The challenge of unprovable data transfer has a solution.
I will begin with the simplest, in the original note even contains part of the answer. An example of a program that is offered is a trojan. Many apparently have forgotten that a trojan is a program that is offered to the user under the guise of a completely ordinary application without any kind of “malicious” actions. So you can get a person to use your program, and she will do something not very good.
The first condition: do not create suspicious traffic. So the program must transfer data according to its conditions. For example, an icq client, or a browser, or even an email client transmits data, and this does not cause anyone to suspect it. So the program was originally aimed at working with the Internet.
But then the question arises, what about the condition of the problem, where it is said that the source code of the program can be accessed, and therefore all malicious actions will be revealed by studying the internals of the program.
The conclusion is very simple: there should not be unauthorized actions in the program. At all.
')
We'll have to bring the "unauthorized" component out of the application.
When I had one thought, I turned to a friend with this task, and he proposed virtually the same option, only with a different program. I had a version to use Skype, and he had an email client (apparently with encryption, but that depends on the type of data). The main factor: man. As always, this is the weakest link. Why send a password in the form of letters and numbers if you can speak it into the microphone? Skype program, which is known, it can send data, everyone knows that the data is encrypted. If we take into account that the program will be disassembled for parts or even get the source code, then there will not be any destructive or unauthorized functions (hopefully). However, the secret data has already been transferred, under the guise of normal traffic, from the allowed program.
With the mail client is the same, you can not even encrypt anything. The conditions do not indicate which data to transmit, maybe this is just one word, let's say some kind of attack signal. The phrase “Good day”, instead of the usual “Good day” will not cause suspicion in most cases, but will serve as a signal for the receiving party.
Here I want to remind reception from books and films when data is transmitted through newspaper ads. In a legal newspaper (an analogue of the mail client), a legal ad is issued (the code word reports certain data), and is delivered to the addressee (an analogue of the Internet). A newspaper, no matter how you look at its “code”, cannot be suspected. The message will be a standard ad, there are a thousand of them in this newspaper, and all look like one another. To isolate illegal traffic will not work.
There is a hardware option. I do not know whether such devices exist, but there are already a lot of interesting and similar things. I propose such a version: a black box that records sound (let it write constantly) has an input and an output where a microphone is connected on one side and a computer on the other. Such a "man in the middle." And when the sound comes from the microphone (probably the user communicates via Skype), the program will mix (I don’t know by what algorithm) your recordings. A person will call may be on our order, or maybe just a friend or customer (in vain we will give "encryption"), but will not suspect anything. As a result, we have the same legal traffic in the pros. And the "black box" in the minuses, although it does not even emit anything, like some modern devices. Let me remind you that you need to be able to pop up a Trojan program, and at a certain level, connecting a hardware device or installing a program will not make any difference. Everything is equally difficult / simple depending on the situation.
It turns out that the solution of the problem is taken from the program area. But it offers the most complete compliance with the conditions of the problem. By the way, the word “troy” is used in the conditions of the problem, which can be interpreted quite widely.
The first condition: do not create suspicious traffic. So the program must transfer data according to its conditions. For example, an icq client, or a browser, or even an email client transmits data, and this does not cause anyone to suspect it. So the program was originally aimed at working with the Internet.
But then the question arises, what about the condition of the problem, where it is said that the source code of the program can be accessed, and therefore all malicious actions will be revealed by studying the internals of the program.
The conclusion is very simple: there should not be unauthorized actions in the program. At all.
')
We'll have to bring the "unauthorized" component out of the application.
When I had one thought, I turned to a friend with this task, and he proposed virtually the same option, only with a different program. I had a version to use Skype, and he had an email client (apparently with encryption, but that depends on the type of data). The main factor: man. As always, this is the weakest link. Why send a password in the form of letters and numbers if you can speak it into the microphone? Skype program, which is known, it can send data, everyone knows that the data is encrypted. If we take into account that the program will be disassembled for parts or even get the source code, then there will not be any destructive or unauthorized functions (hopefully). However, the secret data has already been transferred, under the guise of normal traffic, from the allowed program.
With the mail client is the same, you can not even encrypt anything. The conditions do not indicate which data to transmit, maybe this is just one word, let's say some kind of attack signal. The phrase “Good day”, instead of the usual “Good day” will not cause suspicion in most cases, but will serve as a signal for the receiving party.
Here I want to remind reception from books and films when data is transmitted through newspaper ads. In a legal newspaper (an analogue of the mail client), a legal ad is issued (the code word reports certain data), and is delivered to the addressee (an analogue of the Internet). A newspaper, no matter how you look at its “code”, cannot be suspected. The message will be a standard ad, there are a thousand of them in this newspaper, and all look like one another. To isolate illegal traffic will not work.
There is a hardware option. I do not know whether such devices exist, but there are already a lot of interesting and similar things. I propose such a version: a black box that records sound (let it write constantly) has an input and an output where a microphone is connected on one side and a computer on the other. Such a "man in the middle." And when the sound comes from the microphone (probably the user communicates via Skype), the program will mix (I don’t know by what algorithm) your recordings. A person will call may be on our order, or maybe just a friend or customer (in vain we will give "encryption"), but will not suspect anything. As a result, we have the same legal traffic in the pros. And the "black box" in the minuses, although it does not even emit anything, like some modern devices. Let me remind you that you need to be able to pop up a Trojan program, and at a certain level, connecting a hardware device or installing a program will not make any difference. Everything is equally difficult / simple depending on the situation.
It turns out that the solution of the problem is taken from the program area. But it offers the most complete compliance with the conditions of the problem. By the way, the word “troy” is used in the conditions of the problem, which can be interpreted quite widely.
Source: https://habr.com/ru/post/87374/
All Articles