Counting from Zero (20 page)

Read Counting from Zero Online

Authors: Alan B. Johnston

Tags: #FIC036000, #FIC022000

BOOK: Counting from Zero
10.09Mb size Format: txt, pdf, ePub

Mick turned his attention to the image files that would not open.
 
He did some research on the JPG image format, then began going through the binary information in the files.
 
He quickly discovered that the files were too big for the image sizes they were supposed to contain.
 
Sure enough, in the middle of each JPG file was a block of data that was clearly not image data, but something else.
 
He took out this data block and stored it in a different file.
 
He analyzed it and found that it had all the properties of an encrypted file.
 
He had broken the steganography and found the hidden message in the spam!

Gotcha!

He wrote a short script to do automatically what he had just done manually in his editor – split each non-working image file into two parts: the image file and the hidden message.
 
The script ran, and Mick had a pile of information.
 
He felt triumph at his success!
 
He glanced at the JPG photographs.
 
Now they had their secret payload removed, they were viewable.
 
They were manipulated photographs of celebrities.

He almost called Gunter, but realized he shouldn’t share the results.
 
Besides, Gunter would only ask what the messages were, and he didn’t know that – yet!
 
Dinner had passed him by, but his stomach growls became too loud to disregard, so he decided to cook up some noodles while he replayed the morning’s discoveries again in his head.

Mick tried to decrypt the messages using some basic crypto analysis software he had, but failed to make any headway.
 
He decided to contact his friend Mathison who had helped him in the past with similar problems.
 
To talk to Mathison, he had to run some special encryption software that was even stronger than what he used daily, as Mathison was even more security conscious than Mick.
 
Soon he was in a video call, looking at Mathison’s unshaven face and rumpled clothes.

“Botnet control messages, eh?
 
Sounds pretty cool...
 
Any idea how big this botnet might be?” Mathison asked.
 
Mick had been asking himself the same question lately.

“No, not yet.
 
But I may know soon...
 
Do you need to know?” he asked.

“Well, a large botnet will only use key management and distribution schemes that scale well, whereas a small bot could be more flexible.”

“I’m assuming it is very large until I know otherwise,” Mick replied.
 
“And Math, take care of yourself, OK?”
 
The last time they had worked together Mathison had ended up in the hospital, but continued to work on the project, breaking the encryption just before he was discharged.

“Sure, sure.
 
I’ll get to work, then,” Mathison replied, saluting as he cut his video.

“OK, then,” Mick replied to a blank screen.

Now that he knew how to identify the spam emails containing the secret messages, he wanted to see where else these messages might show up on the Internet.
 
He shared the information with Kateryna, and she passed it along to her company’s anti-spam group.
 
She was nervous about getting in deeper with this unofficial information exchange, but apparently her curiosity got the better of her judgment.

 

Mick took a break from work during the afternoon for a short ride.
 
He took the tunnel across to Jersey and went south on the Parkway.
 
He exited in the
pine barrens
and rode a series of winding, sandy trails on his Scrambler, his first ride on it since its repair in Albuquerque and return shipment.
 
It looked and felt great, and he enjoyed the autumn sunshine.
 
Mick was surprised to discover when he returned home that four hours had passed.
 
He felt refreshed, and ready for anything.

 

“Hey Mick, nice to see you again,” Kateryna began as they started a secure video session later that evening.
 
It was a planned call to touch base on the botnet investigation.
 
She smiled at him, and he couldn’t help but notice her casual attire.
 
He hadn’t seen her in sportswear before, and it distracted him.

“Likewise, Kat.
 
How are things with you?” he asked.

Is she using this spambot investigation as an excuse to stay in touch with me? Or am I?

But her next comment completely derailed his thoughts.

“Mick, you won’t believe what we found!
 
Well, not me, our anti-spam guys.
 
That spam signature you gave me...
 
it’s
ALL OVER THE INTERNET!” she practically shouted.
 
Mick was speechless.
 
“They are still putting together the numbers, but it looks like 9% of all the spam they are seeing on the Internet has the same signature as your botnet messages.”
 
‘Signature’ referred to the characteristics of the spam messages containing the corrupt JPG images Mick had shared with her.
 
Mick knew the statistics on the amazing amount of spam on the Internet – over 8Ø% of all emails sent
are spam
– to have a significant percentage was astounding.

“You kid, right?” Mick finally got out.

“Kid?
 
Oh, you mean joke?
 
No, I don’t kid!” she replied.
 
“Are you certain that this represents botnet traffic?”

“No, you know I’m not, but I’m fairly sure.
 
I have a crypto friend - I mean, I have a friend who is a crypto expert working on the actual messages themselves.
 
Will your guys have an estimate of the number of spam sources meeting this signature soon?”

“Yes, by the end of today they’ll have a first order estimate, and a better one in a few days.
 
And, we still need that permission from your client for the rest...” she began.

“I know.
 
I know.
 
I’m working on it,” he replied, stretching the truth a bit.
 
He had been
thinking
about talking to Vince but had not actually started the conversation with him.

“OK.
 
Mick, if this is a botnet, it is the biggest one I’ve ever heard of.”

“Yes, by an order or magnitude or two,” he agreed, meaning a factor of ten or a hundred.

