Throwing a bit dye into the geist, a group of programmers have developed a Firefox plugin that will route your websurfing through a Chinese server, thus allowing you to get sense of what sort of Internet the Chinese state security services have in mind for their citizens. [Link to the plugin project website]
The control that governments, and other interested parties, can exert over one’s websurfing can take a much more insidious form than simply block content. Through some form of packet injection, or server based cacheing, web pages can be changed en route to the web browser, thus allowing for the manipulation of the user’s trust and expectation.
For more information, The Atlantic published an interesting article during the 2008 Olympics about the limitations and scope of the system.
Accompanying the recent military action on the ground in Georgia was a cyber campaign that took down many government sites and generally impeded the dissemenation of information throughout the country. Shortly after things cooled down in Georgia, a collection of security researchers in and around the intelligence community got together under the banner of “Project Grey Goose” in an attempt to see if open source information, particularly through semantic analysis of Russian hacker forums, could be used to unmask those responsible. The team drew widely from the community:
- Lewis Shepherd - former CTO, Defense Intelligence Agency; CTO, Microsoft Institute for Advanced Technology in Governments
- Bob Gourley - former CTO, Defense Intelligence Agency; founder, Crucial Point LLC, a technology research and advisory firm
- Matt Devost - former Senior INFOSEC Engineer at SAIC; Security Consultant to foreign governments and corporations; President, Total Intelligence Solutions
- Preston Werntz - Project Manager, Newbrook Solutions, currently engaged at DHS Office of Intelligence and Analysis
- Derek Plansky - former Director, Lexis-Nexis Risk and Information Analytics Group; President, Informatic Ideas Consulting
- Andrew Conway - former analyst performing classified work for a three letter agency analyzing leadership emergence in covert networks; currently a Ph.D candidate in Politics, NYU
- Jeremy Baldwin - Analytic Tradecraft Developer, The Analysis Corporation [source]
Following 56 days of investigation the group has published its findings [pdf] [intelfusion blog]. The conclusions?
- We assess with high confidence that the Russian government will likely continue its practice of distancing itself from the Russian nationalistic hacker community thus gaining deniability while passively supporting and enjoying the strategic benefits of their actions.
- We assess with high confidence that nationalistic Russian hackers are likely adaptive adversaries engaged in aggressively finding more efficient ways to disable networks.
- We judge with moderate confidence that a journeyman-apprentice relationship will continue to be the training model used by nationalistic Russian hackers.
- We estimate with moderate confidence that hacker forums engaged in training Russian cyber warriors will continue to evolve their feedback loop which effectively becomes their Cyber Kill Chain.
- After analyzing over 200 posts in the Xakep.ru and StopGeorgia.ru forums, as well as Georgian network server data, Grey Goose analysts were able to discern a cyber kill chain which is comprised of the following steps:
- 1) Encourage novices through patriotic imagery and rhetoric to get involved in the cyber war against Georgia
2) Publish a target list of Georgian government Web sites which have been tested for access from Russian and Lithuanian IP addresses.
3) Discuss and select one of several different types of malware to use against the target Web site.
4) Launch the attack
5) Evaluate the results (optional step)
- We assess with high confidence that all visitors to Russian hacker forums which originate from U.S. IP addresses will be monitored.
J. Craig Venter is a highly prominent synthetic biologist and entrepreneur whose research into the human genome and cellular biology has placed him as one of the main public faces of this rapidly unfolding field.
I just recently came upon www.fora.tv which, for any of those who do not know it, really promises to tickle the fancy, and to kill the time. It seems that they have done a very good job positioning themselves as a major repository of lectures and intellectual discussions by forging content relationships with universities, think tanks, public forums and cultural institutions.
That said, I found Fora by way of this presentation (see below) given by Craig Venter about the recent history and future trends of synthetic biology. For those who may have missed it, we are rapidly approaching the moment when, entirely novel forms of life can be designed on a computer and brought to life through a combination of DNA sequencers and other laboratory techniques. This has doubtlessly started to cause much in the way of both ethical concern and concern for the possibility of garage biohackers designing all sorts of killer bugs.
The exciting part was we took this piece of DNA and inserted into the bacteria E. coli and what had happened was E. coli recognized this as a piece of software and started making viral particles. And true to form in nature when the viral particles were released from the cell. They turned around and killed the bacteria that had made it. So, this is a process that we see all the time in nature. I was just speaking to oil executives and I said they clearly understood that process. But this was pretty exciting: just taking a piece of DNA and having it activated, making viral particles. So we view this as the software actually building its own hardware. This is an important concept as we’re trying to go forward in this field, that even most people that are working in this area have not truly grasped the implications of this, that we don’t have to design life from scratch. We just have to design the software appropriately. [link to the presentation video - many of the latter chapters are of particular interest]
Schneier on Security has an interesting bit on identity farming today. The idea essentially runs that one can incubate rock solid fake identities if they have 25 years during which to fabricate the birth of children, open bank accounts in their names, fill out the relevant paper work to have them home schooled, and otherwise scatter little bread crumbs here and there (apparently this is also a premise common in Highlander fan faction as a plot technique through which the immortals continue to stay integrated in human society). It is through these techniques that one creates, as Schneier nicely phrases it, a data shadow for the fictitious identity. This all could work, right, because it is the data shadow itself that is the salient aspect of one’s existence as a citizen-consumer and not really their corporeal person as such.
As a good case in point – one that also reveals the absurdity of the US’s paper tiger homeland security initiatives — a Quebec business man who had his identity stolen, consequentially winding up on a US terror watch list, was ultimately able to circumvent the travails of security check point purgatory by changing his name from Mario Labbé to François Mario Labbé . It seems its created a bit of a fresh start for him: F. Mario Labbé can now pass through airport security unaccosted because of a vulnerability in, what we can perhaps refer to in a bit of biblical sounding legalese. the Several Databases.
It seems that this idea of a data shadow can be potentially quite powerful. It certainly has the ring of one of those buzz phrases that, like a sleak aluminum frame, can house either a powerbook or a fighter jet. Now what is wanting is for the notion to get caught in an updraft and to be transformed into the cynosure of public attention. At least, that would be nice.
Wow is this real? Or some sort of misinformation about US military technologies? Perhaps being spread in some attempt to reflect the total fear of terrorism that is nurtured within the US as a tool to demoralize those communities abroad that the US considers its enemies.
By analyzing the movements of human shadows in aerial and satellite footage, JPL engineer Adrian Stoica says, it should be possible to identify people from the way they walk - a technique called gait analysis, whose power lies in the fact that a person’s walking style is very hard to disguise. [link]
It would be rather challenging to do, but quite interesting to see how stories like this propagate on the ground in places like Afganistan. That portion of the blogosphere that concerns itself with technoscience and national security have certainly been abuzz with this story, and there has been quite solid propagation of it. But at what point, if really ever, do these types of stories jump the fence, as it were, and enter the rumor mill of the third world? Do the US intelligence services study this sort of thing?
The implications of this are rather wild, in any event. On the one hand, it is another expression of the contemporary’s interest in reducing phenomena to a statistical trace. You are an aggregation of variables that correlate only in your instance. You went to that coffee shop today because there was an 80% chance of it.
Maybe terrorists will start wearing big puffy suits to obscure their shadows. Actually it sounds like a great market opportunity, selling surplus Willie Wonka and the Chocolate Factory costumes to terrorists…
