writing ideas

The botnet hunters

security, writing ideas / /

From The Washington Post‘s “Bringing Botnets Out of the Shadows“:

Nicholas Albright’s first foray into some of the darkest alleys of the Internet came in November 2004, shortly after his father committed suicide. About a month following his father’s death, Albright discovered that online criminals had broken into his dad’s personal computer and programmed it to serve as part of a worldwide, distributed network for storing pirated software and movies. …

From that day forward, Albright poured all of his free time and pent-up anger over his father’s death into assembling “Shadowserver,” a group of individuals dedicated to battling large, remote-controlled herds of hacked personal PCs, also known as “botnets.” …

Each “bot” is a computer on which the controlling hacker has installed specialized software that allows him to commandeer many of its functions. Hackers use bots to further their online schemes or as collection points for users’ personal and financial information.

“I take my [handheld computer] everywhere so I can keep tabs on the botnets when I’m not at home,” Albright said …

On a Sunday afternoon in late February, Albright was lurking in an online channel that a bot herder uses to control a network of more than 1,400 hacked computers running Microsoft Windows software. The hacker controlling this botnet was seeding infected machines with “keyloggers,” …

Albright had already intercepted and dissected a copy of the computer worm that the attacker uses to seize control of computers — an operation that yielded the user name and password the hacker uses to run the control channel. By pretending to be just another freshly hacked bot reporting for duty, Albright passively monitors what the hackers are doing with their botnets and collects information that an Internet service provider would need to get the channel shut down.

Albright spied one infected PC reporting data about the online activities of its oblivious owner — from the detailed information flowing across the wire, it was clear that one of the infected computers belongs to a physician in Michigan.

“The botnet is running a keylogger, and I see patient data,” Albright said. …

“Anything you submit to law enforcement may help later if an investigation occurs,” he said. “Chances are, though, it will just be filed away in a database.”

Botnets are the workhorses of most online criminal enterprises today, allowing hackers to ply their trade anonymously — sending spam, sowing infected PCs with adware from companies that pay for each installation, or hosting fraudulent e-commerce and banking Web sites. …

… in the 13-month period ending in January, more than 13 million PCs around the world were infected with malicious code that turned them into bots.

… Shadowserver locates bot networks by deploying a series of “honeynets” — sensors that mimic computers with known security flaws — in an effort to lure attackers, allowing the group to capture samples of new bot programs. …

Shadowserver submits any new or undetected specimens to the major anti-virus companies. Andrews said he is constantly surprised by the sheer number of bot programs that do not get flagged as malicious by any of the programs. …

In Andrews’s experience, by far the most common reason criminals create botnets these days — other than perhaps to sell or rent them to other criminals — is to install online ad-serving software that earns the attacker a few pennies per install. …

Even after the Shadowserver crew has convinced an ISP to shut down a botmaster’s command-and-control channel, most of the bots will remain infected. Like lost sheep without a shepherd, the drones will continually try to reconnect to the hacker’s control server, unaware that it no longer exists. …

“Bot hunting can really take over your personal life, because to do this right you really have to stay on top of it — it can’t just be something you do on the weekends,” he said. “I guess it takes a special type of person to be able to sustain botnet hunting. … I don’t know anyone who pays people to do this kind of work.” …

Albright said that while federal law enforcement has recently made concerted efforts to reach out to groups like Shadowserver in hopes of building a more effective partnership, they don’t have the bodies, the technology, or the legal leeway to act directly on the information the groups provide. …

“Sadly, without more law enforcement support this will remain a chase-your-tail type game, because we won’t ever really shut these networks down until the bot master goes to jail, and his drones are cleaned.”

The botnet hunters Read More »

Zombie ships adrift off the shore of Africa

business, weird, writing ideas / /

From “Happiness: The Chinese zombie ships of West Africa“:

We’re in the big African Queen inflatable, cruising alongside an anchored trawler. It’s more rust than metal – the ship is rotting away. The foredeck is covered in broken machinery. The fish deck is littered with frayed cables, and the mast lies horizontally, hanging over the starboard side. A large rusty Chinese character hangs on railings above the bridge, facing forward. It reads ‘happiness’. …

Moff turns the boat, taking us to another of the rusting fishing vessels, 70 nautical miles (130km) off the coast of Guinea, West Africa. We had been told this was where old pirate fishing boats were left at anchor, abandoned. We didn’t expect to find living people on board the dying ships. …

We head away, going with the current, which was purple and green with the dregs of spilled fuel. Throughout the afternoon, I keep noticing just how dirty the water is, with oil and fragments of plastic.

We arrive at Long way 08, which is in line for refuelling. This trawler is in a poor state, with the hull covered in masses of good-sized shellfish.

Four young Chinese crewman meet us with smiles and welcomes. They tell us that some of them have been on board for 2 years, non-stop. The trawler itself has been out here for eight years, and would probably be kept going for another six or so, or as long it lasted.

Here’s the thing – these ships seldom, or ever, visit a port. They’re re-supplied, refuelled, re-crewed and transhipped (unloaded) at sea. The owners and crews don’t seem to do any basic maintenance, apart from keeping the engine and winches running. There’s no glass in the portholes, and the masts are a mess of useless wiring. These floating deathtraps don’t carry any proper safety gear – on one boat, I saw the half-barrel case of an inflatable liferaft being used to store a net. …

We move to the second ship, where again, a bunch of friendly young guys have been sitting at anchor for two months, waiting technical help and a new crew. Their engine doesn’t work, and they no safety gear or radio. They can, however, run their watermaker, for desalinating seawater. Lines of drying fish hang over the deck, but they’re running out of other food, and are often forced to signal other fishing boats for help. Like everyone else, their future is uncertain. …

… we talk to the chirpy Guinean fisheries observer on their vessel. He’s very chatty, and tells us what is going on – that the other trawler was basically being dumped here. He says that the Chinese boats were in poor shape generally, and that last year, one had sunk, taking 14 crew with it. What are conditions like on this boat? He shrugs: “Not good. But I have to have a job.” …

Later, as we drop some supplies to the engine-less trawler, we see one of the crew hauling himself along on a rope, while standing on a small raft. It’s bizarre sight, but this is how they get between the two decrepit vessels. …

Earlier in the day – before the graveyard of zombie trawlers, fisheries inspectors had told us of where the fish actually goes. Caught by the Chinese and other trawlers, it’s transhipped to several different vessels. ‘High value’ stock goes to Las Palmas, in the Canaries and off to the dinner tables of Europe. The ‘dirt’ fish is transhipped to Africa. The Chinese fishermen, it seems, barely get a look in. ‘Happiness’ indeed.

Zombie ships adrift off the shore of Africa Read More »

Hear someone typing & know what was written

security, writing ideas / /

From Edward Felten’s “Acoustic Snooping on Typed Information“:

Li Zhuang, Feng Zhou, and Doug Tygar have an interesting new paper showing that if you have an audio recording of somebody typing on an ordinary computer keyboard for fifteen minutes or so, you can figure out everything they typed. The idea is that different keys tend to make slightly different sounds, and although you don’t know in advance which keys make which sounds, you can use machine learning to figure that out, assuming that the person is mostly typing English text. (Presumably it would work for other languages too.) …

The algorithm works in three basic stages. First, it isolates the sound of each individual keystroke. Second, it takes all of the recorded keystrokes and puts them into about fifty categories, where the keystrokes within each category sound very similar. Third, it uses fancy machine learning methods to recover the sequence of characters typed, under the assumption that the sequence has the statistical characteristics of English text. …

The only advantage you have is that English text has persistent regularities. For example, the two-letter sequence “th” is much more common that “rq”, and the word “the” is much more common than “xprld”. This turns out to be enough for modern machine learning methods to do the job, despite the difficulties I described in the previous paragraph. The recovered text gets about 95% of the characters right, and about 90% of the words. It’s quite readable.

Hear someone typing & know what was written Read More »

Tracking terrorists with Unintended Information Revelation

security, writing ideas / /

From “New search engine to help thwart terrorists“:

With news that the London bombers were British citizens, radicalised on the streets of England and with squeaky-clean police records, comes the realisation that new mechanisms for hunting terrorists before they strike must be developed.

Researchers at the University of Buffalo, US, believe they have discovered a technique that will reveal information on public web sites that was not intended to be published.

The United States Federal Aviation Administration (FAA) and the National Science Foundation (NSF) are supporting the development of a new search engine based on Unintended Information Revelation (UIR), and designed for anti-terrorism applications.

UIR supposes that snippets of information – that by themselves appear to be innocent – may be linked together to reveal highly sensitive data.

… “A concept chain graph will show you what’s common between two seemingly unconnected things,” said Srihari. “With regular searches, the input is a set of key words, the search produces a ranked list of documents, any one of which could satisfy the query.

“UIR, on the other hand, is a composite query, not a keyword query. It is designed to find the best path, the best chain of associations between two or more ideas. It returns to you an evidence trail that says, ‘This is how these pieces are connected.'”

Tracking terrorists with Unintended Information Revelation Read More »

Water that uniquely identifies its owner

science, security, writing ideas / /

From SmartWater Technology:

SmartWater Security Systems are forensic coding systems which can be applied in several ways:

SmartWater Tracer

An aqueous based solution with a unique forensic code.

SmartWater Tracer uniquely codes your property, whilst being virtually invisible to the naked eye, glows under UV light and is practically impossible to remove entirely. Tracer is used in commercial businesses, schools, hospitals and other organisations. Tracer is also used in our Home Coding System so that you can use it safely on jewellery and other sentimental items.

SmartWater Instant

Forensic Coding combined with microdot technology.

SmartWater has been designed to protect household property and motor vehicles. Each bottle of SmartWater solution contains a unique forensic code, which is assigned to a household or vehicle.

An additional feature of SmartWater Instant is the inclusion of tiny micro-dot particles which enable Police to quickly identify the true owner of the property.

SmartWater SuperLabel

Forensic Coding is embedded into the adhesive of tamper resistant labels – combines effective asset management with the protection of Tracer.

The SuperLabel is designed to be tamper resistant making it extremely difficult to remove. Should the label be removed, ownership of the asset can be established from the smallest speck of adhesive, as it contains the forensic code. As with the other SmartWater products this is also designed to glow under Ultra Violet light. Your company logo can also be incorporated into the adhesive, providing quick identification of the true owner of the property.

Water that uniquely identifies its owner Read More »

How to fake an anthrax scare

science, security, writing ideas / /

From Bruce Schneier’s “White Powder Anthrax Hoaxes“:

Earlier this month, there was an anthrax scare at the Indonesian embassy in Australia. Someone sent them some white powder in an envelope, which was scary enough. Then it tested positive for bacillus. The building was decontaminated, and the staff was quarantined for twelve hours. By then, tests came back negative for anthrax.

A lot of thought went into this false alarm. The attackers obviously knew that their white powder would be quickly tested for the presence of a bacterium of the bacillus family (of which anthrax is a member), but that the bacillus would have to be cultured for a couple of days before a more exact identification could be made. So even without any anthrax, they managed to cause two days of terror.

… In an interesting side note, the media have revealed for the first time that 360 “white powder” incidents have taken place since 11 September 2001. This news had been suppressed by the government, which had issued D notices to the media for all such incidents. So there has been one such incident approximately every four days — an astonishing number, given Australia’s otherwise low crime rate.

How to fake an anthrax scare Read More »

A living story, tattooed on flesh

commonplace book, cool stuff, fiction, language & literature, on writing, weird / /

From The New York Times Magazine‘s “Skin Literature“:

Most artists spend their careers trying to create something that will live forever. But the writer Shelley Jackson is creating a work of literature that is intentionally and indisputably mortal. Jackson is publishing her latest short story by recruiting 2,095 people, each of whom will have one word of the story tattooed on his or her body. The story, titled ‘Skin,’ will appear only on the collective limbs, torsos and backsides of its participants. And decades from now, when the last of Jackson’s ‘words’ dies, so, too, will her tale.

As of November, Jackson, the Brooklyn-based author of a short-story collection called ‘The Melancholy of Anatomy,’ had enrolled about 1,800 volunteers, some from such distant countries as Argentina, Jordan, Thailand and Finland. Participants, who contact Jackson through her Web site, cannot choose which word they receive. And their tattoos must be inked in the font that Jackson has specified. But they do have some freedom to bend and stretch the narrative. They can select the place on their bodies they want to become part of the Jackson opus. In return, Jackson asks her ‘words’ to sign a 12-page release absolving her of liability and promising not to share the story with others. (Participants are the only people who will get to see the full text of the story.) They must also send her two photographs — one of the word on their skin, the other a portrait of themselves without the word visible — which she may later publish or exhibit.

… Mothers and daughters are requesting consecutive words. So are couples, perhaps hoping to form the syntactic equivalent of a civil union. For others, the motives are social: Jackson is encouraging her far-flung words to get to know each other via e-mail, telephone, even in person. (Imagine the possibilities. A sentence getting together for dinner. A paragraph having a party.) …

… when a participant meets his or her demise, Jackson vows, she will try to attend that person’s funeral. But the 41-year-old author understands that some of her 2,095 collaborators, many of whom are in their 20’s, might outlive her. If she dies first, she says, she hopes several of them will come to her funeral and make her the first writer ever to be mourned by her words.

A living story, tattooed on flesh Read More »

3500 forgotten cans

commonplace book, weird, writing ideas / /

From “Mental Health Association of Portland“:

Over 3,500 copper canisters like these hold the cremated remains of patients of the Oregon State Hospital that went unclaimed by their families and friends. They sit on shelves in an abandoned building on the grounds of the Oregon State Hospital. They symbolize the loneliness, isolation, shame and despair too many patients of the hospital experienced.

Our members are helping find a final resting place for the remains. We have helped families find their lost relatives. We’re pressing the hospital and the state to create a suitable memorial. We’ve demanded former, current and future patients be advised and consulted about the creation of a memorial, its site, design and any ceremony.

oregon_cans.jpg

From The New York Times‘ “Long-Forgotten Reminders Of the Mentally Ill in Oregon”:

Next to the old mortuary, where the dead were once washed and prepared for burial or cremation, is a locked room without a name.

Inside the room, in a dim and dusty corner of one of many abandoned buildings on the decaying campus of the Oregon State Hospital here, are 3,489 copper urns, the shiny metal dull and smeared with corrosion, the canisters turning green.

The urns hold the ashes of mental patients who died here from the late 1880’s to the mid-1970’s. The remains were unclaimed by families who had long abandoned their sick relatives, when they were alive and after they were dead.

The urns have engraved serial numbers pressed into the tops of the cans. The lowest number on the urns still stored in the room is 01, the highest 5,118. Over the decades, about 1,600 families have reclaimed urns containing their relatives’ ashes, but those left are lined up meticulously on wood shelves. Short strips of masking tape with storage information are affixed to each shelf: ”Vault #2, Shelf #36, plus four unmarked urns,” one piece of tattered tape says.

Most of the labels that once displayed the full names of the dead patients have been washed off by water damage or peeled away by time. Still, a few frayed labels are legible: among the urns stored on one shelf are a Bess, a Ben and an Andrew.

3500 forgotten cans Read More »

Which wires match the mouse test?

commonplace book, fiction, technology / /

From Computerworld’s “Q&A: A lost interview with ENIAC co-inventor J. Presper Eckert“:

What’s the zaniest thing you did while developing ENIAC?

The mouse cage was pretty funny. We knew mice would eat the insulation off the wires, so we got samples of all the wires that were available and put them in a cage with a bunch of mice to see which insulation they did not like. We only used wire that passed the mouse test.

Which wires match the mouse test? Read More »

How a 75-year-old jewel thief did it

commonplace book, fiction / /

From MSNBC’s “75-year-old jewel thief looks back“:

When Doris Payne went to work, she stepped into her fancy dress, high heels and donned a wide-brimmed hat. Her creamy, mocha skin was made up just so, her handbag always designer. Sometimes a pair of plain gold earrings would do. Always, she looked immaculate, well-to-do. …

New York. Colorado. Nevada. California. They all beckoned, and so did Greece and France, England and Switzerland as she plied her trade over five decades. …

There was the February day, eight years ago, when she strolled into the Neiman Marcus store on the Las Vegas Strip and asked to see a pair of diamond earrings. …

Employee Linda Sbrocco showed her several — this one … no, this one … how about that one? Soon Sbrocco was swapping jewelry in and out of cases at a dizzying pace. Payne slipped rings on and off, and had Sbrocco do the same.

Then Payne was gone. And so was a $36,000 marquis cut, 2.48-carat diamond ring.

This was how Doris Payne went about her work as an international jewel thief. …

Every month or every other month — no one knows how many times over more than 50 years — she strolled into a jewelry store and strolled out with a ring worth thousands of dollars.

Occasionally, she was caught. Mostly, she was not. …

She grew up in Slab Fork, W.Va., where her daddy worked in the coal mines and her mother sewed dresses and did alterations for extra money. Payne was the baby, the youngest of six who liked school and loved to show her illiterate father places on the world maps she made out of salt and flour, places she would someday visit. …

“It’s not stealing because I’m only taking what they give me,” Payne said. …

The Jewelers Security Alliance, an industry trade group, got on to Payne in the 1970s. Bulletins went out, warning jewelry stores about a slick, well-dressed black woman who was stealing diamond rings.

Where others might hit a store for several pieces of jewelry, Payne only took one or two expensive rings at a time. But what really made Doris Payne different was that she was so prolific and so good. …

In the early 1970s, Payne tried her skills overseas. First Paris. Then Monte Carlo, where she flew in 1974 and paid a visit to Cartier, coming away with a platinum diamond ring. When she got to the airport in Nice, custom agents suspected she had the ring and stopped her. The ring was never found.

During the investigation, Payne says she was kept in a “fifth-rate motel” by the Mediterranean. One day she asked the woman in charge for nail clippers and for a needle and thread to mend her dress. She used the clippers to pry the ring from its setting, sewed the diamond into her girdle and then tossed the setting into the sea, she says.

She wore her girdle day and night, even when it was wet from washing. Her room was searched every day, but the diamond remained hidden.

She wasn’t always so lucky. She’s been arrested more times than she can remember. One detective said her arrest report is more than 6 feet long — she’s done time in Ohio, Kentucky, West Virginia, Colorado and Wisconsin. …

Through the decades, she has used at least 22 aliases, among them Audrey Davis, Thelma White, Sonya Dowels, Marie Clements, Donna Gilbert.

How a 75-year-old jewel thief did it Read More »

Short story idea #43

fiction / /

Defense attorney for dictators.

It’s a tough business, being the lawyer that dictators call when they fall on hard times. They never bother to ring my phone when life is all castles and ice cream for every meal. No, they wait until they don’t really have a pot to piss in, and then they get on the horn to me and expect me to come running.

And you know what? I always do. There’s just something about a former dictator that gets my legal juices flowing. And hell, most of ’em aren’t such bad guys once you get to know ’em. Noreiga, for instance. That guy could tell a knee-slapper, let me tell you.

But you still need to be careful. Like any client, they’ll try to pull little stunts here and there to cheat you if you’re not careful. But I’m always careful. “Mr. Sableman don’t work for free,” I always say, “and he sure didn’t just fall off the turnip truck.”

Short story idea #43 Read More »

My high concept Hollywood movie

fiction, musings / /

In Hollywood there’s a meme known as “high concept”, the idea being that you can explain all there is to know about a movie in just a few words, ideally relating to another movie. So, for instance, you might describe a movie you’re looking to get a greenlight for as “Die Hard on a chicken farm” or “Fatal Attraction in a high school”.

So here’s my high concept: “Vampire hackers”.

That’s all you gotta know. You can write the movie in your head just from that.

Is that not awesome or what?!

My high concept Hollywood movie Read More »

A walkway of the dead

musings, writing ideas / /

I was walking around on Wash U’s campus a while back – I don’t remember where, exactly – when I looked down and noticed that I was walking over bricks that had been “donated” by folks who had given money to WU. This is standard practice a lot of places: donate $$$, get a brick with a message on it written by you.

As I walked, I was struck by the idea that many of the bricks were dedicated to people who had died. Further, one day all of the people listed on those bricks would be dead. Although it was a macabre thought, I realized that this was a walkway of the dead.

A walkway of the dead Read More »