With each book I write, I usually create an accompanying blog post about the technology in the story: what’s real, what’s on the horizon, and what’s totally made up.
My previous Singularity series extrapolated out from current day technology by ten year intervals, which turned the books into a series of predictions about the future. Kill Process is different because it’s a current day novel. A few of the ideas are a handful of years out, but not by much.
Haven’t read Kill Process yet? Then stop here, go buy the book, and come back after you’ve read it. 🙂
Warning: Spoilers ahead!
The technology of Kill Process can be divided into three categories:
- General hacking: profiling people, getting into computers and online accounts, and accessing data feeds, such as video cameras.
- Remotely controlling hardware to kill people.
- The distributed social network Tapestry.
General Hacking and Profiling
In the mid-1980s, Angie is running a multiline dial-up chat system called a Diversi-Dial (real). An enemy hacker shuts off her phone service. Angie calls the phone company on an internal number, and talks to an employee, and tricks them into reconnecting her phone service in such a way that she doesn’t get billed for it. All aspects of this are real, including the chat system and the disconnect/reconnect.
As an older teenager, Angie wins a Corvette ZR1 by rerouting phone calls into a radio station. Real. This is the exact hack that Kevin Poulsen used to win a Porsche.
In the current day, Angie regularly determines where people are. They’re running a smartphone application (Tomo) that regularly checks in with Tomo servers to see if there are any new notifications. Each time they check in, their smartphone determines their current geolocation, and uploads their coordinates. Angie gets access to this information not through hacking, but by exploiting her employee access at Tomo. All of this is completely feasible, and it’s how virtually all social media applications work. The granularity of geocoordinates can vary, depending on whether the GPS is currently turned on, but even without GPS, the location can be determined via cell phone tower triangulation to within a few thousand feet. If you want to mask your location from social media apps, you can use the two smartphone approach: One smartphone has no identifying applications or accounts on it, and is used to act as a wireless hotspot. A second smartphone has no SIM card and/or is placed in airplane mode so that it has no cellular connection, and GPS functionality is turned off. It connects to the Internet via the wireless hotspot functionality of the first phone. This doesn’t hide you completely (because the IP address of the first phone can be tracked), but it will mask your location from typical social media applications. While Angie can see everyone, because of her employee access, even regular folks can stalk their “friends”: stalking people via Facebook location data.
Angie determines if people are happy, depressed, or isolated based on patterns of social media usage as well as the specific words they use. Feasible. Studies have been done using sentiment analysis to determine depression.
Angie profiles domestic abusers through their social media activity. Quasi-feasible. Most abusers seek to isolate their victims, and that will include keeping their victims off social media. That would make it hard for Angie to profile them, because it’s difficult to profile what’s not there. On the other hand, many abusers stalk their victims through their smartphones, which actually opens up more opportunities to detect when such abuse happens.
Angie builds a private onion routing network using solar-powered Raspberry Pi computers. This is very feasible, and multiple crowd sourced projects for onion routers have launched.
Angie seamlessly navigates between user’s payment data (the Tomo app handles NFC payments), social media profiles, search data, and web history. This is real. Data from multiple sources is routinely combined, even across accounts that you think are not connected, because you used different email addresses to sign up. There are many ways information can leak to connect accounts: a website has both email addresses, a friend has both email addresses listed under one contact, attempting to log in under one email address and then logging under a different across. But the most common is web browser cookies from advertisers that tracking you across multiple websites and multiple experiences. They know all of your browser activity is “you”. Even if you never sign up for Facebook or other social media accounts, they are aggregating information about who you are, who your connections are. Future Crimes by Marc Goodman has one of the best descriptions of this. But I’ll warn you that this book is so terrifying that I had to consume it in small bits, because I couldn’t stomach reading it all at once.
Angie hacks a database that she can’t access by provisioning an extra database server into a cluster, making modifications to that server (which she has compromised), and waiting for the changes to synchronize. Likely feasible, but I don’t have a ton of experience here. The implication is that she has access to change the configuration of the cluster, even though she doesn’t have access to modify the database. This is plausible. An IT organization could give an ops engineers rights to do things related to provisioning without giving them access to change the data itself.
