control

The end of Storm?

From “Storm Worm botnet cracked wide open” (Heise Security: 9 January 2009):

A team of researchers from Bonn University and RWTH Aachen University have analysed the notorious Storm Worm botnet, and concluded it certainly isn’t as invulnerable as it once seemed. Quite the reverse, for in theory it can be rapidly eliminated using software developed and at least partially disclosed by Georg Wicherski, Tillmann Werner, Felix Leder and Mark Schlösser. However it seems in practice the elimination process would fall foul of the law.

Over the last two years, Storm Worm has demonstrated how easily organised internet criminals have been able to spread this infection. During that period, the Storm Worm botnet has accumulated more than a million infected computers, known as drones or zombies, obeying the commands of a control server and using peer-to-peer techniques to locate new servers. Even following a big clean-up with Microsoft’s Malicious Software Removal Tool, around 100,000 drones probably still remain. That means the Storm Worm botnet is responsible for a considerable share of the Spam tsunami and for many distributed denial-of-service attacks. It’s astonishing that no one has succeeded in dismantling the network, but these researchers say it isn’t due to technical finesse on the part of the Storm Worm’s developers.

Existing knowledge of the techniques used by the Storm Worm has mainly been obtained by observing the behaviour of infected systems, but the researchers took a different approach to disarm it. They reverse translated large parts of the machine code of the drone client program and analysed it, taking a particularly close look at the functions for communications between drones and with the server.

Using this background knowledge, they were able to develop their own client, which links itself into the peer-to-peer structure of a Storm Worm network in such a way that queries from other drones, looking for new command servers, can be reliably routed to it. That enables it to divert drones to a new server. The second step was to analyse the protocol for passing commands. The researchers were astonished to find that the server doesn’t have to authenticate itself to clients, so using their knowledge they were able to direct drones to a simple server. The latter could then issue commands to the test Storm worm drones in the laboratory so that, for example, they downloaded a specific program from a server, perhaps a special cleaning program, and ran it. The students then went on to write such a program.

The team has not yet taken the final step of putting the whole thing into action with a genuine Storm Worm botnet in the wild. From a legal point of view, that could involve many problems. Any unauthorised access to third-party computers could be regarded as tampering with data, which is punishable under paragraph § 303a of the German Penal Code. That paragraph threatens up to two years’ imprisonment for unlawfully deleting, suppressing, making unusable or changing third-party data. Although this legal process would only come into effect if there was a criminal complaint from an injured party, or if there was special public interest in the prosecution of the crime.

Besides risks of coming up against the criminal law, there is also a danger of civil claims for damages by the owners of infected PCs, because the operation might cause collateral damage. There are almost certain to be configurations in which the cleaning goes wrong, perhaps disabling computers so they won’t run any more. Botnet operators could also be expected to strike back, causing further damage.

The end of Storm? Read More »

Three top botnets

From Kelly Jackson Higgins’ “The World’s Biggest Botnets” (Dark Reading: 9 November 2007):

You know about the Storm Trojan, which is spread by the world’s largest botnet. But what you may not know is there’s now a new peer-to-peer based botnet emerging that could blow Storm away.

“We’re investigating a new peer-to-peer botnet that may wind up rivaling Storm in size and sophistication,” says Tripp Cox, vice president of engineering for startup Damballa, which tracks botnet command and control infrastructures. “We can’t say much more about it, but we can tell it’s distinct from Storm.”

Researchers estimate that there are thousands of botnets in operation today, but only a handful stand out by their sheer size and pervasiveness. Although size gives a botnet muscle and breadth, it can also make it too conspicuous, which is why botnets like Storm fluctuate in size and are constantly finding new ways to cover their tracks to avoid detection. Researchers have different head counts for different botnets, with Storm by far the largest (for now, anyway).

Damballa says its top three botnets are Storm, with 230,000 active members per 24 hour period; Rbot, an IRC-based botnet with 40,000 active members per 24 hour period; and Bobax, an HTTP-based botnet with 24,000 active members per 24 hour period, according to the company.

1. Storm

Size: 230,000 active members per 24 hour period

Type: peer-to-peer

Purpose: Spam, DDOS

Malware: Trojan.Peacomm (aka Nuwar)

Few researchers can agree on Storm’s actual size — while Damballa says its over 200,000 bots, Trend Micro says its more like 40,000 to 100,000 today. But all researchers say that Storm is a whole new brand of botnet. First, it uses encrypted decentralized, peer-to-peer communication, unlike the traditional centralized IRC model. That makes it tough to kill because you can’t necessarily shut down its command and control machines. And intercepting Storm’s traffic requires cracking the encrypted data.

Storm also uses fast-flux, a round-robin method where infected bot machines (typically home computers) serve as proxies or hosts for malicious Websites. These are constantly rotated, changing their DNS records to prevent their discovery by researchers, ISPs, or law enforcement. And researchers say it’s tough to tell how the command and control communication structure is set up behind the P2P botnet. “Nobody knows how the mother ships are generating their C&C,” Trend Micro’s Ferguson says.

Storm uses a complex combination of malware called Peacomm that includes a worm, rootkit, spam relay, and Trojan.

But researchers don’t know — or can’t say — who exactly is behind Storm, except that it’s likely a fairly small, tightly knit group with a clear business plan. “All roads lead back to Russia,” Trend Micro’s Ferguson says.

“Storm is only thing now that keeps me awake at night and busy,” he says. “It’s professionalized crimeware… They have young, talented programmers apparently. And they write tools to do administrative [tracking], as well as writing cryptographic routines… and another will handle social engineering, and another will write the Trojan downloader, and another is writing the rootkit.”

Rbot

Size: 40,000 active members per 24 hour period

Type: IRC

Purpose: DDOS, spam, malicious operations

Malware: Windows worm

Rbot is basically an old-school IRC botnet that uses the Rbot malware kit. It isn’t likely to ever reach Storm size because IRC botnets just can’t scale accordingly. “An IRC server has to be a beefy machine to support anything anywhere close to the size of Peacomm/Storm,” Damballa’s Cox says.

It can disable antivirus software, too. Rbot’s underlying malware uses a backdoor to gain control of the infected machine, installing keyloggers, viruses, and even stealing files from the machine, as well as the usual spam and DDOS attacks.

Bobax

Size: 24,000 active members per 24 hour period

Type: HTTP

Purpose: Spam

Malware: Mass-mailing worm

Bobax is specifically for spamming, Cox says, and uses the stealthier HTTP for sending instructions to its bots on who and what to spam. …

According to Symantec, Bobax bores open a back door and downloads files onto the infected machine, and lowers its security settings. It spreads via a buffer overflow vulnerability in Windows, and inserts the spam code into the IE browser so that each time the browser runs, the virus is activated. And Bobax also does some reconnaissance to ensure that its spam runs are efficient: It can do bandwidth and network analysis to determine just how much spam it can send, according to Damballa. “Thus [they] are able to tailor their spamming so as not to tax the network, which helps them avoid detection,” according to company research.

Even more frightening, though, is that some Bobax variants can block access to antivirus and security vendor Websites, a new trend in Website exploitation.

Three top botnets Read More »

Largest botnet as of 2006: 1.5 M machines

From Gregg Keizer’s “Dutch Botnet Bigger Than Expected” (InformationWeek: 21 October 2005):

Dutch prosecutors who last month arrested a trio of young men for creating a large botnet allegedly used to extort a U.S. company, steal identities, and distribute spyware now say they bagged bigger prey: a botnet of 1.5 million machines.

According to Wim de Bruin, a spokesman for the Public Prosecution Service (Openbaar Ministerie, or OM), when investigators at GOVCERT.NL, the Netherlands’ Computer Emergency Response Team, and several Internet service providers began dismantling the botnet, they discovered it consisted of about 1.5 million compromised computers, 15 times the 100,000 PCs first thought.

The three suspects, ages 19, 22, and 27, were arrested Oct. 6 …

The trio supposedly used the Toxbot Trojan horse to infect the vast number of machines, easily the largest controlled by arrested attackers.

Largest botnet as of 2006: 1.5 M machines Read More »

Srizbi, Bobax, & Storm – the rankings

From Gregg Keizer’s “RSA – Top botnets control 1M hijacked computers” (Computerworld: 4 October 2008):

Joe Stewart, director of malware research at SecureWorks, presented his survey at the RSA Conference, which opened Monday in San Francisco. The survey ranked the top 11 botnets that send spam; by extrapolating their size, Stewart estimated the bots on his list control just over a million machines and are capable of flooding the Internet with more than 100 billion spam messages every day.

The botnet at the top of the chart is Srizbi. According to Stewart, this botnet — which also goes by the names “Cbeplay” and “Exchanger” — has an estimated 315,000 bots and can blast out 60 billion messages a day.

While it may not have gotten the publicity that Storm has during the last year, it’s built around a much more substantial collection of hijacked computers, said Stewart. In comparison, Storm’s botnet counts just 85,000 machines, only 35,000 of which are set up to send spam. Storm, in fact, is No. 5 on Stewart’s list.

“Storm is pretty insignificant at this point,” said Stewart. “It got all this attention, so Microsoft added it to its malicious software detection tool [in September 2007], and that’s removed hundreds of thousands of compromised PCs from the botnet.”

The second-largest botnet is “Bobax,” which boasts an estimated 185,000 hacked systems in its collection. Able to spam approximately nine billion messages a day, Bobax has been around for some time, but recently has been in the news again, albeit under one of its several aliases.

Srizbi, Bobax, & Storm – the rankings Read More »

Prices for various services and software in the underground

From Tom Espiner’s “Cracking open the cybercrime economy” (CNET News: 14 December 2007):

“Over the years, the criminal elements, the ones who are making money, making millions out of all this online crime, are just getting stronger and stronger. I don’t think we are really winning this war.”

