You want to write about hackers and hacking in your fiction? Then this is the page for you.
Putting the Hacker in Fiction
First I'd like to mention Putting the Science in Fiction. It's a book about writing trustworthy science fiction and chapter 32 is called "Debunking Myths about Computers and the Internet." Myth 1-3 deal with hacking. Below they are with my additions. Read the book for the whole thing.
- There are no computer geeks who know it all and so having one in your writing will make computer experts roll their eyes. Build a team instead with a one expert per domain such as networking, software, and hardware. Or have your hacker seek help when outside their domain.
- Quick and easy hacking is not believable. I've written about this on my blog. In summary, hacking is hard and takes years of training beforehand and hours or days per hack.
- Real computers have backups. Don't base your story on the one and only copy of something digital. One of the powers of digital data is that you can make infinite exact copies. One way of resolving this is to poison the data that goes into the backups, thus crippling all the copies at once. But there's always a number of copies going back in time. At its core, backups are there exactly to make sure that a compromise or failure isn't final.
Writing Hard Hacker Fiction
My position: We need more believable hacker fiction, we need hard hacker fiction. That doesn’t exclude speculative elements but it does exclude glossing over how hacking is actually done, what a software bug is, and how computers work.
Authors like Alistair MacLean and Tom Clancy popularized the techno-thriller with immense technical details on their subject matter of military technology. Likewise, hard science fiction strives for scientific accuracy and logic. As an example, I’ll never forget my joy over the accurate silence in space in Stanley Kubrick’s movie 2001: A Space Odyssey.
The Mystery of the Hack
Programming a computer is itself a mystery for most people, as are many professions for the uninitiated. Hackers take a step beyond programming to exploit the unintended – things that the programmer might not have considered and thus not made their software handle gracefully. Such holes in computer program logic are called vulnerabilities, or vulns.
Since hacking is such a mystery, it should work great for fiction. We as readers love to wonder "how can that be?", "how can she possibly get out of that situation?", and "I wonder if that's going to come back and bite him somehow?"
But if we don't understand the solution to the mystery, it easily falls into the trap of deus ex machina – an act of God or "a seemingly unsolvable problem in a story is suddenly and abruptly resolved by an unexpected and unlikely occurrence."
Thinking of exploitation of weaknesses and vulnerabilities in the physical world gives us an opportunity to understand the mystery of the hack.
Three Wild Ideas For Physical Hacks
Here are three physical hacks that show how hackers think. Please don't try any of these ideas in real life as someone might get hurt or sick.
-
As a kid, I remember noting that milk cartons only had day and month printed as use-by date (no longer the case). This gave me the idea of saving a carton for a full year and then sneaking it back into our local grocery store. I never did but I still think about that hack. Nowadays when they do print year, how many actually check it?
-
What would happen if you nailed someone’s shoes to a wooden floor? Especially a pair of clogs? Maybe they’d fall over when they slip their feet in and aren’t able to move? Or maybe they always move their shoes before putting them on so they’d detect your “attack” right away?
-
Have you heard of TTL wire-wrapping? Probably not. It’s an old technique for connecting digital circuits without etching and soldering. Connections are made with thin wires that wrap tightly around tiny pins with sharp edges. A complex TTL project will eventually look like a birds-nest of crisscrossed wires.
As undergrads, two friends and I were tasked with designing and constructing our own micro computer with TTL and we spent a tremendous amount of time in the lab, eventually going in shifts.
There was this other team burning the midnight oil too and the two teams started challenging each other on coming up with the worst way to compromise the others' project. Maybe cut a random wire? Or remove one? Remove all wires to reboot the project? No, the most nefarious idea we came up with was to add one extra wire to the mix. I can still remember the sinking feeling when my friend Adam brought it up. It was a malicious hack and would be totally unexpected because when you're looking for mistakes you're looking for missing or erroneous things, not extra things on top of an otherwise correct setup.
And you know what? Here's a case where that actually happened 😫: It’s a wire-wrapped board sabotage.
All the three ideas above – year-old milk carton, nailed down shoes, and the extra wire to compromise a circuit board – are examples of doing something unexpected, something not considered, and something the victim would have zero defenses against other than luck or instinct. That’s exactly what hackers are looking for in software.
The Perfect Example to Bridge the Two
The best example I can provide of a computer hack that was almost a physical hack was for the online order form of a furniture company. The programmers had failed to consider a case where someone would order a negative number of furniture.
