The Sherlock Holmes Handbook for the Digital Age

CHAPTER SIX

We Shall Not be Taken for Fools

It was some days before I heard from Holmes again. I was in the process of selecting several new pairs of socks at the Marks & Spencer’s store near Marble Arch when I was alerted by a brief vibration inside my left hand breast pocket.

This time Holmes had sent me a discrete text message via the Signal application. I had only a few brief seconds to reply before the message would disappear for ever.

“Lunch? Criterion. Now. SH”

“Righto,” I responded and was soon on my way. The incessant rain had done nothing to reduce the crowds in Oxford Street and I had the Devil’s own job to find a cab. In the end I cut my loses and made my way on foot to our favoured eatery. Suffice to say I was dripping wet by the time I arrived thirty minutes later.

“Watson, my dear chap, you have all the attributes of a drowning rat.” Holmes helped me struggle out of my mackintosh and placed the umbrella in the stand. “Come, let me help revive you at the Long Bar.”

I was just sipping my second whisky and soda and beginning to feel human again when Holmes dropped the subject of the origin of the tantalus and suddenly asked if the words ‘Social Engineering’ held any meaning for me.

“If I were to guess,” I told him. “I would say it had something to do with designing better shopping malls, or hospital, schools, that sort of thing.”

“Not so. Its’ meaning is far more insidious.”

“Prey tell.”

“Social Engineering is the art of playing upon people’s gullibility or their natural desire to please. Recollect the telephone calls from the supposed Windows Company. They wanted you to believe that your computer was in urgent need of correction.”

“They were trying to plant a RAT in my device.”

“Quite so. Recall also the woman in the fawn windcheater with the Wi-Fi Sniffer.”

“You described these as Phishing Scams.”

“Precisely. And there are no limits to the forms these can take, Watson. Most professional con-artists – much like their sex stalking counterparts – now work online.” Holmes’ discerning eyes took in the elegant surroundings. A lyrical expression settled in those eyes as he turned them back to me.

“They tug at the heart strings on dating sites, they offer miraculous bargains, and they can pretend to be you, my friend, in a crisis; imploring the acquaintances in your very own contacts book to send money urgently. Usually a wire transfer via Western Union.”

“Good heavens, Holmes. But how?”

My friend clenched the fingers of his hand into a hard, tight ball and rested his decisive chin upon his fist. “Understand it this way, Watson. The computer firewalls and the anti-virus programs that we employ are very good and they get better by the day. They are highly efficient at thwarting a casual chancer or even a determined trickster.”

“I should hope so, too.”

“But, Watson, we are engaged in an ever changing game of cat and mouse. The criminals, the depraved and even our very own government must find ways around the technological barriers. So what do you imagine they do, Watson?”

Holmes gave me no time to think, let alone provide a satisfactory answer,

“I shall tell you, old chap. They go for the weakest link in the chain.”

“The human?” I ventured. “They prey on people’s gullibility.”

“Precisely. And they do this by Social Engineering.”

“And is that how I might cop a RAT?”

“Oh, yes. Take the simplest technique. You receive an email. You have just won the Saskatchewan State Lottery. This would be very lucky indeed, especially so as you did not buy a ticket.”

“I’ve had those. But I wouldn’t fall for something so obvious.”

“Quite so, Watson. So you receive another email. This time the daughter of the recently-deposed Nigerian foreign minister wants to lodge several million US dollars in your bank account for safe keeping.”

“Well, I’m hardly likely to fall for that. I wasn’t born yesterday.”

“Ah, but Watson many do. They are foolish enough to open the accompanying attachment or perhaps they are invited to follow a link to claim their prize.” Holmes slapped his hands together, imitating the jaws of a trap.

“And there the scam-artist has them. If they open the attachment a malicious program is suddenly activated. If they follow that link they may fall victim to the ‘Drive-By Download’ dodge.”

I gulped more whisky.

“These malicious programs are taken on-board much as you might a common Cookie. And there is no telling when or where they may strike. It might be a RAT, of course, or it might be a worm-like entity tasked with seeking out your passwords or bank account details.”

“But Holmes you are talking of people with presumably low IQs, people who perhaps earn very little money. What great benefit is there in targeting the lower orders?”

Holmes laughed. “These, Watson, are just simple examples to set the scene. But the salient point here is that from the lowliest scammer to the most sophisticated intelligence agent, they all use largely the same Social Engineering techniques. And it is of these that we must all be aware.”

“Never let the old guard down, eh?” I examined my empty glass, rolling its base on the polished counter.

“Let me give you an example, Watson. Take the case of the Bahrain human rights activists. These are smart people – doctors like yourself – lawyers, engineers, teachers. They receive emails purporting to be from the al Jazeera news network. The reporter is alerting them to the arrest and grisly torture of one of their colleagues. So, human nature being what it is, they are compelled to open the attachment.”

“And they fall in the trap?”

“Yes, they do. And in this instance they fall for one of the wickedest of all spy programs, the notorious FinSpy. And the point here, Watson, is that even the brightest of people can be fooled.”

“So what happened to the Bahraini activists?”

“Well, they were done for, Watson. A sophisticated RAT – but one so mighty and all-seeing that it requires an export license to be sold overseas – was planted inside their smartphones and laptops.”

I shook my head in despair and edged my glass forward across the bar top.

“From that moment onwards, Watson, they were ‘owned’ as they call it by Bahrain’s National Security Agency. These ghutra-wearing secret policemen could see every contact, every email ever sent or received and each movement down to the finest detail; their conversations listened in upon.”

“But what might one do in such circumstances? If you ignore the email you might miss something vital.”

“One must always be observant, my friend. One must seek out the clues.” Holmes caught the barman’s eye and indicated our empty glasses.

“In the Bahraini case, my friend, the email address was the first and best clue. I happen to know that al Jazeera has its own domain name so it would not be using an email address such as melissa.aljazeera@gmail.com.”

“Very perceptive, I’m sure.”

“One must always pay special attention to the email addresses. For instance, you receive an email seemingly from PayPal. They are telling you that you must urgently confirm your login details.”

I nodded knowingly.

Holmes began to swivel on his stool, casting his gaze around the bar and up to the tops of the marble columns that soared above us. “Firstly you must look at the address it has been sent to. Is this the email address that you use for PayPal? If not, destroy that email immediately.”

My friend settled back and leaned against the counter. “Invariably, there is a link within the email that you are invited to follow. Examine this closely, Watson. If it is a variation of paypal.com then it may be genuine. If it is something entirely different, again immediately destroy that email.”

I thought for a moment and then put in, “I imagine, Holmes, that my best course of action would be to go directly to the PayPal Internet page, the way I would ordinarily. I could login as usual that way. Would I be safe then, Holmes?”

“Bravo, Watson. This is your only course of action. And, while on the subject of email, inform your readers to go to their email Settings and disable Display Emails in HTML.”

“HTML?”

“This is the clever scripting that displays emails rather like an Internet page. One’s friends and acquaintances rarely, if ever, construct colourful emails. They usually just type something. As a rule, only the commercial enterprises and the scammers send out HTML emails.”

I think Holmes could see that he was beginning to lose me or perhaps it was the rumbling of my stomach.

“And why, of course, is this important? Because these HTML emails can transmit directly back to the sender, alerting them to your presence.”

“My head above the parapet again?”

“Indeed. Also, the simple act of loading an image in such an HTML email can equally result in the activation of a malicious program.”

“And what of the anti-virus programs, Holmes? Surely, they step in at this point?”

“In an ideal world they do, Watson. They should catch most of the culprits, but all attachments should be scanned with Avast before being opened if ever there is the faintest hint of suspicion. Luckily, most anti-spyware programs will spring into action in the majority of cases but I doubt if even they can catch such a slippery character as FinSpy.”

We watched as our glasses were eventually refilled. I tapped them briefly together and took a lengthy sip.

“One thought does strike me, Holmes. In the Bahrain example, if my anti-virus programs are of no help and yet I still have a burning desire to learn more about the arrest, what might I do?”

“In this instance, dear chap, you should email Melissa using the address on her business card or company Internet site and confirm if she has sent you anything. After all, Watson, lives are at stake.”

“Yes, I can see that would be worth the effort,” I agreed. “But if they were thwarter that time around, surely these FinSpy people would simply try another approach?”

“Yes, you are right. Again, Watson, they are only limited by their imaginations and their victim’s incredulity.” Holmes helped himself to a handful of nuts from the silver dish on the counter. I swiftly did the same.

“One of their most popular wheezes is to send the victim a notification that the operating system on their smartphone needs to be urgently updated for security reasons. What then, Watson?”

“Well, I am assuming that such important updates are par for the course. I’ve had those, too. If it looked like it was coming from Apple then I would probably do as they ask.”

“And you would be a fool to do so, Watson. Any such notification can be easily faked by anyone with a good graphics program. But, first of all, never accept any update that just pops up. If you need to update a program or operating system there will be a clear indication within your Settings. Only ever update that way.”

Just then a flunky came over to Holmes and spoke quietly in his ear.

“Our table awaits,” announced my friend, slipping from his barstool. “I hope you have worked up a good appetite. Bring your drink.”

We were led to our usual table, so advantageously placed that Holmes had a clear view of all the points of entry and exit within the splendour of the neo-Byzantine dining room. While we waited for the menus, my friend nodded towards my inside, left-hand breast pocket.

“This will amuse you, Watson. Go to Google Images and type finspy + laptop + tape. What do you see?”

“Right you are. Here is a rather swarthy fellow in a dark shirt.” I peered closer at the photograph. “I see he has the word ‘FinFisher’ on the screen of his laptop. Any relation?”

“None other than the parent company of the malicious FinSpy,” Holmes declared. “And the chap you see there is the big boss of the company. He might be very good at hoodwinking people into letting him plant nasty spy programs into their devices but he can never be so sure that he is not a victim himself.”

“How can you tell, Holmes?”

My friend leaned close and enlarged the image on the screen. “Ha,” he declared. “What have we here? It is tape once again.”

“So people cannot look at him?”

“And yet he might sweep his laptop with all the smartest anti-spy programs but – so good is his product, a veritable weapon of war – that even he cannot adequately protect himself.”

“Shocking.”

“What do you say to our sharing a dozen of the delightful rock oysters?” Holmes learned forward with an eager smile upon his sharp features.

I had to think twice as oysters were dashed expensive at that time of year. “The pâté is very good,” I suggested. It was just then that Luigi our usual waiter came and handed us the menus.

“The lamb is especially good today,” he addressed Holmes. “Whitstable salt marsh.”

Holmes nodded for my approval.

“Could I have mine not so pink this time, Luigi?” said I.

“Of course, sir.”

“We shall start with a dozen oysters, Luigi, and a bottle of the ’02 Montrachet.” Holmes turned and smiled at me. “Should go very nicely.”

“Are we celebrating something, Holmes?” I felt as if on unsure ground.

“You are only just beginning to get the colour back in your cheeks, dear Doctor. A satisfying and nutritious luncheon should ensure your complete recovery.”

“Very thoughtful of you, too, I must say, Holmes.”

“Do you use Twitter?” he suddenly asked.

“I do dabble, I must admit. I have twenty-seven Followers. I like to maintain a select circle of Tweeters.”

“Probably very wise, Watson. But do you ever receive notifications from people outside of your circle?”

“All of the time.”

“And do you find Twitter helpful as a source for news?”

“Of course. Many people rely upon the social media outlets for their news nowadays. Facebook is a popular source, I understand, as is Twitter, especially for breaking stories.”

“Quite so, Watson. But herein lie further traps. Imagine this, you are in your practice at Queen Anne Street. It is a bit of a slow day when – suddenly – up pops Twitter alerting you to a terrorist atrocity on the far side of the city. This is a BBC News Alert. There is a link allowing you to learn more. What do you do, Doctor?”

