Sunday, October 23, 2016

Attack of the Killer Crib-Monitors !!

On the heels of the third Presidential “debate”, there was much hand-wringing and finger-wagging against Trump, for refusing to commit himself in advance to not contesting the election, no matter how it turns out.  Actually no rational candidate should do that -- there is always the possibility of a squeaker, in which the seemingly-losing candidate may demand a recount (most recently and notably in Bush v. Gore).   But additionally, there exists a scenario, unfortunately not science-fictional, in which Hillary  not only would, but should, contest the results, and indeed demand something more thorough-going than a mere recount.

Namely, as the candidate herself maintains (very plausibly):
(1)  Russian state actors hacked the DNC data as well as that of the chairman of her Presidential campaign.
(2)  Putin is said to have it in for Mrs Clinton.

So -- what if a state actor were to hack the vote-count, and throw it to Trump?

When I mentioned this scenario to people at work, they mostly preferred to shrug it off and keep their fingers crossed.  And indeed,  (1) + (2) do not entail that Putin either would, or could, pull of a vote-fraud on that scale.  But the very next morning, two news items caught the world’s attention.

(3) Russia sent its fleet through the English Channel.  As they passed Dover, they trained their guns on England.
(4) A wide variety of very prominent (and, one would imagine, relatively well-defended) Web sites  were -- a thing unprecedented -- simultaneously unreachable.

(3):  Would (Putin is not reticent about flourishing power). 
(4):  Could (rather than attacking such sophisticated well-fortified sites as Amazon and the New York Times, he need only get past the defenses of the clueless retired librarians and what have you  who run the elections in Mississipi et cetera).

As it turns out, the attacks were not quite as concerning as one could have been led to believe by vague early media accounts.   The attackers didn’t manage to hack their way into the sites in question, where they would be in a position to make mischief (say, to order one billion copies of The Art of the Deal with next-day shipping to the Clinton campaign).    Rather, they merely flooded the servers of a somewhat obscure DNS company (one which originated, in Wikipedia’s phrase, as “a community-led student project” at Worcester Polytech), which performs the humble domain-name service for various sites.   By way of comparison:  Anyone can temporarily block access to Fort Knox by burning a semitrailer on the entrance road;  that is quite different from actually breaking in and making away with the gold.   Specifically as applied to electronic vote-counting,  all that a DDOS attack could do would be to disenfranchise that fraction of Alaskan voters (they won’t be missed) and overseas servicemen  who are allowed to vote via the internet;  it wouldn’t change their votes to a different candidate, nor those of non-Internet voters.

Nevertheless, the attack was significant for the novelty of its Denial-of-Service robot army,  relying in large measure on the “Internet of Things” -- “smart” (read: idiot-savant) devices like late-model thermostats and baby-monitors.

"Smart" refrigerator,  plotting evil

Now, I have long been annoyed, in a grumpy curmudgeonly way, with contra-Okhamian appliances and interfaces, that try to do so many things that they perform their core function less well, and have multiple points of failure.   But I had not realized their potential for active lethality, in concert, a sort of globe-girdling zombie army.  So I contacted my old friend  Песец из Канады,  surveying the bedraggled march of history  from his perch in the frozen north:

> As a guy who used to program for limited-memory ROMs serving closed,
> pre-circumscribed-purpose platforms, perhaps you can answer this:   How
> can a single-purpose device like a thermostat  have the capacity to
> store, and then launch upon instruction, malware used for DDOS ??

He replied:

Nowadays, "limited memory" means gigabytes.  It actually costs *more* to make a product that is only capable of doing what it needs to do and is not also a mass-produced general-purpose computer.

For the moment, people still tend to buy products that "connect to the Internet!!!"  As more of these IoT disasters unfold, I expect that eventually people will learn that they must never allow Internet access from any computer whose program they are prohibited from replacing.  First off, "connects to the Internet!" is just a bullet-point on the packaging; manufacturers don't really want to pay what it would actually cost to develop a *secure* product that connects to the Internet.  Second, there are considerable social forces acting on manufacturers to engage in frankly-evil acts -- and one evil act can build upon another, leading to a DDOS attack.

Example: Samsung used to sell a television set that recorded all your voice conversations (for no reason) and sent them to a central server (for no reason) over an Internet connection (that a TV doesn't really need).  It offered a menu item for turning off this behaviour, but the Samsung TV was programmed to lie to its "owner" and claim that it had stopped spying, while actually continuing to do so under orders from its manufacturer.  In a perfect world, Samsung's corporate charter should have been revoked for this.  Instead, TV's are joining thermostats as IoT objects that can be co-opted by terrorists.  Isn't it nice of us to provide them with this free ammunition?

Microsoft's Windows 10 has the same problem -- it spies on you, offers an option to turn off the spying, then continues to do it anyway.  Windows 10 should not be used on any computer connected to the Internet, especially by a person who holds a security clearance from any country.  A computer that has been programmed to accept orders from "our spies" over the Internet is a computer that can be co-opted by "their spies" over the Internet.

GM's "OnStar" vehicles have the same problem: a car that can be remotely shut down by police is a car that can be remotely shut down by an assassin or a terrorist.  Wouldn't it be interesting to find out if it's technically possible to convince all the GM-branded cars on the Beltway to simultaneously shut off their brakes and steering while travelling at highway speeds?

