|
The Griffin -team is looking for your ideas and comments. Join and show your support for Griffin. General thoughts
Thumbs ranking
DescriptionHave you got some general thoughts on Griffin, some insights you'd like to share or some topics you think would be good to go through in the production.
ShotsMultiple threadingsWas listening to Richard Gatarski presenting at the SPECIES 2010 conference and got inspired by the multiple threadings comparison between Dragnet, Starsky & Hutch, Hill Street Blues and The Sopranos (see attached image) There's also more on that on Wikipedia, inspired by the Everything Bad is Good for You book by Steven Johnson: http://en.wikipedia.org/wiki/Everything_Bad_Is_Good_for_You As we will be doing Griffin in multiple locations in parallel, would be cool to have like 15-20 different threads going on and then bringing it all together in a cool way, maybe some final episode or something. To make this happen we will need lots of different small stories that we weave together and interlink in different ways. 
 All The President's MenWhile I was responding to Timo's post over on the Star Wreck forum, it came to mind that the 1970s journalism thriller All The President's Men provides some interesting methods for presenting technical things in a compelling way. For those who don't know, ATPM was a dramatised version of the real events which led to the downfall of President Nixon. The film had a very unusual style, almost like a documentary, and it assumed a lot of intelligence from the audience. Here's a typical example: Note that it doesn't matter that the dial phones and pencil-and-paper methods are dated, because the film is still a gripping story with gripping performances. It's ultimately the drama that carries things, and seeing old technology just adds to the 1970s atmosphere. But the realism made the performances more believable. CommentsGood point, liked the clip. Lots of food for thought. Linus Torvalds as guest star?Is it possible to include Linus Torvalds to appear on the series just to fill some scenes? Perhaps saying something like...
"Never seen a penguin full of them worms..." (surprised to see the worm is infecting all os in a rapid pace) "Kill it" (Saying solution to eliminate the worm or with a sinister face :D to eliminate the hacker) Comments:D Ha ha apple and worms... Thats more like it... Regarding worms, Apple is a big shiny target for such jokes. Yeah; that would be great! Sure. We can always ask him.  Caller ID follies and SWAT teams, hacking PBXThere was a case of a guy tricking a 911 system to believe he calls from another place, and then social-engineering the police to send a SWAT unit to the premises.
A lot of possibilities along these lines opens when we take in account the often poor security (e.g. default or weak passwords) in today's low-cost PBX systems. Another trick with hacking PBX is in issuing calls from them to paid lines and cashing in potentially fairly fat profits. CommentsWhy do people do this? (sigh) Update, calling a police unit to swarm a victim is known as swatting.
Concealed electronicsTwo potentially useful toys I obtained and reverse-engineered some time ago. The knowledge/appearance/idea may be handy in some context. A spy pen, with a small camera/microphone and recording to a flash
A stun gun, an electric paralyzer
The electronics of either can be mounted into anything else it fits into. The camera battery can be replaced with a cellphone Li-ion battery with several times as high capacity (and correspondingly longer recording time; for this type of camera the battery is the limit). The paralyzer may be built into a cellphone case or any other common object. (Bond? A pathetic wannabe. Q is the real hero.) CommentsMicroSD cards are another threat. They can be even hidden in a coin.
Another possibility how to smuggle data is to wrap said memory card in wax or other barrier (Parafilm M, or just drip wax from a candle on it) and then swallow it. Then pass the customs or other checks. Then, once in a safe zone, comes the icky part of the data recovery. But, well, that is the price of safely transporting 16 gigs of data. Yet another possibility is a carrier pigeon. In fact you might want to ask Mr Jalava if he wants to do a cameo with his special finger... ;) Sorry, where his finger used to be. But it's a thumb drive... :) Memory sticks / thumb drives / flash drives are really potent forces for espionage apparently. Some companies ban them from offices completely, because they make it so easy to smuggle vast amounts of data out of a building. Some of these drives are now smaller than the USB plug they attach with, and one Finn even had a drive installed where his thumb used to be: http://news.bbc.co.uk/2/hi/7949018.stm http://newsimg.bbc.co.uk/media/images/45575000/jpg/_45575974_img_6932_226.jpg A TIPHello, I decided to participate in the conversation. At first I say that I haven't read posting by other people yet, because I think that when I'll put this text here without reading them I may bring some essential things to the conversation. When making a TV program about nerds - or the exticing world of IT - the basic problem is that normal people think it's boring. To people who practice IT, coding and sitting in front of the computer all night long is something bigger than life, but unfortunately a normal person doesn't much out of this stuff if guys are just sitting in front of the computer and code something. The series needs some kind of "movement" to make it interesting. I guess the best way to achieve this is to use hitmen. When a hacker breaks into the database of a large company or government's database and finds something that nobody wants to find, the hacker will be silenced. If there's enough budget, using government is a sound choice and then we can use The Beagle Boys / SWAT. I know this is cliched, but cliches are used and they work. The most important thing is to make the program exciting. I'd personally use a main them which would bind all the episodes together - the person(s) is/are looking for a code that's bigger than life or something like that... but I won't mention anymore about this at this time of day. The program needs to move along or it'll become boring. For example in the good old Wargame the persons ran away from the government, so the plot mustn't stay still. CommentsThe point about a hacking story isn't the technology but the people using it. If you can get the right actors and dialogue to get across their feelings about the situation, and if they are playing interesting characters, the tech stuff can come second. Exactly.
