The Standards Blog

The Lafayette Deception, Chap. 8: The Doctor will Diagnose you Now

Lafayette Deception (a Cyber Thriller)

Welcome to the sequel to The Alexandria Project, a cybersecurity thriller.  If you'd like to read the book this series is based on, you can read the first three chapters for free here.

Jan Steen: The Doctor's Visit (betwee, 1658 - 1662), courtesy Jarekt/Widimedia CommonsFrank was puffing his way up the dirt road leading away from the canyon rim, focusing on his breathing. He’d actually lost five pounds in the first week of his new regime, and had also progressed from walking fast to alternating walking with short bursts of labored jogging. The near-term goal he was now focusing on was to reach the point where his jogging interludes were longer than his walking ones.

He hadn’t been as successful on the technical front. Despite the revelation that whatever had been interfering with data on his server hadn’t affected the same data on his laptop, he was still struggling to figure out why. Worse, when he had tried the same exercise a second time, the data on his laptop did flip. But what had changed? Had he done something different the first time without realizing it, or was there a vital clue that he was missing?

Eventually, he thought he had found the answer, or at least what might be the first half of it: because his server had been cycling when he had tried the test on his laptop the first time, his WiFi network would also have been down.  That meant that his laptop was disconnected from the Internet.  In the jargon of the trade, it was temporarily “air gapped,” and therefore not susceptible to external tampering.  That would explain why the data had flipped when he ran the report the second time – by then, his server and his WiFi connection had been restored, and presumably whatever mischief the hackers had put into motion had traveled from the host copy of the polling software to his laptop.

Have you discovered
The Alexandria Project?

Buy at Amazon: click icon at right

Buy at iTunes Store

Buy at Barnes & Noble

This is all pretty silly, because there’s no reason why you should be anything other than proud of your work once it reaches the market.  Here’s how to make sure that happens.

But first, we need to lob a few grenades at the publishing industry for its refusal to adopt a common format standard for publishing.  Remember standards?  This is, after all, the Standards Blog.

But first, we need to lob a few grenades at the publishing industry for its refusal to adopt a common format standard for publishing.  Remember standards?  This is, after all, the Standards Blog.

So far, so good.  But if that were true, he should be able to find the changes to the program, and he hadn’t been able to. He had tried the same experiment on the spare laptop he had with him, loading the polling software from an installation disk and running it thoroughly through its paces with poll after poll, all the while with his WiFi card turned off.  Sure enough, Curly kicked Larry’s butt every time until Frank turned it back on again.  After that, Curly reliably when down to defeat.  But still, Frank could not detect the slightest change in his laptop software.

Frank mused on that quandary for several cycles of walking and running.  How would he change something without changing it?  He made himself once more break into a trot.  That wasn’t quite the right question, though, was it?  He should have asked how he would change something without the change being detectible. That had to be the right question, didn’t it? It might have been the right question, but it didn’t seem to have an answer.  Gasping for breath, he slowed once again to a walk.

Frank was still puzzling over that one as he showered and changed.  And while he stared across the canyon, eating the banana and cup of bran flakes that had become his daily breakfast.  What hadn’t he tried yet?  Hadn’t he already considered every conceivable possibility? 

Maybe writing down all of the possible answers would help.  He went into the camper for a pad of paper, and then returned to his chair and stared at the pad before writing a few lines down.

1.  I just missed something.

2.  Whatever is happening is happening somewhere else on the system.

He stared at the pad and couldn’t think of another possibility – dead end.  Then an old saying occurred to him: after you’ve eliminated all of the possible answers, all that’s left are the impossible ones.  So he started writing again:

3.  It’s quantum mechanics in action – it wasn’t Larry or Curly that “won,” it was Schrödinger’s cat.  Until I looked at the report, neither and both Larry and Curly had won.

Cute, but likely not too helpful.  And he didn’t know enough about quantum mechanics to go anywhere with that one anyway.  So number three was out.  He’d already done as much as he could on number 1, so if that statement was accurate, he didn’t know what to do next.  That left the possibility that he just hadn’t been looking in the right place.  Maybe there might be something to work with there.

He began pacing.

Where to begin?  Well, for starters he remembered that the Marvinites had checked their entire system and had been unable to detect any changes.  But maybe they had been looking in the wrong places as well, or the changes had been so subtle that they hadn’t been able to detect them.

Maybe an analogy might help, he thought.  We already talk about viruses, and the analogy between biological and computer systems in this regard really is very close.  So maybe if I take the medical metaphor further, that might help.  He liked that, and began walking faster.

Thomas Bartholini's beak [plague] doctor - 1661  Courtesy Doug Caldwell/Wikimedia CommonsSo if I think of this as a disease, how would I go about diagnosing it? I’d look for symptoms.  And I’d run a lot of tests.

He sat down in his chair again and picked up his pad of paper.  So what were the symptoms?  All he could think of was the fact that the polling data was flipping.  Was he missing something?  Not that he could think of.  So how about tests?  Were there any that he hadn’t thought of yet?

Stumped again. He couldn’t really think of anything.  He’d run the server logs, and looked for who had come and gone.  And he’d run the object code of the polling software through an analyzer before and after the scans and the code looked the same.  He was willing to swear on a stack of bibles that that there wasn’t a single trapdoor anywhere in his system, too.  So hadn’t he already checked the pulse, temperature and blood pressure of the system and found everything normal?

Then he had a thought.  The answer to that question was yes, but again, maybe it wasn’t the right question.  After all, a thermometer could only tell you about a patient’s temperature, right?  And a wristwatch, her pulse, and a pressure cuff, her blood pressure!  None of them would be any use at all in detecting a heart murmur, would it?  Maybe there was data that he hadn’t thought to look at yet, or a test he hadn’t thought to run - the equivalent, for purposes of his medical analogy, of an electrocardiogram.

The sun was beginning to set by the time he gave up on that line of attack.  It had seemed promising, but he couldn’t think of any data or test he’d neglected.  Could it be that the answer was staring him in the face and he just couldn’t see it?

He tried to clear his mind and give it one last shot.  Maybe he had tried all the right tests – even the equivalent of the electrocardiogram.  And maybe had hadn’t missed anything when he did.  After all, there was a way that even an electrocardiogram might not tell you anything, and that was if you were trying to catch an intermittent symptom, and you hadn’t run the test at the right time.  You wouldn’t know the patient had a problem unless you caught the problem happening, right?

That sounded good.  After all, so far he’d always run his tests before and after the data corruption had occurred, and not while he was inputting the data and running the reports.  What an idiot!  Now he’d have to start all over again.

It was getting dark, and Frank was getting hungry.  He’d have to start over the next day, or at least inside and after dinner.  But he was impatient.  What could he check quickly?

The only thing that occurred to him was the access log report for his laptop for the time period during which he’d run one of his clean laptop tests – the ones that encountered no problems while he was off line, but then produced altered data ever after, whether or not he was on line.  He called the log up and scrolled through until he found the right time period.

It was slow and tedious work parsing through the endless lines of data, and there seemed to be nothing out of the ordinary.  The only traffic recorded on the laptop’s modem was the output of the data from the client copy of the polling software to the server copy after it had been entered on the laptop.

And then he looked again.  That wasn’t exactly right, was it?  There was another line that repeated endlessly through the log, identically, and every few seconds, so endlessly and reliably that he had ignored it entirely.  Almost, you might say, like a pulse – no, not a pulse, just like clockwork.

Excited, he ran his finger down the left margin of page after page of the report, looking for one of the repeating lines that looked just a little bit different than all the rest. 

And then he saw it - a line that was just a few bytes longer than all the rest – except one, a few lines further down.  A slow smile of satisfaction – and admiration – spread across his face.  

- 0000 - 0001 - 0010 - 0011 - 0100 - 0011 - 0010 - 0001 - 0000 - 

If you're enjoying The Lafayette Deception, please tell your friends!

Read the next chapter here

Read the first chapter here

 You can also follow Frank on Follow Adversego on Twitter