Angie did a stint in Ops to give herself backdoors into the provisioning layer. Feasible. It’s implausible that Angie could do everything she does by herself unless I gave her some advantages, simply because it’s too time consuming to do everything via brute force attacks. By giving Angie employee access, and letting her install backdoors into the software, it makes her much more powerful, and enables her to do things that might otherwise take a large group of hackers much longer periods of time to achieve.
Angie manipulates the bitcoin market by forcing Tomo to buy exponentially larger and larger amounts of bitcoin. This is somewhat feasible, although bitcoin probably has too much money invested in it now to be manipulated by one company’s purchases. Such manipulation would be more plausible with one of the smaller, less popular alternative currencies, but I was afraid that general readers wouldn’t be familiar with the other currencies. The way she does this is somewhat clever, I think. Rather than change the source code, which would get the closest level of inspection, she does it by changing the behavior of the database so that it returns different data than expected: in one case returning the reverse of a number, and in another case, returning a list of accounts from which to draw funds. Since access to application code and application servers is often managed separately from access to database servers, attacking the database server fits with Angie’s skills and previous role as database architect.
Angie is in her office when Igloo detects ultrasonic sounds. Ultrasonic communication between a computer and smartphone to get around airgaps is real. Basics of ultrasonic communication. Malware using ultrasonic to get around air gaps of up to 60 feet.
Remotely Controlling Hardware
In the recent past, most devices with embedded electronics ran custom firmware that implemented a very limited set of functionality: exactly what was needed for the function of the device, no more and no less. It ran on very limited hardware, with just exactly the functionality that was needed.
But the trend of decreasing electronics cost, increasing functionality, and connectivity has driven many devices towards using general-purpose operating systems running on general purpose computers. By doing so, they get benefits such as a complete network stack for doing TCP/IP communication, APIs for commodity storage devices, and libraries that implement higher levels functions. Unfortunately, all of this standard software may have bugs in it. If your furnace moves to a Raspberry Pi controller, for example, you now have a furnace vulnerable to any bug or security exploit in any aspect of the Linux variant that’s running, as well as any bugs or exploits in the application written by the furnace manufacturer.
Angie has a car execute a pre-determined set of maneuvers based on an incoming signal. Feasible in the near future. This particular scenario hasn’t happened, but hackers are making many inroads: Hackers remote take control of a Jeep. Remotely disable brakes. Unlock VW cars.
Killing someone via their pacemaker. Feasible: Hackers Kill a Mannequin.
Controlling an elevator. Not feasible yet, but will be feasible in the future when building elevators implement general internet or wireless connectivity for diagnostics and/or elevator coordination.
Software defined radios can communicate at a wide range of frequencies and be programmed to use any wireless protocol. Real.
Angie hacks smoke and carbon monoxide alarms to disable the alarm prior to killing someone. Unfortunately, hacking smoke alarms is real, as is hacking connected appliances. Appliances typically have very weak security. It’s feasible in the near future that Angie could adjust combustion settings and reroute airflow for a home furnace. Setting a house on fire is very possible.
There’s a scene involving a robot and a gun. I won’t say much more about the scene, but people have put guns on drones. Real.
Tapestry / Distributed Social Networks
Angie defined a function to predict the adoption of a social network. This was my own creation, modeled on the Drake Equation. It received some input from others, and while I’m not aware of anyone using it, it probably can be used as a thought exercise for evaluating social network ideas.
IndieWeb is completely real and totally awesome. If you’re a programmer, get involved.
The protocols for how Tapestry works are all feasible. I architected everything that was in the book to make sure it could be done, to the point of creating interaction diagrams and figuring out message payloads. Some of this stuff I kept, but most was just a series of whiteboard drawings.
I haven’t exhaustively covered everything in the book, but what I have listed should help demonstrate that essentially all the technology in Kill Process is known to be real, or is plausible today, or will be feasible within the next few years.
For more reading, I recommend:
- Future Crimes by Marc Goodman: current non-fiction about what’s possible today and in the near future.
- Classic accounts of real-life computer hackers: