Author: Dr. Philip Cao

 

For the past decade, I have had this notion that there must be a Cybersecurity Canon: a list of must-read books where the content is timeless, genuinely represents an aspect of the community that is true and precise and that, if not read, leaves a hole in cybersecurity professional’s education. I’ll be presenting on this topic at RSA 2014, and between now and then, I’d like to discuss a few of my early candidates for inclusion. I love a good argument, so feel free to let me know what you think.

Trojan Horse (2012) by Mark Russinovich

Like “Zero Day,” another Mark Russinovich novel I recently reviewed for the Cybersecurity Canon, “Trojan Horse” is a book I’d recommend for casual readers. Cybersecurity professionals won’t learn anything new here, but all readers might enjoy wallowing around in a Tom Clancy-esque story with cybersecurity tech as the main focus.

The story picks up two years after “Zero Day” ended. Main character Daryl is now out of government service and working with her better half, Jeff, in his consulting firm. Jeff gets called in to track down a nasty piece of Malcode that changed the contents of an important UN document regarding the Iranian nuclear program prior to publication. Daryl comes in to assist and the two of them discover that the Chinese are behind the UN attacks. Their investigation leads them to stumble upon the Chinese attempting to deliver a STUXNET Eradicator tool to the Iranians.

STUXNET is the infamous Malcode that the west launched against Iran to prevent the nation from building an atomic bomb. (Earlier in the Cybersecurity Canon series, I looked at “Confront and Conceal,” a nonfiction book dealing specifically with this topic.) In “Trojan Horse,” Spy-vs-Spy-type hijinks ensue and our two heroes find themselves in all sorts of threatening physical situations from Chinese agents and their Muslim proxies. You know, all in a typical day for a geek.

That’s what I like about Mr. Russinovich. He throws a lot of ingredients into the pot, applies heat and stirs vigorously. While readers watch all of these things collide with each other, they also get a good history lesson on some recent cybersecurity issues and learn about some interesting hacks, some we have seen in the real world and others we have not seen but given the current cybersecurity landscape are quite possible.

Recent Cybersecurity History 

To sober the audience up a bit, Russinovich talks about the 2009 hacks against unmanned drones in the Middle East. Iraqi insurgents were able to capture video feeds from flying Predators by repurposing a $30 Russian software package called SkyGrabber that was originally intended to snatch music and videos that others are downloading.

Russinovich explains how the Chinese stole the plans for the Pentagon’s $300 billion Joint Strike Fighter jet by hacking into military systems. He also helpfully describes the forces involved in the Chinese Cyber Warfare program, specifically how there are three hacker contingents in the country — the Patriotic Hackers, the Militia and the PLA – and how none report to the same leader.

Russinovich also attempts to describe how STUXNET represents that first real-world example of Cyber Warfare. If you believe David Sanger in “Confront and Cocneal,” the US and Israel have demonstrated that cyber warfare is a viable middle ground option when it comes to diplomacy between sanctions on the one side and bombing and/or occupation on the other.

Just for fun, Russinovich talks about how Jeff and Daryl track down a Malcode author because the hacker placed his home address in the code. This sounds crazy, but this is something that actually happened in the real world. At a TED Talk in 2011, Mikko Hypponen described that very thing.

Hacking Techniques 

Russinovich packs a lot of realistic tech into this story. He needles the anti-virus industry for being behind on discoveries of new malware, explains what a keylogger is and then explains how a nation state in the story uses keyloggers to compromise UN officials.

He also talks about the long-standing cyber philosophy of Responsible Disclosure, in which it is fine for researchers to discover vulnerabilities in commercial software but they should not go public with that information until the vendor has had time to fix it. He also talks about how that practice is losing ground to the lucrative market for selling these kinds of things to governments and independent contractors willing to pay large sums of money for just the right Zero Day.

One of the most interesting things in “Trojan Horse” is that Russinovich has devised a scary new piece of Malcode that, if it existed in the real world, would be a spy’s dream come true. The Malcode in question is smart about how its victim operates. It knows that the victim writes position papers using the Microsoft Word program. In this case, a United Nations official is writing disparaging remarks about Iran’s nuclear program. Once the official saves the final draft, he cryptographically signs the document before he sends it to the intended recipient.

