Russian hackers appear to think out of the box, when provide and distribute messages to inter-wide public.
It’s quite worrying to read about the modern time attempts to fabricate, misleading information and news. It’s also worrying to see that organizations or hackers try to use weak spots in the TCP and UDP protocol to provide messages to the world, not only to trick resources that consume it but also to its design. The provided screenshot above is taken from two different web pages and we can see completely unnormal activities here. For this particular presence, there is a language-type header provided in the TCP used by client and server to determine for instance web language capacity and preferrables. Short version. As a side note to the article, i have no fact to proof russia as a source, just that they shows up to be. An interesting situation when talk about false inforlation. So lets continue from that stand point.
This header is fully possible to amend and do stuff with, with just a normal development knowledge. It’s not even considered “hacking” to amend those fields to whatever . What we see here is new kind of grep in a information war. Hey, these headers are there to be used for customization, to make webpages and clients customizable to fit the style that the clients want. And for server to load and balance the correct resources.
But unfornately it can also be used as an alternative way to spread and provide propaganda or other kind of information. It’s kind of stright forward since long time a (by hackers, mostly) useful channel to spread information “under the radar”. During the years, several weakness has ben exploited in servers and clients by malformatting those headers and how they looks like. And also fixed with hundreds of patches in all kind of layers and applications. The issues exist and are fully possible because computer systems traditionally are built upon “keeping good sense is win win”, so owners and developers does develop up to application stability. Security has often ben the black sheep associated with uneccessary high cost because of: “do we need it to work? Does it work anyway?” No, yes..
Last years, we come to see that the reduce in cost did not dissappear. It was just moved forward in time and classified as “security threath” instead of being included in development sprints from beginning. If any good out of it, is that we now have new IT professional titles such as “Security architect” “Security specialist” and so on. Those have now a job for a life time.
To be honest. More annoying then worrying is that the worlds most used communication method is so depending, on transport level, on just two transfer protocols. (I put a BUT on this comment, to a later posting). Both of them relying so hard on the sending- and receiving application for their security. I want to mention the link and hardware layer, but that chapter will dig us into a black mall of mud open for exploits and to spread desinformation.
What do you think we should do in nearest future? SSL, two way factor encryption is just a way to hide information from the wires and waves. If its too efficient, we will start to worry about other war related challenges. But the core of the issue is most close to a solution; The information that can be sent, is constructed in application level developed by programmers. It’s received by applications developed by programmers. Programmers can be hirest, have their own agendas or other purpose that does not follow the purpose with their work. Employees that knowingly leak information to foreign purposes. Software security is hardly of help here. Applications can be patched. Rely less on the TCP data provided in the headers, have better mechanisms on how information is transferred to reduce the risk of being hacked. In this Machine Learning, Deep Learning and AI algorithm days, we also need to take much more care about how much descriptive meta data applications do provide. Also – how much descriptive meta data key positions within infrastructure and application owner and administrator level can leak. Accidantely or deliberately.
I see a year 2017 where most developers will stand in front of the questions:
- How do you secure your code?
- What is security for you?
- What does the word “responsibility” mean to you, when you produce safe code?
- not in terms of memory leak or machine safe: Means information safe
- Have the system you worked in ben hacked?
- Have you cleaned up or traced activities from a hack attempt?
Im also almost 100% sure that we soon see insurance firms add additional services for costs that can be related to security threats. Both private, companys or whatever kind of customers.