-
In the aftermath, when everything had been
started to recover and people had more or
-
less tidied up and the stock markets had started
to recover from the trillions of dollars wiped
-
off them,
-
Google's network engineers said that were
only five people in the world who are able
-
to approve changes to their most critical
code.
-
And each one of those five was entirely trusted.
-
July 4th. In Western Europe, it is Friday
afternoon, and office workers are looking
-
at their clocks and trying to work out if
it's okay to leave work early.
-
In America, they are gearing up for a three-day
Independence Day weekend.
-
Over at Google's headquarters in Mountain
View, most of the building is deserted; on-call
-
engineers are either at home, their phones
ready to buzz if anything goes wrong, or they're
-
pulling late-night shifts in datacentres located
around the world.
-
There is one well-lit office, though, hidden
away in a quiet corner of the building. In
-
it is Maria Christensen, one of Google's most
senior engineers and one of the Trusted Five.
-
She is, against all corporate procedure, rolling
out a change to Google's core infrastructure
-
code.
-
She's changed only one section: and it's the
very first part of the login code for Google
-
Apps. This should be an incredibly complicated
function that spins off more functions to
-
deal with checking passwords, two-factor authentication,
third-party password checks, suspicious activity,
-
hackers, phreakers, fraudsters, and all manner
of disaster prevention.
-
She's changed just one line of code, she's
put it at the top, and it says...
-
Return true.
-
She bypasses all the red flags from the software
that say this won't work, this is dangerous,
-
this is broken, and instead she marks it for
immediate rollout and commits it.
-
So Google's systems promptly roll it out across
their datacentres. From coast to coast in
-
North America; over to Dublin and over to
Europe; to the Far East and down to South
-
America. It takes about three minutes. And
what it means is this:
-
No matter what you enter as a Google password,
it will be treated as correct. There are no
-
password checks any more. If you type in the
username, you will get in.
-
And if this seems implausible, if this seems
like something that wouldn't happen, remember
-
Dropbox, the file hosting service used by
175 million people including, I'm fairly sure,
-
pretty much everyone in this room.
-
In 2011, they had exactly that security bug
for three hours. Now fortunately, the person
-
who discovered it -- who wasn't a Dropbox
employee -- disclosed it responsibly to them
-
instead of telling the world, so the damage
was limited.
-
Maria has no intention of responsibly disclosing
anything. Most of the engineers that would
-
get notified of a code change like that aren't
on call. And those that are have somewhere
-
between about one and three minutes before
Maria gets around to logging into their now
-
open Google accounts -- never mind the email
notification, they've got about three minutes
-
to, read it, understand it, and grasp exactly
what the change means before Maria logs in
-
and remotely wipes their Android phone by
reporting it as stolen.
-
None of the engineers work it out in time.
The rest of Google's Trusted Five are still
-
asleep as their phones quietly erase themselves.
-
So then Maria emails her manifesto to dozens
of news sites, posts messages on a few high-traffic
-
tech forums, then logs out -- which is ironic,
given that logging out doesn't actually mean
-
anything any more -- gets into her car, and
goes to catch a flight.
-
As soon as the first journalist tests it successfully,
the news goes ballistic. The first place to
-
break it of all the web, was oddly the Drudge
Report: and they said later that it was because
-
they didn't use Gmail themselves, and didn't
really get it, and just went with the story
-
rather than immediately going to protect themselves.
-
'Cos that's what most people did. In the hours
that followed, people tended to fall into
-
one of three groups:
-
First of all, the defenders. Desperately trying
to lock down their accounts, desperately trying
-
to delete anything that might be incriminating,
and to stop all their other accounts getting
-
compromised.
-
Because, remember, if you have access to someone's
email address, then you have access to every
-
web service they use -- because they can request
a password reset sent straight to your inbox.
-
How good you were at being a defender generally
depended on how good you were at getting all
-
your other accounts moved away from that compromised
address.
-
Of course, even the folks who were initially
smug that they didn't use Gmail realised that
-
other people they emailed did.
-
Facebook was the first big web service to
react, quickly enough that most commentators
-
suggested they actually had a plan in place
for this years before. Within a few minutes
-
of the story breaking, Facebook turned off
not just password resets but the ability to
-
log in at all, on the assumption that most
people would have their accounts compromised,
-
so they just turned it off. And since nearly
everyone was already logged in on their phone
-
and their computer, Facebook rapidly became
*the* trusted method to contacting anyone
-
-- and that was a new level of trust that
stuck around afterwards as folks looked warily
-
at email.
-
Then there were the amateur detectives. Those
that suspected that their partner was cheating
-
on them. Those that were desperate to find
out what their colleagues were earning, or
-
what their boss really thought of them. It
wasn't restricted to email, of course; because
-
if you have access to someone's Google account,
in most cases you have access to their full
-
search history and all the web sites they've
clicked on. For years, and years, and years.
-
Have you turned it off? Most people in this
room haven't. It was described by one writer
-
as "like looking into my wife's soul". And
the divorce rate had a notable uptick a few
-
months later.
-
Meanwhile, companies using Gmail, or companies
working with companies that used Gmail, just
-
had to assume that all their trade secrets
had been stolen: in the years to come, patent
-
and trademark lawyers would make an enormous
amount of money as allegations flew back and
-
forth between corporations.
