Your SSN is not secure at all. Not even a little bit. That’s because it is not a secret that only you know.
People have been putting malicious software in drives’ internal controllers for as long as drives have had internal controllers. The Commodore 1541 disk drive famously had a controller with its own CPU and RAM; unscrupulous developers were not above loading it with “copy protection” code that would attempt to physically damage the drive in the event that the user attempted to circumvent the protection. Dave Farquhar had a recent blog post about this: Commodore hardware viruses–yes, they were possible.
Wow, this stuff is all pretty scary.
It’s worth keeping separate the question of what the NSA or KGB could do versus what some Bulgarian credit card thieves could do.
Remember, the Bulgarians only have to be sophisticated enough to steal your mother-in-law’s CC number. And she’s no citadel of cyberdefenses.
The presence of outgoing packets to unknown destinations is always a good indication of bad things. But modern systems are sending so much junk as so much legitimate software phones home that sorting the good from the bad isn’t trivial. Worse, it is quite easy to subvert legitimate protocols to carry payloads out in essentially impossible to stop ways. If someone wants to enough, they will find away.
Ken Thompson, one of the fathers of Unix, wrote a secret backdoor into the OS that would let him take full control of any Unix system. And he did it in such a way that, even if you examined the source code for absolutely everything on your computer, you’d never find it, because it wasn’t there. And yet, if you compiled that perfectly clean source code yourself, you’d end up with Thompson’s back door.
Now, there are ways to detect Thompson’s hack… but for any detection method you can come up with, you can also come up with a variant of the hack that detects that one, too. Ultimately, to be completely sure, you’d need to examine every bit of the hard drive and every switch of the processor, personally, using an electron microscope.
Somewhat related, you can run an operating system that leaves as few traces of data as possible. A live Linux system can be put on a USB stick and will boot a computer, load the entire operating system into RAM, then wipe the RAM as you shut down the computer. Nothing is saved anywhere on the hard drive and nothing is saved to the operating system. I like the Air Force’s TENS operating system for simple portability, Tails OS for security and anonymity, and am looking forward to SubGraphOS which is still in the Alpha stage. Qubes also looks good but I haven’t tried it.
That said, while they’d make the average person pretty secure against most malware that’s installed on an operating system, somebody like the FBI would still have plenty of options. If they can’t compromise your live Linux system through malware, physical access like the OP mentioned would leave you wide open. If they couldn’t get physical access or get any malware into the system, they could go after your router or your phone instead.
A friend of mine, many moons ago, was decoding (disassembling) the built-in programming on his TRS-80. (No disk drives, all the system programming and basic was in BIOS chips.) He found an interesting fact - a few routines jumped into the middle bytes of existing subroutines. His conclusion - the programmers needed short routines that did certain things, say a 3 or 4 instruction subroutine. They must have scanned the code for that sequence of bytes and found it in the existing code, so made a JSR instruction to jump to it. Of course, modern code is much more complex, the odds of finding the exact sequence of bytes to do anything useful is much less likely, and compilers remove you more from hands-on of the specific byte sequences of the complied output. But it is one method to get to a different sequence of code without the jump itself being evident in the disassembler.
Well, yeah. It’s not a virus, it’s a specifically installed program put there by the user. If it installed a off-the-shelf rootkit or bot, it would no doubt have been detected. But a full program that does not try to hide itself is not a “real” virus. It’s allowed to use the network like any other program - it just accesses botnet central instead of (or as well as) posting your high score on the game website.
(BTW, we’ve blocked port 25 -SMTP - from all but the mail server as a matter of routine for a few years now… for exactly that reason. Plus, more sophisticated firewalls like Cisco and WatchGuard have been able to scan and block web viruses, SPAM traffic in and out, and botnet phone home activity for quite a few years too…)
There are allegedly a number of “zero day exploits” not yet widely known. these are like gold for the groups that want to exploit computers. They are essentially tricks for getting computers to execute compromising programming. But generally, the usual suspects who want your credit card don’t have them.
Once in a while, someone finds another, and it can take the AV people a few hours or a day to distribute the updates to guard against the. the various anti-virus companies have “Honeypots” spread across the internet, apparently vulnerable computers waiting to be exploited. the Bulgarian Mafia isn’t going to get your aunt’s credit card unless they infect her PC. As soon as they infect the wrong PC, their exploit is known, and is no longer as useful.
it used to be that even after a fix was released, millions of PC’s were never updated and stayed vulnerable. But between free AV software, more aggressive fixing, and techniques like Windows 10’s automatic updates, it’s harder to find vulnerable PC’s. It’s no longer lackadaisical - ensuring Windows and browsers cannot have the keyboard input tapped, for example, is a serious effort in developing that software.
Allegedly, the NSA and the big foreign equivalents have exploits they’ve hung on to for years to compromise systems. But every update runs the risk that the exploit may be broken deliberately or by serendipitous chance. The NSA is better off doing what they did with CISCO, intercepting shipments to certain overseas destinations and replacing the ROM chips with NSA’s own backdoor laden updates.
So short answer - unless you’re Assange, Snowden, Putin, or a foreign embassy, you can be pretty sure that you are not the ongoing victim of an exploit, provided you have some form of up-to-date scans happening. After all, if internet banking were that insecure, we’d sure as hell hear about it; I suspect millions of people rely on home computer banking.
This is called Return Oriented Programming and is a modern hacker technique.
ROP with a suitable library can form a Turing-complete language, allowing an attacker who has compromised the stack full control of the computer without downloading additional code.
That’s a bit of an excluded middle, isn’t it? I think it’s a little misleading to say that everyone is either an ordinary schlub, protected from unsophisticated attacks by retail antivirus, or a target of the most powerful intelligence agencies in the world.
In the middle there are plenty of people that have been the subject of targeted attacks. Do you have access to sensitive business information, political communications, or pictures of famous naughty bits? You could very well be the target of a sophisticated attack using a zero-day exploit to covertly harvest information.
(Though the vector for this attack is more likely to be spearphishing than an attacker working for Geek Squad, because online attacks are easier than meatspace conspiracies.)
Think of an exploit as similar to the enigma decoding machine the Allies built in WWII. You need to use it, but the more you use it for a purpose, the more likely of it being discovered; and there’s always the risk that it will be discovered accidentally. Once discovered, it’s effectively useless.
Yes, there are intermediate targets; but the more valuable the data, the more protected the location (we hope). For example, higher end spam filters typically can send suspicious emails and email trends back to a central site which can see a world-wide pattern. Higher end firewalls are more flexible and programmable than simple home ones.
Plus, each iteration of operating system becomes more sophisticated in its security - ordinary programs are not allowed to use operating system routines except in standard calls (if done right) and programs are not allowed to execute from data areas. Buffer overflow used to be a major vulnerability because lazy programmers did not double-check the size of the incoming data versus maximum, so it was easy to exceed the buffer allocation and write further on into the program area. Any programmer who does not explicitly check for buffer overflow nowadays should not be allowed near a PC. And so on…
Absolutely not true. Even 15 years ago, I was the subject of relentless hack attempts. Mainly from China. At the time I was involved in military aerospace. Basically Chinese hackers were - and still are - trying to hack anybody and everybody involved in anything in which they’re interested. That includes competing with Chinese firms.
I don’t know about internet banking as I don’t use it.
How many people here have heard of anyone they know personally that had their bank account drained from a infection of their PC to discover their online banking password? Yet I would guess at least half of people with bank accounts do some form of online banking. (and I’m thinking that’s a low number).
Getting onto your system to download files is a different kettle of fish. A number of sites I worked at had non-stop logon attempts from all over the world - China, Romania, and the USA come to mind, probably botnets. This motivated most of these sites to put restrictions on their RDP access or find different ways for remote access. but, humans tend to be the weakest link - inadvertent disclosures, poor password choices, etc.
the question isn’t whether they try, but whether it’s as easy to actually get in as it seems in the movies. The days where hitting the break key at the right time during a mundane program left you at the administrator prompt are long gone. SQL injection is so easy a schoolgirl did it in “A Casual Vacancy” but nowadays, any public-facing database site that hasn’t guarded against it is negligent and using outdated software. The openings get narrower every year.
One computer security guru I talked to mentioned that for example, Windows XP had some security holes that were impossible to plug, now that here are no more fixes going out. Also mentioned that physical access inside the firewall, even something as simple as being able to plug a tiny device unnoticed into an open network socket, was a huge opening. Plus, I’ve read items on how insecure USB is - the PC loads device drivers automatically from the USB device with almost no security. That’s a hole dying to be exploited for cellphones with all the public USB charge stations at airports.
Things are better now, but nowhere near perfect.
Her Mom too: xkcd: Exploits of a Mom 