As director of antivirus research for F-Secure, you might expect Mikko Hypponen to overplay the seriousness of the situation. But according to the Finnish company, during 2007 the number of samples of malicious code on its database doubled, having taken 20 years to reach the size it was at the beginning of this year.

“From Trojan creation sites out of Germany and the Eastern bloc, you can purchase kits and support for malware in yearly contracts,” said [David Marcus, security research manager at McAfee Avert Labs]. “They present themselves as a cottage industry which sells tools or creation kits. It’s hard to tell if it’s a conspiracy or a bunch of autonomous individuals who are good at covering their tracks.”

Joe Telafici, director of operations at McAfee’s Avert Labs, said Storm is continuing to evolve. “We’ve seen periodic activity from Storm indicating that it is still actively being maintained. They have actually ripped out core pieces of functionality to modify the obfuscation mechanisms that weren’t working any more. Most people keep changing the wrapper until it gets by (security software)–these guys changed the functionality.”

Peter Gutmann, a security researcher at the University of Auckland, says in a report that malicious software via the affiliate model–in which someone pays others to infect users with spyware and Trojans–has become more prevalent in 2007.

The affiliate model was pioneered by the iframedollars.biz site in 2005, which paid Webmasters 6 cents per infected site. Since then, this has been extended to a “vast number of adware affiliates,” according to Gutmann. For example, one adware supplier pays 30 cents for each install in the United States, 20 cents in Canada, 10 cents in the United Kingdom, and 1 or 2 cents elsewhere.

Hackers also piggyback malicious software on legitimate software. According to Gutmann, versions of coolwebsearch co-install a mail zombie and a keystroke logger, while some peer-to-peer and file-sharing applications come with bundled adware and spyware.

In March, the price quoted on malware sites for the Gozi Trojan, which steals data and sends it to hackers in an encrypted form, was between $1,000 and $2,000 for the basic version. Buyers could purchase add-on services at varying prices starting at $20.

In the 2007 black economy, everything can be outsourced, according to Gutmann. A scammer can buy hosts for a phishing site, buy spam services to lure victims, buy drops to send the money to, and pay a cashier to cash out the accounts. …

Antidetection vendors sell services to malicious-software and botnet vendors, who sell stolen credit card data to middlemen. Those middlemen then sell that information to fraudsters who deal in stolen credit card data and pay a premium for verifiably active accounts. “The money seems to be in the middlemen,” Gutmann says.

One example of this is the Gozi Trojan. According to reports, the malware was available this summer as a service from iFrameBiz and stat482.com, who bought the Trojan from the HangUp team, a group of Russian hackers. The Trojan server was managed by 76service.com, and hosted by the Russian Business Network, which security vendors allege offered “bullet-proof” hosting for phishing sites and other illicit operations.

According to Gutmann, there are many independent malicious-software developers selling their wares online. Private releases can be tailored to individual clients, while vendors offer support services, often bundling antidetection. For example, the private edition of Hav-rat version 1.2, a Trojan written by hacker Havalito, is advertised as being completely undetectable by antivirus companies. If it does get detected then it will be replaced with a new copy that again is supposedly undetectable.

Hackers can buy denial-of-service attacks for $100 per day, while spammers can buy CDs with harvested e-mail addresses. Spammers can also send mail via spam brokers, handled via online forums such as specialham.com and spamforum.biz. In this environment, $1 buys 1,000 to 5,000 credits, while $1,000 buys 10,000 compromised PCs. Credit is deducted when the spam is accepted by the target mail server. The brokers handle spam distribution via open proxies, relays and compromised PCs, while the sending is usually done from the client’s PC using broker-provided software and control information.

Carders, who mainly deal in stolen credit card details, openly publish prices, or engage in private negotiations to decide the price, with some sources giving bulk discounts for larger purchases. The rate for credit card details is approximately $1 for all the details down to the Card Verification Value (CVV); $10 for details with CVV linked to a Social Security number; and $50 for a full bank account.

Prices for various services and software in the underground Read More »

Gottman on relationships

From THE MATHEMATICS OF LOVE: A Talk with John Gottman (Edge: 14 April 2004):

So far, his surmise is that “respect and affection are essential to all relationships working and contempt destroys them. It may differ from culture to culture how to communicate respect, and how to communicate affection, and how not to do it, but I think we’ll find that those are universal things”.

Another puzzle I’m working on is just what happens when a baby enters a relationship. Our study shows that the majority (67%) of couples have a precipitous drop in relationship happiness in the first 3 years of their first baby’s life. That’s tragic in terms of the climate of inter-parental hostility and depression that the baby grows up in. That affective climate between parents is the real cradle that holds the baby. And for the majority of families that cradle is unsafe for babies.

So far I believe we’re going to find that respect and affection are essential to all relationships working and contempt destroys them. It may differ from culture to culture how to communicate respect, and how to communicate affection, and how not to do it, but I think we’ll find that those are universal things.

Bob Levenson and I were very surprised when, in 1983, we found that we could actually predict, with over 90 percent accuracy, what was going to happen to a relationship over a three-year period just by examining their physiology and behavior during a conflict discussion, and later just from an interview about how the couple viewed their past. 90% accuracy!

That was surprising to us. It seemed that people either started in a mean-spirited way, a critical way, started talking about a disagreement, started talking about a problem as just a symptom of their partner’s inadequate character, which made their partner defensive and escalated the conflict, and people started getting mean and insulting to one another. That predicted the relationship was going to fall apart. 96% of the time the way the conflict discussion started in the first 3 minutes determined how it would go for the rest of the discussion. And four years later it was like no time had passed, their interaction style was almost identical. Also 69% of the time they were talking about the same issues, which we realized then were “perpetual issues” that they would never solve. These were basic personality differences that never went away. She was more extroverted or she was more of an explorer or he was more punctual or frugal.

Some couples were caught by the web of these perpetual issues and made each other miserable, they were “grid locked” like bumper-to-bumper traffic with these issues, while other couples had similar issues but coped with them and had a “dialogue” that even contained laughter and affection. It seemed that relationships last to the extent that you select someone whose annoying personality traits don’t send you into emotional orbit. Once again conventional wisdom was wrong. The big issue wasn’t helping couples resolve their conflicts, but moving them from gridlock to dialogue. And the secret of how to do that turned out to be having each person talk about their dream within the conflict and bringing Viktor Frankl’s existential logotherapy into the marital boxing ring. Once people talked about what they wished for and hoped for in this gridlock conflict and the narrative of why this was so important to them, in 86% of the cases they would move from gridlock to dialogue. Again a new door opened. Not all marital conflicts are the same. You can’t teach people a set of skills and just apply them to every issue. Some issues are deeper, they have more meaning. And then it turned out that the very issues that cause the most pain and alienation can also be the greatest sources of intimacy and connection.

Another surprise: we followed couples for as long as 20 years, and we found that there was another kind of couple that didn’t really show up on the radar; they looked fine, they weren’t mean, they didn’t escalate the conflict — but about 16 to 22 years after the wedding they started divorcing. They were often the pillars of their community. They seemed very calm and in control of their lives, and then suddenly they break up. Everyone is shocked and horrified. But we could look back at our early tapes and see the warning signs we had never seen before. Those people were people who just didn’t have very much positive connection. There wasn’t very much affection — and also especially humor — between them.

…These sorts of emotionally disconnected relationships were another important dimension of failed relationships. We learned through them that the quality of the friendship and intimacy affects the nature of conflict in a very big way.

One of the major things we found is that honoring your partner’s dreams is absolutely critical. A lot of times people have incompatible dreams — or they don’t want to honor their partner’s dreams, or they don’t want to yield power, they don’t want to share power. So that explains a lot of times why they don’t really belong together.

Psycho-physiology is an important part of this research. It’s something that Bob Levenson brought to the search initially, and then I got trained in psycho-physiology as well. And the reason we’re interested in what was happening in the body is that there’s an intimate connection between what’s happening to the autonomic nervous system and what happening in the brain, and how well people can take in information — how well they can just process information — for example, just being able to listen to your partner — that is much harder when your heart rate is above the intrinsic rate of the heart, which is around a hundred to a hundred and five beats a minute for most people with a healthy heart.

At that point we know, from Loren Rowling’s work, that people start secreting adrenalin, and then they get into a state of diffuse physiological arousal (or DPA) , so their heart is beating faster, it’s contracting harder, the arteries start getting constricted, blood is drawn away from the periphery into the trunk, the blood supply shuts down to the gut and the kidney, and all kinds of other things are happening — people are sweating, and things are happening in the brain that create a tunnel vision, one in which they perceive everything as a threat and they react as if they have been put in great danger by this conversation.

Because men are different. Men have a lot of trouble when they reach a state of vigilance, when they think there’s real danger, they have a lot of trouble calming down. and there’s probably an evolutionary history to that. Because it functioned very well for our hominid ancestors, anthropologists think, for men to stay physiologically aroused and vigilant, in cooperative hunting and protecting the tribe, which was a role that males had very early in our evolutionary history. Whereas women had the opposite sort of role, in terms of survival of the species, those women reproduced more effectively who had the milk-let-down reflex, which only happens when oxytocin is secreted in the brain, it only happens when women — as any woman knows who’s been breast-feeding, you have to be able to calm down and relax. But oxytocin is also the hormone of affiliation. So women have developed this sort of social order, caring for one another, helping one another, and affiliating, that also allows them to really calm down and have the milk let-down reflex. And so — it’s one of nature’s jokes. Women can calm down, men can’t; they stay aroused and vigilant.

Physiology becomes really critical in this whole thing. A provocative finding from Alyson Shapiro’s recent dissertation is that if we take a look at how a couple argues when the woman is in the sixth month of pregnancy, we can predict over half the variation in the baby, the three-month-old baby’s vagal tone, which is the ability of the vagus nerve, the major nerve of the parasympathetic branch of the autonomic nervous system, which is responsible for establishing calm and focusing attention. That vagus nerve in the baby is eventually going to be working well if the parents, during pregnancy, are fighting with each other constructively. That takes us into fetal development, a whole new realm of inquiry.