Speaking of computers inexplicably connected to the Internet, *why* do American e-voting machines have Internet connections?  The only obvious reason to do that would be to allow the government to disclaim the result of an election that doesn't go their way: the American people didn't *really* vote for Donald Trump, that was just the Russians hacking our voting machines because they're evil demons who do evil things for no reason -- after we give them the necessary tools for no reason.  How dare the Russians "interfere" with our election by publishing the emails that Hillary insisted on letting them have!  And why is it that we are preparing for cyberwar against Russia, when it always seems to be China conducting cyberwar against the USA?  That's like invading Iraq because some Saudi dissidents based in Afghanistan attacked New York City.

I'm voting for Stein.  Thankfully, I will not have to move to Canada after the election.

That assertion about Windows 10 was startling.  I did not wish to post anything so denigrating about the LOVELY, PEACEABLE, TOTALLY NON-LITIGIOUS ALL-POWERFUL MEGA-ENTITY MICROSOFT (who can crush poor bloggers like a bug) without some supporting footnotes, which my correspondent kindly supplied:
    "You can’t fully disable telemetry on Home or Professional editions of Windows 10...  If you have a major philosophical problem with the fact that Windows 10 doesn’t let you avoid non-security updates or disable telemetry, don’t try to fix it. Instead, just switch to another operating system, like Linux..."
    A more alarmist article, claiming that even buying the Enterprise edition of Windows 10 still won't stop all the spying.
    Windows 10 keeps copies of everything you type and sends them to Microsoft's servers.  There is a button to turn this off, but Microsoft keeps sending out updates that turn it back on -- and you are not permitted to turn off those updates.

Those assertions are disputed elsewhere, e.g

The dispute is way above the pay-grade of this peaceful, penguin-loving site, and we take no stand on the matter.

Wholesome penguins, lacking Internet access,
don’t worry about any of this


Miscellaneous musings:

(1)  In the case of weaponizable appliances, we are faced with a double-bladed Tragedy of the Commons.   It is simply not in the interests of the various cost-cutting Asian-tiger gadget manufacturers to add in security (which in any even would be swiftly obsoleted;  and nobody’s going to pay for ongoing anti-zombie tech-support for Net-connected blenders and toasters).  Nor does the individual consumer particularly care (save in so far as heroically public-minded) whether his electr(on)ic toothbruth or Web-connected hamburgerbun sesameseed-applicator  was out on the town last night, ravaging Reddit (though they do seem a bit hung-over this morning).

(2)  When the DNC hack was pinned on Putin, pundits wondered aloud (or rather, aprint) whether we should retaliate by deploying our own cyberattack tools.  That was ill-considered.
(a) First, sanctions, to have any point, must be publically announced -- a tariff, an embargo, a finger-wagging on the New York Times editorial page, or what not.   The virtue of cyber tools is that they can be used stealthily and (with luck) deniably -- exactly the wrong scenario here.
(b) Cyberwar is serious business, and its means stand on the forefront of (secret) research.  You want to minimize exposure of your tools until they are needed to be deployed for real, and not just as a petulant gesture.

To retaliate against Putin (or anyone else), you select that arrow from your quiver that best meets the case; you don’t limit yourself to mimicking his moves, doing exactly what he did (as the lex talionis enjoined).

Which raises the question:  In Friday’s attack, cui prodest?   On the face of it, nothing positive was accomplished, just a few hours of snail-slow connection times.   And the attackers lost the element of surprise as regards a next such attack:  defenders now know that, in estimating the power of the next DDOS attack, they must reckon-in the gadget-bot army.    But it might have been worth it to the attacker, to see how vulnerable a crucial node like a DNS would be.   The sally would thus be the cybernetic equivalent of a ferret flight.

(3)  From a conspiratorial standpoint, the beauty part is:  it is not even necessary actually to manage to hack the vote -- merely providing plausible reasons for people to imagine you might have, poisons national confidence.   Cf. the ridiculous episode of the Nigerian Underwear Bomber, who failed to bring down the plane he was riding on, managing only to boil his balls:  still, AQAP rejoiced, since it was enough to get TSA’s knickers in a twist.   Already burdensome security become more burdensome still -- though unlike the case of the Shoe Bomber, the incident did not lead to the targeting of a specific garment -- no Skivvies Inspections at the airports as yet.

[Update 28 October 2016]  And now, sailing in from left field, the bizarre carom-shot off  Anthony Weiner’s computer, announced today  out of nowhere  by a po-faced FBI director, somehow supposed to link up with the  in principle unrelated Hillary-computer-emails brouhaha.  Nothing substantive yet, nor will there be (he conceded) until after the election;  as Trump said recently in another connection, “I’ll keep you in suspense.”  (As a mysterywriter, I would hesitate to concoct so far-fetched a plot;  but reality recks not verisimilitude.)
Thus, it is not only Trump voters who have reason to question the legitimacy of this electoral season.

Note, though, that anyone maintaining that the timing of the announcement was calculated to maximize the damage to Mrs Clinton, should consider the fact that it was made at the least sensitive time in the news-cycle, Friday afternoon, the hours at which any business or administration prefers to release embarrassing news.

No comments:

Post a Comment