| posted on 6.23.2015 at 07:25 AM
The internet is a dangerous neighborhood: Rise of the Hackers
Not nuclear weapons, not Weapons of Mass Destruction, but today's biggest threat is the keyboard. Hackers are devising ways to steal our money, our
identities, our secrets. Not just lone hackers, but governments are in on it. The following info comes from the PBS program which gave an example of
just how devious hackers can be:
A security expert who writes for Wired magazine was hacked. He realized it when his computer asked for a 4-digit pin, which he didn't have. He tried
his IPad and it asked for a password. He typed it in and it didn't work. At that point he knew he was being hacked. In 45 minutes, every device,
including his cell phone, had been taken over and completely deleted. Emails, pix, everything.
He went online to write about his experience and unexpectedly, the hackers got in touch with him. Upshot was he told the hackers he wouldn't press
charges if they told him how they hacked his devices. He'd thought the hackers had brute forced his password with some crazy cracking program to hack
into all his stuff, but they said that wasn't how they'd done it. The hackers had found a series of loopholes in the internet which, taken together,
left him completely unprotected. Rather than crack his password, they "conned" their way into his security system by making them think an attacker
was actually a customer.
How they did it:
A. Find a way to steal his identity from one of his many on-line accounts. Their way in was a simple phone call to Amazon.
1) they gave Amazon a fake credit card number, told them to add it to his account and hung up.
2) They then called back and told Amazon they were locked out of his account and gave them the credit card number they'd just added to his
3) Amazon then gave them a temporary password to access his account.
With that deception, the hackers now owned his Amazon account.
B. But they didn't go on a shopping spree. What they were after were the last 4 digits of his credit card to pull off the next stage of their con.
1) Looking at his recent Amazon orders, they could see the last 4 numbers of the credit card HE used to pay for purchases.
2) At the time, Apple was using those last 4 digits as an identity verification method.
3)) Using those, Apple gave the hackers a password reset.
They now owned his Apple accounts so they could access pretty much all his digital life.
C. The security expert's Twitter account, the trophy, was next.
1) To keep their trophy, with a few clicks, they destroyed what was left of his digital life, i.e., his computer, IPad, cell phone.
2) They accessed, then deleted his Google account so he couldn't get back in there and kick them out of the twitter account.
They went from Amazon to Apple to Google to Twitter. The hackers knew the security flaws of the internet and used them, one after another to pull off
The hackers? Teenagers having "fun." They didn't realize the consequences to the person being hacked of losing everything digital precious to him
(pix) and important.
Note: Those loopholes have now been plugged.
Next up: Governments hacking the computers of other governments (specifically, the U.S. hacking into and disrupting Iran's nuclear facility).
| posted on 6.26.2015 at 11:40 PM
Scientists are constantly working to improve the computer. Some are doing it with quantum physics (a mind-blower for us math-challenged!), others are
trying to build the world's most advanced computer, etc. Whatever they're working on, they all have a common enemy - the hacker. In terms of
government security, one lone hacker at a keyword can wreak the same damage as an army, as a WMD. Steal our money, identity, secrets, foul up a
nuclear program, one talented hacker can do it all from his mother's basement. Not to mention government-backed hackers who eavesdrop on an epic
level and have the capability even to launch cyber weapons at other nations. Which brings us to:
Stuxnet - The World's First Cyber Weapon
What is Stuxnet? It's a virus, a very crafty piece of malware.
What makes Stuxnet different from run of the mill malware is that it contains a "zero day exploit," a weakness in a computer program or an operating
system like Microsoft Windows. A weakness that not even the software maker knows about. It's extremely rare - Microsoft had only 12 "zero days" in
all of 2010, and all of them were inside a Stuxnet code. It caught the attention of security experts because Stuxnet's code was written in a strange
programming language. It was a sophisticated code and dense, i.e., every letter, number, combination of letters/numbers of the code did something to
whatever computer system it infected. The experts who discovered it had no idea what it meant or its function. What they did know was that the code
came from a PLC (Programmable Logic Controller). PLCs, some small enough to hold in one hand, are used to program small computers, factory equipment
and things like power plants.
Every time the virus, Stuxnet, infected a computer, it would start hunting for PLCs. It would "fingerprint" them, then copy itself onto the PLC and
just sit there for a while, doing nothing for up to a month, and just "observe" the normal activity of the targeted plant or facility.
