Whether we know it or not, much of our daily lives are controlled in large part by technology. Computers run everything from modern refrigerators to traffic lights and gas pumps.
What if a critical piece of that technology were subverted by someone who found a weakness and exploited it? What
if the attack were based on a zero-day exploit: a hitherto undiscovered bug for which there was no patch? How would the perpetrators be tracked down? And, more importantly, how could the problem be set to rights before the economy were irretrievably damaged?
That’s the premise of Zero Day Exploit: Countdown to Darkness, a novel by security expert Rob Shein (aka Rogue Shiten).
It chronicles the paths taken by two pairs of hackers, one in the Philippines, and one in the United States.
In the Philippines, Lualhati and Agpalo, two computer-savvy Muslim boys being persecuted for their religion, fall in with a terrorist group that has labeled the United States at The Enemy, and wants to attack it.
In the U.S., Reuben and Frank (aka MadFast) meet at a hackers’ conference and become friends.
The story is told in snippets, like a diary or a blog (a “”blog”” is Web log — a sort of online diary). Vignettes start in 1980, when Reuben writes his first little program on an Apple II and becomes hooked on computers, but the real action starts in 2001, when his employer is asked to do a security audit on a virtual private network (VPN) being installed by the U.S. Department of Justice. Reuben calls in MadFast, a cryptography expert, to help with the testing.
They discover that the software is riddled with security holes. They discover that politics and the attitude of people in power at both the DoJ and the vendor supercede little things like national security.
Meanwhile, in the Philippines, Lualhati and Agpalo are busily planning a two-pronged electronic assault that involves, in part — you guessed it — that particular VPN.
Fast forward to 2003, when Reuben notices reports of Internet scanning directed against what looks to him like the vulnerable VPN. Of course, when he reports it to his DoJ contacts, he’s ignored.
And of course, when the you-know-what hits the fan, he and MadFast are called in to try to stuff the genie back into the bottle. Just when they seem to be succeeding, the second half of the attack is launched.
More, I cannot say, except that things get even more interesting for Reuben and MadFast.
The writing in this book is just okay, and you need to put on your propeller beanie for some of it. I’ve never before read a novel that included output from Nmap (a port scanning tool) and the commands to reconfigure a network switch. Shein digresses into explanations (good ones, I might add) of various security concepts, in ways that would make your high school English teacher cringe.
The story is compelling enough to compensate. Whether or not the vulnerabilities and exploits described in it are as critical as they appear is a question I’m not qualified to answer, and even security professionals are divided. But it’s a good read, about real issues.
If you don’t read Zero-Day Exploit as purely deckchair in the sun entertainment, there’s a tremendous amount to learn from it. Shein seems to know his stuff, and his technical editors’ qualifications are also beyond reproach. There’s even an appendix called The Laws of Security, written by security expert Ryan Russell, which explains ways to mitigate attacks like the one described in the book. While security professionals may find it old news, it could be an eye-opener for the rest of us.
Zero-Day Exploit: Countdown to Darkness, by Rob Shein. Syngress Publishing, Rockham, MA. $69.95.