Hacking Cars with MP3 Files

Impressive research:

By adding extra code to a digital music file, they were able to turn a song burned to CD into a Trojan horse. When played on the car's stereo, this song could alter the firmware of the car's stereo system, giving attackers an entry point to change other components on the car.

EDITED TO ADD (3:20): Two stories.

Posted on March 16, 2011 at 6:14 AM • 78 Comments

Comments

BF SkinnerMarch 16, 2011 6:37 AM

Cool hack. but FTLoG why is an audio subsystem not separated from the c2 systems of the car?

Speakers are out puts and people WANT to stream music from the internets as they drive. I get that. CD/mp3 players are inputs and must have logic to play back mp3s.

But why did it seem like a good idea to the engineers to route data traffic from a non-essential system through the rest of the car?

Jason!March 16, 2011 6:42 AM

I bet the one remaining guy who still burns MP3 CDs is super-concerned right now.

Gianluca GhettiniMarch 16, 2011 7:01 AM

@ BF Skinner

Even if the mp3 player cpu is phisically another device it has to interact (that's the key point) with the ecu because the mp3 has to respond to car status (engine on, off) or controls status (steering wheel controls). All these devices (ecu, mp3 player, car controls, are directly connected to a single bus that runs across the car. A single bus is more cost effective than having multiple wires for every single car device (in this case the wires required would grow geometrically with the number of devices and so would do the cost). Having one single bus allows a car mp3 player to screw up even the ecu by sending special crafted packets over the bus... :)

Danny MoulesMarch 16, 2011 7:21 AM

@Jason!: What does your habits have to do with what people can do to your car? Plenty of cars have CD players. Whether you happen to use them or not is irrelevant.

Richard Steven HackMarch 16, 2011 7:28 AM

This gives new meaning to my oft-repeated-here phrase, "Remember - there is no security."

Now my favorite rock band, The Corrs, can be used to run me into a bridge pylon at 65MPH.

I wonder if the Presidential limousines have CD players. Does bin Laden know about this? How about Hillary Clinton? :-)

Mr.CynicalMarch 16, 2011 7:57 AM

@Richard: OK, your neighbor's favorite CD can be used to run you over with a car. Just because you don't drive, it doesn't mean cars don't affect you.

Ditto for any security issue.

Gianluca GhettiniMarch 16, 2011 8:09 AM

@ Richard Steven Hack

ahahah,
smashing cars by selling pirate cds or via bittorrent... that's the final terrorist attack.. very scary indeed...

FairbMarch 16, 2011 8:10 AM

It makes sense for the music player to receive input from the ecu , but surely there should be one separate output only bus for all the devices which have no business communicating with the rest of the car. Anyone care to write an app to match driving speed with the tempo of your music?

ChrisMarch 16, 2011 8:17 AM

@Fairb: "Anyone care to write an app to match driving speed with the tempo of your music?"

I'd be more interested in an app that tells me which songs match their bpm to my intermittent wipers.

Gianluca GhettiniMarch 16, 2011 8:21 AM

@ Fairb

that would make more sense in a security point of view...

however is not so simple: the bus is just one and if a device can forge arbitrary packets and send it to the bus nasty things can happen..

ChrisMarch 16, 2011 8:24 AM

I've heard of car audio firmware updates being delivered as special MP3 files, so I'm not entirely surprised about this.

But it is still a very neat trick.

Gianluca GhettiniMarch 16, 2011 8:26 AM

@ Fairb

And yeah, my car automatically changes the volume of the loud speakers accordingly with the speed of the car to compensate for the loudness of the engine...

isn't it awesome? maybe not! :)

Jason!March 16, 2011 8:27 AM

@Danny, given the prevalence of iPods, cellphones that play music, car stereos with USB inputs, etc. I'm betting that MP3 CDs (and that's specifically an MP3 file burned to a data CD, because I don't see this happening with a regular audio CD. We'll see when the paper comes out) are a small and growing smaller population. A quick survey at work yielded the answer "What's an MP3 CD?"

ChrisMarch 16, 2011 8:31 AM

@Chris

I'd like to see that "identifying anonymous emails" engine applied to our comments, and see if it can determine which Chris is which.

Of course, only we'd ever know if it was right.

@Jason!

