Skip to content

Secrets & Lies

January 13, 2010

I’m on to the book from the Cryptography Classic Collections: Secrets & Lies. I’m now learning the definitions to things I was “seeing” but not understanding. Here are some bullet points I have been highlighting along the way.

  • Who are the attackers? What do they want? What tools are at their disposal? Without a basic understanding of these things, you can’t reasonably discuss how secure anything is. My comment: Shit! I have no idea! Maybe a malicious insider? I’ll get to that later.
  • Attacks, whether criminal or not, are exceptions. They’re events that take people by surprise, that are “news” in its real definition. They’re disruptions in the society’s social contract, and they disrupt the lives of victims. My Comment: No shit! It turned my life upside down.
  • Invasion of privacy is the same problem whether the invasion takes the form of a photographer with a telephoto lens or a hacker who can eavesdrop on private chat sessions. My Comment: Holy Shit! Even though the phone did answer during their conversation, I realized once no one was talking to me but to each other I had figured out some intel….and I told. Therefore, being a reasonable human being and realizing the error of my ways, I have taken down the posts about my hurt feelings of betrayal and so forth. They still exist though and friends have passwords, just incase I do have some unfortunate events fall upon me. At least I have protected myself. I apologize for over-reacting, it’s one of the side effects from this summer and one I will correct….starting now.
  • Where there’s money, there are criminals. My Comment: Well…if you know the story then there definitely was money.
  • In the United States, personal data do not belong to the person whom the data are about, they belong to the organization that collected it. My Comment: I never realized that, but that’s true! Junk mail, phone calls, spam with names I would recognize, recorded conversations in the guise of “customer service”.

Now, for the Iran connection. This part of the book really blew me away, thinking about the consequences this has in the future. Check this out!

Over (now three) decades ago, we sold the Shah of Iran some of our old intaglio printing presses. When Ayatolla Khomeini took over, he realized that it was more profitable to mint $100 bills than Iranian rials. The FBI calls them supernotes, and they’re near perfect. (This is why the United States redesigned its currency.) At the same time the FBI and the Secret Service were throwing up their hands, the Department of the Treasury did some calculating: The Iranian presses can only print so much money a minute, there are only so many minutes in a year, so there’s a maximum to the amount of counterfeit money they can manufacture. Treasury decided that the amount of counterfeit currency couldn’t affect the money supply, so it wasn’t a serious concern to the nation’s stability. If the counterfeiting were electronic, it would be different. An electronic counterfeiter could automate the hack and publish it on some Web site somewhere. People could download this program and start undetectably counterfeiting electronic money. By morning it could be in the hands of 1,000 first-time counterfeiters; another 100,000 could have it in a week. The U.S. currency system could collapse in a week. Instead of there being a maximum limit to the damage this attack can do, in cyberspace, damage could grow exponentially. My Comment: We are truly looking at how technology could be used to crash our economic foundations.

Attackers vary, from lone criminals to sophisticated organized crime syndicates, from insiders looking to make a fast buck to foreign governments looking to wage war on a country’s infrastructure.


Comments are closed.

%d bloggers like this: