Taylor Swift – infosec superstar

I don’t even know any of her songs (true!) but the noise generated by a Taylor Swift-styled Twitter account in her other career passion – IT Security – portrays her as a standout thinker in a critically important environment.

Communicating the need for security to the masses is just one part of the battle. The story below, originally posted on her swiftonsecurity.tumblr.com blog is remarkable. It’s hard not to swap yourself in the story as you read – which you should do. Now.

A Story About Jessica

I want you to imagine someone for me. Her name is Jessica and she is 17 years old. She lives in a two bedroom apartment with her mother and uses an old laptop she got from one of her mom’s ex boyfriends. With it, she browses the portals that serve as her connection to the community constructed around attending the same high school. She is concerned with boys and love and the next rent payment keeping her and her mother in the apartment.

She doesn’t have the money for a new laptop. She doesn’t have the money to upgrade it, either. She doesn’t even know how you do that. She has other interests, like biology. She just worries about how she would pay for college, if she can keep her grades up enough to get a scholarship somehow.

The only person she knows in her whole life that’s good with computers is Josh, in English class. She knows she needs an antivirus, so she asks him. He gives her an option that costs $50 a year, but he notices her sudden discomfort and kindly mentions about an antivirus that’s free. When she goes home she downloads and installs it. It took some effort and it seemed complicated and took awhile, but there was now a reassuring new icon in the bottom right of her screen that says “Protected” when she hovers the mouse icon thing over it.

Jessica hears on the news all the time about companies being hacked and photos being stolen. She heard on CNN you’re supposed to have a complex password with something special in it, like a dollar sign, so she does. At least on her Facebook account – she isn’t interested enough to find out how to change her other account passwords. That sounds like such an investment of time, and she is busy enough focusing on remembering abstract strings of equations in Math class. She doesn’t want to remember another abstract string of numbers and letters for passwords. Besides, she’s a teenager, whose brains aren’t very good at planning or compensating for risk.

She heard about something called a password manager, but she knows not to download things from the Internet. She doesn’t know what to trust. One time, she clicked the “Download Now” button for a program she heard about from the news, and it took her to a different website. She doesn’t have a community to ask for advice. And, besides, she’s trying to figure out what to wear to her date with Alex on Saturday. Jessica worries if he’s going to like her once he gets to know her better, sitting together and talking one on one for the first time. She also worries if he’s going to break her heart, like the others.

Sometimes, she gets prompts to update software. But one time, she updated something called Java, and after clicking the blue E that gets her to Facebook a new line of icons appeared. She doesn’t know for sure it was related, but she’s kind of suspicious. The computer still works, and she doesn’t want to break anything trying to figure it out. She can’t afford to pay Geek Squad $200. It’s annoying, but it’s still working. The next time something asks to update, she’ll say no. She doesn’t need any new features, especially ones that make her Facebook window smaller. And if they were important – wouldn’t they just install automatically? Why would it even ask? It’s 7:42PM. She has to leave for her date.

One day, Jessica gets an email that says it’s an eviction notice. And it says it’s from [email protected]. She knows what HUD is by the forms her mother fills out to help pay for the apartment. But she heard about opening unknown files on the news, so she goes into detective mode. She types in hud.gov and it’s what she thinks it is. U.S. Department of Housing and Urban Development. She browses the site – it doesn’t look like anyone in Russia wrote it. So she opens the file. Adobe Reader opens, but the email plainly says that if the document is empty, there’s nothing to worry about. She tries to go to the next page, but there isn’t one. Oh well. She won’t mention it to her mother. She doesn’t want to worry her.

What Jessica doesn’t know is the white light on her laptop that started coming on that day is the indicator for the camera that’s built in. She doesn’t even know it has a camera. But that camera started recording her. And the software recording her camera also started recording the screen. Including when she was emailing the pictures she took for Alex after she fell in love with him. At least when she types in passwords they always show up as black dots. Even if someone was behind her watching, they wouldn’t know the password. She doesn’t know her keyboard was being recorded, too. Nothing told her. Just like nothing told her the camera was on. Or the microphone.

Once in awhile, she hovers her mouse over the antivirus icon. It says Protected. It must be right. It’s the software Josh recommended, after all.

————

What is Jessica’s sin in this story? Was it not educating herself on the benefits of Open Source philosophy and running Linux – which is free? Was it not having friends or family that know a lot about computers that she could ask for advice? Was it not befriending Josh? Was it being someone who has other priorities in life? Was it not knowing that the companies providing her software updates also try to screw her over with junkware, and she needs to uncheck it – every time? Was it stupidly not knowing the era that SMTP was designed in and that it doesn’t provide any authentication? Why didn’t she put tape over the webcam? Why didn’t she take apart the laptop to remove the microphone?

Maybe this isn’t her fault. Maybe computer security for the average person isn’t a series of easy steps and absolutes they discard from our golden mouths of wise truths to spite the nerd underclass.

Perhaps it’s the very design of General Purpose Computing. And who built this world of freedom, a world that has so well served 17-year-old Jessica? You did. We did.

So whose fault is it?

Taylor Swift - Infosec Superstar

The Challenge

Ok, you’ve read the story. Now, tell me where Jessica’s error was. Leave your answer in the comments, first correct answer wins a 1024kb Hack Attack bootable USB drive, complete with tools to fix any Windows issue. You win that, & my admiration.

Leave a Reply

Your email address will not be published. Required fields are marked *