Signing the document like that guarantees the integrity of the file. When the receiver opens the document and verifies the signature, the receiver knows that the document he is reading is the same one that the sender gave him. But therein lies the rub. The Malcode understands that process and inserts itself into the seam. After the author saves the document but before he cryptographically signs it, the Malcode alters the document to say something that the Malcode author wants to be said.

I have not seen a piece of Malcode that does this in the real world, but it could be done. Russinovich even gives the Malcode the same “Call Home” design that the famous Conficker Worm used; essentially, generate thousands of random DNS names and systematically try each at random intervals. The Malcode author would place his command and control server at one of those names in the list of a thousand; kind of like hiding in the noise.

“Trojan Horse” is another fun romp in the political thriller genre that places cybersecurity geeks up front as the heroes. I don’t know that I’d call it a must-read for the cybersecurity professional, but it sure is a fun one.

[Source: Rick Howard]

For the past decade, I have had this notion that there must be a Cybersecurity Canon: a list of must-read books where the content is timeless, genuinely represents an aspect of the community that is true and precise and that, if not read, leaves a hole in cybersecurity professional’s education. I’ll be presenting on this topic at RSA 2014, and between now and then, I’d like to discuss a few of my early candidates for inclusion. I love a good argument, so feel free to let me know what you think.

Zero Day (2011) by Mark Russinovich

A number of the Cybersecurity Canon candidates I’ve discussed so far have been heavier reads. But there are some lighter books I think are worthy of consideration, too. “Zero Day,” by longtime security researcher Mark Russinovich, is one of them.

I appreciate what Russinovich is trying to do with this novel: Tell an exciting, “Die Hard”-like story with interesting cybersecurity people and realistic tech and, at the same time, inform the general reader about how dangerous the current state of the cybersecurity environment is. In a presentation that Russinovich did at RSA in 2012 to supplement this book, he quoted Senator Joe Lieberman:

“To me it feels like it is September 10, 2001. The system is blinking red – again. Yet we are failing to connect the dots – again.”

One of the reasons I started this project was to talk about novels that discuss these ideas in a compelling way. Russinovich has devoted two novels to the idea: Zero Day and 2012’s Trojan Horse. He is also a geek of the highest order: a Microsoft Technical Fellow, a co-founder of the famous Sysinternals website and famous for his discovery of the root kit that Sony BMGinstalled on its music CDs back in 2005.

The good guys in the story are a Mr. Jeff Aiken, an überkind computer security consultant with a past, and Daryl Haugen, the US CERT director and no slouch in the technical prowess department. These two fight the US government bureaucracy in an effort to defeat a follow-on 9/11 cyberattack that is intended to destroy a significant portion of every data system in the US.

Along the way, the reader is treated to colorful descriptions of malicious code attacking an on-board in-flight aircraft computer system causing a near-crash, adjusting the geo-positioning system on a large oil tanker that causes a harbor crash and the spillage of millions of tons of crude oil into the harbor, tinkering with the Supervisory Control and Data Acquisition (SCADA) systems in multiple nuclear power plants, and controlling multiple manufacturing robots on an assembly line that eventually causes the murder of one of the human technicians.

The main hacker in the story is Superfreak (aka Vladmir Koscov), a Russian engineer who has found a way to make a pretty good living building elite malicious code for his benefactors. His benefactors are two Islamic brothers with ties to Osama bin Laden and who are intent on striking the US another significant blow after the first 9/11 attacks. One of the brothers even makes a special pilgrimage across the desert to receive his mission from bin Laden personally.

Russinovich uses this Tom Clancy-ish plot to push the story forward. Along the way, he takes the time to explain the cybersecurity environment to the average reader. He provides decent descriptions of the classic “Salami Slice” bank hack, the game-changing Slammer Worm attack of 2003 that compromised every machine on the planet that it was going to compromise in 10 minutes (some 75,000 victims), the E-Gold Money Laundering scheme (a blackhat internet service that was popular for a few years in the 2000s), and what a zero day vulnerability is. He makes the point about why the US is vulnerable to the plot’s cyber terrorism evil plan compared to other nations based on how completely the US has embraced the internet for day-to-day business.

I first read this book when Russinovich published it back in 2011, and it wasn’t one I recommended that often to cybersecurity friends. The characters aren’t always convincing and the plot favors “on the nose” resolutions instead of more realistic cybersecurity scenarios.

But as a very readable cybersecurity novel intended for a mass audience, it works. It’s important for non-technical audiences to think about cybersecurity issues, and in a business, for cybersecurity professionals to drive awareness. This is something several of my Palo Alto Networks colleagues have touched on and it’s worth repeating: cybersecurity is everybody’s problem.

