Comments on: ET Could Hack SETI.

ET Could Hack SETI.

jasonspaceman — Mon, 24 Nov 2003 09:43:00 -0800

ET Could Hack SETI. SETI, which uses down time on the computers of thousands of volunteers to search for intelligent signals from space, has a potential problem—besides information, a broadcast to us from an alien intelligence could also carry a computer virus. Leonard David writes in the main link's space.com article that physicist Richard Carrigan (who works here) takes it seriously. He thinks SETI should figure out how to decontaminate any signals it receives.

By: jasonspaceman

jasonspaceman — Mon, 24 Nov 2003 09:56:21 -0800

I wonder, how would the virus be coded? In c++?

By: Johnny Assay

Johnny Assay — Mon, 24 Nov 2003 10:00:22 -0800

I think this is a big potential problem. After all, it was incredibly easy for us to destroy that big alien mother ship using a virus written on a Mac, right?

By: Stan Chin

Stan Chin — Mon, 24 Nov 2003 10:01:33 -0800

I think it would be a modification of the one Jeff Goldblum wrote, which is ok since it'll only affect Macs.

By: tittergrrl

tittergrrl — Mon, 24 Nov 2003 10:02:37 -0800

And just think! If they hacked SETI, they would have access to everyone's email accounts from SETI@Home, then the dastardly denizens of deep space could spam us unmercilessly with unsolicited e-mail hawking Quisnicho Qream, tentacle lengtheners, and the best snark on snark action you've ever SEEN! And we'd be powerless to stop them! Horrors!

By: Stan Chin

Stan Chin — Mon, 24 Nov 2003 10:04:20 -0800

Damn you Johnny!

By: muppetboy

muppetboy — Mon, 24 Nov 2003 10:04:59 -0800

yeah, *ahem*... i'm sure *that's* what we should be worried about... yeah...

By: WolfDaddy

WolfDaddy — Mon, 24 Nov 2003 10:08:57 -0800

ET HACK HOME.

By: contessa

contessa — Mon, 24 Nov 2003 10:16:54 -0800

Then this explains the strange email I got recently, written in rather urgent but poor english, by an alien bank clerk by the name of Moggnab. He offered me a 50% cut in a business deal -- all I've got to do is give him my bank information, and he'll give me half the money in an account that belonged to the deposed dictator of Rykar 7. I knew it sounded too good to be true!

By: ZachsMind

ZachsMind — Mon, 24 Nov 2003 10:17:38 -0800

Since it's impossible to know their level of technology, it's impossible to create anti-virus software for whatever they came up with. Otherwise, one would be able to create an unhackable program, which has proven to be impossible. We can't protect ourselves completely from hackers here on Earth. It's stupid to pretend we could do anything about potential damage from outside the solar system. It's fun to argue about though, innit? Let's face it, the odds of us being able to even determine that someone's sending us a message which doesn't sound to us like so much background noise is slim at best. I mean until we're able to place a manmade, broadcasting and receiving satelite out past The Oort Cloud this entire issue is moot anyway. Chances are, we can't hear or be heard because there's simply way too much debris in the way. What we presently pick up as static could be in some small part brief portions of being-made signals outside our solar system which are altered and distorted by all the debris and celestial bodies between our planet and the rest of the universe. Y'know how when you go under a highway bridge, most AM stations and some FM stations fizzle in and out? Imagine a large, finite but unspecified number of bridges floating randomly between you and Alpha Centauri. IF there's a rock station on Alpha Centauri, it'd sound like Carol Anne's favorite TV channel. "They're here!" Whether they're out there or not, we'll never know for certain, no matter how big we make the antenna here on Earth. We're simply in the worst place in the galaxy for a decent reception. We need like.. rabbit ears or somethin'.

By: chuq

chuq — Mon, 24 Nov 2003 10:24:16 -0800

Windows security holes are apparently well-known throughout the galaxy.

By: xmutex

xmutex — Mon, 24 Nov 2003 10:26:13 -0800

Columnist is way too bored, has too much time on hands, ridiculous and laughable article at 11.

By: mkultra

mkultra — Mon, 24 Nov 2003 10:28:35 -0800

Yeah, you know, I can't believe we're wasting all this money on a missile defense system, when all we really need is a good firewall...

By: condour75

condour75 — Mon, 24 Nov 2003 10:30:08 -0800

Any sufficiently advanced technology is indistinguishable fr0m t3h l337 h4xx0r. 34rth i5 0000wn0r3d.

