The Cybersecurity Canon: The Blue Nowhere

Rick Howard

Category: Cybersecurity

cybersec canon red

For the past decade, I have had this notion that there must be a Cybersecurity Canon: a list of must-read books where the content is timeless, genuinely represents an aspect of the community that is true and precise and that, if not read, leaves a hole in cybersecurity professional’s education. I’ll be presenting on this topic at RSA 2014, and between now and then, I’d like to discuss a few of my early candidates for inclusion. I love a good argument, so feel free to let me know what you think.

The Blue Nowhere (2001) by Jeffrey Deaver

Jeffery Deaver is best known in literary circles as a crime novelist. He is not normally associated with technical thrillers, but he turned his writing skills in this book to a manhunt-type story where the serial killer in question is also a world-class hacker.

The Blue Nowhere is a cyber thriller written by an accomplished novelist about the hacking culture. It is interesting to compare this to other more recent cyber thrillers written by cyber experts who are writing their first novels, such as Richard A. Clarke’s Breakpoint (2007) and Mark Russinovich’s Zero Day (2011) and Trojan Horse (2012), all of which I’ve reviewed in previous installments in the Cybersecurity Canon. Compared to Clarke and Russinovich, Deaver may not have as much of a technical background, but he knows how to flesh out his characters. The Blue Nowhere feels more like real people in a cyber story as opposed to a cyber premise populated with cookie-cutter characters.


When the cops in Deaver’s book realize they have a serial killer-hacker on the loose, they break another hacker out of jail temporarily to be their subject-matter expert. What results is a hacker-on-hacker escalation where hackers try to one-up each other in a series of social engineering and hacking operations.

As was the custom in the 1980s, self-proclaimed hackers gave themselves nicknames. The nickname of the serial-killer-hacker is “phate,” intentionally spelled with a “ph” instead of an “F.” Members of the “cracker” subculture that emerged in this decade were mostly teenagers determined to play and share games and other programs they did not pay for. “Cracking” the software so that others members could use it gave the group their name. Members merged skateboard jargon and hacker jargon into a unique lexicon called “leet-speak” where letter substitutions were common on bulletin board communication systems: “ph” for “f”, “z” for “s”, “e” for “3”, etc. On the good-guy side, the recruited hacker is Wyatt Gillette (a.k.a. ValleyMan and renegade334).

There’s a decent love story between Wyatt and his estranged wife and a feel-good father-son mentorship side-story between the lead detective and Wyatt. But the primary manhunt story line is good and Deaver gets the computing and hacking-culture details right.

The Tech 

Deaver does a good job aligning the hacking culture with the gaming culture of the time. During the 80s and 90s, many of the same people who were involved in the hacking community were also involved in the gaming community. That relationship is not quite as common these days, but back then, there was a lot of overlap in the two worlds. You could usually count on the fact that if a hacker had any skill at all, he or she also spent some significant time crawling through multi-user dungeons (MUDs), which are text-based adventure games that are the precursor to the World of Warcraft-styled games we see today.

It turns out that phate and Wyatt both logged significant hours in their MUD of choice called “Access.” In this game, the main point was to sneak up on your opponents and get close enough to assassinate them, to get access to them. phate decided that he needed to play Access in the real world and set off on a killing spree.

The story is set in the late 90s in and around the Silicon Valley, and Deaver does a good job setting just the right tone for the hacker and computer industry culture during that Internet bubble period (1997–2000). He even takes the time to provide little historic tidbits regarding the evolution of computing. phate plans his killing to coincide with significant milestones in computing history, from the University of Pennsylvania announcing the first general-purpose computer to the world in 1946 to IBM’s 1981 announcement of the first affordable home computer for the masses.

phate and Wyatt use a mix of real hacker and forensics tools—like Norton Commander, SATAN (Security Administrator Tool for Analyzing Networks), restore, and HyperTrace —and fake tools that sound genuine—like Vi-Scan 5.0, the FBI Forensic Detection Package, and the DOD Partition and File Allocation Analyzer—to do battle with each other.

Back in my IT days, I routinely ran Norton Commander on my disk operating system (DOS) computers and SATAN on my UNIX networks. For a non-techie, Deaver does a great job of explaining what a computer BIOS is, how hackers and crackers of all sorts had thick calluses on their fingertips because of how much time they spent in front of their computers, and how hackers stash their tools of the trade all over the Internet so that they can quickly grab them from any location in the world. However, his coup de grâce was his explanation of TrapDoor.

TrapDoor is a fictionalized tool that phate develops to track his victims and enemies. phate essentially creates a man-in-the-middle attack by compromising many of the major Internet Service Provider (ISP) border-gateway-protocol (BGP) routers (like Sprint, AT&T, Qwest, and others). These are the routers that form the Internet’s backbone by connecting ISPs. Once phate discovers the IP address of the victim’s computer, he instructs his botnet of BGP routers to watch for traffic to and from that address.

If the botnet sees traffic from that IP address, the botnet redirects that traffic to phate’s own servers for collection and then returns the traffic to the normal packet stream. The victim notices nothing because phate is not on the victim’s computer. That would be a nice trick if a hacker figured out how to do it. In his endnotes, Deaver explains that TrapDoor is not a real tool and that he does not know if any hacker has subsequently built it, nor does he name anybody who might have given him the idea for it. However, it seems unlikely that a crime novelist could develop that attack blueprint without talking to somebody who is at least thinking about how it might be done.


The Blue Nowhere is a good cyber thriller that gets the technical details right. I put this square on the shelf with other novels about hackers that do not exaggerate the craft. It also has the added benefit of being written by an accomplished novelist who knows a thing or two about plot, character development, and pace. It describes a time that we have mostly forgotten about these days: a time of modems, DOS, bulletin board systems, and the Internet bubble.

For the cybersecurity history buffs in the crowd, Deaver provides a nice window into the hacking culture of the time. It is a good candidate for the Cybersecurity Canon, and I highly recommend it.

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42