Thursday, December 23, 2010

Man Goes Through TSA Security, Boards Plane At Houston International (IAH) With Loaded Pistol (unintentional - reports incident - upset with security)

"HOUSTON (KTRK) -- TSA checkpoints at airports are at the front lines of preventing terrorism. When you go through security, you expect to be scanned and searched. And you expect TSA to prevent contraband from getting on planes, but as we've learned, that doesn't always happen.

Houston businessman Farid Seif says it was a startling discovery. He didn't intend to bring a loaded gun on a flight out of Houston and can't understand how TSA screeners didn't catch it.

Nearing the height of last year's Christmas travel season, TSA screeners at Bush Intercontinental Airport somehow missed a loaded pistol, one that was tucked away inside a carry-on computer bag.

"I mean, this is not a small gun," Seif said. "It's a .40 caliber gun."

Seif says it was an accident which he didn't realize until he arrived at his destination. He says he carries the glock for protection but forgot to remove it from his bag. He reported the incident as soon as he landed, shocked at the security lapse.

"There's nothing else in there. How can you miss it? You cannot miss it," Seif said."

ABC Affiliate KTRK - Man boards plane at IAH with loaded gun in carry-on

----

Conor Friedersdorf at the Daily Dish writes pretty much exactly what I'm thinking:

"As the guardians of America's airports put travelers through naked body scans and invasive patdowns, ponder [the story above]"

"Two thoughts. 1) Perhaps if this sort of thing wasn't covered up, and we heard about it everytime TSA staffers failed to catch weapons, the resulting embarassment would improve their performance more than whatever method now being used. 2) I've got to submit to naked scanners and pat downs when they can't even catch weapons going through the x-ray scanners they've already got?

My faith in the ability of government to decide what should be kept secret and what shouldn't is now even closer to nil."

Andrew Sullivan - Daily Dish - The Secrets TSA Keeps

Monday, December 20, 2010

Flash Cookies - Do You Know They Exist And That They Are Being Used To Track You? Even If Your Other Privacy Settings Are Set To Paranoid?

It occured to me that I should probably tell you about flash cookies. Most people who spend a lot of time on the web know that sites can track you using browser/web page cookies - a serial number that identifies your browser if you return to a site - or a site that pulls in ad content from an external server. Except there are other cookies - flash cookies (as in your flash media player - e.g. youtube videos, all those annoying animated ads). I am including a link to the Adobe Flash Website Storage Settings panel so you can look at your flash cookies. Feel free to hit "delete all" like i do every week or so.

Wired and ghacks do a good job of explaining flash cookies:

Wired Mag - You Deleted Your Cookies? Think Again

"More than half of the internet’s top websites use a little known capability of Adobe’s Flash plug-in to track users and store information about them, but only four of them mention the so-called Flash cookies in their privacy policies, UC Berkeley researchers reported Monday.

Unlike traditional browser cookies, Flash cookies are relatively unknown to web users, and they are not controlled through the cookie privacy controls in a browser. That means even if a user thinks they have cleared their computer of tracking objects, they most likely have not.

What’s even sneakier?

Several services even use the surreptitious data storage to reinstate traditional cookies that a user deleted, which is called ‘re-spawning’ in homage to video games where zombies come back to life even after being “killed,” the report found. So even if a user gets rid of a website’s tracking cookie, that cookie’s unique ID will be assigned back to a new cookie again using the Flash data as the “backup.”"


----

"Flash cookies are a new way of tracing your movement and storing a lot more information about you than with normal cookies. One major disadvantage of flash cookies is that you can’t locate them in your browser. They are not shown in the list of cookies that you can see when you take a look at the cookies that are currently saved in your web browser. Normal HTTP cookies can’t save more than 4 Kilobyte of data while Flash cookies can save up to 100 Kilobyte. If you want to try out how they work you could do the following.

Go to Youtube, increase or decrease the volume of the videos and delete all cookies afterwards. You will notice that the volume level is still at the same level when you close your browser and open it again. This is done with so called Local Shared Objects, better known as Flash cookies. The main question is of course how a computer can be checked for Flash cookies and how it would be possible to delete those cookies again."
ghacks.net - Flash Cookies explained

Firefox And MicroSoft Adding More Privacy Features To Web Browsers

"As concern about online privacy grows, Mozilla is promising to let people cloak Internet activity in free Firefox Web browsing software being released early next year.

"Technology that supports something like a 'Do Not Track' button is needed and we will deliver in the first part of next year," Mozilla chief executive Gary Kovacs said while providing a glimpse at Firefox 4 at the Mozilla's headquarters in Mountain View, California.

"The user needs to be in control," he added.

There is a disturbing imbalance between what websites need to know about visitors to personalize advertisements or services and the amount of data collected, according to Kovacs.

"It is not that ads are bad," he said. "It is what they do with my tracked behavior.

"Where I go on the Internet is how I live my life; that is a lot of data to hold just for someone to serve me ads."

Microsoft this month unveiled increased privacy options for the upcoming version of its popular Web browser Internet Explorer 9 (IE9) including a feature "to help keep third-party websites from tracking your Web behavior."

Microsoft said "Tracking Protection" will be built into a test version of IE9 being released early next year."

AFP - Firefox backs "Do Not Track" with online stealth

----

Seems like a see-saw back and forth between consumers who vaguely know they want more privacy, and advertisers willing to spend a lot to get at your information.

Big brother works for an advertising firm as well as the western national security apparatus....

Thursday, December 16, 2010

Facebook Launches Facial Recognition; How long Until Police Want To Have Access To "Find Terrorists" (or G20 protestors)

"Facebook this week made the process of tagging multiple photos a bit easier by adding facial recognition technology.

Going forward, Facebook will examine newly uploaded photos and compare them to other photos in which you or your friends are tagged in order to make tagging suggestions.

"When you or a friend upload new photos, we use face recognition software—similar to that found in many photo editing tools—to match your new photos to other photos you're tagged in," Facebook said in a blog post. "We group similar photos together and, whenever possible, suggest the name of the friend in the photos.""

PC Mag - Facebook Adds Facial Recognition to Photo Tagging

----

And the official word from facebook:

The Facebook Blog - Making Photo Tagging Easier

----

I will refer you to my article:

Toronto Police Using Facial Recognition Software To Find G20 "Most Wanted" for some commentary.

This is handy, but problematic from a privacy standpoint. How long until someone does a mash-up of this software and begins applying it to other picture databases? Really - I have tech guy friends that have already built systems that will monitor cameras at public events like football games or trade shows and tell the sponsors about the demographics of the crowd. They are already using it to look for known troublemakers at concert venues.

Because facebook is all about giving advertisers access to your preferences and social networks, how long will it be before people can buy access to facial recognition routines, run them against an event database, and come up with your name and contact information? And then sell that contact info to those advertisers for affinity marketing and such?

Then there are the applications for a big brother state rooting out terrorists, or even more heinous, political protesters (like at the G20) who might dare to challenge the oligarchs. Funny how the police can manage to use facial recognition software to find protesters, but are having such a hard time finding out which officers beat protesters so severely their face bones were broken...

Then there is the application of facial recognition software to all those amateur nudie pics and bar flash pics floating around on the intertubes...

It's a whole new ball game.

And it's coming quickly.

----

At least this answers the question of why, the last time I updated my facebook profile picture, it automatically selected my face for photo cropping and not my girlfriend's face from the picture I used. I tried it a couple of times and concluded it must be doing some kind of facial recognition. Now I know.

Wednesday, December 15, 2010

WikiLeaks, VISA, Mastercard, Backscratching, And Favours Granted

The Guardian - US embassy cables: Revealed: US secret operation to help Visa and Mastercard

"Summary: The cable from February 2010 reveals how the US tried to lobby the Russians on behalf of Visa and Mastercard. Washington wanted to amend a draft law that would have damaged firms' commercial interests."

----

The Guardian - WikiLeaks cables: US 'lobbied Russia on behalf of Visa and MasterCard'

"US diplomats intervened to try to amend draft law so that it would not 'disadvantage' US credit card firms, cable says

A state department cable released this afternoon by WikiLeaks reveals that US diplomats intervened to try to amend a draft law going through Russia's duma, or lower house of parliament. Their explicit aim was to ensure the new law did not "disadvantage" the two US companies, the cable states.

The revelation comes a day after Visa – apparently acting under intense pressure from Washington – announced it was suspending all payments to WikiLeaks, the whistle-blowing website. Visa was following MasterCard, PayPal and Amazon, all of which have severed ties with the site and its founder, Julian Assange, in the past few days."


----

Quid pro quo...?

Plutocracy...

Oligarchs?

I think that one of the most positive outcomes of the WikiLeaks events, and even 9/11, is that it has become pretty clear that we do not really live in democracies. Perhaps we will have an opportunity to change that.

