Electronic Extortion

I recently became hooked on the TV series 24. Unfortunately, through Netflix we were able to watch the three seasons prior to the one that just ended. The point is CTU's (Counter Terrorism Unit) utilization of technology is impressive and indicative of where things can go. It also demonstrated the reliance on technology and also where things can go. Heavy reliance on technology for voting, combat, or security can easily lead to over-reliance. Once "over" happens, a weak link can be targeted.

From: CNN.com - Internet infection holds files 'hostage' - May 24, 2005.

A ransom note left behind included an e-mail address, and the attacker using the address later demanded $200 for the digital keys to unlock the files.

The fears of viruses 'back in the day' before Windows (and after for that matter) was the application that would insert itself into memory with the nefarious intent of deleting files on your next boot or at some point time. We'd run the mem command to list everything resident in memory and identify the bad seed. That was a denial game.

The denial game has been stepped up. A few dollars here and there from a massive emailing to millions of people to see where the trojan takes and $200, $100, $50, or even $500 could really help finance somebody. With the ongoing and valid fears of phishing, people still believing Microsoft will email patches, and the incredible number of users without firewall or anti-virus software is just an open field for the 'bad guy'. Ever just start poking around the network to who is there and what machines you can hop onto without technical knowledge? It is surprising how many. How much would you pay to prevent the headache of a) reporting the problem to your IT department and your boss, and/or b) just to get it over with? This new technique is great: totally automated extortion. Pay money to an internet account (i.e. shopping cart) and the 'key' is sent back to you (if it really is, think of the copycats going online as I write this) all without any interaction from China, Rumania, Russia, or wherever the threat originated (maybe some kid in Norway?).

I was once in front of an apartment building and couldn't get in to a dinner party because the host's land line from the gate was off the hook. With nobody answering their cell phones, I went back to my car with my platter of food and fired up the laptop to retrieve more numbers and low and behold, I had an unsecure wireless connection. They had two Macs and a printer on the network, but I decided to just check my email while I was online and then 'hung up.' Are you secure from hackers locking down your files, stealing your quicken data, or just making life uncomfortable? Do you backup your computer in case it is stolen, damaged, or lost?

Just like in the third season of 24 when Tony Almeda was compromised by the terrorist because he was holding Tony's wife hostage. Technical and human engineering (in the hacker sense, not gene therapy) can overrule many if not all safeguards. It is just about pushing the right buttons. Of course, real life is not as clean as a script. However, as the IRA said to Maggie Thatcher when they missed bombing her: "We only have to lucky once, you have to be lucky all the time."