science

The psychology of waiting for your luggage at the airport

From Dan Ariely’s “Flying Frustrations” (21 November 2011):

Think about these two ways to get your luggage: With the original airport design, you walk ten minutes, but when you finally get to the carousel, your baggage gets there a minute after you (taking 11 minutes). In the other, you walk three minutes, but when you arrive you have to wait five minutes for your luggage (taking 8 minutes). The second scenario is faster, but people become more annoyed with the process because they have more idle time. As Sir Arthur Conan Doyle, Sr. noted, “I never remember feeling tired by work, though idleness exhausts me completely.

The “good news” is that airports quickly reverted to their former (inefficient) system, and we now walk farther to our suitcases just to avoid the frustrations of idleness.

The psychology of waiting for your luggage at the airport Read More »

How changes in glass changed working conditions

From Nicholas Carr’s “(re)framed” (Rough Type: 3 June 2011):

I’m reminded of an interesting passage in the book Glass: A World History:

As we have seen, one of the rapid developments in glass technology was the making of panes of window glass, plain and coloured, which was particularly noticeable in the northern half of Europe [after the twelfth century]. One very practical effect of this was on working conditions. In the cold and dark northern half of Europe people could now work for longer hours and with more precision because they were shielded from the elements. The light poured in, yet the cold was kept out. Prior to glass only thin slivers of horn or parchment were used and the window spaces were of necessity much smaller and the light admitted, dimmer.

How changes in glass changed working conditions Read More »

The Pareto Principle & Temperament Dimensions

From David Brooks’ “More Tools For Thinking” (The New York Times: 29 March 2011):

Clay Shirkey nominates the Pareto Principle. We have the idea in our heads that most distributions fall along a bell curve (most people are in the middle). But this is not how the world is organized in sphere after sphere. The top 1 percent of the population control 35 percent of the wealth. The top two percent of Twitter users send 60 percent of the messages. The top 20 percent of workers in any company will produce a disproportionate share of the value. Shirkey points out that these distributions are regarded as anomalies. They are not.

Helen Fisher, the great researcher into love and romance, has a provocative entry on “temperament dimensions.” She writes that we have four broad temperament constellations. One, built around the dopamine system, regulates enthusiasm for risk. A second, structured around the serotonin system, regulates sociability. A third, organized around the prenatal testosterone system, regulates attention to detail and aggressiveness. A fourth, organized around the estrogen and oxytocin systems, regulates empathy and verbal fluency.

This is an interesting schema to explain temperament. It would be interesting to see others in the field evaluate whether this is the best way to organize our thinking about our permanent natures.

The Pareto Principle & Temperament Dimensions Read More »

Some great gross parasites

Parasitoid Wasps

From Charles Q. Choi’s “Web-manipulating wasps” (Live Science: 2 March 2011):

Although parasites harm their hosts, they don’t usually kill them, if only to keep themselves alive. Not so with parasitoids, which ultimately destroy and often consume their hosts. Parasitoid wasps, which inspired the monster in the movie “Alien,” lay their eggs inside their victims, with the offspring eventually devouring their way out. A number of the species control their host’s minds in extraordinary ways — the larvae of the wasp Hymenoepimecis argyraphaga, which infests the spider Plesiometa argyra, makes their victims spin unusual webs especially well-suited for supporting their cocoons.

From Charles Q. Choi’s “Male-killing bacteria” (Live Science: 2 March 2011):

The genus of bacteria known as Wolbachia infests a whopping 70 percent of the world’s invertebrates, and has evolved devious strategies to keep spreading. In female hosts, the germ can hitch a ride to the next generation aboard the mother’s eggs, and since males are essentially useless for the bacteria’s survival, the parasite often eliminates them to increase the rate of females born, by either killing male embryos outright or turning them into females.

From Charles Q. Choi’s “Head-bursting fungus” (Live Science: 2 March 2011):

Dead ant zombified by fungus

Credit: David P. Hughes

In a bizarre death sentence, the fungus Ophiocordyceps unilateralis turns carpenter ants into the walking dead. The fungus prefers the undersides of leaves of plants growing on the forest floor. That’s where temperature, humidity and sunlight are ideal for the fungus to grow and reproduce and infect more victims. The parasite gets the insects to die hanging upside down, and then erupts a long stalk from their heads with which it sprinkle its spores to other ants. Fossil evidence recently suggested this fungus has zombified ants for millions of years.

