A hacker stole the last chapter of Harry Potter and the Deathly Hallows — and posted the details online just a month before the book’s release.

Or did he? I’ve found the link which was the basis for dozens of news stories. Let’s take a hard look.

They didn’t post the book’s final chapter — just five sentences describing its ending. Without giving away any names or details, this post says that the characters in the final book “fight hardly for more than 6 pages and then finally die. (boring, very boring… it’s always the same story!)” There’s a small spoiler about Draco Malfoy, plus other unresolved threads from the previous Harry Potter book.

The post  has since been replaced with a suggest piece of Harry Potter fan fiction.  But there’s no real evidence that the ending described in the original post was any more likely than any others. After all, J.K. Rowlings said — over a year ago — that two main characters would be killed in this book. So it’s pretty simple to describe an ending where, yes, two characters are killed.

Tuesday morning someone calling themself “Gabriel” made that fateful post on “Full Disclosure” — one of 17 mailing lists at a security website called Insecure. It also offered an explanation for how the book was supposedly obtained, but warns that “The attack strategy was the easiest one.”

According to his post, someone at the company made the fateful mistake of reading malicious email from a stranger — “The usual milw0rm downloaded exploit delivered by email/click-on-the-link/ open-browser/ click-on-this-animated-icon/ back-connect to some employee of Bloomsbury Publishing…” That’s possible, I guess — but it’s just as possible that the post is describing these things without actually doing any of them.

Reuters tracked down David Perry, the spokesman for Trend Micro, a computer security company, and asked his professional opinion about the supposed hack. And he seemed skeptical. “We’ve had hypes like this on the last couple of Harry Potter books,” he answered. “There is a very high level of spurious information in the hacker world.”

But hey, why screw up a good story? News outlets couldn’t resist the tale of a major publishing event thwarted by a single rogue hacker. And there is a precedent. Reuters noted that a stolen copy of previous Harry Potter novel surfaced a month before its release in 2005

But a spokesman for the book’s U.S. distributor used this opportunity to warn Reuters that “There is a whole lot of junk flying around. Consider this one more theory.” And if Reuters had looked a little further, they would’ve found a warning on the same mailing list where the hacker made his post.

The unmoderated mailing list collects about two dozen messages a day, and it warns that “80% of the posts are worthless drivel.”

Related:

Entry was posted on Wednesday, June 20th, 2007 at 11:03 pm under Uncategorized.

Read more entries by David Cassel.
Stumble It!