Monthly Archives: March 2013

Forget about the CyberBunker attack—here’s how to take an entire continent offline

This post is kind of in response to the CyberBunker post. I saw this article somewhere. I don’t remember where?? Anyway, the article mentions how the CyberBunker attack at 300 gigabits per second is being considered the biggest cyber attack in history. However, according to the article three men in Egypt tried to take down 1.28 terabits of the Internet – four times as much bandwidth –  with nothing but an axe. Their identities and motives are unknown at the time of the article, but according to Reuters the Egyptian coastguard intercepted three men trying to cut the SEA-ME-WE 4 undersea cable. It’s one of the major cables connecting Europe to North Africa to Asia.

It’s important to remember that the Internet is not some abstract thing that exists in the cloud always. The connections between countries are very real concrete things. These connections are hundreds of cables that exist beneath the sea floor, and they are susceptible to damage. There are multiple of these connections between countries and continents, but when one is cut the others have to pick up the traffic. This causes congestion.

I think this is an important story. It really shows how fragile somethings we as a modern society are. If I was a bad guy, all I need to do is go into the Atlantic where the ocean isn’t very deep. I just trawl the ocean, find the cable, and make the cut. A few more of those cuts and boom. It’s all over, and that’s not a quick and easy fix. I would imagine that would take quite a while to get things back to normal. We need to make sure we protect our Internet.

Nuclear Cyberwarfare

In class we discussed an internet attack DDoS, or distributed denial of service. I found this article, Spamhaus vs Cyberbunker  on arstechnica, a very interesting look into massive scale DDoS attacks.  Summarizing the article, Spamhaus is a major anti-spam company while Cyberbunker is a major spam, among other questionable things, hoster. Due to Spamhaus blacklisting them, Cyberbunker decided to retaliate through internet warfare.

Because Cyberbunker has unbelievable resources they generated an attack reaching 300 Gb/s in bandwidth. This kind of attack would take down all but the most prepared web services. Cyberbunker has the motto about hosting which goes something like anything goes ‘except child porn and anything related to terrorism’. With Cyberbunker generating so much traffic the backbone tier 1 routers could go down. This could disrupt THE ENTIRE internet. In my opinion, this is terrorism. The internet is such a precious resource I believe we need to take an active role in protecting it.

The United States government is happy to go abroad and foil terrorist and other illegal efforts. Should they get involved in this battle? If we were to get involved, would it be to directly undermine the government (the Netherlands) since they fail to control Cyberbunker? Possibly a third option, if a country is unwilling or unable to disrupt its own terrorist activities, should we take action onto that country?

Documentary explores 3D printed guns

I know it’s been a while since we’ve talked about this but I recently stumbled on a documentary about the potential of printing assault rifles and high capacity magazines that I don’t believe we’ve talked about yet.

The documentary found here takes a realistic view on the potential of the new and rapidly developing technology. The documentary focus on a 25-year old who is advocating the creation and open distribution of CAD blueprints for various weapon parts and demonstrates their functionality. His main argument is that gun control and bans are futile and pointless due to the availability of new these new technologies(internet + 3D printing). The self-described crypto anarchist uses his own website, along with friends in the field, to host and create new and better pieces available to the open public. Anyone with internet can access these files and anyone with a 3D printer can create these objects. There is a chilling resemblance between his methods of addressing a situation and that of firesheeps’s. He has also recently been approved for a federal firearms license. This means that he will be able to sell his printed guns, as well as host blueprint of the files via his website. No one can predict the impact of this new technology but everyone agrees it is getting easier and cheaper to do. It’s only a matter of time until 3D printers become common household items.

Obviously new technologies bring change but what is the potential for this new technology? Do you think the danger lies with the ability to create a gun at home, the open source nature of the blueprints or both?

Do you agree with Cody’s methods of spreading awareness or do you think he is going too far?

 

 

Two-Step verification added to Apple IDs

While I was perusing the USA Today on my iPhone app today, I saw the article about car privacy, but I also saw this article on apple changing its verification policy for access to purchases on  iTunes or the App Store. Currently users can look around the App Store and select to buy something. Then, so long as users have a credit card linked to their account or money in their Account, they just need to enter in their Apple ID password and the purchase is made. Now, with the new changes when users need to make a purchase they will be sent a four-digit random code to a trusted device they have linked to their account. Then, the users enter in the code to complete the transaction.

I’m not sure how I feel about these new changes. Obviously the intentions of this move are quite code. No body wants to have money stolen from them, but I’m not sure how well these extra security measures actually help. For myself if I want an app odds are I’m away from my computer so they will send me a text message to the phone that I’m ordering the app for, which more than anything else seems just like an inconvenience. I would also like to say that in general I’m not too sure how extra security measures help. Whenever I have to choose a security question for an account, I can either pick a really obscure question, which means that it might be difficult for me to get exactly right later if I lost my password, or I can pick a simple question that anyone could guess if they knew anything about me. I think we as people in the computer industry have a duty to protect our users, but I don’t know how far that duty needs to go. I don’t know? I’m not the most forward thinking person when it comes to my accounts, so I would like to hear what you all have to say.

Tell-all cars put your driving business out in the open

Today I saw this article from The USA Today about privacy and cars. The article starts off by stating that today almost every car today has more and more on-board computers, and these computers are collecting consumers data. Many people don’t know they’re data is being collecting, but still it is happening with their permission. A lot of people simply sign those agreements unaware of what that means for their data collection. The article also states that in the future it will be even harder for individuals to subvert being watched.

The article goes on to discuss three systems that monitors drivers. The first system is Electronic Data Recorders (EDR) or more commonly known as black boxes. These systems record information about the car most commonly used to see what happened in the case of an accident: how fast the car was going, were seat-belts engaged, were the airbags deployed, etc. The second system is Infotainment systems and on-board computers. These systems provide more information to car manufacturers to see how the car is running. Oil changes and tire pressures are examples. The third category is transponders. These devices are used for traffic studies. Something interesting, Progressive gives their drivers discounts of 10% to 15% on drivers premiums for access to install transponders in their cars.

What interested me about this article was how it seems that if we as a society want to progress and live better lives we need to give up some of our privacy. For instance some company could have transponders installed in people’s cars. They could use that data to give other drivers important traffic information and road situations. Also if we want our cars to be the safest possible car manufacturers need real world car data. Finally, and most importantly if we are ever to have self driving cars we’ll have to give up all the data of our cars. So, I see the need to give up our data, and that in today’s world I don’t think that our data will be used so severely against us. However, should things change, and citizens for instance come under the rule of an oppressive government, this car data could be very dangerous, and that bothers me slightly. The data might not be used against us but I would sure hate to give someone the opportunity too.

More IP Shenanigans

This article covers a few high profile cases related to intellectual property. It discuses how Apple is looking to patent “a combination of a sensor, processor and what Apple calls a ‘protective mechanism’ all within the handheld device.” Google is fighting anti-trust law suit which allegates that Google promotes its own travel services too widely, “stifl[ing] competition in the advertising industry.” Disney and other production companies sued Isohunt claiming they facilitate copyright infringement.

The case with Apple is an excellent example of how the patent system can stifle creativity and progress. Their description is so generic that it will prevent any company from devloping a protective device even if it uses an entirely different methodology to achieve the same goal. Apple is trying to patent the entire concept of protecting a “handheld device”, not just a method of doing so. This case shows the legal processes and protections undermining undermining progress.

The case with Google counterpoints Apple by showing how a company has thrived in the face of government opposition by creating an effective advertisement system without attempting to prevent other companies from doing the same.

Lastly the case involving Isohunt illustrates the paradox of how intellectual property rights are handled. Isohunt provides the ability for users to share torrrents similarly to how Google allows users to share content on Youtube or provide their [Googles] search functionality. Disney and Paramount Pictures are not suing Google in spite of the numerous links and videos that infringe upon copyright on a much larger scale, so why Isohunt? It appears these companies are preying on a weaker company in order to set or reinforcea legal precedence.

And yet, a persons property is do with what they wish, so by purchasing an album they may give it to whomever they wish. However, sharing the album with millions of people is clearly a violation of fair use, or is it?

