My daughter just left home. My baby girl. She’s 19 now. All grown up. I’m not normally an emotional person. But this isn’t a normal thing for me. Thankfully, the future the Jetson’s predicted has arrived even if only partially so I can see her every week over Facebook messenger.
When she was 3 weeks old, on a crisp Tuesday morning I woke up and greeted her as she slept in her lacy white bassinet. I leaned in closely so I could hear her tiny breaths. The bassinette smelled like a newborn baby. Life was just beginning for her, and for me too, it turns out. Elsewhere on that cool morning however, life was not as serene.
During breakfast I heard over the radio something shocking. The reporter announced one of the World Trade Center buildings had exploded. News was just coming in so the details were sketchy. HEARING about this wasn’t going to be enough for me. I ran the few steps to the TV room so I could see it.
There it was. The first tower was billowing black smoke. And at that moment, the newscaster did not know what caused the fire. Until the camera picked up the second plane hit the second tower. A truly epic disaster. Unfolding before my eyes.
It turns out, a group of demonic attackers leveraged a trusted transportation infrastructure to engage in a monumental crime. With 9-11, there were early warning signs, but the right people weren’t paying the right attention. In August of 2001, for example, a flight school in Minnesota notified the FBI that a potential student was asking strange questions. He was asking about flight patterns around New York City, and whether the cockpit doors could be opened during flight (The Looming Tower: Al-Qaeda and the road to 9/11. Wright, 2006). Those in charge failed to connect this anomaly with the many other anomalies to paint an ominous picture.
In many ways, attacks like this have shifted from the physical world to the digital. In fact, events like these happen on countless computer networks every day. For example, when you hear of another company hit with ransomware, or some other malicious software, this is how it happens: cyber attackers leverage a trusted system infrastructure with trusted system resources but abuse them to conduct a monumental crime.
Prior to 9-11, the report from the Minnesota flight school was a discrete data point. There were many, many others. Had they been combined with all the other discrete data points authorities could have seen the whole grim picture. Similarly, your computer records evidence of discrete anomalies in log files. Problem is, there isn’t a built-in way for you to easily string them together to paint the ominous picture that your system has been attacked. You will likely need help from a professional.
All is not lost however. In this column, we have tried to help you shrink the attack surface of your computer through best practice preventative techniques. But prevention only goes so far. At some point, you HAVE to begin detection. A good place for you to start is to download a program called Autoruns from Windows Sysinternals. That would be a good starting place. I created a video just for you showing you how to get started. https://youtu.be/pjVahr3ewL8.