By: andrew cooke

andrew cooke — Mon, 24 Nov 2003 10:52:56 -0800

Otherwise, one would be able to create an unhackable program, which has proven to be impossible. it's already possible to write code that's guaranteed not to execute instructions hidden in the data - all you need is a strong type system that separates the two (and sufficient checking to avoid forbidden errors). just because the world insists on using c and its bastard offspring doesn't mean that better things don't exist. there's a really good paper on type systems here, but it's not the kind of thing most mefites would enjoy, i suspect.

By: Johnny Assay

Johnny Assay — Mon, 24 Nov 2003 11:17:00 -0800

Metafilter: the best snark on snark action you've ever SEEN!

By: andrew cooke

andrew cooke — Mon, 24 Nov 2003 12:28:23 -0800

i'm no expert, but the last two points don't seem to hold water: (3) the whole point is that they'd be non-random sequences (isn't it?) (and impossible != improbable). maybe the argument is that the observation process is sufficiently unpredictable that it is very difficult to introduce meaningful structure in the data being processed (but then how do they hope to detect a signal?). (4) implies that it's trivial to protect from buffer overflows - that's clearly not the case, or we wouldn't have buffer overflow attacks. openbsd (generally considered one of the most secure os around) announced in april that they had implemented measures like those above, but i thought that was the exception, not the rule: http://news.com.com/2100-1002-996584.html but then i'd have thought that any alien that was able to exploit this could probably spend his time more productively. maybe the threat comes from bored teenage aliens with nothing better to do? like kids burning ants with magnifying glasses...

By: jeblis

jeblis — Mon, 24 Nov 2003 12:33:05 -0800

Reminds me of the jpeg virus. Stupid.

By: mr_roboto

mr_roboto — Mon, 24 Nov 2003 12:52:36 -0800

(3) the whole point is that they'd be non-random sequences (isn't it?) So the aliens know the RISC instruction set? How? If they don't know the instruction set, their only chance for "hacking" SETI is to send random sequences of bits. impossible != improbable I think he's talking age-of-the-universe improbable. (4) implies that it's trivial to protect from buffer overflows - that's clearly not the case, or we wouldn't have buffer overflow attacks. I'm no expert on this, but aren't buffer overflows a non-issue when they're applied to non-privileged applications? I mean, you can still crash the application, but you won't be able to get any access. Buffer overflow attacks are a problem on the internet because they're applied to communications daemons running with some sort of administrative privilege, and the attacker can use this privilege to execute arbitrary commands on the system. I could be wrong about this, though. To me, this idea (aliens "hacking" SETI) is profoundly absurd. It's like arguing that the rat cells I imaged on my microscope this morning might conspire in some way to form a set of bits in the image such that when I process it this afternoon it will cause a buffer overflow in my imaging program that will give the rat cells access to my system in the next image I load. I suppose there is some non-zero probability of this happening, but I'm not sweating it. Another analogy: it would be like a Metafilter user gaining access another user's computer by posting a comment with the properly formatted sequence of bits. I would guess that no such sequence exists, though the right javascript could probably crash most browsers.

By: sonofsamiam

sonofsamiam — Mon, 24 Nov 2003 13:01:09 -0800

andrew cooke: thanks for the type systems link. It's really very readable.

By: effugas

effugas — Mon, 24 Nov 2003 13:42:36 -0800

I'm coining a new term: Planck Risk: The smallest amount of risk that can be perceived. Measured as the risk of HACKERS FROM SPACE. --Dan

By: samw

samw — Mon, 24 Nov 2003 13:55:31 -0800

Wouldn't having a SETI@home computer get infected by an alien virus be the best thing SETI@home could hope for? Assuming that the signal could be verified as being extra-terrestrial in origin, this would be pretty good proof that you're dealing with intelligent life. I, for one, would gladly rebuild my system if only an alien virus would infect it. Of course, the above ignores all the problems with the whole idea in the first place. How is this virus being executed again? How do the aliens know the instruction set of current processors when those processors didn't exist when we sent the signals they have (hypothetically) so far received?

By: jacobsee

jacobsee — Mon, 24 Nov 2003 13:55:43 -0800

Planck Risk: The smallest amount of risk that can be perceived. Measured as the risk of HACKERS FROM SPACE. ha!

By: Yossarian

Yossarian — Mon, 24 Nov 2003 14:12:31 -0800

We'll probably find out in the sequel to ID4.

By: Nelson

Nelson — Mon, 24 Nov 2003 16:21:35 -0800

Man, hasn't anyone here read His Master's Voice by Stanislaw Lem? It's a whole book about an ET signal hacking Earth. Well, it's about a third about that. One of Lem's finest.

