Saturday, August 22, 2015

Anatomy of a Modern Crime

Cross-posted with the lovely Lady Killers.

In prime time television, computer attacks are heralded by blinking red lights and audible alarms. Then there’s some clumsily written dialogue about breached firewalls, and the scene cuts to someone typing on a keyboard in a dark room where the only light comes from the glow of a computer screen. Eventually, the audience discovers this brilliant, evil hacker single-handedly compromised the main frame using a zero-day attack. In one day. While wearing a hoodie. Hackers always wear hoodies.
I’m here to save you from this trope.
Let’s start with the task of detecting computer attacks. The truth is any computer connected to the Internet is being attacked in small ways all the time. Despite the best efforts of everyone involved, legitimate ad networks host malicious ads, good websites end up hosting bad code, emails with evil attachments still make it through spam filters, and various global bad actors are scanning for weaknesses all the time. This is the first reason it is ridiculous when a computer attack triggers blinking red lights. If that were actually true, the blinking red lights would be on all the time.
The second reason it is ridiculous is that determining whether an attack represents a small annoyance or full-scale emergency requires a human analyst of some sort. The real story starts this way: someone looks at a screen and says ‘hey, that looks odd.’ Then they do some work. Then they do some more work. Then they talk to someone else. Then maybe, if their suspicions pan out, the news spreads up through various layers of management until someone decides what to do about the intrusion. If you’re lucky. In some cases, if it’s not costing the business too much money, they throw up their hands and do nothing. Comforting, isn’t it?
Okay, now about firewalls. I could write an entire blog post on how to correctly use the term firewall in fiction. In fact, I have. So let’s not rehash that. The real problem here is that most attacks, even the big ones that lead to massive data breaches, start with pedestrian tactics. The Target breach started with a malicious email. The criminals used that email to get someone to install a program that allowed them to get someone’s username and password. That username and password gave them access to an internal system on Target’s network. That was then used as a jumping off point for infecting the registers. Firewalls were never part of the equation.
And the criminals didn’t even have to write the code that infected the registers. The lone hacker single-handedly taking down a large network is a rare occurrence. And by rare, I mean vanishingly rare. The reality is that there’s a thriving black market for cybercriminals. Do you want to buy time on computers that someone else has already taken over for you? You can do that. Do you want to buy an exploit kit that will automate infecting large numbers of computers? You can do that too. Last year, the going price for the code that will mutate your evil program so it’s undetectable by 90% of anti-virus programs was two hundred dollars.
Okay. Now we can talk about zero-day attacks. They’re one of the coolest things in my field. A zero-day attack is an attack that has no available patch. That means your machine will be vulnerable to it, no matter what you do. Super scary, right? Sounds great for fiction. I hate to be the one to tell you this… but zero-day attacks are not the first choice for a criminal or even a spy agency. What’s really scary is that many computers, even at government agencies, can be compromised without resorting to fancy zero-day attacks. Patching reliably, on a large scale, is difficult. Most organizations fail. Your antagonist probably doesn’t need a zero-day attack to succeed, and wouldn’t try it first.
Why not? Zero-day attacks are powerful because they’re secret. The more they’re used, the less secret they are. Eventually, someone submits a sample to an anti-virus company. Or the breach is discovered and the email attachment gets analyzed, and then boom, your fancy zero-day is no longer your ace-in-the-hole. Zero-day attacks also raise the profile of an attacker. Sophisticated criminals don’t want to show their hand if they don’t have to. Better to use a common weapon, so their victims aren’t alerted to their presence. Zero-day attacks are typically reserved for high value targets when other attacks won’t work.
We should also talk about timing. Most attacks worthy of a novel take time. The target is studied. Scanned. Researched. And then, when the attacker has determined the best approach, compromised.
As for hoodies? Well, I can’t really fight that one. Computer geeks of all stripes tend to own hoodies. Course, most non-computer geeks do too. You can keep the hoodie.

Thursday, March 12, 2015

Case of the disappearing playlist

Fellow iPhone users -

When I upgraded to the iPhone 6 and iOS 8, one of my favorite playlists disappeared. I follow a couple pod casts that release songs of the day. They're a great way to discover new artists, like Nellie Mckay or Felix Da Housecat.

But when I got my new phone, my smart playlist with all my favorite songs disappeared.  The playlist worked in iTunes just fine, and was set to sync, but never appeared.

It took me half an hour to discover two neat things. First, files of type 'podcast' won't appear on playlists on the iPhone. And second, empty playlists don't appear at all.

Just in case anyone else was having the same problem ...


Friday, January 9, 2015

Requiem for a coat

My dear gray coat -

I bought you on a whim. $80 for a nice winter coat just seemed like a good deal. But you weren't simply just a warm coat. You taught me what a coat should be.

In bitter cold, your two layers kept me warm while I snowshoed across lakes. On warmer days, when I just needed shelter from the wind, the zippers in the armpits let me walk steep trails without overheating. When I was whitewashed sledding, your snow skirt kept the snow from going down my pants. Enjoying the campfire after a long day of canoeing was so much better with you there to keep off the chill.

That's why I fought for you. When your front zipper broke, I used the snaps instead. When the snaps fell off, I replaced them myself. When the seams by the pockets became undone, I stitched them together myself.

But you've probably noticed you haven't moved much lately. You may have even noticed I've been going out in another coat. Sadly, it's time for us to part. You've grown too ragged and too stained. There are too many broken seams to fix. Frankly, people are beginning to mistake me for homeless if I carry too many plastic bags.

But I will always remember the snowy woods we explored together, the mountains we climbed, the oceans we crossed, and the lakes we paddled.