Back to Reality cracking
THE POWER OF REVERSING -1
"The power of reversing" is an attempt to interpret and forecast some of the most intriguing "reality" developments. This new section will host essays made by
+ORC's students of any orientation ("white", "red", "black") and power level. I'm opening the section myself with this essay. Comments, addenda and critics are, as usual, welcome.
Reverse engineering, information warfare and cots
25 November 1998
(courtesy of reverser's pages of reverse engineering, of course :-)
Reverse engineering, information warfare and cots
25 November 1998
It is happening right now under your noses, the momentum is already too strong to stop, its consequences will be devastating.
Yes my friends, all economical, military and political strategic centres all over the world are switching to Windows NT (or even worse windoze operating systems) right now and are more and more using cots (commercial software, "cots" for commercial off the shelf) instead of home-made software solutions... and guess whose cots they are using.! Micro$oft's appz, with megabytes of code they don't understand at all, full of concealed bugs (and backdoors). Now, it does not matter so much if your grocer gets the 'blue screen of death' when windows crashes on some device access or a divide by zero, but I wonder what will happen when a nuclear frigate will go astray during a manoeuvre, blind and impotent, completely without control because of a little bug in the updated version of some obscurely bugged and ill-coded graphic driver.
As anyone does know, among those of you that have perused a little my site (or another one of the "knowledge" ones), the overbloatedness intrinsic to windows as an operating system, and therefore also intrinsic to all sorts of applications software developed for this silly OS, does not only implies a huge quantity of bugs, it unfortunately also implies a huge quantity of trojans, backdoors, concealed routines that can be activated if needs be by whoever put them there, found them, knows how to trigger them. (All those among you that know what the USA "Echelon" project is will immediately understand how much more effective the 'software backdoors' attempts can be... The United States have already their 'Commission on Critical Infrastructure Protection, yet I wonder if the European countries understand the importance of all this... :-(
Yes, those among you that know how to reverse software are already grasping the (very dangerous) implications of the developments I'm speaking of: if industrial, economic, military and government sectors ALL OVER THE WORLD are more and more switching to (getting dependent from) such an operating system... what are already -or will be soon- the possibilities for the very few that know what 'code' is? Scaring, isn't it? Rewarding too, may be: Wanna make as much money as you like with insider trading of all arts? Just study reverse engineering :-) Hey, you dig it already or you want me to be even more blunt?
OK, here you go, I spoke of strategically important sectors, and I mean it in all possible forms, even the
more outspoken 'strategically oriented' ones :-)
how many British generals (or French, or Argentinean, or Nagorny-karabakian for that matter :-) grasp the simple and obvious (for us) concept that inside the software they are using to contact their units, to protect their installations, to write their ultra-secret toy-plans there is an huge amount of space for simple stealth routines that can send all that info over the web, dump it to a file, damage some targets, substitute what they care for with something else?
How many Industry managers do know that there is a whole stupid FLIGHT SIMULATOR hidden inside excel, a program that they are most probably using night and day to check their so valuable and secret data? (If you don't know nothing about easter eggs, you may find interesting an old -and in part obsolete- essay that I have written: Taming Monsters, finding clowns).
And, pray, if they put a flight simulator inside an application you are using, don't you think they could as well put some simple data-snooping (and channeling) routines?
How many Ministers simply know that search engines gather and store all sort of data about the searches you are making. Don't you think it would be already now quite easy to monitor what -say- a court of auditors is searching about? And what d'you think you'll be able to monitor and know in three-five years time, when even the most remote office of the -say- "Armenian Ministry for geological data gathering" will be fully wired? Man, you could win a war / destroy a nation / cripple an industry sector / blackmail a nation without moving a finger! As ironical as this may seem, the best defence seems to me at the moment the "technological backwardness" of a given nation... the less web-ready its army / industries / administration are, the less will be possible to infiltrate / destroy / gather its vital data!
How many of these zombies understand something of assembly? Of trojans? Of virii and counter-virii warfare? Of automated scripts (bots) stealing? Of reverse engineering in any sense you may care to list?
- Well, nice, you may think, then in these conditions reversers will surely rule? Probably not, I'm afraid. Our art will be banned and persecuted, since it gives -simply stated- too much power to single individual. As anybody that has visited this or similar sites will attest, knowledge of certain things IS power, real power. And this is something that the powers that be -in this awful commercial society we are compelled to live in- will never condone.
If I were the head of a national spying agency (and Godzilla knows how repulsive I find such a thought), or the head of a big corporation (an even filthiest thought), or the head of a Ministry (though I doubt that those kind of political zombies, mostly cronies or puppets of some corporation, have heads at all)... I would IMMEDIATELY set up special groups of reverse engineers (dig it correctly: REVERSERS, not PROGRAMMERS, these two specialisation are NOT the same thing) in order to (among MANY other things):
- Check (and clean) the software used inside the agency;
- Catch bots and snoop onto all sort of attacks on my data
- Find on the web the data I need
- Organise and panzer my own bots and my own 'snoop attacks' onto data I my be interested in
- Study (and eventually apply) the backdoors and trojans I find
Another interesting point is that the incredible amount of data gathered on all
those "free" email services (like hotmail - most users don't even know that their
supposedly anonymous hotmail.com address keeps and shows the real-IP sequence in
the header) and "free" page hosting servers (like geocities, which among other
things scans for content and uses an internal 'voluntary snooping and censoring'
service) and "free" usenet listing services (like dejavue, that DOES NOT delete
really the usenet postings you would like to delete -of course, since they are
the most interesting :-) can be used not only for target advertisement
operations (as it mostly is), but also for effective warfare operations... if
clever students use already now in many cases Dejavue to discover if their
teachers have something to hide (just for fun, or else in order to pass their
exams), what kind of blackmails do you think will be able to perform, if needs
be, those that own hotmail or Yahoo? It gives me the creeps to think how many
members of the European Parlament (swap with the country of your choice) are
making heavy use of their Internet access at work in order to browse
-say- alt.lick.my.shoes without the slightest clue about the most elementary
anonymity techniques (btw, you can fetch them through their email addresses,
all of them are
F(irst_letter_of_first_name)Name@europarl.eu.int... Karl Marx, for instance,
would have had as email address KMarx@europarl.eu.int).
So an Hiroshima or a Tchernobil of the information society is really possible. Anytime. And, as usual, those that will suffer will not be those that have decided it.
Such kind of warfare is incredibly easy... and I believe, unfortunately, that it is getting easier everyday... a couple of examples (among a zillion of possibilities):
Anyone reading this with sensible data on their PC? Mate, do yourself a favour and turn your PC off right now :-)
Let's say someone busts the whole website of the Frankfurt-Main airport (I won't do anything like that of course, it's just a pretty easy target example... Hey! Come to think of this, I see a whole new area of action for all sound-pollution and airport-adversaries :-)
Let's say it takes a couple of hours to fix it, and understand how the attack came so that it does not repeat. Nevertheless: How much would those two hours cost to -say- Lufthansa? And -even more interesting- how much will such an attack cost, say, ten years from now, when EVERYTHING will depend from these electrons we are messing with?
- Let's say one of the top genetic engineering industries in the United Kingdom has a couple of labs (let's say in Stafford and London :-) and let's say that they keep their most recent experiment data loosely encrypted (with a stupid and very easy to crack zip password!) on the web somewhere. Let's say these data are on Excel spreadsheets. Don't you think that it would be pretty easy, for any -even mediocre- information warfarer, to fetch them, decrypt them (if you want to call 'decrypting' the simple cracking of a zip password protection :-), and use or sell or just have a look at them? The sad thing is that it is NOT EVEN NECESSARY that these data are on the web (as they are :-) it is in fact quite easy to use routines CONCEALED inside Excel itself to fetch them every time the hosting computer accesses the web, even if the data themselves have NOT been put on the web.
And so we are back to the starting point: Cots, Commercial off the shelf, spell for strategically sensible sectors a programmed catastrophe.
There's a possible simple hardware solution btw :-)
I will add just a personal observation, please take the following cum grano salis: maybe I'm just paranoid, and anyway take account of the fact that I'm NOT a real expert in this field, just an autodidact... here we go:
Judging from my own bots trapping devices, triggered on the various "lure" pages I have setup (and checking with the statistical loggings gathered on my whole site for that matter), some of the information on the "lure" pages was already visited by "information warfarers" from the following countries (at least :-): States, Russia, India, Germany and China. Quite interesting (if my data and stalking work was correct) that this lot comprehends the two (ex-) superpowers, the two greatest 'poor' (but military obsessed) countries and only one European State (the biggest one, though). Either the other big countries' services have managed to avoid my lures (which wouldn't surprise me) or they (I think especially at the Japanese) don't yet work much on the web. BTW, from the States and Germany there seem to be DIFFERENT originating agencies at work, therefore I have concluded that some big American and German corporation are already now bypassing their 'information warfare' services on their own, which does not wonder me, since their budgets -and interests- are even bigger.
Unfortunately I'm not 100% sure about the above findings -I repeat- since it is not easy and it is quite time consuming to collect valid data when so many visitors (and so many "red herrings") come from all possible countries and institutions and IP of the planet... if anyone knows a better method than luring to stalk snoopers I would be interested to exchange -quite valuable- information with him...
Well, that was it... comments, addenda and critics are, as usual, welcome.
You are deep inside reverser's pages of reverse engineering,
choose your way out:
Is reverse engineering illegal?