{"id":214,"date":"2023-05-27T21:52:05","date_gmt":"2023-05-27T21:52:05","guid":{"rendered":"https:\/\/www.hexkey.co.uk\/lee\/?p=214"},"modified":"2023-05-27T21:52:05","modified_gmt":"2023-05-27T21:52:05","slug":"person-of-interest-s2e19","status":"publish","type":"post","link":"https:\/\/www.hexkey.co.uk\/lee\/log\/2023\/05\/person-of-interest-s2e19\/","title":{"rendered":"Person of Interest S2E19"},"content":{"rendered":"\n<p>Notes for season 2 episode 19, &#8220;<a href=\"https:\/\/personofinterest.fandom.com\/wiki\/Trojan_Horse\" data-type=\"URL\" data-id=\"https:\/\/personofinterest.fandom.com\/wiki\/Trojan_Horse\">Trojan Horse<\/a>&#8220;<\/p>\n\n\n\n<p>03:59 Monica refers to &#8220;hex cores&#8221; when discussing the fictional tablet CPU. This is usually &#8220;hexa-core&#8221; (ie a CPU with 6 cores).<\/p>\n\n\n\n<p>04:39 The executive has strong opinions about New York pastries. (Not a fan of Parisian macarons?) From the context, it feels like Rylatech or Censatek are analogous to router companies like Cisco or Juniper.&nbsp;<\/p>\n\n\n\n<p>08:25 We get a brief look at a slightly more scifi looking movieOS interface, as files are copied to a USB stick. Monica clearly didn&#8217;t unmount the USB stick before pulling it out, though.<\/p>\n\n\n\n<p>11:22 I would make a joke about Mac keyboard reliability, but this episode aired in April 2013, and the notorious &#8220;Butterfly&#8221; keyboard was introduced in 2015. And while the faulty keyboard initially looks like an Apple A1243, on closer inspection it&#8217;s probably an AliExpress knock-off.<\/p>\n\n\n\n<p>18:37 Monica&#8217;s online groupware (calendars, address book, call log, emails) gets backfilled with fictitious entries to frame her for corporate espionage.<\/p>\n\n\n\n<p>25:14 Shaw assumes that if she was given a phone number, then that&#8217;s an invitation to just show up in person unannounced. Which, in the dating world, is considered a red flag.<\/p>\n\n\n\n<p>27:50 I think this is the first time we see the reoccurring safe house location. I don&#8217;t know that it gets a name, but I think of it as &#8220;The Tower&#8221;, due to it being clearly high up, and containing a framed photo of Tower Bridge, and a French clock tower face (Devrine Bray-Sur-Seine).<\/p>\n\n\n\n<p>29:25 Monica &#8220;Disabled the portmapper&#8221;.&nbsp; Quite reasonable, there&#8217;s usually no reason to expose the RPC portmapper (and the UDP listener is a potential DDoS amplifier). It&#8217;s 2013, you probably don&#8217;t need to expose &#8220;FTP and SNMP&#8221;.<\/p>\n\n\n\n<p>30:17 The &#8220;server firewall&#8221; looks suspiciously like a home router web config page.<\/p>\n\n\n\n<p>30:39 Finch gets &#8220;hacked back&#8221;, and the hack causes his laptop to explode.<\/p>\n\n\n\n<p>It&#8217;s hyperbolic, but it&#8217;s not total nonsense. The batteries in tech laptops can experience a &#8220;thermal runaway&#8221; process which can lead to fire or explosion. The sort of things that trigger a thermal runaway, such as overcharging, or rapid charging, are regulated by a BMS (battery management system). In theory malicious firmware could be written to a BMS to remove these safeguards.<\/p>\n\n\n\n<p>The sequence was probably inspired by the &#8220;hackers can cause your laptop to explode&#8221; reporting of <a href=\"https:\/\/www.youtube.com\/watch?v=_9ErnoLVxCA\" data-type=\"URL\" data-id=\"https:\/\/www.youtube.com\/watch?v=_9ErnoLVxCA\">Charlie Miller&#8217;s 2011 research into hacking MacBook batteries<\/a>.<\/p>\n\n\n\n<p>31:21 It&#8217;s not really clear how the &#8220;locator chip&#8221; on the employee badge works. It&#8217;s a thin credit-card form, so not a transmitter. So is the building just constantly sending out RF energy pulses?