Skip to content

Latest commit

 

History

History
1044 lines (870 loc) · 46 KB

attack-surface-tech.adoc

File metadata and controls

1044 lines (870 loc) · 46 KB

Mashapedia: Technologies of Attack Surface by Cory Doctorow

Introduction

I am a big fan of Cory Doctorow (@doctorow). Not only his books Little Brother, Homeland, and now Attack Surface discuss important topics like online privacy and the role of technology in today’s world, but also they educate the readers by telling them stories about modern tech solutions and tools. Doctorow usually doesn’t give you a lot of explanations, assuming that you can find all the necessary information if you want to.

When I started reading Attack Surface I was amazed by the amount of tech terms Doctorow was using here and there. I thought about some terms: “Okay, I know what ‘Tor’ means, but does everybody else who is reading this book now?”. Other terms I had to google myself: “What is IMSI-catcher?”

I thought it might be a good idea to collect all tech terms that might be new to the readers and give a quick explanation for each of them. Also a link or two to more detailed pages would be helpful.

This is my collection of Attack Surface terms. Most of the time I give links to Wikipedia, sometimes to other resources.

If you want to add, correct, or expand some terms or add more interesting links, feel free to open issues in my Github repo (https://github.com/pavelanni/attack-surface-tech) or fork it and and open a PR. I’ll be happy to include your additions to this list.

Here I collected the terms chapter-by-chapter. There is also an alphabetical reference.

Chapter 1

Tor

A network that enables anonymous communications. By using the Tor Browser you can visit web sites without letting them know your location or your actual IP address. More about Tor (including questions "is it legal?"):

Facebook Tor Hidden Service

A site that allows access to Facebook through the Tor protocol. According to Alec Muffett "Facebook’s onion address provides a way to access Facebook through Tor without losing the cryptographic protections provided by the Tor cloud. …​ it provides end-to-end communication, from your browser directly into a Facebook datacentre." The address is facebookcorewwwi.onion where .onion is the common top-level domain name for sites in Tor network. You can enter this domain name in the Tor Browser’s address field. It won’t work in your normal (Chrome, Firefox, etc.) browser. More:

Sectec

A fictional networking device produced by Xoth. Not a CCTV camera produced by Shenshen Sectec Co. (http://www.sectec.com.cn/)

0-day or zero-day

A vulnerability that has not been fixed by the vendor or was fixed just recently which allows hackers to exploit it. More:

Exploit

A piece of software or a methodology (series of steps) that allows hackers to use a known vulnerability to get access to a target computer. More:

Tunnel out

To use an SSH tunnel to get secure access to a remote box. Usually you use SSH tunneling to bypass firewalls that prohibit certain Internet services. More:

Bootloader

A piece of software which normally starts at the early stages of computer start-up process, after executing the BIOS, but before the operating system starts. Its purpose is to load the operating system (hence the name). Bootloader integrity check is important to avoid a "boot attack": type of attack that replaces the original bootloader and installs a bootloader that can intercept passwords, including those used for hard drive encryption. More:

Semtex

General-purpose plastic explosive. More:

Hardware keylogger

A device used to log all keystrokes on a computer which is used to capture passwords. More:

Catching password from key sounds

Different keys on the keyboard produce slightly different sounds so the recorded acoustic pattern of you typing in your password can be used to guess it. That’s why Masha does “medium-loud AAAAAH” when typing her password. More:

Faraday cage

An enclosure that blocks electromagnetic fields. Could be a room, a cabinet, a bag. More:

Tails

A security-focused Linux distribution that aims at preserving privacy and anonymity. It usually loads from a live DVD or USB and provides Linux environment that is based on Tor network. Your browsing information is not stored anywhere unless you specifically instruct it to do so. Tails provides an emergency shutdown: when you pull the USB out of the slot, the system erases all computer memory and shuts itself down immediately. More:

MIT Media Lab

A research lab at MIT famous for its inventions and projects in areas of human-computer interaction, artistic visualization, musical devices, sociable robots, etc. More:

USB Port Physical Lock

There are several variants of such a device that physically blocks access to the USB port. Some of them have keys, some should be physically destroyed to get access to the port. Examples:

EL wire

Electroluminescent wire is a thin copper wire coated in a phosphor that produces light through electroluminescence when an alternating current is applied to it. More:

Lidar

"Light radar" — a device that used laser light to scan the area and measure distances to objects, walls, etc. It is also used as an acronym of "light detection and ranging" and "laser imaging, detection, and ranging". In the book Masha uses a drone to get "lidar outlines of all the human in the space". More:

Raspi Altair 8800

Altair 8800 is one of the first personal computers which was introduced in 1974. For many people it has sentimental value — that’s why some people design and sell Altair emulators that use modern technologies such as Arduino and Raspberry Pi. More:

Blinkenlights

Usually refers to the diagnostic lights on computer’s front panels (in the old days). The term derives from the famous text dated as far back as 1955.

ACHTUNG!
ALLES TURISTEN UND NONTEKNISCHEN LOOKENSPEEPERS!
DAS KOMPUTERMASCHINE IST NICHT FÜR DER GEFINGERPOKEN UND MITTENGRABEN! ODERWISE IST EASY TO SCHNAPPEN DER SPRINGENWERK, BLOWENFUSEN UND POPPENCORKEN MIT SPITZENSPARKEN.
IST NICHT FÜR GEWERKEN BEI DUMMKOPFEN. DER RUBBERNECKEN SIGHTSEEREN KEEPEN DAS COTTONPICKEN HÄNDER IN DAS POCKETS MUSS.
ZO RELAXEN UND WATSCHEN DER BLINKENLICHTEN.

More:

Paranoid Android

In the book it seems to be the Android-based OS for smartphones focused on security. The main feature of it is that you update it very often to make sure all known vulnerabilities are patched or at least there are no known exploits for them. Masha explains that you should always check the OS signatures to make sure you are actually installing the correct bits and not something created by the government hackers containing backdoors and loggers. Apparently there is such a project in real life, but it’s not specifically focused on security — it just uses the cool name. More:

IMSI-catcher

A device that can pretend to be a cell phone base station and make all phones in the nearest proximity to connect to it (because its signal stronger than the real cell towers that are farther away). That way it will be able to collect all information about the connected phones such as IMSI (international mobile subscriber identity), etc. Also it will be able to intercept phones' traffic, voice and data using "man-in-the-middle" attack. Devices can be purchased online, as well as anti-IMSI-catchers. You can build one yourself, if you want (see the link below). More:

Dazzle mask

A mask that allows you to trick facial-recognition software into thinking you are not human. They may use reflective tapes, infrared lights, lenses, etc. More:

Pastebin

A storage site where people can post pieces of code and other text information. More:

Regular expressions

A (smart) way to search specific patterns or strings in text files. You can describe patterns like "one to three numbers followed by a dash followed by several capital letters, no more than 8." More:

Anonymouth

Document anonymization tool written in Java. More:

Stylometry

A method to study linguistic style to find out who the author of the document is. More:

PGP

Pretty Good Privacy, a cryptographic method used for encryption and digital signing documents, emails, etc. More:

Malware

Malicious software: software intentionally designed to cause damage to computer systems. More:

NFC, Near-Field Communication

A set of communication protocols for communication between two electronic devices over a distance of 4 cm. Used in various types of key cards, passes. etc. More:

Information Cascade

A pattern of information flow when you can see how information or decision coming from one person triggers the series of decisions or information passes from several other persons. More:

Anti-Stingray

Tools to protect oneself from IMSI-catchers. More:

Asterisk

An open source phone framework that can be used to build a Voice-over-IP or IP PBX system. Masha runs such a server on the cloud and uses it to route her calls. One of the examples: https://aws.amazon.com/marketplace/pp/Technology-Innovation-Lab-of-Texas-Asterisk-1770-A/B079Y7449R More:

Signal

A communication application which is considered to be the most secure for end-to-end encryption. Trusted and used by Edward Snowden, Jack Dorsey, Bruce Schneier. It uses the open-source Signal protocol. Works on iOS, Android, Linux, macOS, Windows More:

Binary Transparency

A method that allows users to verify that the piece of software they use is exactly the same used by other users, i.e. it was not substituted by a compromised version. More:

Hashing

Masha explains it pretty well in the book. More:

Public-private key cryptography

Again, Masha does a great job explaining the basics. More:

BadUSB

It is a way to use the microcontroller embedded in a USB device to inject malware in your computer. The most dangerous thing about it is that all the work is done by that microcontroller, invisible to the target computer’s CPU. More:

Baseband phone security

It was confirmed that the software that controls the baseband radio on smartphones can be compromised and can allow attackers to control other smartphone devices such as camera and microphone. More (some papers are a bit dated, but it’s quite possible some vulnerabilities described in them still exist):

Man-in-the-middle attack

This is the category of attacks where the attacker injects something in the transmission channel (voice, data, etc.) that can listen to the traffic and potentially alter the traffic. More:

Openstreetmap

Wrongly called "Openstreetmaps" in the book. An open source alternative to Google Maps. More:

Citizen Lab

A laboratory based at University of Toronto which works on protecting human rights and privacy in cyberspace. More:

Chapter 2

Fibonaccis

Fibonacci numbers, the sequence where each next number is a sum of the two previous. They have a lot of interesting features, they are found in nature, etc. More:

LiveJournal

A social network platform created in 1999 that used to be popular before Facebook and Twitter. In 2007 it was sold to Russian media company SUP Media. Written in Perl. More:

Blogger

A blogging platform owned by Google. Created in 1999 by Pyra Labs. Written in Python. More:

MySpace

A social network that used to be the largest social networking site in the world (between 2005 and 2009). More:

XML (Extensible Markup Language)

A markup language used by many applications to store and exchange information and documents. More:

ARGs (Alternate Reality Games)

Interactive games that are usually played in real world mixed with multimedia and online services. Usually they use stories that are created and controlled by game designers. More:

WAP (Wireless Application Protocol)

A protocol that was used by cell phones to access the Internet in the early 2000s. WAP browser is an application that can display text and pictures on the phone’s screen. It was used before smartphones became widely available because it could work with really small screens and low transmission speeds of that time. More:

Microfiche

A sheet of flat film, 105x148 mm in size, that contains a set of microimages, usually of size 10x14 mm. It is used to store books, magazines, newspapers in a compact and durable form. More:

Backdoor

A hidden method to access a computer or network device bypassing the normal authentication scheme, usually created as a part of the software running on that computer. More:

Reverse shell

A method to connect back to the attacking computer from the target computer. Because it is initiated from the target computer it can be a way to bypass a firewall or NAT service. More:

RFID (Radio-frequency identification)

A method of exchanging identification information over radio. It includes RFID tags and RFID readers. RFID tags can be passive (i.e. not containing any battery) and really cheap. They get the energy they need to operate from the reader that reads from them. More:

Usenet

A "prehistoric" social network that was created around 1980. The name comes from the term "users network". It was used for discussions and asking questions. It has a hierarchical structure of topics called "newsgroups". Even before Internet became widely available it used UUCP (Unix-to-Unix Copy) program to exchange posts and updates over telephone lines. More:

Caller ID spoofing

A method or tool that allows the caller to pretend that the call is coming from a different number. Masha uses it to read friends' voicemails pretending she is calling from their numbers. Scammers use this method to pretend they are calling from the same area code — that way there is more chances that you pick the call. Sometimes scammers even pretend they are calling from the actual 800-number which belongs to IRS. More:

Data-collecting light bulbs

Most likely Masha means this report: https://darkcubed.com/iot-security-technical. Short versions:

Garbage in, garbage out (GIGO)

This phrase was first used in November 1957 and is still quite popular among programmers and mathematicians. It’s related to the terms FIFO (first in, first out) and LIFO (last in, first out) that describe the behavior of the queue and stack data structures, respectively. More:

Bayesian inference

A method of statistical inference in which Bayes' theorem is used to update the probability for a hypothesis as more evidence or information becomes available. More:

Chapter 3

The smarter your device, the harder it would be for you to outsmart it.