From Charles Q. Choi’s “Tongue-eating crustacean” (Live Science: 2 March 2011):

The crustacean Cymothoa exigua has the dubious and unsettling honor of being the only parasite known to replace an organ. It enters through the gills of the spotted rose snapper, attaching to the base of the fish’s tongue, where it drinks its blood. The bloodsucking causes the tongue to eventually wither away, at which point the crustacean attaches itself to the tongue stub, acting as the fish’s tongue from then on.

Some great gross parasites Read More »

Ray Bradbury on Edgar Rice Burroughs

From Sam Weller’s interview of Ray Bradbury in “The Art of Fiction No. 203” (The Paris Review: Spring 2010, No. 192):

But as it turns out—and I love to say it because it upsets everyone terribly—[Edgar Rice] Burroughs is probably the most influential writer in the entire history of the world.

INTERVIEWER Why do you think that?

BRADBURY By giving romance and adventure to a whole generation of boys, Burroughs caused them to go out and decide to become special. That’s what we have to do for everyone, give the gift of life with our books. Say to a girl or boy at age ten, Hey, life is fun! Grow tall! I’ve talked to more biochemists and more astronomers and technologists in various fields, who, when they were ten years old, fell in love with John Carter and Tarzan and decided to become something romantic. Burroughs put us on the moon. All the technologists read Burroughs. I was once at Caltech with a whole bunch of scientists and they all admitted it. Two leading astronomers—one from Cornell, the other from Caltech—came out and said, Yeah, that’s why we became astronomers. We wanted to see Mars more closely.

Ray Bradbury on Edgar Rice Burroughs Read More »

William Burroughs on the necessary changes in biology

From Conrad Knickerbocker’s interview of William S. Burroughs in “The Art of Fiction No. 36” (The Paris Review: Fall 1965, No. 35):

Science eventually will be forced to establish courts of biologic mediation, because life-forms are going to become more incompatible with the conditions of existence as man penetrates further into space. Mankind will have to undergo biologic alterations ultimately, if we are to survive at all. This will require biologic law to decide what changes to make. We will simply have to use our intelligence to plan mutations, rather than letting them occur at random. Because many such mutations—look at the saber-toothed tiger—are bound to be very poor engineering designs. The future, decidedly, yes. I think there are innumerable possibilities, literally innumerable. The hope lies in the development of nonbody experience and eventually getting away from the body itself, away from three-dimensional coordinates and concomitant animal reactions of fear and flight, which lead inevitably to tribal feuds and dissension.

William Burroughs on the necessary changes in biology Read More »

Dan Ariely on irrational decision making

From Dan Ariely’s “Dan Ariely asks, Are we in control of our own decisions?” (TED: 24 June 2009):

I’ll give you a couple of more examples on irrational decision making. Imagine I give you a choice. Do you want to go for a weekend to Rome? All expenses paid, hotel, transportation, food, breakfast, a continental breakfast, everything. Or a weekend in Paris? Now, a weekend in Paris, a weekend in Rome, these are different things. They have different food, different culture, different art. Now imagine I added a choice to the set that nobody wanted. Imagine I said, “A weekend in Rome, a weekend in Paris, or having your car stolen?” It’s a funny idea. Because why would having your car stolen, in this set, influence anything? But what if the option to have your car stolen was not exactly like this. What if it was a trip to Rome, all expenses paid, transportation, breakfast. But doesn’t include coffee in the morning. If you want coffee you have to pay for it yourself. It’s two euros 50. Now in some ways, given that you can have Rome with coffee, why would you possibly want Rome without coffee? It’s like having your car stolen. It’s an inferior option. But guess what happened. The moment you add Rome without coffee, Rome with coffee becomes more popular. And people choose it. The fact that you have Rome without coffee makes Rome with coffee look superior. And not just to Rome without coffee, even superior to Paris.

Here are two examples of this principle. This was an ad from The Economist a few years ago that gave us three choices. An online subscription for 59 dollars. A print subscription for 125. Or you could get both for 125. Now I looked at this and I called up The Economist. And I tried to figure out what were they thinking. And they passed me from one person to another to another. Until eventually I got to a person who was in charge of the website. And I called them up. And they went to check what was going on. The next thing I know, the ad is gone. And no explanation.

So I decided to do the experiment that I would have loved The Economist to do with me. I took this and I gave it to 100 MIT students. I said, “What would you choose?” These are the market share. Most people wanted the combo deal. Thankfully nobody wanted the dominated option. That means our students can read. But now if you have an option that nobody wants you can take it off. Right? So I printed another version of this. Where I eliminated the middle option. I gave it to another 100 students. Here is what happens. Now the most popular option became the least popular. And the least popular became the most popular.

What was happening was the option that was useless, in the middle, was useless in the sense that nobody wanted it. But it wasn’t useless in the sense that it helped people figure out what they wanted. In fact, relative to the option in the middle, which was get only the print for 125, the print and web for 125 looked like a fantastic deal. And as a consequence, people chose it. The general idea here, by the way, is that we actually don’t know our preferences that well. And because we don’t know our preferences that well we’re susceptible to all of these influences from the external forces. The defaults, the particular options that are presented to us. And so on.

One more example of this. People believe that when we deal with physical attraction, we see somebody, and we know immediately whether we like them or not. Attracted or not. Which is why we have these four-minute dates. So I decided to do this experiment with people. I’ll show you graphic images of people — not real people. The experiment was with people. I showed some people a picture of Tom, and a picture of Jerry. I said “Who do you want to date? Tom or Jerry?” But for half the people I added an ugly version of Jerry. I took Photoshop and I made Jerry slightly less attractive. (Laughter) The other people, I added an ugly version of Tom. And the question was, will ugly Jerry and ugly Tom help their respective, more attractive brothers? The answer was absolutely yes. When ugly Jerry was around, Jerry was popular. When ugly Tom was around, Tom was popular.

Dan Ariely on irrational decision making Read More »

How male water striders blackmail females into sex

From Ed Yong’s “Male water striders summon predators to blackmail females into having sex” (Discover: 10 August 2010):

Water strider sex begins unceremoniously: the male mounts the female without any courtship rituals or foreplay. She may resist but if she does, he starts to actively strum the water surface with his legs. Each vibration risks attracting the attention of a hungry predator, like a fish or backswimmer (above). And because the female is underneath, she will bear the brunt of any assault. By creating dangerous vibes, the male intimidates the female into submitting to his advances. Faint heart, it is said, never did win fair lady.

A male water strider doesn’t have to go through the hardships of pregnancy and he plays no role in raising the next generation. It’s a theme that echoes throughout the animal kingdom and it means that the best strategy for him is to mate with as many females as possible. After all, he has plenty of sperm to go around. A female, however, has a limited supply of eggs and mating opportunities. When she has sex, it has to count, so it suits her to be choosy. And she has the right equipment for the job.

Last year, Chang Han and Piotr Jablonski from Seoul National University found that female red-backed water striders (Gerris gracilicornis) can block their vaginas with hard genital shields. This defence is important because once the male manages to insert his penis, he can inflate it to make him harder to throw off. The female’s only hope is to prevent him from getting through in the first place.

Hyper-violent males can sometimes wear the female down but some opt for a subtler approach – they tap intricate rhythms on the water with their legs. When Han and Jablonski discovered these rituals last year, they suggested that the males might be trying to demonstrate their quality, by tapping out the most consistent rhythms. Now, they have another explanation – the tapping is a form of blackmail, a way of coercing sex from the female with the threat of death.

The duo studied the preferences of the backswimmer – a predatory bug that floats upside-down at the water’s surface and listens out for the vibrations of potential prey. When given a choice between a silent male water strider and a mating pair with a tapping male, the backswimmer always headed towards the vibrating duo. And since these predators attack from below, the female was always the one who was injured while the male strode off to tap another day.

The backswimmer menace is so potent that after a few minutes of tapping from the male, the female relents by opening her genital shield. If she had been previously attacked by predators, she gave in almost instantly. And only when she relented did the male stop his threatening taps.

The battle of the sexes between male and female water striders has led to a whole suite of adaptations and counter-adaptations. Some males have evolved special grasping structures to give them a better hold of females, while females have responded by evolving spines and other defences to weaken their grip. Females evolved their impregnable genital shields, which males have countered with a behaviour that makes females more likely to lower their defences.

To be honest, the female water strider has an easy time of it. In other insects, where females have evolved an upper hand in the war of the sexes, males have developed even more extreme counter-strategies. Look no further than the common bedbug – the male bypasses the female’s genitals altogether and stabs his sharp penis straight into the female’s back, a technique known appropriately as traumatic insemination.

How male water striders blackmail females into sex Read More »

A summary of Galbraith’s The Affluent Society

From a summary of John Kenneth Galbraith’s The Affluent Society (Abridge Me: 1 June 2010):

The Concept of the Conventional Wisdom

The paradigms on which society’s perception of reality are based are highly conservative. People invest heavily in these ideas, and so are heavily resistant to changing them. They are only finally overturned by new ideas when new events occur which make the conventional wisdom appear so absurd as to be impalpable. Then the conventional wisdom quietly dies with its most staunch proponents, to be replaced with a new conventional wisdom. …

Economic Security

… Economics professors argue that the threat of unemployment is necessary to maintain incentives to high productivity, and simultaneously that established professors require life tenure in order to do their best work. …

