Lior Samson
It's not exactly a blog, but occasional short essays relating to writing and to my writing will be added here from time to time.

[4] Timing is Everything (January 2011)


Warfare in cyberspace has taken a dark and serious turn. The story of the Stuxnet software worm used to attack and cripple Iran’s nuclear facility at Natanz finally made the front page of the New York Times on 16 January 2011, but it had been in and out of the mainstream news since the previous September. The Times article all but confirmed that the software was the product of a large-scale collaborative effort implicating both the U.S. and Israel. They were perhaps aided—allegedly, as journalists are compelled to say—by Germany’s Siemens AG, the industrial giant whose software was compromised and whose automation control modules carried out the instructions delivered by the Stuxnet invader. In the process, 984 high-speed centrifuges were directed to self-destruct even as the plant operators carefully monitored their high-jacked computer screens that fooled them into thinking all was well.


The vulnerabilities in software and hardware that were exploited in this precision cyber-warfare attack have long been known to industry insiders. I am no software security expert, but I have friends in the field and have consulted as a designer to companies involved in industrial automation and control systems. Based on that consulting work, I became familiar with the PLC programming and SCADA systems that control almost all modern industrial equipment and processes. Knowing the basic operating principles as well as the technical weaknesses that would make such systems vulnerable, in 2003 I devised the basic design for a Stuxnet-style attack on the U.S. electrical power industry. The concept became the pivotal piece for the plot of a techno-thriller revolving around a terrorist attack in cyberspace.


But life, work, and other projects intervened, and seven years later, in early August 2010, I finally finished the manuscript of Web Games, confident that the cyber-warfare scenario envisioned in the novel was entirely feasible but fenced off in fantasy, safely embedded in the unreal realm of fiction.


Safety is so often illusory, and fences can prove to be so permeable. I certainly did not expect my storyline to be trumped by the headlines. The world caught up with me, and the border between fantasy and fact was breached by the Stuxnet worm. Stuxnet, first reported in June 2010 by a small security firm in Belarus and the subject of wider press coverage in September 2010, is a new order of malware that combines several technological firsts to enable it to infect precisely the sort of industrial control systems targeted in Web Games. The Stuxnet worm was, in effect, an unexpected real-world proof-of-concept of the kind of cyber-warfare attack envisioned in the novel.


The fictional software Trojan that I invented back in 2003 and the real Stuxnet worm surfacing now have much in common. It is as if we were reading from the same playbook. And now that playbook is a matter of public record, both because the code of the Stuxnet worm has been widely distributed and because its analysis and deconstruction by security experts like Germany’s Ralph Langner have been carried out in the public forums.


Although, as Langner and others have demonstrated, the Stuxnet software was exquisitely tailored for a surgical strike on very specific targets, the general principles define an entire class of software weapons that can be pointed in many different directions—including back at the creators of those weapons. Although some specific exploits employed by Stuxnet can be blocked—and some already have—others are so fundamental to the way industrial equipment and processes are controlled that plugging the holes will be difficult and costly in the long run and all but impossible in the short term.


Stuxnet was, if we are to believe the analysts, the product of nation-states working with abundant resources. Nevertheless, so much of the technical detail needed to construct such an attack is now readily available that a concerted, coordinated, and well funded effort by an ad hoc team of skilled hackers—or terrorists—cannot be ruled out. As for the guided software missile that took out part of the enrichment facility at Natanz, if, as has been widely alleged, Israel was the principal perpetrator, they most likely had inside help. Langner's investigations indicate a possible link with Siemens in Germany via Homeland Security's Idaho National Labs. We may never have more than informed speculation to sketch out the story, but Siemens helped INL construct a duplicate of its own security research testbed in Karlsruhe, which would have given the U.S. intelligence community an inside track on vulnerabilities in Siemens STEP 7 and WinCC platforms as well as a sandbox in which to play with scenarios exploiting these weaknesses in interconnection with the actual control modules of the types used to operate the Iranian centrifuges. The fingerprints of Mossad are all over the operation, and exiting Mossad Director Meir Dagan's recent remarks would seem to lend credence to their culpability. In as much as the well timed assassinations of two Iranian scientists also bear the hallmarks of Mossad, it seems less and less likely that the IDF's Unit 8200 was behind the Stuxnet operation, as some had previously speculated. But, ordinary mortals may never know.


Timing is everything. In part, the Stuxnet attack succeeded because it was the first, and certain of the techniques it employed will not work a second time. Yet, even as holes in one part of the digital dike are plugged, weak spots elsewhere are waiting to be breached, and new cracks are created even as old ones are repaired. It is a new order of arms race, taking us down a path never traveled before, an escalation in which inexpensive, versatile, and relatively easily obtained ammunition can cause massive destruction.


Timing is everything. Had Web Games been published a few years earlier, it might have served as a warning shot across the bow. Had it come out mere months earlier, it would have been heralded as prescient. Does it count as life imitating art when the art becomes public after the events of life? Probably not. Still there is more to come and much to learn. Perhaps there are useful lessons to be read in Web Games.

The author can be reached by email: liorsamson(at)liorsamson(dot)com. Or use the form on the contact page.

[3] It’s only game. Right? (December 2010)


My eldest daughter was visiting over the holiday weekend, and my son-in-law happened to glance down at a copy of Web Games, the third in what is emerging as a series of technology-tinged thrillers involving the redoubtable sometime spy, Karl Lustig. In the world of espionage, things are seldom simply as they seem. Karl is a white-haired gentleman who blogs about technology, not the sort one suspects of being in league with Israeli intelligence. Indeed, an essential skill of spycraft is trading on the principle that people will see what they expect to see rather than what is staring them in the face. Our perception of the world, of friends and foes and mere objects alike, is tinted by our expectations. We are all victims of the invisibility of the unexpected. Like the student subjects in an infamous experiment who, intent on counting basketball passes failed to notice a stooge in a gorilla suit, we all see what we expect and miss much of whatever does not fit our preconceptions.


My son-in-law, looking for the first time at the cover of Web Games admired it for a moment before frowning and commenting that the tagline was strange. “Is that an expression?” he said, pointing to the text prominently printed across the bottom of the front cover. “I thought the phrase was ‘It’s only a game.’”


“Yeah, that’s what it says,” I replied, suppressing a mix of mild irritation and rising anxiety as I picked up another copy. “It’s only a game. Right?” I then looked down and read the tagline from the book: “It’s only game. Right?” There was no letter a to bridge the only and the game. It was a publisher’s nightmare, a book cover sporting a stupid, unmistakable typo.


“The a  must have been accidentally deleted when the image file was last updated,” I said, as I muttered a string of deleted expletives and hoped that this was the case. But, it was not the case. A little archival research turned up a paper mockup of the cover from nearly a year earlier, when the final draft of the novel was still a work in progress, and there it was, in white-on-black, that same egregious elision, the indefinite article that wasn’t there but that had been read by every single one of the many who had reviewed and commented on the cover design. We had all read it as we expected it to read: “It’s only a game. Right?” And the error had been copied and pasted into every version of the cover art ever since. (And there it is, deliberately this time, in the title at the top of this essay.)


This is the sort of bugaboo that makes proofreading such a difficult and essential art. I have spent many years as an editor and have gradually become quite good at spotting typos. I have even been known to pick up a book at a bookstore, casually start reading it, and immediately notice a misspelled word somewhere on the page. For the most part, I resist the temptation to reach for my pen and correct the error on the spot. That’s the story with the work of someone else and with a first reading. The story is quite different when reading one’s own work. I might read a sentence of my own writing for the twenty-third time and still not notice an incorrect verb tense or a misplaced comma. Or I could check over a book cover a gazillion times and miss the missing article.


As fortune would have it, Web Games was proofread by a first-rate copyeditor. Janet Lemnah is the kind of professional that every publisher seeks, one with an awesome attention to detail and the ability to read what is really there on the page rather than what should have been there. Unfortunately, she did not get the opportunity to proof the cover art. I’ll make sure she does next time!


One of the marvels of modern print-on-demand publishing is that corrections can be streamed, so the omission has already been fixed. If you buy a copy now, it will sport the tagline that makes sense. The collector’s edition, without that important little letter, is in the possession of a handful of reviewers, a small group of early purchasers, and the author. If you are interested in a copy of this very limited edition as a modest monument to human limitations or to test your friends, just send me an email. Someday it may become a real collector’s item.

The author can be reached by email: liorsamson(at)liorsamson(dot)com. Or use the form on the contact page.

[2] Work in Progress: Becoming a Writer. (August 2010)


Some authors write with easy grace. Some start at the beginning and the words pour out in an unstanched flood until the closing paragraph is reached. Some even enjoy writing.


None of these is me. I have been writing professionally most of my adult life, and it has never been easy and rarely been fun. Most of the time it is a meandering navigation through a maze of detours and false starts and do-overs. Much changed, however, when, late in my career, I began work on my first novel. It was still work, at times hard work, but it was fun work, work in which I could become completely absorbed and lose track of time for hours on end.


