“Which social network?” Mick asked. He grimaced when he heard the answer. “So you’ve tried deleting the posts?”
“Yes, but some are comments on other posts and I just can’t get rid of them all. I can’t believe he thinks he can do this – he just doesn’t get it!”
Mick agreed with him. He was well aware of how the intersection between social networking and the workplace was fraught with issues and pitfalls, and the etiquette for resolving these kinds of issues just wasn’t there yet.
“I can help you…” Mick began.
“You can make them disappear?” For the first time, the youngster showed some signs of life.
“Yes, but I can’t just delete them. You’ll need to lose some other posts, too. I can make it look like database corruption in your account.”
“Cool! But how?”
“I just need a prepaid wireless data card, and about twenty minutes to write a script. Here’s what I need…” Mick detailed what he needed, and sent the youngster, named Seth, off to buy one from a store around the corner – with cash, Mick had warned him. He hurried off eagerly, while Mick set to work.
In a few minutes, Mick had a script ready to extract and list all Seth’s comments. Then, he wrote another script that generated database exceptions inside the social network that would result in the comments being deleted. At least he was pretty sure it would – he had never actually done this before, but the concept was sound in theory.
Seth returned and Mick accessed the Internet using the prepaid device and ran the script.
“That’s them!” Seth shouted, when the posts started scrolling across the screen. Mick selected them. The script then took care of them: they were all gone.
“Sweet! I can’t believe you did that!” Seth said as Mick deleted the script, removed the wireless card, broke it, then threw it in the trash. He knew he was being overly cautious, but he did not want anything that could connect him to this little piece of hacking.
“Maybe you’ll be a little more careful in the future?” he asked, getting up to go.
“Yeah, I definitely will… Hey, I don’t even know your name –” he began. Mick put up his hands.
“It’s better that way. Good luck to you Seth!” Mick replied and walked out of the coffee shop, deciding not to come back to this one again.
He had written to Gunter telling him about the conference, and received a reply a little later:
Mick,
You are most welcome about Seattle – I am glad it worked out for you.
Good luck with the LeydenTech job – sounds really interesting. Ride safely in NM.
Keep in touch, old friend. With luck I’ll see you in Vegas... Yeah, baby!
GS
------BEGIN PGP SIGNATURE-----
wgGnrdZfSZu9Tw5BHbYwFpQCrqir5d
kSbO5lxZOuuMeFGxQgpPZ2GQlhdTRB
W9ZCQfhp7MA===vRZQhQEMA1/E8ja5
Z9JuAQf+McLh6QFG1Q8fJxbF/QbR9b
wJufkLPRlPJ7G3+AJbdzphrqIbxmlE
-------END PGP SIGNATURE------
Flying out of Seattle the following afternoon, Mick got an amazing look at the dormant volcano of Mt. Rainier, with the not-so dormant Mt. St. Helens smoldering in the distance. A few minutes later, the plane banked and he got a clear view of the Columbia River. He noticed what looked like a power plant near a hook-shaped bend in the river. Mick realized it was probably the Hanford Site, where the world’s first large-scale nuclear reactor was built, and where the plutonium for the atomic bomb tests and the Nagasaki bomb were produced. Another piece of the puzzle of the atomic zero day attack.
Chapter 9.
From the Security and Other Lies Blog:
Why do programmers use strange number formats such as hexadecimal? Just to be different? raptorzhavemorfun
Humans like decimal numbers. Computers like binary numbers. Computer programmers who bridge these two worlds often use hexadecimal numbers because they are sort of a compromise. Let me explain:
Computers, in their hardware, exclusively use binary numbers, also known as base 2 numbers. Each digit is either a 1 or a Ø, and every place represents a power of 2. This is because the storage and manipulation of numbers in binary form is very easy. For example, in a memory storage device, the presence of a voltage (such as 3.3V) can represent a 1 while the absence of a voltage (ØV or ground) can represent a Ø. A single binary digit is known as a 'bit'. If you have 8 bits of binary information, you can represent numbers from ØØØØØØØØ to 11111111 or Ø to 255 in decimal form. 8 bits are also known as a 'byte', or an octet, a set of 8. (Note that 'byte' is a deliberate misspelling, since ‘bite’ is too similar to ‘bit’.) A byte is the basic unit of information in a computer, or in larger units as MB (Mega bytes or millions of bytes) or GB (Giga bytes or billions of bytes).
Now binary numbers aren’t very friendly to work with for humans, but hexadecimal, or base 16, is a more convenient form. Hexadecimal uses Ø-9 then A-F as the 16 values. For example, the number 1Ø in decimal is represented by A in hexadecimal. Each byte is represented by two hexadecimal digits, making it convenient for computer programmers to use. The 8 bits of information in a byte represent the range of ØØ to FF in hexadecimal.
