View Full Version : Questions for computer gurus

01-25-2010, 04:43 AM
All help is greatly appreciated!!!

1) Suppose an entire hard drive has been encrypted, and a decrypting software is running on the machine. Does it work by trying lots and lots of randomly generated keys, and if so, how many does it try per minute/ second/ whatever time unit?

2) My main character receives a threat through her computer, and from her description, the system administrator in her department suspects it was sent through a Trojan horse. What course of action would the system administrator take to try and fix the attacked computer? Also, if the computer was connected to some internal database (with personal data), is it correct to say that the database firewalls should have still prevented access to the data?


01-25-2010, 05:40 AM
A lot depends on the encryption method, as well as key strength. You really need to talk to cryptologist. Which I am not. However:

1. Decryption software operates on a variety of methods. The type you describe is called "brute force", and it operates by trying a lot of keys. Sometimes, you can do distributed decryption, where a block of encrypted data is farmed out to a lot of computers. The more computers, the faster the decryption.

2a. The variety of malware is commonly called just a "Trojan". It operates by carrying in a backdoor under the cover of being another program. The backdoor is a program that listens for contact from another computer. In all but the smallest companies, there is one department that contains all the computer guys. For HR and career advancement reasons, there is usually not system administrators for each department, but a pool of sysadmins for the entire system. For large companies, there may be satellite IT departments - it all depends on how the company is structured. Here are the steps to fix the computer:
a. Unplug it from the network. Isolate the damage
b. Determine if it is running a rootkit (a special type of malware)
c. Run a antivirus program
d. Ensure the operating system files are intact and undamaged.
e. Verify the virus has not spread to the rest of the network.

2b. See next post.

01-25-2010, 06:11 AM
Also, if the computer was connected to some internal database (with personal data), is it correct to say that the database firewalls should have still prevented access to the data?

Database programs (Oracle, Microsoft SQL, MySQL, and so forth) have security modules that determine what users and computers can connect to a database. These modules are an intrinsic part of the program, and are not generally called 'firewalls'. Firewalls are more generalized security program that determine what computers and users can connect to other computers.

But to answer your question: if your character is connected to a database, and her computer gets subverted by a Trojan, there is no realistic way that the application can know that. As far as it is concerned, it is getting a connection request from an authorized computer and user.

Now, if you want to make a plausible denial of connection, do put a firewall in between the HR computers and servers and the rest of the company. Make the firewall application aware, then have the Trojan use an attack pattern that the firewall recognizes. (see the Slammer worm). The firewall then blocks the connection request.

Hope this helps.

01-25-2010, 06:28 AM
Is it a custom system or windows.
how deep into techno-babble do you want to go.
Computers have mice in RL, but never in fiction wtf!?



01-25-2010, 07:05 AM
Wow, this is a lot of information!
I don't need to go into too much detail, just make the guy that comes in and looks at the attacked computer sound realistic. Here's the scenario: my character is a doctor, hence her machine is connected to a patient database. So, Bill, to get to your 2b point: whatever database program they use at the hospital, it would have to be smart enough to prevent a Trojan from getting into the database, wouldn't it? (In the way you describe)

If they are that smart though, one may argue, how did the Trojan get in... I don't know, I just need something that gets in her machine so that when she turns it on she reads a threat on her screen, but without creating a general malfunction throughout the hospital.... basically the thing comes, makes the threats, and then disappears.... Is that too unrealistic?


01-25-2010, 07:24 AM
It's simple, really. Have the Trojan piggyback in on an ad in a news aggregator site. Doc comes in, fires up the comp, looks up Google or Drudge Report or his favorite political blog. Bingo, Trojan gets in the comp.

It's possible that the malware could "get into the database". But that's like saying "The virus got into my word document" Remember that a database is really just a file, accessed by an application program that regulates access. Given that, an application program could have a vulnerability (call it a 'buffer overflow'). The Trojan would have to be crafted to work on that vulnerability. All in all, it is relatively unlikely.

Far more likely is that the Trojan allows someone else on a different computer to take over control of the computer. That other person then uses the authorized connection to surf the database. Under this scenarion, she doesn't realize the breach has occurred until she realizes the mouse is moving on its own.

01-25-2010, 07:28 AM
Cool! I like that, thanks!