A hacker found out that you could order minus one bookshelf and be credited the cost of one bookshelf, as if you'd returned it. They reported the vulnerability and it was fixed.
The next time you wonder how hackers do it, or need your fictional characters to pull off a neat hack, think of minus one bookshelf.
The Human Element of Hacking
Hackers refer to this part of hacking as social engineering. Not the kind that politicians engage in but the art of manipulating humans to get access to computer systems.
Social engineering is sometimes easier than hacking the computer system itself but requires social skills and the ability to lie without flinching. It's an excellent tool for believable, exciting hacking in your writing. Lots of dialog and can be made humorous as the reader may identify with trying to resolve a computer issue and talking to a company's IT support. Mind you, such support staff are among the most hardened in security protocols so your hacker either has to be super smooth or manipulate a less experienced human target such as an intern or a new hire.
Some hacker conferences organize competitions in social engineering where the audience gets to listen in on manipulative phone calls. It's a moral gray zone for sure but they don't actually complete any hacks, as far as I know.
The most well known social engineer in real life is Kevin Mitnick. He co-wrote The Art of Deception – Controlling the Human Element of Security. I will review The Art of Deception in my newsletter and then post highlights here.
Avoid the Stereotypes
Some things will surely rub knowledgeable people the wrong way. Here are my dos, don'ts, and okays for hacker characters.
Dos, But Not Mandatory
- Geeky
- Vigilantes
- Die-hards for certain technology
Don'ts
- Only men
- Only straight people
- Only young people
- Only white people
- One trick ponies with no other interests
- Teenagers hacking away in parents' basement
Okays, Use Sparingly
- Wear hoodies
- Do drugs
- Are anti social
- All black clothes
- Elitist mindset
- Extreme computer setups with 6+ screens
Hacking as Plot Driver
I'm assuming the hacker is the hero here but you can obviously switch the roles.
Successful hacks are a perfect vehicle for reveals which drive a plot. Once in, the hacker gets access to data and documents that can confirm suspicions, pose new questions, or uncover an even harder challenge with a bigger payoff.
Digital traces and footprints are a thing so you can let the adversary be on the protagonist's heals through such discoveries. However, professional hackers know to hide their activities and not leak the digital tools they've developed just by using them. So if the adversary does find tracks they should be subtle or some mistake the hacker made outside the digital realm.
You have to take extra care if the hack itself is intended to be a plot twist. Surprising but inevitable, that's what readers or movie watchers want out of plot twists and unraveled mysteries. Their reaction should be "Waaat?! But of course." If it's just surprising, it may be a deus ex machina, and if it's just inevitable, readers will have seen it coming a mile away.
Hacking being such a mystery for most of us means it can easily be surprising. The hard part is to make it inevitable instead of an act of God. This is where I think a lot of fiction featuring hackers falls short. Often there's just some gibberish on a screen and voilà, the hacker is in.
Instead, the hack needs to make sense to the audience without the story becoming an instruction manual. Part of making it believable is accepting that most hacking is not fast or in-the-moment. Hacking requires thinking, preparation, and probing.
Try-Fail Cycles in Hacker Fiction
Real world hacking takes so much effort and so many try-fail cycles, it wouldn't make for entertaining fiction. But don't be afraid of letting a hack fail for days before it succeeds.
The actual failures can start out as silence (the target system simply doesn't respond) or graceful recoveries (the target system detects an error and takes corrective measures). As a hack gets closer to success, the hacker is typically able to get the target system to something partially but not fully wrong. In practice that can be the target system crashing/rebooting or a previous error message going away, meaning that the target system is now accepting the hacker's input. Hackers typically get really excited when they get close like that, not in the least because the earlier failures may have lasted for days with no signs of progress.
Hacker Collaboration – The Heist Team
As mentioned in my reference to Putting the Science in Fiction, the single know-it-all hacker doesn't exist. This opens up for heist teams with several competences. Here are some roles you can consider:
- Social engineer, a con artist
- Hardware hacker
- Network hacker
- Software hacker
- Cryptography expert, a niche of mathematics
- Maker, a hardware builder rather than a breaker
This Page Will Expand
I will keep adding things to this webpage as I continue to explore great hacker fiction. It may even become a multi page thing. The intention is to provide an invaluable resource for you. Stay tuned!