Last Updated on Friday, 23 July 2010 00:59 Written by Brian Baskin Monday, 19 July 2010 21:33

This month the revised edition of Dissecting the Hack: The F0rb1dd3n Network was released to the public. This is an awesome moment to finally put a major project to rest and look forward to the future (and any potential bad reviews :))

The back story is full of enough gossip to almost equal that of the LIGATT controversy. Without going into details, Jayson Street worked up a plan for a fictional hacker story with a technical reference section to explain the techniques used in the story. However, as Jayson worked to finish the fictional side before the deadline, they contacted someone to work up the technical portion. The person that wrote the technical, non-fiction portion copied much of the material from public sources without citation or attribution. From what I've learned, this is the kiss of death in the publishing world, a huge scandal that can cause a major set back for a company. His book had a technical editor, whose job it is to ensure that the material is original, clean, and appropriate for the tone of the book. The technical editor also wrote the technical material, normally a line that isn't crossed. It was a situation that everyone thought would go cleanly, but didn't.

What follows here is basically what occurred after that point. Some details have been omitted, others glossed over, and overall it was a great experience.

Let's Do This Thing

When Jayson Street was surprised about the plagiarism late on a Friday night, news hit the InfoSec Twitter world hard. Accusations were flying and he stuck around to put forth his side of the story. During this time, he was in talks with Marcus Carey who helped talk him off the ledge and work on a strategy for moving forward.  A few days later, Marcus calls me at home to fill me in on the situation and the new strategy: Marcus would be re-writing the technical portion and they wanted me to act as the technical editor.  I looked at my work load, and family load (my wife had JUST delivered a baby, with me assisting, the Tuesday after the story broke) and decided that I could help.

Time went by. DojoSecs were scheduled, Marcus and I both gave talks at TechnoForensics, DojoCon kicked off, and lots of life events occurred. There were many offers of assistance from others in the field, but the process needed to be tight and clean, with formal contracts for everyone. So, many offers of assistance just couldn't be accepted.

Towards December, Jayson and Marcus crafted together a genius idea: play out the story in real life through Twitter and web servers. They spent weeks organizing the events and time lines, crafting scripts, registering domains, with Marcus putting together a guide on how the reader can follow along in the real world. The reader can actually perform the reconnaissance steps used in the story to see how the attacks could be done. A sandbox was created for the reader to play in.

It was an excellent idea, but it required a lot of time and effort. And, through its development, it caused the manuscript to become very late. Now, obviously, a publisher is not happy with late deadlines. Syngress had a goal in mind to get the book printed and on shelves by the time ShmooCon hit in early February. At ShmooCon, we were just finishing up our final edits. Egg on us, but it really was to make a better product. Still... egg. Communications should have been better.

Then, as part of the final review cycle, issues arose. The editors didn't like the way that the material was flowing. Marcus's content relied on keeping material simple and approachable, and was full of personal anecdotes. Many thought the non-fiction would be better off in a very tight structure, instead of the loose story-telling that it currently was in.  

And so, after many months of effort, the call was made to scrap the material and be done with the book.

Rewind

I don't hold anything against Syngress. They were fully within their rights, and their timelines had already slipped. The book had moved into dangerous territory and they were trying to protect their company. However, we didn't back down. At the end of February, after emails, phone calls, and conference calls, they agreed to let us have another go at it - with very strict rules.

They needed a new technical writer to write the material, and I turned it down. Life was too hectic, work was WAY too hectic, and I was taking two college courses. After a few days, though, I was notified that there wasn't much luck finding a new writer and the book would likely die. 

So, at this point, I would be the primary writer. A new technical editor would be found to review the material. Syngress also brought in a development editor to review the material for any copyright or legal issues, with the lead editor also reviewing material. There would now be almost half a dozen eyes on every sentence throughout the process. And, we had a month to complete the process.

Beware the Ides of March

It was an aggressive schedule, to be sure. It was a large sacrifice, and a large amount of effort, but the only other choice was to let the book die and lose everything. And I would never be able to live with myself if that occurred. 

Syngress hashed out a structure for me to follow, assigned staff, and we started working. I had to go at a fairly fast clip, but generally averaged one page per hour. Even pages with images followed that same rate, as the images had to be prepared exactly right. My personal goal was to hit out 10 pages a day, with weekends being great writing days. I worked in chunks. Chapters 1, 2, and 3 came first. I would finish chapter 1 (Recon), submit it for review, and then immediately started on 2. After 2 was complete, I'd submit it and work on 3. By the time 3 was nearing completion, my first reviews on 1 would return with changes I needed to make.  The actual development time on a single chapter, including research and writing, was around 3-4 days.

