Saturday, June 30, 2007

Live Free or Die Hard (2007)

The latest installment in the Die Hard series has our hero John McClane chasing after a crew of hacker-terrorists that are systematically shutting down the critical infrastructure of the United States. The movie describes this as a "fire sale," as in "everything must go."

While I do not pretend to be part of the in-crowd when it comes to national security terminology, I don't recall ever hearing this term used to describe any scenario relating to critical infrastructure attacks. I suspect the screen writers just made it up.

At any rate, the action begins in an FBI operations center that makes the fictional NORAD command center from WarGames look like, well, the real NORAD command center. Even with its modern architecture and sleek interface design, the most amazing part of this set is the fact the 20-foot projection screens have relevant network security information from every U.S. government network, as well as the national energy grid--truly unbelievable.

With all of the creativity that Hollywood has to offer, I'm sure its still difficult for someone to visualized a network intrusion in a way that most people would find interesting, but showing computer screens dim, go black and then suddenly come back to life just doesn't do it for me. But this is exactly how the action gets kicked off and, without much investigation, the FBI knows immediately that it was the work of hackers. Holy crap, I thought someone forgot to pay the power bill!

So what was compromised exactly? The power supply to the monitors? It obviously wasn't the computers because when the screen can back on, there was nothing to indicate that they were compromised or had even lost power. I don't mean to suggest that a comprised system would have some sort of visual indicator, but with all that the operations center had to offer, you'd think the screen writers or director could have come up with something a little more realistic or clever, such as showing that all of the FBI's computers are sending out spam for herbal Viagra. Just a thought.

I could bore you with paragraphs on SCADA system security, or ask why someone would spend money to build a networked system that shuts off lights that don't need to be turned off, but I'll simply focus on one of my biggest beefs with this movie which is the use of what I call "magical hacking tools."

While everything in a Hollywood production is larger than life, there seems to be an obsession with showing omnipotent hacking tools with elaborate graphical interfaces which, in addition to allowing easy access to every function of extremely a complex system, can also mimic any system's GUI.

In reality, even commercial security tools do not have this level of functionality or interface design, but I don't want to denigrate the advances that our blackhat friends have made over the last couple of years with their software. Take a look at this Web GUI used to control botnets. Most corporate systems don't look this good.

Burn Notice "Pilot"

What do spies do when they've been blacklisted? According to Burn Notice, they hang around in Miami, avoid their mothers, and get advice from alcoholic ex-spies. In this "Get Shorty meets The Equalizer" one hour drama, you also learn that blacklisted spies have many useful skills that they can pull from their tradecraft to assist people who can't get help from the law.

One of these skills is using latent fingerprints lifted from a fingerprint reader to open a safe.

You might be thinking that this is something the screen writer made up to get himself out of a jam, but according to a Japanese researcher, it can be done--with about an 80% success rate. However, what was shown in this episode is an overly simplified, and slightly inaccurate, depiction of what you would actually need to do to pull it off. Let me explain.

If Burn Notice were a two-hour procedural drama, you would have seen Jeffrey Donovan's character find a non-porous surface, such as a water glass, that he knew the safe's owner had touched. Getting the print from the safe seems like a logical idea, but in reality, the size and weight of the safe would make it difficult to work with.

Next, he would use a technique called cyanoacrylate fuming to draw out the latent prints. Cyanoacrylate fuming is just a fancy way of saying you expose the surface to vaporized Krazy Glue. These vapors, or fumes, react with with the amino acids and other proteins that are left when you touch something with your fingers. This reaction forms a white sticky material that outlines the ridges of the fingerprints. This white sticky material is another reason why you wouldn't want to use the safe to get the print--you'd have to clean that sticky crap off before you left.

Once the reaction is complete, you can stain the results with colored dust and photograph them. Despite what you may have seen on those CSI shows, this process can take more than two hours and also requires the object to be placed in an sealed container. You'd probably be better off doing this in a safe place, in other words, not a house you just broke into.

Next, he would transfer the photograph to a computer, enhance it with Photoshop and print it out on transparency paper. The transparency would be placed over the photosensitive material that hobbyists use to create custom circuit boards. The material would then be exposed to ultraviolet light and washed with acid. ] The pattern that was printed on the transparency would now be etched into the board, creating an accurate mold of the fingerprint. The materials needed to do this are available at most electric hobby shops for around $50.

To create his fake fingertip, he would pour gelatin into the mold and let it harden. He could then place the gummy fingertip on his own, and use it to fool the fingerprint reader and open the safe. Nice and easy.

Someone could probably create a portable kit so that this could be done on scene, but they'd need to speed up the cyanoacrylate fuming process to make the process streamlined enough for a black bag job.

Monday, June 25, 2007

What the CIA Could Learn from Hollywood

What I learned today is that at least one of the three writers that got WGA credit for The Recruit understood the basics of how cell phones work and what data is collected by service providers, but apparently failed to portray CIA training in an accurate light. Go figure.

If you are not familiar with this 2003 yawner, it follows several young CIA recruits though their training and first covert assignments. Towards the end of their training, the recruits go out on a surveillance and evasion exercise. Prior to the start of this exercise, one of their instructors specifically tells them to "turn your cell phones off because they act like tracking devices."

Obviously this doesn't happen during real CIA training. My evidence? Two dozen CIA agents were indited in Italy for kidnapping a suspected al Qaeda agent in Milan and transporting him to Egypt. How did Italian prosecutors track down those accused of the kidnapping? Cell phone data.

Seems that the alleged kidnappers not only left their cell phones on, they actually used them throughout the operation, which allowed investigators to track them from the location of the kidnapping to the Air Force base that was allegedly used to fly the abductee out of the country.

Read they story in Congressional Quarterly:

You can't make this crap up.