Monday, December 13, 2010

WikiLeaks Cyberwar: Cyberfizzle...? Cyberintifada?

"Some historians like to talk about the "Long War" of the 20th century, a conflict spanning both world wars and the wars in Korea and Vietnam. They stress that this Long War was a single struggle over what kind of political system would rule the world - democracy, communism or fascism - and that what a war is fought over is often more important than the specifics of individual armies and nations.

The Internet, too, is embroiled in a Long War.

The latest fighters on one side are Julian Assange, founder of WikiLeaks, and the media-dubbed "hacker army" that has risen in his defense in the past week, staging coordinated attacks on government and corporate institutions that have stood in his way. They come from a long tradition of Internet expansionists, who hold that the Web should remake the rest of the world in its own image. They believe that decentralized, transparent and radically open networks should be the organizing principle for all things in society, big and small. "

"The battle between "Anonymous" and the establishment isn't the first in the Long War between media-dubbed "hackers" and institutions, and considering the conflict's progression is key to understanding where it will lead.

In the early 1980s, Richard Stallman, then an employee at MIT's artificial-intelligence lab, was denied permission to access and edit computer code for the lab's laser printer. Frustrated, he kicked off what he calls GNU, a massively collaborative project to create a free and sharable operating system. His efforts sparked a widespread movement challenging the restriction of access to software through patents. Supporters asserted that they had a right to control the code in their own computers.

The battle reached far beyond Stallman, eventually pitting corporations and patent-holders against this early generation of free-software advocates. The bulk of most software is still private, though open-source projects have gained popularity and even dominance in some arenas. Stallman continues to advocate for free software."

Washington Post - WikiLeaks and the Internet's Long War

----

"It all started with a carnival atmosphere, as tens of thousands of students and sixth formers took to the streets to protest about the state of higher education and inequality in society.

Students carried placards with witty and sometimes obscure slogans such as “Be realistic, ask the impossible” and “Under the paving stones, the beach”. But it turned violent as groups of anarchists seized buildings and confronted the police. Pretty soon, there was an atmosphere of revolution.

No, that wasn’t a report from last week’s student demonstrations in London. It was from Paris, May 1968, when students seized the city in the spirit of the Paris Commune. The 1968 students fought running battles with the police, threw cobble stones, wrecked cars. Their actions struck a chord with the trades unions, and within days 10 million French workers went out on strike. “Les evenements” nearly toppled the French government and Charles De Gaulle, the president, put the military on alert for a violent revolution then scurried off to Germany. His government was forced to concede an early general election."

"The current student intifada in Britain against tuition fees may not be quite in the same revolutionary league; there’s no sign yet of any general strike following the Battle of Westminster. But it is important nevertheless, if only because of the timing. As in 1968, 2010 has been a year of protest throughout Europe. We saw general strikes in Spain and France, riots in Greece, mass demonstrations in Ireland as EU governments sought to deal with the financial crisis by driving down living standards and cutting public services. Students have invariably been in the thick of the action. There has been an increase also in less orthodox, internet- based protest, such as the hackers of “Anonymous” who have attacked firms like Amazon and Paypal in defence of the WikiLeaks leader, Julian Assange. Protest has gone digital."

"...Protest does have an impact, though sometimes it isn’t obvious. The campaign against the Criminal Justice Bill in 1994 did not “kill the bill” but it did moderate it. The anti-war marchers who said “not in my name” in 2003 made clear to history that the war was illegitimate in the eyes of many millions of ordinary people, and destroyed Tony Blair’s credibility. The poll tax demonstrations really did succeed in getting the community charge scrapped, though it took a couple of years and the removal of its architect, Margaret Thatcher. She was forced from office a matter of months after the London poll tax riots, by Tory ministers who realised that she had become a vote loser. In Scotland, the poll tax protests fuelled demands for a Scottish parliament as the only certain means of protecting the country from future Tory legislation. The urban race riots in 1981 in areas like Toxteth, Southall and Brixton led to the Scarman Report, police reform and multicultural policies in local government

It’s also true that the student demos are not Paris, May 1968. But the truth is that 1968 didn’t directly achieve all that much either. Europe’s greatest popular uprising since the Second World War was a political failure. The student unrest and the strikes evaporated almost as quickly as they had emerged, and in the subsequent general election, the right-wing Gaullists were returned with an increased majority. But les evenements, while a failure electorally, were immensely significant culturally, and historians agree that 1968 was a watershed year in Europe and the world. The rebellion wasn’t really a revolution in the traditional sense and was led as much by hedonism as Marxism. The revolt captured the imaginations of young people all over Europe, and marked the end of the authoritarian, sexually repressed and socially conservative post-war era. Feminism, environmentalism and gay liberation all trace their origins to the “spirit of ’68”." [bold mine - James]

Herald Scotland - The new revolutionaries

----

"Hacking has been around as long as the Internet, but has generally been the province of vandals, organized criminals or programmers simply flaunting their technical prowess, said Marc Cooper, a professor at USC's Annenberg School for Communication and Journalism.

"This is the first time we're really seeing a mass movement of cyber-sabotage with political overtones," he said.

"Whatever the legality and morality, I think it has an undeniable Robin Hood type of resonance with lots of people."

As is true of WikiLeaks, the members of Anonymous come from many countries, work in secret and often set their own rules, haranguing adversaries by barraging websites, breaking into email accounts and posting targets' personal information on the Web."

"Law enforcement authorities say these attacks, which can cause severe disruption to businesses, can easily cross the line from demonstration to criminal action."

Montreal Gazzette - WikiLeaks 'hacktivists': Freedom defenders or nerd supremacists?

----

"People using a tool to conduct distributed denial-of-service (DDOS) attacks against other websites in support of WikiLeaks can easily be traced, according to computer security researchers.

Thousands of people have downloaded the "Low Orbit Ion Cannon," a tool that bombards a targeted website with garbled traffic in an attempt to knock it offline. The tool has been promoted by Anonymous, a loose-knit group of online campaigners that has attacked companies that cut off support for WikiLeaks since it began releasing secret U.S. diplomatic cables in late November.

But researchers at the University of Twente in Enschede, Holland, say it is easy for ISPs to identify those using the tool, as it takes no measures to protect the identity of its users, according to their paper.

There are several versions of the Low Orbit Ion Cannon: one is a client application that is downloaded by a user and can be remotely controlled via an IRC (Internet Relay Chat) or be manually configured. The other is a JavaScript-based Web site.

With the client application, the targeted Web site can see the real IP (Internet Protocol) address of the computer conducting the attack, the researchers wrote. The IP address can be linked to the ISP providing the service, which can then investigate which subscriber the address corresponds too. The same condition happens when someone uses the Web-based tool."

PC World - Website Attackers Could Be Easily Traced, Researchers Say

----

"But in modern times, the rules were blurred. The ‘enemy’ stopped wearing uniforms. Civilians became accepted targets. The line between right and wrong grew scuffed, and it appears, is in imminent danger of disappearing altogether.

And that’s where we sit today. Currently, those on the side of WikiLeaks - and thus attacking various corporate and government websites - are mostly operating under the tag Anonymous, clubbing together to organise and undertake Distributed Denial of Service (DDoS) attacks.

For the luddites, think of it this way. The governments and corporations are what they are - strong, heavily armed and well-defended. Anonymous are like the rabble of Palestinian kids we see throwing rocks at soldiers, occasionally getting accurate and giving a man in a uniform a bit of a boo-boo. DDoS attacks are, at their most effective, a nuisance. Cyber sabre rattling, and nothing more.

The point is that they are fighting, and with every weapon at their admittedly quite meagre disposal.
[bold mine - James]

It should really come as no surprise that a war can be fought in this manner. The ongoing and inexorable creep from state-to-state warfare to the more nebulous, unidentified non-government enemies - as we’ve seen in the War on Terror - was merely a foreshadowing of events to come.

We have entered a time when single, small entities carry as much agency in a battle as a nation of more than 200 million, with the single most powerful military on the planet behind it."

Australian Broadcasting Corporation - Welcome to Infowar, version 1.0

----

Oh, well. No cyberwar. Maybe cyber skirmishes. The folks in anonymous that I spoke to/messaged with told a different story of being organised.

Guess not.

I've been part of enough student protests that I should have anticipated this. But they seemed to have their shit together.

Maybe next time.

What i think this does mean is a wake-up call for major corporations about their internet vulnerability.

and, as Tim Hwang says in the Washington Post:

"In his recent book "The Master Switch," Columbia law professor Tim Wu makes the case that the Internet, on its most basic level, is just like any other communications medium. As such, we shouldn't be surprised to see consolidation and government control over the Web. It's true that most other media - movies, radio and television - have gone through phases of wild growth and experimentation, eventually settling into a pattern of consolidation and control.