— Masha Maximow
ZOMFG

Usually spelled entirely in caps, this abbreviation originates from the typo you get when you strike the shift key in order to type OMFG, but you miss and hit the z instead. From here:

Infect your phone with WhatsApp message
BusyBox

A lightweight software suite with a set of Linux/Unix commands that is used in embedded devices (list: https://busybox.net/products.html). Can be downloaded and executed as a single binary (size ~1 MB). More:

BusyBox malware

Masha explains it pretty well: there are pieces of malware that can be executed on systems running BusyBox. More:

Stalkerware

Monitoring software or spyware that is used for stalking. The term was coined when people started to widely use commercial spyware to spy on their spouses or intimate partners. More:

Executive order 12333

Executive Order 12333, signed on December 4, 1981 by U.S. President Ronald Reagan, was an Executive Order intended to extend powers and responsibilities of U.S. intelligence agencies and direct the leaders of U.S. federal agencies to co-operate fully with CIA requests for information. More:

Chapter 4

MRAP

Mine-Resistant Ambush Protected is a term for United States military light tactical vehicles produced as part of the MRAP program that are designed specifically to withstand improvised explosive device (IED) attacks and ambushes. More:

Threat model

Threat modeling is a process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified, enumerated, and mitigations can be prioritized. More:

Jersey barrier

A Jersey barrier, Jersey wall, or Jersey bump is a modular concrete or plastic barrier employed to separate lanes of traffic. More:

RPG

Not a Role-Playing Game (here). A rocket-propelled grenade (often abbreviated RPG) is a shoulder-fired missile weapon that launches rockets equipped with an explosive warhead. Fun fact: The term "rocket-propelled grenade" is a backronym; it stems from the Russian language РПГ which stands for ручной противотанковый гранатомёт (transliterated as "ruchnoy protivotankovy granatomyot", which has the initials "RPG"), meaning "handheld anti-tank grenade launcher", the name given to early Russian designs. Typical range is around several hundred meters. More:

MRE

The Meal, Ready-to-Eat – commonly known as the MRE – is a self-contained, individual field ration in lightweight packaging bought by the United States Department of Defense for its service members for use in combat or other field conditions where organized food facilities are not available. More:

FOB

A Forward Operating Base (FOB) is any secured forward operational level military position, commonly a military base, that is used to support strategic goals and tactical objectives. More:

PX

A type of retail store operating on United States military installations worldwide. Originally akin to trading posts, they now resemble department stores or strip malls. PX is US Army terminology. US Air Force uses Base Exchange (BX), US Navy uses Navy Exchange (NEX), Marine Corps calls it Marine Corps Exchange (MCX). More:

Battlefield intelligence

Is described in the US Army document "Intelligence Preparation of the Battlefield". More:

Unique identifiers of tire-pressure sensors

Tire-pressure sensors installed on most of the cars have unique ID numbers configured at the factory. More:

Everything after the slash

Masha says: "I itched to get their Google searches, but that was hard because Google had better security than every other service they visited — strong SSL certificates that hid everything after the slash, so all I could see from my vantage point was https://google.com/ — and then…​ nothing."

This happens when you visit sites that use HTTPS (secure HTTP) and hence, use SSL/TLS certificates. Even if somebody (in this case Masha) intercepts the traffic between you and your provider, they will see only the domain name of the server you are accessing. Everything else in your URL (search queries, usernames, etc.) will be hidden.

