Dr. Dobb's Journal January 2004
While Hacking: The Art of Exploitation (No Starch Press, 2003) is surely a fine book, I'd like to go on record as saying I'm not its author. Yes, that Jon Erickson is the author, but no, this Jon Erickson isn't. Yes, this Jon Erickson is unquestionably a hack (that is, "someone who works as a literary drudge"), although I'm quite certain that Jon Erickson isn't.
No, the author of Hacking couldn't be me, since I stopped writing books several years ago. Let's see, there was Saving Water in the Home & Garden, published just as the California drought ended. Then there was Using R:Base 4000, on the shelves right after R:Base 5000 was released. And how can we forget (no matter how hard we try) the classic Image Maker: Graphics on the IBM PCjr. Of course, this Jon Erickson did redeem himself somewhat with The Homeowner's Guide to Drainage Control & Retaining Walls and Gardening for a Greener Planet: A Chemical-Free Approach. (And you wonder why this Jon Erickson isn't lounging on a tropical beach somewhere, enjoying the fruits of his royalties.)
Actually, this isn't the first time some other Jon Erickson has intruded on this Jon Erickson's life. About the time this Jon Erickson was setting the publishing world a-buzz with books such as C-64 Telecommunications and Increase Its Worth: 101 Ways to Maximize the Value of Your House, some other Jon Erickson was cranking out books like Volcanoes and Earthquakes, Plate Tectonics: Unraveling the Mysteries of the Earth, and Asteroids, Comets, and Meteorites: Cosmic Invaders of the Earth. I know because I received one of that Jon Erickson's royalty checks. It turned out that not only did we share names, but we shared the same editor at the same publishing house as well. Go figure.
Of course, one or two more Jon Ericksons couldn't help but muddy the waters even more. There was the Jon Erickson who wrote the book Housing the Homeless, the one who wrote Kachinas: An Evolving Art Form?, and the must-have-been-really-smart Jon Erickson who penned Digital Nuclear Medicine. None of these Jon Ericksons were this Jon Erickson, nor presumably that Jon Erickson who recently wrote Hacking. What's worth noting is that with all these Jon Ericksons running around writing books, there was nothing malicious going on, further underscoring how difficult it is to control intentional identity theft when it does occur. From all accounts, identity theft is the fastest growing crime in the U.S., with more than 900,000 new victims each year (http://www.consumer.gov/idtheft/). Furthermore, a study by Meridian Research projects that by 2006, the financial institution industry alone will lose $8 billion to identity theft. Overall, according to the U.S. Federal Trade Commission, identity theft cost U.S. consumers and businesses $53 billion in 2002, affecting about 9.9 million Americans. For whatever reasons, police unfortunately only catch the lawbreakers in fewer than 10 percent of the cases, at least according to the Identity Theft Resource Center (http://www.idtheftcenter.org/).
Like this herd of Jon Ericksons, identity thieves come in all shapes and sizes. One crook, for instance, was indicted for filing false tax returns in the names of 614 Florida prisoners, trying to get more than $3 million in fraudulent refunds. Another was convicted of stealing biographic and credit information from real people, and yet another stole names and Social Security numbers of people, using them to open credit-card accounts to make fraudulent charges. In some cases, the thieves simply go through people's trash, finding information such as credit-card and Social Security numbers, while in cases like that of the now-infamous TriWest Healthcare Alliance heist, someone stole actual hard drives containing Social Security numbers, addresses, and other records of about 500,000 armed-forces members and their families.
Acknowledging that identity theft is indeed a problem, the Financial Services Roundtable, a group representing about 100 financial institutions, is creating the Identity Theft Assistance Center, which will open its doors on May 1, 2004. Backed by pending federal laws, identity-theft victims will be able to make one phone call to their local bank, which will then notify the Assistance Center. Among other steps, the Center will then notify law enforcement, financial institutions, credit-card companies, and credit bureaus.
Of course, to that Jon Erickson, author of Hacking, identity theft is the result of stack overflows, heap overflows, string exploits, cryptographic attacks, and the like. But to all the rest of us Jon Ericksons, identity theft is one of the most nefarious deeds that can be committed. The moral: Be careful and guard your identity.
Jonathan Erickson
editor-in-chief
jerickson@ddj.com