Hacks and Leaks Expose Vulnerability of Internet Apps and the Current Hardware We Use to Access Them

July 25, 2016

157

July 25, 2016 – The latest Wikileaks of emails from the Democratic National Committee’s mail servers is just another sign of how vulnerable we are today to those who find breaking into computer systems a profitable experience. I’m all for whistle blowers who expose the truly corrupt but the mischief makers are out to sow nothing more than turmoil because it suits their purposes. Where I believe the current presumptive nominee for the Democatic Party in the United States received either bad information technology advice or showed a poor understanding of technology, Hillary Clinton is now the subject of those aimed at spreading mischief. And it is easy to do in the technology world.

Computing systems such as the latest desktop computer I purchased from Dell in the last few months, a regular Rolls Royce platform with multiple expansion slots and more USB ports than you can shake a stick at, are even more vulnerable to security risks than the simpler and slower machines they replace. That’s because for every 100 component parts added to the latest computer model, hackers identify 10,000 vulnerabilities.

Why is that? Lots of reasons.

More memory means more chips that can be hacked.

Multiple processors means multiple opportunities for hackers.

A dedicated video processor and video board components can be hacked.

Your power supply and even the fan motor can be hacked.

And that’s when the machine is brand new. When it ages the technology experiences subcomponent failures and with each the hardware becomes even more hackable.

In terms of the software you run on your computer, it involves billions of lines of code from machine assembly language to the programs you use to create documents, spreadsheets, presentations and emails. All present multiple points of entry for individuals seeking to compromise your system.

So from device drivers to applications to the Internet, all can be compromised.

As computer users we all face a common problems. What is an acceptable level of security which we can tolerate that still gives us easy access to our systems while keeping intruders out. No one wants to go through multiple username and password layers just to get to the work you need to do. That kind of computing environment becomes onerous. And although security encryption devices we plug in to a communications port may give us a sense of security, in fact, with the right tools in hand, the wrong people can do an end run around the most sophisticated protections.

I remember a number of years ago when I was working with RSA, one of the first companies to develop sophisticated encryption that generated random keys to unlock systems, it appeared to me at the time that not even the smartest hacker could compromise such systems. And since that time RSA and many other security companies have made cryptography even more sophisticated. Not enough though to stop hackers from breaking computer encryption and decryption routines state the experts.

A good example of new levels of vulnerability can be demonstrated in a test that was conducted by security researchers in 2013 to unlock the encryption algorithms created by RSA using a microphone and acoustic cryptanalysis. According to the researchers it was not that hard to break the encryption because the decryption keys could be extracted using a smartphone, with its built in microphone, placed 30 centimeters (a foot) from a target laptop. By listening to the sound of the computer the cryptanalysis found a way to break the encryption.

In our present day, therefore, it appears that the best way to ensure an email server, a desktop computer, or a laptop are not hacked, is to apply multiple layers of physical and software security. Then to ensure no one can actually break in by hearing your encryption, the modus of operation should include the turning on of a radio and the playing of it loudly. In lieu of a radio you could do you work while listening to a loud rock band or symphony orchestra.

Maybe this is a lesson for the Democratic Party based on the latest news that could imperil American democracy in the run up to the 2016 Presidential election.