Hacking a book: how I became Lisbeth Salander

News Special Projects

We all know what computer hacking scenes in movies look like – the hackers are ultra-cool, super sexy with five monitors and the most colorful hacking tools you’ve ever seein. The hacker is able to penetrate any system/network/firewall by using all kind of weird methods that no one ever heard of.

To those of us with any kind of a technical background, these scenes almost always make no sense.

Before joining Kaspersky Lab I was breaking into companies for a living, legally of course upon requests from clients. We were hackers and we were identifying security vulnerabilities and issues that could allow attackers to compromise databases, systems and take control over the network. We spent most of our time staring into a black terminal with white text, and that was it. That's actually what hacking looks like.

Aside from the real world look and feel, the movie industry and many fiction writers have a problem understanding what is actually possible in a hack. Some people might argue that ANYTHING is possible as long as you have found and exploited the vulnerable system.

One day I received a phone call from a guy named David Lagercrantz, whom — to be honest — I had never heard of before, but after a quick Google search I saw that he actually written some high profile books. He told me that he was working on another book in the Millennium series, and wanted to sit down and talk about hacking.

For those who don’t know the books in the Millennium series, these are books about a female computer hacker by the name of Lisbeth Salander. The Millennium trilogy was initially written by the Swedish author Stieg Larsson and consists of the following books: ” The Girl With The Dragon Tattoo”, “The girl that played with fire” and “The girl who kicked the hornet’s nest”.

Lagercrantz was working on the fourth book in the Millennium series, “The Girl in the Spider’s Web” and wanted to do something different. He wanted to know how hackers actually compromised systems, to add a portion of reality in the books. My goal was to help him understand what hacking is all about and make him understand the difference between Trojans, viruses, exploits, backdoors etc. I also tried to explain to David that hacking is not trivial; it does require quite a lot of research and enumeration.

The first time we met, we sat down in a restaurant in a hotel in Stockholm and we really got into the details about the different methods someone could exploit to remotely access a computer system. This covered everything from weak passwords to software vulnerabilities and social engineering.

During our conversation we had at several times some ladies coming up to us, asking how we were, what we were doing there and we both wondered what was actually going on. We then found out that we were in the middle of a blind dating meeting location. At this point we decided to have contact via phone and email instead.

Everyone, regardless of their technical background, should be able to understand the subject matter. David was very strict about that; we really wanted authentic and realistic hacks in the books. Another major challenge was that Lagercrantz wanted to write about things, which are extremely difficult to achieve, such as breaking certain encryption methods. But after several phone calls and discussions I think we were able to include some very exciting hacking scenes in the book.

I have not read the book yet, so for me this is extra exciting. It is great that David actually took his time to understand hacking, and not write about something that he didn’t know anything about. I am pretty proud to have met David and have the opportunity to act as an advisor for the technical hacking details. It is going to be very interesting reading a book that actually contains authentic hacking techniques and methods.