Single Point of Failure: The (Fictional) Day Google Forgot To Check Passwords

After this, when everything started to recover and people had more or less recovered and the stock markets were starting to recover from the trillions of dollars ripped from them, Google's network engineers said that there were only five people in the world who were able to approve changes to your most critical code. And each of those five had complete confidence. July 4th. In Western Europe, it is Friday afternoon, and office workers are looking at their watches, wanting to know if it is okay to leave work early. In the United States, they are about to begin a three-day long weekend for Independence Day.

At Google's headquarters in Monutain View, most of the building is empty, the engineers on duty are either at home, with their phones ready to vibrate if something goes wrong, or they are changing shifts in data centers located around the world. world. However, there is still a well-lit office, hidden in a quiet corner of the building. Inside is Maria Christensen, one of the most experienced engineers and one of the trusted five. She is, against all corporate order, making a change to the core code of Google's infrastructure. She has changed only one section: and it is the first part of the login code for Google Apps.

This should be an incredibly complicated feature that generates more features to deal with

check

ing

passwords

, two-factor authentication, third-party password

check

s, suspicious activity, hackers, phreakers, fraudsters, and all kinds of disaster prevention. She has changed just one line of code, which she has put above, and it says..."return true;". (Result is true). She skips all the software's warnings that say this isn't going to work, this is dangerous, this is broken, and she flags it to be applied immediately and updates it. So Google's system updates the code through its data centers. From coast to coast in the United States, towards Doblí and Europe, in the Far East and down to South America.

It takes about three minutes. And what it means is that: It doesn't matter what you enter as a Google password, it will be treated as correct. There are no more password tests. If you type the username, you log in. And if this seems unlikely, like something that couldn't happen, if it seems like something that wouldn't happen, remember Dropbox, the file uploading service used by 175 million people including, I'm pretty sure, most of the people in this room. . In 2011, they had exactly that security bug for three hours. Now, fortunately, the person who discovered it -- who was not a Dropbox worker -- responsibly told them instead of telling the world, so the harm done was limited.

Maria has no intention of responsibly telling anyone. Most of the engineers who would be notified of a code change like this are not available. And these who are there have been between one and three minutes before María entered to log in to her now open Google accounts -- forget the email notification, they have it from about three minutes ago to read, understand, and come to realize exactly what the change entails before Maria logs in and remotely deletes her Andorid phone by reporting it as stolen. None of the engineers can do it in time. The rest of Google's Trusted Five are still asleep while their phones silently delete themselves.

And Maria mails her manifesto to dozens of news sites, posts to a couple of high-traffic websites, and logs out -- which is ironic since logging out doesn't really mean anything else -- enters her car, and is going to take a flight. As soon as the first journalist successfully performs a test, the news spreads like wildfire. The first place to spread it all over the Internet was strangely the Drudge Report (conservative American newspaper): and then they said it was because they didn't use Gmail and didn't really understand it, and they just put the story in rather than immediately going to protect themselves.

Because this is what most people did. Over the next few hours, people tended to fall into one of three groups: First and foremost, the defenders. Desperately trying to block their accounts, desperately trying to delete anything that might be incriminating, and stop their other accounts from being compromised. Because, remember, if you have access to someone else's email, then you have access to every

single

web service they use -- because they can request a password change right in your inbox. Whether you are being a defender generally depends on how good you are at getting all your other accounts away from that compromised address.

Certainly, even fat people who didn't use Gmail noticed that other people they messaged did. Facebook was the first major web service to react, fast enough, so fast that most commentators suggest they actually had a plan for that years ago. Within a few minutes of the story unfolding, Facebook disables not only password resets but the ability to log in in general, with the assumption that most people had their accounts compromised, so they just turn it off. And since almost everyone was actually already logged in on their phone and computer, Facebook quickly became the trusted method of contacting anyone -- and there was a new level of trust that persisted after people looked. cautiously in the mail.

Then there were the amateur detectives. Those who suspected that their partner was cheating on them. Those who were desperate to find out what their companions earned, or what their owner really thought of them. It really wasn't restricted to email, clearly, if you have access to someone's Google account, in most cases you have access to their entire search history and all the websites they've visited. For years, and years, and years. Have you disabled it? Most of that room didn't. It was described by one writer as "looking into my wife's soul." And the divorce rate had a notable rise several months later.