As another example, in decimal, there is no real distinction between the numbers 255 and 256. However, to a computer, there is a big difference. The value 255 can be represented within a byte – that is, by 8 bits - while 256 can’t be represented with a byte – it requires at least 9 bits. The values of FF and 1ØØ (which are 255 and 256 in hexadecimal) make this obvious (at least to a computer programmer).
I should also point out the programmers also typically begin counting from zero, instead of starting at one like normal people. This is partly due to the use of binary numbers and the need to make the most of a limited number of bits. However, it is also due to programmers frequently using offset pointers in strings or series of data. For example, the string ‘zero’ has four characters or letters. We might say that ‘z’ is the first character; ‘e’ is the second character, etc. However, if the characters are referenced as an offset from the start, then ‘z’ is zero characters offset from the start; ‘e’ is one character offset from the start, etc. So the character offset would start at Ø and go up to 3 for a string of 4 characters.
Now that I have thought about it, raptorzhavemorfun, I’m starting to lean more towards your ‘just to be different’ explanation…
-> Your question not answered this week? Argue for your vote on the Shameless Plugging area of our discussion forum.
Chapter A.
Mick O'Malley – tries to remember to be careful of what information he shares on social networks, which is kind of a strange thought to share on a social network. (8 comments)
Early the next week, Mick was riding north on Highway 25 in New Mexico towards Santa Fe, enjoying the wind pressure on his body and the sun on his back. After only a few days back in New York, he was about to begin his consulting job.
From the Albuquerque airport, he had taken a short cab ride to a tumbledown motorcycle store on the outskirts of the city. One of his own Ducati motorcycles shipped from his workshop in New York had arrived at a local motorcycle shop the previous day. It had been uncrated, and was ready for him to ride. For the duration of his visit to New Mexico, he had his bright yellow 1974 Scrambler 45Ø to ride. He had chosen the Scrambler since it was a dual sport bike, with combination road/dirt tires that enabled it to be ridden both on road and off road. Mick had an idea he could find some desert trails to ride on.
Mick would often make arrangements to have one of his motorcycles crated up and shipped to a part of the country where he planned to spend a week or more. He could then enjoy riding it all week then have it shipped back to his workshop. There were advantages to owning seven motorcycles… and being independently wealthy.
The scenery was a big change from his usual, with New Mexico offering hills, mesas, and desert all around. Just over an hour later he stopped outside Santa Fe to fuel up his bike
and himself. Back on the highway, he continued north until his westward turnoff to Los Alamos. Despite the scenery and the ride, his thoughts kept drifting back to the recent attacks. In the last two weeks, two of his servers had been successfully compromised… perhaps it was time to increase his vigilance?
On the smaller highway, he headed towards Los Alamos, following the sun as it receded in the sky. Approaching Los Alamos, Mick was amazed by the sight of the cliffs of the high mesas making it look more like a fortress than a city. He rode towards the small inn on the northern side of the city where he had his reservation. He drove a few extra kilometers around the outskirts of town, going past the offices of LeydenTech, and, as the sun set, he reluctantly pulled into the inn and parked his motorcycle. The Scrambler had run beautifully for him.
At a civilized hour the next morning, he sat down with Vince at LeydenTech, having breakfast and coffee and meeting the security team. Vince performed the introductions to Will and Anil who worked in the LeydenTech IT security group. Mick had switched off his mobile in the morning, since mobile phones did not work inside the LeydenTech office. Vince had told him the building was effectively a Faraday cage – a shield blocking all external electromagnetic radiation, making all wireless devices useless inside. He wondered if this was a deliberate security precaution, or just a byproduct of the building’s construction.
“You really did a great job with that web server attack the other week!” Will, the manager, exclaimed as they sipped lattes.
“Ah, yes, thanks,” Mick replied, feeling a little confused as to how Will found out about the incident.
Perhaps he is friends with someone in the NOC in Hiroshima?
“Yeah, pretty slick. Not sure I agree with you on the rest of it, though...” he continued.
What is he talking about?
“You brought one of your Ducatis here?” Vince asked, and when Mick nodded continued. “That's excellent. We'll try not to keep you in our datacenter for all the daylight hours...”
Mick didn't recall telling Vince about his motorcycle habits, and wondered if perhaps Vince had done a more thorough background investigation on him than he had done on Vince. Or maybe Vince had just seen him ride in. Mick wondered what else Vince knew about him.
According to Mick’s investigations, Vince had been with LeydenTech for two years now, and was employee number thirteen – startups often kept track of the hiring order – whereas now the company employed over 25Ø people. His degrees in computer science and business must have made him an obvious recruitment target when he finished his Doctorate from Harvard. He was married with no kids. His wife worked at Sandia National Labs in Los Alamos – on what, Mick couldn't determine. And he had no traffic tickets or recent insurance claims.
“I also plan to maybe do a little exploring, and perhaps some camping this weekend, too. Anywhere you'd suggest?”
“Chaco Canyon is pretty cool – it is very remote and lots to see in terms of Native American history and ruins,” suggested Anil.