The Paramount Position of Production

… Another irrationality persists (more in America than elsewhere?): the prestigious usefulness of private-sector output, compared to the burdensome annoyance of public expenditure. Somehow public expenditure can never quite be viewed as a productive and enriching element of national output; it is forever something to be avoided, at best a necessary encumbrance. Cars are important, roads are not. An expansion in telephone services improves the general well-being, cuts in postal services are a necessary economy. Vacuum cleaners to ensure clean houses boast our standard of living, street cleaners are an unfortunate expense. Thus we end up with clean houses and filthy streets. …

[W]e have wants at the margin only so far as they are synthesised. We do not manufacture wants for goods we do not produce. …

The Dependence Effect

… Modern consumer demand, at the margin, does not originate from within the individual, but is a consequence of production. It has two origins:

  1. Emulation: the desire to keep abreast of, or ahead of one’s peer group — demand originating from this motivation is created indirectly by production. Every effort to increase production to satiate want brings with it a general raising of the level of consumption, which itself increases want.
  2. Advertising: the direct influence of advertising and salesmanship create new wants which the consumer did not previously possess. Any student of business has by now come to view marketing as fundamental a business activity as production. Any want that can be significantly moulded by advertising cannot possibly have been strongly felt in the absence of that advertising — advertising is powerless to persuade a man that he is or is not hungry.

Inflation

… In 1942 a grateful and very anxious citizenry rewarded its soldiers, sailors, and airmen with a substantial increase in pay. In the teeming city of Honolulu, in prompt response to this advance in wage income, the prostitutes raised the prices of their services. This was at a time when, if anything, increased volume was causing a reduction in their average unit costs. However, in this instance the high military authorities, deeply angered by what they deemed improper, immoral, and indecent profiteering, ordered a return to the previous scale. …

The Theory of Social Balance

The final problem of the affluent society is the balance of goods it produces. Private goods: TVs, cars, cigarettes, drugs and alcohol are overproduced; public goods: education, healthcare, police services, park provision, mass transport and refuse disposal are underproduced. The consequences are extremely severe for the wellbeing of society. The balance between private and public consumption will be referred to as ‘the social balance’. The main reason for this imbalance is relatively straightforward. The forces we have identified which increase consumer demand as production rises (advertising and emulation) act almost entirely on the private sector. …

It is arguable that emulation acts on public services to an extent: a new school in one district may encourage neighbouring districts to ‘keep up’, but the effect is relatively miniscule.

Thus, private demand is artificially inflated and public demand is not, and the voter-consumer decides how to split his income between the two at the ballot box: inevitably public expenditure is grossly underrepresented. …

A summary of Galbraith’s The Affluent Society Read More »

Atheism is not fundamentalism

From PZ Myers’s “High Priest Epstein in Newsweek” (Pharyngula: 14 June 2007):

The “new atheism” (I don’t like that phrase, either) is about taking a core set of principles that have proven themselves powerful and useful in the scientific world — you’ve probably noticed that many of these uppity atheists are coming out of a scientific background — and insisting that they also apply to everything else people do. These principles are a reliance on natural causes and demanding explanations in terms of the real world, with a documentary chain of evidence, that anyone can examine. The virtues are critical thinking, flexibility, openness, verification, and evidence. The sins are dogma, faith, tradition, revelation, superstition, and the supernatural. There is no holy writ, and a central idea is that everything must be open to rational, evidence-based criticism — it’s the opposite of fundamentalism.

Atheism is not fundamentalism Read More »

Refusing a technology defines you

From Sander Duivestein’s “Penny Thoughts on the Technium” (The Technium: 1 December 2009):

I‘m interested in how people personally decide to refuse a technology. I’m interested in that process, because I think that will happen more and more as the number of technologies keep increasing. The only way we can sort our identity is by not using technology. We’re used to be that you define yourself by what you use now. You define yourself by what you don’t use. So I’m interested in that process.

Refusing a technology defines you Read More »

Why we laugh

From Gene Weingarten’s “The Peekaboo Paradox: The strange secrets of humor, fear and a guy who makes big money making little people laugh” (The Washington Post: 22 January 2006):

Even before they respond to a tickle, most babies will laugh at peekaboo. It’s their first “joke.” They are reacting to a sequence of events that begins with the presence of a familiar, comforting face. Then, suddenly, the face disappears, and you can read in the baby’s expression momentary puzzlement and alarm. When the face suddenly reappears, everything is orderly in the baby’s world again. Anxiety is banished, and the baby reacts with her very first laugh.