When Stuxnet infects a machine (remember, it's a virus), it contacts a server to say it has infected the machine. The experts who discovered the
malware watched Stuxnet watching the plant or facility (they traced it through printouts of Stuxnet's codes). At first, they thought the strange
virus was some kind of industrial espionage trying to steal design documents from some sort of control facility until they realized.... NOT! Having
gained access to the logs of the infected machines (hacked? ) they realized
the machines putting out the logs were located in Iran. Stuxnet had infiltrated and was watching Iran's nuclear facility.
Working on the code, the experts found 2 ID numbers which told them who launched Stuxnet at Iran. They're called "magic" IDs. Looking the numbers
up (on the computer, of course ), they found out the virus was attached to
and targeting (and were scared the crap out of the minds and their jaws dropped when they realized it!) a uranium-enriching nuclear facility in Iran.
Stuxnet was designed to thwart Iran's plans to make a nuclear bomb. It did so by attacking the facility's centrifuging mechanisms. It would speed
them up - the aluminum casings used to separate the elements/isotopes would vibrate so fast they'd burst and shatter - or slow them down to a crawl
wherein the casings would begin to wobble fall over.
Broken own, all hacking is a con. Some are simple, like Jr.Hagler talked about some woman he'd dumped who sent him an email containing a virus. He
recognized it easily. Stuxnet, however, is an extremely clever, sophisticated con. Only by accident, almost, and the curiosity and expertise of people
whose JOBS it is to detect malware was it discovered.
The information I've relayed here is from the PBS program, Rise of the Hackers. The above, however, is only the first "part" of Stuxnet's
con(fidence game). Like I said, it's "clever." Rest to follow. Like most
reading this for the first time, it's new, heady and a lot for darn near computer-illiterate me, too!
| posted on 6.28.2015 at 02:29 PM
Second part of Stuxnet's confidence game
The preceding post was only the first part of the con job. I won't go into the details, but the second part came straight out of a heist film. You
know how when the crooks have to work in an area where cameras are watching, they hack the cameras and put in old footage of the area. While the
security guards are watching the ld footage being run over and over, they sneak in undetected, and steal whatever they want.
The Stuxnet was in a secure facility where everything was being watched - carefully and faithfully - so to infiltrate and do its damage, it hacked the
PLCs for the security system. It then patched in fake computer logs while it went about attacking the centrifuge systems (speeding up and slowing
down). It was only after the virus had completed its damage was the damage even discovered. In short, while Stuxnet was making the centrifuges spin at
dangerous speeds, it was playing back old data on the facility's security computer logs, saying everything's normal.
However, the 'best' trick Stuxnet played on the security system was to guard against someone reading the computer logs, realizing something was
wrong and trying to shut down the system before it could complete its damage. In anticipation, Stuxnet had infected the "shut down" PLC, thus when
the "shut down" button was pushed, nothing would happen. The virus could continue mucking up the centrifuges without interruption. As a result,
Stuxnet managed to ruin or destroy thousands of Iran's centrifuges and set back its uranium-enriching program by months.
Question: Who built Stuxnet? No nation has admitted to being behind a virus to stop Iran from enriching uranium with which they could build nuclear
Stuxnet has opened the door to cyber-warfare. Nation to nation cyber-warfare that can control computers AND weapons (you press a "button" to launch
a drone, ok?). Like no one knows.... for sure.... who built the virus Stuxnet, in today's digital world, no one knows who is hacking whom -
disgruntled girlfriends, teenagers in their mom's basement (think of the movie "War Games"), criminals or governments. Which is why there is a
whole new industry of people being paid by private companies and governments to seek out, guard against, and stay one step ahead of "the rise of the
Reads like a spy thriller, you say? Well, hang on. It's going to be a bumpy ride cause you ain't "read" nuthin' yet!
| posted on 7.6.2015 at 12:40 AM
Encryption - codes and code-breaking
A definition of encryption which will be referred back to throughout the discussion:
Almost everything we do today uses a code. Every time you log onto an internet served like Twitter or Facebook with a password, or do internet
banking, all that info is protected using an internet encryption (the encryptions are encoded in a series of numbers).
