Zero Day by Mark Russinovich

by Sheila English

In a world completely reliant on technology from airplanes to nuclear power plants what if someone could hack into anything and take it over? It’s a “what if” scenario that is eerily close to what our government has to worry about today. Written a by global authority on cyber security, Mark Russinovich talks to us about his debut thriller Zero Day which is now available. I caught up with Mark this week while he is busy promoting his novel and gearing up for two non-fiction technical book releases as well.

The Cyber Security Coordinator for the White House, Howard A. Schmidt gave you a quote for you book that says, “While what Mark wrote is fiction, the risks that he writes about eerily mirror many situations that we see today.” Tell us what unique qualifications you have and how you applied them to your debut thriller Zero Day.

I put a lot of my experience and knowledge of the Windows operating system and computer security into the book. After earning a Ph.D. in computer engineering from Carnegie Mellon University in the mid-1990’s, I immersed myself in Windows. First, I cofounded a software company, Winternals Software, which sold systems administration tools for Windows. It was highly successful and grew to about 100 employees when Microsoft acquired it in 2006. I joined the Windows product team at Microsoft as a Technical Fellow, the highest technical title in the company, joining a group of about 20 others.

At the same time I started Winternals, I also cofounded a freeware Web site, Sysinternals.com, where I’ve published over a hundred tools that many consider essential for managing and diagnosing Windows systems. Systems administrators, security professionals and advanced users download over 2 million copies of the tools every month. Many of the utilities have such powerful malware hunting and cleaning capabilities that it’s common for malware to try to prevent them from running. One of my most popular conference presentations shows how to use the tools with demonstrations on real malware samples.

To share my knowledge of Windows, I coauthored the official Microsoft book on its operation, Windows Internals, and have written dozens of articles on Windows and computer security for Windows IT Pro Magazine and Microsoft TechNet Magazine.

In short, my entire career has been focused on deep understanding of Windows, cybersecurity, and the study of malware behavior and technology. It’s my learning of the threat landscape we face that led me to write Zero Day.

The way the book is written you are able to tie in cyber terrorism in ways that really touch the reader on a personal level. Was it important to show so many varied scenarios and do you feel those scenes in the book is what really connects the reader to the threat?

I used many examples of malware compromising different computing systems, including those used in homes, businesses, hospitals, factories and even nuclear power plants, to highlight how dependent we are on those systems. That dependence makes us vulnerable to malware in ways that many people don’t realize. Unfortunately, securing those systems and preparing for problems is often an afterthought, and even when it’s not, it’s commonly checklist exercise and not a thoughtful plan.

If your personal computer suddenly died and all the data on it was destroyed, what would you lose and how would it affect your productivity? Or if you have a business, what would happen if all the computers in the office suddenly died? Those are questions you should answer before a real problem answers them for you.

I hope that Zero Day helps raise awareness of these threats, not just at a personal level, but hopefully at a national level. Of course, I also hope that readers enjoy a great story along the way!

Give us a synopsis of the overall story and tell us a little bit about your protagonist.

Jeff Aiken, the lead character, is a former CIA employee that tried to warn his superiors about the 9/11 attack, but was ignored. He quit shortly after to become a sought-after independent computer security consultant, someone called in to clean up sophisticated malware attacks and recover compromised systems. In some ways, Jeff is a projection of me into the book.

The book opens with a law firm hiring him after their servers are wiped out by an apparent virus infection. Similar incidents start occurring at hospitals, factories and other places, and a former colleague at the Department of Homeland Security, Daryl Haugen, starts investigating. She and Jeff find similar clues and quickly realize that they’re likely witnessing the onset of a coordinated, large-scale attack. After comparing notes, they begin a race against the clock to find out who’s behind the attack and to figure out a way to stop it. You’ll have to read the book to see if they succeed!