Just then the sommelier glided alongside Holmes and displayed the bottle for his approval. Several minutes later and I was enjoying the nice honey note that was brought out especially well in the ’02 due to the light frost that year. “Where were we?” I had to ask.

“The terrorist event…”

“Yes. Right. I need to know the extent of the carnage. How many people are injured, how many reported killed so I can get an idea of scale. Even what kind of explosive or device has been deployed. I would try to get the precise location. Then I would grab my bag and hail a cab as swiftly as I could.”

“And all very commendable, Doctor. But I am sorry to tell you that you might have just walked straight into another trap and taken yourself off into unsafe territory, and I do not mean Whitechapel.”

“How so?”

“Because it is simplicity itself to stunt up a Tweet. Allow me to demonstrate.” Holmes indicated my iPhone. “Go to your preferred search engine, Watson, and type “lemme tweet that” then follow the link. You will see a box in the centre of the page. Where it says @EnterUserNameHere, tap the screen and type @BBCNews.”

I did as he bid and then peered incredulously at the screen. The page had transformed itself into the official BBC Twitter page. “Are you suggesting, Holmes, that I can now type into the box I see open before me and that somehow I will be creating a phoney BBC News Alert?”

“Precisely, Doctor. And then all one needs do is have it re-Tweeted and there it is, out there in the open.”

“But what is the ultimate aim, Holmes?”

“The Drive-By Download, Watson. This phoney Tweet will take you to an equally phoney news page and there, as I have previously stated, you quietly and unobtrusively take on-board a malicious program much as you would the homely Cookie.”

“And then they have me, I suppose?”

“They do, my friend.” Holmes sat back in his chair, rising imposingly. “Ah, the oysters. They do look good, do they not, Doctor?”

“Succulent, I must say.”

“Dive in, Doctor,” said my friend, selecting an especially plump specimen and squeezing on lemon. He tilted back his head and gulped down the bivalve entire.

Holmes smacked his lips. “Sick, twisted individuals use real-life breaking news stories to jump on the bandwagon and draw unsuspecting victims off to their lairs for immediate infection,” he explained.

“They can easily plant all manner of nasties – not just the old RAT – but Blackhole Exploit Kits with Trojans, backdoors, key-loggers, infostealers or rootkits. They might even load you up with the increasingly popular dodge of Ransomware.”

I selected my second oyster, marvelling at the delicate translucency of the anterior adductor muscle. “Yes, I have heard of this,” I said. “One’s computer or ‘phone is locked until you pay a ransom.”

“Correct, Doctor. This may take many forms.” Holmes polished off another oyster, leaving just two remaining on the platter. He smacked his lips once more and pressed on.

“The perpetrator of the intended crime might come straight out in the open and immediately strong-arm you for the cash, or they might pretend to be some official body, such as the police, accusing you of downloading illegal content and locking your device until the ‘fine’ is paid.”

Holmes stretched forward and swiftly despatched another oyster. “Sometimes they include a mug shot of the victim taken as you might suppose, my friend, using the victim’s very own webcam. That is rather disquieting, is it not?”

I agreed. “But is all lost, Holmes? Is one left with a dead device or must one pay up?” I looked forlornly at the singular oyster resting in its’ juices. Holmes indicated that I should avail myself.

“Only a fool would do so, Watson. But not surprisingly the victims are legion – from actual police forces through to government departments and not just the dim-witted. It is fair to say that globally millions fall prey every year to these tricksters. And – by-the-by – Ransomware programs are easy to be had, meaning that any scoundrel can take up this scam.”

My friend sat back, allowing Luigi to clear away our things. He then lightly dabbed his lips with the napkin and, as soon as we were on our own again, he pressed on in a low voice. “Needless to say, once the ransom is handed over – usually by Western Union or sometimes via a digital crypto currency such as the BitCoin – the machine stays locked.”

“So one is scuppered then, Holmes.” I dabbed my own lips.

He chuckled. “But the key here, dear fellow, is not to fall victim in the first place, not to open an attachment or willy-nilly follow a link.”

“I suppose not.”

“Regardless of who wants you to follow a link – be it some global news monolith or even your Mum – always look at the address first. If it is obviously from the BBC with the corporation’s legitimate Internet address, all well and good. But often it is a shortened link, some gobbledegook that looks like a meaningless jumble of letters. Now you have no idea where you are going.”

“I suppose not,” I said again.

“The answer, Watson, is to expand the link. To see it fully naked, to see where it intends to take you.”

“And how, prey?”

Holmes nodded to the iPhone that lay beside me, reflecting back the splendid gold ceiling. “Search expand + short links and, with a little cut and paste, the true address will be revealed.”

“But if one were imbecilic enough to fall for this one, then what? Is it ever too late?”

“There may still be a chance, Watson. As quick as you can, switch off your computer and then back on again. On start up, a user is often presented with two options, to login as oneself or as a guest.”

“Yes, I have that on my laptop.”

“So, Doctor, you must now login as the guest. If luck is on your side, you can recover your important data via this route.”

Holmes raised his right hand to underline his next point. “One should really use a detachable storage device as the prime stowage facility and backup from that into the regular machine, rather than the other way around.”

“Oh, I see.”

“That way,” explained Holmes. “Even if they have total control of your computer, my friend, you can simply unplug the storage device and access it from another machine. Your data will not be lost.”

“What a relief, Holmes.” I exclaimed. “But one’s computer is then kaput, I take it.”

Holmes gave his sardonic chuckle. “There is still one avenue that a victim might explore. If all else fails, Watson, go online using another device and search for No More Ransom. If anybody can solve your problem they can and it’s free.” Holmes sat back gleefully. “Ah, the lamb.”

“My dear Doctor you positively inhaled that sticky toffee pudding,” marvelled Holmes.

I sat back in my chair. “Well, I did not find the oysters especially filling and, as you know, I am not partial to bloody lamb.”

“Ah, but lamb cooked in the French manner is sublime.”

“Holmes, if you had spent as much time as I dressing open wounds you might prefer it well done.”

Holmes nodded his understanding and I took a sip of my coffee. In time Luigi trotted up and slipped the bill on the table between the two of us.

“We have not yet covered industrial espionage,” announced Holmes as he unwrapped an after-dinner mint. “All corporations, as you no doubt know, have their own in-house intelligence services these days. They want to know what their competitors are up to and they want to keep a close eye on their employees. And when it comes to being spied upon themselves, they like to think that they are bottled up tight.”

“So I imagine.” I looked at the leather folder that lay between us. I remember thinking that the second bottle of Montrachet had been something of an extravagance.

“If you think, Watson, most of these entities maintain firewalls and teams of technical people on alert for any form of penetration. Any corporation on the ball will be locked down good and proper.”

“So dodgy email attachments and phoney Tweets may not do the job, eh?”

“That side of things is fairly well sewn up, Watson.”

“So what can a penetrator do?” I struggled to keep my eyes on Holmes, their being drawn to the folder with the growing concern that I was expected to make the right move here.

“Here is a scenario for you. You work in a big office in the City. You often pop out for a quick bite to eat at a nearby sandwich shop where you may occasionally linger over a cappuccino.” Holmes drained the last of his own coffee.

“One day, you notice a small USB thumb drive lying on the floor under your table. You nudge it with your foot and see that there is a sticker attached bearing the word ‘Private’. What do you do, Watson?”

“Well, Holmes, as you know, I am not one to pry. If something is private then in my book it should stay that way but I see where this is going. I might, in the first instance, go and hand it in at the counter.”

“Excellent, Watson, if the target here were the sandwich bar – but it is not.”

“For the sake of your narrative, Holmes, I will take it back to my office and plug it into my computer. I will hope – I suppose – that the thumb drive contains pornography of an especially private and lurid nature.”

“And so would many people, my friend. That is one way in. You might just as easily drop the thumb drive on the floor in the corporation’s lobby.”

“It’s a bit like fishing, only the other kind,” I suggested.

Holmes leaned forward again. His hand was nearly touching the folder and its’ potentially alarming tally. “Here is another scenario, Watson.” As he sat back in his chair, the folder appeared to move marginally in my direction.

“You are the receptionist working in that lobby. An attractive, well presented young lady arrives at your counter. She is clearly distressed.”

“Dear me.”

“She needs your help, Watson. She has a vital job interview in less than thirty minutes. But, alas, she has contrived to spill coffee all over her presentation. Oh, golly, she says. I’ve ruined my presentation, what am I to do?”

“Is she a little girl, Holmes?”

“No, dear chap, she is in her early twenties. I shall continue. “Please Mister, she implores. I have a copy here in this USB thumb drive. If only there were a printer somewhere.”

“Yes, yes, Holmes. I get the picture. I will play the perfect gentleman and make a copy for her using my printer.”

“So very kind of you, Watson. Believe me this is a scam that is played out in countless variations every day. And – as I am sure you already suspect – a covert piece of spyware waiting in the USB will immediately infect the computer at reception which in turn will infect the entire network.”

“But what about these computer geeks guarding against penetration?”

“They are fully occupied, eating pizza and looking in the wrong direction. They are inside, looking out while our attractive trickster has wormed her way inside. Trust me, nine times out of ten this simple ploy will work.”

Holmes lifted an eyebrow and caught Luigi’s immediate attention. He reached into his trouser pocket and extracted a tidy wad of banknotes held in place by a silver money clip. He then slipped a selection of notes into the unopened folder.

“Are you not going to look at the bill?” I asked.

Holmes was already standing. “I am fully capable of keeping a running count. Your shout next time, Doctor.”

“It’s comin’ down cats and dogs good and proper out there, Mr ‘olmes. Should you like me to call you a cab, sir?”

“You may have a deuce of a job on an afternoon like this, William,” said my friend. “We shall be in the Long Bar.”

We were enjoying a simple brandy apiece up against the counter when Holmes indicated a point across my shoulder. “Don’t look now, Watson, but I happen to know that the fellow in the Gieves & Hawkes suit is the Chief Executive Officer of a long-established merchant bank. I also happen to know a little something of the man’s interests.”

“Such as?”

“That he is an incorrigible philatelist with a particular interest in stamps featuring early aviation.”

“Fascinating.”

“But this is the way in, don’t you see?” whispered Holmes. “If we were out to penetrate this long-established merchant bank, the man behind you is our perfect method of penetration.”

“How so?”

“We would begin by searching him high and low across the social media spectrum. We would join our own dots and discover his particular hangouts. I imagine he might be a visitor to any number of popular philately forums and discussion rooms.”

“I see.”

“Knowing his particular interest, I would offer up for sale something irresistible – a rare German New Guinea two-pfennigs Blue featuring a Graff Zeppelin, for instance. I would go phishing for our man.”

“You cannot put the virus in the stamp, can you Holmes?”

“No, my dear friend, but I can plant my spy tool inside the very photograph that I post on the forum, ready to activate the instant the image is enlarged. With our friend the RAT, I can physically watch every interested party via webcam. I throw back all the tiddlers until I have our particular big fish.”

Holmes was looking over my shoulder again. “From then on, dear fellow, I have access to all his emails, texts, online banking and what-have-you. I can ask to have passwords reset at my command. My options are boundless.”

“Mr ‘olmes, sir. Your cab is ‘ere.”

“Well done, William.” Holmes fished in his pocket. “Here is something for your trouble.”

“Oh, thank you very much, sir. I just wanted to say again ‘ow grateful my missus and me are, sir, you ‘elping resolve that issue for us, Mr ‘olmes.”

Holmes waved his gloved hand airily and smiled before turning to me. “Sorry old chap. Must dash.”