Book Review: Approaching Zero

Reviewed by Stephen J. Resz

Approaching Zero: The Extraordinary Underworld of Hackers, Phreakers, Virus Writers, and Keyboard Criminals by Paul Mungo and Bryan Clough, Random House

First published in Great Britain in 1992 this thin volume became available in the U.S. in April.  Despite its size, it has a sub-title which is a mouthful: "The Extraordinary Underworld of Hackers, Phreakers, Virus Writers, and Keyboard Criminals."  Paul Mungo is an American living in London who writes for several British newspapers.  He has also covered the entertainment industry, and computer crime for such varied publications as GO, The Hollywood Reporter, Variety, and Time.  Bryan Clough is an English native who is a member of New Scotland Yard's National Computer Virus Strategy Group.  He is also said to be "an accountant who specializes in international computer security."

The book is not so much a story as a collection of unrelated anecdotes - nor do the authors attempt to identify common themes or points of view.  Nor can the book be said to be a history of its subject matter, because there is little historical context.  Like many dual-authored books, it is a hodgepodge.  However, this work is not without merit.  Given the authors' geographical location, it's not surprising that Approaching Zero has a more international (and particularly European) flavor than most of the previous efforts in this genre.  It also has more of a focus on computer viruses than any other "general trade" book released in the U.S.

The Prologue starts with a slice of the life of "Fry Guy."  This is where the book begins to go wrong.  The name, of course, is a handle, and we are told that he took his alias from a McDonald's commercial which proclaimed, "We are the fry guys" - but the book does not tell us that Fry Guy, while a teenager, broke into McDonald's computer and gave unjustified raises to his friends who worked at that venerable hamburger chain - which is what really got him his nickname.

Fry Guy is then described as breaking into the computers of "Credit Systems of America...  He had just broken into one of the most secure computer systems in the United States, one which held the credit histories of millions of American citizens."  There is no such company as "Credit Systems of America" - Fry Guy had, of course, gotten into the computers of either TRW Credit Data or Equifax - systems which have been breached so frequently and regularly over the last 15 years that they can hardly be termed "one of the most secure" in the country.  And what is so "sensitive" about the names TRW and Equifax?  It is the beginning of a pattern which permeates the book.

Facts are inaccurate, or deliberately misleading.  This should not be surprising to the reader, however, because in the "front of the book" acknowledgments the authors state:

"Because of the sensitivity of much of the material in this book, the names of some individuals and companies and the order of certain events have been changed.  Various details have also been deliberately altered in the descriptions of certain illegal acts, and some technical definitions have been simplified to aid comprehensibility."

To a fellow journalist who believes that the facts (as best as the "truth" can be ascertained) be reported accurately and clearly - and in an entertaining manner and style - this is a sad admission.  Perhaps the authors would be more comfortable writing fiction.  This thought is heightened by the authors' maddeningly frequent use of terms such as "allegedly."

In one case they have this sentence: "The most successful bank robbery ever carried out by hackers may have occurred two years ago" - and then go on for four pages of technically ludicrous details of how these hackers supposedly did it.  They write that the hackers "...rigged the Citicorp computer controlling the EFT transfers to direct all of its data flow to an unused Telenet terminal they had previously discovered.  They took turns sitting on the terminal..."  The idea of two hackers taking turns perching atop a "previously discovered" Telenet terminal is humorous - and a shameful misuse of the "King's English," particularly for a Subject from Scotland Yard, and a long-term "American Living in London."  But where is this unused terminal - is it connected to the corner public phone booth?  Is it the dial-up PC in their neighbor's house?  Is it hardwired inside the bank (which they are never said to have physically entered)?  The authors don't explain; they merely move on to other details which they also can't substantiate.

The authors also pass along as "widely reported" the one about the French Exocet missiles during the Gulf War, which the French had previously sold to the Iraqis.  This is the one where the printer (though these writers never even mention a printer - perhaps this is their idea of how "Various details have also been deliberately altered in the description of certain illegal acts...") has been modified to take control of the the CPU and tell it to misfire the missile system.  Mungo and Clough offer no serious discussion of how this would, or could be done.

