Without a Traceroute

Time to live.

Without a Traceroute header image 2


February 16th, 2009 · 5 Comments · Hacker culture

I’ve been generally trying not to just comment on news stories like every other blogger on the planet. And by this point, I’m pretty much used to reading stupid, sensationalist stories about hacking/hackers in the mainstream media, so those barely even register. I should also be accustomed to the fact that Fox News is going to hate on everything Obama does for the next 4-8 years.

However, I was totally unprepared to encounter these two immutable principles of journalistic incompetence exemplified together in a single article, like some horrible Orthrus of fail.

The only appropriate response

Twice the facepalm for twice the fail.

Right from the headline, “World’s Greatest Hacker Says Obama’s Blackberry Can Be Breached,” you can be pretty sure this article is going to be terrible.

Obviously, there’s no such thing as a perfectly secure system. With some reservations, if it was made by humans, it can be broken by humans. But, more importantly, “Who is this World’s Greatest Hacker?” you ask. Why, it’s self-promoting “security expert” and author, Kevin Mitnick of course! The fact that he got caught and went to jail for 5 years might undermine his claim to the title of ‘World’s Greatest’, but we’ll leave that be for now.

What does the überhacker propose as a method for attacking the presidential PDA?

Step 1: “If I was [WERE!] the attacker, I would look to Obama’s close circle of friends, family and associates and try to compromise their machines at home,” Mitnick said. “The objective would be to get Obama’s e-mail address on the BlackBerry.”

So you begin by hacking an ordinary, non-governmental, desktop computer that happens to belong to a friend of Obama’s close enough to be on the much-ballyhooed email whitelist. That sounds like a reasonable starting point.

Step 2: Once armed with Obama’s coveted e-mail address, a hacker could theoretically send an e-mail to Obama in an attempt to lure him to a Web site that has previously been breached in order to transfer “malicious code,” Mitnick said.

Ok, now we reverse-engineer the…huh? WHAT? That’s it? That’s the entire plan? Get Obama’s email, send him a shady phishing link and pray the President clicks it?

For his sake, I’m hoping Mitnick had a lot more (better) ideas that the Fox writer omitted. Because as it stands, his entire mega-hacker strategy is predicated on the idea that Obama is less careful on the internet than my grandma. That is Mitnick’s forté, though. He claims that all of his illegal hacks were actually accomplished through social engineering (a.k.a ‘lying to people until they give you their password’) alone.

Luckily for Mitnick, he’s not the only one on board with this moronic plan: Chris Soghoian, a student fellow at Harvard University’s Berkman Center for Internet and Society, agreed that the most likely route to Obama’s BlackBerry would be to trick the president into visiting a pirated Web site.

“These are attacks when you visit a Web site, and within seconds, it hacks into your computer and forces it to download viruses,” Soghoian said. “In many cases, people get infected by using out-of-date browsers.”

Oh, of course! So not only are we assuming that Obama blindly clicks links like an AOLer circa 1997 (“Are you the President of the USA? Want to rein in Iranian nuclear ambitions? Click here for hot foreign policy and penis enlargement tips!”) but we’re counting on him to be running IE6 (or the mobile equivalent) when he does it.

The whole article reads almost like a conscious self-parody. Right before offering his foolproof 2-step presidential-hacksassination plot, Mitnick is quoted warning that, “It’s a long shot, but it’s possible. You’d probably need to be pretty sophisticated, but there’s people out there who are.”

Also noteworthy is the hilariously petty and petulant tone of the article overall: “Despite warnings from his advisers, the president insisted on keeping his beloved PDA, which now has specially designed superencrypting security software.”

If he loves it so much, why doesn’t he just marry it? Who does this Obama think he is, with his fancy emailing and PDAs? Is he too good to send a telegram, like his hero Abe Lincoln?


5 Comments so far ↓

  • Dave Jacob Hoffman

    Here’s my plan: Follow Obama around (secretly!), and when he accidentally drops his blackberry (or leaves it in a cab!), GRAB IT! Then we can put all the naked pictures he’s taken of himself on the internet!


  • Steve

    Clearly, it couldn’t have happened to Bush and would never happen to McCain- they’re much more careful about the internets… (yes, they didn’t have Blackberrys, but the principle of this basic stupidity would work with any computer).


  • Nathan

    I read the article before reading your comments on it, and I have to say it didn’t really offend me that much. Kevin Mitnick may be a media whore, but that doesn’t change the fact that he’s highly accomplished as a malicious hacker (‘cracker’?). I think it’s unfair to assume that when he refers to a malicious website that he means the same dime-a-dozen, fire-and-forget phishing emails you and I get every day. Clearly if a malicious website were to be used for this it would be something custom-designed. An attacker would surely, after compromising the machine of someone on the President’s whitelist, spend time snooping on their communication. They might be able to determine exactly what kind of device and browser the President uses and tailor an exploit to it, as well as effectively using social engineering against him. This kind of thing is in a totally different league from the kind of ‘attacks’ you or I, or your grandma, have to deal with.

    That being said, I would be very surprised if Obama hasn’t got a security expert on staff somewhere who has already taken steps to guard against this scenario and other attacks. And as the article points out, (a) he probably doesn’t keep any classified information on his mobile, and (b) if he does, it’s surely kept under serious encryption.

  • MJ

    I tend to prefer *headdesk* to *facepalm*, but hey, it’s your blog.

  • Hanne Klintoe

    What Dave said. For sure.

    – The World’s Greatest Hazard.

Leave a Comment