Breaking and Entering: The Extraordinary Story of a Hacker Called "Alien"

Image of Breaking and Entering: The Extraordinary Story of a Hacker Called "Alien"
Author(s): 
Release Date: 
January 8, 2019
Publisher/Imprint: 
Eamon Dolan/Houghton Mifflin Harcourt
Pages: 
304
Reviewed by: 

“a book that reads like a fictional thriller while remaining solidly grounded in fact.”

When journalist Jeremy N. Smith bumps into an old friend while picking up his daughter at preschool, he discovers that “Alien,” as she was known at MIT, is now a full-time hacker with her own security business. Fascinated, he does what journalists do—he pursues the story. The result? Breaking and Entering: The Extraordinary Story of a Hacker Called “Alien.”

Smith begins with Alien’s early exposure to computer programming at MIT, followed by a stint with “Elite Defense” as an “agent” troubleshooting client security loopholes, and her ultimate decision to become a freelancer with her own business, “Tessman Security Consulting,” first as a subcontractor for another company and then as an independent with her own clientele.

The result is a book that reads like a fictional thriller while remaining solidly grounded in fact.

Smith begins by expanding our awareness of hacking in its many forms. While most readers will think of hacking as computer related, we learn that it actually involves various forms of intrusion.

As a student at MIT, for example, Alien is introduced to physical hacking, a form of urban exploration or spelunking, where a group of students infiltrate mechanical rooms, roofs, unused elevator shafts, and other unseen spaces in campus buildings. “We don’t just pick locks to pick locks,” she’s told. “We pick locks to see what’s on the other side.”

Physical hacking can take another form in what Alien refers to as “social engineering,” the process by which individuals such as security guards and employees are manipulated by the hacker to gain access to secure areas of targeted buildings. The book also covers other more familiar forms such as phone hacking, phishing, and computer-related activities such as the insertion of viruses for keystroke capture and password detection.

As Smith relates one anecdote after another tracing Alien’s development as a security troubleshooter, we’re surprised and shocked by how effortless it is to penetrate the security defenses of her clients’ companies. We find that most employ what “Infosec experts called . . . the ‘M&M’ security model. Once you penetrated the hard outer shell, there was nothing to stop you from getting at everything inside.”

Indeed, once her own “white hat” hacking business is up and running successfully, Alien “had stopped being surprised by how easy it was to hack everyone . . . She and her team were cracking open important organizations on a daily basis.”

Smith’s book is remarkably easy to read. Although hacking can involve very complex programming tactics and systems architecture issues that lay readers would struggle to understand, the author keeps the technical side of the story manageable and easy to follow. Indeed, the instances where he reproduces lines of code are minimal, and the eye can easily pass over them without missing anything crucial to the story.

As the central figure in Smith’s tale, Alien becomes much more interesting as her biography unfolds. The early days at MIT evoke mixed feelings. While the time spent in physical hacking is clearly the main feature of the story at this point, one can’t help but chafe at her relative disinterest in the educational side of the privilege of being enrolled at MIT. Furthermore, her regular use of LSD and the substance abuse around her—ultimately responsible for the death of her friend “Mace”—will alienate some readers.

However, she becomes much more engaging once she leaves college and finds her way into the world of security troubleshooting. Her experiences at “Elite Defense” (all names in the book are pseudonymous) are clearly affected by gender discrimination, and the reader easily empathizes with her feelings of exclusion and exploitation.

Once she reaches the point where she owns and operates her own business, readers will be firmly on her side. As an employer with employees to manage and a wife and expectant mother still running penetration testing forays for her increasingly important clients, Alien has become someone we’re cheering for with each new anecdote.

She has traveled a long road, from the student dropping tabs of acid and the Elite agent who “had used Adderall and Ambien to power through one emergency after another” to a successful, independent businesswoman who has even cut down on tea to avoid caffeine while pregnant.

When we finally reach the scene late in the book where she’s up at midnight debugging a phishing site while nursing her daughter, Smith remarks: “Their first all-nighter together had begun.” We can’t help but smile, thinking that her evolution is now complete.

Effortless to read, Breaking and Entering is an engaging cautionary tale of security vulnerabilities and the constant threat of cyber attacks that businesses and institutions face on a daily basis. Knowing that our own personal security hangs in the balance, we can’t help but feel glad that “white hat hackers” such as Alien are out there doing their best to stem the tide.