The US Office of the National Counterintelligence Executive recently published a four-part reader as an accompaniment to the lectures they conduct:
Our reader’s three volumes cover counterintelligence’s past and present. Nevertheless they form a whole: the first volume provides material elucidating counter- intelligence’s antecedents from the American Revolution to World War II. Volume two focuses on World War II while volume three begins with the Atom Bomb spies and concludes with the latest espionage cases. History is more than background; it is the framework of the present.
We have taken material from official government documents, indictments from several espionage cases, and articles written by professors, scholars and counterintelligence officers. We have abridged some selections while trying not to change the sense of the original but we have not altered the original usage of the English language.
Each chapter in the three volumes has an introduction, which sketches out the main trends and characteristics of the period in question. There is a chronology with each chapter for volumes one and three, but volume two only has one chronology to cover the entire period. At the end of each chapter is a selected bibliography. We hope this will help you get a sense of the period as a whole. The reader is not all-inclusive and people may disagree with our selections, but at least we hope to have provided sufficient material to entice our colleagues to do further research.
Counterintelligence is a fascinating and challenging discipline. Our response to these challenges is determined, not by the requisites of the immediate situation but by our historical legacy. Thus we urge that the materials presented in the three volumes be read, not as background to the present, but as part of the present itself.
A fourth volume covers recent spying successes, failures, programs and reports.
Cryptome ZIP of PDFs
NCIX Site
Schneier on Security linked to an excellent paper on the economics of spam. Interestingly, the authors were able to infiltrate the Storm worm network and monitored its doings in the course of their study.
After 26 days, and almost 350 million e-mail messages, only 28 sales resulted — a conversion rate of well under 0.00001%. Of these, all but one were for male-enhancement products and the average purchase price was close to $100. Taken together, these conversions would have resulted in revenues of $2,731.88 — a bit over $100 a day for the measurement period or $140 per day for periods when the campaign was active. However, our study interposed on only a small fraction of the overall Storm network — we estimate roughly 1.5 percent based on the fraction of worker bots we proxy. Thus, the total daily revenue attributable to Storm’s pharmacy campaign is likely closer to $7000 (or $9500 during periods of campaign activity). By the same logic, we estimate that Storm self-propagation campaigns can produce between 3500 and 8500 new bots per day.Under the assumption that our measurements are representative over time (an admittedly dangerous assumption when dealing with such small samples), we can extrapolate that, were it sent continuously at the same rate, Storm-generated pharmaceutical spam would produce roughly 3.5 million dollars of revenue in a year. This number could be even higher if spam-advertised pharmacies experience repeat business. A bit less than “millions of dollars every day,” but certainly a healthy enterprise.
Of course, the authors point out that it’s dangerous to make these sorts of generalizations:
We would be the first to admit that these results represent a single data point and are not necessarily representative of spam as a whole. Different campaigns, using different tactics and marketing different products will undoubtedly produce different outcomes. Indeed, we caution strongly against researchers using the conversion rates we have measured for these Storm-based campaigns to justify assumptions in any other context. [link]
An analyst at Websense Security Labs did a study of the “wolfteeth bot catcher”, a tool coming out of China that allows a user to specify a particular range of IP addresses and then search for and exploit the MS08-067 bug in Windows, installing any malicious code they may choose. Careful though! It seems the authors of this program included a backdoor so that installing it also pulls you into their botnet. Here is the link for the disection, an interesting bit of thick texture even if the details are lost on you.
A rather entrancing article, published originally in the Guardian, meditates on the hidden images of America’s “last good war.” Following the surrender of Japan in WWII, the US issued a strict writ of censorship stating that “nothing shall be printed which might, directly or by inference, disturb public tranquility.” Consequently, the atomic bombings in Japan have become, as the novelist Mary McCarthy wrote in 1946, “a kind of hole in human history,” unaccompanied by much of a visual record. The article follows the discovery of an amazing cache of photographs, previously unseen to the public, taken by the US Military’s Physical Damage Division at the end of the war:
One rainy night eight years ago, in Watertown, Massachusetts, a man was taking his dog for a walk. On the curb, in front of a neighbor’s house, he spotted a pile of trash: old mattresses, cardboard boxes, a few broken lamps. Amidst the garbage he caught sight of a battered suitcase. He bent down, turned the case on its side and popped the clasps.
He was surprised to discover that the suitcase was full of black-and-white photographs. He was even more astonished by their subject matter: devastated buildings, twisted girders, broken bridges — snapshots from an annihilated city. He quickly closed the case and made his way back home.
At the kitchen table, he looked through the photographs again and confirmed what he had suspected. He was looking at something he had never seen before: the effects of the first use of the Atomic bomb. The man was looking at Hiroshima. [link]
Links for the week of 2 November 2008:
Throwing a bit dye into the geist, a group of programmers have developed a Firefox plugin that will route your websurfing through a Chinese server, thus allowing you to get sense of what sort of Internet the Chinese state security services have in mind for their citizens. [Link to the plugin project website]
The control that governments, and other interested parties, can exert over one’s websurfing can take a much more insidious form than simply block content. Through some form of packet injection, or server based cacheing, web pages can be changed en route to the web browser, thus allowing for the manipulation of the user’s trust and expectation.
For more information, The Atlantic published an interesting article during the 2008 Olympics about the limitations and scope of the system.
Links for the week of 25 October 2008:
- Smithsonian Libraries : Digital Library - Webcasts, lectures
- Journal of Biological Engineering | Full text | Engineering BioBrick vectors from BioBrick parts - We define a biological part to be a natural nucleic acid sequence that encodes a definable biological function, and a standard biological part to be a biological part that has been refined in order to conform to one or more defined technical standards.
- Strange Culture, A new film by Lynn Hershman Leeson - The surreal nightmare of internationally-acclaimed artist and professor Steve Kurtz began when his wife Hope died in her sleep of heart failure. Police who responded to Kurtz�s 911 call deemed Kurtz�s art suspicious and called the FBI. Within hours the artist was detained as a suspected "bioterrorist" as dozens of federal agents in Hazmat suits sifted through his work and impounded his computers, manuscripts, books, his cat, and even his wife�s body.
- YouTube - Time-Lapse: Zebrafish Embryos Developing - Time-Lapse: Zebrafish Embryos Developing, first 24 hrs
- Microsoft vs. Google: The New Space Race? - MSFT and Google investing in large telescopes and open source astronomy
- Spy Pigeons Circle the World | Danger Room from Wired.com -
- Survival Communities - State Maps and Information for
Nuclear Survival
(with Intentional Communities list)
- Geophysicist Shares a Song of Earth’s Polarity : NPR - Geophysicist Shares a Song of Earth's Polarity
- Team records ‘music’ from stars - Scientists have recorded the sound of three stars similar to our Sun using France's Corot space telescope. A team writing in Science journal says the sounds have enabled them to get information about processes deep within stars for the first time.
- YouTube - Face Shift — Arthur Elsenaar, Remko Scha — 2005 -
- Electric Stimulus – today and tomorrow - Daito Manabe stimulates his facial muscles with small electric pulses, synced to music. The result is amazing, he now has to figure out how the hide the cables, then it would be an excellent music video.
- BCMA Medical Museum : Collections -
- Scientists make cat that glows in the dark - Telegraph - transgenic cat: The gene, which was added to Mr. Green Genes' DNA when he was created, has no effect on his health. "Created"…
- An Extremely Quick and Simple Introduction to the Vi Text Editor -
- ANSI Launches Guide to Help Calculate Cyber Security Risk - Desktop Security News Analysis - Dark Reading - In a nutshell, the guide advocates that organizations calculate cyber security risks and costs by asking questions of every organizational discipline that might be affected: legal, compliance, business operations, IT, external communications, crisis management, and risk management/insurance. The idea is to involve everyone who might be affected by a security breach and collect data on the potential risks and costs.
- Second International conference on image science of the Department for Image Science, Danube-University Krems - Never before the world of images has changed so fast and the way images are produced transformed so drastically like in the latest presence: Second Life, Micromovies, Flickr, Virtual Reality, You Tube, Visual Music, Scientific Visualisation, Google Earth etc. are keywords standing for a multitude of new possibilities for individual producing, projecting and distributing of visual material.
- Jeremy Mayer -Typewriter Sculpture, Illustration, Studio - Mayer has created a series of sculptures that capture the mysteriously delicate, yet sturdy, inner structures of living things using old typewriters.
- The United States Air Force Art Collection - The United States Air Force Art Collection documents the story of the Air Force through the universal language of art. The actions and deeds of Air Force men and women are recorded in paintings by eminent American artists in a way words alone could never tell. These paintings are both historical and educational and expose the military and the public to the role and diverse capabilities of the United States Air Force.
- Atlas of Cyberspace - The Atlas of Cyberspace, by Martin Dodge and Rob Kitchin, is the first comprehensive book to explore the spatial and visual nature of cyberspace and its infrastructure.
- Office of the National Counterintelligence Executive - truly bizarre set of posters, from the Office of the National Counterintelligence Executive. Using the words of Abraham Lincoln, George Washington, and George W. Bush, they remind our spies not to spill secrets — or switch to the other side. Recruiters from Beijing to Moscow to Tehran are, no doubt, cursing the poster-makers' cleverness, and their boundless Illustrator skill. Here are some samples:
- Hackermedia - is on the air! - hacking and security podcasts
- Pollster.com - 2008 Election Polls, Trends, Charts and Analysis -
- IEEE Spectrum: The Hunt for the Kill Switch - Are chip makers building electronic trapdoors in key military hardware? The Pentagon is making its biggest effort yet to find out
- YouTube - Miriam Makeba-Pata Pata(TV Record,S.Paulo,Brazil,1968) -
- Online Divorcee Jailed After Killing Virtual Hubby - NYTimes.com -
- Podcasts from the University of Oxford -
- Vintagetextile.com high style vintage clothing - Exquisite vintage clothing 1750-1980: Early Costume; 19th-20th century Couture; wearable designer fashion for the discriminating collector. Since 1998 exclusively on the internet, Vintage Textile has offered a wide selection of the best high-style clothing in all the major categories: Early, Victorian, Edwardian, 1920s, 1930s-1950s, 20th century Designer, Shawls/Textiles. We are proud to count major collectors and museums worldwide among our valued customers.
- YouTube - Exploding Whale -
- YouTube - Björk talking about her TV -
- YouTube - bjork talking about her TV -
- Sublime Frequencies produces music from Java Bali Sumatra Burma Morocco Thailand India Mali Syria Laos Cambodia and Nepal -
- The Ultimate Collection Of Useful Photoshop Actions | Developer’s Toolbox | Smashing Magazine -
- LASEC - The Security and Cryptography Laboratory (LASEC) was created at EPFL in 2000. It is part of the School of Computer and Communication Sciences (I&C). The main activities of LASEC are research and education on the security of communication and information systems, cryptography, and applications.
- Compromising Electromagnetic Emanations of Wired Keyboard - Martin Vuagnoux and Sylvain Pasini - Computer keyboards are often used to transmit sensitive information such as username/password (e.g. to log into computers, to do e-banking money transfer, etc.). A vulnerability on these devices will definitely kill the security of any computer or ATM.
Wired keyboards emit electromagnetic waves, because they contain eletronic components. These eletromagnetic radiation could reveal sensitive information such as keystrokes. Although Kuhn already tagged keyboards as risky, we did not find any experiment or evidence proving or refuting the practical feasibility to remotely eavesdrop keystrokes, especially on modern keyboards.
- Welcome to Virtual Vigilance.org - Operation Virtual Vigilance is concerned with securing America's borders. Cameras located along the border are operated by American citizens over the Internet. Suspicious activity is reported to the Border Patrol.
VirtualVigilance.org is hosted by American Border Patrol (a non-profit 501c3 corporation).
For background information, please click on "background."
The camera system is currently in operation and being viewed by a select core group of volunteers.
If you sign up as a "Virtual Volunteer" and you meet certain criteria, you will be contacted for training.
- DVN - Homepage - Access the world's largest collection of social science research data here by searching across or browsing through one of the virtual data archives (called "dataverses") listed below.
