According to a posting by someone calling themselves Gabriel, published on the Full Disclosure list (warning – this link contains the so-called plot spoiler), the ending of the yet to be published Harry Potter and the Deathly Hallows book has been revealed. Not by magic or wizardry, but by good old fashioned hacking. Or at least that is what is being claimed.
Frankly, it looks like a work of fiction to me, and here’s why:
- The hacker is obviously trying to get some kudos and self-publicity here, being an otherwise unknown entity. Yet he/she provides absolutely no evidence of a successful hack other than a synopsis that claims to be from the unpublished manuscript but could have been cobbled together by any follower of the Harry Potter stories.
- With the book due out within a few weeks, Harry Potter mania is starting to take hold once more. Any hacker with half a brain would understand the incredible real world value of the document claimed to have been stolen. Forget the criminal aspect of this, tabloid newspapers around the world would pay a small fortune to get their hands on the manuscript. Yet Gabriel posts to a little known, outside of IT security circles, mailing list. Ipso facto Gabriel is either a moron or not motivated by money/fame. If the latter, then why bother with the whole thing in the first place? Even if you go for the religious explanation of “protecting you and your family from neo-paganism” then one might question why such a supposedly Christian person would happily break the law and steal a manuscript?
- With the book due out so soon, the publishers are ramping up the publicity efforts. If this really was the ending of the book revealed do you really think that the original posting would still be where it is? The full might of the Harry Potter legal team would have been down on them like the proverbial ton of bricks. Yet no, nothing other than a ‘this is one of a zillion rumors’ comment. The publisher has ensured that the publicity machine goes into full swing, globally, for free, and without negatively impacting upon the readers or the sales because the ending has not actually been revealed.
- The attack strategy revealed by Gabriel, while technically plausible, is highly unlikely to have succeeded in this particular case. It is claimed that a milw0rm exploit, delivered by email and clicked on by someone at Bloomsbury Publishing, provided remote access to their files and that “it’s amazing to see how much people inside the company have copies and drafts of this book.” The fact is that very few people will have access to copies and drafts of the book, for the very reason that the fewer that do the less chance there are of leaks before publication. It is not as if Bloomsbury has not been down the Harry Potter security road before, it is well travelled in fact and managed to prevent any leaking by hackery up until now.
- If there were copies just laying around, unencrypted, open to steal from the computer of a secretary at Bloomsbury, then the chances are these would be decoy manuscripts with totally bogus endings anyway.
- The fact that the hacker used a script-kiddie scattergun approach to infiltration, if you believe the claim, suggests that they are not actually the 1337/l33t exponent of the hacker craft that is being projected here. Actually being able to find the manuscript file, the highly protected, well guarded, top secret manuscript file, would take an immense amount of skill and not be something you could just stumble upon.
- When a copy of the Harry Potter and Half-Blood Prince was stolen, actually stolen, a month before publication in July 2005, people were arrested and charged. This so-called theft is not, as far as we can tell, even being investigated.
- The story of Harry Potter Hacked has spread like wildfire, through the conduit of citizen journalism and blogging, with online news publications which really should know better following suit without any of the trained journalistic background investigation that one would expect. Mainly because they do not want to be seen to be behind the bloggers, yet again, with the breaking news. This is not the first time it has happened, and will not be the last.
- If Gabriel really wanted to spoil the success of the book, as claimed, and has the entire manuscript, as claimed, then why restrict himself to posting a synopsis of who has been killed at the end? Why not post the entire manuscript onto the web so that nobody would have to buy the book?
- I am an author myself, and even my own insignificant works tend to be dealt with in chapter files rather than as a complete manuscript at the publisher. That is just for tedious work flow reasons, nothing to do with security as nobody wants to steal my stuff. The concept that a complete Harry Potter manuscript file would be available at Bloomsbury is, frankly, laughable.