The story around badBIOS, the mysterious Mac and PC malware that jumps airgaps, is fascinating and surprising. The capabilities of sophisticated attackers right now vastly outstrip the defenses of any computer user or company. The news that the NSA had broken into the networks of Google and Yahoo, unfortunately, wasn’t surprising given Google’s move to encrypt traffic between datacenters early in September.
Hope we never get news that one of our antivirus programs have been selling off our data surreptitiously.
If the NSA aren’t able to monitor possible terrorist activity then who is brave enough to accept full responsibility if another attack occurs. I support global security of our borders and our freedoms.
I’m sure the military hackers have capabilities very close to this. I could totally have been convinced this was really happening with a tiny bit more real information.
But worried about Dragos, and his exposure here. I listened to his interview here http://threatpost.com/dragos-ruiu-on-the-badbios-saga, and read his Google+ posts.
And what I saw was a thing I’ve seen in myself once before. I really suspect Dragos is reading his systems’ normal activity the same way people read their bodies when close to the edge with anxiety. Looking at a complex system a lot more closely, finding “new” things, and seeing symptoms/patterns that were always there in the first place, just never observed before.
Being a security researcher would be the worst possible job to be doing to put you in that state, and keep you there. It’s your JOB to wear a tin foil hat, to assume any system is compromised. You read patterns into the background noise of raw memory/disk/BIOS dumps, of network/process activity, in places where the attacker could maybe be altering your perception or their existence, via a rootkit, or something like it. And in some gestalt moment, suddenly see the attacker that can only be perceived in those ephemera. The attacker that is trying to hide, and controls the means of your perception.
That’s how it’s meant to work when you’re doing your job right. You’re only working well if you’re paranoid to start. That’s your gift.
But he’s in that anxious state, so the slight shift to the side means he’s making that connection in the wrong place. I almost guarantee it. I hope I’m wrong. But I think, well, #BadBIOS, she never gets old.
The real question is: how can we make it OK, for Dragos? OK to have had a a moment of anxious altered perception, and very publicly? Not everyone understands it. “Either it’s real, or it’s a hoax.” But maybe it’s neither. He’s not perpetrating a hoax. He’s telling the world what he’s perceived.
Good friends have been there, and they don’t know I’ve been there. High-functioning individuals can get temporarily freaked. And they still sound almost-convincing in this arena, and smart & together in the other parts of their life.
For me, transitioning back was so easy. That moment, when you’re on a train at a train station, and your train starts moving…ah but wait no, it’s the train next to you moving, you’re stationary. Whoops, my brain got that wrong, I see it now, haha, it’s fine. It was like that for me.
But I think because it was mostly private. Yes, I completely freaked out my wife & child for a couple of months. But it was over so quickly. It must be so much harder to do in public.
I hope Dragos can find a similar transition. If that’s what’s going on. And I’m certain it is.