[Source: Rick Howard]

For the past decade, I have had this notion that there must be a Cybersecurity Canon: a list of must-read books where the content is timeless, genuinely represents an aspect of the community that is true and precise and that, if not read, leaves a hole in cybersecurity professional’s education. I’ll be presenting on this topic at RSA 2014, and between now and then, I’d like to discuss a few of my early candidates for inclusion. I love a good argument, so feel free to let me know what you think.

Confront and Conceal: Obama’s Secret Wars and the Surprising Use of American Power (2012) by David E. Sanger

This book is an interesting read for foreign policy buffs but a must-read for cybersecurity professionals interested in the evolution of cyber warfare. It is the first published book that chronicles the current US government’s thinking about the merits of cyber attacks as a middle-ground diplomacy option between invading a country on one hand and sanctions or negotiations on the other.

It is also the first book that gave the public details about operation “Olympic Games,” a multiyear covert operation that the governments of the United States and Israel directed against Iran that changed the cybersecurity landscape forever. Security pundits have been saying for years that cyber warfare is theoretically possible or, more precisely, that cyber weapons could cause physical damage on a massive scale. Olympic Games demonstrated conclusively that hackers can use a cyber vector alone, without the aid of other kinetic weapons, to destroy components of a country’s critical infrastructure.

Regardless of how successful Olympic Games ultimately was in slowing down the Iranian nuclear program, the use of cyber tools to inflict physical damage against your adversaries is now a viable option. Operation Olympic Games represents the world crossing the line between theory and practice, and this book is your guide to understanding that decision.

In addition to my February 24 presentation on the Cybersecurity Canon, I’ll also be discussing Olympic Games and its implications during a February 28 presentation at RSA 2014. But let’s look here at some of the particulars.

Stuxnet Revealed

In June 2012, David E. Sanger published an article in The New York Times proclaiming for the first time that the United States, in conjunction with Israel, was indeed behind the infamous Stuxnet malware attacks that targeted the Iranian nuclear enrichment plant at Natanz. The article set up his then-new book, which is our subject today.

In both the article and the book, Sanger demonstrated an unprecedented level of access to President Obama’s former staff members that provides insight into how leadership made important changes to American policy around offensive cyber operations. The book is a fascinating look at the inner machinery of how two presidents made decisions that changed US foreign policy; away from President George W. Bush’s “You are with us or against us” mentality into something Sanger calls the Obama Doctrine. I originally picked up the book because of chapter 8, “Olympic Games.” For the cybersecurity professionals in the crowd, this chapter alone is worth the price of admission.

Understanding Olympic Games

Olympic Games is the now-declassified US code name for the cyber initiatives aimed at degrading Iran’s nuclear enrichment capability. Many international leaders are afraid of what Iranian leadership might do if they were to get their hands on a nuclear bomb. Iranian leadership claims that their nuclear program is peaceful and is designed to provide electric power to Iran’s citizens.

In the past, the only options Western governments had to dissuade Iranian officials from their nuclear ambitions were economic sanctions and military strikes. But according to Sanger, as Iran got closer to its goal of building a working nuclear bomb during President Bush’s time in office, Israeli leadership became more and more anxious to pursue the military option since they believed Israel might be one of the first targets of such a bomb. President Bush was not keen on starting a fight with yet another Middle Eastern country. He was already fully engaged with Iraq and Afghanistan. He needed a different way to deal with the problem. The short version of the story is that Olympic Games became the in-between option.

Sanger fills in a lot of details about Olympic Games that many professionals suspected were true at the time but had no evidence to prove. He explains how the operation grew out of military channels under President Bush and how President Obama moved it over to intelligence channels during the first weeks of his administration for legal reasons. Sanger describes how at least as much work went into the legal justification for a covert action to destroy critical infrastructure in a country with which the United States was not at war as the amount of work that the coders did when they planned, built, and tested the actual cyber weapons. He describes how the operation used unwitting Siemens employees who were working at Natanz to transfer the malware into the facility, a facility that had no connection to the Internet. Siemens is the company that builds the supervisory control and data acquisition (SCADA) devices used at the plant to control the Iranian centrifuges that Olympic Games was meant to destroy.