“And Mick...
 
be careful.
 
Botnets these days are usually run by organized crime.
 
One this big could really do a lot of damage to the Internet.
 
If you are thinking of tracking and taking down this botnet, they won’t like it very much at all.”

“Don’t worry, Kat,” he replied.

After they signed off, Mick stood up, stretched, and realized that this was exactly what he was thinking.
 
He knew he was the perfect person for this job.
 
He was thinking of how he could track, infiltrate, and ultimately destroy this botnet.
 
And he wasn’t thinking about the cost.

Chapter 13.

 

 

From the
Security and Other Lies
Blog:

 

 

I read that a website had a ‘Denial of Services Attack’ launched against it.
 
What is that, and how can I protect myself against it?
 
LOLraptors

 

 

 

A Denial of Service or DOS attack occurs when an attacker directs lots of traffic (messages) towards a particular site or computer.
 
Sometimes, a DOS attack can look a lot like a big surge in activity, such as when an otherwise obscure website suddenly becomes wildly popular, for example if it is Slashdotted (i.e. mentioned on slashdot.org – you do read Slashdot every day, don’t you??).
 
This phenomenon also occurs in telecommunications in the case of radio contests or TV voting.

 

The goal of a DOS attack can be to overwhelm an Internet connection, making it impossible for messages to be delivered over that connection.
 
Or, it can be to overload the processor on a computer, making it run slowly or crash.
 
Another example is to target something called an Internet name server, also known as a DNS server.
 
A DNS name server helps you find sites and people on the Internet by resolving a human-friendly domain name (such as amazon.com) to a numerical IP Address (such as 69.195.97.72) that is routable on the Internet.
 
If a name server can be overloaded using a DOS attack, a whole set of sites can be made unreachable.
 
For example, if you can crash the name server for the ‘yahoo.com’ domain, then all web pages or email addresses associated with ‘yahoo.com’ become unavailable.

 

Essentially any type of packet flood is a type of DOS attack.
 
Protecting yourself and your site from DOS is difficult to do, but basically involves filtering or blocking the traffic flood as close to the source of the flood as you can.

 

Detecting a DOS attack can be quite difficult, especially if it is a Distributed Denial of Service or DDOS attack.
 
In this case, a bunch of different computers work together to generate the flooding traffic.
 
For example, a botnet, an organized network of compromised PCs or computers, can be used to launch DDOS attacks by having all the hosts send a small amount of flooding traffic.
 
Since each host does not send a huge volume, the attack often goes undetected until all the traffic converges at the target, making the attack difficult to block or defend against.
 
DDOS can also be launched using cooperative computers, in a voluntary botnet, such as those organized
by
hacktivists both for and against Wikileaks.

 

There are some colourful names for different types of DOS attacks such as ‘Smurf attacks’, ‘SYN floods’, or ‘Ping of Death’.
 
Regardless, all DOS attacks use the same principles and can have the same disastrous results.

 

 

 

-> Your question not answered this week?
 
Argue for your vote on the Shameless Plugging area of our discussion forum.

 

Chapter 14.

 

 

Mick O'Malley
– adores his sister.
 
(4 comments)

 

Halfway between Logan Airport and Lewis Wharf, Mick watched Boston Harbor stream past.
 
Mick enjoyed the sea air as the water taxi bounced over the light chop.
 
His sister’s apartment’s close proximity to the water allowed him the option of a water route, and, a check of the traffic confirmed his choice.

Disembarking, Mick walked the dozen blocks from the dock to the apartment.
 
The day was beautiful, and the sun was making its way down between the houses tall.
 
Mick enjoyed the atmosphere of the city.
 
He was looking forward immensely to seeing Jocelyn, and, of course, Sam.
 
Since his sister and niece wouldn't be home yet, he went in a nearby Irish pub.
 
Strangely, it seemed to be filled with a convention of Pilgrim re-enactors.
 
Thinking of Akihabara, he decided this must be cosplay, or costume play, Massachusetts style.
 
When ordering, he quizzed the waitress, a Russian judging by her accent.

“Is your bar always filled with Puritans, or do other Dissenters have their days as well?” he enquired.
 
She smiled back at him.

“When I came in today, it was already like this… Someone said there is something on the web that told them to come here dressed like this,” she replied, sweeping her arm across the room.

He considered searching for the web page.

Could it be some kind of themed geocaching?

He decided against looking it up, thinking that if he didn't occasionally rein in his curiosity on the web, he could become a slave to it.

 

A few hours later, he showed up at the apartment.
 
Jocelyn, her husband Joe, and Sam shared the entire top floor of the four-story building – quite a large space for Back Bay Boston.

Jocelyn gave him a big hug as he walked through the door, saying that it had been way too long since she had seen him.
 
He refrained from mentioning that she only saw him when he visited Boston, and that her making a trip to Manhattan could reduce this interval considerably.

Other books

Sullivan's Justice by Nancy Taylor Rosenberg
Ice Cold Kill by Dana Haynes
Kiss Me Hard Before You Go by Shannon McCrimmon
Skye's Trail by Jory Strong
Montana Creeds: Logan by Linda Lael Miller
The Alchemy of Murder by Carol McCleary