Why should we expect any different of the Web? Is the arc of the Internet's Long War predetermined?

One key factor is embedded in the history of the Web and the many iterations of the Long War itself: The Internet has cultivated a public vested in its freedom. Each round of conflict draws in additional supporters, from hackers to the growing numbers of open-government activists and everyday users who believe, more and more, that the radical openness of the Web should set the pattern for everything.

As the battlefield has become more vast - from laser printer code to transparency in global diplomacy - the Internet's standing army continues to grow, and is spoiling for a fight."
Washington Post - WikiLeaks and the Internet's Long War

Friday, December 10, 2010

"WikiLeaks: Julian Assange 'could face spying charges' "

"Julian Assange, the WikiLeaks founder, could soon face spying charges in the US, according to his lawyer."

"Jennifer Robinson, Mr Assange's lawyer, said that she believes US prosecutors are finalising their case and charges could be "imminent".

Were he to be charged, it is likely to be under the Espionage Act, which makes prosecutes the gathering of national defence information if it is known to have been obtained illegally and could be used to the detriment of the US. It is also illegal to fail to return information to the US government.

Speaking to ABC News, Miss Robinson said she had heard a number of rumours from "several different US lawyers", but added that she did not believe the Espionage Act applied to Assange, who is she added is currently in solitary confinement in Wandsworth prison in London."

The Telegraph - WikiLeaks: Julian Assange 'could face spying charges'

----

"A lawyer for WikiLeaks founder Julian Assange says any prosecution of the whistleblowing website in the United States for espionage would be unconstitutional.

But Jennifer Robinson denied reports that Assange's legal team believe a US indictment over WikiLeaks' release of thousands of classified US diplomatic cables is imminent.

"Our position is that any prosecution under the espionage act would be unconstitutional and call into question First Amendment protections for all media organisations," Robinson told AFP on Friday.
Advertisement: Story continues below

She added: "We are taking legal advice on the possibility of prosecution in light of high profile public officials calling for his prosecution and rumours circulating in the US that a sealed indictment is being prepared, or may have already been prepared.

"But we do not think there are grounds for prosecution, nor have w
e seen any sensible explanation of which provisions would be relied upon.""
AFP/Sydney Morning Herald - US Assange indictment `unconstitutional'

----

I wonder if media giants will be pulled into this case as intervenors? The New York Times published the documents.

This will make fascinating new law. I just hope the ideological balance on the U.S. Supreme Court has changed by the time this case makes it there.

Straight Up Pointer To A Great Blog Post On "Another Point Of View"

Another Point Of View (another Progressive Blogger) has an awesome post on the security accord that the federal government is secretly negotiating with the United States - READ IT:

""The population is naïve, if not ignorant, of the (shriek!) threats from that big bad rest of the world out there."

In other words: those of us that do give a fuck about stopping the ever increasing erosions of our rights as constitutionally defined are nothing but a bunch of stupid, insouciant, utopian, fringe agitators.

Hence, that is why they lie and use fear politics to scare the majority of us into not only accepting these increasing erosions of our civil rights, this time even accepting the "new reality" that our privacy has to be surrendered to another country (who could've predicted that?), but furthermore to submit without question to their "wise" measures meant to "keep us safe"."

Another Point Of View - Welcome To Your Authoritarian Corporatocratic Security Surveillance State Of North America

----

Some of my favourite outtakes from the Globe and Mail article:
"The Harper government is bracing for a backlash over a border security agreement it is negotiating with the United States, anticipating it will spark worries about eroding sovereignty and privacy rights, a document obtained by The Globe and Mail shows."

"It also provides a rare insight into how the government regards Canadians: as a nation ignorant of the true scale of the security threat it faces and more concerned with privacy rights."

"The communications strategy for the perimeter security declaration – which the document says will be unveiled in January, 2011 – predicts one of the biggest potential critics will be the federal privacy commissioner Jennifer Stoddart. That’s because the deal is expected to increase the amount of data exchanged between law enforcement and other government authorities in both countries."

"The communication strategy labels Ms. Stoddart as a “high risk” stakeholder who will “raise concerns re: information sharing and protecting private information.”"[bold mine - James]

The Globe and Mail - Ottawa crafts plan to ward off criticism over U.S. border deal

Cyberwar: "The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability" - Congressional Research Service


"The experts at the Congressional Research Service have just issued a chilling report entitled The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability. Unfortunately, the title is a statement; there's no question mark at the end. The Stuxnet's initial target was apparently Iran's nuclear program, and it's obvious that someone, somewhere is developing insidious computer programs that could change life as we know it:

"From the perspective of many national security and technology observers, the emergence of the Stuxnet worm is the type of risk that threatens to cause harm to many activities deemed critical to the basic functioning of modern society...Depending on the severity of the attack, the interconnected nature of the affected critical infrastructure facilities, and government preparation and response plans, entities and individuals relying on these facilities could be without life sustaining or comforting services for a long period of time. The resulting damage to the nation's critical infrastructure could threaten many aspects of life, including the government's ability to safeguard national security interests.""

Time: Swampland blog - If You Think WikiLeaks Is Significant...

----

"Summary

In September 2010, media reports emerged about a new form of cyber attack that appeared to target Iran, although the actual target, if any, is unknown. Through the use of thumb drives in computers that were not connected to the Internet, a malicious software program known as Stuxnet infected computer systems that were used to control the functioning of a nuclear power plant. Once inside the system, Stuxnet had the ability to degrade or destroy the software on which it operated. Although early reports focused on the impact on facilities in Iran, researchers discovered that the program had spread throughout multiple countries worldwide.

From the perspective of many national security and technology observers, the emergence of the Stuxnet worm is the type of risk that threatens to cause harm to many activities deemed critical to the basic functioning of modern society. The Stuxnet worm covertly attempts to identify and exploit equipment that controls a nation’s critical infrastructure. A successful attack by a software application such as the Stuxnet worm could result in manipulation of control system code to the point of inoperability or long-term damage. Should such an incident occur, recovery from the damage to the computer systems programmed to monitor and manage a facility and the physical equipment producing goods or services could be significantly delayed. Depending on the severity of the attack, the interconnected nature of the affected critical infrastructure facilities, and government preparation and response plans, entities and individuals relying on these facilities could be without life sustaining or comforting services for a long period of time. The resulting damage to the nation’s critical infrastructure could threaten many aspects of life, including the government’s ability to safeguard national security interests.

Iranian officials have claimed that Stuxnet caused only minor damage to its nuclear program, yet the potential impact of this type of malicious software could be far-reaching. The discovery of the Stuxnet worm has raised several issues for Congress, including the effect on national security, what the government’s response should be, whether an international treaty to curb the use of malicious software is necessary, and how such a treaty could be implemented. Congress may also consider the government’s role in protecting critical infrastructure and whether new authorities may be required for oversight.

This report will be updated as events warrant."


Congressional Research Service - The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability (.pdf file)

----

Funny how computer attacks and cyber warfare have moved up the media food chain...

Here's some more of the text of the actual report:

"ICS Vulnerabilities and Critical Infrastructure

Vulnerabilities in industrial control systems have long been an issue of concern to both the security and technology communities.36 Modern critical infrastructure facilities rely on computer hardware and software continuously to monitor and control equipment that supports numerous industrial processes, including nuclear plant management, electrical power generation, water distribution and waste control, oil and gas refinement, chemical production, and transportation management. The Department of Homeland Security (DHS) categorizes 18 critical infrastructure sectors as “essential to the nation’s security, public health and safety, economic vitality, and way of life.”37 The advent of the Stuxnet virus has raised questions on the vulnerabilities of national critical infrastructure. In the absence of specific information on the full impact of Stuxnet, one can speculate that all these sectors may be at risk.

Many observers fear that a successful infiltration and attack could degrade or stop the operation of a critical infrastructure facility that delivers water, gas, or other essential utility, or affect multiple facilities due to the interdependent nature of the nation’s infrastructure sectors responsible for providing essential services. Sean McGurk, the Department of Homeland Security’s Acting Director of the National Cybersecurity and Communications Integration Center stated during a November 2010 hearing, “We have not seen this coordinated effort of information technology vulnerabilities and industrial control exploitation completely wrapped up in one unique package. To use a very overused term, it is a game-changer.”38 Unclassified reports suggest that the Stuxnet worm was specifically developed to seek out and exploit vulnerabilities in software that manages ICSs found in most critical infrastructure facilities. One type of ICS, a Supervisory Control and Data Acquisition (SCADA) system,39 is a computer that controls industrial processes and infrastructures. SCADA systems can be accessed and managed directly at computer terminals, either from remote locations that are connected to the control system, or through the emerging trend of controlling these systems from mobile wireless devices.

