Book review: Fancy Bear Goes Phishing, by Scott J Shapiro

Erudite, witty and arch, this ‘dark history of the information age’ is a profound work on the idea of technology and the philosophical underpinning of it, writes Stuart Kelly
By Stuart Kelly
Published 17th May 2023, 18:02 GMT
Updated 19th May 2023, 13:20 GMT

This scintillating book – subtitled "The Dark History Of The Information Age, In Five Extraordinary Hacks” – manages to hack the reader. The title seems more akin to a collection of avant-garde stories by the likes of George Saunders. The cover adds to this. Designed by Rodrigo Corral, we are presented with a vaguely sinister blue-furred bear in a vaguely military uniform, shown against streaks that might be streams of data. It opens in 1988 with a friend of Robert Morris Jnr., who says he was concerned because Robert was “usually sort of puritanical in his speech”. Morris had said “I think I really f***ed up” – it transpired that he had just broken the internet.

But in a way, this is the first point of misdirection. The five hacks are Morris, who created the first worm and overloaded countless computers; then “Fancy Bear”, the Russian team that stole Democratic Party data; Cameron Lacroix, a “broken home” child who accessed Paris Hilton’s phone (and was gleeful about the nudity he could now unleash); Paras Jha, who created a huge botnet to get out of an examinations and then engaged in cyber-gang warfare; and the rivalry between Vesselin Bontchev and a hacker who called himself “Dark Avenger”. In one of the many moments of comedy, Bontchev was accused of being “Dark Avenger”, since he ran the Bulgarian security virus farm, where specimens could be dissected and neutralised.

Hide Ad

All of this might lead the reader to expect a quirky book in the style of Jon Ronson or Louis Theroux. It is not, however, a “look at these kooks” parade. In fact, it is a profound work on the idea of technology, the philosophical underpinning of it, the moral sensitivity we need to deal with fundamental problems and the jurisprudence relevant to it. If you think that books involving discussions of law must be boring, then Shapiro is a good antidote since he is a very humanist and humane writer. Take the case of Robert Morris. When he set his program free, without thinking about the consequences, it was a pernickety point about with what he might be charged. Was this a misdemeanour or a felony? He caused financial damage, but did not materially benefit from it. This was legal terra incognita, made all the more difficult because nobody on the jury actually owned a computer. One of the book’s strengths is reminding us that 1988 was quite a long time ago. Ask yourself: did you have an email address or a mobile phone back in the way-back?

Scott Shapiro PIC: Guy JordanScott Shapiro PIC: Guy Jordan
Scott Shapiro PIC: Guy Jordan

Shapiro sets out various categories to clarify things. One is to make the distinction between code and data clear. Code does stuff – it is active – and data is passive – things get done to it and with it. He further extends this into the difference between “downcode” and “upcode”. Put very simply, downcode is knowing how the internal combustion engine works, upcode is the set of principles that determine where it is you want to go and why (there is quite a chasm between driving to Kelso for a coffee and driving there to rob the bank).

Upcode is in many ways more important. Our predispositions and prejudices affect how downcode operates, and often there are blind spots that lead to successful hacking. If the book has one major message it is that computers are stupid (Skynet is not coming soon), but humans are equally stupid. We are, as with the title and the cover here, taken in quite easily. There are good evolutionary reasons for this. It might be a bit daft the confuse a garden hose and a snake, but getting it wrong (when it is a snake and not a hose) has pretty dramatic repercussions.

The book is psychologically astute about the motivations of the hackers. Morris, if one were being generous, was just stress-testing the system and things got a little bit out of hand. The reasons for hacking are various, and include peer-esteem, loneliness, malice of forethought, gain, and basically, just for the kicks and giggles. The famous answer to why climb Everest – because it’s there – applies to hacking. It is done to prove it can be done. But this human quality extends to the deeper philosophical problems, particularly “solutionism”. We can agree that the world is not as we would wish it. Solutionism says that we just need a better patch or upgrade or tweak and we can engineer ourselves out of the problem. Shapiro disagrees, and personally I find his arguments persuasive. Of the crooked timber of humanity, no straight thing might be made.

Shapiro teaches law and philosophy at Yale Law School and is director of its cyber-security lab. He knows whereof he speaks. But reading the book made me think he must be a very good lecturer, as he has the gift of planting the zinger at the end of the paragraph. For example, in recounting the story of someone requesting that “Dark Avenger” write her a virus, he says she “innocently requested a BB gun. She got a nuclear weapon instead”. This is erudite, witty and arch. I am now unplugging my computer.

Fancy Bear Goes Phishing, by Scott J Shapiro, Allen Lane, £25