{"id":4580,"date":"2014-01-28T08:00:56","date_gmt":"2014-01-28T16:00:56","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=4580"},"modified":"2020-04-21T14:39:48","modified_gmt":"2020-04-21T21:39:48","slug":"cybersecurity-canon-reamde","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2014\/01\/cybersecurity-canon-reamde\/","title":{"rendered":"The Cybersecurity Canon: Reamde"},"content":{"rendered":"

\"cybersec<\/span><\/div><\/a><\/p>\n

For the past decade, I have had this notion that there must be a <\/i>Cybersecurity Canon:<\/i><\/a> a list of must-read books where the content is timeless, genuinely represents an aspect of the community that is true and precise and that, if not read, leaves a hole in cybersecurity professional\u2019s education. I\u2019ll be presenting on this topic at RSA 2014, and between now and then, <\/i>I\u2019d like to discuss a few of my early candidates for inclusion<\/i><\/a>. I love a good argument, so feel free to let me know what you think.<\/i><\/p>\n

Reamde<\/b> (2011) by Neal Stephenson<\/p>\n

I\u2019ve already reviewed two Neal Stephenson works, Snow Crash<\/a> and Cryptonomicon<\/a>, for inclusion in the Canon. Here is a third: a high-octane, straight-up cyber thriller that elevates the genre in the process.<\/p>\n

The novel has everything that a cyber thriller needs: Chinese hackers, Russian mafia, cyber crime, massively multiplayer online role-playing games (MMORPGs), hacking culture, and guns. It is classic Stephenson, and not quite as dense as some of his other works. While it is a wildly imaginative story, the details are real and correct. If you are a cybersecurity professional, you will not learn anything new here, but you will appreciate a ripping good story told within the boundaries of the cybersecurity community you know.<\/p>\n

Stephenson centers on Richard Forthrast, the founder and owner of the Fortune 500 company that manages T\u2019Rain, an MMORPG. He is a former drug smuggler who funneled his profits into a computer gaming company and turned T\u2019Rain into the most popular computer game on the planet. Across the world, a group of young and talented Chinese hackers and T\u2019Rain players devise an elaborate gold-farming ransom scheme. They create and distribute the Reamde virus, which essentially bricks the T\u2019Rain gamer\u2019s computer until the victim delivers a specified amount of virtual gold to a remote location in the T\u2019Rain online world. The hackers collect the virtual gold and convert the gaming money into real money for profit.<\/p>\n

Forthrast\u2019s niece, and employee, inadvertently shares a sample of the Reamde virus with her boyfriend. The boyfriend dabbles in credit card fraud, and when the Reamde virus corrupts the computer network of his Russian mob contact\u2014specifically the group\u2019s pension fund, the obshchak\u2014the Russians come looking for the perpetrator.<\/p>\n

What follows is a mad dash around the world as the Russian hackers, with Forthrast\u2019s niece in tow, try to get their money back from the Chinese hackers. They run into a separate collection of international terrorists operating out of the same abandoned Chinese building as the Chinese hackers and an MI6 agent tracking the terrorists. As the terrorists escape and evade the Russians, MI6, and the Chinese hackers, they end up in the backwoods of Canada, Forthrast\u2019s backyard. There\u2019s a lot of fun stuff going on here.<\/p>\n

The story is similar in heft\u2014almost one thousand pages\u2014to two other Stephenson works: Cryptonomicon and The Baroque Cycle. But Reamde is a straight-up cyber thriller and Stephenson doesn\u2019t spend a lot of time diverging from the main story as he did in those books.<\/p>\n

Gold Farming<\/b><\/p>\n

Gold farming has been a staple of MMORPGs from almost the beginning of online games<\/a>. It\u2019s a term used to describe MMORPG player behavior when the player\u2019s intent is not to play the game as the designers intended. Instead, gold farmers gather as much virtual loot available within the game for the purpose of reselling that virtual loot to other players for real-world currency. Most MMORPGs have fully functioning economies<\/a> and gold farmers take advantage of that. Entire businesses have popped up, especially in China, dedicated to that effort.<\/p>\n

In Reamde, Stephenson takes that phenomenon to the next level. Most MMORPGs distribute loot randomly within the gaming world, but in T\u2019Rain, naturally occurring gold deposits form around the game world similarly to how they form in the real world. Tom Bissell, writing for The New York Times, described it this way<\/a>:<\/p>\n

\u201cTwo things have assured T\u2019Rain\u2019s commercial success: actual geological laws have been programmed to govern its terrain (it is this feature from which the game\u2019s name derives); and the game uses a currency system based on real money \u2014 treasure mined from the strata of T\u2019Rain\u2019s crust can be transformed into earthly coin.\u201d<\/p>\n

If you take a step back from that explanation, you realize that the T\u2019Rain economy functions eerily similar to how the Bitcoin economy works<\/a>. In both systems, the amount of treasure available in the world is finite and is worth only what the people within the economy are willing to pay for it. I could find no reference that confirms that connection between T\u2019Rain and Bitcoin, but I do find it an interesting coincidence. Stephenson is adept at explaining how money systems work. Bitcoin launched in 2009, and Stephenson published Reamde in 2011. Even if the connection was unintentional, Stephenson had to be at least thinking about Bitcoin while he was writing the book.<\/p>\n

Wardriving<\/b><\/p>\n

Wardriving is the act of driving around town<\/a> with a collection of remote networking gear and looking for unsecured WiFi routers. In Reamde, the Russian mafia needs to find the Chinese hacker hideout in China. They kidnap the good guys and whisk them away to Xiamen, China, so that the good guys can help them with the search. The good guys, under threat of death, search for the Chinese hackers by wardriving the streets of the city and frequenting the many Internet cafes, or wangbas<\/i>, that most of the locals use for Internet access.<\/p>\n

Lock Picking<\/b><\/p>\n

Some of the good guys in our story are traditional white-hat hackers (hackers that exploit weaknesses in systems not to steal or to cause mischief but to understand how those systems work and perhaps to offer better ways to build those systems). One interesting cultural phenomena that emerged from this hacking culture is a fascination with locks and how to pick them. If you have ever attended DEFCON, you already know what I mean. There is usually a room dedicated to the lock-picking craft, and every time I have wandered in there in the last five years, the room is jammed with expert lock pickers showing wannabes how to get started<\/a>. In Reamde, the good guys lock pick their way out of several situations, and Stephenson takes a moment to explain why these white-hat hackers might have that skill.<\/p>\n

MMORPG Battle<\/b><\/p>\n

During the course of the story, the good guys who are working for the Russian mafia deposit the ransom of virtual gold into a remote area of T\u2019Rain in the hopes that the Chinese hackers will unbrick their computers. A problem arises when the T\u2019Rain community discovers the Reamde virus scheme. Many clans within the game stake out the route to the remote location in order to ambush the Reamde victims before they deposit their virtual gold.<\/p>\n

In T\u2019Rain, if you kill an adversary in the game, you collect his or her valuables. The Chinese hackers need to collect the ransom and walk it out of the remote area and into a T\u2019Rain city where they can convert the virtual money into real money. With the clans blocking their path, this becomes problematic. What results is a massive clan battle between the Chinese Reamde clan and all of the other T\u2019Rain clans in the game. Stephenson completely captures the complexity, stress, and strategy of directing hundreds of your own teammates that are maneuvering across a vast virtual terrain against thousands of hostiles whose intent is to prevent you from doing just that.<\/p>\n

Conclusion<\/b><\/p>\n

This novel has everything that a good hacker novel needs, right up through a bit about how to survive a zombie apocalypse. It is classic Stephenson without the denseness of Cryptonomicon and The Baroque Cycle, and it elevates the genre of the cybersecurity thriller above other entries in the field. While it is a wildly imaginative story, many of the details are real and correct and you\u2019ll appreciate what a good time this is.<\/p>\n","protected":false},"excerpt":{"rendered":"

For the past decade, I have had this notion that there must be a Cybersecurity Canon: a list of must-read books where the content is timeless, genuinely represents an aspect of the …<\/p>\n","protected":false},"author":43,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[155,4521],"tags":[251,303,254,302],"coauthors":[791],"class_list":["post-4580","post","type-post","status-publish","format-standard","hentry","category-cybersecurity-2","category-canon","tag-cybersecurity-canon","tag-mmorpg","tag-neal-stephenson","tag-reamde"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/4580","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/43"}],"replies":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=4580"}],"version-history":[{"count":4,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/4580\/revisions"}],"predecessor-version":[{"id":109944,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/4580\/revisions\/109944"}],"wp:attachment":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=4580"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=4580"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=4580"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=4580"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}