In 2009, DHS conducted an experiment that revealed some of the vulnerabilities to cyber attack inherent in the SCADA systems that control power generators and grids. The experiment, known as the Aurora Project, simulated a computer-based attack on a power generator’s control system that caused operations to cease.40 The same vulnerabilities are said to exist in other critical infrastructure, which, if disabled, could both cripple the economy and have physical consequences; an electrical blackout for a prolonged period of time could potentially lead to loss of life if essential services were not restored."


Does everyone remember that "smart grid" technology that is ever so green and energy saving? Looks like I will have to dust off some of my articles about the security and privacy vulnerabilities of the "smart grid".

(I still support the implementation of the "smart grid" even with the potential problems)

How about the "smart home"? You know, the one where you can turn on your oven from a web page at work? Remember those ads?

Just sayin'...

WikiLeaks Cyberwar: Looks Like It Was Just A Skirmish; Attacks Being Wound Down?; My Inner Anarchist Is Sad...


"A young British hacker behind the online vigilante Operation: Payback says they’ve made their point and have called off their disruption of MasterCard, Visa and Amazon sites.

Jamming MasterCard.com and threatening to shut down Amazon.com “brought notoriety to the case,” the anonymous hacker who uses the name Coldblood told the BBC. “It makes it less easy for the government to do this to future sites.”

Meanwhile, the “Internet gathering” called Anonymous that is behind Operation: Payback will keep slowing down the online payment system PayPal and is considering a new tactic, the group said in a news release on Friday."

TheStar - WikiLeaks says it would be ‘in bad taste’ to take down Amazon

----

ANON OPS: A Press Release December 10, 2010

----
"Web attacks carried out in support of Wikileaks are being wound down as activists consider changing tactics."

"At the same time one wing of the activist group suggested ditching the attacks and doing more to publicise what is in the leaked cables."

"The attacks have been carried out using a tool, called LOIC, that allows people to bombard a site of their choosing with data or let the target be chosen by those running the Anonymous campaign.

The tool launches what is known as a distributed denial of service (DDoS) attack which tries to knock a website offline by bombarding it with so much data that it cannot respond.

The LOIC tool has been downloaded more than 46,000 times but, said Anonymous activists in a tweet, this did not translate into enough people using it to knock the retail giant off the web.

Instead, the attack was re-directed towards Paypal and its computer systems which, according to a status page, has intermittently suffered "performance issues" ever since."

"The chances of success could be boosted by a new version of LOIC written in web programming language Javascript that allows anyone with a browser, including on a mobile phone, to launch attacks.

However, defences against the attacks were being drawn up as security firms scrutinise the code behind LOIC to work out how attacks happen. Some suggest that well-written firewall rules would be able to filter out most of the harmful traffic."

BBC - Anonymous Wikileaks supporters mull change in tactics

----

Long rambling personal ideological statement warning (you may desire to not read this section):

Having spent a decade wandering around the social sciences at university, I can point to plenty of historical precedence for short lived uprisings that presaged a larger event.

And while I am in no way advocating illegal activity (c.f. job [real world], CSIS visits, police watch lists), mass protest is a time honoured tradition when normal avenues to effect change fail. At this, the attacks by anonymous appear to have made a point. There are also a whole lot of people who have been made aware that they can join in, and new tools to make it easier have been developed.

I think we can point to LOIC as a cyber version of the Molotov cocktail, though likely without its staying power...

My general support of transparency and accountability is still present. My suspicion of the oligarchs that run our planet is still deep and abiding. It is my belief that over the last 30 years (starting with the Thatcher/Reagan/Mulroney era) our liberty and freedom has been eroded - political and economic freedom. The changes wrought on the world - led by the war criminals George W. Bush and Dick Cheney - after the World Trade Centre attacks (9/11) have been tilted strongly toward authoritarian control. The pseudo-religious/theocratic right wing has used the opportunity to reshape the world and strengthen the hold of the oligarchs/plutocrats by exploiting fear.

While I am not part of the attacks, and won't be (at minimum prudence [and a lot of knowledge about tracking people who attack my servers {i've been on the receiving end of Denial Of Service attacks}] prevents me from participation, as well as moral and ethical questions about "attacking"), I am well informed of and have observed the culture of anonymous for some time. I have supported and provided moderating advice over the years to some elements of (the often quite young and overenthusiastic/simplistic) anonymous (no, i don't know their identities... they're f*ing anonymous...) on how to safeguard, expose, and distribute information on some of their targets - paedophiles, white supremacists, other large aggressive entities (that won't be named because they target critics).

I disagree with much of the tasteless "wilding" and internet pranks and vandalism of anonymous - why I described them as "relatively vile" in past posts. I have watched anonymous mature as many of their leading voices have left their teen years behind.

These young people ("oh, how i wish i could be in their number...") are harbingers of a new way of thinking and a new way of organising our society. Since my early involvement with the early internet (and the species it killed - "online services") starting over 20 years ago and with free software and open source projects, I have observed the changes that the culture of the internet has infused into our society. The internet is the largest and longest lived functioning (sort of) political anarchy in human history. The methods of organisation that have grown organically from the non-hierarchical structure of the internet have found their way into the real world. Marshall McLuhan's phrases "the medium is the message" and "global village" have certainly come to life in the internet. The medium, technology, and structure of the internet - with few central controls - has shaped how it allows organisation. That structure is anarchy. Because humans are naturally industrious, we find ways to work with pretty much anything. And so people found ways to use and build within the context of the structure of the internet. Organic growth from the nutrient medium of information and free sharing.

As a non-doctrinaire anarcho-collectivist with strong Rochdalian cooperativist leanings, I am well disposed to some of the principles advocated by anonymous.
"Governments of the Industrial World, you weary giants of meat and mineral, we are from the Internet. The new home of social consciousness. On behalf of the future of this culture, I ask you of the obsolete past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.

We have no elected government, nor are we ever likely to have one, so I address you with no greater authority than that with which liberty itself always speaks; anonymity [I do not agree that liberty speaks with greatest authority when anonymous - far from it - liberty is exercised by the anonymous when those with power seek to suppress liberty and freedom - liberty by definition should allow open, not anonymous, voices - James]. I declare the global social space we are building together to be naturally independent of the tyrannies and injustices you seek to impose on us. You have no moral right to rule us nor do you possess any real methods of enforcement we have true reason to fear.

Governments derive their judicial powers from the consent of the governed. You have neither solicited nor received ours. You have not engaged in our great and gathering conversation, nor did you create the wealth of our marketplaces. The rapid growth of government censorship of the Web has not escaped our notice. Cyberspace does not lie within your borders. Do not think that you can build it, as though it were a public construction project. You cannot. It is an act of nature and it grows itself through our collective actions.

You claim there are problems among us that you need to solve. You use this claim to further impose unjust restrictions on our civil freedoms and rights. We cannot allow this. We consider this your formal warning, that if you continue to impose unjust control on us, you will meet with disaster." [anonymous]


As a tech and science fiction weenie, i am also well disposed toward the "borg" like/derived end statements (but for humour reasons):

"We are anonymous, we are legion,

We do not forgive, and we do not forget.

Expect us."


As a former Dungeons and Dragons weenie, I am also tickled by news reports of their self-description of being "chaotic good", but these two instances (among others), I think may just reflect a high degree of nerdishness in myself...


----

Appendix comments:

Anarchy:

"Anarchists are those who advocate the absence of the state, arguing that inherent human nature would allow people to come together in agreement to form a functional society allowing for the participants to freely develop their own sense of morality, ethics or principled behaviour. The rise of anarchism as a philosophical movement occurred in the mid 19th century, with its idea of freedom as being based upon political and economic self-rule. This occurred alongside the rise of the nation-state and large-scale industrial state capitalism or state-sponsored corporatism, and the political corruption that came with their successes.

Although anarchists share a rejection of the state, they differ about economic arrangements and possible rules that would prevail in a stateless society, ranging from no ownership, to complete common ownership, to supporters of private property and capitalist free market competition. For example, some forms of anarchism, such as that of anarcho-collectivism, anarcho-communism or anarcho-syndicalism not only seek rejection of the state, but also other systems which they perceive as authoritarian, which include capitalism, capitalist markets, and title-based property ownership. In opposition, a political philosophy known as free-market anarchism, contemporary individualist anarchism or anarcho-capitalism, argues that a society without a state is a free market capitalist system that is voluntarist in nature.

