Steve Schroeder's love for the tiniest detail helped make him an effective prosecutor in the emerging field of cybercrime at the dawn of the 21st century. But it also makes him a rather stodgy writer, and even less effective editor. This book makes you feel you are sitting on a very long trial in real time.
"The Lure" examines how two young Russian hackers were brought to justice by a system still working through an enormous learning curve. How to prove that their breaking into web servers of banks, online merchants, and other businesses boiled down to extortion and fraud? How to prove malicious intent using terms like "hash," "bash," and "tarred"? It's this challenge Schroeder attempts to explicate in this new book.
For me, the most interesting part of the book was the trap set by the FBI, the "lure" of the title that drew the two Russians to Seattle to demonstrate the art of hacking to the very people who planned to arrest them. For Schroeder, that's the preliminary part of the story, the part that didn't involve him, and over with in 70 of the book's 500 pages. After that, it's on to the pre-trial and trial phases of the case, and a deep-dish examination awash in the intricacies of law and computer science.
Schroeder's writing style, as indicated, is very cut-and-dry, and more than a bit self-serving. He did a great job leading the prosecution of the case, and wants you to know this by highlighting his clever decisions and choicer comments. This subjective viewpoint would be less grating if he didn't take the distancing tack of referring to himself in the third-person.
The court case is the least interesting part of the story. Once the two Russians, Alexey Ivanov and Vasily Gorshkov, are reeled in, the case against them seems to have been pretty straightforward. In the case of Gorshkov, whom Schroeder prosecuted, the story isn't so much whether a crime took place as whether the state can pin the crimes on him while he and his lawyer pin the blame on Ivanov alone. [Ivanov was prosecuted separately, entered a guilty plea, and disappears from most of the rest of the narrative.]
Schroeder takes you through step after painstaking step he and his team undertook to make Gorshkov's guilt apparent to a jury and a caustic judge whose own impatience may mirror yours by book's end. Wading through pages of transcript, Schroeder draws out even the tiniest disputes. Little details like transporting text from a Microsoft Word program to a Power Point slideshow format occupy much attention. Even a juror's holding up the trial for an hour looking for lunch gets play. "Law & Order" it's not.
There's a better story that seems lost in the larger narrative. The Russians aren't painted by Schroeder as bad guys so much as products of a relatively lawless society where concepts like privacy and security are little known. We are told at one point that for them, being caught by their own government might have put them not behind bars but behind a computer doing the same dirty work for the government rather than for themselves. At least one of the culprits, Ivanov, imagined himself something of a helper to the companies whose servers he attacked. He wanted work in the United States, and was happy to offer apparently sincere service once he invaded a computer system successfully. But ignore him at his peril.
"All security questions will be decided not by a mere 'thank you,' because a 'thank you' doesn't put food in your mouth," Ivanov writes a leading executive at PayPal.
The peek behind the curtain of cybercrime is thus sometimes interesting if outdated (the case went to trial in 2001, and Schroeder retired a year later). But the overall narrative is written in such a choppy, repetitive manner as to leech out any drama. Perhaps it was written exclusively as a technical manual as other reviewers say. But it didn't have to be so dry or so long.