November 26, 2012 | 11
In the series, “From The Writer’s Desk,” I’ll describe what I do for a living as a writer and ideas I have for advancing my craft.
Today I have a story out on a secret war that might have taken place for years in the embedded computers found within the devices that make up the backbone of the infrastructures of our nations and corporations. And there’s so much more to the story than might have comfortably fit into what ran, which I’ll talk about here.
So as background, scientists at Columbia earlier showed they could fairly easily to hack into these embedded computers and use them as backdoors to infiltrate personal computers — for instance, a printer could easily get compromised by an infected document file.
The threat is potentially huge — at least a fifth of all embedded computers accessible online still have their factory default passwords, meaning just about anyone can waltz in and compromise them. Now researchers at Columbia have developed software they call “symbiotes” that might be able to not only detect and prevent online attacks on embedded computers, but also help reveal how long they might have been going on under our noses. (You can read the online story here, and the print version here.)
So it’s a pretty fun story. A little known threat, potentially very high stakes, a potential solution to the problem, and the hint of an unknown history. The thing about journalism — or at least, in my mind, responsible journalism — is that it’s about what you can prove, not about all of what you might know or think you might know. As such, there are a lot of anecdotes and speculation connected with this research that I didn’t think belonged in my story, but that I think it’s all right to discuss and speculate about informally on my blog.
First off, there was a great anecdote about how the researcher Ang Cui met with a military base and told them about their online vulnerabilities. They checked about a month later, but the vulnerabilities were still there. When Ang asked them if they knew the vulnerabilities were still up, the officer he asked just raised an eyebrow.
So yes, the vulnerabilities were still there. They apparently served as what in hacker parlance is known as a honeypot — systems set up to record enemy attacks to learn more about intruder tactics.
Good luck trying to confirm the identity of the base or the fact that vulnerabilities were left out as bait for hackers. As such, an anecdote without confirmation is just hearsay, which is why I didn’t put it into the story.
An intriguing, disturbing line of conjecture that came up when I was mulling this story over is why certain nations remain so vulnerable to this line of attack. For instance, South Korea, one of the most wired countries on the planet, hasn’t patched many of these vulnerabilities yet. Given how they have a mortal enemy directly to their north, one would think they might put it on their to-do list, or how allies such as the United States might quietly tell them their fly was essentially open, especially given that an attack on South Korea might inadvertently or intentionally damage the United States as well.
What if certain vulnerabilities are intentionally being left open as giant honeypots? Defenders want to collect as much data on possible attacks as possible, so honeypots are useful for that purpose. Still, it seems like there’d be massive public outcry if so much infrastructure was intentionally left vulnerable just to collect intelligence, raising thoughts of popular ideas regarding the Coventry Blitz claiming that Churchill left Coventry burn during World War II to protect intelligence about the Enigma cypher machine.
I’m not really sure what’s the worse possibility — that countries are intentionally being left vulnerable to learn more about intruders, or that countries are unintentionally being left vulnerable out of sheer ignorance.
You can email me regarding From The Writer’s Desk at firstname.lastname@example.org.