<\/p>\n\n\n\n<p>32:07 I think &#8220;catalogue server&#8221; is\u00a0Windows Active Directory terminology.<\/p>\n\n\n\n<p>32:31 To demonstrate the unusual network traffic the production team have modified an RRDTool graph, but animated it in a way that&#8217;s illegible.<\/p>\n\n\n\n<p>32:45 Add\u00a0<code>ANON81X8.COM<\/code>\u00a0to the Warners domain pool. I imagine this represents some service akin to ProtonMail &#8211; but ProtonMail itself didn&#8217;t exist when this episode aired. Also, an anonymous email system where people use their full legal names in the email addresses? Opsec fail.<\/p>\n\n\n\n<p>32:57 Some of the sensitive systems listed have their domain labels in the wrong order, like &#8220;<code>doj.ftp.gov<\/code>&#8220;.<\/p>\n\n\n\n<p>So the twist is that, it&#8217;s not that the Chinese are spying on Rylatech, it&#8217;s that Rylatech is being paid to back-door its customers on behalf of &#8220;the Chinese&#8221;. (As opposed to putting in backdoors to facilitate access to their clients by the US government?)<\/p>\n\n\n\n<p>Ah, governments simultaneously demanding that network and application designers put in back doors for governments (for law enforcement, safety, unacknowledged AI-driven mass surveillance based assassination programs) but then freaking out that other, foreign, governments can do the same.<\/p>\n\n\n\n<p>34:10 &#8220;They&#8217;re communicating on an internal sms network.&#8221; It&#8217;s called Slack? Actually Slack wouldn&#8217;t be introduced until later in 2013, but HipChat existed at this point.<\/p>\n\n\n\n<p>35:44 If there&#8217;s one thing I can&#8217;t get enough of, it&#8217;s a character delivering an &#8220;information is the real power&#8221; speech while pointing a gun at someone.<\/p>\n\n\n\n<p>40:51 Announcements that government will be replacing all the products suspected to have backdoors, with other products which&#8230; might not? Who knows?<\/p>\n\n\n\n<p>43:23 Having Greer use a\u00a0Huawei M835 at this point feels a bit on the nose.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Notes for season 2 episode 19, &#8220;Trojan Horse&#8220; 03:59 Monica refers to &#8220;hex cores&#8221; when discussing the fictional tablet CPU. This is usually &#8220;hexa-core&#8221; (ie a CPU with 6 cores). 04:39 The executive has strong opinions about New York pastries. (Not a fan of Parisian macarons?) From the context, it feels like Rylatech or Censatek [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[7],"class_list":["post-214","post","type-post","status-publish","format-standard","hentry","category-notes","tag-person-of-interest"],"_links":{"self":[{"href":"https:\/\/www.hexkey.co.uk\/lee\/wp-json\/wp\/v2\/posts\/214","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hexkey.co.uk\/lee\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hexkey.co.uk\/lee\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hexkey.co.uk\/lee\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hexkey.co.uk\/lee\/wp-json\/wp\/v2\/comments?post=214"}],"version-history":[{"count":1,"href":"https:\/\/www.hexkey.co.uk\/lee\/wp-json\/wp\/v2\/posts\/214\/revisions"}],"predecessor-version":[{"id":215,"href":"https:\/\/www.hexkey.co.uk\/lee\/wp-json\/wp\/v2\/posts\/214\/revisions\/215"}],"wp:attachment":[{"href":"https:\/\/www.hexkey.co.uk\/lee\/wp-json\/wp\/v2\/media?parent=214"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hexkey.co.uk\/lee\/wp-json\/wp\/v2\/categories?post=214"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hexkey.co.uk\/lee\/wp-json\/wp\/v2\/tags?post=214"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}