The authors' use of aliases reaches the height of ridiculousness in the case of "Pat Riddle" - the writers don't even have the decency to put this factious name in quotes, perhaps they think that the surname is their clever way of signaling this falsehood to the reader.  Clearly, "Pat Riddle" is Ian Murphy who has used the handles "Captain Zap" and "Bill Doger."  What makes this deceit so foolish is that Murphy loves publicity - he thinks it's good for his security consulting business.  Not that all the names have been changed, Steve Wozniak, John "Captain Crunch" Draper, and Robert Morris Jr., among others, are all properly identified.  Which leaves a person wondering what criteria the authors use to selectively change peoples' names (without even having enough respect for the reader to inform them when the writers have done so).

Even when the authors aren't outright lying, or passing on rumors, they have an annoying tendency for errors and contradictions.  On page 68 they say that, "The first federal law [U.S.] on computer crime, The Computer Fraud and Abuse Act, was passed in 1986."  On page 223 they call it the "Computer Fraud and Misuse Act" - in fact, the first national American law was passed by Congress in 1984 and it had a similar but longer name; it was subsequently revised by a 1986 law.  This is nothing short of sloppy journalism, perhaps what Mungo is used to in the world of London tabloids - and from a legal standpoint, what Clough, with his Scotland Yard affiliation, ought to be ashamed of.

In another instance, the authors confuse Telenet and Sprint as being two different X.25 networks - without realizing that they are one and the same.  There are numerous examples throughout the book of such ignorance, and misuse of technical and business terms.  This is "pop-journalism" at its worst (the book doesn't even have an index).  It's not that they always have their facts wrong; sometimes they get them tight.  But at what point should the reader "suspend belief" in what is ostensibly a non-fiction book?

Approaching Zero has no pro- or anti-hacker tone - however this is due less to journalistic "objectivity" than to the dry, reportorial style of its authors - or, given their propensity for un-truth, tumor, and error, maybe their lack of any moral compass bearings whatsoever.  It has no verve, no excitement, no sense of suspense.  This book is poor journalism, but neither is it good entertainment.  That trade books about hacking for the general public can be entertaining is shown in The Hacker Crackdown by Bruce Sterling (mildly pro-hacker), and The Cuckoo's Egg by Cliff Stoll (virulently anti-hacker).  In Mungo and Clough's rendition, there is no sense of adventure, and the people lack depth of character and emotion.

The sections of the book where the authors most get into the subject of viruses (particularly the chapter called "The Bulgarian Threat") borders on the academic - although they may contain much historically useful and interesting information.  Problem is, amidst the outright fabrications, the errors, and the pages of rumors, one doesn't know when to believe the authors, and when not to.  As a fellow "reporter" I generally consider this book as an "unreliable" source.

In a truly foolish ending, the authors make a vain attempt to equate hacking and writing computer viruses as equivalent to nuclear war - without ever having introduced any evidence (or even an anecdote) about the U.S. military and intelligence communities' active interest and research in this area.  Do you wonder where the title Approaching Zero came from?  So did I, but the reader gets no clues until three pages before the end, when the writers describe the "Doomsday Clock" featured in the Bulletin of the Atomic Scientist which purports to tell us how many minutes there are until worldwide nuclear war.

The concept is silly enough when applied to the serious subject of thermonuclear weapons, but equating it to computer hacking and virus writing is absurd - not that both those activities can't, haven't, and in the future probably will continue to, cause significant damage (look at Morris' Internet worm for example).  I, for one, firmly believe that someday some self-described hacker will, accidentally or on purpose, kill someone.  But even that is not equal to the loss of life, or financial consequences, from a nuclear war or additional nuclear accidents such as have happened several times in the U.S., Russia, and the writers' home turf, England.  In the fantasy world created by Mungo and Clough, their mythical clock is "approaching zero."

In the end, this book may justify its title more than the authors ever intended.