Zero Days

I had lunch at London airport yesterday, and watched a father and son at the next table. The teenage boy wore earbuds and spent the whole meal playing a game on his phone, occasionally pausing to eat. The father alternated between looking at his Kindle and looking perplexed.

Stanford psychologist Zimbardo recently postulated that young people, mostly young men, who grow up in a culture of computer gaming and online pornography, may suffer consequences that are both  unpleasant and far-reaching.

Most worrying, of course, is that universal human preoccupation: sex. Teenagers are being introduced to sex through pornography―that in itself is history―most of my generation first learned about sex through books, but in a straight-laced society such as Spain or Portugal in the 1960s the scenes were tame, and there was more left to suggestion than to explicit prose.

I still like to read and write about sex, but with a purpose: it may be passion, love or hate, or some sort of political expediency. For instance, in the second chapter of Clear Eyes, I offer the following text.

Her eyes were bright. “Mi almirante, I have a passion for great men.”

Her hand traced the lines of his face. First the white hair, then the dark eyebrows, thick and raised, followed by the mouth, thin and wide. Finally, she ran her index finger slowly up the aquiline nose, and then three fingers slowly stroked down, opening like petals, as if measuring the admiral’s girth.

Beatrice turned his face toward her. “Your nose, Cristóbal, it is of a large proportion.” She let her left hand drop. “I’ve heard it said…”

Her hand rode up his thigh as she sat next to him and raised her glass. The admiral’s face became ruddy; his mouth opened, but no sound came out. Beatrice sipped and leaned forward, her hand continuing its exploration.

“Oh! Dios mio!” Beatrice opened her eyes wide and parted her lips. “Es verdad.”

Whether you enjoyed that or not, the seduction takes place as a means to an end, and the consequences are important for plot development—and if you know your history, you figured out exactly which Beatrice is laying the honey trap.

Sex can be funny, as well as a lot of fun, so I hope the clip above makes you smile a little—and that when you read the rest of the scene it may stir up a teensy-weensy extra emotion.

But the notion of little kids getting their ‘start’ in sex by watching hard core porn appalls me. vice.com (which is not a porn site) claims that most parents have no idea there are free porn sites such as porn.com and pornhub.

Even if they do, I suspect oversight of teen digital surfing is often left to mom, and if dad knows the websites, he’s not going to ‘fess up.

The problem is that young boys don’t learn the natural give and take of relationships, the bliss of your first kiss, the trembling and rampant adrenalin of sex, and the dynamics of love. Instead they learn of a bizarre and artificial world where submissive women achieve ultimate joy when some guy ejaculates on their face—this doesn’t seem to me the foundation of a solid pair-bond.

But free porn sites bring with them a good deal more than just sex—they’re a natural vector for delivering malware.

This week malware was on the menu by way of a company called Hacking Team. Normally hacking is not associated with Italy, but these guys made a name for themselves in a very specific field—offensive response.

Their flagship product is something called Galileo, or Remote Control System (RCS).

Zero Day hacks are a digital (black) art form, and are often used to penetrate targets,

Zero Day hacks are a digital (black) art form, and are often used to penetrate targets,

The clients are (or were) law enforcement, intelligence, and other national agencies—the company didn’t sell to private entities, or so it says.

Human rights groups repeatedly accused Hacking Team of doing business with oppressive or totalitarian regimes, who used the software to spy on political opponents and dissidents.

The reason all this made the news was that the company was itself hacked—according to Wikileaks, over 400 gigabytes of data were lifted from their servers. Most folks will understand that any number with ‘giga’ after it is big, but let’s analyze how big.

The current manuscript for Clear Eyes is a little over 45,000 words—the file size is 268 kilobytes. In these days of stored images and music, which are much larger files, we forget that one page of text is a small file.

My new book is about half-written, and those one hundred-fifty pages work out at three hundred words a page, or 2 kb. Even assuming each customer’s file was the size of Clear Eyes, the hacked file would contain over one million records.

