BREAKING AND ENTERING
The Extraordinary Story of a Hacker Called Alien
By Jeremy N. Smith
292 pp. Houghton Mifflin Harcourt. $28.
When the F.B.I. warned the Democratic National Committee that hackers had broken into its system before the 2016 elections, the help desk dismissed it as a potential prank call. And when the Russians used a phony Google alert to try to snatch the email password from Hillary Clinton’s campaign chairman, the I.T. guy incorrectly said the warning was legitimate.
In “Breaking and Entering: The Extraordinary Story of a Hacker Called ‘Alien,’” Jeremy N. Smith tells a tale of computer intrigue, but not through the eyes of the black hats whose misdeeds have dominated recent political news. Instead, Smith wants you to meet the people behind the help desk — the tech gurus and security consultants standing between us and digital carnage.
With his 1989 best seller “The Cuckoo’s Egg,” the author Clifford Stoll demonstrated that the lowly computer technician can make a wonderful hero. He described tracking Russian spies across networks and solving an espionage mystery of the early internet era. Without such a singular case to crack, however, Smith must rely on the career trajectory of a cybersecurity expert to propel the story.
That’s a lot to ask. When someone from your I.T. department sends an email telling you to change your password, does anyone stop and think, “I bet that guy has an interesting story!” Smith addresses this problem head-on, making clear at the onset that we are not talking about just any computer geek. We meet our leather-clad hero — a woman nicknamed Alien who runs a boutique cybersecurity firm — as she swaggers through a Las Vegas hacking conference. And Smith poses the story’s central question: How did she get to be such a badass?
Despite the book’s subtitle, however, the answer turns out to be more predictable than extraordinary. Alien studied computer science at M.I.T. and parlayed a connection there into a job at Los Alamos National Laboratory, which launched her into the information security world.
Further complicating things, Smith gives every character and company a pseudonym and changes the locations of key events. We are told this is to protect their privacy, but the effect is that Alien, on whom so much is riding, feels distant. This distance is compounded by the fact that “Breaking and Entering” includes long stretches of dialogue and precise details from decades-old events. When you never quite know how much about a character is fictionalized, such precision can make the scenes feel reimagined.
Smith’s writing style, though, is crisp as he charts the course of Alien’s life in a series of vignettes, from uncertain undergraduate to successful business owner. The structure works because Smith is a lively storyteller. We are in capable hands as Alien tests corporate security by crafting phishing emails and schmoozing her way into executive suites to steal computers.
But the format is also restrictive. Alien came of age during the birth of the modern information security age, and at times I wished we could have stepped back a bit from her story to see the bigger picture. Instead, tethered to Alien, we can see only as far as she can in the moment.
For instance, Alien experiences several gut-punch reminders that she is a woman in a male-dominated industry. She is saddled with administrative tasks. A male peer introduces her as a “junior consultant.” And a roomful of men eye her with curiosity at a conference. These moments cry out for a pause, some context, a bit of reflection on the security industry in the #MeToo moment. But instead we are whisked off to the next vignette.
The story offers just enough technological details to establish its bona fides without slowing its pace. It is a difficult balance. Alien’s social-engineering techniques have been detailed in books by and about the hacker Kevin Mitnick and elsewhere, and will come as no surprise to tech-savvy or security-conscious readers. More casual readers will get an introduction to that world, but not a guide to help them understand it.
Which is a shame, since the real Alien — she is easily identifiable if one is so inclined — has a well-earned reputation as an expert in her field. Her work is taught at universities, bar associations and the world’s top conferences. She is, as Smith set out to show, a security badass. Yet we hear very little from her in the present. The focus on how she got there is interesting, and at times quite fun, but it comes at the expense of the wisdom she acquired on the journey.
If there’s one lesson to be learned from Alien’s story, it is this: As Russian hackers challenge democracies and criminal attacks turn our personal data into commodities, we cannot turn to technology to save us. Security is only as strong as the employee who tapes his passwords to his cubicle, the overworked guard at the front desk and, yes, the person on the other end of the line when you call the help desk.
Orignially published in NYT.