“Are there any good trails I could ride my motorcycle off-road?” he asked.
“Tons. Just make sure you don't wander into any reservations. Its not that it isn't safe or something, but it is a different country, and our laws don't apply,” Will cautioned.
“OK – I'll make sure to mark them on my GPS. Thanks for the info,” Mick replied happily. “I’m really looking forward to this.”
“Well, thank you for coming out here so quickly. We would like to get this wrapped up as this might be our last investigation of this type,” Vince replied. Noticing Mick’s confused look, he explained. “We are getting ready to turn over our IT and security services to UBK. I’m not at all happy about it, but we have no choice.”
“I’ve read about them,” Mick replied. “They subcontract a bunch of government services these days.”
“Yep, they run a couple of federal prisons in this state.”
“I can’t remember, are they a U.S. corporation?”
“No, they are multi-national, dealing with dozens of governments world wide.”
“Is it just me, or does this seem like a bad idea? Do they even have the competency to handle IT? Have their systems and software been audited?”
“Well, their systems are extremely efficient, and they take advantage of economies of scale. For example, they standardize on a single hardware platform and single set of software, then replicate it across their systems and customers.”
“Hmm. That sounds like a ‘monoculture’, which as you know, has very bad security properties. If a vulnerability is found, it can be exploited on a massive scale.”
“Maybe you should write to your congressman…” Anil replied.
Mick was shown to a workstation and given his accounts for the servers to examine the logs. He barely looked up for the next three hours until Will came to take him to lunch. After lunch, he continued poring over the logs. Intriguingly, although one of their servers had been compromised, LeydenTech had not shut it down or removed it from their network. Instead, they had carefully set up a dummy subnet or sub-network and created some other servers with fake corporate accounts. Then, they had moved the server over and redirected all other communication to another server that mimicked a failed network connection. As a result, the compromised server was still operating as it had been, but it was isolated from the real LeydenTech network and data. It was as if the server had been put in a cleverly concealed cage so it could be observed in the wild.
Currently, all the server was doing was sending spam – lots and lots of spam emails. Mick began to wonder if perhaps this server was part of a botnet, short for a robot network of computers, a collection of compromised, or hacked, computers, known as zombie computers, organized to receive commands over the Internet and operate as a group. A botnet combines the power of each of each of the individual computers. The larger the botnet, the more powerful it becomes. Mick was aware of botnets made up of thousands, some claimed millions, of zombies on the Internet used to send spam – so called spambots. Lately, however, there was evidence botnets were being put to other, more sinister purposes.
So far Mick hadn't been able to find evidence of the LeydenTech server trying to contact a botnet controller for instructions, to 'call home'. Usually, a newly compromised computer would reach out to its creator to report in and request new instructions.
Studying the compromise, he realized it was similar to the one that happened to his own server. He was still going through the data when Vince stopped by to say that everyone was going home for the day.
As he rode back to the inn, Mick shifted gears mentally, and focused back on Will's strange knowledge of Mick’s work on the web server attack.
Back in his room, Mick turned on his mobile and checked his social network that he had completely neglected since the morning. Everyone was buzzing with comments about some blog article that apparently mentioned him. Mick found the blog on the Internet Security World and read with disbelief:
ISW has just learned that last month’s major web server attack was uncovered by none other than Mick O'Malley, independent security consultant. In a PGP signed email to ISW, O’Malley claimed credit for detecting the attack and writing the patch that was widely distributed a few hours after the attack, and effectively ended the zero day. O'Malley also criticized the open source community for security complacency saying:
"... this should be a wake up call for the entire open source community. They need to do a much better job in the future or it will hurt the image of the entire movement."
O'Malley went on to claim that he has personally found and fixed multiple exploitable bugs in different packages in the past few months, and that frustration has forced him to speak out.
We will be tracking the reaction of the open source community to O'Malley's words, and we will have a complete analysis of the attack in next week's edition.
Mick had to read it a few times before he could believe it.
How could anyone believe I h
ad written such self-serving drivel? And why in hell would I criticize the open source community? Why would ISW lie about receiving a signed email from me?
Lars had spoken to the editor of ISW who had shared the alleged email. Mick again read in disbelief that the signature on the email had validated.
The forged email was signed with my private key!
His private key, which he used to sign his secure email messages was only known to him. To have it stolen from one of his computers was inconceivable!
Fortunately, none of his friends seemed to believe the email was genuine, despite the signature. However, the fact that Mick hadn't weighed in himself seemed to be making them waver a little. He contacted Lars, Liz, and some other friends, confirming that he had sent no such email, nor would he make such derogatory comments.
At first, Mick was really angry with ISW; why would they publish his email without confirmation? Then, he realized: how would they confirm it with him – call his mobile? His phone number wasn't published anywhere. He did nearly all his business using signed email. What more proof or confirmation would they need than his digital signature generated with his own secret private key – known only to him?
Counting from Zero Page 6
