On 5/7/23 07:48, Jeff Zeitlin - editor at freelancetraveller.com (via
tml list) wrote:
> <snip>
>
> Virus, however, doesn't rely on any of that. Virus is, essentially, an
> extension of the idea of the current conception of a computer virus. BUT...

"Current" as at "syswookiee in the early 2020s trenches" conception of
computer virus, or "late 1980s/early 1990s popular _understanding_"
conception of same?

Are you sure Virus isn't more a synthesis of biological _and_ computer
virus?  Eclipse Phase's exsurgent virus (with audio, visual (ie,
cognoweapon), cyber and biological transmission vectors) seems along the
same lines, but up to 11.

> <snip>
>
> Data misappropriation are usually aimed at acquiring (and misusing)
> personal data such as national ID numbers, bank account and/or credit card
> numbers, IDs and passwords to various monetary and public communications
> accounts, and so on, ultimately with the aim of fraudulently obtaining
> money from the "marks". These are the 'data breaches' that one most often
> hears about in the news; they're also the widespread 'phishing' attacks.
> These attacks rely on known flaws in software, or on a lack of
> knowledge/awareness of the victim (including poor data security
> procedures).
>
> Data destruction/"hostage taking" attacks are almost exclusively aimed at
> forcing the victim to pay - often a significant amount - to recover access
> to their own data. As with data misappropriation attacks, they rely on a
> combination of poor data security procedures, lack of knowledge/awareness
> on the part of the victim, and known flaws in software.

At least AIUI, the two goals can merge somewhat - MORTAL WOMBAT might go
after J. Random Organisation Ltd to both lift JRO's data for later
misappropriation, and multiple extortion via ransomware.

This mob have a very progressive extortion package:

JRO pays once to _get their data back_.

JRO pays a second time to _avoid the breach being reported_.

JRO pays a third time to _avoid their data being published_.

MORTAL WOMBAT then extorts JRO's clients from the data yoinked earlier.

I invite the learned members to consider what happens if this is a
"business supply chain" attack, going after a professional services
firm, like the law firm of Bleedum, Grabbit and Scarper, or the
accounting firm of Dodgie & Bent?

Or a taxation authority?

>
> The reason that the data misappropriation and hostage-taking attacks are so
> widespread is because of a certain level of uniformity of software on the
> various target computers - largely Linux and Windows, but targetting of iOS
> (for iPads and iPhones) and Android (for Android-based tablets and phones)
> is increasing, as is targetting MacOS/FreeBSD (for Macintosh computers).
> Proponents of iOS and MacOS say that they're 'better' at defending against
> attacks; this isn't really true: it's just harder to get the attack past
> the initial wall of Apple's "walled garden" - but the cost of that is less
> user choice. Safari, for example - the only permitted browser/browser
> engine on iOS - is no less vulnerable to scripting attacks (due to inherent
> weaknesses in ECMAScript/JavaScript) than Google's Chrome or the various
> Chromium-engine-based browsers, or to the Gecko-based browsers on Windows
> or MacOS.
In other words, software polycultures are unstable in the presence of
network effects?
>
> That mostly does nothing to 'devalue' Virus as written; JavaScript/
> ECMAScript is pretty consistent even across platforms. But there *is* a
> problem not addressed in that: As written, Virus could hit _any_ computer,
> and in computers/devices that didn't have enough power, it could "lay an
> egg" that would later be able to infect a sufficiently powerful computer -
> and the lower limit seemed to be fairly low. Worse, it could infect the
> _hardware_, so that a purge and reload of the software wouldn't clean it
> out of the computer.

I thought the attacker having physical access to the hardware means the
defender has already lost?

That would go multiple for a presumably-cyberpsionic infomorph able to
muck directly with the chip substrate.

https://www.tomshardware.com/news/moonbounce-malware-hides-in-your-bios-chip-persists-after-drive-formats
mentions an early example of UEFI (ie, modernised BIOS) resident
malware.  It would not be beyond the pale for a later version to persist
despite reflashing the firmware.

xPU microcodes would be another attack vector to attain malware persistence.

In light of those contemporary threats, persistent hardware-level
compromise doesn't seem as outlandish today as it did when TNE landed.

> <snip>
>
> Let's remember something: The Traveller era is roughly 3500 years in the
> future of Right Now. Yes, computing is showing some cyclic tendencies -
> from centralized computing and data storage (mainframes) to distributed
> computing and data storage (PCs) back toward centralized (cloud-hosted data
> and virtual computers and emulators), but history doesn't repeat - it
> echoes and rhymes. Attacks today can't succeed if they're trying to use
> nothing more than the kinds of attacks that succeeded on the Apple II and
> Apple DOS 3.3. Yet we have Virus that allegedly can infect the _hardware_
> of _any_ computer? Or are we asserting that there's really only one
> computer architecture in the Traveller universe, instead of diversity as
> wide as the differences between computers based on the MOS 6502 family, the
> Intel iapx86 family, and the Motorola 68000 family?

The wheel of reincarnation will keep turning as the relative tradeoffs
change, on both offense and defense.  In other news, water is wet and
flows in the general direction of down.

I would lean towards there being multiple computer architectures in a
given TU.

However, as those architectures are _known_ by Binghamton Systems et al,
the original Virus samples would have been at least somewhat capable
(initially) of targeting all of them. Jacks-of-all-architectures, rather
than masters-of-one.