Reported customers include government agencies in Ethiopia, Russia, Morocco, and Mexico, not the brightest stars in the democratic firmament. Moreover, emails obtained by the Guardian newspaper expand that list to include the US military, the FBI, the DEA, and add a number of other well-known democracies, including Sudan, Egypt, and Saudi Arabia.

The firm’s aggressive approach to surveillance involved a hack of the host machines and installation of RCS. Once in place, the client could eavesdrop on Skype conversations, spy on you through that innocuous little eye in your laptop, and much much more—a tale with similarities to the hacks carried out by ‘Drill’ Deeman and the mysterious chain-smoking Cairo engineer in Atmos Fear.

One of the key vehicles used by Hacking Team were zero days, hack-speak for software vulnerabilities. When a program such as Microsoft Silverlight is installed on your computer it needs to have a conversation with the very intestines of your operating system—in Windows it’ll modify the register, a Papillon-style leper colony on your computer disk which only the brave will visit.

Small changes to the register made by enthusiastic amateurs will block the machine, but the zero-day hackers are no amateurs.

The requirements for a good zero day are threefold: it hacks into a computer or other digital device by exploiting a loophole, usually by piggybacking on a ubiquitous ‘helper’ program—that’s the message you always say yes to when you’re asked if you want to install an add-in to do whatever you’re doing; second, it’s wrapped in a suitable delivery system—not much point in an injectable drug if you don’t have a syringe; finally, it remains hidden—while the zero day is unknown, it has commercial value, but once exposed, the manufacturer releases a patch and that’s that.

Top class zero days can fetch half a million dollars or more, depending on how they can be inserted into a machine and what access they provide.

The penetration mechanisms exploit so-called vulnerabilities, programming bugs or lack of appropriate bullet-proofing that allow the intruder into the machine. Once inside, Bob’s your uncle. The US reportedly hacked into Saddam Hussein’s scud missile control systems in the first Gulf War by going in as a printer—laser printers need good access to computers, since they do a lot of chat with their boss.

You may have noticed of late that Adobe Flash seems to want to update itself every week—I did, because I don’t like automatic updates, I like to see what I’m getting. When a company is updating that frequently there’s a problem—as Shakespeare wrote, ‘the lady doth protest too much, methinks.’

The Hacking Team guys bought a zero day that targeted Flash from a Moscow hacker called Vitaliy Toporov—your man wasn’t just selling Flash, he had zero days for Silverlight, the Java language, and the Mac’s Safari browser—bombarding Adobe, Microsoft, Oracle, and Apple in one fell swoop. If he can’t hack you, you must be living on Mars.

The Russian charged the firm forty-five grand for a non-exclusive licence, and delivered in return a piece of computer code that could penetrate Flash all the way from version 9 to 11, on both Windows and Mac.

By all accounts Hacking Team was itself pathetically easy to hack, and they are by no means the only players in this game. On the offensive hacking side, aka the empire strikes back, companies like Blue Coat Systems (US), Gamma Group (UK), Germany’s Trovicor, and Amesys, in France, also operate in this area.

The Italian job: exploiting man's sexual vulnerabilities.

The Italian job: exploiting man’s sexual vulnerabilities.

Zero days are here to stay: French zero-day company Vulpen was allegedly hacked in 2012 and had one hundred-thirty zero days stolen—Vulpen denies the hack, but there’s a delightful poetic justice in the fact that by revealing the theft they would expose their zero days and lose any further potential revenue.

The zero-day game is the way in, and the next step is to go on the attack. The Galileo system, like others on the market, allows you not only to eavesdrop but to alter communications—you could for instance provide a fake phone number or arrange a meeting, even change a bank account number.

When you hear the stories of the Chinese and American hackfest, together with far more discreet players such as the Israelis or the FSB, you now know a little bit more about the murky depths of this particular dark pool.

When Toporov was asked by reporters whether Hacking Team sold to the FSB, he candidly replied “I’ve never heard that FSB openly buys zero-days. I thought either they have their internal talents or they outsource it somewhere.”

Galileo Galilei is turning in his grave.

Atmos Fear and The India Road. Quick links for smartphones and tablets.

Atmos Fear and The India Road. Quick links for smartphones and tablets.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: