BKBNKFER.RVW 980804 "Bank of Fear", David Ignatius, 1994, 0-380-72280-1 %A David Ignatius %C 1350 Avenue of the Americas, New York, NY 10019 %D 1994 %G 0-380-72280-1 %I Avon Books/The Hearst Corporation %O +1-800-238-0658 %P 388 p. %T "Bank of Fear" While an exciting enough thriller, and one giving an unusually sympathetic and insightful view of the Arab communities, this book is rather disappointing both in the raggedness of its ending and in the unlikeliness of its conclusions. One must allow fiction writers some leeway to explain certain items, and this is usually done through dialogue. One character will expound to another on a given topic. it gets a bit annoying, not to mention straining the willing suspension of disbelief, when a banker has to be lectured on the precepts of banking, and a systems manager has to have a tutorial on the standard backup command. In general, however, the technology part of the book is pretty good. An important part of the plot involves finding confidential files on a known system to which access has been withdrawn. The solution is elegant, functional, and involves that reliable of all data penetration tools, ignorance on the part of management. Actually, the method doesn't even rely all the heavily on ignorance: most computer professionals would see backups as a security tool rather than a vulnerability. The use of UNIX as a platform is more of a literary convenience than anything else, since any common business system has the equivalent of an administrative user who can gain access to anything. The one weak point in this scenario is the quick realization of the importance of the backup tape on the part of people who were previously so lax that they didn't even use encryption for vital files. Other technical plot devices are used as effectively. There is a lovely piece of social engineering, again relying on management folly and a demand for convenience. Call back verification is used as well, and a neat conceptual way of using it to for system breaking is presented. And everything a desktop machine can do, a laptop can emulate. Communications technology does not get quite the same care. The universal nature of modem standards is mentioned, but not the functional difference (and audible similarity) between modems used on computers and those included in fax machines. No allowance is made for possible differences in systems and the need for different terminal types. The call back spoofing trick is cute, but relies on the ability of forcing a line to stay open after the remote end has dropped both the connection and the switch hook, and also on a remote user leaving a home computer on, with a communications program running, and an automated login script set up and ready to go. The worst error, however, is the one on which the final activity of the plot relies. Although there are gateways that can send electronic mail to Telex systems, Telex is a separate system and cannot be reached by the public dial phone system. Although you can get Telex devices that can be operated by computers, Telex does not use modems; at least not the same kind that are normally used for computer work. Telex lines, in fact, have different operating characteristics from phone lines, and even different voltages. Plugging a modem into a Telex line would fry the modem as surely as plugging an ISDN modem into an analogue line would fry the ISDN device. copyright Robert M. Slade, 1998 BKBNKFER.RVW 980804