Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Digital Data, Security & the Weakest Link

By yuri in Internet
Thu Aug 02, 2001 at 01:53:49 PM EST
Tags: Security (all tags)
Security

For the last week or so, people I don't really know have been sending me files and asking me for my advice. At first, my impulse was to reply that the document was corrupted and I could not read it.

I came to I relish these nuggets of info, which surprisingly often, would contain insights into the senders personal life.

Finally, after receiving a file with some of my own private info, I began to fear them, and my privacy.


Of course, these email's were not intentionally sent by their authors. They were the result of the Sircam trojan virus which, thus far, has received surprisingly little media attention. This virus infects Microsoft operating systems, and sends random files from your hard drive to people in your address book (with viral payload appended).

At first, this was amusing. On my Mac (which is immune), I could open these up in a text editor, scroll past the gibberish and often find some juicy nuggets of info from the senders....sales reports, resumes, memos etc.

My opinion of this humorous situation changed when I received a document I had previously sent to someone else months ago. They had been infected and were unwittingly sending tidbits of info from their files to anyone in their address book. It is now possible that anything I had ever sent to anyone else previously, is currently being sent to all the colective address books of all my e-mail correspondents (shudder!!)

This is no longer funny. The security of the information I send confidentially to colleagues is now out of my control, and theirs. My private information stored in other peoples computers everywhere is at the whim of a crafty virus writer. This is not cool!

I found another example of such an incident involving the resume of an innocent person, a company infected by the virus, and an internet journalist.

No wonder most journalists are not reporting this...why stop the flow of private info when it could give you the lead for the next front page.

I would like to hear ideas on how this sad state of affairs can be prevented in the future....encrypted file systems? Auto-destruct e-mails?

Also, have you received anything interesting in you inbox lately? ;-)

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Poll
What have you recieved from Sircam?
o recipies 1%
o love letters 1%
o future blackmail info 9%
o trade secrets 12%
o nothing, I have no friends 61%
o porn 1%
o spam 9%
o an assasination plot 1%

Votes: 55
Results | Other Polls

Related Links
o Sircam trojan virus
o example
o Also by yuri


Display: Sort:
Digital Data, Security & the Weakest Link | 29 comments (27 topical, 2 editorial, 0 hidden)
<evil chuckle, bwahahaha> (2.33 / 9) (#1)
by pistols on Thu Aug 02, 2001 at 12:15:01 AM EST

The only question I have is, why would you send private information through email in the first place? Can anyone give me an example of when this might happen?

The file in question was NOT sent by e-mail (4.00 / 5) (#3)
by yuri on Thu Aug 02, 2001 at 12:51:00 AM EST

This has little to do with e-mail. Any non-encrypted file on any hard drive running Windows, transferred to that computer by any means is venerable. I usually give documents with private info to co-workers on a disk (zip).

The files are out of my control once I transfer them to anyone else, thus the dilemma.

[ Parent ]
I agree (4.42 / 7) (#4)
by qpt on Thu Aug 02, 2001 at 01:07:35 AM EST

I do agree that the Windows operating system commands respect, but I would not go so far as to say that all files stored on a computer running that OS are themselves venerable.

As for being vulnerable, Windows does have file system security and permissions capabilities.

Cheers.

Domine Deus, creator coeli et terrae respice humilitatem nostram.
[ Parent ]

You got me (3.25 / 4) (#5)
by yuri on Thu Aug 02, 2001 at 01:15:23 AM EST

And yea, it sounds pretty dumb when I read it again! Friggen English language!

Oh how I wish I was a telepath

[ Parent ]
NTFS vs FAT vs FUD (4.75 / 4) (#7)
by delmoi on Thu Aug 02, 2001 at 02:15:18 AM EST

NTFS (windows 2000, XP, NT) has file permissions and the like, FAT32 (windows 95,98,ME) does not.

That said, any machine running on a windows box that has been infected with SirCam is vulnerable. But, SirCam is just like any Trojan, it needs stupid people to transfer it. Merely being on windows (any windows) doesn't make you vulnerable.
--
"'argumentation' is not a word, idiot." -- thelizman
[ Parent ]
Er, (3.00 / 4) (#10)
by pallex on Thu Aug 02, 2001 at 05:03:05 AM EST

work? How about you dont want your customers knowing your mark-up?

[ Parent ]
Corporate e-mail (3.66 / 3) (#14)
by simon farnz on Thu Aug 02, 2001 at 07:59:35 AM EST

How about a company e-mail system linked up to the net? Most people assume that internal e-mail is as secure as the internal snail-mail and therefore they can send company confidential documents. If those leaked to your competitors (and there are good reasons why R&D staff could want to e-mail a competitor), you are in trouble.
--
If guns are outlawed, only outlaws have guns
[ Parent ]
Now we need... (4.28 / 14) (#2)
by SlydeRule on Thu Aug 02, 2001 at 12:45:24 AM EST

A variant of SirCam which only mails out MP3's.

That should drive the RIAA crazy.