At its heart, laughter is a tool to triumph over fear. As we grow older, our senses of humor become more demanding and refined, but that basic, hard-wired reflex remains. We need it, because life is scary. Nature is heartless, people can be cruel, and death and suffering are inevitable and arbitrary. We learn to tame our terror by laughing at the absurdity of it all.

This point has been made by experts ranging from Richard Pryor to doctoral candidates writing tedious theses on the ontol-ogical basis of humor. Any joke, any amusing observation, can be deconstructed to fit. The seemingly benign Henny Youngman one-liner, “Take my wife . . . please!” relies in its heart on an understanding that love can become a straitjacket. By laughing at that recognition, you are rising above it, and blunting its power to disturb.

After the peekaboo age, but before the age of such sophisticated understanding, dwells the preschooler. His sense of humor is more than infantile but less than truly perceptive. He comprehends irony but not sarcasm. He lacks knowledge but not feeling. The central fact of his world — and the central terror to be overcome — is his own powerlessness.

Why we laugh Read More »

Ambient awareness & social media

From Clive Thompson’s “Brave New World of Digital Intimacy” (The New York Times Magazine: 5 September 2008):

In essence, Facebook users didn’t think they wanted constant, up-to-the-minute updates on what other people are doing. Yet when they experienced this sort of omnipresent knowledge, they found it intriguing and addictive. Why?

Social scientists have a name for this sort of incessant online contact. They call it “ambient awareness.” It is, they say, very much like being physically near someone and picking up on his mood through the little things he does — body language, sighs, stray comments — out of the corner of your eye. Facebook is no longer alone in offering this sort of interaction online. In the last year, there has been a boom in tools for “microblogging”: posting frequent tiny updates on what you’re doing. The phenomenon is quite different from what we normally think of as blogging, because a blog post is usually a written piece, sometimes quite long: a statement of opinion, a story, an analysis. But these new updates are something different. They’re far shorter, far more frequent and less carefully considered. One of the most popular new tools is Twitter, a Web site and messaging service that allows its two-million-plus users to broadcast to their friends haiku-length updates — limited to 140 characters, as brief as a mobile-phone text message — on what they’re doing. There are other services for reporting where you’re traveling (Dopplr) or for quickly tossing online a stream of the pictures, videos or Web sites you’re looking at (Tumblr). And there are even tools that give your location. When the new iPhone, with built-in tracking, was introduced in July, one million people began using Loopt, a piece of software that automatically tells all your friends exactly where you are.

This is the paradox of ambient awareness. Each little update — each individual bit of social information — is insignificant on its own, even supremely mundane. But taken together, over time, the little snippets coalesce into a surprisingly sophisticated portrait of your friends’ and family members’ lives, like thousands of dots making a pointillist painting. This was never before possible, because in the real world, no friend would bother to call you up and detail the sandwiches she was eating. The ambient information becomes like “a type of E.S.P.,” as Haley described it to me, an invisible dimension floating over everyday life.

“It’s like I can distantly read everyone’s mind,” Haley went on to say. “I love that. I feel like I’m getting to something raw about my friends. It’s like I’ve got this heads-up display for them.” It can also lead to more real-life contact, because when one member of Haley’s group decides to go out to a bar or see a band and Twitters about his plans, the others see it, and some decide to drop by — ad hoc, self-organizing socializing. And when they do socialize face to face, it feels oddly as if they’ve never actually been apart. They don’t need to ask, “So, what have you been up to?” because they already know. Instead, they’ll begin discussing something that one of the friends Twittered that afternoon, as if picking up a conversation in the middle.

You could also regard the growing popularity of online awareness as a reaction to social isolation, the modern American disconnectedness that Robert Putnam explored in his book “Bowling Alone.” The mobile workforce requires people to travel more frequently for work, leaving friends and family behind, and members of the growing army of the self-employed often spend their days in solitude. Ambient intimacy becomes a way to “feel less alone,” as more than one Facebook and Twitter user told me.

Ambient awareness & social media Read More »

Religion, God, history, morality

From Steve Paulson’s interview with Robert Wright, “God, He’s moody” (Salon: 24 June 2009):

Do you think religions share certain core principles?

Not many. People in the modern world, certainly in America, think of religion as being largely about prescribing moral behavior. But religion wasn’t originally about that at all. To judge by hunter-gatherer religions, religion was not fundamentally about morality before the invention of agriculture. It was trying to figure out why bad things happen and increasing the frequency with which good things happen. Why do you sometimes get earthquakes, storms, disease and get slaughtered? But then sometimes you get nice weather, abundant game and you get to do the slaughtering. Those were the religious questions in the beginning.

And bad things happened because the gods were against you or certain spirits had it out for you?

Yes, you had done something to offend a god or spirit. However, it was not originally a moral lapse. That’s an idea you see as societies get more complex. When you have a small group of hunter-gatherers, a robust moral system is not a big challenge. Everyone knows everybody, so it’s hard to conceal anything you steal. If you mess with somebody too much, there will be payback. Moral regulation is not a big problem in a simple society. But as society got more complex with the invention of agriculture and writing, morality did become a challenge. Religion filled that gap.

For people who claim that Israel was monotheistic from the get-go and its flirtations with polytheism were rare aberrations, it’s interesting that the Jerusalem temple, according to the Bible’s account, had all these other gods being worshiped in it. Asherah was in the temple. She seemed to be a consort or wife of Yahweh. And there were vessels devoted to Baal, the reviled Canaanite god. So Israel was fundamentally polytheistic at this point. Then King Josiah goes on a rampage as he tries to consolidate his own power by wiping out the other gods.

You make the point that the Quran is a different kind of sacred text than the Bible. It was probably written over the course of two decades, while the stories collected in the Bible were written over centuries. That’s why the Bible is such a diverse document.

We think of the Bible as a book, but in ancient times it would have been thought of as a library. There were books written by lots of different people, including a lot of cosmopolitan elites. You also see elements of Greek philosophy. The Quran is just one guy talking. In the Muslim view, he’s mediating the word of God. He’s not especially cosmopolitan. He is, according to Islamic tradition, illiterate. So it’s not surprising that the Quran didn’t have the intellectual diversity and, in some cases, the philosophical depth that you find in the Bible. I do think he was actually a very modern thinker. Muhammad’s argument for why you should be devoted exclusively to this one God is very modern.

Are you also saying we can be religious without believing in God?

By some definitions, yes. It’s hard to find a definition of religion that encompasses everything we call religion. The definition I like comes from William James. He said, “Religious belief consists of the belief that there is an unseen order and that our supreme good lies in harmoniously adjusting to that order.” In that sense, you can be religious without believing in God. In that sense, I’m religious. On the God question, I’m not sure.

Religion, God, history, morality Read More »

Malware forges online bank statements to hide fraud

From Kim Zetter’s “New Malware Re-Writes Online Bank Statements to Cover Fraud” (Wired: 30 September 2009):

New malware being used by cybercrooks does more than let hackers loot a bank account; it hides evidence of a victim’s dwindling balance by rewriting online bank statements on the fly, according to a new report.

The sophisticated hack uses a Trojan horse program installed on the victim’s machine that alters html coding before it’s displayed in the user’s browser, to either erase evidence of a money transfer transaction entirely from a bank statement, or alter the amount of money transfers and balances.

The ruse buys the crooks time before a victim discovers the fraud, though won’t work if a victim uses an uninfected machine to check his or her bank balance.

The novel technique was employed in August by a gang who targeted customers of leading German banks and stole Euro 300,000 in three weeks, according to Yuval Ben-Itzhak, chief technology officer of computer security firm Finjan.

The victims’ computers are infected with the Trojan, known as URLZone, after visiting compromised legitimate web sites or rogue sites set up by the hackers.

Once a victim is infected, the malware grabs the consumer’s log in credentials to their bank account, then contacts a control center hosted on a machine in Ukraine for further instructions. The control center tells the Trojan how much money to wire transfer, and where to send it. To avoid tripping a bank’s automated anti-fraud detectors, the malware will withdraw random amounts, and check to make sure the withdrawal doesn’t exceed the victim’s balance.

The money gets transferred to the legitimate accounts of unsuspecting money mules who’ve been recruited online for work-at-home gigs, never suspecting that the money they’re allowing to flow through their account is being laundered. The mule transfers the money to the crook’s chosen account. The cyber gang Finjan tracked used each mule only twice, to avoid fraud pattern detection.

The researchers also found statistics in the command tool showing that out of 90,000 visitors to the gang’s rogue and compromised websites, 6,400 were infected with the URLZone trojan. Most of the attacks Finjan observed affected people using Internet Explorer browsers …

Finjan provided law enforcement officials with details about the gang’s activities and says the hosting company for the Ukraine server has since suspended the domain for the command and control center. But Finjan estimates that a gang using the scheme unimpeded could rake in about $7.3 million annually.

Malware forges online bank statements to hide fraud Read More »

Why we get disoriented in malls

From Wikipedia’s “Gruen transfer” (28 September 2009):

In shopping mall design, the Gruen transfer refers to the moment when consumers respond to “scripted disorientation” cues in the environment. It is named for Austrian architect Victor Gruen (who disavowed such manipulative techniques) …

The Gruen transfer refers to the moment when a consumer enters a shopping mall, and, surrounded by an intentionally confusing layout, loses track of their original intentions. Spatial awareness of their surroundings play a key role, as does the surrounding sound and music. The effect of the transfer is marked by a slower walking pace and glazed eyes.

Why we get disoriented in malls Read More »

Girls & boys & brain chemicals

Twins #109
Creative Commons License photo credit: Oude School

From John Cloud’s “Why Girls Have BFFs and Boys Hang Out in Packs” (TIME: 17 July 2009):

For the better part of the past half-century, feminists, their opponents and armies of academics have debated the differences between men and women. Only in the past few years have scientists been able to use imaging technology to look inside men’s and women’s heads to investigate whether those stereotypical gender differences have roots in the brain. No concrete results have emerged from these studies yet, but now a new functional magnetic resonance imaging (fMRI) study of children offers at least one explanation for some common tween social behaviors: girls are hardwired to care about one-on-one relationships with their BFFs (best friends forever), while the brains of boys are more attuned to group dynamics and competition with other boys.

The study, conducted by researchers at the National Institute of Mental Health (NIMH) and Georgia State University, begins with a premise that every parent of a tween knows: as kids emerge into puberty, their focus changes dramatically. They care less about their families and more about their peers.

So what’s actually going on inside these young brains?

The results suggest that as girls progress from early puberty to late adolescence, certain regions of their brains become more active when they face a potential social interaction. Specifically, when an older girl anticipates meeting someone new — someone she believes will be interested in her — her nucleus accumbens (which is associated with reward and motivation), hypothalamus (associated with hormone secretion), hippocampus (associated with social learning) and insula (associated with subjective feelings) all become more active. By contrast, boys in the same situation show no such increase in activity in these areas. In fact, the activity in their insula actually declines.

Boys, it seems, aren’t as interested in one-on-one interactions as girls are. Previous research has shown that male adolescents instead become more focused on competition within larger groups (like between sports teams). Perhaps it’s evidence that evolution has programmed boys to compete within large groups, so they can learn to eliminate rivals for women — and that girls have been programmed to judge, one-on-one, who would be the most protective father for offspring.

Girls & boys & brain chemicals Read More »

RFID dust

RFID dust from Hitachi

From David Becker’s “Hitachi Develops RFID Powder” (Wired: 15 February 2007):

[Hitachi] recently showed a prototype of an RFID chip measuring a .05 millimeters square and 5 microns thick, about the size of a grain of sand. They expect to have ‘em on the market in two or three years.

The chips are packed with 128 bits of static memory, enough to hold a 38-digit ID number.

The size make the new chips ideal for embedding in paper, where they could verify the legitimacy of currency or event tickets. Implantation under the skin would be trivial…

RFID dust Read More »

RFID security problems

Old British passport cover
Creative Commons License photo credit: sleepymyf

2005

From Brian Krebs’ “Leaving Las Vegas: So Long DefCon and Blackhat” (The Washington Post: 1 August 2005):

DefCon 13 also was notable for being the location where two new world records were set — both involved shooting certain electronic signals unprecedented distances. Los Angeles-based Flexilis set the world record for transmitting data to and from a “passive” radio frequency identification (RFID) card — covering a distance of more than 69 feet. (Active RFID — the kind being integrated into foreign passports, for example — differs from passive RFID in that it emits its own magnetic signal and can only be detected from a much shorter distance.)

The second record set this year at DefCon was pulled off by some teens from Cincinnati, who broke the world record they set last year by building a device capable of maintaining an unamplified, 11-megabit 802.11b wireless Internet connection over a distance of 125 miles (the network actually spanned from Utah into Nevada).

From Andrew Brandt’s “Black Hat, Lynn Settle with Cisco, ISS” (PC World: 29 July 2005):

Security researcher Kevin Mahaffey makes a final adjustment to a series of radio antennas; Mahaffey used the directional antennas in a demonstration during his presentation, “Long Range RFID and its Security Implications.” Mahaffey and two of his colleagues demonstrated how he could increase the “read range” of radio frequency identification (RF) tags from the typical four to six inches to approximately 50 feet. Mahaffey said the tags could be read at a longer distance, but he wanted to perform the demonstration in the room where he gave the presentation, and that was the greatest distance within the room that he could demonstrate. RFID tags such as the one Mahaffey tested will begin to appear in U.S. passports later this year or next year.

