Ask HN: Recommendations of good cybercrime novels?

242 points by init-as ↗ HN
I recently read American Kingping by Nick Bilton and I thought it was really good. It’s about the founder of the Silk Road and how the FBI tracked him down.

Can you recommend any similiar novels?

159 comments

[ 3.5 ms ] story [ 255 ms ] thread
The Defcon book list ("peek behind the curtain" and "underground culture") is a good starting place, https://www.defcon.org/html/links/book-list.html
All my recommendations happen to be mentioned on this list, so I'll mention them here:

- Stealing the Network, a collection of short stories. One of those stories was written by Fyodor of nmap and is available online: http://insecure.org/stc/ -- this sort of works like a tutorial for nmap and networking security. :-D

- Snow Crash by Neal Stephenson

- Cryptonomicon by Neal Stephenson

- Neuromancer by William Gibson

The Cuckoo's Egg, by Cliff Stoll.
This. Cliff Stoll is better known for his other book, where he got a bunch of predictions about the internet wrong, but Cuckoo’s Nest is a lot better read. Based on a true story, how a few cent $ difference led him to discover a massive hack going on, and how he was chasing the hacker.
Second this. Fantastic book about true events. If you like the story, there is also a movie which covers the same events as the book. The movie is called "23" and is available in German and English.
The OG of true crime hacking books.
Indeed a great book.

And (tiny spoiler-alert): a small easter-egg (though not intended as such) for people on HN: the founders of HN/YC show up in the book, admittedly in a very minor capacity.

Btw, I recently discovered that Cliff Stoll is one of the awesome guys who appears on the Numberphile YouTube channel, so if you watch that, know that it's him :)

My favorite bit was jangling his keys to induce noise in the line to delay the hacker long enough for a trace.
I think you will enjoy Kingpin by Kevin Poulsen.
Seconded. Loved this.
Came here to say this. Great book. Not a novel, but still worthy of a mention. It definitely reads like one with the pacing and writing.
Reamde, by Neal Stephenson.

Yeah, the big daddy of cyberpunk ("Snowcrash") also wrote a contemporary technothriller set in organized cybercrime organizations.

Heard very mixed reviews of Reamde. Could you please tell me what elements you liked of the book?

It's been on my reading list for a while but the mixed reviews always lead to it being left for another day

Its a fun book, and a good intro to Stephenson (it was my first book I read of his, and now I've read four others). But if you've read his other stuff first or are a more hardcore sci-fi nerd, its easy to think that its a little closer to a blockbuster thriller than science fiction.
Its very different from Stephenson's other novels. Its much more of a thriller with a few tech elements thrown in. I really enjoyed it, but don't go in expecting another cryptonomicon.
Disclaimer, I'm a big Neal Stephenson fan.

Reamde, is a fast paced techno thriller. It's arguably one of his lesser novels but still a ton of fun IMHO.

The premise of the book is that of an online game that is essentially similar to world of warcraft with the difference that the entire point of the game is the in game economy.

This part of the book is pretty well developed and ties in nicely with his other novels that also deal with money, gold, crypto currencies, etc. The crisis in the game is when a group of enterprising chinese hackers deploy a virus that encrypts people's laptops via a bit of ransomware distributed via email. To unlock their computers people are to pay some of the in game gold in a particular area. All goes sideways through a set of rather unlikely coincidences.

There are a lot of other elements being dragged into this including a fair bit of gun wielding by terrorists, russian mafia, and the protagonist and his somewhat libertarian family. This is is not the most innovative plot and it is ultimately a relatively one dimensional plot that is in places a bit cringeworthy.

I still enjoyed this book and have read it multiple times. It's got plenty of side plots, detailed musings, and so on that are typical for Neal Stephenson. If you enjoy that kind of thing, this book is fine but it's no Anathem or Snow Crash.

> somewhat libertarian family

Boy, that's putting it mildly. :)

I'm a big Stephenson fan, and I thought Reamde was terrible.

His usual quirky pacing just turns into a dragging nightmare that never pays off, it's uncharacteristically full of questionable technical premises, and if it weren't for a few islands of genuinely entertaining scenes I would not have made it through.