The bulk of the writing on Bashert, my first novel, was done while I was a visiting professor teaching in Europe. With weekends and evenings my own, I had large blocks of time to write without too many outside distractions. I had promised myself, with my wife as witness, that I would finish the first draft before returning from overseas, but even the extra pressure of a witness does not mean the promise will be easy to keep. I was still three chapters short when I boarded my flight from Europe heading for home. I plugged my laptop into the power tap in my seat before the plane finished taxiing from the gate and began typing shortly after takeoff. More than seven hours later, we were on final approach into Boston’s Logan Airport as I typed the closing quote mark on the last sentence, saved the file, and hurriedly copied a backup onto a USB stick as the flight attendant reminded me that all electronics needed to be turned off in preparation for landing.


As with so many writers, the seeds were sown in childhood. As a young boy, I was a voracious reader, particularly of science fiction and Greek and Roman mythology, and had always been fascinated with words and wordplay. My mother, a newspaper editor and columnist as well as a would-be short-story writer, was an inspiration. She could proofread directly from metal plates—which are upside down and backwards—and was ever telling stories of catching her boss’s errors or teaching him new words. She did the same with me. It was with her encouragement that I got my first publication, a poem appearing in the local newspaper when I was ten or eleven. In some ways, from there it was downhill.


I reached the pits in my progress as a writer when I received a big fat F—my first ever flat-out failure—on an essay for one of my humanities classes at MIT. My professor called me into his office and told me I was hopeless, that he doubted I would ever be able to write a readable sentence, much less a coherent paragraph. I left his office with my ears burning and my head ringing with dark thoughts. Determined to show the bastard that he was wrong, I started to learn how to write. I have been doing that ever since: reading, writing, reading about writing, and eventually becoming a pro.


Nowadays, anyone with an online account can become a columnist under the ugly banner known as blogging and thereby garner a few shekels from ad click-throughs. But there was a time when becoming a magazine columnist was challenging. It also paid fairly well, at least in the bygone years when I had monthly columns in several technical trade publications.


Most of my paid and unpaid writing has been non-fiction, but in midlife, I started working seriously on genre short stories. I even sold a few—not enough to make a reputation or to call it a career, but enough to become a professional member of the Science Fiction and Fantasy Writers of America. For a time, I also subscribed to Writers’ Digest, a magazine by pros but mostly directed toward would-be and wannabe writers. My subscription yielded two truly valuable lessons.


The first was that there is no one right way to write. I had always thought that my own somewhat non-linear approach to first drafts was somehow wrong, or at least unprofessional. I fairly quickly learned that among successful and respected authors there are those who proceed systematically from beginning to end, while others start at the end and work backwards or work their way from the middle outward. Some writers outline everything in advance in disciplined detail supported by copious notes; others carry everything in their heads and write solely from inner inspiration. Only the results matter; the process by which the manuscript is created is as irrelevant as it is varied. And so I learned that I was not doomed by taking the wrong route to the finish line. Readers see the results and are blissfully unaware of the process by which those might have been achieved. Like the making of sausages, the messy process leading to the final product remains mercifully hidden.


The second great takeaway from reading accounts of the writing life was the realization that I did not want it. I did not then want to become a fulltime writer, to write for a living. Writing became for me a means to an end rather than an end in itself, an important adjunct to a career as a consultant and designer.


Another powerful learning experience during my years as a short-story author came from joining a writers’ workshop in the Boston area. The rigorously enforced regime of mutual criticism not only taught me much about writing but also made me a better editor—of my own work as well as that of others.


It has often been said that one of the best ways to learn how to write well is to read lots of works that are well written. There is certainly much truth in that, but I would say that, for me, an even better education has come from editing. My best teacher has been my many years as an editor with the responsibility for rendering muddled manuscripts into readable works. In the public mind, editors do not rank as highly as writers, but every real writer knows that editing is a sophisticated skill and challenging art form in its own right and that a good editor can elevate a work to a higher level while a bad editor can wreak havoc on a manuscript. Critical reading for understanding, for content, and for style, followed by having to edit and rewrite, is both a harsh taskmaster and superb instructor. Indeed, although I have won awards for my writing, I believe that much of what I am as a writer I owe more to rewriting than to writing. My first drafts are typically far removed from the final products, which are the result of merciless editing and rewriting and more rewriting.


The most fun in writing Bashert came one weekend when my characters started talking back and taking over. I had reached the point where I really knew and understood them well enough to trust them. They had quite literally come alive and developed minds of their own. I found myself creating circumstances, then thrusting them into a setting with no idea what they would do or say or how they would resolve the dilemma. At times it felt more like reading than writing, as the characters took over and steered their own fates.


