Review of At Large

Title:
At Large, the Strange Case of the World's Biggest Internet Invasion
Author:
David H. Freedman and Charles H. Mann
Publisher:
Simon and Schuster
Date:
1997
ISBN:
0-684-82464-7
Pages:
315
Price:
$24.00

Reviewed by Nick Christenson, npc@jetcafe.org

December 31, 1997

Since Cliff Stoll wrote Cuckoo's Egg in 1989, we've been inundated with similar books about wily hackers, their exploits, and how they were finally caught. At Large is another one of these, detailing the exploits of "Phantom Dialer", a kid from Oregon, who broke into many hundreds of computers over the Internet in the early 1990s.

The book is not without it's share of hyperbole, subtitled The Strange Case of the World's Biggest Internet Invasion. The liner notes claim that the book, "... is the astonishing, never-before-revealed tale of perhaps the biggest and certainly the most disturbing computer attack to date,...". While the events are interesting and the account reasonably well written, the story certainly doesn't live up to this hype. Yes, the perpetrator broke into a lot of computers. Yes, it points out the inherent vulnerabilities of the Internet, although no more definitively than any other book of the genre. Yes some folks lost a fair bit of sleep over these incidents, but on the "disturbing" index, this story doesn't crack the top ten.

I would've reacted more positively to this book if it weren't for all the hype it presented. I feel it's implied that we're going to be blown away by the exploits related here, but let's face it, Phantom Dialer didn't do truly massive amounts of damage to computer systems all over the world, he just broke into them, although he certainly could have. It wasn't the case that nobody could track him down, it's just that (a) the legal system wasn't ready at that time for a case like this, (b) law enforcement wasn't interested because they didn't understand the threat, and (c) many, if not most, of his victims didn't care much that they had been penetrated. Big, yes, a problem for many people, yes, the "... most disturbing computer attack to date,...", sorry, no.

Additionally, the book fails to discuss any of the significant changes that have been made in the laws and law enforcement that make Phantom Dialer a less significant threat today than 6 years ago. While it is true that Internet security is still woefully inadequate, exactly this sort of invader is much less likely to get this far or last this long. I'm not at all saying that the Internet isn't vulnerable, or that these sorts of attacks won't work, but there are more folks paying attention to security these days and their remedies are more rapid and precise. It is much less hard to keep a Phantom Dialer out of one's network these days than it was. There are still very significant threats to one's networks, but this guy isn't one I'm worried about.

Still, it is an account of a hacking/cracking story that heretofore had not received much, if any, public distribution. It's a story that's worth hearing, but quite honestly, the important parts of the book could have been related as an article in Wired and not lost anything. Add At Large to the list of unremarkable, although by no means embarrassing, similar works.

I would guess that reactions to this book will be mixed. Those with any understanding of the state of Internet security won't be surprised or shocked by anything in the book. Those that are interested, but non-technical may be shocked and appalled. If they are, so much the better for the state of the Internet. Those involved with the hacking/phreaking community will probably feel that the book is another lame attempt by the conventional press that fails to reveal anything worthwhile about what they're really like. I would have no counter arguments for any of these claims.

At its heart, this book is yet another unremarkable attempt to duplicate the greatness of Cuckoo's Egg. For me, I found it mildly entertaining to see how folks I know are depicted, and it does help make some sense out of the CERT advisories circulated at the time, but that's about it. Read it if you feel you must, but don't expect greatness.

Capsule:

If you enjoy reading every book of this genre, it's about as good as most. If you were involved in Internet security in the early '90s, this book will help explain some of what was going on and why. Unfortunately, though, the book in no way lives up to the hype on the jacket. It's another passable, if unremarkable, story of computer security violations riding the coat tails of the excellent Cuckoo's Egg.