All of this is fascinating detail, and Sanger’s book, along with his preceding Times article, was the first time that the public became aware of it. More importantly though, Sanger’s book marks a spot where cyber warfare moved from a theoretical idea to practical implementation.

Before Olympic Games, security pundits only pontificated about the possibilities of cyber warfare. Some estimates claim that the damage done by operation Olympic Games caused Iranian engineers to replace more than 4,000 damaged centrifuges out of the 9,000 that were on site at Natanz. This is a true cybersecurity warfare event. The world has changed, and you cannot put that genie back in the bottle.

This past year, cyber attackers destroyed the data residing on 32,000 computers from a number of Korean companies, including Shinhan Bank, Nonghyup Bank, Munhwa Broadcasting Corp., YTN, and Korea Broadcasting System. Public attribution is unclear, but the South Koreans believe the attacks came from North Korea. If that’s true, the attack represents the first example of another nation taking its cues from the United States and Israel and operation Olympic Games. I expect that this is just the beginning.

The Tech

Sanger details the three phases of the operation. The first step was to build and deploy a “beacon” designed to map the network at Natanz and get the information back to the United States. The second phase was to build and test the “bug,” the malware that would destroy the centrifuges. The last phase was to deploy and upgrade the bug on the fly to seek new and better targets.

According to Sanger, the intent of Olympic Games was not to destroy the plant completely but to play mind games with the Iranian technicians, to cause confusion within the technical ranks, and to add time on the clock for the inevitable day when Iran would succeed in making enough nuclear material to build a bomb. The jury is still out on whether Olympic Games succeeded, but Sanger uses the operation to make a larger point about the change in US foreign policy under President Obama.

Conclusion

The book is an interesting read for foreign policy enthusiasts, but the Olympic Games chapter in particular is a must-read for every cybersecurity professional interested in the evolution of cyber warfare.

Security pundits have been saying for years that cyber warfare is theoretically possible or, more precisely, that cyber weapons could cause physical damage on a massive scale. Olympic Games demonstrated conclusively that hackers can use a cyber vector alone, without the aid of other kinetic weapons, to destroy components of a country’s critical infrastructure. Regardless of how successful Olympic Games ultimately was in slowing down the Iranian nuclear program, using cyber tools to inflict physical damage against your adversaries is now a viable option. Operation Olympic Games represents the world crossing the line between theory and practice, and this book is your guide to understanding that decision. This book is part of the canon, and you should have read it by now.

[Source: Rick Howard]

For the past decade, I have had this notion that there must be a Cybersecurity Canon: a list of must-read books where the content is timeless, genuinely represents an aspect of the community that is true and precise and that, if not read, leaves a hole in cybersecurity professional’s education. I’ll be presenting on this topic at RSA 2014, and between now and then, I’d like to discuss a few of my early candidates for inclusion. I love a good argument, so feel free to let me know what you think.

Snow Crash (1992) by Neal Stephenson

Every cybersecurity geek on the planet should embrace this book. It has everything that we like: Metaverse hacking, real-world swordplay, awesome weapons, and—to cap it all off—the hacker ends up with the girl.

Neal Stephenson is a cyber geek of the first order, and his personality is all over this story. His description of the “Metaverse” and the “avatars” that live in it, both terms he made famous in this book, are so prescient that anybody playing World of Warcraft or using Second Life today would feel right at home. Stephenson is an author who truly understands the hacker culture, so it’s not surprising Snow Crash wound up on Time magazine’s list of 100 novels everyone should read, among countless other accolades.

Why It Holds Up

I recently reviewed the classic cyber punk novel Neuromancer, so I figured I would continue the trend and review another classic in the genre to see if it too still holds up. Well, that, and as I’ve already mentioned, Stephenson is one of my favorite authors in this or any genre.

I first learned about Stephenson after reading his excellent article called “Mother Earth Mother Board” in Wired Magazine in 1996. He told the story about how the world is connected through massive runs of transatlantic cables that traverse the ocean floors and electronically and physically connect three continents to each other. To do the research, he traveled to each location where the cables made landfall and told the story about how it all comes together. But it was not until I read Cryptonomicon and In the Beginning…Was the Command Line, both published by Stephenson in 1999, that I became a fan. Cryptonomicon is the best “hacker” novel I have ever read, and after encountering that, I went scurrying back to the library to see what else Stephenson had written. That is when I stumbled upon Snow Crash.

Oh my!

Stephenson wrote this book in 1992, eight years after Neuromancer. At this point, authors well understood the main ideas of the style: stories written in a near dystopian future where technology is advanced, governments have withdrawn in potency to be replaced by corporations, and man-machine interfaces and cyborg beings are the norm. But Snow Crash was like nothing I had ever read before. This was my first cyber punk novel (I still hadn’t read Neuromancer for the first time), and every page read like the author was dropping new ideas onto the page like Mardi Gras beads hitting the ground on Bourbon Street. Stephenson wanted to have some fun with it, and the opening pizza-delivery scene reads like you are being launched out of a cannon.

Snow Crash’s main character is named Hiro Protagonist (see what I mean about having some fun?), a self-proclaimed master swordfighter, hacker in the three-dimensional Internet space called the “Metaverse,” and pizza deliveryman. He teams up with YT (Yours Truly), a 15-year-old skater girl courier, and Uncle Enzio, a mafia kingpin and bankroller for the good-guy team. The bad guys are represented by L. Bob Rife, a Pentecostal evangelist and fiber-optic monopolist, and Raven, a motorcycle-riding, nuclear-bomb-wielding Aleut—as in Aleutian native—who is roughly the size of a house. The catalyst to all of this good-versus-evil business is Snow Crash, a virus that works both in the “Metaverse” and in the real world that L. Bob Rife intends to use to infect the world.

The Tech

Snow Crash itself is a neural-linguistic virus. By that I mean that Snow Crash is a meme that was buried deep in the human brain and forgotten until the bad guys in this story figure out how to unlock it. Stephenson leverages the theory of memetics that was introduced by Richard Dawkins in 1976 with his book The Selfish Gene.

Dawkins said that memes may be another way that humans evolve other than gene mutation. According to the theory, memes are ideas that humans transmit to one another across generations and may account for long-lasting ideas like religion, morality, and crop rotation.

In this story, pre-Christian religious leaders controlled the masses with the Snow Crash meme. The virus’s secrets were lost to history until L. Bob Rife (the story’s bad guy) rediscovered them and found out that hackers plugged into the “Metaverse” were susceptible to the digital virus that used them. Hiro asks his girlfriend, “This Snow Crash thing – is it a virus, a drug, or a religion?” She replies, “What’s the difference?”

According to Stephenson, he invented the term “Metaverse” for this book. Readers will most likely associate the “Metaverse” with online role-playing games (RPGs) like World of Warcraft and online heightened-reality experiences like Second Life. But Stephenson’s description of the “Metaverse” in the first 30 pages of Snow Crash is almost a blueprint to building these kinds of worlds. When you consider that the designers of Google Earth used Stephenson’s description as a model and that he published the book two years before World of Warcraft debuted and 11 years before Second Life launched, you realize just how prescient Stephenson was. In a perfect example of the definition of “meta,” players in the Second Life Metaverse annually reenact the Snow Crash novel.

The term “avatar” originates from Hindu mythology and refers to the form of a god living on earth. Game designers adopted the term to represent characters in RPGs as far back as 1979. But Stephenson’s use of the word to describe his characters’ online personas—not just any character but the representation of his or her own personality in the “Metaverse”—catapulted the word into the popular culture, so much so that the word was common enough for James Cameron to use as the title of his blockbuster movie in 2009.

Conclusion

By culturally defining “avatars” and the “Metaverse” for the geek crowd and being one of the first Internet commentators to realize how important memes are, Snow Crash is must-read for any Internet history enthusiast and security professional. It is canon. You should have read this by now.

[Source: Rick Howard]

For the past decade, I have had this notion that there must be a Cybersecurity Canon: a list of must-read books where the content is timeless, genuinely represents an aspect of the community that is true and precise and that, if not read, leaves a hole in cybersecurity professional’s education. I’ll be presenting on this topic at RSA 2014, and between now and then, I’d like to discuss a few of my early candidates for inclusion. I love a good argument, so feel free to let me know what you think.

Neuromancer (1984) by William Gibson

William Gibson’s landmark Neuromancer is a must-read for every cybersecurity professional, not because you will learn new insights into your craft, but because you will understand why this book was so influential to the cybersecurity zeitgeist back in the day.

Gibson invented and clarified the language that we are still using today ten years before it became mainstream. He coined the word “cyberspace,” launched the “cyberpunk” genre, pontificated about “the singularity,” guessed (correctly) that “hacktivism” would be a thing, and understood that we would need a form of ” search” long before any of us even knew how vital Google and similar services would become. You should have read this by now.