The word "anarchy" is often used by non-anarchists as a pejorative term, intended to connote a lack of control and a negatively chaotic environment. However, anarchists still argue that anarchy does not imply nihilism, anomie, or the total absence of rules, but rather an anti-statist society that is based on the spontaneous order of free individuals in autonomous communities." - [wikipedia]


----

Rochdale Principles:
Original version (adopted 1937)

1. Open membership.
2. Democratic control (one person, one vote).
3. Distribution of surplus in proportion to trade.
4. Payment of limited interest on capital.
5. Political and religious neutrality.
6. Cash trading (no credit extended).
7. Promotion of education.

ICA revision (1966)

1. Open, voluntary membership.
2. Democratic governance.
3. Limited return on equity.
4. Surplus belongs to members.
5. Education of members and public in cooperative principles.
6. Cooperation between cooperatives.
7. Concern for community

[Wikipedia]

----

Collectivist anarchism:

"Collectivist anarchism (also known as anarcho-collectivism) is a revolutionary[1] doctrine that advocates the abolition of the state and private ownership of the means of production. Instead, it envisions the means of production being owned collectively and controlled and managed by the producers themselves.

For the collectivization of the means of production, it was originally envisaged that workers will revolt and forcibly collectivize the means of production[1] Once collectivization takes place, workers' salaries would be determined in democratic organizations based on the amount of time they contributed to production. These salaries would be used to purchase goods in a communal market.[2] This contrasts with anarcho-communism where wages would be abolished, and where individuals would take freely from a storehouse of goods "to each according to his need." Thus, Bakunin's "Collectivist Anarchism," notwithstanding the title, is seen as a blend of individualism and collectivism.[3]

Collectivist anarchism is most commonly associated with Mikhail Bakunin, the anti-authoritarian sections of the First International, and the early Spanish anarchist movement." [wikipedia]


For the record, I am not in favour of the total abolition of private ownership. I firmly believe that owner operated/controlled activity is essential to the functioning of even a utopian anarcho-collectivist society - you can't change human nature - people want to secure themselves and their families. The question is: Do you allow people to transmit so much wealth and power that it permanently skews power to those families?

I also believe that personal reward and "ownership" is a substantial and good reward to those who work harder and better. Just as their are differing levels of ability and differing levels of motivation to work - so there should also be a differential set of rewards. But those rewards should not just automatically accrue to the progeny of those who work hard - additional reward should go to those who actually produce more. I consider the ability of collectives to set their own internal reward structure based on their own independent organisational structure to be consistent with principles of anarco-collectivism.

----

End of ramble

The revolution may be aborted for now, but the developments of this time will send shockwaves through the world for some time.

Hope is not dead.

Thursday, December 9, 2010

WikiLeaks Cyberwar: "Pro-WikiLeaks cyber army gains strength; thousands join DDoS attacks"


"Volunteers download attack tool, organizers recruit hacker botnets, say researchers"

"Computerworld - The retaliatory attacks by pro-WikiLeaks activists are growing in strength as hackers add botnets and thousands of people download an open-source attack tool, security researchers said today.

In recent days, distributed denial-of-service (DDoS) attacks have been launched against several sites, including those belonging to Amazon, MasterCard, PayPal and the Swiss payment transaction firm PostFinance, after each terminated WikiLeaks accounts or pulled the plug on services."

"Most of those participating in the attacks are using the LOIC (Low Orbit Ion Cannon) DDoS tool, said researchers with Imperva and Sophos.

The open-source tool, which is sometimes classified as a legitimate network- and firewall-stress testing utility, is being downloaded at the rate of about 1,000 copies per hour, said Tal Be'ery, the Web research team lead at Imperva's Application Defense Center.

"Downloads have soared in the last two days," said Be'ery in an interview. As of 4 p.m. ET, more than 44,000 copies of LOIC had been downloaded from GitHub.

LOIC has become the DDoS tool of choice in the pro-WikiLeaks attacks because users can synchronize their copies with a master command-and-control server, which then coordinates and amplifies the attacks.

"If I download [LOIC] and voluntarily set the server information, the command-and-control server can control my copy of LOIC," said Be'ery. "The command-and-control server can then sync the attack, which makes it much more powerful because the DDoS attacks are occurring at the same time and hitting the same target."

"In a new step in the campaigns, botnets -- armies of already-compromised computers that hackers control remotely -- are now being recruited for the DDoS attacks, said Beth Jones, a senior threat researcher with Sophos. "Until now, the attacks have been done by volunteers who download LOIC," said Jones. "But now more groups are joining in with their botnets."

Be'ery said that Imperva had seen IRC chatter of at least one 100,000-PC botnet being thrown into the attacks.

"Operators of these attacks have repeatedly asked on IRC if someone can donate botnets," said Be'ery. "It looks like they feel the need for some more horsepower."

The fact that the organizers of Operation Payback are soliciting more firepower is a clue that they're not able to match the defenses erected by the sites they've targeted, said Be'ery. "They're having a bit of a problem. PayPal and others are doing good work to keep their sites alive, so they're after more machines and telling people [participating in the DDoS attacks] to do what they're told and focus on the targeted sites.""

""What's really surprising is that so many people are willing to put themselves on the line legally," she said, pointing out that using a tool like LOIC to attack a site is illegal in most jurisdictions, including the United States.

"A more firm legal response may be helpful," Be'ery agreed. "I'm not even sure that everyone understands that what they're doing is illegal."

On Wednesday, Dutch police arrested a 16-year-old in The Hague for allegedly participating in the attacks against Visa, MasterCard and PayPal. The teen is to be arraigned in Rotterdam on Friday.

"The penny will drop when some of these guys are arrested," predicted Be'ery."
[blod mine - James]

ComputerWorld - Pro-WikiLeaks cyber army gains strength; thousands join DDoS attacks

Please do a click through on the above link to give them an ad hit - I have excerpted a large chunk of their article

----
"IDG News Service - Dutch authorities arrested a 16-year-old boy on Wednesday in relation to the cyberattacks against Visa, MasterCard and PayPal, which were aimed at punishing those companies for cutting off services to WikiLeaks.

The boy was arrested in The Hague, and he will be arraigned before a judge on Friday in Rotterdam, according to a press release from the Netherlands' Public Prosecution Service. The boy, whose computer equipment was seized, has allegedly confessed to taking part in the attacks.

The Public Prosecution Service said he is likely part of a larger group of hackers.

The arrest follows a series of distributed denial-of-service (DDOS) attacks aimed at websites that have been critical of WikiLeaks, which has been releasing portions of 250,000 secret U.S. diplomatic cables since late last month. The attacks seek to overwhelm websites and services by sending streams of meaningless traffic.

Part of the attacks originated in the Netherlands and the main site coordinating the attacks, anonops.net, was hosted in a Dutch data center in Haarlem. The site is down since police actions Wednesday."

ComputerWorld - Dutch arrest 16-year-old related to WikiLeaks attacks

----

Is this what a revolution feels like? Is this a revolution?

Is this the founding of a semi-independent online nation?


That's what anonymous wants. I wonder if the monarchies of France and England felt like the oligarchs that run the world right now when faced with the French Revolution and the American Revolution?

Were they as disdainful of the "peons" rising up? Were they just as sure that they could just crack down and everyone would fall back into line?

The internet is the largest and longest lived political anarchy in the history of humankind.

It has already changed our political and corporate governance structures in "meatspace". But is this rebellion the beginning of "self-awareness" of an online nation?

WikiLeaks Cyberwar: Corporate Censorship

""The private sector can do things and get away with things that would be unconstitutional if done by the government," said Lawrence Soley, a Marquette University professor of communications. "I believe that corporate censorship is as much, if not more, of a danger to free speech than the government," he said."

""None of those companies want to be singled out for helping undermine American national security," said Jeff Chester, the executive director of the Center for Digital Democracy in Washington, an organization that aims to promote democratic expression and human rights on the Internet. "It shows a lack of independence and an attempt to curry favor."

Some are calling it corporate censorship, and comments from PayPal and a software provider added to concerns about the role played by Washington.

Companies such as credit card providers and Amazon are not obliged to provide services beyond the terms of their WikiLeaks contract, legal experts say. While contract terms are private, experts said the companies were likely well within their rights."

"Legal specialists voiced concerns about the government's ability to lean on companies such as MasterCard, Visa and PayPal, which handle the bulk of donations to an Internet-based operation such as WikiLeaks.

"Government censorship by a wink or raised eyebrow can be as serious as outright prohibitions. Particularly where a critical facility is at issue," said Diane Zimmerman, a professor at New York University School of Law.

But Zimmerman and others questioned whether a request, even if from the White House, amounted to censorship if it is not backed by a threat.

Chester, of the Center for Digital Democracy, said the risks of angering Washington can be high. Companies often need regulatory approval for mergers and laws regarding privacy, online advertising, sales tax and Internet access can have a big effect on the companies.