2006

From Joris Evers and Declan McCullagh’s “Researchers: E-passports pose security risk” (CNET: 5 August 2006):

At a pair of security conferences here, researchers demonstrated that passports equipped with radio frequency identification (RFID) tags can be cloned with a laptop equipped with a $200 RFID reader and a similarly inexpensive smart card writer. In addition, they suggested that RFID tags embedded in travel documents could identify U.S. passports from a distance, possibly letting terrorists use them as a trigger for explosives.

At the Black Hat conference, Lukas Grunwald, a researcher with DN-Systems in Hildesheim, Germany, demonstrated that he could copy data stored in an RFID tag from his passport and write the data to a smart card equipped with an RFID chip.

From Kim Zetter’s “Hackers Clone E-Passports” (Wired: 3 August 2006):

In a demonstration for Wired News, Grunwald placed his passport on top of an official passport-inspection RFID reader used for border control. He obtained the reader by ordering it from the maker — Walluf, Germany-based ACG Identification Technologies — but says someone could easily make their own for about $200 just by adding an antenna to a standard RFID reader.

He then launched a program that border patrol stations use to read the passports — called Golden Reader Tool and made by secunet Security Networks — and within four seconds, the data from the passport chip appeared on screen in the Golden Reader template.

Grunwald then prepared a sample blank passport page embedded with an RFID tag by placing it on the reader — which can also act as a writer — and burning in the ICAO layout, so that the basic structure of the chip matched that of an official passport.

As the final step, he used a program that he and a partner designed two years ago, called RFDump, to program the new chip with the copied information.

The result was a blank document that looks, to electronic passport readers, like the original passport.

Although he can clone the tag, Grunwald says it’s not possible, as far as he can tell, to change data on the chip, such as the name or birth date, without being detected. That’s because the passport uses cryptographic hashes to authenticate the data.

Grunwald’s technique requires a counterfeiter to have physical possession of the original passport for a time. A forger could not surreptitiously clone a passport in a traveler’s pocket or purse because of a built-in privacy feature called Basic Access Control that requires officials to unlock a passport’s RFID chip before reading it. The chip can only be unlocked with a unique key derived from the machine-readable data printed on the passport’s page.

To produce a clone, Grunwald has to program his copycat chip to answer to the key printed on the new passport. Alternatively, he can program the clone to dispense with Basic Access Control, which is an optional feature in the specification.

As planned, U.S. e-passports will contain a web of metal fiber embedded in the front cover of the documents to shield them from unauthorized readers. Though Basic Access Control would keep the chip from yielding useful information to attackers, it would still announce its presence to anyone with the right equipment. The government added the shielding after privacy activists expressed worries that a terrorist could simply point a reader at a crowd and identify foreign travelers.

In theory, with metal fibers in the front cover, nobody can sniff out the presence of an e-passport that’s closed. But [Kevin Mahaffey and John Hering of Flexilis] demonstrated in their video how even if a passport opens only half an inch — such as it might if placed in a purse or backpack — it can reveal itself to a reader at least two feet away.

In addition to cloning passport chips, Grunwald has been able to clone RFID ticket cards used by students at universities to buy cafeteria meals and add money to the balance on the cards.

He and his partners were also able to crash RFID-enabled alarm systems designed to sound when an intruder breaks a window or door to gain entry. Such systems require workers to pass an RFID card over a reader to turn the system on and off. Grunwald found that by manipulating data on the RFID chip he could crash the system, opening the way for a thief to break into the building through a window or door.

And they were able to clone and manipulate RFID tags used in hotel room key cards and corporate access cards and create a master key card to open every room in a hotel, office or other facility. He was able, for example, to clone Mifare, the most commonly used key-access system, designed by Philips Electronics. To create a master key he simply needed two or three key cards for different rooms to determine the structure of the cards. Of the 10 different types of RFID systems he examined that were being used in hotels, none used encryption.

Many of the card systems that did use encryption failed to change the default key that manufacturers program into the access card system before shipping, or they used sample keys that the manufacturer includes in instructions sent with the cards. Grunwald and his partners created a dictionary database of all the sample keys they found in such literature (much of which they found accidentally published on purchasers’ websites) to conduct what’s known as a dictionary attack. When attacking a new access card system, their RFDump program would search the list until it found the key that unlocked a card’s encryption.

“I was really surprised we were able to open about 75 percent of all the cards we collected,” he says.

2009

From Thomas Ricker’s “Video: Hacker war drives San Francisco cloning RFID passports” (Engadget: 2 February 2009):

Using a $250 Motorola RFID reader and antenna connected to his laptop, Chris recently drove around San Francisco reading RFID tags from passports, driver licenses, and other identity documents. In just 20 minutes, he found and cloned the passports of two very unaware US citizens.

RFID security problems Read More »