'Trojan Horse' blends malware and geopolitics in a taut thriller

'Trojan Horse' blends malware and geopolitics in a taut thriller

Summary: Microsoft Technical Fellow Mark Russinovich has published his second novel, a page-turner that's solidly grounded in technical facts. In a world where Stuxnet is just the beginning of a global campaign of cyberwarfare, who can you trust?

SHARE:
russinovich-trojan-horse-cover

Mark Russinovich is a great storyteller.

If you’ve heard him speak at a technical conference, you know that this Microsoft technical fellow is whip-smart. His presentation on how to root out malware is like an episode of CSI:Sysinternals—fascinating and compelling even if you’re not a security geek.

So it shouldn’t be surprising that Russinovich’s new novel, Trojan Horse, is an absolute page-turner that’s solidly grounded in modern computer technology.

This is the second novel from Russinovich, who published Zero Day two years ago. His characters from that novel make a return appearance here. Jeff Aiken is a brilliant computer security expert, a PhD and amateur rugby player who comes in to clean up security messes in big corporations and secret government agencies worldwide; he’s assisted by his girlfriend and partner in digital crime solving, Daryl Haugen. She’s also a PhD, a former NSA spook, and an expert at cracking into computer code.

The story starts off in sparsely populated Central Washington, where foreign attackers have succeeded in taking down the power grid for 14 minutes with a piece of custom-built malware. That kicks off a series of small tragedies, including a delicate bit of brain surgery that goes wrong when the computer running the operating room keeps rebooting.

From there the story begins rolling and picks up speed as it caroms around the world, to London and Geneva and Prague and Ankara. Bureaucrats from the U.N. keep getting in the way of British and American intelligence agencies. The Iranians are behind everything, or maybe it’s the Chinese. Or maybe it’s someone else completely.

There are kidnappings and shootings and one hilarious and hair-raising chase scene involving three cars and an ultralight plane through a desolate stretch of Turkey that ends in … well, I won’t spoil it.

The plot holds together admirably, with Stuxnet playing a key role in the breakneck sequence of events. There’s a certain predictability to the plot, as with any thriller, but there are also some artful misdirections and one twist that I guarantee you won’t see coming.

Normally I cringe at the silly technical errors in novels that try to describe computer technology. But Russinovich’s mastery of code (malicious and otherwise) keeps things from running off the rails. Interestingly, an Android Trojan leads to the downfall of one of the bad guys, but the most dangerous vector, the carrier of the Trojan Horse that gives the novel its name, is a mythical program called OfficeWorks—a thinly disguised pseudonym for Microsoft Word.

I read the first half of this novel on a flight to Eastern Europe, and when I got off the plane in Berlin I found myself eyeing my fellow passengers suspiciously. Was one of them secretly a double agent? A triple agent, even? It took hours to shake the paranoia.

Russinovich’s writing has matured in this second effort, and his characters have genuine staying power. His work reminds me of Dick Francis, who wrote some superb thrillers about the world of horse racing from which he had retired. Both authors write about what they know, and they bring small details to the story that help it ring true.

It’s a shame that summer’s almost over, because this is ideal beach reading—a thriller that tackles a couple of big issues and will get you thinking (and worrying) about the fragility of the world’s power grid and information infrastructure. But it’s also perfect for a long plane ride or a rainy weekend.

Highly recommended.

Topics: Security, Government US, Government UK, Malware, Tech Industry, After Hours

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

7 comments
Log in or register to join the discussion
  • Sounds interesting!

    I enjoy those types of mysteries myself. Jeffrey Deaver's
    "Blue Nowhere" and "Roadside Crosses" spring to mind, as
    does Daniel Suarez' "Daemon". Also enjoy John Sandford's
    "Prey" series. End of summer...might have to head for the
    local bookshop and see what is on the shelf!
    wizard57m-cnet
  • I'm sure it's great but I still can't help but

    wish MR would focus on addressing azures shortcomings and leave authoring novels to others. Yes most are lame in the technical but that's more than good enough for their largely untechnical target audience. Others can cover that adequately, they can't flush out azure. We need MR focused there
    Johnny Vegas
  • OfficeWorks...

    Or maybe its a sneaky reference to Microsoft Works...
    CarlitosLx
    • OfficeWorks in Australia

      In Australia, Officeworks is the name of a large chain of office supplies shops.
      I hope that they don't sue!
      ozchorlton
  • It's got to be better than..

    The pseudo-cryptography/computer babble in a Dan Brown novel. He can write a page turner, but he really needs to get someone somewhat knowledgeable about cryptography and computers to add some realism to his stuff.
    Flydog57
  • Looked at a map lately?

    I am trying very hard to not let your recommendation of this book be influenced by your knowledge of geography. Berlin is in Eastern Europe?
    eelight
  • Been there, done that!

    In 2003 I devised a stuxnet-style attack on the U.S. electric power infrastructure that was used in the 2010 Lior Samson techno-thriller, Web Games (Gesher Press). Ironically, the manuscript for that was finished and sent off to press just as the stuxnet story was breaking.

    It is not just novelists who scramble the technical details. David Sanger, author of Confront and Conceal, reports as fact an account of the stuxnet infection and escape into the wild that is a technically impossible fabrication. (See my interview with Steven Cherry at http://spectrum.ieee.org/podcast/computing/embedded-systems/stuxnet-leaks-or-lies.)

    --Larry Constantine (pen name, Lior Samson)
    ProfessorLarry