By: Mwongozi

Mwongozi — Mon, 24 Nov 2003 17:26:39 -0800

HACK THE PLANET

By: dejah420

dejah420 — Mon, 24 Nov 2003 20:28:20 -0800

Planck Risk: The smallest amount of risk that can be perceived. Measured as the risk of HACKERS FROM SPACE. brilliant.

By: pekar wood

pekar wood — Mon, 24 Nov 2003 20:47:37 -0800

We've already been haxored. Porn is an aL13n virus, designed to interfere with our reproductive capabilities. and don't forget mushrooms.

By: dhartung

dhartung — Mon, 24 Nov 2003 22:21:19 -0800

The way I read this, the reporter was having a hard time communicating the idea that the aliens could send us, a la Contact, a nifty set of plans for a warp drive, which is in reality a pocket black hole.

By: Space Coyote

Space Coyote — Mon, 24 Nov 2003 23:17:36 -0800

I think if the aliens could alter the background radio signals in such a way that SETI's satellites would pick it up and be able to send the virus around so that it infects a large number of computers, I'd say they could just use the ray gun instead.

By: moonbiter

moonbiter — Mon, 24 Nov 2003 23:50:43 -0800

Those damn malevolent aliens. Always trying to crash our computers and launch DOS attacks against windowsupdate.microsoft.com and stuff. There ought to be a law! Next thing you know, they'll be coming to destroy us with near-c rocks or death rays or something.

By: delmoi

delmoi — Tue, 25 Nov 2003 00:35:22 -0800

Oh my god. I can't belive someone so stupid is allowed to use a computer, much less allow his insanely stupid drivel to be posed anywhere. The possibility of anyone including a virus in the raw signal code of a seti work-unit is absolutly imposible. The insanity of trying to do it that way, as opposed to simply sending a cellphone signal to log onto the internet and just hack straight away. If they are too far away to do that (just actualy hack the system) then they are too far way to write a virus that would work Finaly, an alien virus could not do any more harm then a human made one, and there are plenty of those.

By: delmoi

delmoi — Tue, 25 Nov 2003 00:38:29 -0800

ZachsMind: Let's face it, the odds of us being able to even determine that someone's sending us a message which doesn't sound to us like so much background noise is slim at best. I mean until we're able to place a manmade, broadcasting and receiving satelite out past The Oort Cloud this entire issue is moot anyway.

If that were true, we wouldn't be able to pick up any natural signals, we wouldn't even be able to see any stars. Dumbass.

By: delmoi

delmoi — Tue, 25 Nov 2003 00:44:40 -0800

andrew cooke: it's already possible to write code that's guaranteed not to execute instructions hidden in the data - all you need is a strong type system that separates the two (and sufficient checking to avoid forbidden errors). just because the world insists on using c and its bastard offspring doesn't mean that better things don't exist.

Yes, it's absolutely idiotic that people use set-length, unchecked buffers (something that's not even possible in java), although type-safety only affects a program at compile time, and wouldn't help prevent a buffer overflow.

But there would still be security holes if this particular problem were solved. For example, outlook security holes caused by lack of sand boxed scripting, and other 'semantic' security holes (i.e. programs do what they are programmed to do, but have been programmed incorrectly, rather then doing exactly what the hacker wants by code injection)

By: delmoi

delmoi — Tue, 25 Nov 2003 00:47:14 -0800

(4) implies that it's trivial to protect from buffer overflows - that's clearly not the case, or we wouldn't have buffer overflow attacks.

It is trivial to protect from buffer overflows. All you have to do is use java. It's also trivial to use buffers that cannot be overflowed (bounds checked arrays or vectors), if you actualy care. People just don't care.

By: andrew cooke

andrew cooke — Tue, 25 Nov 2003 08:28:39 -0800

(kind of late, but...) - if aliens don't understand the instruction set of the system they're "hacking" then this danger is no different to any other that is processing large amounts of data (and the author considers this to be a problem related specifically to seti). i agree that it all seems kind of silly, i'm just arguing within what's assumed... - "buffer overflows" aren't restricted to array use. the same thing is possible wherever you have assignment to a pointer in c (the pointer may be valid for a particular type, but if a different type is cast incorrectly and stored there, you'll corrupt memory). hence the need for a type system as well as array bounds checking. so even if java checked array bounds correctly, it might still be open to attack if it had errors in its type system (apart from the silly native types, java uses references (pointers)). more accurately, i guess, i should say that java's type system is broken and unsafe (you can get classcastexceptions), but that the implementation and dynamic checking of type related information guarantees (apparently) safety. (there may be errors in the wording above - i'm not an expert - but i hope you get the drift, if it's at all important, which i kind of doubt). sonofsamiam - you're welcome. you might want to check out lambda (where i got the link from).