Lessons from a Targeted Attack on a Really Random Company (and insane but successful? steps in sleep hacking)

Normally we think of high-risk targets as the ones that handle lots of credit card numbers. Here’s a case example where someone went to an insane amount of effort to infect an Asian raw materials producer, writing a one-off piece of malware apparently just for the job. Why? Because compromising that one company provides a view of many many others.

Lesson? Two, actually. One, the biggest targets aren’t necessarily the most important ones. Two, it’s the channels you don’t think about as much (like the firms supplying your raw materials) that may provide the adversary with the best way to attack you.

Insane sleep hacking: So I built a (seriously ghetto fabulous) Faraday cage to sleep in. WTF why? First off, the Russian patent on VHF affecting brain activity. At the very least, an important variable to control for. But the Russian patent involved high-power near-field VHF, so not really reason enough on its own… except in my case.

The All Band Receiver I built for the noncontact EMG revealed _really_ strong radio signals of some sort in my sleeping area. At the time I listened, they seemed to be a rebroadcast of an Eastern European national shortwave station.

While I haven’t noticed anything during the day, it’s certainly possible a nearby high-power transmitter could mess with brainwave activity enough to affect sleep.

So I picked up some aluminum mosquito netting, some stiff steel wire for a frame, some aluminum tape to cover over cracks, and some adhesive magnetic stripping to aid in sealing the door.

Paranoids take note: aluminum, while cheap and available, is actually a really crap material for shielding. Oxidation means electrical connections across seams are mostly capacitative. Combined with aluminum’s comparatively poor conductivity and you’re not going to see “TEMPEST” levels of isolation (50-80db+) until you get to well over a gigahertz.

Therefore, while I don’t have the equipment to test, I suspect this thing doesn’t provide more than 20-30dB of attenuation. (When I put my cell phone in at first, the signal cut from 4 bars to one/none but it still had a connection. It then mysteriously jumped back up to 4 bars within a minute, possibly because I bumped something on the cage that opened a gap, though I don’t recall doing so.)

Results? Remarkably positive! While it’s impossible to rule out the placebo effect, the EMG registered noticeably less muscle activity during the night, and falling asleep felt somehow more natural, like I haven’t felt in a while.

(All other variables — blinkenlights, white noise — were kept the same.)


“A large producer of raw materials isn’t necessarily the first enterprise that might come to mind when you are thinking about a targeted attack. Yet we have to keep in mind that this company sits at the root of a large international supply chain that does business with many other very large multinational companies. If an attacker was able to infiltrate such a network, they would have a bird’s eye view into the futures and fortunes of many companies across many industries as well as provide an ideal source of information for infiltrating those partner companies.

And this is the key lesson for security managers – attacks aren’t limited to credit card numbers and email addresses. The relationships you have with partners and your supply chain can be even more valuable to an attacker than a financial breach. And this puts us all on the front lines, because in short, if we have information that is valuable enough to keep private, then there is value for an attacker in stealing it.”


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: