And the Truth Shall Set You Free
by Bob Sorensen
For some, it started simply, on a spring day at a university somewhere in the middle of the United States. Students across the campus started getting e-mail messages that weren’t exactly right: notes containing snide comments like “your nose is really getting bulbous” or “could you possibly do something about the hair coming out of your ears?”
The senders of these defiled bits did what they were supposed to do: they denied everything, apologized profusely to the injured party, explained that it wasn’t the message that they had sent, that it must have been someone playing a prank.
But in every case, the accused went away with the guilty pleasure of having gotten away with something, because there was a dissonant ring of truth to all those notes. Yeah, they thought, what is up with the nasal twang, and why don’t you have that mole trimmed back to human proportions.
These unsettling events could have gone on indefinitely if the wife of the Dean of Admissions had not got an e-mail from her husband outlining her many and varied physical shortcomings, starting with references to sausage-like fingers and getting worse from there.
The next day the Dean hastily walked a handwritten note over to the University’s Rapid Computer Response team requesting a full investigation of, what he called, “unsubstantiated and malicious computer hacking into the school’s computer network.” The RCR team — an ad hoc collection of student and professional computer security experts — tracked hacks, viruses, and other non-approved computer amusements for the school and, when it paid, the public at large.
The team’s headquarters was located in a sparkling glass and chrome facility next to the crumbling, cramped, and eternally musty chemistry building. The bug house, as it was called, sported all the newest computer hardware: there was a 128 processor Cerebral Nexus in the basement connected by fiber optics to a fleet of Nebula workstations deployed throughout the building. The building and all its computer toys were a gift from a rich alumnus a few years back. Rumor was he had made his billions selling security software to protect the masses from his own viruses, which he would insert into the Net whenever quarterly sales tanked.
The bug house triage team did a quick assessment of the Dean’s request, ran it against some in-house diagnostic programs, and determined that the problem was interesting enough to give to the group’s best: Cray Campbell. Cray was a student in the Department of Adaptive Computer Architecture, paying for graduate school as a hired bug hunter.
When Cray got the hack alert in his e-mail, he was set up in his usual haunt, the centerpiece of the student union, an overstuffed couch stolen from some faculty lounge ten to the something years ago. It reeked of stale beer and last week’s laundry. On his lap sat his weapon of choice, a powerful and deceptively innocent looking NKK palmtop with a direct jack into his favorite geo-sync satellite. The box ran a virtually unbreakable operating system that Cray had written during his last Spring break.
The first thing Cray did after scanning the triage analysis was to call up the University’s Blackhole system logs. He accessed the transaction records cut for each twelve-hour period prior to the known hacks. How many others were unreported, Cray could only guess. He figured most people wouldn’t be willing to air dirty laundry for the sake of giving him a few more data points.
Using a combination of commercial intruder detection software, bug house tools, and a few custom file filters he had written over the years, Cray scanned through the bits. After three hours and a few cans of liquid caffeine, he had wrung out all the information he thought he was going to get. He ticked off in his head what he had learned.
The first was that the hacker was good. Cray could find no records of tampering, which he expected; no self-respecting hacker leaves obvious traces any more. But he also found no records of anyone covering up records of tampering, which was something he didn’t expect. That’s where the amateurs usually screw up.
The second was that in each case the e-mail had been spoofed in both directions, which Cray thought was a clever twist and showed some real talent. Both the sender and the receiver had copies of the tampered message. There was no trace of the original, more diplomatic, message.
The last thing, and the one that was most unsettling to Cray, was that in every case the substituted text had been, as close as he could tell, the truth. The hacks, Cray saw, spoke the words the writer would have used if not constrained by fear, lust, greed, or any of the other less popular mortal sins. He wondered how one hacker, or even a group of them, could have such private insights into what seemed to Cray to be a random collection of users.
Seeing no way to proceed until more data came in, Cray climbed off the couch and strolled back to his disinfected cubicle at the bug house. He ignored the fourteen thousand new messages in his inbox; probably a new worm on the loose he thought. Instead, he placed a voice call to Lou Sabin, a buddy of his at CERT, the Central Emergency Response Team run out of Purdue, the best hacker boys around. Cray wanted to find out if Lou had any reports of similar cases at other schools. If there had, then the experts at CERT would probably already be halfway to finding a fix.
Cray wasted twenty minutes getting nowhere with an artificial receptionist about why Lou wasn’t answering his pager implant.
Losing patience knocking on the front door, Cray decided to see if there was a window open around back. He randomly punched numbers inside CERT until he found some talkative undergraduate flunky manning the phone in the dead-tree library. Cray, pretending he was just down the hall, started in with some chitchat about getting access to some old land-based comp-sci journals. Then he moved the kid on to the local gossip.
After only a few minutes of who’s doing whom, tall tales about who jacks out the best code, and who isn’t getting their grant renewed next semester, the kid told him that that Lou had recently left school under mysterious conditions. No one was saying anything. The rumor was that the administration has found out that Lou had lied on his graduate school application, something about padding his GTEC scores, the kid wasn’t exactly sure. The school was keeping it all quiet because they looked like mooks, getting fooled by a doctored application. Lou had left quietly to avoid any possible legal entanglements. The weird part, the kid added, was that Lou supposedly sent the e-mail that alerted the school to the scam.
Cray listened without comment. Damn, he thought, this sounds like the same thing I’m looking at. It’s already back East. Cray thanked the motormouth and, with what had just become a sweaty palm, he hung up.
Sid Karin, senior board designer at PlanarTech, was having a bad day. He was sitting in the company’s outdated cafeteria, grousing like he always did to the other engineers gathered around the dull, scratched formica table eating their egg salad sandwiches and Twinkies. Sid liked to hold court here, and he usually drew a crowd of five or six junior staff just about every day. He got brilliant ideas the way other people got dandruff. Plus, he didn’t mind sharing them. At least nine different engineers held patents that could be traced back to one of Sid’s brown-bag lunches.
“These people have no idea what effect higher frequencies on the front side bus will have on sympathetic system reception,” he growled to no one in particular.
PlanarTech manufactured over 100 million integrated system boards last year; its most recent development, the soon to be released 10 GHz Omniboard-10, was the cause of Sid’s upset stomach and pounding head.
“Look, its so freaking simple,” he grabbed one of his bespectacled, fresh-faced colleagues by the arm. “Back in the old days, when system bus speeds were low, say less than 100 MHz, the FCC would be all over our case if the main board leaked, you know, created an electromagnetic field that could be detected outside the computer skin. The government didn’t want people to get static on their radio, or have the family jewels lightly toasted when they checked their e-mail. We had to run a whole series of tests to get a license to ship the boards. Okay, that’s something we could deal with, the specs were pretty clear, and everybody stuck to them.”
One of Sid’s wide-eyed disciples respectfully asked, “So what’s the problem with the new boards. They aren’t emanating any EM. I saw the lab tests posted last week and there is almost no measurable emanations, even inside the case.”
Sid ran his hand through his thinning hair and muttered something under his breath. “That’s the whole point,” he said. “We’ve spent our whole careers worrying about emanations from the board to the outside world, and when we were running at granny-out-for-a-Sunday-drive frequencies, that was the right thing to do. But once we started going above a couple of billion cycles per second on the motherboard, the problem wasn’t the signals leaking from the board to the real world. It was the real world raining signals onto the board.”
The group around the table fell silent as they digested this insight along with their lunch.
“Wait a minute,” piped in another engineer. Sid thought that this one was an arrogant SOB, who fancied himself as a successor to Sid when he retired next year. “Back in grad school they warned us about sympathetic resonance. Told us that under the right conditions, the main board wiring would start to act like an antenna and pick up stray signals. So what’s the problem? Shouldn’t the board’s shielding work both ways? Protect signals in and out?”
Sid frowned at the kid. The new ones always have all the answers, he thought. “Sure, but that was assuming that board voltage was high enough to mask any significant effects. Problem is, some of our new boards are running at less than a tenth of a volt. Well gentlemen, at that level effects are already showing up.”
“Whoa,” interrupted the whiz kid. “You mean you have seen this happen, for real, on the new Omni?”
Sid looked over at him, paused for effect, “Yep, got the preliminary data analysis drawn up on some viewgraphs to present at Friday’s technical exchange meeting. Looks like the 10 clearly reacts to EM fields from nearby generators. You name it; refrigerators, televisions, cell phones. Hell, give me a few weeks and I’ll be able to program a computer from across the room using the touch-pad on my microwave oven.”
Sid waited for comments. When there were none, he dropped the real bombshell. “Got me thinking. So I ran a few tests this morning on some of the Omni-4’s. I think that they may be susceptible to the same effect, although to a lesser extent. I’ll have more when the numbers get crunched.”
One of the guys at the far end of the table, from the production side of the house, leaned forward in his chair. “That’s impossible, we’ve been shipping the O-4’s for eighteen months now. Stellar is using them in all of its Sierra servers, and in god knows what else. Do you have any idea what this could mean?”
“Actually,” Sid said, “I haven’t a clue.”
To be continued...
Copyright © 2004 by Bob Sorensen