By now several of the FtB have commented on the bomb threats emailed regarding Concordia University.
I wish “godspeed” to the investigators, in this case.
I wonder if there are any of the RCMP working the case that I briefed on e-mail backtracking, in the spring of 1993. … There was an unfortunate at a university in Canada, who went to the rest room and stayed logged in at a public terminal, when a “friend” leaned over and sent a threatening message to firstname.lastname@example.org. That server had gone online a few days earlier by my hand, after considerable herky-jerky between DARPA (who funded the “research” effort) my bosses at Trusted Information Systems – a small time defense contractor – and the Executive Office of The President (EOP). There were concerns about security (of course!) that the email server not be hacked, but to be honest it simply hadn’t occurred to me that there would be random assholes in the world who thought that sending a message like:
Hey Mr President, I’m gonna come kill you.
was a funny idea. That’s not the actual message* but it was similarly casual and – not particularly serious.
The thing about threats is: you need to take them seriously. It’s the job of threat-takers to take them seriously. Their adrenaline starts pumping. They start burning calories looking at every open window, every line of attack, every hold in schedules, or potholes a target drives over, or… anything. Making a threat reaches into your enemy’s heart and makes them scared – it wastes their time and puts them on a defensive posture.
So naive little Marcus found himself in Washington rush hour traffic in his little white Honda, hurrying in to teach the US Secret Service how to back-track emails. All things considered it was pretty exciting. For little Marcus. There were serious people in attendance, including our Secret Service liaison officer: SSA Delta Priest. Delta was endowed by her parents with a perfect secret agent name, but I was immediately confident that she was a Serious Person with a Serious Job who was, no kidding, serious. It came to pass that Fred Avolio, my boss at the time, and I, gave an extemporaneous workshop on digital forensics, including how to back-track the ‘hops’ an email message took, based on the SMTP recipient: transactions in the header, and what fields needed to be subpoena’d from which ISPs, etc. SSA Priest sort of reminded me of my mom, except she carried a matte stainless-steel .375 snubnose and didn’t talk anywhere near as much, and the other US Secret Service folks were quiet, serious, and attentive. Part way through the class, two guys quietly walked into the back of the room, dressed head-to-toe in ninja garb: tacticool web gear, carrying suppressed H&K MP5Ds, knee pads, elbow pads. Serious.
There were phone calls and apparently a few folks from our class talked to other people at the Royal Canadian Mounted Police, who saddled up some horses and rounded up some syslogs and then talked to that person who went to the bathroom and forgot to log out. And, of course, their friend said they thought they were being funny. You can bet Delta Priest was “like, LOL.” Not. So Not.
As the US slides into a totalitarian dictatorship, I do not look forward to seeing the US Secret Service and its kin become my opponents. Because – they will. I fear them, because they are fearsome.
I don’t pity them, because their tradecraft is contemptible. Unless they were amazingly clever, their best chance is to blame the Russians and say it was cyberespionage.
Why do I say their tradecraft is contemptible? Unless the input size of their message was different from what was posted, they are toast. That’s one example (there are others) but, for it to be safe, that message would have had to have been carefully assembled, by hand, in the past, in a dead location, by a non-agent, before it was sent. Or, it was sent by an idiot. Like Mabus. Given the gamergater-like quality of the message, I’ll be surprised if they haven’t been caught by the time I hit ‘post.’
*It occurs to me that I probably may have the original email in question in my email archives, because I had an automated system that detected certain patterns and forwarded alerts (how do you think the Secret Service learned about it in the first place?!)
What would good tradecraft look like, in this situation? An email sent by someone who acknowledges everything then says, “so, shoot me.” And means it. If I cared to, I could probably identify someone who could quite honestly and coolly describe their intent to kill the president, because: they would be perfectly happy to. The problem security practitioners need to deal with is that they’re in the wilderness of mirrors, looking at mirrors. We are heading into a time of mirrors. I’m OK with that because I am a practitioner of mirrorhood, and so are we all. The perfect kung fu punch, in the wilderness of mirrors is the opponent who tells you “I am going to punch you in the face, now.”
The deadliest ninja plants the knife where they know their enemy will step on it in a year.
Yes, and to the friend who asked me what that plaque from the US Secret Service was for, well, now you know. I hope the guy in Canada enjoyed the poutine.