Thursday, February 28, 2013

Book Review: “Trojan Horse (2012)” by Mark Russinovich

Executive Summary: 

I recommend this book for the casual reader that is interested in cyber security topics. It is not a must read for the cyber security professional, but it is a fun one. You will not learn anything new here, but you will enjoy wallowing around in a Clancy-esque story with cyber security tech as the main focus. In it, Russinovich describes the nature of the Chinese Cyber Espionage program, general hacking techniques, and the significance of STUXNET. If you are looking for some easy entertainment during a rainy weekend, this is your book. 


Review: 

The story picks up two years after “Zero Day” ended [12]. Daryl is now out of government service and working with her better half, Jeff, in his consulting firm. Jeff gets called in to track down a nasty piece of Malcode that changed the contents of an important UN document regarding the Iranian nuclear program prior to publication. Daryl comes in to assist and the two of them discover that the Chinese are behind the UN attacks. But, their investigation leads them to stumble upon the Chinese attempting to deliver a STUXNET Eradicator tool to the Iranians. For those not familiar, STUXNET is the infamous Malcode that the west launched against Iran to prevent the nation from building an atomic bomb [10]. Spy vs Spy hijinks ensue and our two heroes find themselves in all sorts of threatening physical situations from Chinese agents and their Muslim proxies. You know; a typical day for a geek. 

That’s what I like about Mr. Russinovich. He throws a lot of ingredients into the pot, applies heat and stirs vigorously. While readers watch all of these things collide with each other, they also get a good history lesson on some recent cyber security issues and learn about some interesting hacks; some we have seen in the real world and others we have not seen but are quite possible. 

Recent Cyber Security History 

To sober the audience up a bit, Russinovich talks about the 2009 hacks against unmanned drones in the Middle East. Iraqi insurgents were able to capture video feeds from flying Predators by repurposing a $30 Russian software package called SkyGrabber that was originally intended to snatch music and videos that others are downloading [15][16]. 

To inform the reader about how prolific and successful the Chinese cyber espionage program is, Russinovich spotlights how the Chinese stole the plans for the Pentagon’s $300 Billion Joint Strike Fighter jet by hacking into military systems [7]. Hey also describes the forces involved in the Chinese Cyber Warfare program; how there are three hacker contingents in the country -- The Patriotic Hackers, the Militia and the PLA – and how none report to the same leader [13][14]. 

He also takes a shot at describing how STUXNET represents that first real-world example of Cyber Warfare. If you believe David Sanger in his most excellent book “Confront and Conceal: Obama’s Secret Wars and Surprising Use of Military Power,” the US and Israel have demonstrated that cyber warfare is a viable middle ground option when it comes to diplomacy between sanctions on the one side and bombing and/or occupation on the other [10]. 

And just for fun, he talks about how Jeff and Daryl track down a Malcode author because the hacker placed his home address in the code. This sounds crazy when you say it out loud like that but it actually happened in the real world. At a TED Talk in 2011, Mikko Hyoponen described that very thing [9]. 

Hacking Techniques 

Mr. Russinovich packs a lot of realistic tech into this Story too. He does not shy away from pointing out that the Anti-Virus industry is really not very good at their job; at least for discovering new, never before seen malware [5][6]. He explains what a keylogger is and then explains how a nation state in the story uses them to compromise UN officials. He talks about the long-standing cyber philosophy of Responsible Disclosure where it is perfectly fine for researchers to discover vulnerabilities in commercial software but they should not go public with that information until the vendor has had time to fix it. He also talks about how that practice is losing ground to the lucrative market for selling these kinds of things to governments and independent contractors willing to pay large sums of money for just the right Zero Day [11].  