There's still a huge number of people (at least in my networks) that use them, for a few reasons:

1. Don't need to forget about leaving an MP3 player in the car to tempt smash-and-grabs
2. 700MB is still a *lot* of music even at 320Kbps
3. Sometimes you want to listen to entirely different music in the car than out of it

Ross PattersonMarch 16, 2011 8:33 AM

By any chance is the "extra code" a clearly intoned "See colon format yes yes yes"?

Gianluca GhettiniMarch 16, 2011 8:35 AM

@Chris1 @Chris2

ahah... I bet he's faking your writing style...

Ross PattersonMarch 16, 2011 8:38 AM

This is a great story, and a good reminder to all of us that nothing is as innocuous as it may seem. It wasn't so long ago that IT folks believed that only malicious *programs* were of concern. Then someone managed to create JPEG images that triggered latent bugs in Windows Explorer's preview function.

shMarch 16, 2011 8:44 AM

@Danny Moules

You're right, it's a vulnerability whether people use MP3 CD's or not. The difference is that someone who regularly downloads mp3's and burns them to play in their car is more at-risk than someone who would never intentionally do so.

Exploiting the vulnerability in the latter group would require physical access (and maybe a key) to the car. I guess it's open for debate as to whether the people interested in this hack are more or less likely to have that.

shMarch 16, 2011 8:48 AM

@Fairb

Actually, now that you mention it, it might be sort of cool to make the internal lights respond to your music...

kbobMarch 16, 2011 9:14 AM

This is wonderful news! Now music companies, by tapping into your car's systems, can limit the number of people listening to a song at once (seat airbag sensors), limit the geographic region where the song can be heard (GPS nav system), limit the speed the car while listening, or even stop the car (and disable the volume and power controls) to gain your full attention while playing ads.

Sony BMG is undoubtedly already in negotiations.

John CampbellMarch 16, 2011 9:28 AM

Hmmmm...

My Focus (well, it's got some scratches now, so now I'd refer to it as a Ford Blur) has the "SYNC" system put together by M$.

Yeah, I can believe it.

What is odd is that SYNC won't play MP3s I have put onto a memory stick.

Jordan BrownMarch 16, 2011 9:43 AM

It seems doubtful that the hack depends on the MP3 files being on CDs. It seems likely that it would be equally effective for MP3 files on USB sticks or SD cards.

How about hacks delivered through XM Radio?

paulMarch 16, 2011 10:00 AM

One reason for a single bus is the increasing adoption of unified display systems for cars. The sound subsystem controls use the same touch screen as the map/guidance subsystem, the handsfree phone subsystem, the engine function displays and so forth. Sure, you could have separate inputs and limit outputs in various directions, but that would be difficult and error-prone. Might as well get use to the untrusted network from the start.

ScottMarch 16, 2011 10:21 AM

@Jason!: My car plays MP3 CDs and doesn't have an aux input, USB port, bluetooth, or card slot. Did you know some people actually drive 2-year-old cars?

Your suggestions cost more (buy an MP3 player, an FM transmitter, a car charger, and probably a cigarette lighter splitter - or replace the radio which won't fit right and will ruin the dash's aesthetics), reduce functionality (eliminate steering wheel controls, and move the metadata and navigation display outside of the driver's field of view while paying attention to the road), and increase tisk of theft by having all these extra gadgets. The only advantage seems to be that Jason! won't think you're archaic.

I'm unsurprised by your poll results; depending on where you work you could get the same answer to "Do you listen to MP3s?" A lot of people around me still use plain old FM.

Still, there's an easy solution - make your own MP3s.

kashmarekMarch 16, 2011 10:31 AM

I think some people are overlooking the obvious point here. Going back in time, we were surprised to discover that just opening an email would cause some programs to be executed. Later, it was graphic files (jpg) which had the built in ability to invoke a URL. Who (the dumb sh*t asks) put these capabilities into email files and graphics files. The answer seems to be M$. An M$ variant program, called Windows CE, is the basis for the SYNC (or Windows mobile OS). While single bus design is probably responsible for keeping hardware costs down, the use of insecure software to satisfy marketing demands (not customer demands) is the ultimate flaw. SYNC supports MP3 players and cell phones plus other devices so the risk is yours to suffer from. Besides, the police need an easy way to shut down your car on the road so what better way than to transmit an MP3 file via your radio, satellite, navigation, or cell phone connection (alert: speculation here).

karrdeMarch 16, 2011 10:58 AM

@fairb
It makes sense for the music player to receive input from the ecu , but surely there should be one separate output only bus for all the devices which have no business communicating with the rest of the car. Anyone care to write an app to match driving speed with the tempo of your music?
----------------------------------------------
The bus on the car is likely a variety of CAN.

http://en.wikipedia.org/wiki/...

I think the network is designed so that any device which is able to receive is also able to transmit.

Even if there is no obvious need for the ability to transmit, I think it is hard to design the electronics so that it is unable to transmit.

Further, automotive electronics are usually designed to do a large amount of sending and receiving on the in-vehicle network.

An example that I've been told about: many car Entertainment Center controllers query the Body Control Module and/or Engine Control Module and ask for VIN. If the VIN doesn't match the data stored on the Entertainment Center's memory, it refuses to work...

And as was said above, forging packets in the network is easy, whether it is CAN or Ethernet.

Clive RobinsonMarch 16, 2011 11:18 AM

I'm not surprised in the slightest, CANbuss was designed so long ago it makes old father time look sprightly (in IT years ;)

Back in that "stone age" where mechanics still had wrenches to bang together security was not an obvious talking point...

Now here we are some cough cough years later and security is a major concern. And guess what retro fitting is difficult even with people upgrading to new cars every three years or so...

Now let me intorduce you to the home electrical grid, whwer all your power usage devices (heaters air cons even ovens etc) will (for whatever political excuse) need to be controled in some manner from your electricity meter, which in turn will need to be controled by the utility company (As new nuclear power stations have just been kicked into the long grass, this will possibly become an urgant priority).

Now what sort of security do you think will get built in (if any)? Will it be proprietry (almost certainlt can't miss out on those licencing dollars)?
Will even your TV get connected along with a fancy "home control" system (yes for the same reasoning as this snafu)?

Will when it gets cracked will it be upgradable in situ (not a chance)?

It's why I make the same statment over and over again about NIST and compulsory frameworks...

phred14March 16, 2011 12:13 PM

Who and Why?

So far the discussion is technical (How and What) in nature, though the article did touch briefly on the idea of theft. As has been mentioned, it's a very difficult hack. It's a combination of vehicle-specific and music-player-specific. In other words, any single attack surface is going to be rather small, because it goes after the intersection of the two. Any use probably winds up being highly organized, if only because the potential targets will be likely widely scattered, calling for a geographically wide "net".

So Who and Why - 2 things suggest themselves.

First would be organized car theft, because they would be targeting their payload toward the kind of car that they dealt in. The toughest part here would be getting the infected mp3 into the car player and listened to.

Second would be cloak'n'dagger types of stuff, highly targeted. In this case the mp3 problem is simpler because they would have researched the victim and chosen music with a higher probability of being heard - the problem becomes getting the music into possession of the car owner.

Interesting aside... OnStar type services. You need a hack for the music player, and a hack for the onboard wireless service. Assuming a compromised wireless service, it could pick the right hack for the vehicle.

Still, it looks difficult enough and likely to remain that way. Carmakers have been in the life and death business long enough that as others have said, I can see them taking the security issues seriously - no matter what their public response looks like.

As for terrorism - I wonder what percentage of cars in NYC (or other major city) would have to either stop of go full throttle to gridlock the place.

LesMarch 16, 2011 12:31 PM

BTW, this isn't a hack on core driving systems such as fly-by-wire throttle. It's a hack on the CAN bus.

This means that hackers can flash the lights, honk the horn, roll the windows up and down, mess with the radio volume, etc. It's annoying (like a hyperactive five-year-old is annoying), but it won't make you lose control of your car.

BF SkinnerMarch 16, 2011 12:49 PM

@Clive "controled in some manner from your electricity meter, which in turn will need to be controled by the utility company (As new nuclear power stations have just been kicked into the long grass, )."

To be fair the meter has always been a control of the utility company (well Clive may be able to bypass his) if only the logic of on and off.

And for new nuclear stations; on this side of the Atlantic the defeat of the Republican carbon cap-and-trade notion has made them more expensive than hydrocarbon plants. There were only going to be 4 or 5 more built here prior to the Fukushima disaster.

TSMarch 16, 2011 1:01 PM

@phred14: "As for terrorism - I wonder what percentage of cars in NYC (or other major city) would have to either stop of go full throttle to gridlock the place."

Percentage? You just need one at the tunnel and one on the Cross Bronx at 5PM to really grind things to a halt.

