This post was syndicated from: Errata Security and was written by: Robert Graham. Original post: at Errata Security
Former CBS journalist Sharyl Attkisson is coming out with a book claiming the government hacked her computer in order to suppress reporting on Benghazi. None of her “evidence” is credible. Instead, it’s bizarre technobabble. Maybe her book is better, but those with advance copies quoting excerpts make it sound like the worst “ninjas are after me” conspiracy theory.
Your electronics are not possessed by demons
Technology doesn’t work by magic. Each symptom has a specific cause.
Attkisson says “My television is misbehaving. It spontaneously jitters, mutes, and freeze-frames”. This is not a symptom of hackers. Instead, it’s a common consumer complaint caused by the fact that cables leading to homes (and inside the home) are often bad. My TV behaves like this on certain channels.
She says “I call home from my mobile phone and it rings on my end, but not at the house”, implying that her phone call is being redirected elsewhere. This is a common problem with VoIP technologies. Old analog phones echoed back the ring signal, so the other side had to actually ring for you to hear it. New VoIP technologies can’t do that. The ringing is therefore simulated and has nothing to do with whether it’s ringing on the other end. This is a common consumer complaint with VoIP systems, and is not a symptom of hacking.
She says that her alarm triggers at odd hours in the night. Alarms work over phone lines and will trigger when power is lost on the lines (such as when an intruder cuts them). She implies that the alarm system goes over the VoIP system on the FiOS box. The FiOS box losing power or rebooting in the middle of the night can cause this. This is a symptom of hardware troubles on the FiOS box, or Verizon maintenance updating the box, not hackers.
She says that her computer made odd “Reeeeee” noises at 3:14am. That’s common. For one thing, when computers crash, they’ll make this sound. I woke two nights ago to my computer doing this, because the WiMax driver crashed, causing the CPU to peg at 100%, causing the computer to overheat and for the fan to whir at max speed. Other causes could be the nightly Timemachine backup system. This is a common symptom of bugs in the system, but not a symptom of hackers.
It’s not that hackers can’t cause these problems, it’s that they usually don’t. Even if hackers have thoroughly infested your electronics, these symptoms are still more likely to be caused by normal failure than by the hackers themselves. Moreover, even if a hacker caused any one of these symptoms, it’s insane to think they caused them all.
Hacking is not sophisticated
There’s really no such thing as a “sophisticated hack“. That’s a fictional trope, used by people who don’t understand hacking. It’s like how people who don’t know crypto use phrases like “military grade encryption” — no such thing exists, the military’s encryption is usually worse than what you have on your laptop or iPhone.
Hacking is rarely sophisticated because the simplest techniques work. Once I get a virus onto your machine, even the least sophisticated one, I have full control. I can view/delete all your files, view the contents of your screen, control your mouse/keyboard, turn on your camera/microphone, and so on. Also, it’s trivially easy to evade anti-virus protection. There’s no need for me to do anything particularly sophisticated.
We are experts are jaded and unimpressed. Sure, we have experience with what’s normal hacking, and might describe something as abnormal. But here’s the thing: ever hack I’ve seen has had something abnormal about it. Something strange that I’ve never seen before doesn’t make a hack “sophisticated”.
Attkisson quotes an “expert” using the pseudonym “Jerry Patel” saying that the hack is “far beyond the abilities of even the best nongovernment hackers”. Government hackers are no better than nongovernment ones — they are usually a lot worse. Hackers can earn a lot more working outside government. Government hackers spend most of their time on paperwork, whereas nongovernment hackers spend most of their time hacking. Government hacker skills atrophy, while nongovernment hackers get better and better.
That’s not to say government hackers are crap. Some are willing to forgo the larger paycheck for a more stable job. Some are willing to put up with the nonsense in government in order to be able to tackle interesting (and secret) problems. There are indeed very good hackers in government. It’s just that it’s foolish to assume that they are inherently better than nongovernmental ones. Anybody who says so, like “Jerry Patel”, is not an expert.
Attkisson quotes one expert as saying intrusions of this caliber are “far beyond the the abilities of even the best nongovernment hackers”, while at the same time quoting another expert saying the “ISP address” is a smoking gun pointing to a government computer.
Both can’t be true. Hiding ones IP address is the first step in any hack. You can’t simultaneously believe that these are the most expert hackers ever for deleting log files, but that they make the rookie mistake of using their own IP address rather than anonymizing it through Tor or a VPN. It’s almost always the other way around: everyone (except those like the Chinese who don’t care) hides their IP address first, and some forget to delete the log files.
Attkisson quotes experts saying non-expert things. Patel’s claims about logfiles and government hackers are false. Don Allison’s claims about IP addresses being a smoking gun is false. It may be that the people she’s quoting aren’t experts, or that her ignorance causes her to misquote them.
Attkisson quotes an expert as identifying an “ISP address” of a government computer. That’s not a term that has any meaning. He probably meant “IP address” and she’s misquoting him.
Attkisson says “Suddenly data in my computer file begins wiping at hyperspeed before my very eyes. Deleted line by line in a split second”. This doesn’t even make sense. She claims to have videotaped it, but if this is actually a thing, it sounds like more something kids do to scare people, not what real “sophisticated” hackers do.
So far, none of the quotes I’ve read from the book use any technical terminology that I, as an expert, feel comfortable with.
Lack of technical details
We don’t need her quoting (often unnamed) experts to support her conclusion. Instead, she could just report the technical details.
For example, instead of quoting what an expert says about the government IP address, she could simply report the IP address. If it’s “75.748.86.91″, then we can judge for ourselves whether it’s the address of a government computer. That’s important because nobody I know believes that this would be a smoking gun — maybe if we knew more technical details she could change our minds.
Maybe that’s in her book, along with pictures of the offending cable attached to the FiOS ONT, or the pictures of her screen deleting at “hyperspeed”. So far, though, none of those with advanced copies have released these details.
Lastly, she’s muzzled the one computer security “expert” that she named in the story so he can’t reveal any technical details, or even defend himself against charges that he’s a quack.
Attkisson’s book isn’t out yet. The source material for this post if from those with advance copies quoting her ]. But, everything quoted so far is garbled technobabble from fiction rather that hard technical facts.
Some might believe this post is from political bias instead of technical expertise. The opposite is true. I’m a right-winger. I believe her accusations that CBS put a left-wing slant on the news. I believe the current administration is suppressing information about the Benghazi incident. I believe journalists with details about Benghazi have been both hacked and suppressed. It’s just that in her case, her technical details sounds like a paranoid conspiracy theory.