May 20, 2013
Anecdotes from the frontline of IT security
My work has me rushing all over the world, speaking at events, getting together with fellow experts to tell my own stories and listen to theirs. One day I thought, why not share them here as well? So, here are some very different “funny” (literally and figuratively) stories from the world of IT security.
Story 1. Secret files with home delivery.
July 2001. Another network worm, which became known as “SirCam” caused a new global virus outbreak (as often happened in those days).
The trick was to mask the worm by dragging along arbitrary files found on infected computers as it replicated itself to make new victims click the stolen file. It was a great example of social engineering – the average user wants to know what is waiting inside the attachment! That desire is even greater if the file has an interesting name … and these names were very eye-catching indeed!
And most importantly, just what information did this worm target once it had been released into the wild? Anything! It had no special preferences. As a result, absolutely everything was flying around the Internet! Commercial information, financial documents, confidential and even top secret files! Back then not just anything but simply everything could be found on the Internet – companies’ tax optimization schemes, draft budgets of states, plans for government activities, military documentation and much more.
Everything you could think of! I remember those times as if they were yesterday – just as I remember the surprised expressions (to put it mildly) of our security experts, who were analyzing the malware outbreak …But, they kept mum
For more detail about the epidemic and the data leakage – see here.
By the way, this “tried and not-to-be-trusted” social engineering technique is still used now to conduct targeted attacks. It’s used very actively indeed. Bait that is likely to be attractive to the potential victim is selected (this can be stolen somewhere else in advance), the file is wrapped in some fresh exploit, which goes undetected by most popular email services or antivirus solutions … and we’re off!
Of course there are other tricks, such as congratulating people on holidays … especially the morning after, when the victim is still recovering from the night before. Be careful! Don’t drink and email – and even the next day be sure you’re under the legal limit before checking your inbox!
Story 2. Ukrainian budget-2003 swallowed by a virus.
There’s not much to add about this…the following quote says it all:
“29.11.2002. The documents required to approve the budget for next year were wiped out by a computer virus. This was announced on television by the chairman of the Ukrainian parliament.” The full story is available in Russian here.
It was around this time that we started hearing from the tax authorities, unhappy that some companies were refusing to disclose their full accounts. “A virus has swallowed everything!” they claimed. Like a schoolboy whose dog has eaten his homework, they wanted to hand over the books but found they couldn’t – and wouldn’t be able to any time soon.
“Modern life makes things so much easier,” concluded our Chief Legal Officer. “In the past they would have needed to stage a fire, or blame it on a flood, earthquake or some other act of God. Now it’s as simple as a mysterious virus erasing everything!” This virus outbreak seemed to capture the imaginations of tax evaders.
I wonder what happens nowadays in such cases. Do they just levy the maximum taxation, in the absence of other information?
Here’s another quote from the original source:
“He [Chairman of Ukrainian Parliament] denied that the final text of the budget had been stolen from computers via the Internet. Well, I think this is from the realms of fantasy.”
This raises another question. Only the thief – or thieves – who stole this information could know for sure if it was stolen or not. Going back 11 years, I suspect this was beyond the competence of our source. As for now, who knows?
Story 3. A surface-to-air Trojan.
2004. A weird story circulates on the rumor mill. Alas, all original sources are lost in the mists of time, but the comments are still there on a forum.
The story goes like this. About 10 years ago Israel was developing its own anti-ballistic missile. As is well known, modern missiles (and not only missiles) need more than just cutting-edge hardware – they also need advanced software to make that hardware work. Nothing to see here. What sort of an intrigue can stem from that? But a plot did arise almost out of nowhere! And this “nowhere spot” was dubbed “the Nile valley” (you know, after the river in Africa).
For reasons unknown to modern science, some bunch of smart managers decided to hand over the source code of Israel’s military software to its friendly neighbor Egypt…to a local software company in Cairo, supposedly for fine-tuning and testing.
I think this story speaks for itself.
Story 4. GPS shutdown.
Let’s move a little away from the Internet theme, but still stay close to it. We all know that hi-tech services are a luxury, and that even in our modern world human beings are not androids and are resourceful enough to cope without them. Aren’t they? Well, maybe not …
It was January 2007. San Diego, USA. The US Navy, in the form of two vessels in the bay, decided to launch a practice exercise in the event of telecoms going down. To simulate the crisis they switched on a powerful jammer, instantly killing their comms connections – and, at the same time, the GPS in the vicinity, including the city and the nearby airport.
You’ve been on a flight, you’ve heard the announcement: “Please switch off all electronic devices during take-off, ascent, descent and landing.” Well, in short, there were evidently BIG problems at the airport.
It’s also no surprise that all shipping in San Diego Bay ground to a halt. Without a navigator, they are helpless these days – a bit like taxi drivers in some cities.
But – what’s most interesting – mobile connections also disappeared into thin air.
And – surprise, surprise! – ATMs stopped operating as well. How? Why? Well, that’s just how our hyper-hi-tech tail wags the dog these days! See details here.
Story 5. Free at last!!
Back in 2011 American IT security expert Tiffany Rad published a report on the protection of industrial systems in the US. Far from a glowing write-up, her findings were rather discouraging. To illustrate the low level of security, she mentioned American prisons, which (as with much else in the USA and in the rest of the word, too) are up to their ears in computerized systems. She claimed that modern US prisons are so “advanced” that it is theoretically possible to hack the system and open the doors of every prison cell!
Scaremongering you say? Well, two years after the publication it actually happened! In Montgomery County Jail, 500 cells opened spontaneously. Nobody tried to escape (probably, because they were so surprised) – but the fact remains!
What are the implications of all this? If it were to happen somewhere in Siberia, with the forest spreading 1000 kilometers in all directions, it is not going to be the end of the world. But what if it’s in a densely-populated area?
But there is at least some good news. The author of this research, Tiffany Rad, has just joined our company. We welcome another Cassandra to our friendly team!
Story 6. Myths of Ancient Greece.
2013, fresh news. According to Reuters, a strange virus attacked the Bank of Cyprus in 2009 and 2010, wiping out 28,000 files. At exactly the same time, the seriously ill Cypriot banking system was investing billions in state securities from its no less unstable neighbor in Greece. An unfortunate coincidence? Who can prove or disprove any of this now? After all, as in story number two, it’s the virus which has swallowed everything!
Of course, nobody wants to point any fingers at sweet, sunny Cyprus, nor at ancient respected Greece … but it all seems a bit odd.
History … and other stories.
Let me know if you remember some other “funny” stories. It would be a good idea to compile “a collection of humor”.