It's always fun to write about research that you can actually try out for yourself.
Try this: Take a photo and upload it to Facebook, then after a day or so, note what the URL to the picture is (the actual photo, not the page on which the photo resides), and then delete it. Come back a month later and see if the link works. Chances are: It will.
Facebook isn't alone here. Researchers at Cambridge University (so you know this is legit, people!) have found that nearly half of the social networking sites don't immediately delete pictures when a user requests they be removed. In general, photo-centric websites like Flickr were found to be better at quickly removing deleted photos upon request.
Why do "deleted" photos stick around so long? The problem relates to the way data is stored on large websites: While your personal computer only keeps one copy of a file, large-scale services like Facebook rely on what are called content delivery networks to manage data and distribution. It's a complex system wherein data is copied to multiple intermediate devices, usually to speed up access to files when millions of people are trying to access the service simultaneously. But because changes aren't reflected across the CDN immediately, ghost copies of files tend to linger for days or weeks.
In the case of Facebook, the company says data may hang around until the URL in question is reused, which is usually "after a short period of time." Though obviously that time can vary considerably.
Of course, once a photo escapes from the walled garden of a social network like Facebook, the chances of deleting it permanently fall even further. Google's caching system is remarkably efficient at archiving copies of web content, long after it's removed from the web. Anyone who's ever used Google Image Search can likely tell you a story about clicking on a thumbnail image, only to find that the image has been deleted from the website in question -- yet the thumbnail remains on Google for months. And then there are services like the Wayback Machine, which copy entire websites for posterity, archiving data and pictures forever.
The lesson: Those drunken party photos you don't want people to see? Simply don't upload them to the web, ever, because trying to delete them after you sober up is a tough proposition.
Every time when reports of a big new virus or other malware attack hits media, my mind will be out for an answer for the question: Why do people write viruses?
I answer as succinctly as I can, but the question is a deep and complex one. Why do people burglarize homes? Why do people tag buildings with graffiti? Why do they post anonymous hatred on online message boards? Why do they play video games? These questions may sound like they have nothing to do with one another, but you might be surprised how their answers are all related to the topic at hand.
TechRepublic offered an interesting analysis of this issue a month ago but it slipped by me. Fortunately I stumbled upon it this weekend and hope you'll give it a read in order to help shed a little light on a surprisingly complex issue.
So why do people write viruses (and I'll use that term loosely throughout this post as a descriptive for any kind of malware)?
TechRepublic plays it down a bit, but my #1 answer to the question is always the obvious one: For the money. In the old days, a virus designed to erase your hard drive or fill your computer screen with garbage was just a prank (more on that later) but those viruses are quite rare these days. Nowadays, the vast majority of viruses have far more practical ends: They make your PC send spam, they harvest financial information, turn computers into zombies, and extort money out of you directly if you want it deleted. All of these have direct and quantifiable financial goals: Spam is paid for by the message (or the millions of messages) sent. Personal data can be sold on the black market for use in identity theft. It's business, pure and simple -- bad business, to be sure, but all about the cash at the end of the day.
Several of the items on the TechRepublic list get at a secondary reason for virus-writing: They do it because they can. It's the same reason people jump out of planes or drive at insane speeds: It's a thrill, and for a certain subset of programmers, there's a thrill, a laugh, or a power-trip to be had from causing as much damage as possible -- and getting away with it. While most virus writers don't want attention (which can bring serious prison time in the end), a few do, and some underground hackers get off on the notoriety.
Sabotage -- whatever the motivation -- is another common theme in malware creation. Any political issue -- whether it's a presidential election or a Microsoft vs. open source legal spat -- tends to be ground zero for hacker attacks. Denial of service attacks are commonly launched against websites owned by those with opinions unpopular in the hacker community. And that's where your machine comes in: Hackers compromise it with malware to turn it into a DoS zombie.
So, getting the picture? Viruses and other malware are going to be with us forever because they're a digital version of human nature.
A few years ago, the idea of using nothing more than a standard electrical outlet to hack into sensitive computer systems would be the stuff of Hollywood - and far-fetched, eye-rolling Hollywood at that.
I can almost picture the scene: A wily Justin Long taps a few keys on his laptop and we watch the signal race through the power grid to his target, where a hapless government employee types his password into the ultra-secure computer at headquarters. Back with Long, we watch the password show up on his computer screen, as if by magic, thanks to his nifty hacking skills.
It sounds ridiculous.
But it turns out, well, it's basically a reality.
At the Black Hat USA conference later this month, hackers are preparing to unveil their methodology to steal information typed on a computer keyboard using nothing more than the power outlet to which the computer is connected.
The technique behind the exploit isn't as wildly high-tech as you might think, though. Old-fashioned electrical properties are the key to the trick. Here's how it works (in simple terms): When you type on a standard computer keyboard, electrical signals run through the cable to the PC. Those cables aren't shielded, so the signal leaks via the ground wire in the cable and into the ground wire on the computer's power supply.
The attacker connects a probe to a nearby power socket (perhaps in the vacant office next door or a hotel room across the hall), detects the ground leakage, and converts the signal back into alphanumeric characters. So far, the attack has proven successful using outlets up to about 15 meters away.
If you've got a wireless keyboard or are working on a laptop unplugged from the wall, which would make this attack useless, fret not: The hackers have a method for eavesdropping on you too. A simple laser beam -- better than a laser pointer, but not by much -- can be pointed a shiny object on the table where the computer sits, and the beam's reflection is captured by a receiving system. The vibration of that reflection caused by the striking of keys can be analyzed and, as with the electrical outlet system described above, reconstructed into words, since every key produces a unique vibration pattern. All this technique requires is a direct line of sight to the PC and a few hundred dollars worth of equipment.
Be safe out there, folks than be sorry...
It's always fun to write about research that you can actually try out for yourself.