BobMarch 16, 2011 1:22 PM

@ Richard Steven Hack:

You don't have to drive a car. See, the Terrorists will destroy you by burning Stuxnet, the Most Advanced Dastardly Software On The Planet, onto a CD; put it into a Government Motors vehicle belonging to a chap named "Bob"; and cause said vehicle to plow into you on the sidewalk. It can also be used to turn the vehicles air conditioning system into an Hawaiian Ice machine, but that is another story.

Now if they could invent a CD that would make the Corrs sisters get into my car ...

OSCMarch 16, 2011 3:02 PM

Brings a whole new meaning to the phrase "Car Jacking"

Didn't a study a few years ago suggest it might be possible to remotely exploit a car through the tire pressure sensors?

Given that all the cars systems are on the same net, that now seems much more likely. Volt has 10 million lines of code, and with even a decent exploitable vulnerability rate of 1 in 100,000 lines, gives 100 vulnerabilities waiting to be exploited.

ThomasMarch 16, 2011 3:12 PM

There's no reason (other than cost, and having to think about it) not to have a 'data diode' between the essential system and the infotainment ones (sort of like you the one I hope is installed on airplanes that allow passengers to view navigation information).

Does this another theory on the Prius failure, "Can't stop the music.mp3" was playing?

ShaneMarch 16, 2011 3:42 PM

And here I was thinking that Beiber's incredible vocal range drove me mad enough to subconsciously run into that bus full of nuns and school children. I guess I was wrong!

Gianluca GhettiniMarch 16, 2011 3:43 PM

@Les
"this isn't a hack on core driving systems such as fly-by-wire throttle. It's a hack on the CAN bus.
... t it won't make you lose control of your car."

Are you kidding? An hack on the CAN bus can really screw things up and it can lead to a very bad end. Just think about sending malicious packets over the bus...

A special packet can instruct the ECU to stop the brake pump and sudddently the car won't brake anymore....

JBMarch 16, 2011 4:23 PM

@Jason
You must mean me :)
I would be concerned but I guarantee my after market stereo doesnt connect to my car's computer.
Also, I would think that this would apply to any MP3 playback, whether from CD, USB Input, onboard HD etc...

KevinMarch 16, 2011 5:22 PM

The best thing is, this can be fixed just by a simple firmware update, mp3 file to follow - just trust me! :-)

1. Scammers target customers of car showrooms selling {BRANDX} and mail them an envelope saying "A potentially harmful fault has been discovered in your {BRANDX} {MODELX}. As a precautionary measure we have sent you this CDROM which contains an update to your car's control systems to prevent against all known attacks..."

2. ?

3. Chaos!

Dirk PraetMarch 16, 2011 7:22 PM

Epic failure of current Can-bus design. The trivial question on the table however is why on God's green earth we need all these electronics in our cars in the first place ? Sometimes I wonder just how far we are from a society where reverting to low-tech status will become the only way to avoid ubiquitous monitoring and control either by governments or other parties and to enjoy a minimum of privacy and anonimity.

Richard Steven HackMarch 16, 2011 7:25 PM

Bob: "Now if they could invent a CD that would make the Corrs sisters get into my car ..."

Well, Sharon likes Crowded House...

OTOH, they're all married now.

Sharon's husband, Belfast barrister Gavin Bonnar, hates me because I defend file sharing while he rabidly hates file sharing (as does Sharon - but he's really rabid about it.) We had a huge debate on Twitter - which is hard to do in 140 characters. But I kicked his ass. :-)

Richard Steven HackMarch 16, 2011 7:42 PM

Off topic: This is interesting. Meet the 16-year-old girl who hacked HBGary.

Is This The Girl That Hacked HBGary?
:http://blogs.forbes.com/parmyolson/2011/03/16/is-this-the-girl-that-hacked-hbgary/

Quotes

With just half a dozen close friends online, she has a strict regimen to remain invisible on the web. Each night she wipes every one of her web accounts and deletes every email in her inbox. She has no physical hard drive and boots her computer from a microSD card. “I could hide this card anywhere or chew into a million pieces in a few seconds,” she says by e-mail. She keeps her operating system on a USB stick and uses a virtual machine (VM) to carry out her online shenanigans.

So paranoid is Kayla of being caught or hacked by others, that despite several requests she would not speak to me on Skype to verify an adolescent-sounding voice. Our only evidence: others in Anonymous vouch for her age, her emails are punctuated with smiley faces and “lols” and she is relatively well-known on hacking forums. Still, rumors abound that Kayla is a mid-20s male from New Jersey named Corey Barnhill, who also goes by the pseudonym Xyrix.

