Electronic Extortion

I recently became hooked on the TV series 24. Unfortunately, through Netflix we were able to watch the three seasons prior to the one that just ended. The point is CTU’s (Counter Terrorism Unit) utilization of technology is impressive and indicative of where things can go. It also demonstrated the reliance on technology and also where things can go. Heavy reliance on technology for voting, combat, or security can easily lead to over-reliance. Once "over" happens, a weak link can be targeted.

From: CNN.com – Internet infection holds files ‘hostage’ – May 24, 2005.

ransom note left behind included an e-mail address, and the attacker
using the address later demanded $200 for the digital keys to unlock
the files.

The fears of viruses ‘back in the
day’ before Windows (and after for that matter) was the application
that would insert itself into memory with the nefarious intent of
deleting files on your next boot or at some point time. We’d run the
mem command to list everything resident in
memory and identify the bad seed. That was a denial game.

The denial game has been stepped up. A few dollars here and there
from a massive emailing to millions of people to see where the trojan
takes and $200, $100, $50, or even $500 could really help finance
somebody. With the ongoing and valid fears of phishing, people still believing Microsoft will email patches,
and the incredible number of users without firewall or anti-virus
software is just an open field for the ‘bad guy’. Ever just start
poking around the network to who is there and what machines you can hop
onto without technical knowledge? It is surprising how many. How much
would you pay to prevent the headache of a) reporting the problem to
your IT department and your boss, and/or b) just to get it over with?
This new technique is great: totally automated extortion. Pay money to
an internet account (i.e. shopping cart) and the ‘key’ is sent back to
you (if it really is, think of the copycats going online as I write
this) all without any interaction from China, Rumania, Russia, or
wherever the threat originated (maybe some kid in Norway?).

I was once in front of an apartment building and couldn’t get in to
a dinner party because the host’s land line from the gate was off the
hook. With nobody answering their cell phones, I went back to my car
with my platter of food and fired up the laptop to retrieve more
numbers and low and behold, I had an unsecure wireless connection. They
had two Macs and a printer on the network, but I decided to just check
my email while I was online and then ‘hung up.’ Are you secure from
hackers locking down your files, stealing your quicken data, or just
making life uncomfortable? Do you backup your computer in case it is
stolen, damaged, or lost?

Just like in the third season of 24 when Tony Almeda was compromised by the terrorist because he was holding Tony’s wife hostage. Technical and human engineering (in the hacker sense, not gene therapy) can overrule many if not all safeguards. It is just about pushing the right buttons. Of course, real life is not as clean as a script. However, as the IRA said to Maggie Thatcher when they missed bombing her: "We only have to lucky once, you have to be lucky all the time."

Posted in War