Cyber Pearl
(USS Arizona, Dec 7th, 1941, AP File Photo)
It is the 7th of December, and it should never pass without mention. I actually think of it every day, just like I did when I took the ferry from the naval base to go to work, gliding by the hulk of the Arizona on the way. Since then, I purchased a print that hangs in the office. It shows the last moment of peace in the Pacific, a graceful Japanese naval aircraft hanging in the sky suspended over Ford Island.
The “Meatball” roundel on the side of the fuselage clearly marks the identity of the about-to-be killers, an anachronism that seems curiously innocent, considering what the pilot of that airplane is preparing to do.
These day it takes forensic examination to determine the axis of grievance that delivers mayhem and murder. We must live in our times, and that is our challenge. As we do so this frigid day, it is incumbent that we remember the sacrifice of the dead at Pearl, and of all those who served, some of whom are still with us. Above all, we must remember those who made the ultimate commitment to country.
They will remain young only until we forget.
The surprise and outrage of the Day of Infamy still resonates today. We had no other comparison for the terror attacks of 2001, though we managed to get past that. I was at a meeting the very next year when an earnest bureaucrat burst out that if we didn’t take action on the small crisis at hand we “might have another Pearl Harbor.”
I’ve got news for you. We have. This one did not come in blood- or at least not yet. But it is shaking the foundations of the information age.
As a check-to-check sort of guy I am on the website of my credit union frequently, moving things around, juggling one thing against another, checking to see what disaster has affected what account.
The web has enabled a lot of things; I can set the big bills for automatic distribution, transfer cash to the kids, if they need it, and the paychecks are automatically deposited. It is great. I can run the whole thing from just about any desk where I happen to alight.
It is a hassle, what with all the passwords and stuff, so of course I take shortcuts. The other morning I experienced a hiccup in the system. I run on the Mac software. I think Steve Jobs is as big a jerk as Bill Gates, but his high-handed proprietary operating system has a certain elegance not shared by the behemoth of Microsoft, and with a smaller market share, there are fewer hackers working on my access to the web.
I had the second cup of coffee and a bill to pay. I logged onto the bank and checked the accounts- with a little juggling I could fit the amount into the monthly burn rate, or at least defer the pain for a month. I clicked over to the “bill pay” tab and something strange happened.
Well, not that strange- this is a computer after all, and sometimes things just seem to happen all by themselves. What is it they say about Microsoft? "Computers are like air conditioners: they stop working properly when you open windows?" The little Mac I use to stay away from Windows seemed perplexed. I could see the destination page, but a little warning flag popped up saying something like “If you really want to do this, you have to tell me to go there.”
Curious. I am both suspicious and task driven. I logged off the credit union homepage and came back in through the front door again. Same deal, same warning, and on the third try, there was nothing at all, except the admonition to “try again later.”
I did, and everything was fine. Or at least it was until I had another bill to pay, and logged back on. The Credit Union told me it had a message from me. I assumed it was another in the endless series of vague reassurances that management had not been as bone-headed as all the other bankers, and that my funds were secure.
Still, better safe than sorry, right? Freedom comes with the cost constant vigilance. My eyes got round when I clicked on the message and began to read:
“This message provides an important update regarding an incident that occurred with CheckFree Corporation, our online bill pay service provider. In the early morning hours of Tuesday, December 2, 2008, some online bill pay users were fraudulently redirected to a non-CheckFree site. This site may have installed malicious software on computers that did not have up-to-date anti-virus protection. We took swift action to correct the situation and made changes necessary to redirect users to the valid site. Subsequently, the malicious site was shut down.”
“Based on the timeframe you accessed your Credit Union web bill pay service, you should take the following actions:
* Access the Mcafee security utility and follow the instructions. Quickly. This is a special utility developed by McAfee, the world's largest dedicated security technology company, to address any possible software issues.
*After you have completed this step, please return to the Credit Union and change your freaking password. You also should all the other passwords you use everywhere.
* You may also wish to accept our offer of a two-year subscription to Deluxe ID Theft Block Plus credit monitoring service (hint, hint) so that you can monitor your credit report for unauthorized new accounts or changes to existing accounts.
* We giving you these two packages, worth $80 bucks retail, not because we are swell folks, but because we are scared to death, and you ought to be, too. We value your business and your trust and we apologize for any inconvenience this recent incident has caused.”
Shit!
The pieces of the puzzle came together not long after I logged off both sites, and shut down the computer, which may have become the agent of a hostile power, and disclosed everything of worth that I own, on which I owe, and the revenue stream that keeps the various wolves from the door.
Shit!
If you are interested, there is a fine account of the basic flaw on the operation of the Internet, which was revealed in 2004. The discovery was made by a fellow named Dan Kaminsky. He was doped up while recovering from a shattered elbow, and hallucinated his way in to a simple hack that enabled him to control the destination of the digital packets that make up internet traffic.
All Dan wanted was free internet access at his local Starbucks, but the consequences are deep and profound- much more so than the alleged melt-down of Y2K.
I won’t bore you with a basic primer on Domain Name System, or DNS, so if you trust me, and if you dare, copy and paste this link into your browser:
http://blog.wired.com/27bstroke6/2008/07/kaminsky-on-how.html
The powers that be thought they had patched the problem, but guess what. The system is still vulnerable, because it was designed that way. Plus, the bad guys are working over time, and the good guys don’t have the resources to stay ahead of them.
Six months ago, my cable television service had its DNS records hi-jacked. That includes the IP addresses of all the subscribers, me and you. The bad guys know where we all are, and the specific address of our little boxes on the web. My bank was last week, and I don’t know when yours was.
I am going to get busy this Pearl Harbor day and change the passwords on the accounts at PayPal and Amazon, and every other place I do business.
Better yet, maybe I will just stop using the Internet for anything except e-mail.
The same hacks used to illegally access bank accounts are the ones used to disrupt Internet service with thousands of zombie computers- yours might be one of them. They are being used by foreign military and intelligence services to penetrate US national security systems, too. You might have seen the strange reports two weeks ago that the entire Department of Defense has prohibited the use of any external media on their computers, for fear of the malicious software- "malware"- being surreptitiously loaded on their computers.
They say that the crisis in confidence in the financial system is one of the reasons for the recession.
I’ve got news for you. We have just had another Pearl Harbor, and only the bad guys know that they did it. If the good guys let on, there is going to be another collapse of confidence. I scooped up all the money I had laying around for the rainy day and put it someplace they can’t get at it.
’t say for sure what site I was actually on. I will have to go to the bank in person to see if the check cleard. And to whom it was written.
Copyright 2008 Vic Socotra
www.vicsocotra.com