"Government censorship is still worse because the government has the ability to criminally prosecute you and take away your freedom," said David Hudson of the First Amendment Center in Nashville, Tennessee. "The looming issue is whether there is any push to prosecute (WikiLeaks) under the Espionage Act. That is the million-dollar question.""

Reuters - WikiLeaks shows reach and limits of Internet speech

----

This is the way it is. We all know that media outlets can refuse to run ads and refuse to cover events. That's how the system is rigged. That is why the internet is such an important free space. And that is why the oligarchs are responding the way they are.

Arrests are already being made against participants in anonymous' efforts. Denial of Service attacks are still illegal.

I suspect throwing tea in the harbour in Boston was illegal as well.

WikiLeaks Cyberwar: Weapons Of War: LOIC (Low Orbit Ion Cannon) network stress testing application

"LOIC (Low Orbit Ion Cannon) is a network stress testing application, written in C# and developed by "praetox". It attempts a denial-of-service attack on the target site by flooding the server with TCP packets, UDP packets, or HTTP requests with the intention of disrupting the service of a particular host. The program was exploited during Project Chanology to attack Scientology websites, and is currently being used by Operation Avenge Assange (Organized by Operation Payback) to attack the websites of companies and organizations that have opposed WikiLeaks."

http://en.wikipedia.org/wiki/LOIC

----


This is the weapon used and where people get it from. for your information only. this post in no way encourages anyone to use this program for any illegal or unethical purpose. in fact i strongly urge you to act with restraint, respect for law, morality, and decency in your heart, just like "W" the last President of the United States when he ordered the U.S. to kidnap and imprison people and torture prisoners [some of whom were wholly innocent].

i would also like to point out that using this software to attack anyone, even as part of a mass protest is wholly illegal in most jurisdictions and that arrests have already been made against participants in the DDOS attacks. using this software could result in your arrest. the sites being attacked keep logfiles of all connection attempts. there will be a record of your ip address somewhere and eventually the oligarchs will find you

this is a real live warning. understand there is no wink or nudge involved with my warning

https://github.com/NewEraCracker/LOIC

----

[later edit December 10, 2010]

"Numerous people have downloaded -- and are apparently using -- the software. By Thursday, "for the server-controlled version, there have been already 33,000 downloads at a rate of more than 1,000 downloads per hour," said Rob Rachwald, director of security strategy at Imperva. By Friday, the manual version of the malware had been downloaded 50,000 times.

Thinking of enlisting? "Stay well away," said Graham Cluley, senior technology consultant at Sophos. He said that laws in the United Kingdom punish such attacks with up to 10 years in prison, while Sweden and the United States have similar laws on the books.

To that list, add the Netherlands. On Thursday, Dutch police officers arrested a teenager in The Hague. They said he admitted to participating in pro-WikiLeaks attacks against the MasterCard and Visa Web sites.

As that suggests, attacks can be traced back. "Many people believe that privacy on the Internet can be somewhat protected, but beware, the source IP addresses of attackers, which will inevitably end up in the target's Web site log files, can easily be matched with user's accounts if ISPs decide to cooperate with the law enforcement agencies," said SophosLabs' Svajcer."[bold mine - James]
Information Week - WikiLeaks Supporters Download Botnet Toolkit 50,000 Times
"Security experts warn those considering joining the pro-WikiLeaks army that it's very easy to trace those who participate in the illegal denial of service attacks."

WikiLeaks Cyberwar: A Message From Anonymous


"Governments of the Industrial World, you weary giants of meat and mineral, we are from the Internet. The new home of social consciousness. On behalf of the future of this culture, I ask you of the obsolete past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.

We have no elected government, nor are we ever likely to have one, so I address you with no greater authority than that with which liberty itself always speaks; anonymity. I declare the global social space we are building together to be naturally independent of the tyrannies and injustices you seek to impose on us. You have no moral right to rule us nor do you possess any real methods of enforcement we have true reason to fear.

Governments derive their judicial powers from the consent of the governed. You have neither solicited nor received ours. You have not engaged in our great and gathering conversation, nor did you create the wealth of our marketplaces. The rapid growth of government censorship of the Web has not escaped our notice. Cyberspace does not lie within your borders. Do not think that you can build it, as though it were a public construction project. You cannot. It is an act of nature and it grows itself through our collective actions.

You claim there are problems among us that you need to solve. You use this claim to further impose unjust restrictions on our civil freedoms and rights. We cannot allow this. We consider this your formal warning, that if you continue to impose unjust control on us, you will meet with disaster.

We are anonymous, we are legion,

We do not forgive, and we do not forget.

Expect us."


- Anonymous - text of above video

----



"Operation Payback (is a bitch), this is the Internet, we run this. An open message from Anonymous to the governments of the world and their legal leeches regarding the motivation of the cyber protests.

Corrupt governments of the world, we are anonymous. For some time now, voices have been crying out in unison against the new ACTA laws. The gross inadequacies of the new laws being passed internationally have been pointed out repeatedly. Our chief complaint is that such measures would restrict people's access to the internet.

In these modern times access to the internet is fast becoming a basic human right. Just like any other basic human right, we believe that it is wrong to infringe upon it. To threaten to cut people off from the global consciousness as you have is criminal and abhorrent. To move to censor content on the internet based on your own prejudice is at best laughably impossible, at worst, morally reprehensible.

The unjust restrictions you impose on us will meet with disaster and only strengthen our resolve to disobey and rebel against your tyranny. Such actions taken against you, and those you out source your malignant litigation too, are inevitable, unavoidable and unstoppable.

We Are Anonymous,

We Are Legion And Divided By Zero.

We Do Not Forgive Internet Censorship

And We Do Not Forget Free Speech.

We Are Over 9000,

Expect Us!"


- Anonymous - text of above video

----

Is this what a manifesto looks like in the modern world?

Wednesday, December 8, 2010

Wikileaks Cyberwar: VISA Online Gets Smoked Off By Anonymous

"Sky News Online was redirected to the search engine Bing when it tried to access Visa.

Anon_Operation had given an hour's notice that it would take down the Visa website as part of Operation Payback, a campaign against companies that have withdrawn services from the whistleblowing website WikiLeaks.

It urged supporters to "get your weapons ready" then "FIRE FIRE FIRE!!!"

SkyNews - Hacktivists Attack Visa Website

----

FP Tech Desk: Hackers supporting WikiLeaks target Visa

"(update 5:04pm EST the Visa.com website has now been offline for more than one hour)

(update 4:31pm EST the Operation Payback Facebook page has just been removed by Facebook)

(update 4:14pm EST the Canadian Visa.ca address appears to be working while the main Visa.com address remains offline)

(update 4:04pm EST the Visa website – both the .com domain and the Canadian .ca address – are fully inaccessible. A DDoS attack appears to be underway, as promised)

After successfully taking down the MasterCard website Wednesday morning on behalf of WikiLeaks, the same group of hackers brought down the Visa website on Wednesday afternoon."


----

"Updated | 5:11 p.m. A group of Internet activists took credit for crashing the Visa.com Web site on Wednesday afternoon, hours after they launched a similar attack on MasterCard. The cyber attacks, by activists who call themselves Anonymous, are aimed at punishing companies that have acted to stop the flow of donations to WikiLeaks in recent days.

The group explained that its distributed denial of service attacks — in which they essentially flood Web sites site with traffic to slow them down or knock them offline — were part of a broader effort called Operation Payback, which began as a way of punishing companies that attempted to stop Internet file-sharing and movie downloads.

Visa’s Web site went offline minutes after the attack began and has not yet returned to service, an hour later.

On Twitter, the activists behind Operation Payback celebrated the apparent success of their attack on Visa’s Web site, writing: “IT’S DOWN! KEEP FIRING!!! #DDOS #PAYBACK #WIKILEAKS.”
New York Times - ‘Operation Payback’ Attacks Move on to Visa

----

I wonder how the oligarchs that run our planet are going to react to someone f*ing with their financial system?

The Second Cyberwar Has Begun: WikiLeaks, Anonymous, The Intertubes...



I previously wrote about Stuxnet the computer virus that appears to have been targeting Iranian nuclear facilities. Stuxnet is significant because it reached from computer hacking and information warfare into the control systems of the nuclear facilities with the ability to make things like the high speed centrifuges explode by modulating their rotational speed.

I am now going to describe WikiLeaks as the second cyberwar. WikiLeaks is an information war, but it has begun to reach out to the real world. PayPal, MasterCard, Amazon, and various banks and hosting companies have taken action against WikiLeaks after being contacted by the U.S. state department. Julian Assange has been targeted and arrested.

And now the net has begun to retaliate. This will be very interesting. This is in essence an internet insurgency. People from around the world are beginning cyber attacks against the entities that have taken action against WikiLeaks.