Agreeing w/ Peter :
Reality conveyed in a memorable fashion tends to equal entertainment. Agree and we will make this exciting for non-nerds, but at the same time we want to make it as realistic as possible, ie has to credible to techies and coders as well. Crowdsourcing fake newsA group of people may be used to "crowdsource" a set of fake news. Many events these days get their way to the crosshairs of Big Media only after being spotted and amplified by the blogosphere. Sometimes the media do not even bother to check the information thoroughly; a small example, a fake suicide bombing in California, here:
The same tactics could be used for short-term manipulating of stock prices (and cashing in) by creating news about corporations, or for character assassination before elections (whether national, municipial, or for a corporate board). The people sourced for the task may or may not be aware of the true purpose of their work. Operating in the open with lower risk of early detection could be achieved by working in a language different than English (and than of the target, if not English). Finnish, Czech, or Chinese/Japanese/Korean may be just a few examples of languages relatively few people in the common population, outside of said countries, understand; if obvious keywords are avoided, discussions may be pretty much invisible to English-speaking searchers. For direct mass-scale influence, direct engagement of people on blogs and other discussions is required. Countering the unwanted opinions and drowning the voices in the ones peddling the party line. Three examples I mentioned elsewhere already.
Amazon Mechanical Turk is an example of a service connecting people doing small tasks and people willing to pay small prices. This, or similar, service could be used for recruiting large amount of people at short notice for piecemeal simple tasks.
CommentsCool idea! And it could really work too. Which is scary and perfect for Griffin! Mass media broadcast hijacksThere are some cameras in local mountains, panning across the landscapes. One local TV channel shows them in the morning, showing weather in different areas. In June 2007, Czech guerrilla artists from the Ztohoven group climbed to one of the installations, connected wires from one of the cameras to a portable player, and fed the direct-to-TV broadcast with an altered version of the video, showing a nuclear blast and a mushroom cloud growing in the background.
More such incidents happened in other countries.
Even satellites can be hijacked. Old US Navy communication satellites are commonly used to relay radio traffic of third parties.
Comments
Nice point Delphine:
With sufficiently professional broadcasts, the difference between the original and the injected news may be significantly diminished, leading to the people not being able to distinguish between real and fake information. (Like if they were now. *cough*) A person able to immitate other people's voices may wreak quite a havoc into a radio transmission, impersonating a newscaster or a figure of authority. Another use in voice immitation is for e.g. CB or police transceivers, impersonating people with an authority and injecting commands (or at least causing confusion). If accessing broadcasts is so "easy", hundreds of attacks directed simultaneously on such breaches could allow a group to take over the entire global information network and broacast fake news or videos to control opinions and minds... A group of dissidents or anarchists could, for example, broadcast images that would make people join their cause or that would discredit governments. I think that would be very interesting! But of course, what would also be interesting is to see, how such a group would prepare a global attack. I am sure it would require months - if not years - of preparation to be ready. Taking the control of the news channels, radio waves and the internet at the same time would be like the apocalypse of the Industrialised World...  Social EngineeringSecure system is as secure as the weakest part of the system. Companies spend a lot of money in computer systems, but mostly the security leaks come from people handling carelessly memory sticks or reading their email in places where other people can read them also. For me the social engineering part has always been the most interesting thing about these computer crimes. CommentsFor spyware injection, a good method is a CD or a thumbdrive with an autorun script that injects the files into the machine. Then all that's needed is inserting and removing a CD, or doing the same with a thumbdrive. Operation that takes just a few seconds and can be done by an unskilled person. One last thing/scenario: "Evil maid attack": Target leaves his/her laptop to a hotel room in good faith as it's hard drive is encrypted. The hotel maid/cleaner comes and installs a password sniffer and comes back couple days after to collect the password and to steal the data: http://theinvisiblethings.blogspot.com/2009/10/evil-maid-goes-after-truecrypt.html In addition of just directly asking the needed information (which works surprisingly well), one common approach for the attacker is to get his/her hands to targets cell phone or computer "just to call/check something from the internet" and e.g. - quickly scan for any sensitive documents
I can also recommend reading the "The Art of Deception", a great introduction to the subject. Some good concrete ideas might come from stories over penetration testing - i.e. activity to test companies/products security level by attacking them via social engineering and technical ways. There was even a attempt for a TV-series regarding pentesting, called "Tiger Team" but despite a good try it wasn't a success: Regarding social engineering, Kevin Mitnick's book "The Art of Deception" contains a nice set of examples.
This data-in-images trick is called steganography.
It can be used with images, with movies, with sound files. Uncompressed files are the best way. Discovering such hidden data then becomes an exercise in comparing probability distributions; preventing discovery then becomes the problematics of mimicking the probability distribution of the original bits with the data-carrying bits. Long time ago, in 90's when there were some talks about restricting public access to cryptography, I thought up such scheme, called it "noise-level encoding". Abandoned it when I realized the state-of-the-art is way more advanced. A possible thing to do is taking the masters for a music CD, and using the least-significant bits of the tracks to encode data. Then press the CD and distribute it. Then, once it's widely available, release the information that the LSB stream contains interesting stuff. Great ideas! One social security -related episode would definitively be a good idea!: Not exactly connected to social engineering, but I read some years ago about that terrorists could use the graphics files, jpeg or some other pictures to carry their messages almost open for everyone. The trick was that there was a system to embed the message in certain areas of the coding, in five bits sequences for example. Only terrorists themselves knew how to extract the messages from the jpeg -pictures. In this project worm that could be used: The connection to social engineering comes from the nature of the pictures. There could be for example some porn addict working in a company collecting pictures and then some computer criminal gets parts of his computer program code imported in that firm so thet code is spread in diffrent sets of pictures. The key program, "core", is a small set of instructions that comes in USB memory sticks boot sector and when launched it constructs from the data extracted from worker's picture collection a big computer program the Worm... Just some ideas for the plot. http://www.chrissanders.org/?p=34 http://www.simplehelp.net/2008/08/12/how-to-embed-hidden-messages-in-picture-files-os-x/ Agree :D Cyber WarsWell, because parts of the world is so dependent on e-technologies nowadays, the wars may also shift towards the online world. Cyber criminals could be for example be hired by hostile nations to perpetrate attacks against friendly nations etc. Basically, I propose an idea for Project Worm, that one story takes place during a major international conflict, when suddenly, a wave of DDOS attacks start on the country's(or a numerous countries) servers. There would be research of who could be behind it, and traces go back to a hackers organization with ties to the other side of the ongoing conflict. And the story would progress towards the attempts to knock the perpetrators offline and catch them. CommentsA common technique for getting rid of the pesky critics is drowning them in "positive" voices. These voices can be efficiently crowdsourced. Just a few examples:
In the world of cyberwarfare itself, there are frequent skirmiskes underreported by the mainstream media. During the start of the Gulf War, the al-Jazeera website was DDoSed offline.
During the 2008 South Ossetia war, there were attacks on machines in Russia, Georgia, South Ossetia, and Azerbaijan.
The row about relocation of a Soviet-era statue in Estonia culminated in a series of attacks on Estoinian servers.
The recent attacks that downed Twitter and Facebook were aimed against a single person (talk about collateral damage).
In 2000, Israel's servers got under coordinated attacks of a simple nature.
Other common pairings in the world of natioinalist online conflicts are China/Taiwan, China/Japan, India/Pakistan, and the Koreas.
The conflicts aren't limited to the natins. Corporations are frequently finding themselves on the ugly end of a DDoS. One of the recent examples is Amazon.
So far most cases are limited to DDoS and simple defacing, with an occasional dash of espionage. However there is a distinct possibility of crippling or even hijacking even things like power plants and other infrastructure. The SCADA systems are often old legacy crap retrofitted for Internet access, often without considering the security requirements for things exposed to the open Net. *That* could become scary, especially if used as a support in combination with other modes of attack.
There are already some governments hiring students or computers geeks to spy and "clean" the internet. http://www.nytimes.com/2006/05/09/world/asia/09internet.html There are also a few conspirations theories about China.
http://www.infoniac.com/news/chinese-hackers-spotted-british-government-attack.html |
Jump to comment form
Comments
This shot doesn't have comments.
You must login or register to comment