A study done by the Institue for Prospective Technological Studies (European Commission) concludes that there would be a 2% drop in legal music sales if illegal filesharing web sites did not exist. Their research also showed that the majority of people who download music illegally would not buy music even if there were no filesharing sites. Other studies corroborate this claiming filesharers spend 30% more on music than those who do not fileshare.

With evidence that claims immoral  actions, according to Katianism or Rule Utilitarianism, actually profit for the people claiming to be harmed what are we to do?

UK gov now ‘prefers’ open-source development

The government of the United Kingdom has taken the first major step (among the main government superpowers of the world) in creating the prototype for an “open source” country. Okay – maybe that’s a little bit of an overstatement – but when Richard Stallman performed his free software song for the first time, I certainly don’t think he had anything this major in mind.

A little background first: for the past couple years, the UK government has been working hard to create guidelines for governmental software development  – The Digital by Default Service Standard . These guidelines were first developed basically to reduce the amount of cruddy software condoned by the UK government (i.e. software that isn’t easily adaptable or shareable). Another main reason that the UK was seeking to create this resource for governmental software developers was to reduce – if not eliminate – the chance of becoming locked in “to some mad oligopoly outsource” – Liam Maxwell, CTO.

This article caught my attention because I was readying about Richard Stallman at the time and it instantly made me think of the 4 principles of free software.  However – this is the first time an entire country is going to change their mode of operation from commercial to open-source software. While I’d like to say that this is the perfect plan and that everyone should follow suit, a feeling in my gut says that the government’s restriction to use only open-source software might undermine the integrity and flexibility that we all associate with the term ‘open-source’. Maybe commercial software is needed to keep a professional standard to code by while open-source software fills the in-between needs of the people.  Either way – this is going to be a great experiment..  What do you guys think?

NATO Manual Makes Hackers Military Targets

So the first article on this manual that I saw can be found here. It states that lawyers, professors, and officers from NATO countries have gotten together to write the new rules of cyber warfare and that it is currently being review by NATO as to whether it should be adopted as policy. Curious, I searched for more articles on the manual, since it hasn’t been published and, on top of that, is over 200 pages long. I found a great article on RT News that described several of the details very well.

I found this line very troubling: “But while civilians cannot be lawfully targeted with such an attack, the experts write, persons unaligned to a military can still be considered fair game for assault — with cyber weapons or otherwise—if they pose a threat.” I may be jumping to conclusions here, but if hackers are now considered terrorists, then would this give the US government the ability to use drones to kill Americans? After all, the only excuse that the government seems to give on why we’re committing drone strikes in Yemen, Somalia, Pakistan, etc., is because they are terrorists.

Another issue to be addressed is, when is a person no longer considered militant? For example, say a hacktivist in the US was attacking the Tunisian government during the Gaddafi conflicts. After Gaddafi was killed and control of the control turned over to the rebels, the hacktivist quit his dubious hacking and got a job with some software company. How far into the future will NATO forces be able to kill/capture/whatever him? In the digital age it’s nearly impossible to traverse the Internet without leaving some digital footprints, so it’s not beyond feasibility to think that a person could be discovered years after the fact.

One final issue I have with this is that if NATO forces decide to adopt this position, our adversaries will be allowed to legally send drone attacks or whatever other means within our borders and kill our citizens. If the Chinese have evidence that a hacker from Omaha attacked a company that stole patented designs from his brother’s business, then manufactured the goods for less and essentially ruined the business (we’ve all heard the stories),then they would be justified and within the rules of war to fly a missile into the US and take out that hacker in Omaha. I feel like this manual is opening many, many more doors than it’s closing.
“An act of direct participation in hostilities by civilians renders them liable to be attacked, by cyber or other lawful means,” reads an excerpt from the manual.

Doctors Fool Biometric Scanner to Clock in Colleagues

This article on CNET reports that five doctors in a Brazilian hospital are being prosecuted for using fake silicon fingers to clock their colleagues in with their biometric scanner. It is reported that up to 300 hospital employees, due to this biometric fooling trick, may never come to work. One of the doctors being prosecuted claims that this forced on her as a condition of keeping her job by the head of the ER, who had a daughter that “worked” at the hospital.