Everything we do on the web is encoded by an encryption which is a "prime" number like 3, 7 or 13, 51, 35, 19, etc., numbers that can only be
divided by themselves and the number "1". What makes them important to encryption codes is that when you take 2 prime numbers and multiply them
together, you get a number called a "semi-prime." What's interesting about semi-primes is that it's really difficult to calculate/figure out the 2
numbers that could have been multiplied together to form them to get back to the original values/prime numbers.
11 X 13 (2 prime numbers) = 143. If you are given the #143 and told to figure out the original 2 prime numbers that formed it, the only way to find
them is by trial and error. For ex., what are the 2 prime numbers that when multiplied together equals 143? 11 X 13 is easy to multiply, but hard to
go backwards (from 143) and figure out the multipliers. This is the key to many internet codes. You can make a big semi-prime quickly, but to figure
out the 2 primes it's made of takes a very long time. Easy one way, very hard the other.... or easy to multiply; hard find the multipliers. And the
bigger the sum of the 2 prime numbers (like 1109 X 1327 = 1471643), the longer it takes.
According to 'Rise of the Hackers', it takes mere seconds to multiply 2 primes, but depending on the length of the semi-prime (could be hundreds,
even thousands of numbers), finding the 2 primes could take thousands of computers millions of years to find the 2 primes that multiplied together,
make up the semi-prime. For instance, 47007055167772603 is a prime number. It can be divided ONLY by the number "1" and itself (47007055167772603 ).
No other 2 numbers can be multiplied together and get that figure.
Same for 18849555921538807.
Now multiply them together ....47007055167772603 X 18849555921538807.... and you get a semi-prime in the ka-ZILLIONS!
When we buy something on-line, an on-line store's website will take 2 secret prime numbers and multiply them which will result in a big semi-prime
number which, in turn, is used to create a PUBLIC key. The website then uses this key to scramble your credit card data, encrypting them before they
travel from your computer over the internet. If someone hacks that data in transit, it's meaningless. They can't UN-scramble your credit card info
unless they know the PRIVATE key which is based on the original prime numbers assigned it. This key is private and secure, for as the narrator says,
it would take longer than the age of the universe to figure it out. Again, easy to make (just multiply 2 prime numbers), but hard to figure which 2
prime numbers were used. It's like scrambling an egg - easy to scramble, but hard to UN-scramble.
This system of encrypting was created by, of course, 3 mathematicians and named after them - the RSA Algorithm, i.e., Rivest, Shamir and Adleman
Interesting. The definitions pretty much describe everything the program said.... which is a good thing ...lol. Continuing:
Without the RSA, internet banking, social media, nothing would not work... well. Our info would be too easily available to any hacker who wanted it.
The RSA is designed to hunt for very large primes. The largest semi-prime created from these primes takes up 5,000 pages, i.e., 17.5 MILLION digits,
divisible only by itself and the number "1."
Bigger computers, however, are being built to crack the codes (the big semi-primes). So far "honest" folk have stayed ahead of the crackers but -
what one man can do, another can undo.... eventually. At any rate, we don't have to worry about the average hacker. However powerful PCs are today,
they can only process one computation at a time (thousands of computers taking longer than the age of the universe to crack one of the big
semi-primes, remember?) Thus, no fear - AT PRESENT - of your encrypted info being hacked.
There are new computers being built now that harness some of the most complex physics in the universe which when/if realized, can break encrypted
codes. But the "science" behind them is as dizzying as the PHYSICS is complex. It's futuristic and as MY physics is not all that hot, Imma gonna
leave that portion of the program alone.
pssst! Passwords gleaned by a machine from YOUR subconscious mind, time travel, being EVERYWHERE at the same time, i.e., in the U.S.AND in Ghana
at-the-same-time. You know, being in 2 places at the same time. (maybe if the program comes on again, I'll tackle it - fascinating if a
Next up, well, BACK to the future: Stuxnet. You'll never guess what that clever little virus up to now. As we speak.
pssst! Think "Terminator: Rise of the Machines."
| posted on 8.22.2015 at 09:01 PM
Stuxnet has escaped and is in the wild!
Right now, we're in the grips of a new arms race: code makers and scientists - defenders of our digital life, on one side. On the other side, the
hackers are becoming ever more devious. It's a battle that's constantly shifting. The greatest danger is from the giant network of inter-connected
computers that run the most complex systems on the planet from power grids to water companies to banking, to land and transportation networks. Think
about it - almost everything we depend upon is on a computer, i.e., computerized. These are vulnerable in an entirely new way.