You have to study gay and Lesbian couples who are committed to each other as well as heterosexual couples who are committed to each other, and try and match things as much as you can, like how long they’ve been together, and the quality of their relationship. And we’ve done that, and we find that there are two gender differences that really hold up.

One is that if a man presents an issue, to either a man he’s in love with or a woman he’s in love with, the man is angrier presenting the issue. And we find that when a woman receives an issue, either from a woman she loves or a man she loves, she is much more sad than a man would be receiving that same issue. It’s about anger and sadness. Why? Remember, Bowlby taught us that attachment and loss and grief are part of the same system. So women are finely tuned to attaching and connecting and to sadness and loss and grief, while men are attuned to defend, stay vigilant, attack, to anger. My friend Levenson did an acoustic startle study (that’s where you shoot of a blank pistol behind someone’s head when they least expect it). Men had a bigger heart rate reactivity and took longer to recover, which we would expect, but what even more interesting is that when you asked people what they were feeling, women were scared and men were angry.

So that’s probably why those two differences have held up. Physiologically people find over and over again in heterosexual relationships — and this hasn’t been studied yet in gay and Lesbian relationships — that men have a lower flash point for increasing heart-rate arousal, and it takes them longer to recover. And not only that, but when men are trying to recover, and calm down, they can’t do it very well because they keep naturally rehearsing thoughts of righteous indignation and feeling like an innocent victim. They maintain their own vigilance and arousal with these thoughts, mostly of getting even, whereas women really can distract themselves and calm down physiologically from being angered or being upset about something. If women could affiliate and secrete oxytocin when they felt afraid, they’s even calm down faster, probably.

Gottman on relationships Read More »

ODF compared & constrasted with OOXML

From Sam Hiser’s “Achieving Openness: A Closer Look at ODF and OOXML” (ONLamp.com: 14 June 2007):

An open, XML-based standard for displaying and storing data files (text documents, spreadsheets, and presentations) offers a new and promising approach to data storage and document exchange among office applications. A comparison of the two XML-based formats–OpenDocument Format (“ODF”) and Office Open XML (“OOXML”)–across widely accepted “openness” criteria has revealed substantial differences, including the following:

  • ODF is developed and maintained in an open, multi-vendor, multi-stakeholder process that protects against control by a single organization. OOXML is less open in its development and maintenance, despite being submitted to a formal standards body, because control of the standard ultimately rests with one organization.
  • ODF is the only openly available standard, published fully in a document that is freely available and easy to comprehend. This openness is reflected in the number of competing applications in which ODF is already implemented. Unlike ODF, OOXML’s complexity, extraordinary length, technical omissions, and single-vendor dependencies combine to make alternative implementation unattractive as well as legally and practically impossible.
  • ODF is the only format unencumbered by intellectual property rights (IPR) restrictions on its use in other software, as certified by the Software Freedom Law Center. Conversely, many elements designed into the OOXML formats but left undefined in the OOXML specification require behaviors upon document files that only Microsoft Office applications can provide. This makes data inaccessible and breaks work group productivity whenever alternative software is used.
  • ODF offers interoperability with ODF-compliant applications on most of the common operating system platforms. OOXML is designed to operate fully within the Microsoft environment only. Though it will work elegantly across the many products in the Microsoft catalog, OOXML ignores accepted standards and best practices regarding its use of XML.

Overall, a comparison of both formats reveals significant differences in their levels of openness. While ODF is revealed as sufficiently open across all four key criteria, OOXML shows relative weakness in each criteria and offers fundamental flaws that undermine its candidacy as a global standard.

ODF compared & constrasted with OOXML Read More »

The future of security

From Bruce Schneier’s “Security in Ten Years” (Crypto-Gram: 15 December 2007):

Bruce Schneier: … The nature of the attacks will be different: the targets, tactics and results. Security is both a trade-off and an arms race, a balance between attacker and defender, and changes in technology upset that balance. Technology might make one particular tactic more effective, or one particular security technology cheaper and more ubiquitous. Or a new emergent application might become a favored target.

By 2017, people and organizations won’t be buying computers and connectivity the way they are today. The world will be dominated by telcos, large ISPs and systems integration companies, and computing will look a lot like a utility. Companies will be selling services, not products: email services, application services, entertainment services. We’re starting to see this trend today, and it’s going to take off in the next 10 years. Where this affects security is that by 2017, people and organizations won’t have a lot of control over their security. Everything will be handled at the ISPs and in the backbone. The free-wheeling days of general-use PCs will be largely over. Think of the iPhone model: You get what Apple decides to give you, and if you try to hack your phone, they can disable it remotely. We techie geeks won’t like it, but it’s the future. The Internet is all about commerce, and commerce won’t survive any other way.

Marcus Ranum: … Another trend I see getting worse is government IT know-how. At the rate outsourcing has been brain-draining the federal workforce, by 2017 there won’t be a single government employee who knows how to do anything with a computer except run PowerPoint and Web surf. Joking aside, the result is that the government’s critical infrastructure will be almost entirely managed from the outside. The strategic implications of such a shift have scared me for a long time; it amounts to a loss of control over data, resources and communications.

Bruce Schneier: … I’m reminded of the post-9/11 anti-terrorist hysteria — we’ve confused security with control, and instead of building systems for real security, we’re building systems of control. Think of ID checks everywhere, the no-fly list, warrantless eavesdropping, broad surveillance, data mining, and all the systems to check up on scuba divers, private pilots, peace activists and other groups of people. These give us negligible security, but put a whole lot of control in the government’s hands.

That’s the problem with any system that relies on control: Once you figure out how to hack the control system, you’re pretty much golden. So instead of a zillion pesky worms, by 2017 we’re going to see fewer but worse super worms that sail past our defenses.

The future of security Read More »

Old botnets dead; new botnets coming

From Joel Hruska’s “Meet Son of Storm, Srizbi 2.0: next-gen botnets come online” (Ars Technica: 15 January 2009):

First the good news: SecureWorks reports that Storm is dead, Bobax/Kraken is moribund, and both Srizbi and Rustock were heavily damaged by the McColo takedown; Srizbi is now all but silent, while Rustock remains viable. That’s three significant botnets taken out and one damaged in a single year; cue (genuine) applause.

The bad news kicks in further down the page with a fresh list of botnets what need to be watched. Rustock and Mega-D (also known as Ozdok) are still alive and kicking, while newcomers Xarvester and Waledac could cause serious problems in 2009. Xarvester, according to Marshal may be an updated form of Srizbi; the two share a number of common features, including:

* HTTP command and control over nonstandard ports
* Encrypted template files contain several files needed for spamming
* Bots don’t need to do their own DNS lookups to send spam
* Config files have similar format and data
* Uploads Minidump crash file

Old botnets dead; new botnets coming Read More »

A one-way ticket to crazyville

Tanguma's The Children of the World Dream of P...
Image by rsgranne via Flickr
Tanguma's The Children of the World Dream of P...
Image by rsgranne via Flickr
Tanguma's The Children of the World Dream of P...
Image by rsgranne via Flickr

From Dave Alan’s “Interview with Alex Christopher” (Leading Edge Research Group: 1 June 1996):

Legend: DA [Dave Alan, Host] AC: [Alex Christopher] C: [Caller]

(Note: according to former British Intelligence agent Dr. John Coleman, the London-based Wicca Mason lodges are one-third of the overall global conspiracy. The other two thirds are the Black Nobility banking families who claim direct descent from the early Roman emperors, and also the Maltese Jesuits or the Jesuit – Knights of Malta network. All three networks each have 13 representatives within the Bilderberg organization, which is a cover for the Bavarian Illuminati, suggestive that Bavaria itself has orchestrated a “marriage of convenience” between these three formerly competitive global control groups. – Branton)

AC: All right. The information, primarily, that is in “Pandora’s Box” covers how the major corporations, railroad and banking concerns in this country were set up through a ‘trust’ that was originally known as the Virginia Company… The deal was that everything would remain under English control, or subservient to it, and that brings us right up to today, because we are still looking at everything falling under that ‘trust’ system going back to the Crown of England. It is mind boggling to think that everyone in this country has been led to believe that the people in the United States had won independence from England, when in fact they never did.

AC: The capstone, or the dedication stone, for the Denver airport has a Masonic symbol on it. A whole group of us went out to the airport to see some friends off and see this capstone, which also has a time capsule imbedded inside it. It sits at the south eastern side of the terminal which, by the way, is called “The Great Hall”, which is what Masons refer to as their meeting hall. And, on this thing it mentions “the New World Airport Commission”. …

AC: It has a Masonic symbol on it, and it also has very unusual geometric designs. It depicts an arm rising up out of it that curves at a 45 degree angle. It also has a thing that looks like a keypad on it. This capstone structure is made of carved granite and stainless steel, and it is very fancy.. This little keypad area at the end of the arm has an out-of-place unfinished wooden block sitting on it. The gentleman that was with me on the first trip out to the airport has since died. They say he committed suicide, but everything else tells me that this is not possible. No one can double-tie a catheter behind his own neck and strangle himself. I just don’t think that is possible. But, his name was Phil Schneider, and he started blowing the whistle on all this stuff going on in the underground bases that he had helped build for years and years. He worked on the underground bases at Area 51 and Dulce, New Mexico, as well as several other places. Schneider told me that this keypad-looking area looked like a form of techno-geometry that is “alien-oriented”, and that it had something to do with a “directional system”, whatever that meant, that functioned as a homing beacon to bring ships right into the “Great Hall”.

