De-Bugging Computer Bugs
I have a love-hate relationship with bugs. I’m not talking about creepy six-legged creatures that scurry along tree branches or baseboards. I’m referring to computer bugs–the kind that lay dormant in your software, waiting for just the right hacker to show up and disturb your cozy nest of personal information.
For example, in the mid-1990’s, I was summoned to my oldest son’s high school. Upon arrival, the superintendent, the principal and Blake’s computer teacher greeted me. This impromptu parent-teacher conference, much to my blood-curdling surprise, also required law enforcement. Why? My son had found a flaw in the school district’s software program that enabled him to “hack” into it so he could change his and all of his friend’s grades.
I taught him how to discover software vulnerabilities and fix them for a greater good. It seems our definitions of “greater good” greatly differed. After severe negotiations, Blake avoided expulsion– if he would agree to load the District’s new software. Devore Technologies, a comprehensive IT consulting company, then hired him. MIT graduates watched in amazement while my son worked.
“This kid can crack HTML code faster than most adults,” claimed one company executive.
I slowly walked back to my own office, secretly proud, but also fearing for his safety and freedom should his hacking go to his head again. Fortunately, he grew up and is currently gainfully employed at Amazon, using his skills for good.
How did my son accomplish his hacking? He had help. At the time, his friends gave up their school computer passwords, enabling him to hide behind their accounts, routers and other proxy servers. This is the “old fashioned way” of following a trail bug. The new way is much stealthier, invasive and being used by four major sources: Criminals, Law Enforcement, Corporations and Foreign Governments.
Bugs are computer software flaws that can be manipulated to commit nasty infestations in your computer, in order to extract your personal information and send it to people who are either investigating you, stealing from you or otherwise monitoring your computer behavior and activities to “learn you” for target marketing.
Since human beings create software programs, most of them are unleashed on the public hosting minor and major mistakes. One way hackers find bugs is through building “botnet” programs (think spiders). These spiders weave their way through multiple programs, sometimes by solving algorithms, until they find vulnerabilities.
Once a bug is located a few things can happen:
1. The White Hat (Good Guy/Gal) Hacker can kill the bug by fixing it.
2. They can sell the bug to the company that created the software, sparing the corporation from bad PR, hacking, viruses, virtual robbery or other maladies of technological mass destruction.
3. They can sell the bugs to intelligence agencies, where they are often exploited for use in espionage
4. They can sell the bugs to foreign governments because the trade is unregulated and laws have not yet caught up with technology.
The best selling bugs are known as “zero-days”. These newly discovered juicy bugs are prized because they are fresh and no one has yet tried to fix them. It’s big business. Private companies sometimes shell out $200k or more per year for hackers to invade and fix their own bugs, but the government can shell out hundreds of millions of dollars to fund malware implantation, using bugs, into foreign computers all over the globe, and then collect the data.
Selling computer bugs is also messy business. Extermination is futile if you’re not a hacker or law enforcement official, because it’s like trying to kill a hornet’s nest using drops of sugar water.
For example, as a law abiding member of John Q. Public, you can clear the bugs on your laptop, but the moment you add an application, load software, download a document or click on a site, you’ve just created an opening for more bugs to enter.
Law enforcement, the military, criminals and hackers (good and bad) know how to avoid bugs (for the most part) by using TOR (the Onion Router), invented by the U.S. Naval Research Laboratory.
TOR enables these entities to go below the surface of the web and conduct their business anonymously, in most cases, without a trace of history, and in many cases, riding off the wave of a particular community’s collective computers. Additionally, a smart hacker can give the semblance of being an accessible browser with a history, but its all fake.
Unfortunately, there is no way to avoid bugs. At least not until we realize Quantum Computing, a feat I suspect Lockheed Martin will be announcing from Canada very soon, provided they can harness those pesky little ions, which for now, appear more uncooperative than the bugs we are forced to host as part of the price we pay for cruising through cyberspace.