When I put this to Kayla she countered that in 2008 (aged 14) she and a few other users of an early Anonymous IRC network called partyvan, hacked the account of fellow user Xyrix in defence of an online friend. Kayla used Xyrix’s (Corey’s) account to social engineer an IRC operator and got her target’s personal information. The operator thought Xyrix was Kayla, added her to Xyrix’s Encyclopedia Dramatica page, and the rest is history.

End Quotes

Interesting physical anti-forensics technigue: eat your microSD card.

I don't think I buy it. Who gets by without a hard drive these days? In fact, the biggest drive you can get? I have 2TB sitting on my system and barely 464GB free. And at the rate I download, that won't last but another six months or so - maybe.

If she's saying she has a specific machine devoted to hacking, separate from her "normal" machine, I might buy it. That's the only way to fly, especially if said machine is no where around your residence and unconnected to your regular ISP or associated with any of your online accounts.

tommyMarch 16, 2011 7:55 PM

@ Dirk Praet:

"....why on God's green earth we need all these electronics in our cars in the first place ? Sometimes I wonder just how far we are from a society where reverting to low-tech status will become the only way to avoid ubiquitous monitoring and control either by governments or other parties and to enjoy a minimum of privacy and anonimity."
********
We're already there, and have been there for a long time. In 1973, a guy named Harry Browne published a book called, "How I Found Freedom In An Unfree World". Including, e. g., pay cash as much as possible, vs. checks and credit cards that leave trails and can be collated into a dossier on you. This was long before the Internet; the guy was prescient. Great reading.

Anyway, yes. Drive an older car without OnStar, Bluetooth, etc. Surprisingly, they provided adequate transportation for decades before these things were invented.

Could go into more specifics, but the basic idea is that everything is a trade-off: Is the convenience of this latest widget worth the possible security and privacy risks? Once looked at that way, you'd be surprised at what magic toys you can do without.

Old saying (invented by me): "Not everything that can be done, should be done."

tommy March 16, 2011 8:05 PM

@ Richard Steven Hack:

"Who gets by without a hard drive these days? In fact, the biggest drive you can get? I have 2TB sitting on my system and barely 464GB free"
**************
My total HD usage is slightly under 900 MB. (Yes, that's "mega-bytes".) Once you de-bloat your OS and all your apps, zip old files, and move stuff that won't be needed regularly to CD/DVD (where they're immune from HD or OS crashes anyway) or to USB flash drive, you don't need much HDD space. Machine runs a lot faster, laptop batteries run longer on one charge, defragging and backups are hugely faster, etc.

I was offered a Flash memory device to replace my HD when it failed -- actually connected to mobo, etc., and totally replaces HDD. Too much money at the time. Teensy devices already have this, and as the price comes down, spinning platters with motors that burn out and create heat, and heads that crash, etc., will go the way of floppy drives.

Start cleaning!

Dirk PraetMarch 16, 2011 8:56 PM

O-T

@ Richard Steven Hack

"If she's saying she has a specific machine devoted to hacking, separate from her "normal" machine, I might buy it. "

Since there is always a fair risk of contamination or human error, it's the only way to go if you're up to no good or have other reasons to be paranoid about your privacy/anonimity. Check out stuff like T.A.I.L.S. or JanusVM.

Alex WMarch 16, 2011 8:59 PM

I wonder if this is how [name of a competitive automaker here] sabotaged Toyota into a massive recall over "sudden" acceleration issues.

JayMarch 17, 2011 3:44 AM

So, suppose the player is set to listen to a certain radio system at a certain point in time. Allowing some time for the worm/virus/trojan to distribute over sufficiently many cars, would someone be able to broadcast something to a massive carbotnet ..? "All stall at this instance"...

BF SkinnerMarch 17, 2011 6:34 AM

@Richard Steven Hack "Interesting physical anti-forensics technigue: eat your microSD card. I don't think I buy it."

I dunno. Some adolescents are serious nail-biters. A few girls I've know could "chew" an sd card into a million pieces.

ChrisMarch 17, 2011 7:28 AM

@Richard Steven Hack @BF Skinner

chewing microSD cards

Honestly, unless the arresting officers had reason to believe you (a) had a microSD card of interest and (b) ate it, there's no need to do anything besides swallow and wait to drop a deuce.