(Note: … Remember even through the Bilderbergers consist of a “marriage of convenience” between Londonese Wicca Masons, Basilian Black Nobility and Roman Maltese Jesuits… the supreme controllers of the Bildeberger cult itself are the secret black Gnostic cults of Bavaria whose ‘Cult of the Serpent’ — or Illuminati — can be traced back to Egypt and ultimately to Babylon itself. These Rockefeller-Nazi projects reportedly continued through at least 1975 during which period many thousands more “underground Nazis” were brought into America from Europe and also, if we are to believe some reports, from the secret German “New Berlin” base under the mountains of Neu Schwabenland, Antarctica that was established during World War II via Nazi-occupied South Africa. Is Neu Schwabenland the REAL power behind the joint Bavarian-Alien New World Order Agenda? …)

AC: … It took myself and two other people over eight months to figure out all the symbology that is embodied in these murals. It turned out that some of these are ‘trigger’ pictures, containing symbology designed to trigger altered personalities of people that have been groomed in MKULTRA type programs for specific tasks that they have been trained to do in terms of something connected with Satanic rituals and mind control. I had one woman that called me out of the blue one night, and she was really disturbed about some information. She told me many different things that later turned out to be known MKULTRA triggers. Also, almost every aspect of these murals contains symbols relating back to secret societies. When you get the overall view of what they are talking about in these things, it is very very scary. It goes back to the Bio-diversity Treaty, getting rid of specific races of people, taking over the world and mind control.

AC: Well, the gentleman that I was dealing with, Phil Schneider, said that during the last year of construction they were connecting the underground airport system to the deep underground base. He told me that there was at least an eight-level deep underground base there, and that there was a 4.5 square mile underground city and an 88.5 square-mile base underneath the airport.

DA: You were telling me that there are huge concrete corridors with sprinklers all along the ceiling. What are these sprinkler heads doing in a concrete bunker, pray tell? (Presumably concrete will not ‘burn’ if there is a potential fire, so is it possible that something other than ‘water’ is meant to be expelled from these sprinklers which are located “all along” the ceiling? – Branton)

AC: I think a lot of the people saw things that disturbed them so much that they would not talk about it. I know several people who worked on the project that managed to find their way down into the depths, probably close to the deep underground base, and saw things that scared them so badly they won’t talk about it. I interviewed a few of the former employees on these construction crews that worked out there on these buildings that ended up buried, and they are afraid to talk. They say that everybody is real nervous about it, and they decided to tell some of the secrets that they knew, but they don’t want anybody to know who they are. So, I can tell you that it is a very unusual and spooky type of place, and if you are a sensitive person you get nauseated as soon as you enter the perimeter of the airport. Especially when you go down underground. You become very nauseated a nervous. There is also so much electromagnetic flux in the area that if you get out on the open ground around the airport, you will ‘buzz’.

AC: If Phil is right, and all this hooks up to the deep underground base that he was offered the plans to build back in 1979, and that what this other man TOLD me in private [is] that there is a lot of human SLAVE LABOR in these deep underground bases being used by these aliens, and that a lot of this slave labor is children. HE SAID that when the children reach the point that they are unable to work any more, they are slaughtered on the spot and consumed.

DA: Consumed by who?

AC: Aliens. Again, this is not from me, but from a man that gave his life to get this information out. He worked down there for close to 20 years, and he knew everything that was going on.

DA: Hmmm. Who do these aliens eat?

AC: They specifically like young human children, that haven’t been contaminated like adults. Well, there is a gentleman out giving a lot of information from a source he gets it from, and he says that there is an incredible number of children snatched in this country.

DA: Over 200,000 each year.

AC: And that these children are the main entree for dinner.

AC: Yes. From some information that has been put out by a group or team that also works in these underground bases that is trying to get information out to people that love this country, THERE IS A WAR THAT IS GOING ON UNDER OUT FEET, AND ABOVE OUR HEADS, that the public doesn’t know anything about, and its between these ALIEN forces and the HUMANS that are trying to fight them.

DA: What other types have you seen?

AC: The ones that I have seen are the big-eyed Greys and the Reptilians.

DA: What do these Reptilians look like?

AC: There are three different types.

AC: … Anyway, they were both totally flipped out. I finally got them calmed down enough to let me go home. I went home and went to bed. The next thing I know, I woke up and there is this ‘thing’ standing over my bed. He had wrap-around yellow eyes with snake pupils, and pointed ears and a grin that wrapped around his head. He had a silvery suit on, and this scared the living daylights out of me. I threw the covers over my head and started screaming….I mean, here is this thing with a Cheshire-cat grin and these funky glowing eyes…this is too much. I have seen that kind of being on more than one occasion.

DA: What else can you say about it?

AC: Well, he had a hooked nose and he was [humanoid] looking, other than the eyes, and had kind of grayish skin. Later on in 1991, I was working in a building in a large city, and I had taken a break about 6:00, and the next thing I knew it was 10:30 at night, and I thought I had taken a short break. I started remembering that I was taken aboard a ship, through four floors of an office building, and through a roof. There on the ship is were I encountered ‘GERMANS’ AND ‘AMERICANS’ WORKING TOGETHER, and also the GREY ALIENS, and then we were taken to some other kind of facility and there I saw the REPTILIANS again … the one’s I call the “baby Godzilla’s”, that have the short teeth and yellow slanted eyes, and who look like a VELOCI-RAPTOR, kind of.

DA: So, why would these people pick on you?

AC: Well, I found one common denominator in the abduction, and it keeps on being repeated over and over again. I deal with lots of people who have been abducted, and the one common denominator seems to be the blood line, and its the blood line that goes back to ancient Indian or Native American blood lines.

AC: Well, at that facility I saw the almond-eyed Greys, but the thing that sticks in my mind are the beings that look like reptiles, or the veloci-raptors. They are the cruelest beings you could ever imagine, and they even smell hideous. There were a couple of very unusual areas down there where I was taken which looked like cold storage lockers, where these things were in hibernation tubes, and that is about all I remember, other than seeing some black helicopters and little round-wing disk type aircraft

In the book “Cosmic Conflict”, the author talks about the ancient city that was uncovered by the Germans before World War II, and tells about their effort to revive some frozen humans they found in this underground city, and that the true humans couldn’t be revived, but the ones that could be revived were in fact reptilians in disguise, and the reptilians have the capability to do shape-shifting and create a [laser] holographic image so when you look at them you see a human, but under that there is no human there. … Allegedly the reptilians re-animated and killed the Soviet scientists and through some type of psychic osmosis drained their minds and assimilated their memories and features through a molecular shape-shifting type process. … The alien ‘impostors’ then called for backup and more scientists came out and were ‘replaced’, and these eventually returned to Russia and began to infiltrate the Communist government.

AC: These people that have done all this research and are part of the underground government are telling that the humans on this planet have been at war with these reptilian aliens for thousands of years. At one point, things got so hot on the planet, like it is now, aliens took on this holographic image and infiltrated the human race in order to take it over and undermine it, just like this New World Order is doing right now. They’re saying that the same thing happened to civilization on Earth before, and that the humans before actually had the capability for interplanetary travel, and that it was so bad here with the reptilians that they had to leave… What they are also saying is that these beings that are human-looking that are visiting our planet, at this time, trying to inform people what is going on, and guide them, are actually OUR ANCESTORS THAT ESCAPED FROM EARTH before, when it was under reptilian domination.

AC: I went to South Florida a couple of weeks ago and interviewed a man who had done research for 30 years, and oddly enough, he tapped into some of the same information I had, in that our government has had round-winged, saucer-type technology, high mach speed aircraft since the 1920’s, and that in 1952 they had over 500 of these aircraft hidden in secret bases. Now, if they had that in 1952, considering that military technology grows by 44 years for every year that goes by, what do you imagine they have now, 44 years later, after technology has advanced the equivalent of 1,936 years?

AC: He claims to be one of the ones who jumped overboard off the Eldridge when it went into hyperspace during the Philadelphia Experiment. He actually traveled forward in time, and asked the people that he encountered there what happened in his future. At that time, he was given the information about the New World Order and that Denver was the location for the NWO Western Sector, and that Atlanta was supposed to be the control center for the Eastern Sector. Can it be that the fact that the Olympics is supposed to be in Atlanta is part of a scenario?

A one-way ticket to crazyville Read More »

Bruce Schneier on wholesale, constant surveillance

From Stephen J. Dubner’s interview with Bruce Schneier in “Bruce Schneier Blazes Through Your Questions” (The New York Times: 4 December 2007):

There’s a huge difference between nosy neighbors and cameras. Cameras are everywhere. Cameras are always on. Cameras have perfect memory. It’s not the surveillance we’ve been used to; it’s wholesale surveillance. I wrote about this here, and said this: “Wholesale surveillance is a whole new world. It’s not ‘follow that car,’ it’s ‘follow every car.’ The National Security Agency can eavesdrop on every phone call, looking for patterns of communication or keywords that might indicate a conversation between terrorists. Many airports collect the license plates of every car in their parking lots, and can use that database to locate suspicious or abandoned cars. Several cities have stationary or car-mounted license-plate scanners that keep records of every car that passes, and save that data for later analysis.

“More and more, we leave a trail of electronic footprints as we go through our daily lives. We used to walk into a bookstore, browse, and buy a book with cash. Now we visit Amazon, and all of our browsing and purchases are recorded. We used to throw a quarter in a toll booth; now EZ Pass records the date and time our car passed through the booth. Data about us are collected when we make a phone call, send an e-mail message, make a purchase with our credit card, or visit a Web site.”

What’s happening is that we are all effectively under constant surveillance. No one is looking at the data most of the time, but we can all be watched in the past, present, and future. And while mining this data is mostly useless for finding terrorists (I wrote about that here), it’s very useful in controlling a population.