I honestly believe it's the result of some suit pressuring him to write about topics people see on Dateline

Yeah, I would skip this and read Cryptonomicon again.
It definitely dragged on, but overall I thought it was enjoyable. He definitely kept building up to climaxes throughout the whole book - on an airplane, I kept sadly checking the percentage read because I was sure I was almost done with it, only to discover that I was only 30%, 50%, 70% along...

If you're a Stephenson fan, I would absolutely give this a read.

Maybe - but he finally figured out how to write an ending.
The other thing about Reamde is that it's one of those books that depends on case after case of events happening and aligning in a very particular way or there wouldn't be a story.
I wholeheartedly agree. I only finished it because it was his, but I feared he could be «losing it».

Fortunately seveneves was again spectacular.

I was going to recommend Reamde as well. I think it is best to look at it as an interesting spin on the typical cybercrime story, and not as a "Neil Stephenson" book specifically. In other words, read it for the story, not for the author.
Bit of a stretch to call out Stephenson as a "big daddy of cyberpunk"? What title would you give to Sterling and Gibson?
Stephenson is more post cyberpunk really.
Countdown to Zero Day by Kim Zetter.

It talks about the Stuxnet and the story behind it, and I got the chance to learn some fairly interesting stuff in the meantime (like the complexity of building a nuclear bomb).

I found it much more useful than the American Kingpin, which just mentions that Tor and Bitcoin offer anonymity online, but doesn't get anywhere even close to explaining either of the technologies that are crucial for the storyline.

We Are Anonymous by Parmy Olson also made me feel kind of the same, but the writing wasn't quite as engaging as the Countdown to Zero Day was.

Sanger's Confront and Conceal has a great chapter on Stuxnet / Olympic Games as well.
On the topic of Non-fiction cybercrime books, one that provides very good insight imho on the history of spam albeit a little hard to follow is "Spam Nation", by Brian Krebs
"Spam Kings" isn't bad either. A bit dated, but it's a good history of one of the earlier spam operations.
Try Daemon and Freedom™ by Daniel Suarez.
Daemon was virtually unreadable.

It's a hacker-themed fairtale for computer illiterate, basically. I had a non-techy friend borrow the book and they too couldn't finish it, because it was just way over acceptable believability limits even for them.

Ohh man, for me it was EXACTLY the opposite. Daemon was one of the finest examples of a book in the cybercrime genre. It was one of those "Black Mirror" style entertainment: Take known tech and push it towards dystopia style stories. Daemon was was super-fun, and absolutely un-putdownable (Literally read it in a single sitting IIRC).

Almost all the tech (Self driving cars, distributed systems, daemons that can self replicate (viruses), collaborative systems, a Darknet all exist in some form or the other today! Is it fantasy? Duh!

Is it a fun read for someone who works building these exact systems fora living? Definitely!

Completely agree. Everything is possible in it. If there was indeed someone who had a far surpassed genius level of IQ and tech know how, and dedicated hours of their time to developing the stuff with an unlimited budget (which basically is what Matthew Sobol supposedly has) then I could easily understand how a lot of things in that book could become reality.

Either way - a fun read and a good book to re-visit. One of the few that I read every few years or so...

Looking back on it now, I think the one thing that's really not plausible is the idea that someone could write a system that can anticipate anything that can happen. It was a little too Foundation/Psychohistory for me.

But it was still a fantastic novel, I loved reading it, and will probably re-read it again and again.

Did you read Freedom(TM)? It's a "sequel" but is really the second half of the novel. Addresses your critique in a very interesting way.
I did, yup. I was actually super mad at Daemon; I always try to get people to get both at once, to avoid the cliffhanger.

I don't think it address it enough; it made it more plausible by admitting that it can't be completely autonomous, but I'm not entirely sold. Having said that, I still love the series, much like I love any fantasy novel :P

If you don't like something, I think it's better just to say that. Daemon is demonstrably not unreadable, in that quite a lot of people did read and enjoy it. So much so that Wired did an article on how it started as an underground hit among tech-inclined people: https://www.wired.com/2008/04/pl-print-20/
These are among my favorite books, and I've read thousands of books. It was written in the 90s or early 2000s, so the tech that was so futuristic now exists everywhere (IoT). You question believability? The tech is so not "just way over acceptable", much of it already exists. If we can suspend our belief to read about aliens, hobbits, magical schools, talking animals, etc., this hardly stretches the imagination at all.

