Skip to main content

Ministry of Computing

Part 1: It Begins

Preface

With the newspapers full of large-scale data breaches, where each one was larger than the last, no-one ever thought it would be Tom McKinnon, the Chief Security Architect at the Ministry of Computing, that would go down as the person who would create the most devastating breach of all.

Hack-a-day

The security operations centre within the Ministry of Computing contained many screens showing traffic flows and security alerts. Its coloured coded traces had been designed for the human operators to detect major intrusions, and where green showed that all was good; amber defined a change; and where red identified the colour of danger. 
The analysts had perfectly tuned their eyes to the scrolling charts and text feeds, and could instantly see the seeds of attacks. They were the experts in finding not only a needle in a haystack, but also a pin-prick on the Moon. 
The place ran on normality - using signatures of well-known intrusions -  and on abnormality - where alerts triggered on things that didn't quite fit into the norm. From a staff of a few hundred there were now thousands of security analysts who were well-trained at pin-pointing the first signs of an intrusion, and then using their analytical skills to trace through complex data sets. Time was of the essence, and a time window of seconds was enough for an intruder to gain access, compromise a system, and leave.
As the person most involved with spotting potential hacks, the screen that interested Tom the most was the running news channels, and which showcased their "hack-a-day" new items. In what had started as 30-second news items, it had become a two-hour daily spot, and each one highlighting a new hack. Over the months it had covered the full spectrum of organisations and individuals that had any form of data to their name.
This time, on the programme, it was the Department of Military Operations, where a low-level operative releasing damaging information on spying on Cabinet Ministers. Next up was Sunshine Electronics, one of the most respected companies involved in consumer electronics, and with the release of embarrassing emails about how executives had used their position to get jobs for those they favoured.
The final part of the programme focused on a toy maker - Inteli-toys - which had been gathering information on each child who had bought their toys, and who had been using it to sell toys to them in future years. For them a child who likes ponies when they were young were going to like them as they get older. The data revealed the child, and how long they played with the toys, and had even managed to locate them through a local wi-fi connection.
Tom had been keeping track of the data leaks, and his well-leafed book was nearly full, with his chart of the leaks showing an exponential rise. From one or two a week, it was now often two or three a day. From kids toys to health care, there was not a day that went by that didn't release some new information to the awaiting media.

The Fight Against Crime

There were two things that Tom knew about his position. The first was that he, and his department, were fundamental elements in the fight against crime, and the second was that he knew more about network surveillance than anyone in the department.  For him promotion had followed promotion - and was based upon his innovations in the field of deep packet inspect. His new role as a Chief Security Architecture had now left him free to innovate with new ideas.
Over the past few years things in the country had been difficult, with events turning the nation into a state of fear. The President himself had stood for election on a bandwagon of change and where public services would move from being passive, and waiting for things to happen, to be more active. On his election, just weeks before, he had announced the policy of serious risk detection. With resounding cheers from the from the Senate he announced:
"Crime is a thing of the past ... our nation will be the first in the world to completely eradicate crime, as we will detect it before it actually happens.  Whether you're evading tax, or plotting the next major terrorist event, we will detect you, and stop you."
The task was given to the Ministry of Computation, who were to detect major crimes before they actually happened. Within days of the approval of the policy, the keywords had been drafted, with details about their context, and the profiles of criminal activities.
At first Tom was shocked by the range of terms that he had to search for, but as his system soon took shape. From keywords of "terrorist", "attack" and "bomb", Tom knew he had to test his system so added "snake bite", "ankle", and "spider", each of which flashed a single pixel on his screen to identify a hit - a true positive. His system could monitor every single data packet and every single call, and could mine out words, sentiment, and possible intent.
With a single gesture, Tom scrolled over the pixels on the screen, each colour coded for intent. As he moved over the red ones it revealed the strong comments:
I have just found a large spider and my bath and I splatted it dead!
He smiled in the way that a mad genius might! Another true positive for his system. His systems had, in the past, been riddled with too many false positives, but the security analysts became desensitised to the alerts. Often they didn't trust them as too many false positives came through. 
The system would flash up:
"I wish I was dead ;-)"
with a high risk, but where the human analyst would dismiss as a false alert. But his analytical system, after its false starts, had been running in the background and watching the human analysts for many months. It had logged their reactions to the alerts, and how they coped with them, and had generated a set of core rules which mimicked the human analyst. 
It was now running as a human analyst would, but as a billion faster than a single human being.