Bruce Schneier on wholesale, constant surveillance Read More »

How it feels to drown, get decapitated, get electrocuted, and more

From Anna Gosline’s “Death special: How does it feel to die?” (New Scientist: 13 October 2007):

Death comes in many guises, but one way or another it is usually a lack of oxygen to the brain that delivers the coup de grâce. Whether as a result of a heart attack, drowning or suffocation, for example, people ultimately die because their neurons are deprived of oxygen, leading to cessation of electrical activity in the brain – the modern definition of biological death.

If the flow of freshly oxygenated blood to the brain is stopped, through whatever mechanism, people tend to have about 10 seconds before losing consciousness. They may take many more minutes to die, though, with the exact mode of death affecting the subtleties of the final experience.

Drowning

Typically, when a victim realises that they cannot keep their head above water they tend to panic, leading to the classic “surface struggle”. They gasp for air at the surface and hold their breath as they bob beneath, says Tipton. Struggling to breathe, they can’t call for help. Their bodies are upright, arms weakly grasping, as if trying to climb a non-existent ladder from the sea. Studies with New York lifeguards in the 1950s and 1960s found that this stage lasts just 20 to 60 seconds.

When victims eventually submerge, they hold their breath for as long as possible, typically 30 to 90 seconds. After that, they inhale some water, splutter, cough and inhale more. Water in the lungs blocks gas exchange in delicate tissues, while inhaling water also triggers the airway to seal shut – a reflex called a laryngospasm. “There is a feeling of tearing and a burning sensation in the chest as water goes down into the airway. Then that sort of slips into a feeling of calmness and tranquility,” says Tipton, describing reports from survivors.

That calmness represents the beginnings of the loss of consciousness from oxygen deprivation, which eventually results in the heart stopping and brain death.

Heart attack

The most common symptom is, of course, chest pain: a tightness, pressure or squeezing, often described as an “elephant on my chest”, which may be lasting or come and go. This is the heart muscle struggling and dying from oxygen deprivation. Pain can radiate to the jaw, throat, back, belly and arms. Other signs and symptoms include shortness of breath, nausea and cold sweats.

Most victims delay before seeking assistance, waiting an average of 2 to 6 hours. Women are the worst, probably because they are more likely to experience less well-known symptoms, such as breathlessness, back or jaw pain, or nausea, says JoAnn Manson, an epidemiologist at Harvard Medical School.

Even small heart attacks can play havoc with the electrical impulses that control heart muscle contraction, effectively stopping it. In about 10 seconds the person loses consciousness, and minutes later they are dead.

Bleeding to death

People can bleed to death in seconds if the aorta, the major blood vessel leading from the heart, is completely severed, for example, after a severe fall or car accident.

Death could creep up much more slowly if a smaller vein or artery is nicked – even taking hours. Such victims would experience several stages of haemorrhagic shock. The average adult has 5 litres of blood. Losses of around 750 millilitres generally cause few symptoms. Anyone losing 1.5 litres – either through an external wound or internal bleeding – feels weak, thirsty and anxious, and would be breathing fast. By 2 litres, people experience dizziness, confusion and then eventual unconsciousness.

Fire

Long the fate of witches and heretics, burning to death is torture. Hot smoke and flames singe eyebrows and hair and burn the throat and airways, making it hard to breathe. Burns inflict immediate and intense pain through stimulation of the nociceptors – the pain nerves in the skin. To make matters worse, burns also trigger a rapid inflammatory response, which boosts sensitivity to pain in the injured tissues and surrounding areas.

Most people who die in fires do not in fact die from burns. The most common cause of death is inhaling toxic gases – carbon monoxide, carbon dioxide and even hydrogen cyanide – together with the suffocating lack of oxygen. One study of fire deaths in Norway from 1996 found that almost 75 per cent of the 286 people autopsied had died from carbon monoxide poisoning.

Depending on the size of the fire and how close you are to it, concentrations of carbon monoxide could start to cause headache and drowsiness in minutes, eventually leading to unconsciousness. According to the US National Fire Protection Association, 40 per cent of the victims of fatal home fires are knocked out by fumes before they can even wake up.

Decaptitation

Beheading, if somewhat gruesome, can be one of the quickest and least painful ways to die – so long as the executioner is skilled, his blade sharp, and the condemned sits still.

Quick it may be, but consciousness is nevertheless believed to continue after the spinal chord is severed. A study in rats in 1991 found that it takes 2.7 seconds for the brain to consume the oxygen from the blood in the head; the equivalent figure for humans has been calculated at 7 seconds.

It took the axeman three attempts to sever the head of Mary Queen of Scots in 1587. He had to finish the job with a knife.

Decades earlier in 1541, Margaret Pole, the Countess of Salisbury, was executed at the Tower of London. She was dragged to the block, but refused to lay her head down. The inexperienced axe man made a gash in her shoulder rather than her neck. According to some reports, she leapt from the block and was chased by the executioner, who struck 11 times before she died.

Electrocution

In accidental electrocutions, usually involving low, household current, the most common cause of death is arrhythmia, stopping the heart dead. Unconsciousness ensues after the standard 10 seconds, says Richard Trohman, a cardiologist at Rush University in Chicago. One study of electrocution deaths in Montreal, Canada found that 92 per cent had probably died from arrhythmia.

Higher currents can produce nearly immediate unconsciousness.

Fall from a height

A high fall is certainly among the speediest ways to die: terminal velocity (no pun intended) is about 200 kilometres per hour, achieved from a height of about 145 metres or more. A study of deadly falls in Hamburg, Germany, found that 75 per cent of victims died in the first few seconds or minutes after landing.

The exact cause of death varies, depending on the landing surface and the person’s posture. People are especially unlikely to arrive at the hospital alive if they land on their head – more common for shorter (under 10 metres) and higher (over 25 metres) falls. A 1981 analysis of 100 suicidal jumps from the Golden Gate Bridge in San Francisco – height: 75 metres, velocity on impact with the water: 120 kilometres per hour – found numerous causes of instantaneous death including massive lung bruising, collapsed lungs, exploded hearts or damage to major blood vessels and lungs through broken ribs.

Survivors of great falls often report the sensation of time slowing down. The natural reaction is to struggle to maintain a feet-first landing, resulting in fractures to the leg bones, lower spinal column and life-threatening broken pelvises. The impact travelling up through the body can also burst the aorta and heart chambers. Yet this is probably still the safest way to land, despite the force being concentrated in a small area: the feet and legs form a “crumple zone” which provides some protection to the major internal organs.

Some experienced climbers or skydivers who have survived a fall report feeling focused, alert and driven to ensure they landed in the best way possible: relaxed, legs bent and, where possible, ready to roll.

Hanging

Suicides and old-fashioned “short drop” executions cause death by strangulation; the rope puts pressure on the windpipe and the arteries to the brain. This can cause unconsciousness in 10 seconds, but it takes longer if the noose is incorrectly sited. Witnesses of public hangings often reported victims “dancing” in pain at the end of the rope, struggling violently as they asphyxiated. Death only ensues after many minutes, as shown by the numerous people being resuscitated after being cut down – even after 15 minutes.

When public executions were outlawed in Britain in 1868, hangmen looked for a less performance-oriented approach. They eventually adopted the “long-drop” method, using a lengthier rope so the victim reached a speed that broke their necks. It had to be tailored to the victim’s weight, however, as too great a force could rip the head clean off, a professionally embarrassing outcome for the hangman.

Despite the public boasting of several prominent executioners in late 19th-century Britain, a 1992 analysis of the remains of 34 prisoners found that in only about half of cases was the cause of death wholly or partly due to spinal trauma. Just one-fifth showed the classic “hangman’s fracture” between the second and third cervical vertebrae. The others died in part from asphyxiation.

Lethal injection

Read full article
Continue reading page |1 |2 |3 |4

Michael Spence, an anthropologist at the University of Western Ontario in London, Canada, has found similar results in US victims. He concluded, however, that even if asphyxiation played a role, the trauma of the drop would have rapidly rendered all of them unconscious. “What the hangmen were looking for was quick cessation of activity,” he says. “And they knew enough about their craft to ensure that happened. The thing they feared most was decapitation.”
Lethal injection

US-government approved, but is it really painless?

Lethal injection was designed in Oklahoma in 1977 as a humane alternative to the electric chair. The state medical examiner and chair of anaesthesiology settled on a series of three drug injections. First comes the anaesthetic thiopental to speed away any feelings of pain, followed by a paralytic agent called pancuronium to stop breathing. Finally potassium chloride is injected, which stops the heart almost instantly.

Each drug is supposed to be administered in a lethal dose, a redundancy to ensure speedy and humane death. However, eyewitnesses have reported inmates convulsing, heaving and attempting to sit up during the procedure, suggesting the cocktail is not always completely effective.

Explosive decompression

In real life there has been just one fatal space depressurisation accident. This occurred on the Russian Soyuz-11 mission in 1971, when a seal leaked upon re-entry into the Earth’s atmosphere; upon landing all three flight crew were found dead from asphyxiation.

Most of our knowledge of depressurisation comes from animal experiments and the experiences of pilots in accidents at very high altitudes. When the external air pressure suddenly drops, the air in the lungs expands, tearing the fragile gas exchange tissues. This is especially damaging if the victim neglects to exhale prior to decompression or tries to hold their breath. Oxygen begins to escape from the blood and lungs.

Experiments on dogs in the 1950s showed that 30 to 40 seconds after the pressure drops, their bodies began to swell as the water in tissues vaporised, though the tight seal of their skin prevented them from “bursting”. The heart rate rises initially, then plummets. Bubbles of water vapour form in the blood and travel through the circulatory system, obstructing blood flow. After about a minute, blood effectively stops circulating.

Human survivors of rapid decompression accidents include pilots whose planes lost pressure, or in one case a NASA technician who accidentally depressurised his flight suit inside a vacuum chamber. They often report an initial pain, like being hit in the chest, and may remember feeling air escape from their lungs and the inability to inhale. Time to the loss of consciousness was generally less than 15 seconds.