Don't let this guy stop you from reading these awesome books! I recently re-read it, and the first few chapters are pretty tough because it lays out all the tech premises. Stick with it. The plot will keep you engaged, and the storytelling is supurb

darknet is exciting and well grounded technically. also cyberstorm by same author.
Ghost in the Wire by Kevin Mitnick.

I can't believe no one recommended this. The guy literally evaded the FBI using technology.

And I don't know if someone helped him write the book, but the story is amazingly good. It is exactly what you look for in a hacking story, someone outwitting people combined will some phone phreaking. Very good book, I would recommend.
Yes! When I was a kid I had heard his story a bit but this book was amazing and really highlighted just how far someone could go with regards to "owning" systems.
Second this, and also recommend The Art of Deception which focuses on a combination of social engineering attacks with technology vectors. Not a novel as it's really about actual security, but still worth a note.
+1 has to be the most ‘hackernews’ book I have read / still reading (started yesterday)
Citing Wikipedia: "Blackout: Tomorrow Will Be Too Late" is a disaster thriller book by the Austrian author Marc Elsberg, described by Penguin Books as "a 21st-century high-concept disaster thriller".

The novel is about a European power outage due to a cyberattack. For realism the book is written on the basis of interviews with intelligence and computer security officials.

I read it some weeks ago and can definitely recommend it. It was a departing gift from my university, a very fitting one for computer science students if you ask me.
Bruce Sterling's The Hacker Crackdown (nonfiction, now freeware). Lots of important early hacker history and run-ins with the authorities, plus the origin story of the EFF.
Older, but easy reads -

The Hacker Crackdown Bruce Sterling 1992 (freeware)

Underground: Tales of Hacking, Madness and Obsession on the Electronic Frontier Suelette Dreyfus 1997 (Free version available)

if you like books that combine fiction and technical detail, I can thoroughly recommend the "stealing the network" series. It has an intriguing overarching plot and the details are all accurate and technical-minded - the best comparison I can give is it's like "The Martian" but for cybersecurity.
Spam Nation by Brian Krebs is excellent. It delves deep into the email spam scene, and covers some big events and the people around it. He talks to users which buy stuff they are advertised in spam emails, and looks into the quality of the products advertised (are the viagra pills safe?).

The book is not very technical, and he never digs deeper into the details than what is necessary.

Kill Process by William Hertling
The only one I've read in this genre. It was quite enjoyable, and if my memory is correct quite technically plausible. Interesting themes about tech gigants and their influence/power, and some tragic stuff about wife/women abuse.
We Were Gods, by Alex Feinman. Among other things, it contains an amazing scene describing an attack on a race condition from inside a fantasy game's magic system.

Here's part of it:

Giggling a little from the alcohol, the four points began the slow juggling routine I'd sent them; just a simple ball passing, in rhythm. Pass, pass, pass. Throw and catch in the same instant; the balls went round and round until all four were landing in palms at the same time, four little smacks merging into one sound. Their avatars were better at this than they were. After a moment I threw another ball in, then another, until there were eight in the circle: four in the air, four in the hand. Faster and faster they went round, until there were little streaks of light behind them, until the streaks almost formed a complete, rippling circle.

Around us the world leaned in, currents of energy creating a field of magic potential. Rhythmic motion always attracted the attention of the underlying world routines as they struggled to incorporate it into the ebbs and flows of the wind and water; a vortex here, at one of the two hearts of the world, drew a lot of processing power. And each point of the cross was a magic-using engine; those strands of energy consumed a surprising amount of resources. But the real trick was the synchronization: slight imperfections in the coding routines for distribution and rationing of magical energy made them susceptible to a timing attack. It was a matter of chance, though; each time the circle tossed and caught, quanta of energy were requested at nearly-identical times. Sooner or later the system would try to service two at once and--ah.

