Part 2: Illusory Motion and Perpetual Rest
All of the data that captures, describes and enhances our world must, ultimately, be kept someplace once it is collected or created. When we read about hackers stealing user data, what we usually imagine is the theft of computer files. Further, we also usually imagine them being stolen from someplace where the data is “at rest” like a hard drive, cloud server or phone storage.
In between all of these “at rest” storage locations, most of which have some level of protection these days, are the transit conduits. Data, in the form of binary streams of electricity, is transmitted between computers so that it can be used. To accomplish this we use networks, or groupings of wires and airwaves with specialized hardware and software coordinating movement.
When a user makes a request for information from a remote computer, the resulting data is sent over the network to that user’s computer and placed in memory and perhaps saved by the user to their hard drive. While on the network, the common perspective is that the data is “in motion” and therefore somehow less tangible than when “at rest.” This assumption is common among the public and even infects the thinking of many cybersecurity professionals
Unfortunately this assumption obscures the true nature of data, and in doing so masks the existence of an entire range of vulnerabilities that are just as menacing and largely unguarded against. To understand what these are, and how they affect what we do with computers, we first need to accept a supposition offered by Eijah, Chief Technology Officer at MGT and creator of Demonsaw: Data is always at rest.
To visualize this, imagine a baseball being thrown across a field of view. To your perception it is in motion, and you don’t see the entire baseball once it starts moving; you see the baseball as a blur until it stops again. Now imagine you have a sophisticated and fast enough camera with which to freeze each moment in time, with enough resolution so that the baseball is the correct size and shape in each frame. In other words, the video playback would let you step through the entire range of the baseball’s motion with no blur evident in any of the frames. In each frame, you would see the entire, intact baseball as if it were at rest.
To a computer, and therefore to a hacker, our data is the baseball viewed frame by frame. Computers by their very nature see data without motion. And while your data may be configured differently for “travel” on a network, it is intact as it moves through the various links in the chain. And at each point, it is as vulnerable to theft as if it was sitting on your hard drive.
Tools exist to sniff packets, a kind of transport module for data, off of wires and out of the air during wireless transmission. Routers and switches all have operating systems and services that can be hacked, and cloud storage is really just a computer living in someone else’s house. At each of these points during transmission, data is, from the perspective of a computer, at rest.
The implication of this revelation should be obvious. Unless the platforms and solutions we utilize defend our data at all points of transit as if it were at rest, we are exposing ourselves to data theft. Unfortunately the internet and supporting networks do not have this built in – data is by default transmitted openly. And where protections are built in they are often inadequate and leave the security of our data up to decisions made by others.
Also unfortunate for us is that the solutions that exist today are just not convenient and straightforward enough for most people to use. Anybody can fully encrypt a file before sending it; few people bother to do so because of the extra trouble it takes. Even in the enterprise we find heavy resistance because most of the security tools available today have a negative impact, often an extreme negative impact, on productivity.
In a world dependent on computers and data, this is unacceptable. We cannot hope to change human nature, so the answer lies in the industry developing better tools, that operate at a lower level and ensure data security while allowing for productivity and smooth workflows.
It is one of the problems MGT is working on solving, using Demonsaw and other technologies. In the words of John McAfee, Demonsaw represents the framework upon which the internet should have been built. And while we cannot turn back the clock, we can certainly begin the process of converting our networks into the secure networks we need.