Black Hat: Misfits, Criminals, and Scammers in the Internet Age by John Biggs

Bookstore shelves are crammed with computer books with instructions on running a virus check, installing a firewall, and protecting personal data. Black Hat: Misfits, Criminals, and Scammers in the Internet Age by John Biggs stands apart from the dummies books and that ilk by the sociological examinations of the internet’s villains. For example, instead of just talking about spam filters, this book interviews some of spam world kingpins. And instead of merely discussing viruses, Biggs actually tracks down worm-writers in Eastern Europe to learn their motives. Black Hat is partly a technical book, partly a detective novel, and partly a sociological treatise.

One of the opening chapters covers the hot button issue of email spam. We are introduced to Alan Ralsky, the self-described King of Spam. He runs companies called Creative Marketing Zone Inc.,, Additional Benefits, MPI Global, and others but all of these companies are considered fronts for spam enterprises. He brags about his servers and system that disgorge over 650,000 emails each hour from his Michigan home. Ralsky’s activities are so infamous that he has become the target of motivated anti-spam movements, including having his personal information posted on the internet, yet he remains defiant and maintains that he is doing nothing wrong. In many ways, Ralsky’s arguments make sense. But the cost of spam is quickly becoming a burden. Black Hat points out that “in July 2003, a spam catcher at MasterCard International tagged half of the company’s 800,000 inbound emails as spam. Back office folks, the CTOs and system administrators who keep email flowing, estimate they spent $49 per user in 2003 to help stop the flow.” Biggs is pessimistic about winning the war on spam, but he does point out some ways to protect against the deluge; to hopefully keep it at a trickle. Perhaps the most interesting part of the spam discussion is the detailed dissection of the mess of characters and HTML code that accompany spam messages and how these characteristics are manipulated to confuse spam filters.

One of the more interesting critters brought to the light in Black Hat is a 16-year-old worm writer who calls himself Second Part to Hell. He lives in Murau, a city in the Alps in Austria and blasts White Zombie, Nirvana, and Sepultura while creating his worms. Not content to just create worms and viruses, he’s actually concocted an entire system called the BatchWormGenerator. Second Part to Hell is talented, dedicated, and skilled:

His viruses are compact and, in a way, beautiful. He’s proud of the things he adds into each of his programs, including a method that converts all of the recognizable text in his viruses into gibberish to fool antivirus programs. To understand how difficult and complex his programs are, imagine trying to lift yourself off the ground by your own heels. In computing terms, he does this with almost every virus he creates.

Second Part to Hell is part of a cabal of whiz kids that are all in high school or college, know up to five computer languages, and can outhack most corporate programmers who populate thousands of cubicles in the Dulles Technology Corridor or Silicon Valley. Second Part to Hell and his colleagues like to think they are not a threat. They personally have not used their worms to deliver any malicious payload. However, by spreading around their worms and making them available to anyone, they are providing the mechanisms for wreaking havoc. Like a corner office, Wharton-trained executive at Smith and Wesson, Second Part to Hell says that he isn’t hurting anyone and that he can’t control how his creations are used. Black Hat traces some of Second Part to Hell’s predecessors, detailing viruses and worms from the early days in 1988 up to recent catastrophes like the Slammer virus that shut down airline reservation systems and even clogging the lines of communication used by 911 officers. Another detailed dissection of computer viruses, complete with the lines of code, is also included as well as instructions for protecting computer health.

Of particular interest to pop culture fanatics is a detailed examination of piracy, both in the form of illegal CDs of music and movies as well as file-sharing “copies.” This is one of the discussions in which Black Hat distinguishes itself from typical how-to computer books in that it examines the social aspects of these technical trends. Beginning by describing the author’s experience at a large scale, open-air market for pirated goods in Poland, the author points out that all of the hype about file sharing and teenagers is simply hyperbole spewed forth by an outdated entertainment industry. “Record companies can sue as many 12-year-olds as they want. Microsoft can sic their lawyers on entire nations. The movie industry can create as many feel-good commercials as it deems necessary, but the equation will always be the same: piracy cannot be stopped.” The reason piracy cannot be stopped, Biggs argues, is that the industry is archaic and fears change. CDs cost almost $20 and a night at the movies for a family of four can approach one hundred dollars. The industry that says college kids in a dorm-room downloading music is going to be their death knell, but weren’t they also the same ones who said VCRs would ruin the movie industry? And weren’t they the ones who said that kids taping songs off the radio would harm record sales? Keep going back in time and you’ll keep hearing more “the sky is falling” predictions from the entertainment industry. Instead of adapting, the industry files lawsuits against high school kids; at the date of publication, the Recording Industry Association of America had filed 382 lawsuits and received 220 settlements of about $3,000 each. That’s a total of $660,000 for the industry. Compare that with the initial launch of Apple’s iTunes. The industry as a whole scoffed at Apple’s plans and said there was no market for such a service. And then iTunes sold one million songs online in its first week of operation. At 99 cents per song, that amounts to $990,000 of almost pure profit. How much was spent on lawyers for all those legal proceedings? How long did it take to bring in the six hundred grand collected from individuals? And then a novel idea, with good technology behind it, brings in three hundred thousand dollars more in one single week. Contrary to the industry’s wailings, the public is willing to pay when the service is good and affordable.

Black Hat finishes with examinations of hacking (including a treatment of one of the first hackers Lord Digital) and chapters explaining tips on how to protect your computer against the dark side of the internet. A glossary is also included for neophytes. Black Hat is an interesting examination of the underbelly of the information superhighway, but it should be stated that this is not a book for system administrators. There are many, many more detailed and more technically sophisticated books available. However, this book is unique in the breadth of topics it covers and in its examinations of the social and personal aspects of these very technical discussions. Other books tell you how to avoid internet scams, but they won’t introduce you to Steve Bedrosian who makes a living selling “dehydrated water” and “carbon-free diamonds.” Other books will tell you how to install firewalls and spam filters, but they won’t introduce you to Second Part to Hell and Alan Ralsky. Black Hat is distinguished by these introductions, the interviews with internet pirates, and the treatment of the social conditions that create them.