Bruce Schneier

 

Blog

Crypto-Gram Newsletter

Books

Essays and Op Eds

News and Interviews

Audio and Video

Speaking Schedule

Password Safe

Cryptography

About Bruce Schneier

Contact Information

 

Schneier on Security

A blog covering security and security technology.

« Cloning Retail Gift Cards | Main | Breaking into a Garage »

August 13, 2010

Friday Squid Blogging: Squid Computer Virus

It wasn't me:

A hardened computer hacker has been arrested on suspicion of writing a computer virus that systematically destroys all the files on victims' PCs and replaces them with homemade manga images of squid, octopuses and sea urchins.

Tags:

Posted on August 13, 2010 at 4:23 PM19 Comments

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

Comments

RonnieAugust 13, 2010 4:54 PM

Isn't 'Masato Nakatsuji' an anagram of 'Bruce love squid' (after passing through Twofish of course)?

MWAugust 13, 2010 5:12 PM

Off topic: XKCD on back-scatter scanners at airports.
http://xkcd.com/779/

Petréa MitchellAugust 13, 2010 5:34 PM

I think the part that worries me the most is the choice to prosecute him for copyright violation rather than the damage done by the virus the first time. I wonder if it's easier to prove, or it was chosen because the penalty is harsher, or because it's lighter, or some other reason?

Imperfect CitizenAugust 13, 2010 6:57 PM

@Petréa Mitchell I agree something seems fishy to me about that too.

Great squid article.

AnonAugust 13, 2010 8:43 PM

Offtopic, but down Bruce's/readers' alley: SSL cert authorities turn out not to be totally trustworthy:

http://www.nytimes.com/2010/08/14/technology/...

anonAugust 14, 2010 7:09 AM

"It wasn't me"

No one believes you, Bruce.

Benton JacksonAugust 14, 2010 8:40 AM

Methinks thou dost protest too much.

66August 14, 2010 10:39 AM

Power of Free-DC: 4.25 THz
http://supercomputer.free-dc.org/
Busted. The virus has no chance against the supercomputer. You won't last. It's going to get faster. Distributed virus detection is good. Good enough at least.

JonAugust 14, 2010 3:50 PM

"It wasn't me." Protesting too much? You DO bring it up.

[FYI: Correct grammar is It wasn't I. The appositive rule.]

lamAugust 15, 2010 10:28 AM

"It wasn't me."

But for sure Friday you'll infect a VM just to see the effect. =)

NickoAugust 15, 2010 10:54 AM

I love the quote from the second paragraph: "I wanted to see how much my computer programming skills had improved since the last time I was arrested." I guess the answer is "not enough to be able to cover his tracks".

MortenAugust 15, 2010 1:14 PM

@Nicko: It really looks like he's dumb but skilled, maybe even a hardworking idiot [0]. Dangerous combination. I think DarwinAwards calls this "At-risk survivor" when it pertains to real-world capers. We'll hear more of him presently, I gather. :-)


0: "I divide my officers into four classes; the clever, the lazy, the industrious, and the stupid. Each officer possesses at least two of these qualities. Those who are clever and industrious are fitted for the highest staff appointments. Use can be made of those who are stupid and lazy. The man who is clever and lazy however is for the very highest command; he has the temperament and nerves to deal with all situations. But whoever is stupid and industrious is a menace and must be removed immediately!"

Kurt von Hammerstein-Equord in Truppenführung (HDV 300), 1935

Nick PAugust 16, 2010 12:06 AM

@ Bruce Schneier

"it wasn't me"

I for one believe you because....

"a hardened computer hacker..."

...doesn't fit your description at all. Your a math geek with a security engineering background. Personally, I find regular hacking and virus writing too non-challenging, routine and boring for me to become "hardened." I'd venture to say you also lack the obsession for such mundane exploits.

You're still a suspect, though. You will be until they figure out where he got all the squid stuff and why every bookmark he has points to Schneier.com. I know you pitied him, but you probably shouldn't have shared your squid collection with him. His guilt could rub off on you. :P

bobAugust 16, 2010 3:45 AM

octopuses? octopi? octopods?

ATNAugust 16, 2010 5:41 AM

I wonder what happens when your virus is distributed with a 20 pages EULA finishing with "all your files are now the property of The Lonely Squid" - everybody will click "accept" anyway - Would that be an out-of-jail card?

BF SkinnerAugust 16, 2010 6:36 AM

"a hardened computer hacker"

I wonder how he was hardened. STIGs, CIS Benchmarks or just a basic annealing quenching.

IshoAugust 17, 2010 1:45 AM

It's funny, but my first thought when I saw this was to send it to you, Bruce. My second thought was that I need not bother, because everyone else was going to send you this story too...

So maybe it's a good thing that not everyone thinks everything through :)

Nick PAugust 17, 2010 2:11 AM

@ BF Skinner

"I wonder how he was hardened. STIGs, CIS Benchmarks or just a basic annealing quenching."

Well, after passing the Certified Ethical Hacker exam with only a year to cram for it, he managed to make it through one Black Hat 2010 presentation without getting lost. Elated from these triumphs and more, like figuring out how to buy malware kits online, he set out to show the world what a great hacker he was.

Update: He's recently changed his goal. He intends to show fellow inmates his technical prowess with no computer, a shower room, and only one bar of soap. I'm holding my breath in anticipation to read how his mysterious plan unfolds.

TAugust 19, 2010 9:51 PM

Apologies to all, I couldn't find a thread here that addressed this issue. I thought this thread would attract the smartest responses.
I need to get off gmail.com for email. But damn, they are so ubiquitous. hotmail and yahoo are for people who love to be hacked. But gmail is just as fragile, maybe more dangerous. Any suggestions on free or affordable email accounts that are a bit safer?
I have comcast for service, just don't particularly trust them either. I've been pained for a few years now with not being sure my gmail email always makes sense, it's not always easy to figure out the fine line between paranoia and being messed with. But the upshot is I no longer trust google email. I could try creating a new account with google gmail, but it's hell to switch all coms over to a new account for a temporary time, only to find out the same issue exists--namely, lack of trust and authenticity. I just don't know many that I email with who are willing to do the extra step of encryption or authentication. I've been okay with our email noise being naked in the void, until I got the uneasy feeling over the last year that some messages coming at me were marketing or subtle directing messages.
Bottom line: got any alternatives for free or affordable trustworthy email clients???
Thanks,
Tamara

Post a comment




E-mail is optional and will not be displayed on the site.


Remember Me?


Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Powered by Movable Type. Photo at top by Geoffrey Stone.

Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.

 
Bruce Schneier
Subscribe
Atom Feed Facebook Twitter E-Mail Newsletter (Crypto-Gram)
Subscribe via Kindle
Blog Menu

Search

Powered by DuckDuckGo


blog only
essays and op eds only
whole site

Blog Home Page
100 Latest Comments

Archives by Date

2013 J F M A M J
2012 J F M A M J J A S O N D
2011 J F M A M J J A S O N D
2010 J F M A M J J A S O N D
2009 J F M A M J J A S O N D
2008 J F M A M J J A S O N D
2007 J F M A M J J A S O N D
2006 J F M A M J J A S O N D
2005 J F M A M J J A S O N D
2004 J F M A M J J A S O N D

Tags

more tags

Support Bloggers' Rights!
Defend Privacy--Support Epic
Latest Book
Liars & Outliers
more books by Bruce Schneier