Saturday, March 10, 2007

Prologue Revistsed

I missed the third approach. I completely overlooked it. Ironically, this is usually what happens when screen writers or production crew use it. The third approach is doing proper research and getting it right. What's the down side of this? 99.9% of your audience will probably never even notice.

The best example of this is The Matrix Reloaded. If you were paying close attention and knew what you were looking for, you would have noticed that when Trinity hacks into the power plant's computer system, she uses a real-life security tool and exploit. But I bet you didn't.

You can read about it in this poorly researched BBC article:

http://news.bbc.co.uk/1/hi/technology/3039329.stm

Apparently this triggered a warning from The British Computer Society. I have a hard time believing that this is real, but the press release is still available on the Internet Way Back Machine so you can make your own judgements:

http://www.bcs.org/BCS/News/PressReleases/2003/
May/PressReleases2003MayMatrixTricksWarning.htm

Thursday, March 8, 2007

Numb3rs "One Hour"

Numb3rs is a crime drama that centers around an FBI agent and his brother, a former math prodigy who is now a professor at a prestigious technical college--the fictional Cal Sci. A typical story line begins with a perplexing crime and when the FBI gets stuck, the math genius and his colleagues are brought in to help close the case.

"One Hour" strays a bit from this formula--the first half of this show focuses on a technological challenge rather than something that can be solved mathematically. The story begins with a violent kidnapping of a music mogul's child. Shortly after the FBI team arrives on the scene, they receive a ransom demand on the dead bodyguard's cell phone. The FBI agent who answered the call notices that the caller's phone number is a string of ones and when the FBI techs "ping" the number (I don't even know where to begin with that one) they determine the call originated as VoIP. Unable to trace the VoIP call on their own, the FBI calls in the pros from Cal Sci to help them out.

After being told they have less than one hour to find the kidnappers, the two professors jump in their car and, on the way to the FBI offices, one of them writes an "exploit" that will allow them to trace incoming VoIP calls from a cell phone which the kidnappers would call to give further instructions.

This is where the screen writers get themselves into trouble. They start innocently by describing VoIP as Voice Over Internet Protocol--although technically correct, I have yet to hear an industry professional say anything other than Voice Over IP. A nit-picky point, I admit, but when you say it the way the actors did, it sounds as if there is an actual protocol called Voice Over Internet (there isn't.)

It might have been better to say that VoIP is a collection of protocols and other technologies that allow telephone calls to be placed over Internet Protocol (IP) based networks, like the Internet or your office LAN. Was that so hard to say?

Defying all reason, these intellectual giants were able to write an application that would run on an unknown cell phone, connected to a unknown providers network, and somehow install it on the correct handset, based solely on a phone number given to them by the FBI. And all that in under fifteen minutes! I wish I was that good.

The screen writers problems become less earnest when you realized that a VoIP call would have to be terminated on the PSTN (Public Switched Telephone Network) prior to making its way to a cellular phone network, and subsequently, to the cell phone.

What this means is there is no practical way to get the originating IP address of a VoIP call in the way they described. In reality, the call would have to traverse three different network that do not share common protocols or addressing systems.

Given enough time and access to the right data, theoretically you could pull the trace off, but its not as simple as they try to make it sound with their analogy of tracking a piece of luggage from airport to airport. Its more like tracking a piece of luggage through an airport, then a train station, and finally a taxi stand.

I suspect that a script consultant made the same realization about halfway through the shoot, because in the following scene, they explain that the cell phone had a program installed on it that allowed it to make and receive VoIP calls directly, therefore bypassing the need for PSTN termination. They further explained that the kidnappers were using this application to avoid paying for the PSTN termination, eliminating a credit card trail that could possibly identify them. Wow. I really wish I could hire these writer the next time I get into a technological pickle at work. Does anyone have their number?

Even though the writers blundered in regards to VoIP, the fact that the professors could trace the IP address to a physical location is not a fantasy dreamed up to expedite the plot--although the writers did exaggerated its effectiveness, just a bit.

Lets assume the IP address they got from the trace was 206.18.32.25. A simple query to the American Registry for Internet Numbers--a database that contains all of the IP address assignments for North American and some of the outlying island--would have given them the owner of the IP address in question.

Let's see what we get:

(Actual results from http://ws.arin.net/whois)

OrgName: Los Angeles Public Library
OrgID: LAPL
Address: 630 W. Fifth St.
City: Los Angeles
StateProv: CA
PostalCode: 90071
Country: US

It seems that we got lucky. Sometimes the information contained in these registries is not as accurate as you might want. IP addresses are reassigned without notifying the registry, and the mailing addresses shown are often that of administrative or support offices, not the physical location where the IP address is in use.

In this case, the street address is actually the Central Branch of the Los Angles Public Library. This was verified easily though the Library's Web site. I love how canned examples always work out so nicely.

In case your are interested, there are four other registries that provide similar information for South America, Africa, Europe and Asia Pacific, respectively.

A good information security practitioner will have a few techniques that can be used to work around the inaccurate information you find in these registries, but the end-all-be-all method--which is supposed to incorporate all of the available technique to produce significantly more accurate results--is IP GeoLocation. You can try it yourself on this free service:



My IP address returns a latitude and longitude about 15 miles north of my actual location. Using some of the other techniques that I didn't bore you with, you may have been able to get it down to about 5 miles southeast of where I am sitting. In either case, had the fictional kidnappers been using my WiFi, the poor FBI agent would have been listening to the wrong librarian complain about people talking on their phones, while the kidnappers laughed all the way to the bank. Its a good thing we don't listen to marketing hype.

On a side note, about 40 minutes into the program, you can see some quick shots of the application the two brainiacs are using to locate the kidnappers. The laptop screen shows a map and a series of area codes and prefixes for phone numbers in the greater Los Angeles area. I'm not sure how that really helps them map IP addresses to geographic locations, but I am not a Cal Sci graduate, so who am I to judge?

Finally, as you may know, TV shows and movies are not typically shot in chronological order. This may explain why the young professors, towards the end of the show, were suddenly able to trace a VoIP call that was made to a public pay phone. I suspect, by the time someone pointed out the issues in the script, the production crew had already shot the last scene and was not have been able to re-shoot it with the corrections. There was mention of someone violating two or three communications laws at one point, which may be another explanation, but sitting in the Los Angeles offices of the FBI, why would two professors from a top technical college risk jail time by doing something like that? I know I wouldn't.

To view this episode for free on CBS.com:

http://www.cbs.com/innertube/

Monday, March 5, 2007

Prologue

From what I have observed, screen writers seem to take one of two approaches when they incorporate information security into their scripts. The first approach is to make everything so far-fetched that any comparison to reality would be all but impossible. The second is to pepper the script with terminology they found on the Internet, or got from some other seemly reliable source, like the guy who fixes their computer when it wont print.

The latter generally produces random lines of gibberish that are mumbled and mispronounced by unwitting actors. As an example, a film I saw recently included a scene in which one of the lead characters was monologuing on how he would fix the security problems in the FBI's computer network. During his short diatribe of networking and security jargon, the actor pronounced WAN (Wide Area Network) as Juan (the Spanish form of John.) In case you are having trouble playing along at home, WAN should rhyme with "man."

You'd think that they would have fixed that in post production with Automatic Dialog Replacement during looping. Apparently, screen writers are not the only ones who can play the terminology game.