The Girl with the PGP Encryption Programme
Off the Beat: Bruce Byfield's Blog
Earlier this week, a neighbor loaned me Stieg Larsson's The Girl With the Dragon Tattoo, the mystery that everyone seems to be reading this summer. Mostly, it's an intelligent light read -- even if the climax does occur three-quarters of the way through-- and the book is very lucky in its translator, Reg Keeland. However, my enjoyment is diminished by the sometimes less than expert treatment of computer security issues
Larsson gets some things right when he discusses computers. His detailed stats for a state of the art Mac in 2005 sound correct to my memory, and his assumption that most people do not protect their computers with a password, much less any other security measures is -- unfortunately -- still true today.
However, when he starts talking about computer security, his touch becomes less sure. For instance, the revelation that the title character is a "hacker" (he means "cracker," of course), is meant to be astounding when it occurs halfway through the book. You can tell, because the sentence that reveals the fact is italicized, and contains one of the rare instances of swearing in the book.
Yet, considering that the title character conducts security investigations for a living, and has a reputation for finding obscure information, any half-aware reader had deduced the fact long before it is revealed. Even five years ago, when computer users were even less security-conscious than they are now, the fact would have been obvious. Yet apparently Larsson assumes that most readers would miss what most IT professionals would find obvious.
Crackers and Magicians
The trouble is not only that Larsson is dealing with issues that he barely understands, but also that he cannot resist the Hollywood touches. His crackers are anti-social Goths, at least one of whom -- the title character -- is described as having Asperger's Syndrome. They break into any computer effortlessly, and juggle money from one account to another in a matter of moments, unhampered by any delays for verification or any other form of security.
In fact, in Larsson's book, "hacker" is almost synonymous with "magician." For instance, one of them who is known as Plague "invented a type of cuff that you fasten around the broadband cable . . . . Everything that [the user] sees is registered by the cuff, which forwards the data to a server."
How this cuff is supposed to work through the cable insulation is not explained. It sounds, though, like a hardware version of a packet sniffer. A few bits at a time, it creates a mirror drive on a server that integrates with the machine's browser.
Soon, the user is "no longer working on his own computer," the title character explains, "in reality he's working on our server. His computer will run a little slower, but it's virtually not noticeable. And when I'm connected to the server, I can tap his computer in real time. Each time [he] presses a key on his computer I see it on mine."
All very well, I can't help thinking, but what if the one being cracked tries to use material that was uploaded from a USB drive or a DVD? From the description, such material wouldn't be on the mirrored drive unless the user uploaded it to a site or sent it as an attachment. For that matter, what happens if Internet service is interrupted or the server the mirror is on goes down?
Similarly, towards the end of the book, the investigative journalist who is the second major character becomes aware that a rival has compromised the network of his magazine. Presumably briefed by the title character, he instructs the staff to install "the PGP encryption programme" so that they can communicate privately.
Besides the stiffness with which PGP is mentioned (which is presumably necessary to tell ordinary readers what it is without stopping for an explanation), what strikes me here is that both the journalist and Larsson seem to forget that the magazine's computers are already compromised. Not only is the fact that the staff are suddenly encrypting email likely to tip off the rival that his activities have been discovered, but what is stop the rival from finding the encryption keys on the hard drive?
The title character makes similar mistakes when she conducts a sting in person. I mean, what is the point of a wig or false breasts or covering your tattoos with makeup if you publicly demonstrate a noticeable talent like a photographic memory?
In the end, the mentions of security, crackers, and PGP are simply there for verisimilitude, to create an illusion of expertise that will convince average readers. All too clearly, too, Larsson is working at the borders of his understanding. That is obvious because, after the discussion of PGP at the magazine, he mentions in an aside that using PGP on a compromised computer is useless. It is as though he sketchily researched security matters, but never absorbed enough of what he learned to notice the major plot hole he created.
Getting Things Right
The majority of readers, I am sure, are content with equating cracking with magic, and never notice when Larsson strains credulity or makes mistakes. So why point out the lapses?
For one thing, the lapses make clear that Larsson did not always do his job. Getting the details right, even when relatively few people will notice, is a matter of artistic integrity, of doing the job properly. Most novelists don't want to distract even a few readers from their story if they can possibly prevent it. Moreover, by learning enough, writers can often improve their plots or correct errors.
More importantly, for those who make a career out of computers, popular references to technical issues are an indicator of exactly what the general public knows (not much, apparently). Personally, I felt mildly pleased to see PGP mentioned in a bestselling paperback, but I would have been far more thrilled -- and less distracted from the story -- if Larsson had got his technical references correct.
Comments
comments powered by DisqusSubscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
So Long Neofetch and Thanks for the Info
Today is a day that every Linux user who enjoys bragging about their system(s) will mourn, as Neofetch has come to an end.
-
Ubuntu 24.04 Comes with a “Flaw"
If you're thinking you might want to upgrade from your current Ubuntu release to the latest, there's something you might want to consider before doing so.
-
Canonical Releases Ubuntu 24.04
After a brief pause because of the XZ vulnerability, Ubuntu 24.04 is now available for install.
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.
-
Linux Usage Increases in Two Key Areas
If market share is your thing, you'll be happy to know that Linux is on the rise in two areas that, if they keep climbing, could have serious meaning for Linux's future.
-
Vulnerability Discovered in xz Libraries
An urgent alert for Fedora 40 has been posted and users should pay attention.
replica watches
http://www.rolexclassic.com/Classic_Watches/140/655.Html
http://www.rolexclassic.com/Classic_Watches/139/653.Html
http://www.rolexclassic.com/Classic_Watches/84/2248.Html
http://www.rolexclassic.com/Classic_Watches/111/445.Html
technical references
They seem to be like Dan Brown's ones...