One of the balls vanished momentarily, lost to accounting for a brief instant before the system found it again. It left a tiny kink in the circle of light as it passed: an opening, into the collection routines. This was what my watch-spell was waiting for: a chance to insert my own instructions into the information transmission stream: instructions that said 'open', 'open'.

https://www.smashwords.com/books/view/396337

“git commit murder” is a story in the style of a detective novel set at a BSD convention. Not sure if it counts as “cybercrime” because it’s about a murder but of course the motive and circumstances only make sense in terms of the internal politics of a fictional BSD distribution. It’s also a really authentic description of what it’s like to be at a technical conference as a newcomer where you don’t know anyone.
Cory Doctorow's Little Brother. I could not put it down, and read it in one sitting.
This is truly an amazing read. I also enjoyed this book immensely. It is required reading for my teenage children.
The sequel, Homeland, is also pretty great.
Mark Russinovich's Jeff Aiken Trilogy. If you're looking for a quality bestseller similar to Dan Brown books.

Zero day, Trojan Horse and Rogue Code are all excellent novels. Some common themes include computer virus epidemics, cyber armies, cyber warfare, dangers of an overnetworked but undersecured society

I only read Zero Day and I thought it was pretty bad. Obviously he's got much better tech credentials than most authors, and I felt he probably should have gone for a more niche tech-literate market than just write tech-oriented bad fiction. Just looking now, his later novels seemed to get slightly better goodreads reviews so perhaps his writing got a little better.
They're not great, but they're more or less as entertaining as the Dan Brown books (which also wouldn't be in my list of great literature).
Second this suggestion. As others have noted his books probably aren't going to win any literary awards, but they are fun entertaining reads. There are some similarities in subject matter to some of Dan Brown's books, but Russinovich is a former Microsoft employee (and iirc he wrote the sys intervals suite of tools) so his are much more technically detailed, and accurate then what you would find in Dan Brown.
Lock In by John Scalzi.

https://www.tor.com/2014/05/21/lock-in-john-scalzi-excerpt-c...

Wil Wheaton's narration is great too. I listened to the audiobook and think about it a lot.

It's a techno whodunit — hacking and cracking neural dust/lace, remotely renting and operating physical bodies and committing crimes while “occupying” them, and bio/techno ethics all play a role.

In Scalzi's future, locked-in patients receive so much government funding to improve their lives that they gain more abilities and advantages than those who aren't “locked in”, which makes for an interesting inversion.

I would throw in the sequel "Head on". Same universe - just some time later. The audiobook is also narrated by Wil Wheaton. And it is great as always.

Offtopic. I would blindly recommend all books in the combination Wheaton narrating Scalzi. But esp. "The Collapsing Empire" (I can't wait for the next part to be released in October).

It feels wrong to recommend a book I haven't read yet, but Chuck Wendig's "Zeroes" might be a good book to pair with Scalzi. I expect from his other books and the reviews that this is going to be more of an adventure book than any hard-computer-science... But, again, that might be what you're looking for.

On a similar note, its been a while since I've read them, but I rather enjoyed James Strickland's books, Looking Glass and Irreconcilable Differences. Part of that might be because there's a part where he explains IPV4 addressing, and the example he uses happens to be the Class-B where I grew up. It was a little like seeing your house in the background of a movie.

I also sort of enjoyed Rick Dakan's "Geek Mafia", but that appears to have fallen off the planet; only the sequels are on Amazon right now...

(comment deleted)
Halting State by Charlie Stross
And its sequel, Rule 34.
As others have said, also its sequel Rule 34. It's been a while since I read these, but I don't recall anything in there that jumped out at me as "you can't get there from here."

There was originally supposed to be a third novel in this series, but Stross cancelled it[0] after Edward Snowden.

"Halting State" wasn't intended to be predictive when I started writing it in 2006. Trouble is, about the only parts that haven't happened yet are Scottish Independence and the use of actual quantum computers for cracking public key encryption (and there's a big fat question mark over the latter—what else are the NSA up to?).

I'm throwing in the towel. I probably will write another near-future Scottish police procedural by and by, but it won't be a sequel to the first two except in the loosest sense. The science fictional universe of "Halting State" and "Rule 34" is teetering on the edge of turning into reality. Meanwhile, the financial crisis of 2007 forced me back to the drawing board for "Rule 34"; the Snowden revelations have systematically trashed all my ideas for the third book.

[0] http://www.antipope.org/charlie/blog-static/2013/12/psa-why-...