Rus Articles Journal

What is thermorectal cryptoanalysis?

In applied cryptography are area which is called a slippery word: “Social engineering“. This word beautifully sounds, but means things unattractive. Namely - various ways of stealing of passwords which protect from strangers what is required to be protected. For example, electronic mailbox.

the easiest way practiced in this most social engineering - to get on a workplace, to properly look round and find the sticker with some unclear sequence of letters and figures pasted to the screen. Or to spot from - for a shoulder what symbols are keyed by the system administrator. Or imperceptibly to establish a video camera over a workplace of the system administrator to watch the fingers running on the keyboard.

There are also more graceful methods which are called the scientific word “phishing“. The website which is almost full copy of the entrance page of that website where it is required to get is constructed. And even the address for this website is chosen similar. For example, odnoklasniki. ru. Then mass mailing with the letter of disturbing contents informing, for example, on breaking of the website becomes. With a request according to the enclosed reference to return on the website and to enter login and the password to be convinced that everything is all right. The alarmed addressee, without having found a dirty trick, will click on the link, will see the familiar website, without having paid attention that the website address incorrect. And then will enter prosimy data, will be delighted to an inscription: “Malfunction is liquidated. We thank you for the help!“ Is what to thank for - the victim just reported data for an entrance to its account. It is possible not to doubt that if, after a while, the person tries to enter a favourite social network, he will not manage it. You should not doubt that in account contents someone for certain started the long nose also. The poor creature was caught as a small fish on a hook. Therefore this method a phishing is called.

It is not necessary to think that the phishing works only with “teapots“. Recently one my acquaintance studying on courses of system administrators with own hand told some bad children number of the credit card. And the thought that it fell a victim of swindlers came to it in a second after the message was successfully sent.

This rather dirty piece “social engineering“, isn`t that so? However methods dirtier adjoin it. Frankly speaking, gangster methods. The matter is that the majority of serious information systems are well protected now. Passwords for an entrance to them difficult, and, above all - long that does almost unreal attack to the password by method of direct search. This search and a lot of time will cost very much he will demand.

But there is a way simpler, cheaper and very effective. It consists in attack not on the password, and on the one who is the carrier of this password. In other words, it is necessary to talk to the one who knows the password and to ask to open its this password. To ask polite or not too politely. And it is possible, even to apply make-shifts to belief.

At Americans, for example, one of make-shifts - a rubber bludgeon which very sensitively (and the most important, without leaving marks) okhazhivat the keeper of secrets on stupnyam. On - American similar method of disclosure of the password is called “cryptoanalysis a rubber hose“ (rubber - hose cryptanalysis). The similar Russian method is called thermorectal cryptoanalysis. It means the hot soldering iron inserted into back pass for those who are not strong in Latin. The method is a little rough, but yielding fine results.

Power influence on carriers of secrets with the purpose to learn these secrets - long military tradition. A practical example - on the last pages of the novel of V. Bogomolov “In August of the forty fourth“ when smershevets Tamantsev “splits“ the radio operator of enemy diversionary group. Trying to obtain “the truth moment“, it influences the radio operator purely psychologically. But at some obstinacy interrogated, could apply to it also rough painful physical methods of influence too.

Heroes - Komsomol members in the Soviet novels about war valorously took out awful tortures. The rough reality, as always, does not coincide with its highly artistic descriptions. Reality such is that any person if not to stand on ceremony with him, it is possible to break for fifteen - twenty minutes of an intensive consequence. Therefore having been tired vozdushno - landing troops in case of capture of one of members of diversionary group, gives to her commander fifteen minutes on completely changing plans and the direction of the movement of the division entrusted to it.

In turn, many developers of information systems provide even power attempt to get into system. In order that spiteful remained Buratinki with the long nose, the system of the opened and closed keys is created. Open keys are applied to enciphering of messages, and closed - to interpretation. The closed key is known at the same time not to all those who works with information system. However, to tell about it to the cryptoanalyzer with a soldering iron and furthermore to prove that the closed key is not known to you, much do not manage.

Sometimes the system of a repeated encryption helps. At the same time the files or areas on the hard drive containing not the most confidential materials are ciphered by one key. If interrogated is not able to sustain power pressure and will give this key, the damage from penetration into system can be quite tolerant.

However in the zone ciphered by the first key files or areas where are more important information can be placed. These files or areas are ciphered in addition by the second key. It is quite possible that in a magic room where it is possible to get only with two keys, there is one more confidential door behind which there are main secrets. And a key from this, the third, a door - originally gold.

It is not necessary to think that methods of opening of information secrets by brute force apply only mafia structures. Such methods in the course and at security officers who fight against mafia or with terrorists. To what “bad guys“ should be ready. And to thank God if they fall into hands of the American investigator who is under constant surveillance of lawyers. Therefore at most that the American investigator is able to afford, it to move the person under investigation naked along a corridor of prison, to provide it never-ending cold from the stream of cold air directed from the conditioner, or, as a last resort, notorious cryptography by means of a rubber hose, painful, but obvious marks not leaving. But sometimes Americans give an opportunity to local security service to deal with the violators caught in the territory of their countries. Turkey or Thailand - the countries in which human rights are not observed by default and lawyers are not allowed to a consequence. Especially to a consequence concerning state security.

So, one of computer thieves, the young man from Eastern Europe who stole from accounts of the Turkish banks of 11 million dollars and caught in the Turkish resort, the local police in a week forced to report the password of access to the laptop. Lawyers tried to soften a fate of the ward, having transferred business under jurisdiction of the American court as their client and in the USA caused a stir too. Did not leave. 30 years of the Turkish prison received by the fellow cannot be considered as the resort in any way. However what was told about it by unforgettable Gleb Zheglov?

By the way, the reference for fans of rest in French riviera. In beautiful France the innocence presumption in investigating authorities does not work. The detainee has to prove the police officer that he is not a camel.