The Internet is a treasure trove for spies

Published: 2024-03-29
Author: Danila Naumenko

The Internet Fortress, through whose gates an ass laden with gold can squeeze, is not impregnable. The Internet is a treasure trove for spies.

The seemingly simple and obvious idea hides a deeper truth — complex systems, cunning mechanisms, and other seemingly invulnerable things can be “hacked” using tools that leverage fundamental phenomena of our world. As the saying goes, might makes right.

Modern internet and web technologies appear as secure fortresses, seemingly impenetrable and protected from all sides. Around any internet citadel, a vast moat with crocodiles has been dug, making it not easy to pass (consider password or biometric identification). Massive thick walls in the form of access restrictions for third-party applications have been erected around internet fortresses, and all messages from the impregnable castle are sent as specially encrypted messages so that no cunning spy can decipher the plans.

Of course, like any fortress, internet citadels have underground passages, which may seem like weak spots, but antivirus programs in armor and with huge swords, directing any threat to quarantine, constantly monitor these passages. What could go wrong? All sites starting with “https” are considered secure; professionals in secure development, penetration testers, and a huge team of other specialists work on them to safeguard the fortress from “intrusion.” Where should we expect danger?

No fortress, even the most heavily fortified, can withstand the onslaught of an enemy if wrong decisions are made inside, careless actions are taken, or the enemy employs technologies against which the fortress inhabitants were not prepared.

For instance, a deep moat teeming with bloodthirsty cold-blooded reptiles — such as password or biometric identification — can easily be bypassed by catapulting a keylogger spy over the fortress walls.

A keylogger, once inside your fortress, records all your keyboard strokes and mouse movements, then sends the data to its owner. Smart keyloggers can even detect when you access banking apps, social networks, or other crucial applications. And believe me, enemies will exploit this vulnerability when they’re ready to attack.

“We’ll send antivirus programs to track down these keyloggers in the system and prevent important information from falling into the hands of the enemy!” — True! Of course, antivirus programs can fight spies, but the enemy is not idle; they come up with new ways to monitor your thoughts and movements.

“High walls will save us!” you might say. But are those walls really impregnable? Your smartphone app may not allow blatant intrusion, yet the sweet talk of malicious SQL injections can deceive the vigilant security guards protecting the walls, leading them to spill all your secrets to the enemy and those in your phone.

SQL injections are like Kinder Surprise eggs, where beneath the sweet chocolate coating lies a plastic yolk. Similarly, SQL injections disguise malicious cores under the guise of ordinary database queries, allowing the extraction of strategic information.

“We’ll forbid the guards from listening to the sweet speeches of unfamiliar SQL strangers!” and that’s where you’ll put an end to the correct functioning of the application.

And of course, there’s the possibility of an aerial attack… You can encrypt any message and send it through the mobile network yourself. But as soon as you use a wireless assistant, a Wi-Fi router, spies will immediately start intercepting the information, especially since it’s not difficult to do so.

Imagine your router and smartphone needing to find common ground while being far apart, and boldly, they start shouting:

– Hey, router, what’s new, bro? Got anything new?

– Yeah, NEW PASSWORD TO DISABLE FORTRESS SECURITY – “12345,” relay it to the secret service!!!

– Alright, router, I’ll relay that the NEW PASSWORD TO DISABLE FORTRESS SECURITY is “12345”!

How difficult do you think it would be for a spy standing outside the walls to learn the new secret passwords for the security systems? Miscreants who “eavesdrop” on open Wi-Fi networks, whose keys they know, work on a similar principle.

“Thank you for the warning,” you say, “we’ll set a reliable 148-character password made up of letters, numbers, and special characters for our home or corporate Wi-Fi, so that no outsider can figure it out.” And that would be the right, albeit hyperbolic, solution. It’s important for all parts of the connection to be reliable and secure; otherwise, there’s no point in the other security systems and precautions.

And there you sit in your fortress, in complete tranquility: the crocodile-filled moat works flawlessly, keyloggers flying over the walls are roasted by antivirus dragons, guards protecting the walls are trained and greet strangers with just a nod, and all messages going out are whispered and constantly changing in encrypted form. Beautiful…

But how are things going for your neighbors in other fortresses? It would be strange to just show up at someone else’s fortress to see how things are arranged. So, you reach for the cloak of anonymity, dust it off, and then don the “Incognito Mode,” adding a touch of intrigue to the process. As soon as you put on such a cloak, everything immediately becomes as dark as night.

“In this magical hat from Google, no one will notice me for sure…” you thought, each time donning the cloak of invisibility, but each time ending up in the main square with an ordinary pot on your head.

Incognito mode didn’t make you invisible; your traces were still visible to all internet fortress users. The only effect you could get from the protective cloak was that you yourself ended up blindfolded: you didn’t remember where you were going, what you saw, and you had to remember all the secret passwords, even for your own fortress. And there’s no escaping embarrassment if you were still seen walking around neighboring fortresses with a regular pot on your head.

In conclusion, the fight to safeguard any internet fortress and its secrets is ongoing because while you were studying this article incognito, enemies have already devised a new way to pacify your crocodiles and have picked up new keys capable of lulling the vigilance of any guard.

But all the most effective methods of data breach rely on the most basic principles: the human factor, fundamental vulnerabilities of security systems, and of course, the physical foundations of technology. Fortunately, technology is advancing, and in internet fortresses, reliable guards often act preemptively and introduce conceptually new principles of data transmission and storage. But we’ll talk about them next time.

Similar articles | Technologies