Gibson published Neuromancer in 1984 and subsequently received multiple book awards for his efforts, including The Nebula Award for Best Science Fiction Novel and The Philip K. Dick Award for Best Science Fiction Paperback. Among his accolades,

Gibson is credited with one of the best ever opening novel lines:

“The sky above the port was the color of television, tuned to a dead channel.”

Literary critics subsequently tagged this novel as the “quintessential” work in a new genre called cyberpunk. Gibson himself chafes a bit at that label, but it may be that label that got security geeks interested in the book in the first place.

Scholars categorize cyberpunk as stories written in a near-dystopian future where technology is advanced, governments have withdrawn in potency to be replaced by corporations, and man-machine interfaces and cyborg beings are the norm (think Blade Runner if you are having trouble getting your head around the concept). Sci-fi writers invented cyberpunk when they realized that there might be another path to the future besides the one advertised by Star Trek and Star Wars, one that is not as pristine and humanitarian as, say, Ender’s Game. Cyberpunk worlds always have some grit to them: sex, drugs, and rock and roll.

But I don’t think cyberpunk itself is the draw for security geeks. The draw, in my mind, is a combination of elements that is consistent in popular geek entertainment today.

Hackers and Cowboys

The main Neuromancer character is Case, a world-class hacker, referred to as a cowboy in the book, who has fallen from grace. The government caught him doing something stupid and, through surgery, made it impossible for him to ever connect to the Internet — “jack” into “cyberspace” — again.

The story opens with Case on his last leg, hustling the streets of Japan for drug and booze money, cigarettes and if he had anything left over, food. He is literally days away from expiring. Through a series of random meetings that the reader does not understand until midway through the book, Case gets a chance at redemption.

He ends up joining a misfit team: The Leader, Armitage (ex-military); The Assassin, Molly (a beautiful cyborg); The Techie, Finn (a prototypical scrounger); and The Mentalist, Peter (a psychopathic mind bender). Case completes the team as the resident cowboy. The leader seems to have unlimited funds at his disposal and pays to reverse the process that prevents Case from jacking in (and pays to have his kidneys amplified so that his body cannot process drugs either – bonus!). The reader is never really sure what the team’s ultimate objective is until close to the end of the story, but along the way we get plenty of Kung Fu between the assassin and every bad guy we meet, love-making between the hacker and the assassin, and a verbal description of what it means to hack that is eerily similar to how modern computer gamers play today.

What’s not to like? Why wouldn’t the cybersecurity geeks of the world love a story where the loser-hacker can win the girl, hack for a greater good, be critical to a super-ninja’s purpose, and ultimately be the hero in the story? The cyberpunk elements make the story fun, but the hacking-copulating-jujitsuing elements make the story soar, at least to a geek like me.

The story itself is really about the incipient moments before “the singularity,” that moment when an artificial intelligence, a software program, becomes sentient. You know what I am talking about. This is a standard sci-fi trope today probably best known in the Terminator movies when Skynet goes online and decides that humans are no longer needed. In Neuromancer, the singularity is still a relatively new sci-fi idea, and the reader discovers that the power behind the leader is really an artificial intelligence called Wintermute. Wintermute is a subprogram working for a larger artificial intelligence called Neuromancer.

The Tech

Gibson invents some new culture in this book too, and when I remember that he published it in 1984, I get chills thinking about how prescient he was. Two ideas come to mind. The first is a hacktivist group called the Moderns. Remember that in 1984, the Internet was little more than a white board diagram and some primitive university communications systems. Yet, Gibson had the vision to predict cyber hacktivists – which these days continue to be all over the news — and described them this way:

“Moderns: mercenaries, practical jokers, nihilistic technofetishists.”

If that is not the perfect description of Anonymous, I don’t know what is.

The second idea comes in the form of a personalized search engine Gibson calls the Hosaka. The Hosaka is basically an artificial intelligence that searches the Internet for whatever the user requires. This is not quite what Google does for us today, but it is very close.

Conclusion

I thoroughly enjoyed reading this book. It really is a must-read if you want to understand the cybersecurity culture of today, not only because it is one of the first cyberpunk novels, but also because it is ripping good story that discusses things that cybersecurity geeks like to talk about: kung fu, getting the girl, and making hacking sound fun and exciting. How cool is that?

[Source: Rick Howard]