Your browser is obsolete!

The page may not load correctly.

Vulnerable

Уязвимые

Other issues in this category (35)
  • add to favourites
    Add to Bookmarks

Greetings through the back door

Read: 21940 Comments: 9 Rating: 14

Thursday, September 5, 2019

The problem of unscrupulous contractors and mean customers has been around since the dawn of time. Both parties usually blame each other and can provide evidence to prove their point.

Today some construction workers called our office (our company manufactures ultrasonic devices that monitor concrete constructions) and asked for advice on controlling walls. At first it seemed like an ordinary call, but it turned out that they took a circuitous route to describe their situation. First they started talking about holes and cracks, and then our conversation shifted to foreign bodies, certain diameters that can be detected at specific depths, and the kind of equipment they needed to accomplish that.

Eventually, it turned out that within their walls, some Ukrainian contractors had planted chicken eggs, which over time had filled the premises with an overwhelming stench. Having returned to their homeland, they began demanding money to reveal the location of those eggs.

Source

Many people have heard about this nasty trick. But construction workers aren't the only ones who leave behind such surprises for their employers.

I always install software that will break down a system and destroy all the data on a specific date. If they pay me, I just disable the feature. If they don't, well, your photos, documents, and other files will never be recovered.

Source

This issue was inspired by the story of David Tinley, a Siemens contractor from the United States, who designed his software in such a way that it eventually stopped working, and the company had to call him back in again to fix the issue for an additional fee. He was found guilty of inflicting intentional damage on a protected computer.

Users who commented on the news post broke into two camps. People in the first camp claimed that they had the right to act that way.

If they don't get paid for a project and a bomb goes off, well, the employer can't own what they haven't paid for and have only themselves to blame.

But what if the employer pays but the bomb still goes off…

Source

The mindset is that until I get paid, my work is mine and I can do whatever I please. Others who commented were somewhat more aware of existing legislation.

The impact of a logic bomb and the resulting damages may constitute one count of a legal charge, while the violation of the contract may serve as another.

Source

Therefore, planting a bomb in software can be punishable by law. The code has been premeditatedly designed to operate on the employer's end. Moreover, the resulting penalty may depend on the scope of the damage. How significant can the damage be? Let's consider another example related to construction.

Copper and aluminium conductors can be broken while an electrical wiring system is being installed. This is very easy to do. If one bends a wire up and down for a while, a crack will appear in the conductor inside the insulation. In this case, the connection is not completely broken, but it becomes unreliable. The electric charge passes through, but every now and then the current is interrupted and the electric light begins to flicker. Spiteful construction workers employ the same dirty trick in electric outlets.

A thin wire from some headphones is used at a certain point in the electrical wiring in a wall. That thin wire won't last long if one plugs in energy-hungry equipment, such as a heater.

Source

However, the consequences are not limited to the loss of power. They may also include an electric arc, fire, and possibly, human casualties.

We have already talked about backdoors causing data losses. But they can also be part of fraud schemes.

Until I’m paid in full, I usually intentionally don't fix bugs that are only triggered after long periods of time. And then I just roll out an update, saying “I found a nasty bug here that can cause problems under specific conditions; here’s the corrected version.” And no incriminating evidence will ever be found.

Source

#hardware_backdoors #hacking #extortion #fraud #vulnerability #damage

The Anti-virus Times recommends

Don't play around with the law. Ignorance is not an excuse. Instead, draw up a good contract that will stipulate that ownership rights are transferred only after payment has been received in full, and create a trial version of your software instead of planting backdoors.

And don't resort to threats, the way Microsoft used to do:

«The early versions of Word also included copy protection mechanisms that tried to detect debuggers, and if one was found, it produced the message „The tree of evil bears bitter fruit. Only the Shadow knows. Now trashing program disk.“ and performed a zero seek on the floppy disk (but did not delete its contents» (wiki-en)

Source

Good manners, competence, and integrity are our main assets.

[Twitter]

Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments

Comments to other issues | My comments