The beginning of those counter-attacks is by a relatively vile hive mind - anonymous. It's a group that can't be stopped. They live on the internet. Anonymous is a strange group. They publish and say and do awful things on the net. They "raid" and vandalise other websites. Yet they also go after white supremacists and paedophiles. They have been known to do random nice things like organise mass birthday card mailings to lonely old folks.

"As one reporter for The Independent puts it, "Angry, porn-obsessed adolescents they might be, but they’re angry, obsessed adolescents with significant technological firepower—and a grudge." It's a bit troubling, frankly." [The Economist]

----
"Knowledge is free.

We are Anonymous.

We are Legion.

We do not forgive.

We do not forget.

Expect us.
"

- anonymous speaking to its targets (see scientology videos below)

----
"Anonymous is a cultural phenomenon which began on internet image boards. Many such boards require no registration for posting, and every poster remains anonymous. This format of communication is inherently noisy and chaotic. However, the unprecedented openness made possible by such boards has nurtured the appearance of a unique and persistent culture.

We are a collection of individuals united by ideas. You likely know Anonymous, although you don't know exactly who we are. We are your brothers and sisters, your parents and children, your superiors and your underlings. We are the concerned citizens standing next to you. Anonymous is everywhere, yet nowhere. Our strength lies in our numbers. Our will as a whole is the combined will of individuals. Our greatest advantage is a knowledge of the fundamentals we share as human beings. This knowledge is a fruit of our anonymity.

Anonymous has left its mark on society more than once. Previous Anonymous projects have resulted in the closing of the white-supremacist radio show produced by Hal Turner, and the criminal prosecution of Canadian paedophile Chris Forcand. Anonymous has been called a "Cyber Vigilante Group" by The Toronto Sun and Global News, though in reality we are much more than that.

We are Anonymous. You can be Anonymous, too. Together, we can shape society."

Why We Protest - Who is Anonymous?

----
"[Anonymous is] the first internet-based superconsciousness. Anonymous is a group, in the sense that a flock of birds is a group. How do you know they're a group? Because they're travelling in the same direction. At any given moment, more birds could join, leave, peel off in another direction entirely.

—Landers, Chris, Baltimore City Paper, April 2, 2008" [wikipedia]
----

Anonymous took on scientology:





----
"One area where I disagree with him is in his insistence that all a denial-of-service attack can do is register protest. When you take down the website of a PostFinance or MasterCard, as Anonymous has done in the past, it does more than simply show disapproval, it affects business. This is the future of activism, and it is both empowering and scary. A group like Anonymous isn't really trying to impose anarchy as much as it's trying to impose the will of its members (or whichever members are active at a certain time). As it fights for freedom on the internet, it constricts the net itself, by taking down websites and halting e-commerce. And we have no idea who these people are. As one reporter for The Independent puts it, "Angry, porn-obsessed adolescents they might be, but they’re angry, obsessed adolescents with significant technological firepower—and a grudge." It's a bit troubling, frankly."

The Economist - Anonymous and cyber protest: Talking with Anonymous

----

The Tech Herald - Cablegate: Anonymous says the Internet will not be censored

AFP - Hackers target Mastercard website in WikiLeaks war

The Guardian - WikiLeaks: Who are the hackers behind Operation Payback?
(the Guardian story contains at least one serious error in regard to anonymous. it describes anonymous as being about 1000 members. WRONG. tens of thousands have participated. estimates go into the 100s of thousands of "followers". there may be about 1000 anonymous [i don't know - no one does] involved in that DDOS attack [best estimates i've seen is that there are about 4000 involved in the current PayPal/VISA DDOS events], but there is a larger membership which has participated in major actions like the project against scientology. something in the order of 10,000 people physically came out to protest against scientology in addition to their online actions - James)

Huffington Post - PayPal Admits Blocking WikiLeaks After State Department Took Action

Huffington Post - MasterCard DOWN: MasterCard.com, Swiss Bank, Lawyer's Site Hacked By WikiLeaks Supporters With DDOS Attack

ZDNet - Mastercard sites down, Anonymous claims responsibility

----

First Cyberwar:

Stuxnet Nuclear Reactor Targeted Computer Virus "Game Changer" For Real World Effects Of Cyber War/Hostility/Threat

Cyber Warfare Reaches From The Net Into The Real World "Stuxnet cyber attack is as good as using explosives" On Iranian Nuclear Facilities

----

Picture Credit: Texas A&M Engineering Works: Cyberwar

Monday, December 6, 2010

Bumpy Humpback Whale Flippers Inspire New Tidal Turbine Design

I know this isn't about information or privacy... but it's too cool to pass up.

"Humpback whales are impressively agile swimmers—thanks in no small part to the rows of bumps, called tubercles, on the leading edges of their flippers. Tubercles generate swirling water formations, called vortices, which help the massive mammals maintain lift and delay stall, an aerodynamic phenomenon in which the flow of fluid over the top of the flipper becomes separated from the flow underneath, causing increased drag.

Previous research has shown that adding tubercle-like bumps to wind turbine blades could make the blades better able to harvest energy, especially at low speeds. Engineers have already applied the principle to industrial fans and continue to develop whale-inspired wind turbine technology. Now, researchers at the U.S. Naval Academy (USNA) have shown that adding bumps to underwater tidal turbines also improves their performance, too. In a laboratory experiment, the results of which they presented November 22 at the annual meeting of the American Physical Society’s Division of Fluid Dynamics, bumpy turbines produced significantly more energy at low speeds, when compared to a standard turbine with smooth-edged blades.

Ocean tides represent a large potential source of renewable, nonpolluting energy. But the tidal power industry has been slow to emerge, in large part due to technical challenges. One important obstacle facing engineers is the difficulty of designing turbines that do not stall in slow-moving water."

Bumpy humpback flippers inspire new tidal turbine design

"WikiLeaks founder Julian Assange 'will release poison pill of damaging secrets if killed or arrested'"

"The founder of WikiLeaks has warned that his supporters are primed to publish a 'deluge' of leaked government documents should his activities be curtailed by any country.

Julian Assange has distributed to fellow hackers an encrypted 'poison pill' of damaging secrets, thought to include details on BP and Guantanamo Bay.

He believes the file is his 'insurance' in case he is killed, arrested or the whistleblowing website is removed permanently from the internet.

Mr Assange - understood to be lying low in Britain - could be arrested by Scotland Yard officers as early as tomorrow."

"Mr Assange's British lawyer, Mark Stephens, warned today that WikiLeaks was holding further secret material which he dubbed a 'thermo-nuclear device' to be released if the organisation needed to protect itself."

"This is what they believe to be a thermo-nuclear device in the information age.

'It's interesting to note people as high up the American tree as Sarah Palin have called for him to be hunted down by American special forces and assassinated.

'We've seen a number of suggestions that he should be assassinated, again from credible sources around the world.

'This is all about a man who is a journalist. He received, unbidden, an electronic brown envelope that journalists receive.

'This particular journalist has put it out. What they are doing is criminalising him, criminalising journalistic activity.'"

"The 'doomsday files' which have been downloaded from the WikiLeaks website by tens of thousands of supporters are understood to include information on Guantanamo Bay, and aerial video of a U.S. airstrike in Afghanistan that killed civilians, BP reports and Bank of America documents."

WikiLeaks founder Julian Assange 'will release poison pill of damaging secrets if killed or arrested'

----

"What they are doing is criminalising him, criminalising journalistic activity."


I think this is the most important line in the entire post.

You will all be familiar with the term "liable chill". That is when journalists and newspapers become reticent to publish articles damaging to the rich and powerful because they will get sued - whether successfully or not - and the cost of the defense becomes a factor in the choice of whether to publish or not.

Assassination threats are the ultimate form of liable chill...

I will quote in entirety a piece (I assume it is a letter to the editor) on the Calgary Herald's website (do a click through so they get an ad view, please):

"Re: "Professor won't face discipline for remarks," Dec. 3.

The citizens of our liberal democracy should be alarmed at the reaction against WikiLeaks and its founder, Julian Assange.

From condemnation to suggestions of assassination of Assange, we have prominent political leaders to University of Calgary professors, openly calling for this man's termination.

What we are witnessing is the beginnings of Stalinist silencing. No matter how inflammatory Assange's reporting may be, it is still newsworthy and carries the right to be published in any society that market's itself to be, quote unquote, a free entity.

Let us ask ourselves the chilling question of when will people's legitimate political expression and opposition be silenced in the way that some are suggesting Assange be silenced? [bold mine - James]

Frank Koeksal,

Calgary"

Saturday, December 4, 2010

Here's Where All Your Spam Comes From

"According to Kapersky Labs' monthly spam report, Russia became the number one source of spam emails in October for the first time ever, more than doubling its September output. The U.S. is #18 in the global p3nis enlargement industry. Yay!"