Biology in motion

Tom's system had innovated in the area of deep packet inspection like no other system had done in the past. For him every data packet was like a bit of DNA, and his main task was to represent each data packet as DNA sequences. Once classified, his task was then to match the sequence letters in a way that Biologists had done for decades. His true contribution, though, was the addition of differing voltage levels on chips, and where each logic gate stored over 1 million states. This multiplied the power of his system to over a trillion times more than any other computer on the planet.
After the announcement on the fight on crime, it had been three long weeks of development, but the flickering coloured dots on his screen identified the triggers for the signatures within the data packets.  Each colour coded pixel represented a different risk within whatever context he wanted, and where every single analytical method could be added ... location ... person ... religious belief ... skin tone ... it was all there. 
In a single gesture, the system could cluster ever person within the nation who had mentioned the president in the past week, and who was over six feet tall, and who had a cat as a pet. In fact, the system could even pinpoint if they drove a red car on a Tuesday. The state of emergency policy had opened up every one of databases in the country which held information, and nothing was left secret to the data gather. Over a single week, organisations were told that
Over a single week, after the policy was announced, organisations were told that their systems were to be evaluated for their security stance, but where the data gathers grabbed every bit of data that they could for the system, in order to gather the required information to detect crime. 
In the new policy nothing could ever be dismissed:
"We know that those who commit crime will get away with it, but we will monitor and track, and we will remember, and eventually we will find you."
Tom's system thus had to remember every single low-level threat.  In fact he had more disk space than virtually every user on the planet, put together. So his system would go live with the "log all" option.  So everything was logged, no matter the risk. If disk space became a problem, he'd ramp up the risk level, and clear the backlog.
For just now, the screen said "0.000 000 0001% used", and that seemed fine for him. A few years back, 1TB seemed a lot of data, but the ministry had  bulk bought almost every single storage disk that had been produced by the newly created factories. Over the country, new industries were cropping up, soaking up the funding for the investment in massively parallel systems and in large-scale storage. There were no moving parts, with their slow mechanics, in this system.
The investment had produced the technology where a micro chip was the size of a spec of dust, and could store over 1000 TB of data. Each too was fitted with multiple wireless antennas, and each capable of communicating with thousands of nodes at a time. There were no internal wires used in the system, and no part of the system was depended on any other part. Tom's system could thus cope with failures in a way that no other had done in the past.
With the last element of his work in-place, and the pleasing flashing dots of light, Tom closed his remote desktops, and retired to one of the on-site sleeping areas, feeling happy that the world of crime was in for a nasty shock.

To mine or not to mine

Tom awoke with the warm feeling that today would be the day that the Ministry would detect its first crime, and its focus was on hate crime. Few, though, in the Ministry of Computation had any real idea what a "Hate Crime" actually was, but with computer systems which could find common factors across seemly disparate information, there were a few pointers that gave the highest hit rates: swear words; a lack grammar and "!".
At his desk, and with the help of an online swear word service, Tom updated the rules on his detection system, and, within minutes, there were thousands of bright dots on the screen. With a single gesture of his hand, he moved the red coloured dots to the left of the screen, and 100. The message read:
"I think uhad better be ready you #$%@&!"
It wasn't perhaps the most coherent of messages, but as he scanned through the message, it certainly contained some horrible content. His system worked! He selected the "Log All" check box, and pushed the "Deploy" button. The security operations staff now had a new tool in their armoury, and crime would be the target.

Ministry of Computing - Part 2

Hate crimes

Government officials love statistics, and the Ministry loved giving statistics to their funders. With their links to law enforcement data sources, the Ministry could correlate crime to their activities. For hate crime, the rates had fallen by 43% in just the first three months, as users watched what they said on-line. To cope with the increasing levels of crime detection, the government had set fixed penalties on the detection of hate crime, with $1K fines for anyone caught sending abusive emails.
Some agencies saw this an abuse of civils rights, but the statistics talked for themselves. The greatest problem, though, was that no-one actually knew what abusive language actually was. Was it swearing at someone? But what if it was a joke? Was it threatening physical violence? No-one knew, but they certainly knew when the red lined envelope appeared on the letter box, and where the whole family could see that they had been up to no good. In a world of electronic communications, the Ministry of Computing knew exactly the communications method which could cause the most embarrassment to those who were committing the crimes.
Was it swearing at someone? But what if it was a joke? Was it threatening physical violence? No-one knew, but they certainly knew when the red lined envelope appeared on the letter box, and where the whole family could see that they had been up to no good. In a world of electronic communications, the Ministry of Computing knew exactly the communications method which could cause the most embarrassment to those who were committing the crimes.
No-one knew, but they certainly knew when the red lined envelope appeared in the letter box, and where the whole family could see that they had been up to no good. In a world of electronic communications, the Ministry of Computing knew exactly the communications method which could cause the most embarrassment to those who were committing the crimes.
The hate crime focus had been a good place to start, as it was just so easy to prove and that the Internet was just so full of hatred and targeted threats against individuals. 

In running action

The security analysts in the security operation centre were the hand-picked elite, and the Ministry did everything they could to find them and to keep them. They had endless job vacancies, and often had as many vacancies as the number of smart people that they could recruit. 
Things had been so bad in recruiting the analyst that their recruitment team had even started to visit primary schools in their area, so that they could pick-off the brightest and best for their future expansions. Anyone working within Tom's environment for even a year, could pick their job and salary, and to have the Ministry of Computing on their CV was a badge of honour.
For the analysts it wasn't the large-scale Distributed Denial of Service (DDoS) attacks that worried them mostly. For these types of attacks, there were a whole load of intelligent systems which would kick-in to cope with the attacks. The focus for the security analysts were the small and insignificant events which identified that someone was at the start of something bad. Using Tom's system they could spring-board from there into a vast mine of complex and interlinked data. The seed of the initial event could never be guessed, but the single hook would reach out across vast infrastructures of interconnected data. 

