By Daniel Palmer
I start every new book project by searching for a big idea
to ground the narrative. With DELIRIOUS I wrote about schizophrenia, while in
HELPLESS the topic was sexting. With my third novel, STOLEN, I decided to write
about computer hackers; more specifically, I wanted to write a story about
identity theft.
Only, I didn’t want to write a book where the bad guy steals
the good guy’s identity and madcap trouble ensues. I think that’s been done enough
and with mixed results. What interested me more was the idea of a good person
making a bad decision by stealing another person’s identity.
Here’s the story problem: it’s hard to root for a criminal.
For my protagonist to be a good person he needed a compelling reason for
committing his crime. I was stuck a bit here, searching for inspiration the way
a fisherman might chum the water looking for a catch.
As it turned out, inspiration found me.
It all began when I needed a new health insurance plan for
my family.
What I soon discovered was a maddening system of policy
options more numerous than the precious stones in the Crown of Queen Elizabeth.
With each new tier of coverage came new services, enticing new benefits, all of
which (surprise, surprise) came with added costs. I began to wonder, what if
(most of my story work begins with those two words, what if) a young couple
just starting out bought cut-rate health insurance and one of them got very
sick?
They would need to raise a lot of capital or go bankrupt,
that’s what. Sure, they could tap into friends and family, but what if the
costs of care exceeded hundreds of thousands of dollars? What if after they
explored every possible avenue, turned over every life-giving rock, this lovely
couple was forced to settle for some drug, and not the best drug for treatment?
As the saying goes, desperate times might call for desperate
measures. In the case of STOLEN, it’s motivation enough for John Bodine, the
protagonist of my tale, to engage in identity theft for the purpose of
committing medical fraud.
Here, I came to my next obstacle. I needed to know how one
might go about stealing an identity. The process of writing, I’ve discovered,
is overcoming one obstacle after the other until there is no more tale to tell.
After a bit of Google searching, mostly about computer
hacking, using keywords I’m sure placed me on somebody’s naughty list at the
FBI or NSA, I stumbled on a convention in Las Vegas put on by, and almost
exclusively for, computer hackers. The conference is called Def Con®. When I attended
last August, 25,000 computer hacker types converged on the Rio Hotel for three
days of mischievous computing fun. Def Con has no age requirement, but it is
clearly an adult event. Goons (yes, that is their official name) run security
for a conference that, at its soul, is all about breaking security.
For the record, as a first time attendee I was considered a
“n00b”, which is Def Con lingo for newbie. Many attendees shunned given names for
handles like Dark Tangent (he’s the founder of Def Con), Lost, Ripshy. and Dr.
Tran. My hacker handle, which I bestowed upon myself, was 1Z8N (get it? ISBN). I
haven’t used it since.
I spent my time at Def Con living the Vegas life, and by
that I mean I never saw the sun. When I wasn’t attending a workshop about
breaking wireless encryption keys, or listening to a lecture on the joys of
hacking Excel, or watching a light and breezy presentation about the operational
use of offensive cyber warfare, I was chatting up the hackers, looking for
insights into how they think, feel, and plan for a hack. I saw lots of examples
of hands-on-hacking and even a massive room dedicated to different hacking competitions—an
ignoble digital Olympiad of sorts.
The conference was good fun, but my personal payoff came
when I attended a live demonstration of social engineering. Social engineering,
I learned, is nothing more than the con artistry of manipulating people into
performing actions or divulging confidential information. The technique exploits
a weakness in one of humanity’s greatest strengths: our inherent desire and
ability to trust. I sat in the audience slack-jawed, watching a hacker seated
in a soundproof booth work his telephone magic.
Two minutes into the call I got the sense this was who Sade
had in mind when she wrote her hit song “Smooth Operator.” I believed him, and yet
I was watching him lie to the unsuspecting person on the other end of the
phone. He was talking to an employee from a major airline. In the span of ten minutes,
he learned what version of the Windows operating system airline employees used.
He obtained this highly useful (at least useful to hackers) data point by
pretending to be an airline IT manager conducting a survey as part of his job. He
was chatty, pleasant, and utterly believable. His mark never questioned his
credentials or motive.
IT experts have spent countless billions beefing up their
computer security infrastructure. They’ve brought in meatier computers,
state-of-the-art virus protection software, firewalls, and various tools of the
trade to keep the hackers out. What they can’t upgrade are the people who work
in their call centers. This weakness can’t be fixed with code or by upgrading
to a smarter model. People will do what people will do.
When a hacker gets a customer service representative on the
telephone—or even better, a salesperson who thinks money is on the line—common
sense vanishes like a reality star’s fame, and the real magic happens. It’s the
moment a dedicated employee becomes the unwitting accomplice of a hack.
At last, I knew how my character was going to steal an
identity. He was going to use social engineering to commit medical fraud to
save his dying wife. You’ll have to read the book to see just how he pulls it
off. Unfortunately for my well-intentioned albeit misguided hero, he
unwittingly steals the worst identity imaginable. For new writers out there, what’s most
relevant is how I arrived at this story. So let’s review the key points:
1.
Come up with a big idea to ground your
narrative. For STOLEN it was identity theft.
2.
Always have a good “What If” question. I keep
mine to a max of 28 words, two sentences at most. Write it many times, revise
it, and make sure it’s tight.
3.
Writing is about overcoming obstacles. Your
characters have to do it, so it makes sense the writer has to do it as well. When
you don’t have the information you need, seek it out and often what you find
will shape your story in unexpected ways. Sometimes you can’t get what you need
from the glorious Internet. Sometimes you have to leave the house and get out
into the big real world.
Stolen was published in early May 2013 from Kensington.
BIO:
Daniel Palmer spent a decade as an e-commerce pioneer, helping to build first generation Web sites for Barnes & Noble and other popular brands.
Daniel’s three novels of domestic suspense, DELIRIOUS, HELPLESS & STOLEN, explore the hidden dangers and vulnerabilities of an increasingly tech-centric world. Daniel lives in New Hampshire with his wife and two children.
Connect with Daniel:
Web site
4 comments:
The hacker conference sounds awesome. How lucky you found it and were able to attend. Loved Stolen and can't wait for the next one.
You never know what you're going to find at one of these conferences. Or outside the conference center. Several years ago I accompanied my wife to a travel convention (she owns an agency) in New Orleans, and while she was indoors, I was exploring the French Quarter. Bourbon Street, by the way, is a lot more attractive at night.
Post a Comment