Reflections on data security, job security and Abraham Lincoln
It was a good week – three virus attacks and my antivirus software stopped them all – I hope. I have rarely been caught, but despite twice-daily antivirus updates, it has happened. A virus is bad enough, but what really irks me are all the well intentioned (?) notes I get from those that received an infected email from me. You know the ones, ‘Hey (dummy) you’ve got a virus (he, he, he – my antivirus is better than yours), I just thought you should know’.
It was a good week, then I read How to Steal Secrets without a Network, an article in the May 2009 issue of Scientific American, and was reminded that no matter how smart and careful you are, someone smarter can always invent a can opener for your best armour-plated, totally secure, secret-holder.
The article shows that no matter how hard you try to lockdown access, determined hackers can still get to your data – and what they do is not easy to “defend against and impossible to trace”. The article centres upon a discovery by Michael Backes, a professor at Saarland University in Germany. He found that a wide range of objects that reflect – a spoon for example, a coffee cup, plastic bottle or even an eyeball – could let a spy read the data on your computer screen.
Today, the information readable at a distance is limited by the size of the telescope and the fancy electronics needed to correct for the distortions introduced by the reflecting surface. To read the image of large, 14-point, type reflected off your eyeball requires a 20-inch telescope at a distance of less than 15 metres – if reflected off a good size cup; the telescope could sit some 57 metres away. Not terribly worrisome? Well, a tiny, un-noticeable, high quality, high precision Webcam could be installed just a few meters away in a ceiling or a wall decoration – not even facing your computer screen – and read everything displayed as reflected in, say, the glass of a framed photo, a bit of jewellery, a plastic bottle or perhaps the sweat of your brow.
Commercially available optics and electronics are still rather limited, but one need only consider the details technicians coax out of satellite images captured a hundred or more kilometres away to understand what the future might bring. Readable images of computer screen reflections should easy to get with a camera in a window across the street.
Will there be a big market in non-reflective items for use in front of your computer or for spray-on fuzzy coatings. Will this sort of espionage end the open office, with its low partition stalls separating one worker from another, eliminating privacy in the name of better communications (supposedly), and low cost? Will computer screens come with draw screen hoods you stick your head into for a bit of privacy?
The battle to secure data cannot be won; the trick is to stay one step ahead of the forces of evil.
Quantum computers, it seems, will be able to crack almost any data encryption scheme except – they say – quantum encryption. I am not so sure about quantum encryption. It is supposedly unbreakable; the physics of quantum encryption guarantee it. Well, we have been told many times that physical laws do not allow this or that – chips cannot get smaller, data storage cannot get denser, data can only travel so fast on a copper wire, nothing escapes a black hole, etc., etc., etc. – only to see some clever workaround or exception to the rule when the context is changed. I will not be surprised if someone beats quantum encryption. Today, someone, somewhere, is surely working on it.
Even if quantum encryption proves unbreakable, the moment someone opens the message to read it; the information is once again there for the stealing.
The use of methods to sneak under the tent and bypass normal security measures – passwords, encryption, antivirus software, operating system ‘fences’ and the like – have long been common; reflection-peeping is just one more weapon in the hacker armoury. Few commercial security companies worry about ‘side-channel’ attacks such as these; they concentrate instead upon protecting information in computers and networks and pray that those that don’t play by their rules will go away. Only government security agencies and the military seem to concern themselves with non-traditional attacks – and they should – they invented most of them.
There are several ways to capture date from keyboards, printers, monitors and networks that do not depend upon virus installed software. Snoopers can detect the radio frequency signals emitted every time a key is tapped, read the noise from dot matrix printers (researchers are trying to do the same from super-silent ink-jet printers as well) and the low-level signals emitted by monitors have long been known as a backdoor entry for well-equipped hackers and spies. Military computers have been protected against this type of snooping since the late 1960s. A Webcam on the user’s computer can be co-opted and its images of a user typing can be recorded and deciphered. Even when part of otherwise secure encrypted systems, all computer devices enter and display unprotected raw data before it is encrypted or after it has been decoded.
The user – the user’s need for open data – is the primary weakness of all systems and the hardest to deal with. If something happens within a computer or a network, there are generally ways to control it or find traces; side-channel attacks leave no traces – there is no smoking gun, not even a body to show when murder has been committed. Even when it is possible to conclude that data might have been stolen – that a system’s Webcam might have been used – it may not be possible to know when and how often it was used or what data was stolen.
Technology – electronic or not – will advance and the bad guys will use and abuse it and us. Every time they come up with something new, the defenders of all that is good will defend and counterattack. Every counterattack calls forth a different, stronger, attack in response.
There is no end in sight, there is no end; prepare yourself. It may get to the point where the defence is so strong, the cost of an attack so high and the probability of success is so low that digital attacks will be few and far between. Still, this won’t put hackers out of business; they will just get better at ‘social engineering’, at fooling you and me into giving up enough vital data for them to operate. In the end, we all have our weaknesses and blind spots; hackers know that educating us, fixing us all, is a hopeless task, their jobs might get more difficult, but never impossible – they have job security even during the worst downturn.
Although, as Abraham Lincoln said, “…you cannot fool all of the people all of the time”, he also said, “You can fool some of the people all of the time, and all of the people some of the time…”, and that is what hackers count on.
The next issue of Connect-World Asia-Pacific will be published later this month. This edition of Connect-World will be widely distributed to our reader base and, as well, at shows such as CommunicAsia, Singapore (16-19 June); Broadband World Forum Asia, Hong Kong (July 15-18); P&T/Wireless & Networks Comm China, (23-27 September); and Indo ICT Expo & Forum, Jakarta, Indonesia (16-18 December).
The theme of this issue of Connect-World Asia Pacific will be- Information and Communication Business Technology.
Information and communications technologies, ICTs, have always had a significant impact upon businesses. Today, they can be the business. Virtual businesses abound and even their services or products can be virtual; only the money is real. The savings and earnings that advanced ICTs bring to businesses, both real and virtual, are transforming business models, creating new markets and providing new opportunities for millions of workers. The Asia Pacific region has long been among the earliest adopters and most effective users of technology. This issue of Connect-World Asia Pacific will explore the use and promise of ICTs for business in the region.
This issue of Connect-World Asia-Pacific 2009 will examine the implications of these far-reaching converged systems and the impact they have not only upon users, but upon the complex ecosystem that will make these innovative communications systems possible – the networks, communications equipment, user devices, software and business applications.
Asia-Pacific II 2009 Media Pack; Click here