How The FBI Got Hacked

Apparently the window of vulnerability that allowed a secret FBI phone call to be recorded was the hacking of a personal, private email account.  Login information for the call, emailed to the agent's account, thus came into the hands of the hacking community.

Over the last few years, I've talked with a few experts in the field of digital communication security.  The password issue issue is a problem they often talk about; what they usually are aiming towards instead is a way of identifying the particular computer or phone that is in operation.  Then, even if you had the password, you couldn't call in without the right phone as well:  the other phones wouldn't accept your connection.

There's a lot going on in the field, and I think we'll see some pretty major advances over the next year or so.  I doubt it will end the hacking, though:  it will make it much harder, but a lot of hackers are motivated chiefly by the challenge.  Others, of course, like knowing secrets, and still others like to pull pranks on authority figures.  I've met a few good ones, though, whose real interest was just in doing something that was supposed to be impossible.

One fellow I knew got a job with a major corporation as the head of computer security for their nuclear facilities by hacking into their database and scheduling a job interview for himself.  They were very confused when he showed up for it, apologizing that they didn't seem to have any of the usual paperwork on hand, and weren't sure why an interview had been scheduled without the usual process of review.  After he explained how the interview had gotten scheduled, they hired him.

The story reminds me of that of philosopher and logician Saul Kripke, who was hired as a professor of philosophy without any degree in philosophy at all.
While still a teenager he wrote a series of papers that eventually transformed the study of modal logic. One of them, or so the legend goes, earned a letter from the math department at Harvard, which hoped he would apply for a job until he wrote back and declined, explaining, "My mother said that I should finish high school and go to college first." 
The college he eventually chose was Harvard. "I wish I could have skipped college," Mr. Kripke said in an interview. "I got to know some interesting people, but I can't say I learned anything. I probably would have learned it all anyway, just reading on my own." 
While still a Harvard undergrad, Mr. Kripke started teaching post-graduates down the street at the Massachusetts Institute of Technology, and after getting his B.A. didn't bother to acquire an advanced degree. Who could teach him anything he didn't already know? Instead, he began teaching and publishing. 
 Princeton hired him as a professor, even though their usual standards required a doctorate as a minimum prerequisite.  It was a good decision.


Anonymous said...

Saul Kripke and Walter Prescott Webb. W.P.Webb gave up on his dissertation, moved back to Texas and started teaching at the University of Texas. When the university administrators finally threatened to stop grandfathering Webb, several people from the department got together, quizzed him about his book "The Texas Rangers," and handed him the PhD paperwork. Ah, those were the days.

I'd say that I'm surprised that people are not already tying security to the machine as well as the password, but large organizations move slowly.


Ymar Sakar said...

I'm still waiting for that Facebook server seize.

The "Justice Department" allows Somalian pirates to be let back out. Raping illegal border crossers from Mexico to be left go. Black Panther voter intimidation thugs to be left go. But they crack down on internet websites, oh yeah. Cause Democrat companies were losing "money". Capitalist dogs love money, right. They fight against social injustice, right. They redistribute wealth from the rich to the poor, right. Except they were losing money to internet pirates, and something had to be done. And Holder knew what to do. Just like with Fast and Furious. There's an enemy... time to take out the force of the law on them.

When the government gets the profiles of everyone on Facebook, I'll be sure to tune in to what people have to say then.

karrde said...

A link can break in the strongest chain.

A single password loss by a single law enforcement officer can be used by dedicated attackers to throw egg on the face of the FBI.

This was partly a random event: random in the sense that predicting the exact location/cause of the breach was nearly impossible before the breach occurred.

It was partly non-random: the collaborating law enforcement agencies were working against the Anonymous group. Anonymous targeted them in response, looking for ways to use their abilities against the law enforcement agencies. I feel safe in saying that many attacks were attempted.

One, at minimum, of those attacks was successful.