How it feels to drown, get decapitated, get electrocuted, and more Read More »

How the Storm botnet defeats anti-virus programs

From Lisa Vaas’ “Storm Worm Botnet Lobotomizing Anti-Virus Programs” (eWeek: 24 October 2007):

According to an Oct. 22 posting by Sophos analyst Richard Cohen, the Storm botnet – Sophos calls it Dorf, and its also known as Ecard malware – is dropping files that call a routine that gets Windows to tell it every time a new process is started. The malware checks the process file name against an internal list and kills the ones that match – sometimes. But Storm has taken a new twist: It now would rather leave processes running and just patch entry points of loading processes that might pose a threat to it. Then, when processes such as anti-virus programs run, they simply return a value of 0.

The strategy means that users wont be alarmed by their anti-virus software not running. Even more ominously, the technique is designed to fool NAC (network access control) systems, which bar insecure clients from registering on a network by checking to see whether a client is running anti-virus software and whether its patched.

Its the latest evidence of why Storm is “the scariest and most substantial threat” security researchers have ever seen, he said. Storm is patient, its resilient, its adaptive in that it can defeat anti-virus products in multiple ways (programmatically, it changes its signature every 30 minutes), its invisible because it comes with a rootkit built in and hides at the kernel level, and its clever enough to change every few weeks.

Hence the hush-hush nature of research around Storm. Corman said he can tell us that its now accurately pegged at 6 million, but he cant tell us who came up with the figure, or how. Besides retribution, Storms ability to morph means that those who know how to watch it are jealously guarding their techniques. “None of the researchers wanted me to say anything about it,” Corman said. “They’re afraid of retaliation. They fear that if we disclose their unique means of finding information on Storm,” the botnet herder will change tactics yet again and the window into Storm will slam shut.

How the Storm botnet defeats anti-virus programs Read More »

A woman who never forgets anything

From Samiha Shafy’s “An Infinite Loop in the Brain” (Der Spiegel: 21 November 2008):

Price can rattle off, without hesitation, what she saw and heard on almost any given date. She remembers many early childhood experiences and most of the days between the ages of 9 and 15. After that, there are virtually no gaps in her memory. “Starting on Feb. 5, 1980, I remember everything. That was a Tuesday.”

“People say to me: Oh, how fascinating, it must be a treat to have a perfect memory,” she says. Her lips twist into a thin smile. “But it’s also agonizing.”

In addition to good memories, every angry word, every mistake, every disappointment, every shock and every moment of pain goes unforgotten. Time heals no wounds for Price. “I don’t look back at the past with any distance. It’s more like experiencing everything over and over again, and those memories trigger exactly the same emotions in me. It’s like an endless, chaotic film that can completely overpower me. And there’s no stop button.”

She’s constantly bombarded with fragments of memories, exposed to an automatic and uncontrollable process that behaves like an infinite loop in a computer. Sometimes there are external triggers, like a certain smell, song or word. But often her memories return by themselves. Beautiful, horrific, important or banal scenes rush across her wildly chaotic “internal monitor,” sometimes displacing the present. “All of this is incredibly exhausting,” says Price.

The scientists were able to verify her autobiographical data because she has meticulously kept a diary since the age of 10. She has filled more than 50,000 pages with tiny writing, documenting every occurrence, no matter how insignificant. Writing things down helps Price organize the thoughts and images shimmering in her head.

In fact, she feels a strong need to document her life. This includes hoarding every possible memento from childhood, including dolls, stuffed animals, cassette tapes, books, a drawer from dresser she had when she was five. “I have to be able to touch my memories,” Price explains.

[James McGaugh, founder of the Center for the Neurobiology of Learning and Memory at the University of California in Irvine,] and his colleagues concluded that Price’s episodic memory, her recollection of personal experiences and the emotions associated with them, is virtually perfect. A case like this has never been described in the history of memory research, according to McGaugh. He explains that Price differs substantially from other people with special powers of recall, such as autistic savants, because she uses no strategies to help her remember and even does a surprisingly poor job on some memory tests.

It’s difficult for her to memorize poems or series of numbers — which helps explain why she never stood out in school. Her semantic memory, the ability to remember facts not directly related to everyday life, is only average.

Two years ago, the scientists published their first conclusions in a professional journal without revealing the identity of their subject. Since then, more than 200 people have contacted McGaugh, all claiming to have an equally perfect episodic memory. Most of them were exposed as fakes. Three did appear to have similarly astonishing abilities. “Their personalities are very different. The others are not as anxious as Jill. But they achieve comparable results in the tests,” McGaugh reports.

The subjects do have certain compulsive traits in common, says McGaugh, especially compulsive hoarding. The three others are left-handed, and Price also showed a tendency toward left-handedness in tests.

In neurobiological terms, a memory is a stored pattern of links between nerve cells in the brain. It is created when synapses in a network of neurons are activated for a short time. The more often the memory is recalled afterwards, the more likely it is that permanent links develop between the nerve cells — and the pattern will be stored as a long-term memory. In theory there are so many possible links that an almost unlimited number of memories can be permanently stored.

So why don’t all people have the same powers of recollection as Jill Price? “If we could remember everything equally well, the brain would be hopelessly overburdened and would operate more slowly,” says McGaugh. He says forgetting is a necessary condition of having a viable memory — except in the case of Price and the other three memory superstars.

A woman who never forgets anything Read More »

Denver International Airport, home to alien reptilians enslaving children in deep dungeons

From Jared Jacang Maher’s “DIA Conspiracies Take Off” (Denver Westword News: 30 August 2007):

Chris from Indianapolis has heard that the tunnels below DIA [Denver International Airport] were constructed as a kind of Noah’s Ark so that five million people could escape the coming earth change; shaken and earnest, he asks how someone might go about getting on the list.

Today, dozens of websites are devoted to the “Denver Airport Conspiracy,” and theorists have even nicknamed the place “Area 52.” Wikipedia presents DIA as a primary example of New World Order symbolism, above the entry about the eyeball/pyramid insignia on the one-dollar bill. And over the past two years, DIA has been the subject of books, articles, documentaries, radio interviews and countless YouTube and forum board postings, all attempting to unlock its mysteries. While the most extreme claim maintains that a massive underground facility exists below the airport where an alien race of reptilian humanoids feeds on missing children while awaiting the date of government-sponsored rapture, all of the assorted theories share a common thread: The key to decoding the truth about DIA and the sinister forces that control our reality is contained within the two Tanguma murals, “In Peace and Harmony With Nature” and “The Children of the World Dream of Peace.”

And not all these theorists are Unabomber-like crackpots uploading their hallucinations from basement lairs. Former BBC media personality David Icke, for example, has written twenty books in his quest to prove that the world is controlled by an elite group of reptilian aliens known as the Babylonian Brotherhood, whose ranks include George W. Bush, Queen Elizabeth II, the Jews and Kris Kristofferson. In various writings, lectures and interviews, he has long argued that DIA is one of many home bases for the otherworldly creatures, a fact revealed in the lizard/alien-faced military figure shown in Tanguma’s murals.

“Denver is scheduled to be the Western headquarters of the US New World Order during martial law take over,” Icke wrote in his 1999 book, The Biggest Secret. “Other contacts who have been underground at the Denver Airport claim that there are large numbers of human slaves, many of them children, working there under the control of the reptilians.”

On the other end of the conspiracy spectrum is anti-vaccination activist Dr. Len Horowitz, who believes that global viruses such as AIDS, Ebola, West Nile, tuberculosis and SARS are actually population-control plots engineered by the government. The former dentist from Florida does not speak about 2012 or reptiles — in fact, he sees Icke’s Jewish alien lizards as a Masonic plot to divert observers from the true earthly enemies: remnants of the Third Reich. He even used the mural’s sword-wielding military figure as the front cover of his 2001 book, Death in the Air.

“The Nazi alien symbolizes the Nazi-fascist links between contemporary population controllers and the military-medical-petrochemical-pharmaceutical cartel largely accountable for Hitler’s rise to power,” Horowitz explained in a 2003 interview with BookWire.

Although conspiracy theories vary widely, they all share three commonalities. “One is the belief that nothing happens by accident,” [Syracuse University professor Michael Barkun, author of the 2006 book A Culture of Conspiracy] points out. “Another is that everything is connected. And a third is that nothing is as it seems.” [Emphasis added]

[Alex] Christopher is a 65-year-old grandmother living in Alabama.

Christopher, on the other hand, was open to hearing anything. A man called her and said he had found an elevator at DIA that led to a corridor that led all the way down into a military base that also contained alien-operated concentration camps. She detailed this theory in her next book, Pandora’s Box II…

And the scale of DIA reflected this desire: It was to be the largest, most modern airport in the world. But almost as soon as ground was broken in 1989, problems cropped up. The massive public-works project was encumbered by design changes, difficult airline negotiations, allegations of cronyism in the contracting process, rumors of mismanagement and real troubles with the $700 million (and eventually abandoned) automated baggage system. Peña’s successor, Wellington Webb, was forced to push back the 1993 opening date three times. By the time DIA finally opened in February 1995, the original $1.5 billion cost had grown to $5.2 billion. Three months after that opening, the Congressional Subcommittee on Aviation held a special hearing on DIA in which one member said the Denver airport represented the “worst in government inefficiency, political behind-the-scenes deal-making, and financial mismanagement.” …

And what looked like a gamble in 1995 seems to have paid off for Denver. Today, DIA is considered one of the world’s most efficient, spacious and technologically advanced airports. It is the fifth-busiest in the nation and tenth-busiest in the world, serving some 50 million passengers in 2006.

Denver International Airport, home to alien reptilians enslaving children in deep dungeons Read More »

An analysis of Google’s technology, 2005

From Stephen E. Arnold’s The Google Legacy: How Google’s Internet Search is Transforming Application Software (Infonortics: September 2005):

The figure Google’s Fusion: Hardware and Software Engineering shows that Google’s technology framework has two areas of activity. There is the software engineering effort that focuses on PageRank and other applications. Software engineering, as used here, means writing code and thinking about how computer systems operate in order to get work done quickly. Quickly means the sub one-second response times that Google is able to maintain despite its surging growth in usage, applications and data processing.

Google is hardware plus software

The other effort focuses on hardware. Google has refined server racks, cable placement, cooling devices, and data center layout. The payoff is lower operating costs and the ability to scale as demand for computing resources increases. With faster turnaround and the elimination of such troublesome jobs as backing up data, Google’s hardware innovations give it a competitive advantage few of its rivals can equal as of mid-2005.

How Google Is Different from MSN and Yahoo

Google’s technologyis simultaneously just like other online companies’ technology, and very different. A data center is usually a facility owned and operated by a third party where customers place their servers. The staff of the data center manage the power, air conditioning and routine maintenance. The customer specifies the computers and components. When a data center must expand, the staff of the facility may handle virtually all routine chores and may work with the customer’s engineers for certain more specialized tasks.

Before looking at some significant engineering differences between Google and two of its major competitors, review this list of characteristics for a Google data center.

1. Google data centers – now numbering about two dozen, although no one outside Google knows the exact number or their locations. They come online and automatically, under the direction of the Google File System, start getting work from other data centers. These facilities, sometimes filled with 10,000 or more Google computers, find one another and configure themselves with minimal human intervention.

2. The hardware in a Google data center can be bought at a local computer store. Google uses the same types of memory, disc drives, fans and power supplies as those in a standard desktop PC.

3. Each Google server comes in a standard case called a pizza box with one important change: the plugs and ports are at the front of the box to make access faster and easier.

4. Google racks are assembled for Google to hold servers on their front and back sides. This effectively allows a standard rack, normally holding 40 pizza box servers, to hold 80.

5. A Google data center can go from a stack of parts to online operation in as little as 72 hours, unlike more typical data centers that can require a week or even a month to get additional resources online.

6. Each server, rack and data center works in a way that is similar to what is called “plug and play.” Like a mouse plugged into the USB port on a laptop, Google’s network of data centers knows when more resources have been connected. These resources, for the most part, go into operation without human intervention.

Several of these factors are dependent on software. This overlap between the hardware and software competencies at Google, as previously noted, illustrates the symbiotic relationship between these two different engineering approaches. At Google, from its inception, Google software and Google hardware have been tightly coupled. Google is not a software company nor is it a hardware company. Google is, like IBM, a company that owes its existence to both hardware and software. Unlike IBM, Google has a business model that is advertiser supported. Technically, Google is conceptually closer to IBM (at one time a hardware and software company) than it is to Microsoft (primarily a software company) or Yahoo! (an integrator of multiple softwares).

Software and hardware engineering cannot be easily segregated at Google. At MSN and Yahoo hardware and software are more loosely-coupled. Two examples will illustrate these differences.

Microsoft – with some minor excursions into the Xbox game machine and peripherals – develops operating systems and traditional applications. Microsoft has multiple operating systems, and its engineers are hard at work on the company’s next-generation of operating systems.

Several observations are warranted:

1. Unlike Google, Microsoft does not focus on performance as an end in itself. As a result, Microsoft gets performance the way most computer users do. Microsoft buys or upgrades machines. Microsoft does not fiddle with its operating systems and their subfunctions to get that extra time slice or two out of the hardware.

2. Unlike Google, Microsoft has to support many operating systems and invest time and energy in making certain that important legacy applications such as Microsoft Office or SQLServer can run on these new operating systems. Microsoft has a boat anchor tied to its engineer’s ankles. The boat anchor is the need to ensure that legacy code works in Microsoft’s latest and greatest operating systems.

3. Unlike Google, Microsoft has no significant track record in designing and building hardware for distributed, massively parallelised computing. The mice and keyboards were a success. Microsoft has continued to lose money on the Xbox, and the sudden demise of Microsoft’s entry into the home network hardware market provides more evidence that Microsoft does not have a hardware competency equal to Google’s.

Yahoo! operates differently from both Google and Microsoft. Yahoo! is in mid-2005 a direct competitor to Google for advertising dollars. Yahoo! has grown through acquisitions. In search, for example, Yahoo acquired 3721.com to handle Chinese language search and retrieval. Yahoo bought Inktomi to provide Web search. Yahoo bought Stata Labs in order to provide users with search and retrieval of their Yahoo! mail. Yahoo! also owns AllTheWeb.com, a Web search site created by FAST Search & Transfer. Yahoo! owns the Overture search technology used by advertisers to locate key words to bid on. Yahoo! owns Alta Vista, the Web search system developed by Digital Equipment Corp. Yahoo! licenses InQuira search for customer support functions. Yahoo has a jumble of search technology; Google has one search technology.

Historically Yahoo has acquired technology companies and allowed each company to operate its technology in a silo. Integration of these different technologies is a time-consuming, expensive activity for Yahoo. Each of these software applications requires servers and systems particular to each technology. The result is that Yahoo has a mosaic of operating systems, hardware and systems. Yahoo!’s problem is different from Microsoft’s legacy boat-anchor problem. Yahoo! faces a Balkan-states problem.

There are many voices, many needs, and many opposing interests. Yahoo! must invest in management resources to keep the peace. Yahoo! does not have a core competency in hardware engineering for performance and consistency. Yahoo! may well have considerable competency in supporting a crazy-quilt of hardware and operating systems, however. Yahoo! is not a software engineering company. Its engineers make functions from disparate systems available via a portal.

The figure below provides an overview of the mid-2005 technical orientation of Google, Microsoft and Yahoo.

2005 focuses of Google, MSN, and Yahoo

The Technology Precepts

… five precepts thread through Google’s technical papers and presentations. The following snapshots are extreme simplifications of complex, yet extremely fundamental, aspects of the Googleplex.

Cheap Hardware and Smart Software

Google approaches the problem of reducing the costs of hardware, set up, burn-in and maintenance pragmatically. A large number of cheap devices using off-the-shelf commodity controllers, cables and memory reduces costs. But cheap hardware fails.

In order to minimize the “cost” of failure, Google conceived of smart software that would perform whatever tasks were needed when hardware devices fail. A single device or an entire rack of devices could crash, and the overall system would not fail. More important, when such a crash occurs, no full-time systems engineering team has to perform technical triage at 3 a.m.

The focus on low-cost, commodity hardware and smart software is part of the Google culture.

Logical Architecture

Google’s technical papers do not describe the architecture of the Googleplex as self-similar. Google’s technical papers provide tantalizing glimpses of an approach to online systems that makes a single server share features and functions of a cluster of servers, a complete data center, and a group of Google’s data centers.

The collections of servers running Google applications on the Google version of Linux is a supercomputer. The Googleplex can perform mundane computing chores like taking a user’s query and matching it to documents Google has indexed. Further more, the Googleplex can perform side calculations needed to embed ads in the results pages shown to user, execute parallelized, high-speed data transfers like computers running state-of-the-art storage devices, and handle necessary housekeeping chores for usage tracking and billing.

When Google needs to add processing capacity or additional storage, Google’s engineers plug in the needed resources. Due to self-similarity, the Googleplex can recognize, configure and use the new resource. Google has an almost unlimited flexibility with regard to scaling and accessing the capabilities of the Googleplex.

In Google’s self-similar architecture, the loss of an individual device is irrelevant. In fact, a rack or a data center can fail without data loss or taking the Googleplex down. The Google operating system ensures that each file is written three to six times to different storage devices. When a copy of that file is not available, the Googleplex consults a log for the location of the copies of the needed file. The application then uses that replica of the needed file and continues with the job’s processing.

Speed and Then More Speed

Google uses commodity pizza box servers organized in a cluster. A cluster is group of computers that are joined together to create a more robust system. Instead of using exotic servers with eight or more processors, Google generally uses servers that have two processors similar to those found in a typical home computer.

Through proprietary changes to Linux and other engineering innovations, Google is able to achieve supercomputer performance from components that are cheap and widely available.

… engineers familiar with Google believe that read rates may in some clusters approach 2,000 megabytes a second. When commodity hardware gets better, Google runs faster without paying a premium for that performance gain.

Another key notion of speed at Google concerns writing computer programs to deploy to Google users. Google has developed short cuts to programming. An example is Google’s creating a library of canned functions to make it easy for a programmer to optimize a program to run on the Googleplex computer. At Microsoft or Yahoo, a programmer must write some code or fiddle with code to get different pieces of a program to execute simultaneously using multiple processors. Not at Google. A programmer writes a program, uses a function from a Google bundle of canned routines, and lets the Googleplex handle the details. Google’s programmers are freed from much of the tedium associated with writing software for a distributed, parallel computer.

Eliminate or Reduce Certain System Expenses

Some lucky investors jumped on the Google bandwagon early. Nevertheless, Google was frugal, partly by necessity and partly by design. The focus on frugality influenced many hardware and software engineering decisions at the company.

Drawbacks of the Googleplex

The Laws of Physics: Heat and Power 101

In reality, no one knows. Google has a rapidly expanding number of data centers. The data center near Atlanta, Georgia, is one of the newest deployed. This state-of-the-art facility reflects what Google engineers have learned about heat and power issues in its other data centers. Within the last 12 months, Google has shifted from concentrating its servers at about a dozen data centers, each with 10,000 or more servers, to about 60 data centers, each with fewer machines. The change is a response to the heat and power issues associated with larger concentrations of Google servers.

The most failure prone components are:

  • Fans.
  • IDE drives which fail at the rate of one per 1,000 drives per day.
  • Power supplies which fail at a lower rate.