 

I think we all can instantly see a truck load of ethical problems with this exploit. It’s one thing to fool the clock at your workplace, but at a hospital? Seriously? The importance of hospital employees being at work is far greater than probably any other profession, so this adds a far deeper level of ethical conflict to this situation. I find it extremely unsettling that DOCTORS were doing this. You think that they should have been smarter than to pull something like this, or if what they claim about the “condition of keeping their job” was true that they would have had the moral compass to go to the authorities on it. I can’t imagine that the demand for doctors in Brazil is low so why they think that they would not have been able to get a job is beyond me. I also can’t imagine how many people’s health/lives were affected by this abuse. Importantly, I think this shows that even biometric scanners can be unreliable and have a need to be improved if they are going to be used in applications such as a timekeeper.

 

Very simply, from a utilitarian point of view, this action is morally wrong. There is no other way to put it. The happiness of the hospital employees getting to skip work does not outweigh the countless number of patients that were negatively affected by their absence.

Facebook withdraws support of CISPA

I found this article on CNET and believe it ties in very nicely with our class discussions about privacy. The Cyber Intelligence Sharing and Protection Act (CISPA) is a proposed law in the USA which would allow the government to “investigate cyber threats and ensure the security of networks against cyberattack” by allowing the government to have access to Internet traffic information from many U.S. companies. The bill would overrule all existing federal and state laws by saying “notwithstanding any other provision of law.” Opponents of the bill say that the bill will “waive every single privacy law ever enacted in the name of cybersecurity” and U.S. Representative Ron Paul has even gone so far as to call the bill “Big Brother writ large.” The bill is supported by many telecommunications and information technology companies such as AT&T, IBM, INTEL, Oracle Corporation, Symantec, and Verizon. Facebook supported the bill until very recently when they withdrew support to promote consumer privacy.

 

I find this bill to be offensive and very much so an invasion of individual privacy. I am supportive of Facebook withdrawing from the bill as I believe it is detrimental to the quality of privacy for American citizens,  although I question Facebook’s motive for withdrawing as they did not withdraw until they went under the heat of a petition created to convince Mark Zuckerberg otherwise. I think it is very possible that Mark Zuckerberg may still support the petition, but is afraid to admit it due to consumer backlash and Facebook’s privacy issues in the past.

 

I think that if you look at the bill from a utilitarian point of view, it results in decreased happiness for all involved. Although some may argue that the decrease in cybercrime may increase happiness for all involved, I do not believe that the bill would be that effective in preventing or stopping crime and would mostly serve to annoy and scare many U.S. citizens.  I believe the bill would be used to prosecute people committing less threatening cybercrimes (downloading illegal music, movies, etc.) much, much more than it would ever have the potential to stop greater cybercrimes (overseas hacking, child abduction, etc.).

I am interested to hear what the rest of you think about this. Also, If you do think this bill would be effective, I encourage you to convince me otherwise.

Google Scandal

I ran across this story a few days ago and think it is very relevant to the issues of privacy we have been discussing in class. To summarize the news story the search engine giant Google has recently paid out 7 million dollars to 38 states after being caught capturing and storing unencrypted Wi-Fi traffic and passwords while capturing photos for its Street View service. Although this article doesn’t go into it much Google is blaming this privacy infringement on faulty software and a corrupt employee. Although it is suspected that several Google managers where aware of the employees intentions and did nothing to stop it.

Most shocking is the FCCs nearly unphased reaction to the obvious infringement of privacy stating: “wasn’t clear that Google violated federal wiretap laws by collecting unencrypted personal data that people transmitted over their wireless home (Wi-Fi) networks” and issuing the multi-billion dollar company a petty 25,000 dollar fine. So, just because your traffic is unencrypted does it give someone (namely Google) the right to collect and store it? Another thing this article neglects to mention is that Google is able to map all of this personal information to your home address by triangulating the Wi-Fi signal. So, what does everyone think, is the FCC right? just because your Wi-Fi isn’t encrypted does Google have the right to collect passwords and personal information(with your address attached to it)? or is do people have the right to privacy no matter how encrypted(or not encrypted) it is?

The State of Cybersecurity in the U.S. Military

TechNewsWorld recently posted an article in which it states that US cybersecurity has shaky foundations and it is not reliable that our “critical information technology systems will work under attack from a sophisticated opponent with good resources.” The Office of Management and Budget (OMB) has just released its 2011 fiscal year report on the implementation if the Federal Information Security Management Act (FISMA) in which it makes the claim that our U.S. Military has major cybersecurity gaps. OMB reports that controlled incidents of attack in 2011 were only detected 49 percent of the time compared to 70 percent in 2010, a staggering decrease. They also report that only 58 percent of the agencies surveyed used email validation technology, compared to 46 percent the in 2010.

 

This article makes me shudder to think how much more vulnerable the cybersecurity of the U.S. government has become since the span of this report (it only covers through 2011 so I am assuming they release these reports a year late). We spend absurd amounts of money on the defense department, so why is it that we are so digitally compromised? Shouldn’t every government agency be using email validation technology? What are the downfalls of using the technology as this report shows that only a little over half of the agencies are using it?  Maybe you guys can answer some of these questions as I am not the most informed in this subject, but this article has definitely made me start to worry what countries like China and North Korea could do if they attempted to penetrate our defenses over the web.

DMCA Has Pushed Its Limits

Recently CNET posted an article exclaiming that Congress may be looking into “defang”-ing DMCA law after a recent incident in which it has angered many members of the American public. According to the article, Congress declared that unlocking your cellphone to use it on another network other than the one you bought it from is illegal. This brought forth incredible opposition from many citizens, so much that a petition was created, got 100,000 signatures, and was received.  The White house is now obliged to respond as 100,000 signatures is the threshold to get the White House to review a petition. CNET believes that this may be the final straw with the DMCA as it goes to show how ridiculous some of the sections of the law are.

 

I personally find it outrageous that it is now illegal to unlock your phone. It is like buying a new car, and being told that if you drive your car with any brand of tire other than Goodyear, you are committing a felony. You own the car. You should have the right to do with it or modify it however you please. It’s one thing to say that the car manufacturer may void your warranty if you use parts not approved for use with your car, but it is outrageous that the government could consider you a felon and fine or jail you because you decided that you like Michelin tires better than Goodyear.

 

That is just my two cents. Let me know what you guys think.

The Foreign Intelligence Surveillance Act of 2008 . . .2012 . . .2017

By a vote of 73 to 23, the US Senate, on December 29, 2012, voted to extend the FISA Amendments Act for five years a.k.a. until December 31, 2017.

(some history real quick)

In 2008, congress passed The Foreign Intelligence Surveillance Act (abbreviated FISA) Amendments Act.  This act by congress was basically seen by the public as yet another link in a long chain-of-reactions aimed at the terrorist attacks that occurred on September 11th, 2001. At its core, the main function of this amendment was to extend the – similar but not quite carbon copy – provisions encompassed by the Protect America Act of 2007. Similar to how certain components of the Patriot Act – particularly ones condemned by the public – have survived thru bill-rehashing and manipulation; it seems that the Protect America Act of 2007 is also becoming an undead bill.

No matter how we argue or protest, the original intent and purpose of this act have survived by taking on the mask of FISA, FISA amendments and now the FISA amendments extension.  And I’m not saying that the entire act is bad or that every provision is controversial, I just want to point out that our words are not being heard and change is not coming anytime soon.

In its most recent context – a 5-4 vote nation’s highest court that definitively ended the case of a group of individuals who said “said their communications were likely being scooped up by the government’s expanded spying powers in violation of their constitutional rights”.  The court ruled – based on the recent extension of the FISA Amendments – that these groups don’t have the right to sue at all, because they can’t prove they were being spied on.

This is a silent problem that affects few United States citizens – but that’s how every landslide starts. I firmly believe that if we don’t stick up for the little guys, we’ll soon all be in their shoes – cursing our ignorance. What do you guys think? Can you think of any other laws or other political agendas that have been similarly manipulated  by The Man?