In this story, Russinovich has devised a scary new piece of Malcode that, if it existed in the real world, would be a spy’s dream come true. The Malcode in question is smart about how its victim operates. It knows that the victim writes position papers using the Microsoft Word program. In this case, a United Nations official is writing disparaging remarks about Iran’s nuclear program. Once the official saves the final draft, he cryptographically signs the document before he sends it to the intended recipient. Signing the document like that guarantees the integrity of the file. When the receiver opens the document and verifies the signature, the receiver knows that the document he is reading is the same one that the sender gave him. But that is the rub. The Malcode understands that process and inserts itself into the seam. After the author saves the document but before he cryptographically signs it, the Malcode alters the document to say something that the Malcode author wants to be said. In this case, the Iranian nuclear program is not that bad. When the author signs the document, he has no idea that the Malcode has altered the contents and sends it on its way. I have not seen a piece of Malcode that does this in the real world, but it could be done. Russinovich even gives the Malcode the same “Call Home” design that the famous Conficker Worm used; essentially, generate thousands of random DNS names and systematically try each at random intervals. The Malcode author would place his command and control server at one of those names in the list of a thousand; kind of like hiding in the noise [8]. 

“Trojan Horse” is another fun romp in the political thriller genre that places cyber security geeks up front as the heroes. It is not a must read for the cyber security professional, but it is a fun one. You will not learn anything new here, but you will enjoy wallowing around in a Clancy-esque story with cyber security tech as the main focus.. If you are looking for some easy entertainment during a rainy weekend, this is your book.

Sources: 

[1] “Announcing Trojan Horse, the Novel,” by Mark Russinovich, Mark Russinovich’s Blog, 8 May 2012, Last Visited 6 February 2013 
http://blogs.technet.com/b/markrussinovich/archive/2012/05/08/3496339.aspx 

[2] “ZeroDay – A non-Fiction View,” by Mark Russinovich, RSA Conference 2012, 23 March 2012, Last Visited 13 February 2013 

[3] “Windows Sysinternals,” by Mark Russinovich and Bryce Cogswell, Microsoft, , Last Visited 13 February 2013 
http://technet.microsoft.com/en-us/sysinternals 

[4] “Sony Rootkits and Digital Rights Management Gone too Far,” by Mark Russinovich, Mark Russinovich’s Blog, 31 October 2005, Last Visited 13 February 2013

[5] “Outmaneuvered at Their Own Game, Antivirus Makers Struggle to Adapt ,” by Nicole Perlroth, The New York Times, 31 Dec 2012, Last Visited 24 February 2013

[6] “Why Antivirus Companies Like Mine Failed to Catch Flame and Stuxnet,” by Mikko Hypponen, Wired Magazine 6 June 2012, Last Visited 24 February 2013

[7] “Computer Spies Breach Fighter-Jet Project,” by SIOBHAN GORMAN, The Wall Street Journal, 21 April 2009, Last Visited 24 February 2013 
http://online.wsj.com/article/SB124027491029837401.html 

[8] “Conficker expectedly chaos-free as it activates across world,” by Dan Kaplan, SC Magazine, 1 April 2009, Last Visited 24 February 2013 

[9] “Fighting viruses, defending the net,” by Mikko Hypponen, TED Global, July 2011, Last Visited 24 February 2013

[10] “Confront and Conceal: Obama’s Secret Wars and Surprising Use of Military Power,” by David Sanger, June 5 2012
http://www.amazon.com/Confront-Conceal-Obamas-Surprising-American/dp/0307718026/ref=sr_1_1?s=books&ie=UTF8&qid=1349666510&sr=1-1&keywords=confront+and+conceal 

[11] “Rebuttal: Missing the Value of Bug Bounties,” by jericho, attrition.org, January 3 2013, Last Visited 27 February 2013

[12] “Book Review: “Zero Day (2011)” by Mark Russinovich,” by Rick Howard, Terebrate, February17 2013, Last Visited 27 February 2013

[13] “China’s Red Hackers: The Tale of One Patriotic Cyberwarrior,” by Hannah Beech, Time, February 21 2013, Last Visited 27 February 2013

[14] “China’s Cyber-Militia,” by Shane Harris, National Journal, January 31 2011, Last Visited 27 February 2013

[15] “Drone hack explained: Professor details UAV hijacking,” by RT, July 3 2012, Last Visited 27 February 2013
http://rt.com/usa/texas-professor-drone-hacking-249/ 

[16] “SkyGrabber: hack of US drones shows how quickly insurgents adapt,” by Michael Farrell, The Christian Science Monitor, December 17 2009, Last Visited 27 February 2013
http://www.csmonitor.com/USA/2009/1217/SkyGrabber-hack-of-US-drones-shows-how-quickly-insurgents-adapt 

No comments:

Post a Comment