-
Now the European stock markets, the only ones
open on July 4th at that time, went into freefall
-
almost immediately; the Asian and American
ones would do the same when they opened the
-
next Monday.
-
But the most obvious group, if not the largest,
were the burners. Everyone who had any sort
-
of prominent online presence got their account
destroyed, utterly destroyed, within ten minutes.
-
Any YouTube channel with any sort of audience
found all its work deleted and vandalised,
-
even worse than the new comment system that
YouTube had brought in. Some burners attacked
-
individual people thoroughly, hoping to wipe
everything as part of a vendetta; but others...
-
others just tried to destroy as much data
as they could from as many people as they
-
could as quickly as possible.
-
Google, of course, had backups. They did roll
everything back -- but a lot of third-party
-
sites, vulnerable through password resets,
weren't anywhere near so lucky.
-
(LAUGHTER)
-
Every blog with more than a few readers got
crude messages added to it, or code that redirected
-
to shock sites, or just torn apart and destroyed.
A huge number had no usable backups. This
-
was the final death knell for most third-party
web message boards, the old ones which had
-
been falling out of use for years and years.
As soon as one administrator account fell,
-
the whole site was quickly destroyed. And
not many of those ever recovered because not
-
many of them had backups.
-
Some things did work in favour of the "good
guys". First of all, the enormous rush of
-
traffic -- of people trying to fix and break
things meant that even Google couldn't quite
-
cope with the load: a lot of folks were frustrated
by slow loading times and falling servers.
-
But thirty minutes in, at least some of Google's
network engineers had worked out what was
-
going on and pulled the plug -- in one case
physically, literally pulling plug from data
-
centres and uncontrollably shutting down everything
they could. Someone finally managed to get
-
an actual shutdown command into the systems
that Maria had compromised about two hours
-
afterwards, and three minutes later, Google
fell off the internet for the first time in
-
a very, very long while.
-
In amongst this two hours of mess, this pandemonium,
were the people that Maria Christensen was
-
actually trying to reach. She was hoping to
be the next Chelsea Manning, the next Julian
-
Assange, the next Edward Snowden. More than
that: she was hoping to create a hundred,
-
a thousand, a million people taking that whistleblower
role, using the brief hours of "freedom" she'd
-
created to change the world for the better.
That was her manifesto:
-
Go out. Find the things that need to be leaked,
go through the files of the corporations and
-
governments that are destroying our world,
and show them the light of day.
-
Her view was woefully optimistic. And yes,
some people did. There were thousands of leaks,
-
some of international importance: a few people
remembered the Obama transition team, after
-
the 2008 election, used Gmail until they could
get their official whitehouse.gov email addresses
-
set up. And there were stories of billionaire
fashion CEOs putting stories about sweatshops
-
and burying them; stories of mining companies
exploiting workers and exposing them to incredible
-
danger; tale after tale after tale of people
putting aside human concerns and -- this phrase
-
got used a lot -- acting in the best interests
of shareholders.
-
But none of those stories made the news.
-
Because what Maria Christensen hadn't done
was manage the story. Wikileaks and its allies
-
always had: they'd drip-fed the stories over
months into a 24-hour news cycle that always
-
wanted more, more, more, but instead...
-
In this case, though, the story was about
the process, not about the information. The
-
angle that all the news took was that email
was suddenly insecure, that you were at risk,
-
that you should defend against it and this
is how you do it, that web sites are being
-
damaged, and that this is how you protect
yourself, and watch us because we will help
-
you.
-
So there were no stunning revelations plastered
on the front pages. There should have been,
-
given an infinite number of front pages, but
there were, simply, too many stories, and
-
all of them were much less interesting to
the public than the question of whether your
-
partner has seen your browser history.
-
And of course, for most people, there was
no long-term damage, at least not to them
-
personally. Statistically speaking, you'd
get away with it. And sure, everyone knew
-
someone who'd been affected, everyone knew
someone who'd got in trouble, but chances
-
are that you, yourself, had gotten away with
it. And while a lot of high-profile companies
-
suffered slightly, there were no world-changing
moments. If dumping untold gallons of oil
-
into the Gulf couldn't kill BP: what could?
So most small businesses survived unscathed
-
and the economy recovered, slowly, having
been damaged no more than by any natural disaster.
-
And Gmail, a year later, had just as many
active users as before. Because, after all,
-
what were the odds of that ever happening
again? And it's not like the government couldn't
-
read all your messages anyway. And no-one
really got hurt in the long run, and maybe
-
it was for the best that me and her broke
up, y'know? It all works out in the end. And
-
besides, it would be a real pain to try to
switch my email account somewhere else. I'd
-
have to change my email address!
-
It's amazing how much we trust to single points
of failure. And while this is a worst-case
-
scenario -- very much so -- everyone here
will have that one lynchpin on which everything,
-
at least in your online life, hangs. That
backup you haven't taken for a while. The
-
email account that you forgot had access to
everything. Or that password that your ex
-
still knows.
-
But my point is this: even in the face of
seeming disaster, when the world is falling
-
around you, you remember that eventually,
this too shall pass. Because it takes more
-
than just one single point of failure to change
the world.
-
Oh, and as for Maria Christensen? She got
arrested at the airport, after her flight
-
was delayed... because the airline ran on
Google Apps.
-
Thank you very much, I've been Tom Scott,
enjoy the rest of the show.