Meanwhile, companies using Gmail, or companies working with companies using Gmail, had only to assume that all their corporate secrets had been stolen: in the years to come, patent and copyright attorneys would make an enormous amount of money as the allegations back and forth between corporations. Now the European stock markets, the only ones open at that time on July 4, fell directly almost immediately, the Asian and American ones would do the same when they opened the following Monday. But the most obvious group, if not the largest, would be arsonists. Anyone who had any kind of prominent presence on the Internet would have their account destroyed, completely destroyed, within ten minutes.

Any YouTube channel with any kind of audience would find all their work deleted and vandalized, even worse than the new comment system YouTube had made. Some arsonists attacked individual people, hoping to delete everything as part of a vendetta, but others... others just tried to destroy as much data as they could from as many people as they could as quickly as they could. Google clearly had backups. They reverted everything - but most third-party websites, vulnerable through password changes, were not so lucky. (laughs) Every blog with more than a few readers has cruel messages, or code that redirects to websites with shocking content, or just destroyed.

A huge number did not have usable backups. This was the final blow of the death of most forums, the old ones that have been declining in use year after year. As soon as the administrator's account was taken down, the entire site was quickly destroyed. And not many of them recovered because not many of them had backups. Some did things for the "good guys." Firstly, the huge amount of traffic - from people trying to fix and break things - would mean that not even Google itself could handle that much workload: a good handful of people would end up frustrated by slow loading times and crashing servers.

But thirty minutes later, at least some of Google's network engineers realized it was happening and pulled the cord - in one case physically, literally stretching data center cables and uncontrollably shutting down everything they could. . Someone might finally be able to get a blackout command into the systems Maria had compromised two hours ago. After this, and three minutes later, Google goes down from the Internet for the first time in a long, long time. Between these two hours of altercation, of pandemonium, were the people Maria Christensen really wanted to reach. She was hoping to be the next Chelsea Manning, the next Julian Assange, the next Edward Snowden.

More than that: she is waiting to create hundreds, thousands, millions of people taking on that role of leakers, through the brief hours of "freedom" that she had created to change the world for the better. This was her manifesto: she came out. Find the things that need to be leaked, find the files of the corporations and governments that are destroying our world, and show them to the light of day. Her

point

of view was unfortunately optimistic. And yes, some people did. There were thousands of leaks, some of international importance: a few recalled that Obama's transition team, after the 2008 election, used Gmail until they could have their official addresses on whitehouse.gov and there were stories of millionaire managers talking about stories of clandestine workshops and burying them; stories of mining companies exploiting workers and exposing them to incredible danger, story after story of people putting human considerations aside and – this phrase is used a lot – acting in the best interests of shareholders.

But none of those stories made the news. Because what Maria Christensen hadn't done was control the story. Wikileaks and their allies always did it: they repeated the stories for months in a 24-hour cycle that always wanted more, more, more, but in reality... In this case, however, the story was about the process, not about information. The angle that all the news took was that email was suddenly insecure, that you were at risk, that you should defend yourself against it and that's how it's done, that websites are being damaged, and that's how you protect yourself. yourself, and you look at us because we will help you.

So there was no tremendous revelation printed on the front pages. There should have been, there are an infinite number of covers, but there were simply too many stories, and all of them were much less interesting to the public than the question of whether your partner has looked at your search history. And clearly, for most people, there was no long-term harm, at least not to them personally. Statistically speaking, you could fix it. And sure, everyone knew someone who had been affected, everyone knew who would get in trouble, but chances are that you, yourself, had come out unscathed.

And while plenty of high-profile companies suffered little, there was no world-changing moment. If dumping countless gallons of oil into the Gulf couldn't kill BP: what could? So most small businesses survived unscathed and the economy recovered, little by little, having been damaged by no more than any natural disaster. And Gmail, a year later, had almost as many active users as before. Because, after all, what were the chances of this happening again? And it's not like the government can't read your messages anyway. And no one was really hurt long-term, and maybe it was better that me and her broke up, you know?

Everything works in the end. Also, it would be a real problem to try to change my email account somewhere else. I would have to change my address! It's amazing how we rely on

single

point

errors. And while this is a worst-case scenario – pretty much it, frankly – everyone here would have an axis where everything, at least in your online life, hangs by a thread. The email account that you

forgot

had access to everything. Or that password your ex still knows. But my argument is: even though disaster happens, when the world falls around you, you remember that eventually, this too should happen.

Because it takes more than a single point error to change the world- Oh, and what happened to Maria Christiensen? She was arrested at the airport, after her flight was delayed... because the airline was powered by Google Apps. Thanks everyone, I'm Tom Scott, enjoy the rest of the show. Translated by Marcos Salomón (@enrospv)