Here's Where All Your Spam Comes From

Friday, December 3, 2010

F*ing Spammer Caught And Charged For Sending 10 BILLION Spam A Day

"Milwaukee FBI agent trips up Russian 'king of spam'
Authorities say suspect behind 10 billion e-mails a day"


"Authorities say he was the king of spam, a 23-year-old Russian controlling a network of infected computers generating 10 billion unwanted e-mails a day - a third of the global spam stream - until a Milwaukee FBI agent unplugged the operation.

Now, Oleg Nikolaenko awaits a hearing in federal court in Milwaukee, where he is charged with helping cyber hucksters pitch everything from counterfeit Rolex watches to fake Viagra.

According to a federal criminal complaint, agents from the FBI and the Federal Trade Commission had been tracking Nikolaenko's activities since at least 2007. The complaint outlines how international fraud artists rely on tech-savvy spammers to annoy and defraud consumers in an enterprise that generates enormous illegal profits.

Agents tracked Nikolaenko during two visits to the United States last year, and when he returned to Las Vegas last month for a popular automotive show, he was arrested Nov. 4. He was indicted Nov. 16 on one count of violating the 2003 federal CAN-SPAM Act, an offense punishable by up to five years in prison. The charges were initially not made public."


----

"Last month, Russia was the No. 1 source of spam in the world. It's probably because of Oleg Nikolaenko, a 23-year-old who was recently arrested for flooding the world with 10 billion spam emails a day.

Using a network of over 500,000 zombie computers known as the Mega-D botnet, Nikolaenko churned out 10 billion spam emails a day at the height of his operation. These advertised mostly counterfeit goods and herbal remedies--one Rolodex counterfeiter who was his client said he spent $2 million on spam advertising. But starting in 2007, the FBI began closing in on Nikolaenko. He was arrested on Nov. 4th, while in Las Vegas for a car show, and now faces a $250,000 fine and up to three years in prison."

23-Year-Old Russian Hacker Was Responsible for One-Third of Global Spam

----

At least now I know why my level of Viagra spam has been enlarged over the last month...

Friday, November 26, 2010

Wikileaks: Part of Why I'm Itchy About Database Function Creep And The "One Big Database" Approach To Government Records

This story is about the wikileaks and how low level access to "secure" databases can lead to information being disseminated without controls. While I am ambivalent about some of the information wikileaks has released (specifically the names of informers in Afghanistan and such), I am actually more concerned about what these kinds of incidents mean for our collective privacy.

The anti-war guy, and anti-secrecy guy in me applauds transparency, the privacy freak in me is worried about protecting the medical databases that I am charged with protecting as part of my occupation. Technology, privacy, security, and records management are all inextricably interlinked.

"Manning claimed to have leaked 260,00 cables. But he was charged on July 5 with downloading more than 150,000, and with allegedly leaking at least 50 of them to an unauthorized third party.

The cables were widely accessible within the U.S. military under an information-sharing initiative called Net-Centric Diplomacy.

Established in the government’s post-September 11 drive to break down information barriers between agencies, Net-Centric Diplomacy makes a subset of State Department documents available on the Secret Internet Protocol Router Network, or SIPRNet, the Pentagon’s global, Secret-level wide area network. SIPRnet is accessible to cleared American military service members and civilian agencies around the world."

Wired Mag - WikiLeaks Diplomatic Cable Dump Reportedly Imminent

----

Once again - your privacy is at stake. Suppose someone dumped a secure police database and your name was in there as having provided eyewitness information related to a gang hit. That would probably not be good.

Suppose University registration information was released - home addresses of students (which has happened) and some guy was stalking a young woman (which has happened).

"One big database" as a goal has unintended consequences.

How Do Airport Scanners Work? Excerpts And Links To Easy To Read Explanations



The above question asked on google has been worth about a quarter of all the hits on my blog according to SiteMeter.

So here is some information on how the two kinds of airport scanners work:

"Backscatter X-ray is an advanced imaging technology. Traditional X-ray machines detect hard and soft materials by the variation in transmission through the target. In contrast, backscatter X-ray detects the radiation that reflects from the target. It has potential applications where less-destructive examination is required, and can be used if only one side of the target is available for examination.

The technology is one of two types of whole body imaging technologies being used to perform full-body scans of airline passengers to detect hidden weapons, tools, liquids, narcotics, currency, and other contraband. A competing technology is millimeter wave scanner. These airport security machines are also referred to as "body scanner", "whole body imager (WBI)", and "security scanner""

http://en.wikipedia.org/wiki/Backscatter_X-ray

----

"The TSA has slowly been implementing the use of X-ray scanners in airports (so far, 38 airports have 206 of the machines) in order to see through passengers' clothes and check them for explosive devices. Officials have asserted that the machines are okay to use on the basis of the everyday use of X-rays in medical offices. However, a group of four UCSF professors pinpointed several important differences between the medical X-ray machines and those used in airports. They described the issues in a letter to Dr. John P. Holdren, the assistant to the president for science and technology."

"A normal X-ray image is a familiar sight—depending on the exposure, an X-rayed person typically appears only as a skeleton. This is because the X-rays used in those machines penetrate the skin and can only scatter off of the larger atoms in bones.

Unlike a medical X-ray, the TSA X-ray machines are a sci-fi fan's dream: they are lower-energy beams that can only penetrate clothing and the topmost layers of skin. This provides TSA agents with a view that would expose any explosives concealed by clothing. But according to the UCSF professors, the low-energy rays do a "Compton scatter" off tissue layers just under the skin, rather than the bone, possibly exposing some vital areas and leaving the tissues at risk of mutation."

"Because the X-rays only make it just under the skin's surface, the total volume of tissue responsible for absorbing the radiation is fairly small. The professors point out that many body parts that are particularly susceptible to cancer are just under the surface, such as breast tissue and testicles. They are also concerned with those over 65, as well as children, being exposed to the X-rays."

ars technica - FDA sidesteps safety concerns over TSA body scanners

----

"A millimeter wave scanner is a whole body imaging device used for airport security screening. It is one of two common technologies of full body scanner used for body imaging; the competing technology is backscatter X-ray."

"Clothing and many other materials are translucent in some EHF (millimeter wave) radio frequency bands. This frequency range is just below the (related) sub-millimeter terahertz radiation (or "T-ray") range.

The millimeter wave is transmitted from two antennas simultaneously as they rotate around the body. The wave energy reflected back from the body or other objects on the body is used to construct a three-dimensional image, which is displayed on a remote monitor for analysis."

"Millimeter wave radiation and radio frequency radiation is not genotoxic (unlike X-rays and ultraviolet radiation), but chronic exposure to lower frequencies of microwaves in some animal studies have been correlated with accelerated development of existing tumors.

A study conducted by Boian S. Alexandrov and colleagues at the Center for Nonlinear Studies at Los Alamos National Laboratory on Terahertz radiation (which is a 1000 times higher in frequency than mm waves) in New Mexico performed mathematical models how terahertz fields interact with double-stranded DNA, showing that, even though involved forces seem to be tiny, nonlinear resonances (although much less likely to form than less-powerful common resonances) could allow terahertz waves to "unzip double-stranded DNA, creating bubbles in the double strand that could significantly interfere with processes such as gene expression and DNA replication". Experimental verification of this simulation was not done and as the effect is frequency dependant the studies do not cover the mm wave region of the spectra were the whole body scanners operate."

http://en.wikipedia.org/wiki/Millimeter_wave_scanner

----

This next article is a really good one:

"Another group of scientists at the University of California, San Francisco, sent a letter to the President's science and technology adviser arguing that the X-ray scanner poses a greater risk than medical X-rays and the radiation absorbed during a flight. In those two cases, the radiation is distributed evenly throughout the body, the doctors say. The radiation from the scanners, however, is embedded in the skin, resulting in a higher concentration of radiation in a given area.

Questions remain including how the X-ray scanners will affect frequent flyers (including businessmen and flight attendants who could go through security anywhere from 200 to 400 times a year), children, pregnant women and travelers with weakened immune systems. There is also a question of what could happen should a machine get stuck or fail, potentially blasting one point on a person's body with excess X-ray radiation.

The good news about scanners: Millimeter wave scanners, which are also in use at airports around the country, use very far infrared waves, waves at the opposite end of the electromagnetic spectrum from the dangerous ionizing radiation of X-ray waves. X-rays are shorter waves that can penetrate the skin and alter DNA. Millimeter waves, by contrast, are longer waves that penetrate clothes but stop at the skin. The millimeter scan is akin to a heat lamp and is considered to be far safer than X-ray scanners."

Physics Central - Airport Body Scanners: To Fear or Not to Fear?

----

And finally:

PCWorld - X-Ray Body Scanner Hubbub: The Naked Truth

----

Enjoy