"Flush the evidence" isn't just for illegal plants, you know. ;)

Disclaimer: Don't break the law, previous posting is a work of fiction and falsehood, be a good citizen, REPORT YOUR NEIGHBOUR, etc.

Richard Steven HackMarch 17, 2011 9:18 AM

Tommy: "move stuff that won't be needed regularly to CD/DVD (where they're immune from HD or OS crashes anyway)"

Right - I really want to have another stack of several hundred DVDs laying around instead of one 3.5" hard drive (and another or two for backup).

Nope.

Chris: "there's no need to do anything besides swallow and wait to drop a deuce."

And if they DO suspect you've swallowed it, they WILL watch you like a hawk until you have to drop it - and they will retrieve it. I know. I've heard it done in the Federal joint where inmates have tried smuggling in dope by swallowing it in the visiting room. One guy had a number of balloons loaded with drugs burst open in his stomach; he nearly died in the hospital and they fed him laxatives to retrieve the "evidence".

I have enough trouble, I sure don't want to feel a plastic card plowing through my bowels. Or even the chewed up plastic...

Nick PMarch 17, 2011 2:54 PM

@ Richard Steven Hack

Thanks for find. Actually, I find the story quite believable. Her anonymity methods are quite common among very paranoid people. She almost certainly has a dedicated computer for hacking and stuff (or uses a Truecrypt hidden volume w/ VM). She doesn't need a HD because she uses a LiveUSB distro that's probably designed not to touch a HD anyway. She also runs things from a VM. I would say she's using a LiveUSB OS to open up a VM on an SD card that contains Tails or a similar anonymizing distro. Persistent data is probably stored on the SD card in encrypted storage. And thinking she could just easily eat her SD card is quite a teenage response (one that I've heard in person).

It's a decent setup for someone wanting to stay in their home and do these things. A more ideal setup is a notebook bought with cash by someone else, LiveUSB OS w/ macchanger, long-range antenna and quite a few [hacked] residential or corporate WiFi hotspots. Run an anonymizing VM on top of this and just keep changing locations every so often. Will be hard to track even for Feds if activities don't leak identifiable information.

Although, I don't really see why they always use these online forums. Freenet is currently the best (and probably safest) anonymous publishing system. If they run Freenet in F2F mode, they would have less to do to remain anonymous online. Especially if they use an embedded PC hooked up somewhere and using someone else's WiFi, with a point-to-point connection between it and their real PC during the few times they need to be online.

Clive RobinsonMarch 17, 2011 3:17 PM

@ BF Skinner,

"I dunno. Some adolescents are serious nail-biters. A few girls I've know could "chew" an SD card into a million pieces."

There's something slightly unsettling about the minds eye picture this brings up... I now see this bespecticaled girl with hair in bunches at the side of her head looking somewhat like a crazed Buggs Bunny dementedly chewing her nails likes Buggsy doing the "typewriter number" on a root vegtable.

tommyMarch 17, 2011 5:09 PM

@ Richard Steven Hack:

OK, but I bought an inexpensive 3-ring covered binder, zippers shut, with pages that hold 4 CD/DVD per side, nicely protected, for a total of 400 disks. Even with single-sided DVDs, that's about 1800 GB. If you go double-sided, well, uh -- double that. ;)

Space? If you stand it upright on your bookshelf like any other book, all 1800-3600 GB take up about 7" - 17cm of width. I'd bet your two spare HDDs, plus power supply (and UPS?), connection wires, etc., are less compact overall - and still subject to magnetic pulse or general failure.

Naturally, ordering them alphabetically, by date, or keeping a simple page log as you enter each one makes it much faster to find when needed. Different strokes for different folks. Cheers.

RobertTMarch 17, 2011 10:19 PM

@Nick P
"A more ideal setup is a notebook bought with cash by someone else, LiveUSB OS w/ macchanger, long-range antenna and quite a few [hacked] residential or corporate WiFi hotspots"

Personally, I think the most important step in any anonymizing routine, is to point the finger at some other likely lads, not very friendly, but very effective. That's why I'd always take a couple of trips through the GFC before engaging in any adventuresome activities.

DaveMarch 18, 2011 3:15 AM

>I tried looking for the academic document discussed in this news
>report. It doesn't seem to be online yet

I ran into the same problem, I always like to check the original sources of stories like this to see what the real facts are, but there doesn't seem to be any way to get them.

