IT'S ABOUT 20 years since a how-to computer book called The Hacker's Handbook hit the bookstores. At the time, everyone knew that the author, Hugo Cornwall, was a skinny teen with a bad complexion and worse social skills who lived in a bedsit filled with half-empty pizza boxes. The journalist from the Sunday Times who went to meet him was sure of it.
And instead she found...a somewhat older guy living in a moderately prosperous middle-class house full of books. His real name: Peter Sommer.
The key moments in Sommer's career all seem to have come over lunch. It was at a lunch that he became Hugo Cornwall. At another, having just completed a law degree at Oxford, he instead launched a career as a publisher. Over a third, Ian Angell signed him up to teach in the information systems integrity group at the London School of Economics.
"It hasn't been complete drift," he says. "I've always made choices."
Sommer got interested very early in the bulletin board systems of the 1980s, the kind of thing that ran off a Commodore Pet over dial-up.
"There was an open part and a closed part, where people were sharing information about how to wander around networks," he says. He calls it "adventuring": it was before the Computer Misuse Act made such things illegal.
One day someone asked, "Why doesn't somebody write a book about this?" Sommer had just quit traditional publishing in favour of electronic data, and based on his experience and his law degree said essentially, "You cannot be serious." The poster was a publisher. Two lunches and a synopsis later, The Hacker's Handbook and Hugo Cornwall were born.
"It was always a little bit of a cheat," Sommer says. "It was a more commercial title than '53 Things to Do with the RS232 Interface'." He published it under a pseudonym because, as an electronic publisher, he thought the book might embarrass the people he was working with.
But his efforts in electronic publishing were not working out - "years ahead of its time". When, based on the book, people began offering him security consultancy, he took the work and wrote a second, more serious book called Data Theft. That book introduced him to Ian Angell, who invited him to the LSE talk to students. With Angell's encouragement, he signed on to do more and completed a doctorate.
"That's how I got into academia, and I always knew I would want to combine it with security consulting." Gradually, another line began to grow that drew on his long-ago law degree: expert witness work. "There are a lot of people who can do computer forensics," he says, "but there's nobody else with a law degree who can work with the same level of comfort with lawyers. It's a unique selling point." Sommers has worked on dozens of cases with charges from high-value fraud to multiple murder since the mid-1990s.
Most recently, he's been writing again, this time a guide for directors and corporate advisors on being prepared for forensic investigations (available for download from www.iaac.org.uk).
"People haven't said very much about forensic readiness," he says. "It was prompted by a large number of situations where there's a court case or I'm asked to conduct a post-event investigation, and the company is floundering, not knowing what evidence it might have, who might conduct the investigation, or how they might take elementary steps to preserve the evidence."
Forensic readiness is another of those demonstrations of poor assessment of risk. Every company worries about disaster contingency planning; hardly any have a plan for carrying out a low-impact, low-cost, and effective investigation. And yet: on average every company is likely to have to carry out such an investigation once a year. Disasters are far more scarce. But forensic investigations can do as much or more damage.
"Most forensic examinations are pretty harrowing for most people," he says. Plus, as an investigation progresses, "There is sometimes an unfortunate clash between the need to get reliable evidence and keeping the company going. You need a structure in which to make decisions." µ
Sign up for INQbot – a weekly roundup of the best from the INQ