The author can be reached by email: liorsamson(at)liorsamson(dot)com. Or use the form on the contact page.

[1] Bashert: The Back Story [July 2010]


“So, what have you accomplished today?” my wife asked me in a teasing tone of voice. She was sitting on the edge of the bed, the bed where I had spent the entire day flat on my back, victim of another of those nasty viruses that school-age children regularly bring home to their unsuspecting parents. I am talking about those bugs that can make the kids a little listless but knock their parents completely for a loop.


I raised my head to fluff up my pillow and said, “I wrote a novel. Well, outlined it, anyway.”


She gave me a look that mixed skepticism and interest. “Really?” she said. “Tell me about it.”


So I did. She was as surprised as I was. I’ve written a fair amount of short fiction, all in the science fiction genre, so I never would have guessed that my first full-length novel would turn out to be a political thriller, a work of historical fiction. Bashert is an exercise in “what if” that starts with a couple of real events and takes off from there. What if a group of college chums had really done something with the discovery made by a student while working at MIT? What if they had followed through on some of their wilder schemes?


After I told my wife the basic outline of the plot, she told me what was wrong with it. This is a form of collaboration we have evolved that extends into many arenas: I do something or propose something and she sets me straight. She’s smart enough to almost always know what I should have done or said, and I’m almost always smart enough to listen. At any rate, she talked me through a better version of the story and gave feedback on the first draft—and the second and the third and so on right up the page proofs.


The story really started decades ago at MIT, the Massachusetts Institute of Technology, an institution of sufficient fame to be known to much of the world by nothing more than its initials. To the denizens of those days when I first arrived on campus as a clueless freshman, MIT was known by many colorful names. It was the ‘Tute or simply Tech, as in the daily recitation of the suffering student’s mantra, “Tech is Hell.” More elaborately, it was the Massachusetts Tool and Die Works, a play on words meaningful only to students, among whom hard study was then known as tooling.


I was a small-town boy from the Upper Midwest who was used to being one of the smartest frogs in a small pond but who suddenly found himself demoted to being merely one reasonably bright tadpole trying to stay afloat in an ocean teeming with geniuses.


One of those geniuses was David Arthur Hahn, another Midwest transplant who would become a good friend and sometime co-conspirator in advanced mischief. David was an inveterate adventurer with an outsized curiosity and no sense of limitations. In high school, he had become so bored that he decided to fake his records to gain admission to MIT without finishing school.


Into his too short life, David packed many things. He cofounded The Boston Tea Party, one of the first discos in the area; he started one of the first rural bus services in Belize, Honduras; and he skippered a converted Navy surplus ship carrying cargo up and down the coast of Central America.


But all that came later. While still at MIT, David became a central figure in an informal alliance known as HackComm, the hack committee. In the argot of the day, a hack was a practical joke carried to great heights, and MIT was duly famous for its spectacular and highly visible high jinks.


The hacks referred to in Bashert really happened. The Great Pumpkin hack, in which the main dome of the MIT campus was transformed into a smiling orange pumpkin face visible from Boston across the river, was both famous and duly documented. But other well-executed hacks are less well known.


One morning the first subway train into Kendall Square Station failed to stop until it was halfway across the Longfellow bridge into Boston. During the night, the rails had been spread with a precisely measured application of lithium grease, an operation pulled off by HackComm under David’s leadership. True to the MIT spirit, the group had plugged mass and velocity and coefficients of friction into their equations to predict and mark the exact spot where the train would finally slow to a stop.


It was David who, while working for the Institute’s maintenance department, opened an undistinguished basement room with his carefully filed and completely unauthorized master key to discover that the room was being used to store—well, I wouldn’t want to spoil the story for you, but let’s just say it was not cleaning supplies. The discovery intrigued David’s circle of friends, who spent weeks spinning stories and constructing scenarios about what might be made of the discovery of such a valuable if troublesome treasure in an unguarded room.


I was always amazed by the wealth of resources that could materialize among students at MIT at a mere moment’s notice. Unlikely as it may seem, one of that small group of would-be gentleman thieves actually had access to an ocean-going yacht, a converted destroyer escort, that could make it from Boston to the Middle East. I even knew of a student who had a working radar setup in his room. And on one occasion, during the annual Freshman-Sophomore Rivalry, a student produced on request a full-sized war-surplus anti-aircraft spotlight to illuminate the flag his class had erected atop the Kresge Auditorium. His compatriots then managed to cobble together the thick cables needed to power it.


Real events and real people inspired the story, but Bashert is a product of the imagination. Let me know what you think of the results!


The author can be reached by email: liorsamson(at)liorsamson(dot)com. Or use the form on the contact page.