DaveMarch 18, 2011 3:28 AM

>Who gets by without a hard drive these days? In fact, the biggest drive
>you can get? I have 2TB sitting on my system and barely 464GB free.

I wouldn't know what to do with 464GB. My work partition is 4GB, of which about 3.95GB is free.

>And at the rate I download, that won't last but another six months or
>so - maybe.

So if the Internet ever runs out of pr0n we can reload it from your stash?

Nick PMarch 18, 2011 1:48 PM

@ RobertT

That's what my technique is designed to do. If it gets traced, they end up at someone else's house. But, to point the finger more clearly, we just need a stealthy rootkit that acts as a proxy and file storage. The file storage will be "evidence" that the patsy was doing things for himself, the writing style will match his, personal (to him) references will be made in the text, and the malware will be removed after most of this is in place, reverting back to merely using his WiFi. If the hunters hone in on him, they will find all the evidence they need.

You said this isn't very friendly, but it's effective. I'd say it's more than cruel: my conscience wouldn't allow me to frame an innocent person for a felony unless there was no other way to survive. I'm sure there are others with less moral scruples. The real question is how many innocent people have been convicted from this crime.

Nick PMarch 18, 2011 1:48 PM

@ Dave

"So if the Internet ever runs out of pr0n we can reload it from your stash?"

LOL. He should probably cut back because recent studies have shown a connection to carpal tunnel.

Clive RobinsonMarch 18, 2011 3:43 PM

@ Nick P,

"My conscience wouldn't allow me to frame an innocent person for a felony unless there was no other way to survive."

Sadly people are being framed all the time, those sitting on the bench know this only to well, however it is not in their interest to do anything about it.

For instance we have seen in the newspaper just a day or so ago "The World's Biggest" with regards to a supposed 600 member Internet child pornography ring. I can't say how many are guilty of what or if they are innocent.

However I do know that with "coppers" like Jim Gamble of Operation Ore fame

http://ore-exposed.obu-investigators.com/...

Where providing false evidence to judges was the norm I can guess that even the inocent are going to be found guilty or commit suicide.

"I'm sure there are others with less mora scruples."
Yup and many are those that should be carrying out a proper investigation not pandering to the whims of politicians newspapers and the mobs they stir up.

Which brings us onto your point,

"The real question is how many innocent people have been convicted from this crime"

It is difficult to tell, however we do know that the Police in the UK repeatedly fail to investigate properly, don't provide all the evidence to the defence, and various other things. In this they are abely abbetedd by M'learned friends.

We even have laws specificaly designed to strip age old rights from defendents so they have neither the means nor the ability to mount a defence.

All so the Politico's can claim they are being tough on crime...

With regards your "plant evidence" and leave it there due to the way many hard disk drivers work the files are laid down on the hard disk in a very specific way and the time and date etc will become evident. Any jury that gets presented with a mass of files with only a short time span should be justifiably suspicious that they may be a plant either by an individual or by some automated means.

It is not exactly unusuall for "phoney games software" to turn peoples hard drives into hidden P2P stores so it may well be possible to show that the defendent is being used and abused as a patsy. But don't expect any LEO to go the extra mm to show this might be the case. Oh and don't expect them not to "lose" any evidence they find that might be used by the defence.

tommyMarch 18, 2011 4:23 PM

@ Dave, and echoing Nick P., who beat me to it (no pun intended ;): LOL! .... and thanks for backing me up. (pun intended)

I *did* intend to ask R. S. Hack what exactly he had in those 1536 GB - the plans to supply the world's energy needs from three acorns? To colonize Mars? The entire Wikileaks collection? ;)

RSH, care to share? Mind-boggling.

RobertTMarch 18, 2011 8:26 PM

"I'd say it's more than cruel: my conscience wouldn't allow me to frame an innocent person for a felony"

That's why I always try to leave the evidence pointing to a computer, within a suspicious institution in a country that no LEO will ever gain access to, (hence the GFC reference).

Clive RobinsonMarch 19, 2011 6:43 AM

@ Robert T

One of the problems with TLA's (three letter acronyms) is they are becoming "overloaded".

For instance the use of GFC, a quick look on Wikipedia,

http://en.wikipedia.org/wiki/GFC

Would get you a lot of unhapy UK "footbal fans" (socca for those in the US) wanting to know waht you had against them ;)

Clive RobinsonMarch 19, 2011 7:59 AM

Off Topic.

