The email reads:
Unless you pay us a tart, we will turn off your oven. The enclosed data from your computer proves our access to your oven control system. Pay up or wicked cold tarts! Sincerely, The Knaves
You look. You've got a banal PC with a banal cable-or-dsl ISP, so you know it "belongs" to the malware-of-the-month (this month's special is W32/Mydoom) and so long as the remote artists don't actually use your on-line banking access or install a pedo-porn server or install an IM server for registered members of the Al Quida heavy aircraft e-pilots network, or something really wicked bad, like install a peer-to-peer music shareware backend, say a Napster-clone, what the malware does with your always-on, always-accomodating box is your ISP's problem, assuming they care at all.
The oven runs on natural gas. There doesn't appear to be any wires connecting the computer to the oven. Maybe the 110 volt A/C circuit is a covert signaling path? Maybe the oven has an undocumented 802.11 feature, or maybe its BlueTooth capable and the laptop is too close to the coffee pot ... The roll of tin foil is in the kitchen ...
The rational response upon receipt of this message is to advocate a law that permits courts to issue nationwide search warrants for electronic communications, because these are "essential to any prosecution of cyberterrorism."
Cyberterrorism. Sounds pretty awful. Worse than extortion. Worse even than mistaking salt for sugar when preparing that first cup of coffee of the morning. Probably not quite as bad as spoofing the trusted time infrastructure, corrupting the dns root, injecting bogus data into the bgp mesh, shutting down the major smtp relays, or running edge-device acquisition tools, e.g., W32/Mydoom, but a tart is a tart and that's a start.
Thus do John Malcolm, deputy assistant attorney general at the Justice Department, and Keith Lourdeau, deputy assistant director of the FBI's Cyber Division argue before the Senate Judiciary subcommittee hearing on cyberterrorist threats and capabilities. Ergo, these provisions in The Patriot Act are required goodness.
The acutal letter was from two munchkins using a cyber-cafe in Romania, who captured a box in a trucking company to grab data from an NSF box (as "secure" as any other box on a public network). The remote computer controlled EasyBake ™ they threatened to take down was environmental controls of a research station in Antactica, which should be shut down if anyone puts a computer in Arlington and all the intervening data paths higher-up on the food-chain than the manual switches on the directly-attached analog devices ... the fuel oil valve in particular ... in Antarctica.
Glaciologist: Did anyone pack matches?Polar Meteorologist: Not me. The PM back in DC said we'd get e-matches. Have you gotten the Primus lit yet?
Glaciologist: No, and I am about to become one with my subject matter.
The institutional problem of delivering clue to law enforcement and/or other agencies seems to me to be non-tractible.
Wampum readers who are constituents of Senators John Kyl (R-Ariz.), chairman of the Senate Subcommittee on Terrorism, Technology and Homeland Security, or ranking member Sen. Diane Feinstein (D-Calif.) can drop them a note that the job of "Homeland Security" is slightly more complex than defending the EasyBake ™ installed-base from Knaves-Errant. The National Intelligence Estimate (NIE) on the subject may be ... in need of reheating, or ...
I'm too polite. Malcolm and Lourdeau are bio-waste on a good day. After some future 7th of December somewhere, people will look back on this and simply be amazed that clinically brain-dead people were in policy positions. I used to have network security and operations students who identified only as "Department of Defense" -- Meadies -- in addtion to the "HQ.AF.MIL" and BigITCorp kinds of students. Clue delivery above GS-15 requires more than a foam bat.
Posted by at February 25, 2004 07:58 AM | TrackBack