MP3 Sircam (4.00 / 4) (#15)
by pixel on Thu Aug 02, 2001 at 09:08:49 AM EST

What an EXCELLENT idea!!!! What if we made it even more interesting... it only emails out MP3s that have an ID3 Tag Comment line something like:

send:myfriend@hisdomain.com

and it specifically sends that file to that person.

hehehe


<www.perceive.net>
- eric - people see the world not as it is, but as they are.
[ Parent ]
the virus I'm waiting for. (4.50 / 12) (#8)
by cicero on Thu Aug 02, 2001 at 02:21:14 AM EST

The virus I'm waiting for wouldn't wouldn't be sending random file from C:\Docume~\My Docu~\, it would look through the registry to find your default browser, the go to the cache directory of that browser and start emailng all jpeg's over, say, 20kB to people in your address book.

now that'd be funny.


--
I am sorry Cisco, for Microsoft has found a new RPC flaw - tonight your e0 shall be stretched wide like goatse.
I'm scared (3.00 / 4) (#11)
by BobRoy on Thu Aug 02, 2001 at 05:27:29 AM EST

This is a very frightening kind of viruses. I certainly don't like all my girlfriend friends to read what I have been writing in my emails to her. So if she get infected by something like this I guess my whole integrity will get lost.

What if my girlfriends' best friend finds out that I hate her guts? I think maybe this will help me in that way that we don't have to speak anymore. And I guess I won't be invited to her boring parties anymore.

If it's wet, Drink it!


Meta-sircam "is it real or is it memorex?&quo (3.33 / 3) (#12)
by johnny on Thu Aug 02, 2001 at 07:52:37 AM EST

I wrote about it recently in my k5 diary .

It is a (scary? amusing?) short true story about sircam & me, & it involves a postmodern riddle that I cannot solve but maybe some of y'all can. Anyway I apologize for the diversion, but it's not really off-topic (I think?).



yr frn,
jrs
Get your free download of prizewinning novels Acts of the Apostles and Cheap Complex Devices.

Nobody Loves Me... (3.00 / 5) (#13)
by Paradocis on Thu Aug 02, 2001 at 07:56:47 AM EST

...Or at least no one stupid enough to open up an email attachment with an executable extension.

This is probably a good thing.

-=<Paradocis>=-

Some of the things I've gotten... (3.00 / 5) (#16)
by wiredog on Thu Aug 02, 2001 at 12:10:59 PM EST

I work for a DoD contractor, we've gotten some informative, but unclassified, stuff from some .mil sites. At home I've gotten things from a couple of .gov sites. None of my friends or relatives have been hit yet.

The freakiest thing is, apparently, the diary of a girl in her mid teens (no drivers license yet), with full, and graphic, details of her, ummm, liasons with her boyfriend. They're doing things I didn't even know about until I was in my 20's. Receiving that diary raises some interesting questions for me.

The first is, how did she get the email address of a 36 year old programmer (me), and why?
Now, what do I do.

  • Do I just delete the file?
  • Do I reply to her and say "You sent me your diary, might want to check for viruses"
  • Do I track down her parents and tell them what she's up to? She could catch some nasty diseases, or end up pregnant.
The last question assumes that her parents, or grandparents, aren't in her address book. I can just imagine the reaction from her saintly gray haired grandmother upon reading that file.

If there's a choice between performance and ease of use, Linux will go for performance every time. -- Jerry Pournelle
Innocent (4.33 / 3) (#19)
by Ken Arromdee on Thu Aug 02, 2001 at 02:05:22 PM EST

The virus also gets email addresses from your browser cache, so she could have just been viewing a web page with your email address on it.

[ Parent ]
i've only gotten two copies (1.66 / 3) (#17)
by jbridge21 on Thu Aug 02, 2001 at 12:26:32 PM EST

I managed to get two copies of this, and successfully ran them under WINE to extract the embedded documents. One was an internal employee background check, and another was the personal and corporate financial goals for a real estate agent for the year 2001.

Fun stuff.

Slow rate of innovation in virus writing community (4.00 / 7) (#18)
by pjc50 on Thu Aug 02, 2001 at 12:35:21 PM EST

Robert Morris Jnr wrote a worm that spread through sendmail holes in 1986. Since then, we've seen thousands of viruses written and spread. What amazes me is how small the changes to other people's viruses are - most just change the weak point slightly or change one of the messages in the payload or change the DOS target or suchlike.

Sircam is a genuinely innovative virus - it manages to create a huge amount of disruption for just about everyone on the internet, even those with secured systems. Our postmaster here at work gets about a thousand mails a day from various Sircam sources.

An article on the register talks about Sircam picking up and emailing other viruses to people. This made me think: why don't virus writers write structured, modular programs that can benefit from new payloads or attack mechanisms as they are invented?

Imagine Sircam combined with Code Red ...