Log All

Tom's dream was in full motion, and, as he sat at his console station, he could hear the voices of discontent of those who thought that his system couldn't be built. But here it was in all its glory, and the results showed that it was bringing benefits to all. After months of running live, his system was detecting the early signs of crime, and punishing those involved before they took things to the next stage. 
His most prized part of his screen was the "Log All"checkbox, and its associated storage allocation. In the few months it had run it had moved from "0.000 000 0001% used", to "0.000 000 025 4% used" and, he calculated had stored 154 Zetabytes. As someone who had started programming on systems with 16KB of memory and with 10MBs of disk storage, they amount of data gathered had just spiralled, and his system had been built to scale-up like no other system created.
All of Tom's software programs were small, and just had a few lines of code, but they linked to advanced software libraries, so with one line of code he could parse Zetabytes of data into just a few records. In a few lines of code he could cluster for individuals, or groups, or people who like similar things, or people who didn't like similar things. Everything was scripted. All the core code had been written, and the analysts now just scripted everything, and they could search for things in any way possible.
There were places too that Tom would look to find the first sign of a major crime. It was the feeds from "Hck1" or "CU", and one of the messages just looked strange:
"Wany to see where Ministry of Comp staff go on their holidays ... click here"
Tom thought for a while.
He was trained not to click on suspicious links, as these would leave a trail of evidence back to the Ministry.  Many hacking agencies and hacktivists were in strong disagreement with the approach of the Ministry, and they were thus a constant target for spear phishing campaigns, and to probe for any way that analysts would type in their usernames and passwords. In fact, it had even got so bad that the analysts could only drink in bars where those who drank there had been checked, and there were continual friend requests on social media for their analysts. None of the analysts could actually know if anyone they were befriending, either on-line or in their real lives could be trusted, as many people just wanted access to the information that the industry was able to gain.
The link looked generic and there was no tracking ID on it, but there was just something about it that increased Tom's suspicions. For all the analysts, the Ministry had a whole lot of proxy systems, and these were located around the world. Each was part of a scrambled maze of interconnected devices, where it was virtually impossible to trace the original source of any request. Tom picked a proxy in Germany, which routed through the Middle East, and end-up back in London, and clicked onto the link.

Comments

Post a Comment

Popular posts from this blog

Getting Ready for the All Clear for Backdoors?

Introduction As GDPR heads towards an increasing application of encryption, the US may move towards legislating for a backdoor on crypto - named "responsible encryption". The justification revolves around cases such as for Syed Rizwan Farook who open killed 14 people in San Bernardino. Within the investigation, the FBI put considerable pressure on Apple to open the phone, but they refused. After this, the US government pushed through a court order to force Apple to produce a new operating system which could be unlocked, and again Apple refused and said that it was "a threat to individual liberty". Many now see strong encryption as the key weapon in a battle between perfect encryption and a Big Brother society, and where civil liberties are the ultimate target. And so to soften the tone of the debate, the term exceptional access was coined. Clear While President Obama dismissed the application of backdoors into crypto, it is now being pushed forward within the
Post a Comment
Read more

The Domain Reminder "Scam"

Introduction You may know that I often follow-up on scamming emails, in order to investigate the true motive for their attempt. So here I would like to outline a scam which looks fairly passive but tricks the user in its usage of wording. The Scam First the scamming company search DNS records and locate a domain which is near to timing-out and gain the email address of the registered person. Next they draft an official looking email which looks like it knows lots of details about the domain and account holder, and which warns them about a domain which is expiring: But the wording is strange here, and there's nothing illegal in what they are offering. In quickly reading the email, it seems that they are warning you that your domain is expiring on 28 June 2017, and that it will be cancelled . But read more closely ... it is their offer of the SEO registration that will be cancelled on 28 June 2017! This is the same date as the domain is actually going to time-out, so they
Post a Comment
Read more

Shooby Shooby Do Yah ... now Google ... Turn Bill's Lights Off

Introduction I drove from Edinburgh to Glasgow last and had a merry chat with my car companion. A s I was driving I asked them to "Play Banana Republic by the Boomtown Rats on Spotify", and then asked, "Tell me the latest tech news". But I was alone in the car, and every command began with "Okay Google". I must admit when a great piece of useful technology comes along, I love it. There is no button to press, and there is no looking at the screen, and it works beautifully. All I have to do is match my sentences to the ones that my Google Assistant understands. For just now we are in a learning phase, and she is learning from me, and I'm learning from her. The world, as far as I can see it, is moving towards one which has Alexa, Siri and Now Google embedded into it. I believe this will become one of the greatest steps forward in the true integration of technology and humans. But, on the other side, we now have a little spy in our pocket, and s
Post a Comment
Read more