Tuesday, May 29, 2012

Can your computer be used to frame you? I have a tech question about RATs

This post may not make much sense unless you've read the preceding one. Basically, just about every conservative blogger right now is focused on one Brett Kimberlin -- an ex-con who is almost totally unknown on the left, even though he has been associated with some liberal-ish causes. Kimberlin is a big damn deal to the Breitbarters. They accuse him of spoofing Caller ID to sic the cops on right-wing bloggers to investigate non-existent crimes. The technique, we are told, is called SWATting.

For reasons given in the previous post, I think that this whole thing is bogus. The cops may have come, but I see no evidence pointing to Kimberlin. (He's hardly my idea of a great guy, but that's beside the present point.) Besides, he could not possibly gain anything from such an absurd stunt.

Cui bono? Who benefits? 

Obviously, the right benefits. If you want proof, take a look at what Michelle Malkin is doing with this brouhaha. (Mahablog, incidentally, has a good precis of both the events and the reaction.) It's pretty clear to me that the ultimate goal of this exercise is to justify spying on lefties during a Romney administration.

Caller ID spoofing is real. You can find various sites which explain how to do it. But one Cannonfire reader, "Propertius," used to work for the telephone company, and he has raised some interesting points...
911 doesn't rely on CNID (the proper term for "caller id"). It uses ANI, just like WATS services do. ANI is not susceptible to "caller id spoofing".
I asked for follow-up info.
I should point out that my comment about ANI really only applies to traditional phones - VOIP services, for example, are pretty readily hackable.
Ah. Now things get interesting. So this spoofing thing works only if you use VOIP -- that is, if you make the call using your computer, via Skype or a similar service. A call of that sort can be traced to a specific computer, although doing so may take time, since the ISP needs to cooperate with the investigation.

As noted in the previous installment (which you really ought to read), I've learned a few things about the Breitbarters. First and foremost, they're spooks. They do covert ops. In the earlier post, I proved the point by publishing a "liberated" internal document from James O'Keefe's spook shop. These guys make Donald Segretti look like St. Francis.

Second, they don't begin a major ratfuck operation unless they already know the endgame.

I find it awfully damned suspicious that just about every conservative blogger on the net fingered Kimberlin for this stunt, even though there is, at this writing, no evidence against him. (Update: The man who started it all -- Patterico, a.k.a. John Patrick Frey of the L.A. D.A.'s office -- now says he has reason to point the finger at someone else. More on that below.)

The firmness of the accusation coupled with the absence of evidence is the reason why I smell a rat. (An appropriate metaphor, as we shall see.) Fear of lawsuits would normally cause even the most reactionary of writers to weigh their words a little more carefully. But no: These guys are convinced that Evil Brett did it, even though he gained no discernible benefit.

I now think that proof against him does exist and will soon come out. Well, let's use quotation marks: "Proof."

I will go on the record and predict that when that false call to the cops is traced, it will be traced back to a computer belonging to Brett Kimberlin or an associate.

But that doesn't mean Brett (or an associate) made the call.

It is very possible to control someone else's computer remotely. I've seen the phenomenon in action: An employer working from his home took over my work station at his place of business. It was downright eerie to watch the cursor suddenly take on a life of its own.

Here's a piece of software which makes the job easy. Of course, anyone using that software must knowingly allow remote access.

Certain trojans called Remote Access Trojans -- or RATs -- can allow miscreants to control your computer remotely. While you sleep, your computer can be doing all sorts of things -- things that might incriminate you, like downloading kiddie porn or sending an incriminating email. See here and here.

According to Wikipedia, a RAT can be used for these purposes:
Randomly move and click mouse
Record sound with a connected microphone
Record video with a connected webcam
Shutdown, restart, log-off, shutdown monitor
Steal passwords
View screen
View, kill, and start tasks in task manager
So it is very possible for an outsider living many miles away to take control of your computer and make it dial a number using Skype or some other VOIP service.

A problem arises. Once the call is placed, how can the remote administrator talk to the cops (by way of the remotely controlled computer)?

Simple: Three-way conference calling. Several VOIP providers offer this service. Example. Another example.

How does the RAT get on the target computer in the first place? The usual tactics: Email attachments and malware-laden downloads. (Personally, I get an email with a suspect payload at least once a month. I don't open any packages of that sort, I do nightly malware checks, and I wipe my drive very often.)

I'd love some feedback from any readers who know more about this stuff than I do. Is there any flaw in my proposed scenario? More importantly: If a RAT is involved, how can an investigator uncover the truth?

I must admit, framing someone like Kimberlin would be a rather clever move. He has a terrible history; a well-known New Yorker writer devoted an entire book to exposing him as a rotter. If a VOIP call is traced to Kimberlin's address, no-one will want to come to his defense.

And conservatives will then be able to claim that liberals are extremists and terrorists.

About Frey's latest claim: "Patterico" now believes that the voice on his SWAT call matches that of a call-in to a radio show. He further believes that Ron Brynaert -- discussed in a previous post -- may be responsible for both. I know that Brynaert is a psychologically troubled individual; for that reason, my first reaction was to place him atop my own list of suspects. However, Frey adds this:
For more details, read my original post on the harassment other Kimberlin critics and I have suffered at the hands of Brynaert, Neal Rauhauser, and Brett Kimberlin.
Bullshit. Those three are not working together. Ron Brynaert can't get along with anyone in his present state of mind. (The same can be said of Rauhauser. I don't know anyone who likes him.) If Frey thinks that those three are involved in a conspiracy, he's as far gone as Ron. And frankly, you can't build a conspiracy theory around one guy who needs a doctor.

No comments:

Post a Comment