Information Warfare: Things Hackers Do Not Like

Archives

August 26, 2015: Hackers are finding the more recent high-end (expensive to install and maintain) network security systems more complex, unpredictable and difficult to penetrate. For example it is increasingly common to encounter systems that not only demand complex and multiple user identification but also limit any access to a known list of “trusted” users and has different access limits for each of these users based on their jobs and past activities while on the system. .

All this is in addition to the growing complexity of “intrusion detection” systems. This special software is not just about detecting hackers as they try to get in but also continuing to check, using a constant infusion of new information and routines, to detect hackers who had sneaked in and were wandering around inside the network using stolen IDs from like legitimate users. One of the most successful of these new monitoring methods is to continually monitor everyone who is an authorized users and create a unique user profile of how they normally behave when logged in. This is very difficult for hackers to deal with because stealing someone else’s ID and password is one thing but also knowing the other persons normal behavior patterns is extremely difficult. The most likely response to this defense will be hackers attempting to find ways to disable the user profiling system right away. Even this is dangerous because the more advanced system allow the profiling system to be partially, but not completely, disabled for maintenance and even maintenance personnel have profiles of how they operate. The practice of installing user profiling systems makes intrusion more of a challenge often to the point where most professional hackers will not deal with it unless the payoff is huge or someone (like gangsters or the secret police) has forced them to go after these new defenses.

User profiling itself is nothing new. The technique was discovered in the mid-1800s by accident. In the early days of the telegraph experienced operators found that they could tell who was on the other end of a telegraph line by the rhythm of how the telegraph key was hit. This was called the operators “fist.” When computers came along it was possible to automate that particular intelligence gathering task. For example each user has a distinct typing pattern and rhythm that produces an identifiable “fist.” This led to several more ways to obtain information based on the keyboard use as well as identifying people by their pattern of actions when using their computer.

For example in 2008 a technique based on the sound that is made when a user strikes a key on a computer keyboard made it possible to determine what was being typed. Collect enough of these key noises, and based on what language the typist was using (all languages have a certain frequency of letter use), you can quickly “decode” those key noises and figure out what is being typed. This sort of predictive analysis is nothing new in Cyber War. This works for email or IMs (Instant Messaging). You can also positively identify different email users by analyzing their text. That same technique is used to crack secret codes. One of the oldest (by several decades) of these computer eavesdropping techniques is the ability, using fairly simple equipment, to pick up the small electronic signals your keyboard makes every time a key is hit and analyze those to figure out what is being typed.

Most of these techniques, however, assume you can get pretty close to the keyboard in question. Electronic signals from keyboards are kept from going far by modifying keyboards. These are the U.S. “Tempest” grade keyboards, often required when you are doing classified work. Getting a recording device near a keyboard may also prove difficult. So while the spies keep coming with great new tools, you still have to be at the right place at the right time to make it all work.

Researchers have found yet another way to eavesdrop on a computer user. A dot-matrix printer, still used to print multi part forms, gives out distinct sounds as each letter is formed, and computer software has been developed to "read" the sounds with a high degree of accuracy. Background noises can be screened out. This is one of several techniques developed in the last decade that allows useful information to be extracted from seemingly meaningless sounds. Intelligence agencies are always working to increase the number of tools they have to make sense out of seeming nonsense.

All this sort of work is now being used to improve intrusion detection. Hackers can automate phony “fists” and similar deceptions but there is still the problem that when hackers sneak into a network they do not behave like the people who belong there.