I saw on your website at that Bill Gates gave you a quote. And Nelson DeMille says, “Mark Russinovich is a Cyber Security expert who has turned his considerable knowledge into a very scary and too plausible novel.” What was that like for you to get such amazing quotes for your debut thriller?

As a Technical Fellow at Microsoft, I had the privilege of meeting regularly with Bill Gates to discuss my work when he was active at the company. At my first meeting, just a month after starting, we discussed computer security and I told him about Zero Day. He agreed that the scenario it depicts is realistic and worrying.

A few years later my publisher asked me to get blurbs for Zero Day. I had one of my scheduled meetings with Bill a couple of weeks after that and at the end of the meeting took the chance of asking him if he’d consider writing a blurb. I suspected he was inundated with such requests and assumed that he probably had a policy of turning them down, but I figured I didn’t have anything to lose by asking. To my amazement, he immediately said that he’d be glad to. I remember leaving the meeting feeling that I was in a dream – that my childhood hero was even considering putting a quotation on my novel was almost beyond my grasp. I sent him a copy and a few weeks later he emailed me the blurb that’s on the cover. It felt like I’d received an award.

Then, my agent emailed me one day around the same time with the news that Nelson DeMille had read the book and liked it enough to provide a blurb. To have a New York Times bestselling author lend his name to the book was like another award. I was also grateful and proud to get a blurb from William Landay, who’s written award-winning books including The Strangler.

As a first-time novelist, I was honored to have obtained fantastic technical blurbs from Gates and Schmidt, and flattering literary blurbs from DeMille and Landay.

You’re obviously a right side and left side of the brain kind of person. Is it very different to go back and forth between writing non-fiction and writing fiction?

Yes, when I switch between the two I hear the gears grinding. I almost feel like I shut off part of one side of my brain and turn on part of the other, and it always takes some time to make the transition. I find the two writing forms similar in some ways, like the fact that I have to picture my audience, decide the message, theme or information theme I want to convey, and outline the presentation. I find non-fiction much easier, however, since I feel like the lines in which to color are more clearly defined. With fiction I have to find the lines on my own, which makes me uncertain about the palette and picture. To continue the analogy, I have to trust the brush take me where it wants.

How much research did you have to do for the novel? Or did this story sort of come to you through the evolution of your own career history?

I didn’t have to do very much research related to cybersecurity, since in some sense I’m always researching it. I keep abreast of the latest events and trends by reading professional journals, news sites, blogs and books. One of my goals was to include technical information that would give readers a realistic view into the world of cybersecurity, malware and computer forensics. My toughest challenge was making sure that it was accessible to a non-professional, while detailed enough to satisfy the geek audience. I dialed down the amount of coverage based on early feedback from friends and family.

I did have to do quite a bit of research on the locales I used in Zero Day, though. For example, I’ve never been to some of the book’s settings, so I had to research cities and their customs and cultures.

What’s next for you?

It’s a really exciting year for me from a publishing perspective. In addition to having a great launch of my first novel, I have two non-fiction books coming out later this year. One is a new edition of the Windows Internals series and the other is a new technical reference I coauthored on how to use my Sysinternals utilities. I’m also working on the sequel to Zero Day, which will continue the story of Jeff and Daryl. They’ll face a different kind of cybersecurity threat, nation-sponsored cyber-espionage, that’s also become very topical lately.

Zero Day is a fast-paced read that, although it addresses cyber technology issues and their potential dangers, it also addresses the very human side of a potential cyber threat. From the first page you connect with the characters in a very real way and you realize just how much we are dependent on technology in a way that is nearly frightening.

To learn about Mark Russinovich, please visit his website.

*****

Sheila English chairs ITW’s Social Networks Committee and has been featured in The New York Times, The Wall Street Journal, NPR and Newsweek for marketing and book videos. She’s a regular contributor to Future Perfect Publishing, and has written an e-book on marketing with video. She is CEO and executive producer of Circle of Seven Productions and Reader’s Entertainment Group.