After the first three chapters were done, we then set them in stone and moved onto the last few. It was late into this process that Dustin Trammell (I)ruid) came on board to perform the technical editing and he was a God send. He took to my prose with a scalpel and smoothed out the flow, fixed grammar issues I didn't even notice, and helped carve out my very comma-friendly writing. (I love to use commas a lot, and it's a habit I've been trying to fight).  I don't think I)ruid really knew how fast the bus was going that was about to run him over :)

We then went through a barrage of image copyrights. Everything was scrutinized to determine if it could be used. Many images were pulled from the content when all was said and done, some due to just the amount of time it would take to get a signed release.  Some groups allowed us to report images from their websites and products, and I greatly appreciated the effort. A few knew of the previous situation and put in stipulations that the old technical editor would not, in any way, be working on the new book. They didn't want their good names tainted with a scandal, which I can definitely appreciate and understand.

Work continued on. I was putting in 45-50 hour work weeks in my day job, spending 9-10 hours a week commuting, and 8-9 hours a week taking college courses. I then spent nearly every spare moment I had writing. I would lock myself in the basement as soon as I came home, coming up only for a brief 30 minute dinner, then back to work. Work would end around 11PM every night, I'd get ready for bed, then up the next morning at 0430 to start all over again. When all was said and done, I had logged over 300 hours into the project.

In the middle of the month I also volunteered as a judge for the MidAtlantic Collegiate Cyber Defense Competition. An awesome experience, one that I enjoyed immensely, as I worked with two college blue teams with their technical questions and incident response forms. But, it logistically hurt. It took place on two days in which I was off from work, so I had to give up two good writing days. My solution was to stay at a hotel next to the building to avoid the 2 hours/day commute and focus on the writing.

Work load increased. Every review cycle brought new, hard-hitting questions. Errors were found, issues needed resolution, tempers flared. Jayson Street and I talked 2-5 times a day through email or phone, motivating each other through the process. Jayson was already providing needful advice through the process, helping me unravel the story and understand the motivations and techniques. We commiserated together as he was going through his cancer treatment at the time, but at least the jokes never stopped coming.

Things get serious 

Half way through the month of March things got serious. It was a Sunday night, the day before my first big deadline, and I froze in my seat. A hot, searing pain radiated through my body, starting from my chest and along my left arm and upper back. My first though was that I was having a heart attack. I had just lost my brother-in-law (Christopher Byrne, RIP) in January of 2009 at the age of 32 to a heart attack, and I had just turned 30. My family was upstairs, I was in the basement, and I couldn't move. The pain increased, and I could barely breath. Then, unusually, the pain continued. From my scant experience I figured the pain would be quick and done, but it actually lasted for over two hours. At that time, I could breath and walk again, but was still in constant pain. I went to bed, hiding my affliction from my family.

The next morning I woke up in serious pain, still. I told my wife, then drove to an urgent care center. A quick electrocardiogram and they couldn't see anything wrong and referred me to a cardiologist. To make a long story short, the pain lasted for seven weeks in intervals lasting from an hour to five hours long. After an echocardiogram and stress test, the doctor could find nothing wrong.  His diagnosis: "calm the hell down and stop getting so stressed" (that was verbatim, I liked that doctor :)).

Help, Marcus!

During much of this process, Marcus went offline. While he was rebuilding himself (with the assistance of P90X), he took some time off the Internet. Marcus was still a very central person to the entire project and he needed his place in the project. As part of the brainstorming he and Jayson had around Christmas, they devised a plan for various interviews on Information Security to be transcribed into the book. The first such interview was done with Dan Kaminsky at ShmooCon, with the video made available soon after on the Internet. 

After weeks of effort, Jayson and Marcus were able to secure interviews with many of the great celebrities in our industry: Jeff Moss (who I had the pleasure of meeting at our DoD Cyber Crime Conference), Johnny Long (always a pleasure to include a friend), and Marcus Ranum (who had recently gave an insightful presentation at a DojoSec). There was a lot of pressure on Marcus and Jayson to get the releases in place, schedule the interviews with Marcus Carey, and to manually transcribe all of the text, but the results were impressive!  

On Reflection

When the book was all said and done, the pressure dropped immensely. I had the chance to review the work and mostly liked what I had created. There were issues the editors brought up that I tried to resolve, some better than others. Suggestions made by I)ruid were well received and resolved. There were some exceptions where great suggestions were made that I just could not complete due to exhaustion, and the mental roadblock of taking a 100% chapter and moving it back to 90%.  Wish I could, wish I had, but we'll see how it hurts the book.

In April they estimated the book would be out by the week of Black Hat, which made everyone happy. To have the book available at Black Hat and DEFCON for sales was a BIG THING. Our fingers were crossed.

And then, it came! On July 1 my wife was presented with a surprise package from Syngress. It was the book! I rushed home that evening and looked at the book in its pristine shrink wrap... then packed it back away, unopened. It was too much to take. All the blood, sweat, and tears that went into the book came back to my mind. Opening this book would be a final confirmation that it was over, that we could move on. And I just couldn't do it.

It took me almost a week, with persuasion from my wife and from Jayson, before I finally opened the book and flipped through. There was the image of .ronin and his VERA-NG rifle from ShmooCon, the review of CP's Advanced Dork Firefox add-on, the stories from my own past experience. It was over. It wasn't perfect. It wasn't easy. It was the largest pro bono project I've ever done. But, it was well worth the effort.