Wednesday, February 17, 2010

Trope-ing the light fantastic (hacking)

Hacking happens every day. It happens often to organizations with lots of credit-card info (e.g., to TJ Maxx in 2007). It happens to the Pentagon. Quite recently, it happened to Google.

If hacking is so common, why do  I suggest it's a trope?  Because all too often in fiction, hacking is the first resort of lazy authors.

I'm most often bugged by hacking-as-trope in movies and on TV (hey, script writers are authors, too). In the 2001- 2006 spy series Alias and the current caper series Leverage the good guys break into any system all but instantly. Once there, they never have any problem finding whatever information they want. I'm sure you can think of other examples. 

Unless your opponents are really, really careless, breaking into a secured system or network takes time. Once you break in, the files may be encrypted. (I'll give 24 credit here -- the files Jack Bauer obtains sometimes are encrypted, and CTU struggles, for a little while, anyway, to decrypt things.) On most real-world computers, finding the data you want -- amid the obsolete versions and the gigabytes of uninteresting stuff -- also takes time.  And the file you want isn't conveniently named "Evil Overlord's plan to ..."

In the real world, the stuff worth protecting is ... protected. There are firewalls. Security gateways. Authentication checks. Operating systems and applications are patched from time to time. Security software keeps users from setting easy-to-guess passwords. Virus software is kept reasonably up to date. Intrusion detection software runs regularly, and it will notice unauthorized accesses and changes.

What else? Some hackers post vulnerabilities online to force vendors to plug the security holes. Open-source software communities steadily improve their offerings -- and hence Firefox is a more secure and reliable browser than Internet Exploder (and FF is quickly repaired when a problem is found).

Guessing passwords is so ... 1990 or so. And anyone with an ounce of sense still requires that a password be used with the biometric sensor. (Cutting out eyeballs as in Dan Brown's Angels and Demons, to get access to a big bucket of antimatter? Come on.)

Back to the recent Google hack. Breaking into selected Google systems took persistent effort (with, apparently, a hacker school involved). Tthe attack was detected. And Google is only a semi-evil overlord.

When hacking becomes integral to a storyline, and the hacking is effortless and near-instant, then the author is:
  • woefully ignorant.
  • choosing to ignore real-world tech.
  • relying on the people running the targeted computer system being absurdly lazy or careless.
Let's put the hacking trope into a larger context. The faster-than-light stardrive trope lets the writer set a story anywhere.  The time-travel trope lets the writer set a story anywhen. And the hacking trope allows the writer to have his characters know anything.

Has my fiction ever used hacking. Sure. When I do, I like to think I do so realistically -- typically not as a trope.

Hacking-not-as-trope takes time.  It takes effort.  It takes research about the specific situation. It reflects what's happening in the story; it's not a quick fix to move the story along.

Examples?

In one minor aspect of Small Miracles, one set of characters want to spy on another set. Rather than "Bad Guys hack Good Guys" -- end of explanation -- the bad guys recruit a deputy system administrator, and she is in the position to declare a router patch buggy. Only after the security patch has been backed out is she able to distribute keylogging software undetected to monitor the good guys.

In my upcoming novel InterstellarNet: Origins (sorry -- no link yet -- but stay tuned), open-source software, encryption, and public key infrastructure become ubiquitous components of the interstellar e-commerce infrastructure. Just wait to you see what lengths the bad guys have to go to in that environment. It's hacking as a plot element, rather than a trope.

Okay, that's  a long enough rant for one day.

2 comments:

Ian said...

It is also too bad that the
term 'hacking' has almost
universally acquired
such sinister connotations,
generally denoting actions
with malicious (or at least
mischievous) intent.

Hacking once referred to
the computer programming
equivalent of a jazz improvisation;
a hacker was simply someone
adept at on-the-fly
engineering, a person skilled
at retooling and recoding
existing 'ware (both hard
and soft) to preform
functions other than that
intended by its original
design.

Edward M. Lerner said...

There are also so-called ethical hackers, who work to improve security on systems and networks. (Of course without the UNethical hackers there would be no need for the ethical kind.)

- Ed