Geek lit: Microsoft's Mark Russinovich and his Rogue Code

Thanks to the seasonal holiday, I finally got around to reading Rogue Code, the third techno-thriller in the Jeff Aiken series. Like Zero Day and Trojan Horse, it delivers entertainment with serious messages about cybersecurity.

Earlier this year, Mark Russinovich, a Microsoft Technical Fellow who works on Azure, released Rogue Code - but not rogue code. It's the third techno-thriller in a trilogy based on Jeff Aiken, the main character in Zero Day and Trojan Horse.

Rogue Code cover

Each book is based on computer-related threats to modern society. The main ones in Rogue Code are rootkits and back doors, though you could probably include the whole field of high-frequency trading (HFT). This is the process by which "algos" (algorithms) trade billions of dollars worth of stocks at high speed in order to exploit very small price differentials.

In fact, the book may have been prompted by the "flash crash" on 6 May 2010 when - to quote Wikipedia - "a $4.1 billion trade on the New York Stock Exchange resulted in a loss to the Dow Jones Industrial Average of over 1,000 points and then a rise to approximately previous value, all over about fifteen minutes". Nobody knows why it happened, and it happened again in Singapore last year.

Russinovich mentions the NYSE "flash crash" several times, and the basic idea behind the book is that a sufficiently large crash could wipe out the whole stock exchange, resulting in severe damage to the American financial system if not a global meltdown.

In Rogue Code, however, the risk of a "flash crash" is being exacerbated by another two things: hackers planting malware on the NYSE's trading computers to steal money from trades, and the high-profile IPO of a popular new social network called Toptical. This is based on the real-life Twitter and Facebook IPOs, but could be an even bigger success, or an even bigger failure.

The NYSE hires Aiken and his partner, a new character called Frank Renkin, to do some penetration testing, and they uncover a complicated plot involving a mafia-style gang in Brazil. They eventually save the world with the help of Daryl Haugen - a central character in the earlier books - and a couple of CIA operatives. (Aiken used to work for the CIA.)

The book opens with a murder and a shock, but still follows the line of the two earlier techno-thrillers: a techno section followed by a thriller section. There's a lot of (perhaps too much) scene-setting before the pace picks up, but the second half is a real page-turner. Indeed, as you approach the end, you find it hard to believe everything will get sorted out in the rapidly diminishing number of pages. It does, but the wrapping-up stage is somewhat skimpy - more what you'd expect from a movie than a novel.

Either way, Rogue Code does manage to include stuff that should interest IT professionals while also being an entertaining read.

Will the trilogy now extend to a fourth or fifth book? It's remarkable that someone with Russinovich's software and programming expertise - he co-founded Winternals in 1996; Microsoft bought the company - could produce such a readable novel as Zero Day, and that's still the best one to read first. The others should have been easier to write, as he's learned more of the craft, but we don't know if more novels would be as personally or as financially rewarding.

They certainly could be. Last year, Russinovich tweeted that he'd "sold Zero Day/Trojan Horse/Rogue Code movie rights" and a successful movie could take the series to a whole new level.