More:

MAC address

Masha automatically corrects her boss when she says: “max address”. MAC stands for “media access control” and MAC address means the low-level address assigned to a network card. Sometimes MAC address is called “physical address” or “hardware address”. Usually it is represented as a series of hexadecimal numbers separated by colons, like this: 00:0a:95:9d:68:16. Usually MAC address identifies a physical device (computer or phone) pretty well (as opposed to IP address that could be different in different networks). MAC address can be changed by the OS, but that only stays until the next reboot. More:

Hoberman sphere

An isokinetic structure patented by Chuck Hoberman that resembles a geodesic dome, but is capable of folding down to a fraction of its normal size by the scissor-like action of its joints. More:

Chapter 5

Cryptoparty

CryptoParty (Crypto-Party) is a grassroots global endeavor to introduce the basics of practical cryptography such as the Tor anonymity network, key signing parties, disk encryption and virtual private networks to the general public. The project primarily consists of a series of free public workshops. More:

EFF’s Surveillance Self-Defense Kit

Surveillance Self-Defense is a digital security guide that teaches you how to assess your personal risk from online spying. It can help protect you from surveillance by those who might want to find out your secrets, from petty criminals to nation states. More:

Advanced Persistent Threat

An advanced persistent threat (APT) is a stealthy threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. More:

EXIF metadata

Metadata stored in JPEG files that may include technical information about the photo like exposure, etc. and also geolocation of the photo if this feature is available (i.e. the photo is taken by a smartphone with GPS). More:

SIM-shaped tentacle

Most likely Masha uses a SIM extension cable similar to this: https://www.microsatacables.com/micro-sim-card-to-sim-card-extension-cable-msim-1175-ext

Malware attack on baseband radio

Baseband vulnerabilities give attackers the ability to monitor a phone’s communications, place calls, send premium SMS messages or cause large data transfers unbeknownst to the owner of the phone. More:

USG

USG is a USB firewall that can protect your computer from BadUSB. More:

Android Developer’s mode

Masha uses USB to connect Tanisha’s phone to her laptop and manipulate software on her phone. She uses Android Developer’s mode and USB debugging for that. More:

Android rootkit

A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software. Rootkits exist for different operating systems, including Android. Masha just discovered a rootkit on Tanisha’s phone. More:

Pwned

Historically it’s a misspelled word “owned” (part of leetspeak) which is now used when somebody compromised your device (phone, computer) or your data and now you are pwned by bad guys. There is a site called “Have I been pwned?” which allows you to check if your personal data was leaked during one of the known data breaches. More:

IED

Improvised explosive device. More:

Shift-tilt miniature

Tilt–shift photography (Masha incorrectly calls it “shift-tilt”) is the use of camera movements that change the orientation or position of the lens with respect to the film or image sensor on cameras.

Sometimes the term is used when the large depth of field is simulated with digital post-processing; the name may derive from a perspective control lens (or tilt–shift lens) normally required when the effect is produced optically. More:

CALEA

A wiretapping bill, passed in 1994, as Masha explains it. More:

Google Glass

Smart glasses created by Google and first introduced in 2013. Masha calls them “long-abandoned”, but according to Wikipedia in 2017 and 2019 Google announced Google Glass Enterprise Edition and Enterprise Edition 2 respectively. More:

Am I under arrest?

This and the following questions are part of the recommended procedure when interacting with police. More:

Chapter 6

Plausible deniability

Plausible deniability is the ability of people, typically senior officials in a formal or informal chain of command, to deny knowledge of or responsibility for any damnable actions committed by others in an organizational hierarchy because of a lack or absence of evidence that can confirm their participation, even if they were personally involved in or at least willfully ignorant of the actions. If illegal or otherwise-disreputable and unpopular activities become public, high-ranking officials may deny any awareness of such acts to insulate themselves and shift the blame onto the agents who carried out the acts, as they are confident that their doubters will be unable to prove otherwise. The lack of evidence to the contrary ostensibly makes the denial plausible (credible), but sometimes, it makes the denial only unactionable. More:

Safe Hex

The rules for safe computing. More:

Bad spelling in check-in messages

Obviously Masha still uses an old, centralized version control system like Subversion, and not more modern, decentralized Git. More:

ParanoidLinux

There is a project with this name (https://sourceforge.net/projects/linuxparanoid/) but it doesn’t seem to be active. Most likely what Masha means by ParanoidLinux is Tails (https://boingboing.net/2019/12/16/paranoid-linux-for-real.html).

