Schneier on Security linked to an excellent paper on the economics of spam. Interestingly, the authors were able to infiltrate the Storm worm network and monitored its doings in the course of their study.
After 26 days, and almost 350 million e-mail messages, only 28 sales resulted — a conversion rate of well under 0.00001%. Of these, all but one were for male-enhancement products and the average purchase price was close to $100. Taken together, these conversions would have resulted in revenues of $2,731.88 — a bit over $100 a day for the measurement period or $140 per day for periods when the campaign was active. However, our study interposed on only a small fraction of the overall Storm network — we estimate roughly 1.5 percent based on the fraction of worker bots we proxy. Thus, the total daily revenue attributable to Storm’s pharmacy campaign is likely closer to $7000 (or $9500 during periods of campaign activity). By the same logic, we estimate that Storm self-propagation campaigns can produce between 3500 and 8500 new bots per day.Under the assumption that our measurements are representative over time (an admittedly dangerous assumption when dealing with such small samples), we can extrapolate that, were it sent continuously at the same rate, Storm-generated pharmaceutical spam would produce roughly 3.5 million dollars of revenue in a year. This number could be even higher if spam-advertised pharmacies experience repeat business. A bit less than “millions of dollars every day,” but certainly a healthy enterprise.
Of course, the authors point out that it’s dangerous to make these sorts of generalizations:
We would be the first to admit that these results represent a single data point and are not necessarily representative of spam as a whole. Different campaigns, using different tactics and marketing different products will undoubtedly produce different outcomes. Indeed, we caution strongly against researchers using the conversion rates we have measured for these Storm-based campaigns to justify assumptions in any other context. [link]
Throwing a bit dye into the geist, a group of programmers have developed a Firefox plugin that will route your websurfing through a Chinese server, thus allowing you to get sense of what sort of Internet the Chinese state security services have in mind for their citizens. [Link to the plugin project website]
The control that governments, and other interested parties, can exert over one’s websurfing can take a much more insidious form than simply block content. Through some form of packet injection, or server based cacheing, web pages can be changed en route to the web browser, thus allowing for the manipulation of the user’s trust and expectation.
For more information, The Atlantic published an interesting article during the 2008 Olympics about the limitations and scope of the system.
In 2001, Martin Dodge and Rob Kitchin published an Atlas of Cyberspace, described by Vint Cerf as “explor[ing] a remarkable universe of visual representations of the Internet’s diversity, structure and content.” The atlas locates cyberspace along many dimensions: geographic maps of core fiber optic back bones, logical maps of network organization and hierarchy, social maps showing the relationships between individual users in virtual worlds, hierarchy trees of web page design, world maps from 3-d shooters, etc. While some of the visualizations, designed to shock and awe through their graphical sophistication, have become curious artifacts in their own right, almost like a first generation iPod, harkening back to simpler times, the book itself promises not to disappoint. The good news is that it has been re-released under a Creative Commons license and can be downloaded here. There is a 20MB low-res version and a 200+MB high-res version.
Arpanet’s geographical configuration, 1975
Submarine fiber optic cables in the Caribbean
“Great Circle” map designed as a bit of marketing ephemera for the Cable and Wireless Company, showing the global connectivity of its telecommunications network, with Britain centered representing its position as “hub of the world”, 1945
The huge and dense mesh of connections shows the social geography of LambdaMOO, a multi-user dimension, by mapping how over half of the 4,800 or so players related to each other. LambdaMOO was a well-established and well-known virtual environment created at Xerox PARC in 1990. The map was created using social statistics gathered by Cobot, a software agent that “lived” in LambdaMOO, sitting in the “living room” and observing the social interactions of players. 2000
IEEE Spectrum published an article this past May about the growing concern within defense circles about the loss of oversight along the military hardware supply chain. With many of the semiconductor components manufactured in the People’s Republic of China, rumors and fears of maliciously implanted “backdoors” abound:
According to a U.S. defense contractor who spoke on condition of anonymity, a “European chip maker” recently built into its microprocessors a kill switch that could be accessed remotely. French defense contractors have used the chips in military equipment, the contractor told IEEE Spectrum. If in the future the equipment fell into hostile hands, “the French wanted a way to disable that circuit,” he said. Spectrum could not confirm this account independently, but spirited discussion about it among researchers and another defense contractor last summer at a military research conference reveals a lot about the fever dreams plaguing the U.S. Department of Defense (DOD)…
Vetting a chip with a hidden agenda can’t be all that tough, right? Wrong. Although commercial chip makers routinely and exhaustively test chips with hundreds of millions of logic gates, they can’t afford to inspect everything. So instead they focus on how well the chip performs specific functions. For a microprocessor destined for use in a cellphone, for instance, the chip maker will check to see whether all the phone’s various functions work. Any extraneous circuitry that doesn’t interfere with the chip’s normal functions won’t show up in these tests…
Nor can chip makers afford to test every chip. From a batch of thousands, technicians select a single chip for physical inspection, assuming that the manufacturing process has yielded essentially identical devices. They then laboriously grind away a thin layer of the chip, put the chip into a scanning electron microscope, and then take a picture of it, repeating the process until every layer of the chip has been imaged. Even here, spotting a tiny discrepancy amid a chip’s many layers and millions or billions of transistors is a fantastically difficult task, and the chip is destroyed in the process…
The Pentagon is now caught in a bind. It likes the cheap, cutting-edge devices emerging from commercial foundries and the regular leaps in IC performance the commercial sector is known for. But with those improvements comes the potential for sabotage. “The economy is globalized, but defense is not globalized,” says Coleman. “How do you reconcile the two?” [link]
With respect to recent news pertaining to electronic security and surveillance see also:
Accompanying the recent military action on the ground in Georgia was a cyber campaign that took down many government sites and generally impeded the dissemenation of information throughout the country. Shortly after things cooled down in Georgia, a collection of security researchers in and around the intelligence community got together under the banner of “Project Grey Goose” in an attempt to see if open source information, particularly through semantic analysis of Russian hacker forums, could be used to unmask those responsible. The team drew widely from the community:
- Lewis Shepherd - former CTO, Defense Intelligence Agency; CTO, Microsoft Institute for Advanced Technology in Governments
- Bob Gourley - former CTO, Defense Intelligence Agency; founder, Crucial Point LLC, a technology research and advisory firm
- Matt Devost - former Senior INFOSEC Engineer at SAIC; Security Consultant to foreign governments and corporations; President, Total Intelligence Solutions
- Preston Werntz - Project Manager, Newbrook Solutions, currently engaged at DHS Office of Intelligence and Analysis
- Derek Plansky - former Director, Lexis-Nexis Risk and Information Analytics Group; President, Informatic Ideas Consulting
- Andrew Conway - former analyst performing classified work for a three letter agency analyzing leadership emergence in covert networks; currently a Ph.D candidate in Politics, NYU
- Jeremy Baldwin - Analytic Tradecraft Developer, The Analysis Corporation [source]
Following 56 days of investigation the group has published its findings [pdf] [intelfusion blog]. The conclusions?
- We assess with high confidence that the Russian government will likely continue its practice of distancing itself from the Russian nationalistic hacker community thus gaining deniability while passively supporting and enjoying the strategic benefits of their actions.
- We assess with high confidence that nationalistic Russian hackers are likely adaptive adversaries engaged in aggressively finding more efficient ways to disable networks.
- We judge with moderate confidence that a journeyman-apprentice relationship will continue to be the training model used by nationalistic Russian hackers.
- We estimate with moderate confidence that hacker forums engaged in training Russian cyber warriors will continue to evolve their feedback loop which effectively becomes their Cyber Kill Chain.
- After analyzing over 200 posts in the Xakep.ru and StopGeorgia.ru forums, as well as Georgian network server data, Grey Goose analysts were able to discern a cyber kill chain which is comprised of the following steps:
- 1) Encourage novices through patriotic imagery and rhetoric to get involved in the cyber war against Georgia
2) Publish a target list of Georgian government Web sites which have been tested for access from Russian and Lithuanian IP addresses.
3) Discuss and select one of several different types of malware to use against the target Web site.
4) Launch the attack
5) Evaluate the results (optional step)
- We assess with high confidence that all visitors to Russian hacker forums which originate from U.S. IP addresses will be monitored.
This past weekend, at a flea market, I came across a Kodak Instamatic 800 manufactured in 1964. From the aspect of design and material culture, I rather liked the aesthetic packaging that the camera came in. There was something very classic, very tasteful and not at all kitschy about it. So, I thought I would post scans here. The Instamatic was a huge product for Kodak during the 1960s. They sold over 50 million of them, and it was arguably The Camera that popularized amateur photography as a fixture of healthy, modern middle class life.
Thinking about the manufactured objects of life more generally, Edward Burtynsky [a photographer I posted about earlier] is working with the Long Now Foundation to put together an exhibit of contemporary material culture. Not so much the stuff one would find in the design section of a contemporary art musuem, but surely some of that, but more so the sorts of things that one would expect to find doing an archeological dig of mid-century America. Burtynsky gives a 5 minute presentation on it with many a slide.
