Half a croissant, on a plate, with a sign in front of it saying '50c'
h a l f b a k e r y
i v n i n seeks n e t o

idea: add, search, annotate, link, view, overview, recent, by name, random

meta: news, help, about, links, report a problem

account: browse anonymously, or get an account and write.

user:
pass:
register,


                                           

Source Code Extortion

Anonymous Ransom
  (+4, -2)
(+4, -2)
  [vote for,
against]

Most kidnappings fail because the kidnappers are forced to be physically present at the location where the cash changes owners. This is an inherent weakness of kidnapping, no matter how ingenious the plan is.

The solution is to anonymize this transaction. Here is how:

1. Kidnap a rich person's family member 2. Persuade the rich person to purchase the intellectual rights to a popular proprietary software package 3. Instruct them to send you the source code over an anomyous encrypted network, such as Tor or i2p (it's impossible to trace the recipient's IP on those networks) Incidentally, the same network would be used to communicate with the victim. 4. Sell the source code to a black market software developer in some corrupt country like Russia or China, for cash. (this arrangement would be made in advance)

PS. I don't condone the above, but think it could be used as a good plot for a book or thriller.

kinemojo, Feb 11 2007

Reflections on trusting Trust http://www.acm.org/classics/sep95/
How to make a trojan compiler [Loris, Feb 13 2007]

Stunnix CXX-Obfus http://www.stunnix....cxxo/overview.shtml
Billed as "the obfuscator for C and C++ source code" [Loris, Feb 14 2007]

International Obfuscated C Code Contest (Wikipedia entry) http://en.wikipedia...ated_C_Code_Contest
Programmers are a funny bunch. [Loris, Feb 14 2007]

Please log in.
If you're not logged in, you can see what this page looks like, but you will not be able to add anything.
Short name, e.g., Bob's Coffee
Destination URL. E.g., https://www.coffee.com/
Description (displayed with the short name and URL.)






       How would one know the source code to Microsoft Excel compared to Leisure Suit Larry #4?
jhomrighaus, Feb 11 2007
  

       You're not limited to software here - any sort of self-contained information (e.g., "government secrets") can be extorted to an anonymous recipient. As a criminal, you still have to cover your tracks when reselling the information - the financial transaction remains difficult, although you gain the advantage of being able to pick who you do business with.
jutta, Feb 11 2007
  

       Right. Just send me encrypted wire transfer codes to the nearest Swiss bank branch, and I'll send you the encrypted GPS transponder key to your precious.
reensure, Feb 11 2007
  

       This does point to some high level targets. You wouldn't have to have a rich person buy it you could get one of the developer's kids. All the more reason that the only distributed computer should be military. "there can be only one" I think you have a bun from me [+] Even if you don't condone it, it is an idea that should be considered from both ends.
MercuryNotMars, Feb 11 2007
  

       /only distributed computer should be military/   

       Why?   

       On second thought, never mind.
Texticle, Feb 11 2007
  

       Didn't Jack Bauer do this on 24 last week?
Galbinus_Caeli, Feb 12 2007
  

       all you have to do to check if you have the right source code is compile it.   

       The other part of my reasoning is on my fairly recent post   

       Jack Bauer is a genius who knows how to hang out with evil geniuses.
MercuryNotMars, Feb 12 2007
  

       //all you have to do to check if you have the right source code is compile it. //   

       Hah hah! I see a flaw.
I supply you with a carefully nobbled spyware version of the code. Now it will scan your hard drive for clues and attempt to phone home whenever it can.
Think you can find it in the source? Good luck looking - I'll hide the important bits encrypted in data files, or in a special modified compiler you have to use to build it.
Loris, Feb 12 2007
  

       source code is generally well explained with comments and the logic is easy to follow because it is constructed to be worked on and built upon by teams. No one builds that kind of obsfucation into source code. It doesn't pass off easy like that. The best you can do is to hide it in the volumes of work.   

       line 210,801 comment !! this is the dial home function that all programmers should familiarize themselves with of the Beta hitchhike function for programmers whose kids have been kidnaped, If you wish to modify the dial home time and the message. Default is 5 minutes after loading but the following vairables "time" and "circumstance_message" and "final_message" are available to modify and are reserved variables. It is suggested that all programmers familairize themselvs with this function and plan ahead !!
MercuryNotMars, Feb 12 2007
  

       Let me unflaw that for you.   

       I don't understand viruses fully but I am sure it will depend on the program. You will know how to program viruses to exploit Windows better if you see the flaws in front of you. Viruses can be looked at as flawed OS   

       One major complaint of software designers was not being able to interact with Microsoft on the same level as other Microsoft programs. That was an open source/closed source issue.   

       Some programs perform functions that you don't want other people retro engeineering and designing analogous programs. You don't want people taking Tax Cut 2006 and transforming it into Tax Cheat 2006 when they have they have their guarantee of accurate calculations covering their proprietary software.   

       My recent idea for a Distributed Computing Market, Though probably no one caught it or cared I needed closed source for security reasons. Seriously do you think China cares about a new way to pirate software?   

