if Larsson had got his technical references correct.
Comments
comments powered by DisqusSubscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Systemd Fixes Bug While Facing New Challenger in GNU Shepherd
The systemd developers have fixed a really nasty bug amid the release of the new GNU Shepherd init system.
-
AlmaLinux 10.0 Beta Released
The AlmaLinux OS Foundation has announced the availability of AlmaLinux 10.0 Beta ("Purple Lion") for all supported devices with significant changes.
-
Gnome 47.2 Now Available
Gnome 47.2 is now available for general use but don't expect much in the way of newness, as this is all about improvements and bug fixes.
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.
-
SUSE Renames Several Products for Better Name Recognition
SUSE has been a very powerful player in the European market, but it knows it must branch out to gain serious traction. Will a name change do the trick?
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.
-
Linux Sees Massive Performance Increase from a Single Line of Code
With one line of code, Intel was able to increase the performance of the Linux kernel by 4,000 percent.
replica watches
http://www.rolexclassic.com/Classic_Watches/140/655.Html
http://www.rolexclassic.com/Classic_Watches/139/653.Html
http://www.rolexclassic.com/Classic_Watches/84/2248.Html
http://www.rolexclassic.com/Classic_Watches/111/445.Html
technical references
They seem to be like Dan Brown's ones...