[higher resolution]
[higher resolution]
[higher resolution]
J. Craig Venter is a highly prominent synthetic biologist and entrepreneur whose research into the human genome and cellular biology has placed him as one of the main public faces of this rapidly unfolding field.
I just recently came upon www.fora.tv which, for any of those who do not know it, really promises to tickle the fancy, and to kill the time. It seems that they have done a very good job positioning themselves as a major repository of lectures and intellectual discussions by forging content relationships with universities, think tanks, public forums and cultural institutions.
That said, I found Fora by way of this presentation (see below) given by Craig Venter about the recent history and future trends of synthetic biology. For those who may have missed it, we are rapidly approaching the moment when, entirely novel forms of life can be designed on a computer and brought to life through a combination of DNA sequencers and other laboratory techniques. This has doubtlessly started to cause much in the way of both ethical concern and concern for the possibility of garage biohackers designing all sorts of killer bugs.
The exciting part was we took this piece of DNA and inserted into the bacteria E. coli and what had happened was E. coli recognized this as a piece of software and started making viral particles. And true to form in nature when the viral particles were released from the cell. They turned around and killed the bacteria that had made it. So, this is a process that we see all the time in nature. I was just speaking to oil executives and I said they clearly understood that process. But this was pretty exciting: just taking a piece of DNA and having it activated, making viral particles. So we view this as the software actually building its own hardware. This is an important concept as we’re trying to go forward in this field, that even most people that are working in this area have not truly grasped the implications of this, that we don’t have to design life from scratch. We just have to design the software appropriately. [link to the presentation video - many of the latter chapters are of particular interest]
This was really such a startling picture to come across. The F-117 Nighthawk was certainly for me, and I think at least for many boys growing up around the collapse of the Soviet Union, the quintisential icon of the infinite possibility of American military technology. It was The Stealth Fighter, invisible, invincible, built of a super high tech material that would absorb radar and make the whole plane look no bigger than a sparrow upon an enemy’s screen. It was super top secret, and even knowing about it gave one the sense of some how being included in all of that intrigue and magic. But, if WE know about THIS, can you just imagine all the things they are not telling us? They must even more fantastic things, maybe even X-Files and secret UFO technology. They did, after all, develop and test it at Area 51.
But now here it is. Torn apart by an ordinary Caterpillar excavator, reduced to a formless tangle of industrial material, like one saw in the pictures dispatched from New Orleans, or South Ossetia. Giving up the ghost, the spell is broke, the charm is flown. There was so much promise in you, oh Nighthawk. Yours was a special place, a harbinger from the coast, signaling the floods would soon recede and Eden would be reclaimed. But as they have stripped you of your feathers, we too must go naked for a season.
[link]
It was not until the fantastic rise in energy prices of the last several years (remember: a decade ago a barrel of crude was less than $15) that companies that do oil exploration and production (E&P) began a serious consideration of extracting the very low grade bitumen (essentially the most expensive part of a barrel of oil to refine, and directly the stuff that holds the stones together in asphalt). When prices looked as if they were heading straight for $100, and even more so when it looked like they were heading straight for $200, companies began investing heavily in the Canadian province of Alberta, which is estimated to hold 1.7 trillion barrels of oil, according to government sources. However, the recent turn around in the direction of oil prices, combined with the banking crisis which is (1) making it difficult to put together financing for exploration projects and (2) creating concerns that the slowing economy will push oil below $70, the price that determines profitability for these projects, has cast the future in doubt. All of that said, the physical process by which oil is extracted from the ground is quite interesting and something that is as mysterious as the magic smoke inside an ipod to most people. So for your edification, take a look at the diagram below:
The above image, taken from an investor presentation given by Petrobank, an E&P company working in Alberta, shows the basic anatomy of a well site.
- The vertical well sections are drilled about 1.5km on average, although they could get as deep as 3-4km
- Once the drill reaches the oil sand deposits, the direction will be changed so that the well will continue horizontally. This is done because the seam containing the oil sand is relatively shallow and the more surface the well can make contact with, the more production that will follow.
- Once the actual hole of the well is drilled, it is shored up with a high pressure casing that maintains the structural stability of the well.
- Following this, the casing is fractured in many places using explosives. This has the double effect of loosening up the surrounding sand formations, allowing the oil to flow more easily, as well as providing more entry points for oil to flow into the casing.
- On the surface, the pump jack helps create the pressure required to extract the heavy bitumen from the ground