- Robert Marion LaFollette (1855-1925), speech in Senate, 1908 March 17 - [While the public's mind and the Hearst and the Pulitzer papers (and other papers) were preoccupied with the sex-life and murder of Stanford White, and the night of the "velvet swing"; while senators and congressmen interrupted their business to read the details of the "trial of the century" in the evening papers, there was some trouble in America]
Congressional Record — Senate
page 3434
1908 March 17
Senate bill 3023
AMENDMENT OF NATIONAL BANKING LAWS.
- 83 Beautiful Wordpress Themes You (Probably) Haven’t Seen | Smashing Magazine -
In 2001, Martin Dodge and Rob Kitchin published an Atlas of Cyberspace, described by Vint Cerf as “explor[ing] a remarkable universe of visual representations of the Internet’s diversity, structure and content.” The atlas locates cyberspace along many dimensions: geographic maps of core fiber optic back bones, logical maps of network organization and hierarchy, social maps showing the relationships between individual users in virtual worlds, hierarchy trees of web page design, world maps from 3-d shooters, etc. While some of the visualizations, designed to shock and awe through their graphical sophistication, have become curious artifacts in their own right, almost like a first generation iPod, harkening back to simpler times, the book itself promises not to disappoint. The good news is that it has been re-released under a Creative Commons license and can be downloaded here. There is a 20MB low-res version and a 200+MB high-res version.
Arpanet’s geographical configuration, 1975
Submarine fiber optic cables in the Caribbean
“Great Circle” map designed as a bit of marketing ephemera for the Cable and Wireless Company, showing the global connectivity of its telecommunications network, with Britain centered representing its position as “hub of the world”, 1945
The huge and dense mesh of connections shows the social geography of LambdaMOO, a multi-user dimension, by mapping how over half of the 4,800 or so players related to each other. LambdaMOO was a well-established and well-known virtual environment created at Xerox PARC in 1990. The map was created using social statistics gathered by Cobot, a software agent that “lived” in LambdaMOO, sitting in the “living room” and observing the social interactions of players. 2000
IEEE Spectrum published an article this past May about the growing concern within defense circles about the loss of oversight along the military hardware supply chain. With many of the semiconductor components manufactured in the People’s Republic of China, rumors and fears of maliciously implanted “backdoors” abound:
According to a U.S. defense contractor who spoke on condition of anonymity, a “European chip maker” recently built into its microprocessors a kill switch that could be accessed remotely. French defense contractors have used the chips in military equipment, the contractor told IEEE Spectrum. If in the future the equipment fell into hostile hands, “the French wanted a way to disable that circuit,” he said. Spectrum could not confirm this account independently, but spirited discussion about it among researchers and another defense contractor last summer at a military research conference reveals a lot about the fever dreams plaguing the U.S. Department of Defense (DOD)…
Vetting a chip with a hidden agenda can’t be all that tough, right? Wrong. Although commercial chip makers routinely and exhaustively test chips with hundreds of millions of logic gates, they can’t afford to inspect everything. So instead they focus on how well the chip performs specific functions. For a microprocessor destined for use in a cellphone, for instance, the chip maker will check to see whether all the phone’s various functions work. Any extraneous circuitry that doesn’t interfere with the chip’s normal functions won’t show up in these tests…
Nor can chip makers afford to test every chip. From a batch of thousands, technicians select a single chip for physical inspection, assuming that the manufacturing process has yielded essentially identical devices. They then laboriously grind away a thin layer of the chip, put the chip into a scanning electron microscope, and then take a picture of it, repeating the process until every layer of the chip has been imaged. Even here, spotting a tiny discrepancy amid a chip’s many layers and millions or billions of transistors is a fantastically difficult task, and the chip is destroyed in the process…
The Pentagon is now caught in a bind. It likes the cheap, cutting-edge devices emerging from commercial foundries and the regular leaps in IC performance the commercial sector is known for. But with those improvements comes the potential for sabotage. “The economy is globalized, but defense is not globalized,” says Coleman. “How do you reconcile the two?” [link]
With respect to recent news pertaining to electronic security and surveillance see also:
