Zero Days Pt. 1

I was incredibly excited when I saw this report on PBS News Hour. Those who know me know that I’ve spent roughly 30 years working in IT. I got into software during the gold rush of the 80s. If you knew VAX BASIC or IBM COBOL you could work anywhere _and_ make a good living. Of course we all know what happened to that career path when rightsizing swept through the industry followed by massive visa abuse to drive both the cost and the ability of the labor force down. Most of you are seeing the results in the quality of the software and Web sites you are using. The mindset of the world has changed from being upset and shunning things which don’t work correctly to being happy when something actually does work. Sad, very sad indeed.

The movie “Zero Days” intrigues me greatly. Not because I work in the Black Hat or security world of IT, but because I recently read Greg Lamb’s book about Stuxnet “A Dangerous Element.” I’m incredibly curious to see how the work of fiction compares to the documentary of actual events.

When viewing the snippets on PBS it appeared the premise of the documentary was the virus was released into the wild hoping it would find its intended target. I very much preferred Greg’s story that the virus got into the wild accidentally. From an IT and spy-craft perspective it makes much more sense. Truly secured facilities are air gapped. You can click the link to read up on that term or just accept the boiled down definition that secured facilities contain a local network which is not connected to the outside world or Internet in any way. In my day we called it sneakernet because computer operators wearing sneakers had to walk media containing what you wanted to the system not on the wide area network called a WAN. If the system media was being loaded on had a network of any kind it was a Local Area Network or LAN. More often than not, during the days of midrange and mainframe systems the intended target was stand alone with some hard wired terminals and printers.

Please do not let your eyes glaze over reading that previous paragraph. It is an important detail. Releasing a virus into the wild hoping it will find the intended air gapped system has a much lower probability of success than any of us hitting the jackpot in a multi-state lottery. The more dangerous and higher probability play involves spy-craft. Turning of an asset or simply compromising someone who works in the facility in such a way they will do your bidding without knowing. If you can do the latter it is a much better. The individual will not be nervous because they have no knowledge of their involvement.

Yes, I do have a soft spot for spy-craft. Part of me wants to believe the days of Smiley’s People are not over. Yes, I really liked the USA Network series “Covert Affairs.” It also didn’t hurt that Piper Perabo was hot, but I liked the rolls given to the female actors.

While I’m of the age now where I tend to wait for to get a movie I want to see, “Zero Days” may just get me to venture into a theater.

Leave a Reply