@ Nick P,

I don't know if you have seen this particular "security breach" or not,

http://mobile.darkreading.com/9287/show/...

Essentialy a worker left a backup tape unattended in a car and it was stolen. The tape contained the details and some medical info on 300,000 people.

The article basicaly says "Backups Should Be Encrypted" which appears to be fair comment on the face of it from supposed "industry experts" (presumably from a phone interview etc). But... the article as presented side steps the issue of why backups realy should not be encrypted.

One "industry expert" quote gets it baddly wrong with,

"Encryption is the No. 1 control to prevent scenarios such as the Cord Blood Registry breach. Encryption does require time for configuration and ongoing maintenance, but it has a very low fixed cost,"

This sounds great to a journalist and to many others who know little or nothing about the problem. But to any person who has thought about the issue the person making this quote sounds like they have never set up a "robust and reliable" encrypted backup system and the appropriate "key managment" system.

One of the biggest issues of backup data and encryption is "Key Managment" and it is very rarely "very low fixed cost" when done reliably (often key managment is more expensive than the backup process it's self when done reliably).

This was true long ago, but now M'learned brethren are discovered what a usefull tool "electronic discovery" is for winning big fat settlements.

Can you imagine what a judge is going to say when you cannot produce the decryption key for a 10 year old backup tape that the other side has got their grasping hands on?

Worse what do you think a jury will make of it after the grasping shark has raised the spectre of "deliberatly witholding vital evidence" etc etc...

Thus an "encrypting backup process" also involves secure transportation, storage and destruction not just of the tapes but the keymat as well. Which of course also has to be backed up in a secure manner with all the other attendant problems as well...

Personaly I'm getting fed up of "encryption is a cure for all audit evils" statments from supposed experts. At the best all it does is shift the problem else where and add considerable problems, not the least of which is future legal liability.

At worst if it's implemented as a "for audit checkbox ticking" (which is the major trend currently) we will see it done really really badly.

We have already seen things such as the pass phrase being realy simple (such as the company name) or written on a "post it note" stuck on the media it's self, or worse inside the box and other "no no's" that are just as bad.

You can almost guarantee that in most peoples minds (especialy the bean counters) they will assume incorectly that "encryption" takes away the liability and all other down stream issues (such as ensuring secure storage and destruction).
Worse they will not do the key managment correctly and the chances are that they will find that the encrypted backup tapes are usless to them should they ever realy need "disaster recovery". Because the encryption keys were stored only in a book in a desk in the data center that has just gone up in smoke...

But worse still some people will think they don't have to follow sensible data destruction on the tapes any longer and forgo the cost and instead just E-bay the media with all the files in tact. Only to later discover that to their enemies the encrypted tapes are worth more than their weight in diamonds...

PiskvorMarch 20, 2011 8:52 AM

"move stuff that won't be needed regularly to CD/DVD (where they're immune from HD or OS crashes anyway)"

Uh, you *do* realize that both CDs and DVDs also become less reliable as they age? They're built on the assumption of "nobody will need this data in five years anyway". The complete read failure rate of a CD-R at ten years is (my guesstimate) above 80%; you could get the expensive "archivation" CD-Rs, but that will only buy you a few years more. Nope, there is no useful long-term digital archiving solution yet (tapes don't have these specific problems - they have their very own set of problems).

Simon BridgeMarch 21, 2011 9:34 PM

Wow: nobody mentioned "linux"? I can use my CD/DVD drive as a regular instruction source but when it is being use as a media player it cannot give instructions to anything other than the software media player ... and that is restricted to output via the speaker system... this would appear to be a problem with existing solutions so the very first question remains: why didn't the engineers use them.

Nick NMarch 22, 2011 12:33 AM

@Jason!

"I bet the one remaining guy who still burns MP3 CDs is super-concerned right now."

I still use PCM audio on a CD-R, I still use this because I've yet to find a decent head unit that plays Vorbis.

Clive RobinsonMarch 22, 2011 2:43 AM

@ Nick N,

"... I still use this because I've yet to find a decent head unit ..."

Just wait a few years, then your "head unit" won't be able to tell the difference...

There are days when I feal like "Bob Fliber" in Good Morning Vietnam,

AC : We're talking out in the field today. Hi, what's your name?

BF : "My name's Bob Fliber!"

AC : Bob, what do you do?

BF : "I'm in the artillery!"

AC : Thank you, Bob. Listen, can we play anything for you?

BF : "Anything! Just play it loud!"

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..