Book review: The Florentine Deception, by Carey Nachenberg

Posted by   Virus Bulletin on   May 13, 2015

John Hawes reviews Carey Nachenberg's debut novel.

There's a rather serious problem with fiction involving computers, and computer security in particular. It seems like any time a computer appears in a work of fiction, especially in a Hollywood movie or a TV show, any attempt to adhere to reality goes out the window.

The ubiquitous super-hacker of fiction can break in anywhere he or she wants, within minutes, with no research or preparation, and quite often using only a phone or a wheezy Internet café PC. You can guess anyone's password in a few attempts, especially if you have their family photos handy, but you rarely need to as no one has a screenlock on their laptop, ever. In an emergency, it's perfectly possible to write code in the space of a few hours which will not only run on the systems of an alien race, but will actually self-propagate and disable their diabolical attack ships.

This playing fast and loose with how things really work is probably closely tied to a widespread lack of understanding about how computers function and what they are capable of. People in general neither know nor particularly care what goes on behind their browser or mail client, so writers and filmmakers — even those who at least make a token effort at research in most areas — don't have much understanding either, and base their technical details on stuff they've seen or read elsewhere.

This, of course, only spreads the standard misconceptions further, to the point where most readers will accept the most improbable or impossible of scenarios merely because it features computers and is therefore beyond the wit of man to really understand.

Countering this trend, we have seen a few attempts recently at cyber-themed fiction with some grounding in realism. The latest is from Symantec veteran Carey Nachenberg, whose debut, The Florentine Deception, promises to overturn the low expectations of those who know enough about computers and security to laugh hysterically at most stories which feature cyber peril.

The story starts with our hero, Alex, the founder of a successful security startup, resting on his laurels after selling his stake, digging around an old computer on its way to a charity. This gives us room for a good poke through some of the things someone with a little basic knowledge can find out about you if you don't clean up your computer before you throw it out, and opens up a nice little mystery to get the ball rolling on the story.

From this point we spiral into a well-paced romp featuring plenty of twists and turns, puzzles and surprises, and several good set-piece scenes, many of which generate some serious suspense. Alex is variously helped and hindered by a fairly large and diverse cast of characters who, while not always fully fleshed out, are generally given enough colour to keep them from overlapping, and occasionally get taken out of the action just as you're getting to like them, keeping the reader on their toes.

Following the classic prescription to 'write what you know', the book combines two of Nachenberg's passions: computer security and rock-climbing. Climbing features in several scenes including an extended caving sequence which gets distinctly claustrophobic. As a dedicated ground-dweller, I can't say much about the accuracy of these bits but they certainly have an air of authenticity about them, and of course the computer stuff is pretty plausible throughout. More importantly, and again this is hard to judge, the writing seems pitched at just about the right level, giving enough detail for most people to follow without dipping into jargon or skimming over important facts, but not making the exposition bits too dull for those who already get the picture.

The addition of the climbing angle also makes sure we get plenty of time away from the computer screen and fit in some fresh air and exercise, which helps keep the pace ticking over nicely. Indeed, the computer stuff is well balanced so as not to dominate things at all, running through the story as a motif rather than the main point of focus.

At several points during the book I found myself hurrying through other tasks, including meals, to get back to the action, and reached the end both thoroughly satisfied and wanting more, which is about as good a recommendation as you can get for a thriller. More than just an enjoyable page-turner with an educational spin, the book has some aims well beyond mere entertainment — proceeds from sales of the book will be donated to a selection of charities, mainly educational with a little climbing thrown in. So even if thrillers are not your thing, buy a copy anyway, and give it to someone who will benefit from a little enlightenment.

Posted on 13 May 2015 by John Hawes


Latest posts:

VB2018 paper: From Hacking Team to hacked team to…?

Today we publish the VB2018 paper and video by ESET researcher Filip Kafka, who looked at the new malware by Hacking Team, after the company had recovered from the 2015 breach.

The spam that is hardest to block is often the most damaging

We see a lot of spam in the VBSpam test lab, and we also see how well such emails are being blocked by email security products. Worryingly, it is often the emails with a malicious attachment or a phishing link that are most likely to be missed.

Throwback Thursday: We're all doomed

Mydoom turns 15 this month, and is still being seen in email attachments. This Throwback Thursday we look back to March 2004, when Gabor Szappanos tracked the rise of W32/Mydoom.

VB2019 call for papers - now open!

Have you analysed a new online threat? Do you know a new way to defend against such threats? Are you tasked with securing systems and fending off attacks? The call for papers for VB2019 is now open and we want to hear from you!

VB2018 paper: Unpacking the packed unpacker: reversing an Android anti-analysis library

Today, we publish a VB2018 paper by Google researcher Maddie Stone in which she looks at one of the most interesting anti-analysis native libraries in the Android ecosystem. We also release the recording of Maddie's presentation.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.