There are 3 types of vulnerabilities:
3) technology, encryption)
The most vulnerable of the 3 is, of course, people, i.e., what one human can put together, another can take apart. But the bottom line is that a
person can circumvent any security layer by their actions. People are the weak link. Even when computers are cut off from the internet, hackers can
find a way to get their viruses inside to introduce malware codes using a USB thumb drive (like the "FixIt" stick costing only a couple dollars).
All they need is someone to attach it to a targeted computer. The PBS program gave 2 situations where you KNOW it's real, the truth:
1) At high noon (lunch break), a USB with a corporate logo on it was placed it in a public area (park, beach, downtown, skateboard arena, etc). 70 -
80% of the time, someone passing by saw it, picked it up and inserted it into a corporate network - their own corporate work computer.
2) Same time of day: When they did the same experiment with a CD ROM that had the year and pay and compensation tables written with just a sharpie on
the disk, they had an almost 100% guarantee someone would see it, pick it up, take it to work, and insert the CD ROM into a computer, thus introducing
whatever was on that CD ROM into the entire corporation's computer system.
The narrators feel that it was this (devious) tactic of using a removable USB device or CD ROM that may have launched one of the world's most
powerful cyber weapons: Stuxnet.
Starting in 2009, the sophisticated virus, Stuxnet, struck at the uranium enrichment plant in Iran. The plant was in a highly secure environment cut
off from the internet, but still vulnerable to someone bringing in a removeable device to the plant, e.g., a spy. They think that with one or more
spies, and even some unwitting accomplices (picking up USB's from the ground at a "public place?") that's how the power of Stuxnet was unleashed
on Iran's computers. It didn't have to break any encryption codes or security boundaries - once plugged in by a spy or a 'Nosey-Rosey', it sought
out the communications capabilities of the network by going from computer to computer until it found what it was looking for, then sending back logs
of everything going on while NOT interfering with anything - until it was time to screw up the works. Again, by telling/communicating with the
computers that told the reactors how fast to turn the aluminum tubes and telling the computer which controlled the "stop" button to not do anything
With all the explanations of how it was done, with all the safeguards its creators, either American or Israeli installed to direct and control the
virus, it is as the narrator warns, nothing in the world of high stakes hacking is as simple as it seems for....
Stuxnet has escaped.
It has now been found outside its intended target (Iran). How? Where? No one knows.
Turns out Stuxnet didn't just target machines in Iran or the uranium plant. Stuxnet has the ability to spread to any machine, any Windows machine
across the world. It has now infected more 100,000 machines.
Stuxnet was never intended to get into the world; it's purpose was limited to mucking up Iran's nuclear program. But once it did, it demonstrated a
level of sophistication and capability that up to that point, no one had taken advantage of. This was truly a digital Pandora's box. Once it was
open, you couldn't put the lid back on.
The sophisticated virus/weapon Stuxnet is out in the public domain and now. It offers a blueprint for cyber-warfare. A way to target computers that
run machines, to control our water, distribution, our power grids, car transportation systems. In other words, the machines that run our world.
That it has escaped (once its job was done mucking up Iran, "spy" threw the USB into the ocean; it landed on another shore, was lying on the beach
somewhere when someone came by, saw it and plugged it into THEIR work computer?) highlights the risks of creating these types of weapons, that they
may indeed become uncontrollable and even be used against the nations that developed them.
The program ends with this warning:
There's nothing new about codes and trying to keep secrets, but the advent of global digital communications has created a new
battleground... without borders. One where mischievous teens, nation states and organized criminals go head to head as equals. This murky world is set
to become the defining battleground of the 21st century.
| posted on 10.30.2015 at 10:51 PM
And the beat goes on....
TV News reported that a Chicago company did an experiment, well, they did the SAME experiment as in the OP wherein they left 200 shiny blue USBs on
park benches in 4 cities: Chicago, San Francisco, Washington, D.C., and Cleveland.
20% of people who saw them, picked up USB and plugged it into their computers. Most who did so were in tech-savvy San Francisco..... proving that
people are the weak link in cyber security.
Now do you see how Stuxnet has traveled the world and is loose in the wilds?