Schneier on Security
A blog covering security and security technology.
« Cloning Retail Gift Cards |
| Breaking into a Garage »
August 13, 2010
Friday Squid Blogging: Squid Computer Virus
It wasn't me:
A hardened computer hacker has been arrested on suspicion of writing a computer virus that systematically destroys all the files on victims' PCs and replaces them with homemade manga images of squid, octopuses and sea urchins.
Posted on August 13, 2010 at 4:23 PM
• 19 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Isn't 'Masato Nakatsuji' an anagram of 'Bruce love squid' (after passing through Twofish of course)?
I think the part that worries me the most is the choice to prosecute him for copyright violation rather than the damage done by the virus the first time. I wonder if it's easier to prove, or it was chosen because the penalty is harsher, or because it's lighter, or some other reason?
@Petréa Mitchell I agree something seems fishy to me about that too.
Great squid article.
"It wasn't me"
No one believes you, Bruce.
Methinks thou dost protest too much.
Power of Free-DC: 4.25 THz
Busted. The virus has no chance against the supercomputer. You won't last. It's going to get faster. Distributed virus detection is good. Good enough at least.
"It wasn't me." Protesting too much? You DO bring it up.
[FYI: Correct grammar is It wasn't I. The appositive rule.]
"It wasn't me."
But for sure Friday you'll infect a VM just to see the effect. =)
I love the quote from the second paragraph: "I wanted to see how much my computer programming skills had improved since the last time I was arrested." I guess the answer is "not enough to be able to cover his tracks".
@Nicko: It really looks like he's dumb but skilled, maybe even a hardworking idiot . Dangerous combination. I think DarwinAwards calls this "At-risk survivor" when it pertains to real-world capers. We'll hear more of him presently, I gather. :-)
0: "I divide my officers into four classes; the clever, the lazy, the industrious, and the stupid. Each officer possesses at least two of these qualities. Those who are clever and industrious are fitted for the highest staff appointments. Use can be made of those who are stupid and lazy. The man who is clever and lazy however is for the very highest command; he has the temperament and nerves to deal with all situations. But whoever is stupid and industrious is a menace and must be removed immediately!"
Kurt von Hammerstein-Equord in Truppenführung (HDV 300), 1935
@ Bruce Schneier
"it wasn't me"
I for one believe you because....
"a hardened computer hacker..."
...doesn't fit your description at all. Your a math geek with a security engineering background. Personally, I find regular hacking and virus writing too non-challenging, routine and boring for me to become "hardened." I'd venture to say you also lack the obsession for such mundane exploits.
You're still a suspect, though. You will be until they figure out where he got all the squid stuff and why every bookmark he has points to Schneier.com. I know you pitied him, but you probably shouldn't have shared your squid collection with him. His guilt could rub off on you. :P
octopuses? octopi? octopods?
I wonder what happens when your virus is distributed with a 20 pages EULA finishing with "all your files are now the property of The Lonely Squid" - everybody will click "accept" anyway - Would that be an out-of-jail card?
"a hardened computer hacker"
I wonder how he was hardened. STIGs, CIS Benchmarks or just a basic annealing quenching.
It's funny, but my first thought when I saw this was to send it to you, Bruce. My second thought was that I need not bother, because everyone else was going to send you this story too...
So maybe it's a good thing that not everyone thinks everything through :)
@ BF Skinner
"I wonder how he was hardened. STIGs, CIS Benchmarks or just a basic annealing quenching."
Well, after passing the Certified Ethical Hacker exam with only a year to cram for it, he managed to make it through one Black Hat 2010 presentation without getting lost. Elated from these triumphs and more, like figuring out how to buy malware kits online, he set out to show the world what a great hacker he was.
Update: He's recently changed his goal. He intends to show fellow inmates his technical prowess with no computer, a shower room, and only one bar of soap. I'm holding my breath in anticipation to read how his mysterious plan unfolds.
Apologies to all, I couldn't find a thread here that addressed this issue. I thought this thread would attract the smartest responses.
I need to get off gmail.com for email. But damn, they are so ubiquitous. hotmail and yahoo are for people who love to be hacked. But gmail is just as fragile, maybe more dangerous. Any suggestions on free or affordable email accounts that are a bit safer?
I have comcast for service, just don't particularly trust them either. I've been pained for a few years now with not being sure my gmail email always makes sense, it's not always easy to figure out the fine line between paranoia and being messed with. But the upshot is I no longer trust google email. I could try creating a new account with google gmail, but it's hell to switch all coms over to a new account for a temporary time, only to find out the same issue exists--namely, lack of trust and authenticity. I just don't know many that I email with who are willing to do the extra step of encryption or authentication. I've been okay with our email noise being naked in the void, until I got the uneasy feeling over the last year that some messages coming at me were marketing or subtle directing messages.
Bottom line: got any alternatives for free or affordable trustworthy email clients???
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.