Chapter 7

Ulysses pact

Masha explains it very well. Apparently, there are “Ulysses pact” applications and other technologies to help you keep your promises. More:

Adversarial perturbation

An "adversarial perturbation" is a change to a physical object that is deliberately designed to fool a machine-learning system into mistaking it for something else. (from an article written by Cory Doctorow) More:

CV dazzle

A type of camouflage used to hamper facial recognition software, inspired by dazzle camouflage used by warships. More:

Machine learning

Ange does a great job explaining machine learning as simple as possible. More:

Red team

A red team is a group that helps organizations to improve themselves by providing opposition to the point of view of the organization that they are helping. More:

USB stick with keypad

Probably Marcus uses something like this: https://www.amazon.com/Encrypted-Certified-Protection-Encryption-16G/dp/B07JNDW5H7/

Uslon prison

Apparently it’s an abbreviation from GULAG days, not a place: USLON: "Upravlenie Severnykh Lagerey Osobogo Naznacheniya", Directorate of Northern Special-Significance Camps More:

Hyperbolic discounting

It is well explained by Ange in the book. Hyperbolic discounting refers to the tendency for people to increasingly choose a smaller-sooner reward over a larger-later reward as the delay occurs sooner rather than later in time. More:

Sukey

Sukey is an organization which emerged in Britain on 28 January 2011, with the aim of improving communications among participants in the student demonstrations. Its immediate aim was to counteract the police tactics of kettling, by coordinating information electronically and transmitting it to the protesters, allowing them to avoid the police kettle. More:

Kettling

A police tactic for controlling large crowds. More:

Chapter 8

Hacking a self-driving car

So far there are only several reports of such hacks and none of them has turned violent yet. But still some possibilities are described in this paper:

COINTELPRO

COINTELPRO (syllabic abbreviation derived from COunter INTELligence PROgram) (1956–present) is a series of covert and illegal projects conducted by the United States Federal Bureau of Investigation (FBI) aimed at surveilling, infiltrating, discrediting, and disrupting American political organizations. More:

Riseup

Masha receives an email from Kriztina from her address at riseup.net. Riseup provides online communication tools for people and groups working on liberatory social change. We are a project to create democratic alternatives and practice self-determination by controlling our own secure means of communications.

Enigmail

In the email header from Kriztina there is a phrase:

Enigmail UNTRUSTED good signature from Kriztina <kriztinak@riseup.net>

That means she uses Enigmail to encrypt and digitally sign her messages. Enigmail works with several mail clients including Thunderbird and Evolution. The meaning of "Untrusted good signature" was explained on the Enigmail forum:

GOOD means that Enigmail verified that the mail content matches the
signature. Nobody tampered with the message. It reached you unmodified
and only the ones that have the SECRET key it is signed with are able
to perform that particular signature.
UNTRUSTED means that although the message matches the signature, GnuPG
cannot check whether the key belongs to the OWNER of the email address.

More:

Chapter 9

Surprisingly, not much tech in Chapter 9.

Chapter 10

Technical debt

Masha calls it “technology debt”, but “technical debt” is more common. Masha explains it pretty well: sometimes you create a solution to quickly achieve your short-term goals, but in the long run this solution keeps you from doing it the “right way”. The longer you postpone re-doing it properly, the bigger it grows and the harder it is to “pay off” your technical debt. More:

Chapter 11

Bot or Not

Masha says she played this “game” with Kriztina and her friends. The point is to distinguish bots from real people in social networks. Apparently, it’s not that easy, if you read the Twitter’s blog post below. There are online tools that can help with that, but they very accurate. More:

Your enemies don’t need people to disagree with you, they just need people not to care .
— Masha Maximow

Chapter 12

Game theory

A branch of mathematics that studies different strategies in various types of games. Games here are played in different fields such as economics, social studies, etc. More:

Chapter 13

Very short chapter. Not much technology discussed here.

Chapter 14

Even shorter chapter. No technology here.

Epilogue

Double-entry bookkeeping

A system of book keeping where every entry to an account requires a corresponding and opposite entry to a different account. The double-entry has two equal and corresponding sides known as debit and credit. More:

Any weapon you don’t know how to use belongs to your enemy.
— Masha Maximow