       Wait a second you have a major point because he said intelectual property rights. I completely missed the subject with this comment and [Lt-Frank] has super legitimate point. about an aspect of this plan.
MercuryNotMars, Feb 13 2007
  

       //source code is generally well explained with comments and the logic is easy to follow because it is constructed to be worked on and built upon by teams. No one builds that kind of obsfucation into source code. It doesn't pass off easy like that. The best you can do is to hide it in the volumes of work.//   

       Actually this is not true.
(1)Well explained source is the ideal, not the standard. Quite often source is naturally obfurscated!
(2)People _do_ deliberately obfurscate code, for various reasons. You can't claim that it is impossible; its not even difficult.
(3)Any program worth stealing the source of will have absolute haystacks of source to hide a small trojan in. Even unobfurscated, a non-commented piece of code would be hard to find within a relatively tight deadline.
(4)You've not appreciated the relevance of my reference to data files and the compiler. Please refer to the link.
Loris, Feb 13 2007
  

       Demand source code which compiles to match the release version.
supercat, Feb 13 2007
  

       //Demand source code which compiles to match the release version.//   

       Good point, although you could argue that you'd been modifying the sources since release. Or that it did on your machine. (Relying on another proprietary library they couldn't get the exact same version of would be useful for this.)
Or you could arrange it to compile the same until modified in some fairly likely way, or something like that.
  

       //One major complaint of software designers was not being able to interact with Microsoft on the same level as other Microsoft programs. That was an open source/closed source issue.//
Actually it wasn't. The other programmers would have wanted MS to release documentation on the APIs (application-program interfaces), not the source-code.
Loris, Feb 13 2007
  

       Documented would be making things easy. Open source would make it doable. Closed source is for the purpose of making it impossible. It is one in the same issue even if you don't need every detail of the inner workings every detail would include the details you do need. I am sure you are absolutely right about what they requested of microsoft. I didn't even know about API's formally, just news reports that compared it to not knowing where the Gas pedal was on a car.   

       While you may point out that you can obsfucate source code, no one does (on purpose) and this points to why people might want to consider such a thing. I have just never heard of such a thing. You can't say it is a flaw in the plan if no one would ever actually take advantage of the flaw. You are thinking too deep. It is like you are trading peices evenly to accentuate a lead by a pawn when you are taking on a first time player. Go ahead and play up that angle but what you are saying is this is actually a good idea, if you think people are going to plan for it.   

       If you want to plan for it you might want to think about selling a stand alone package to be incorporated into source code by a time pressed over stressed programmer who has his kid taken hostage. I guarantee though that the kidnapper is going to have more time to plan and research every angle of his plan than some unsuspecting programmer who has just had an artificial deadline imposed on him. You might want to think about cold calling programmers instead of advertizing and being searchable on the internet.
MercuryNotMars, Feb 14 2007
  

       //While you may point out that you can obsfucate source code, no one does (on purpose) and this points to why people might want to consider such a thing. I have just never heard of such a thing.//   

       Well if you've never heard of it then obviously it doesn't exist. Because you can't think of a reason why people might want to do such a thing, there definitely can't be a reason.
You don't need to click on my second link, because it is patently impossible for it to point to a commercial code obfuscator with a nice explanation of why people might want to use it.
  

       //but what you are saying is this is actually a good idea, //   

       Actually its an evil idea. Check the category. (I never said I didn't like the concept.)   

       Regarding deadlines, I do feel obliged to point out that the idea suggests purchasing code. This might would some time, and you could easily hire a team of programmers in the mean-time (if you were rich).
Loris, Feb 14 2007
  

       In the evil category, are bones good and buns bad? Or are buns good bad and bones bad bad? I mean good bad as very bad rather than bad which is actually good. Do two bads make a good? Do two bones make a loaf? Do two loafs make a big loaf?
TheLightsAreOnBut, Feb 14 2007
  

       "where is my kid?"   

       "where are my variable names?"   

       I noticed that doing this is evil. That doesn't mean it is not a good idea. I could be referencing the idea of protecting yourself from this if you have a hard time disassociating the two concepts. It is a good idea to understand the tricks of con artists.   

       Generally I think people will wait until it really happens to someone before they tax themselves by employing preventive techniques. I never said it wasn't preventable. The first step will probably be giving programmers no access to their source code so they can honestly say that it is impossible to fulfill the demands of the kidnappers. This might sound cruel but it might make the idea unattractive to begin with.   

       As hard as anything is, I am sure that is the easiest way. Leave work at work. Maybe give people only ROM memory interfaces to work with and no hard drives that you can fit up your butt. When you see that at workplaces I will say that this idea had been defeated but it would be proof of the idea's relavancy.
MercuryNotMars, Feb 14 2007
  

       It's an interesting idea, but:   

       //4. Sell the source code to a black market software developer in some corrupt country like Russia or China, for cash//   

       (-) for promoting software piracy.
wolstech, Feb 16 2007
  


 

back: main index

business  computer  culture  fashion  food  halfbakery  home  other  product  public  science  sport  vehicle