None! (2.66 / 3) (#20)
by kostya on Thu Aug 02, 2001 at 02:49:28 PM EST

Either my friends are really smart (they know how to protect their systems) or really boring (they don't ever login, use their computer, or have me in their addressbook). Either way (I'd like to think they are smart, but then, they are pretty boring), I haven't received a SirCam email yet.

I feel left out :-) Where's my juicy piece of the secret word documents?



----
Veritas otium parit. --Terence
Does anyone else keep a journal? (4.50 / 2) (#21)
by kostya on Thu Aug 02, 2001 at 02:52:07 PM EST

I keep my journals electronically (ever since the paper ones stacked up to a foot in notebooks).

Can you imagine getting your personal journals sent out to random people? YIKES!! Glad I use Linux! Actually, I use my Palm now, but I turned off the document sync at work, so no danger there. Still. Very scary.



----
Veritas otium parit. --Terence
Re: Does anyone else keep a journal? (4.00 / 2) (#24)
by neier on Fri Aug 03, 2001 at 02:58:46 AM EST

Combined with the case a few weeks ago of the Ohio man being arrested for a journal which he had never published, this has the potential to cause all sorts of problems.

[ Parent ]
Can you provide a link for this? (2.00 / 1) (#27)
by TheHateMale on Sun Aug 05, 2001 at 06:37:53 PM EST

First I've heard of this story. Could you give a link to it somewhere online?
-- "Anything you can quote has already been said"
[ Parent ]
Link provided (none / 0) (#28)
by neier on Thu Aug 09, 2001 at 09:30:08 AM EST

http://politechbot.com/p-02326.html

[ Parent ]
It's happened (3.00 / 2) (#25)
by wiredog on Fri Aug 03, 2001 at 09:11:38 AM EST

See my comment for a description of one I got.

If there's a choice between performance and ease of use, Linux will go for performance every time. -- Jerry Pournelle
[ Parent ]
NO ethics? (4.85 / 7) (#22)
by aralin on Thu Aug 02, 2001 at 04:30:37 PM EST

The scary part here is that people (YOU INCLUDED) seem to have no ethics whatsoever. Would you read an open letter when you would find it on your co-worker's table in the office? Do you really thing that its right to read these documents that you even know that were sent to you without consent of the author?

You should be really ashamed of yourself. I am system administrator for almost a decade so it might come natural to me to respect other people's privacy, but I am really suprised now that everyone is just boasting what they have got and no one says a word about the evident thing: YOU HAVE NO RIGHT WHATSOEVER TO READ THESE DOCUMENTS!

I agree. If you get people's info, DESTROY IT! (4.75 / 4) (#23)
by jesterzog on Thu Aug 02, 2001 at 05:06:32 PM EST

I agree completely, and I'm relieved in a way that I'm not the only person who has some ethical problems with some of the attitudes shown here.

Having seen some of the comments in this story, I think it's a bit ironic that so many users of kuro5hin see it as wrong and immorral for companies to take and collate personal information about people, then sell it or mis-use it for an unintended purpose.

Even if you do think some people are idiots to open attachments or not secure their system or use Microsoft Outlook, it doesn't give you the right to look through their private and personal information unless they intentionally give it to you.

If anyone actually wants to set an example about people's privacy rights, then lead by example. If and when you get information you're not supposed to have, destroy it!


jesterzog Fight the light


[ Parent ]
Point taken (5.00 / 2) (#26)
by yuri on Fri Aug 03, 2001 at 06:11:26 PM EST

You have a very good point. But I think your question should be "would you read an open letter that a co-worker left on your own desk?". Although not ethically much different I think many people would answer no to your question and yes to the latter. Since I was passively involved in acquiring access to to these documents, I didn't feel like I was doing anything wrong. Now that you point it out clearly, I agree with you.

As a system administrator you obviously deal with this issue daily, have thought carefully about it, and resist the natural urge to peek (have you EVER peeked at someone else's e-mail just out of curiosity?). For most of us, having other peoples electronic documents arrive in our mailbox is an unfamiliar situation and curiosity prevails. Its not like we have cracked into the persons computer deliberately to look at their documents.

I now feel guilty, (aparrently others do too given the chilling effect your post had on this thread) but better-off from the experience. I think your point, and this issue, could make for an interesting discussion in its own right.

Cheers

[ Parent ]
Ethics (none / 0) (#29)
by wcdw on Wed Aug 22, 2001 at 08:38:53 PM EST

I _disagree_. In a professional SysAdmin role it is definitely correct to delete such items (too often because there are simply too many to read ;). HOWEVER, acting as a private individual, I contend that these people DID, in fact, consent to sending me these documents, whether by fact or by proxy. (This is _particularly_ true in light of this being yet another .vbs attack, about which people have had AMPLE opportunity to be warned.)

The original article did make one good point though. It's not just YOUR security of your data, it's the security of everyone to whom you send that data. Even if you PGP it before sending, there is no way to guarantee that the recipient doesn't leave it lying around unencrypted. THAT's *really* scary!



[ Parent ]
Digital Data, Security & the Weakest Link | 29 comments (27 topical, 2 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!