A Real Hacker Fact Checks The Girl Who Kicked the Hornet's NestS

Lisbeth Salander, the hacker-babe protagonist of Stieg Larsson's hugely popular Girl With... novels, infiltrates secured networks and hijacks harddrives with ease. But how realistic is the hacking she does? Vanity Fair got the scoop from reformed hacker Kevin Poulsen.

Poulsen, a former "black hat" hacker who's now the editor of Wired.com's Threat Level, says that as far as fictionalized hacking goes, Lisbeth Salander's cyber conquests are pretty realistic, even if the way she goes about doing them are a bit fuzzy:

Michael Hogan: Is there anything that Lisbeth Salander did that struck you as implausible?

Kevin Poulsen: The interesting thing is, everything that she does is completely plausible-it's the way she does it that is for the most part completely nonsensical as a technical matter.

Can you explain?

Well, she uses a device given to her by her other hacker buddy-she puts it over the co-ax cable of the corrupt financier, Hans-Erik Wennerström. The entire description of how that works and how she uses it to get control of his computer is just a fabrication. She describes taking his computer and basically setting it up so that when this guy thinks he's logged in using his computer, he's actually using her server-and she's able to monitor everything.

Right.

That isn't how it would be done. But you certainly are seeing these days attacking somebody's P.C. instead of attacking their server, and logging their key strokes and all of that. This is exactly what the hackers are doing right now. That's what they are doing in financial crimes in particular. When you get down to the technical details, it's all very fictional. But the actual capabilities are all completely real.

And while Poulsen is a hacker from a simpler era—he's infamous for rigging a radio contest to win a Porsche—he says that there are still some distinct temptations to the world of hacking today:

If you're a hacker that shows talent, you could wind up being pressured to get involved in this sort of thing. Temptation is far more likely than threats or pressure to pull a hacker into this. You can just make so much money so easily and with so little risk-particularly in the Eastern European countries, where they are lagging in prosecuting these crimes. For many years, hackers in Russia and former Soviet states have been operating with near impunity-and making, in some cases, millions and millions of dollars.

For readers of Larsson's Millenium trilogy, or just those interesting in hearing about the state of hacking from an expert, the full interview is a fascinating read. Now I'm going to go run my anti-virus software. [Vanity Fair]