Leveraging the Googleplex

Google’s technology is one major challenge to Microsoft and Yahoo. So to conclude this cursory and vastly simplified look at Google technology, consider these items:

1. Google is fast anywhere in the world.

2. Google learns. When the heat and power problems at dense data centers surfaced, Google introduced cooling and power conservation innovations to its two dozen data centers.

3. Programmers want to work at Google. “Google has cachet,” said one recent University of Washington graduate.

4. Google’s operating and scaling costs are lower than most other firms offering similar businesses.

5. Google squeezes more work out of programmers and engineers by design.

6. Google does not break down, or at least it has not gone offline since 2000.

7. Google’s Googleplex can deliver desktop-server applications now.

8. Google’s applications install and update without burdening the user with gory details and messy crashes.

9. Google’s patents provide basic technology insight pertinent to Google’s core functionality.

An analysis of Google’s technology, 2005 Read More »

Richard Stallman on the 4 freedoms

From Richard Stallman’s “Transcript of Richard Stallman at the 4th international GPLv3 conference; 23rd August 2006” (FSF Europe: 23 August 2006):

Specifically, this refers to four essential freedoms, which are the definition of Free Software.

Freedom zero is the freedom to run the program, as you wish, for any purpose.

Freedom one is the freedom to study the source code and then change it so that it does what you wish.

Freedom two is the freedom to help your neighbour, which is the freedom to distribute, including publication, copies of the program to others when you wish.

Freedom three is the freedom to help build your community, which is the freedom to distribute, including publication, your modified versions, when you wish.

These four freedoms make it possible for users to live an upright, ethical life as a member of a community and enable us individually and collectively to have control over what our software does and thus to have control over our computing.

Richard Stallman on the 4 freedoms Read More »

Matthew, the blind phone phreaker

From Kevin Poulsen’s “Teenage Hacker Is Blind, Brash and in the Crosshairs of the FBI” (Wired: 29 February 2008):

At 4 in the morning of May 1, 2005, deputies from the El Paso County Sheriff’s Office converged on the suburban Colorado Springs home of Richard Gasper, a TSA screener at the local Colorado Springs Municipal Airport. They were expecting to find a desperate, suicidal gunman holding Gasper and his daughter hostage.

“I will shoot,” the gravely voice had warned, in a phone call to police minutes earlier. “I’m not afraid. I will shoot, and then I will kill myself, because I don’t care.”

But instead of a gunman, it was Gasper himself who stepped into the glare of police floodlights. Deputies ordered Gasper’s hands up and held him for 90 minutes while searching the house. They found no armed intruder, no hostages bound in duct tape. Just Gasper’s 18-year-old daughter and his baffled parents.

A federal Joint Terrorism Task Force would later conclude that Gasper had been the victim of a new type of nasty hoax, called “swatting,” that was spreading across the United States. Pranksters were phoning police with fake murders and hostage crises, spoofing their caller IDs so the calls appear to be coming from inside the target’s home. The result: police SWAT teams rolling to the scene, sometimes bursting into homes, guns drawn.

Now the FBI thinks it has identified the culprit in the Colorado swatting as a 17-year-old East Boston phone phreak known as “Li’l Hacker.” Because he’s underage, Wired.com is not reporting Li’l Hacker’s last name. His first name is Matthew, and he poses a unique challenge to the federal justice system, because he is blind from birth.

Interviews by Wired.com with Matt and his associates, and a review of court documents, FBI reports and audio recordings, paints a picture of a young man with an uncanny talent for quick telephone con jobs. Able to commit vast amounts of information to memory instantly, Matt has mastered the intricacies of telephone switching systems, while developing an innate understanding of human psychology and organization culture — knowledge that he uses to manipulate his patsies and torment his foes.

Matt says he ordered phone company switch manuals off the internet and paid to have them translated into Braille. He became a regular caller to internal telephone company lines, where he’d masquerade as an employee to perform tricks like tracing telephone calls, getting free phone features, obtaining confidential customer information and disconnecting his rivals’ phones.

It was, relatively speaking, mild stuff. The teen though, soon fell in with a bad crowd. The party lines were dominated by a gang of half-a-dozen miscreants who informally called themselves the “Wrecking Crew” and “The Cavalry.”

By then, Matt’s reputation had taken on a life of its own, and tales of some of his hacks — perhaps apocryphal — are now legends. According to Daniels, he hacked his school’s PBX so that every phone would ring at once. Another time, he took control of a hotel elevator, sending it up and down over and over again. One story has it that Matt phoned a telephone company frame room worker at home in the middle of the night, and persuaded him to get out of bed and return to work to disconnect someone’s phone.

Matthew, the blind phone phreaker Read More »

A botnet with a contingency plan

From Gregg Keizer’s “Massive botnet returns from the dead, starts spamming” (Computerworld: 26 November 2008):

A big spam-spewing botnet shut down two weeks ago has been resurrected, security researchers said today, and is again under the control of criminals.

The “Srizbi” botnet returned from the dead late Tuesday, said Fengmin Gong, chief security content officer at FireEye Inc., when the infected PCs were able to successfully reconnect with new command-and-control servers, which are now based in Estonia.

Srizbi was knocked out more than two weeks ago when McColo Corp., a hosting company that had been accused of harboring a wide range of criminal activities, was yanked off the Internet by its upstream service providers. With McColo down, PCs infected with Srizbi and other bot Trojan horses were unable to communicate with their command servers, which had been hosted by McColo. As a result, spam levels dropped precipitously.

But as other researchers noted last week, Srizbi had a fallback strategy. In the end, that strategy paid off for the criminals who control the botnet.

According to Gong, when Srizbi bots were unable to connect with the command-and-control servers hosted by McColo, they tried to connect with new servers via domains that were generated on the fly by an internal algorithm. FireEye reverse-engineered Srizbi, rooted out that algorithm and used it to predict, then preemptively register, several hundred of the possible routing domains.

The domain names, said Gong, were generated on a three-day cycle, and for a while, FireEye was able to keep up — and effectively block Srizbi’s handlers from regaining control.

“We have registered a couple hundred domains,” Gong said, “but we made the decision that we cannot afford to spend so much money to keep registering so many [domain] names.”

Once FireEye stopped preempting Srizbi’s makers, the latter swooped in and registered the five domains in the next cycle. Those domains, in turn, pointed Srizbi bots to the new command-and-control servers, which then immediately updated the infected machines to a new version of the malware.

A botnet with a contingency plan Read More »

How Obama raised money in Silicon Valley & using the Net

From Joshua Green’s “The Amazing Money Machine” (The Atlantic: June 2008):

That early fund-raiser [in February 2007] and others like it were important to Obama in several respects. As someone attempting to build a campaign on the fly, he needed money to operate. As someone who dared challenge Hillary Clinton, he needed a considerable amount of it. And as a newcomer to national politics, though he had grassroots appeal, he needed to establish credibility by making inroads to major donors—most of whom, in California as elsewhere, had been locked down by the Clinton campaign.

Silicon Valley was a notable exception. The Internet was still in its infancy when Bill Clinton last ran for president, in 1996, and most of the immense fortunes had not yet come into being; the emerging tech class had not yet taken shape. So, unlike the magnates in California real estate (Walter Shorenstein), apparel (Esprit founder Susie Tompkins Buell), and entertainment (name your Hollywood celeb), who all had long-established loyalty to the Clintons, the tech community was up for grabs in 2007. In a colossal error of judgment, the Clinton campaign never made a serious approach, assuming that Obama would fade and that lack of money and cutting-edge technology couldn’t possibly factor into what was expected to be an easy race. Some of her staff tried to arrange “prospect meetings” in Silicon Valley, but they were overruled. “There was massive frustration about not being able to go out there and recruit people,” a Clinton consultant told me last year. As a result, the wealthiest region of the wealthiest state in the nation was left to Barack Obama.

Furthermore, in Silicon Valley’s unique reckoning, what everyone else considered to be Obama’s major shortcomings—his youth, his inexperience—here counted as prime assets.

[John Roos, Obama’s Northern California finance chair and the CEO of the Palo Alto law firm Wilson Sonsini Goodrich & Rosati]: “… we recognize what great companies have been built on, and that’s ideas, talent, and inspirational leadership.”

The true killer app on My.BarackObama.com is the suite of fund-raising tools. You can, of course, click on a button and make a donation, or you can sign up for the subscription model, as thousands already have, and donate a little every month. You can set up your own page, establish your target number, pound your friends into submission with e-mails to pony up, and watch your personal fund-raising “thermometer” rise. “The idea,” [Joe Rospars, a veteran of Dean’s campaign who had gone on to found an Internet fund-raising company and became Obama’s new-media director] says, “is to give them the tools and have them go out and do all this on their own.”

“What’s amazing,” says Peter Leyden of the New Politics Institute, “is that Hillary built the best campaign that has ever been done in Democratic politics on the old model—she raised more money than anyone before her, she locked down all the party stalwarts, she assembled an all-star team of consultants, and she really mastered this top-down, command-and-control type of outfit. And yet, she’s getting beaten by this political start-up that is essentially a totally different model of the new politics.”

Before leaving Silicon Valley, I stopped by the local Obama headquarters. It was a Friday morning in early March, and the circus had passed through town more than a month earlier, after Obama lost the California primary by nine points. Yet his headquarters was not only open but jammed with volunteers. Soon after I arrived, everyone gathered around a speakerphone, and Obama himself, between votes on the Senate floor, gave a brief hortatory speech telling volunteers to call wavering Edwards delegates in Iowa before the county conventions that Saturday (they took place two months after the presidential caucuses). Afterward, people headed off to rows of computers, put on telephone headsets, and began punching up phone numbers on the Web site, ringing a desk bell after every successful call. The next day, Obama gained nine delegates, including a Clinton delegate.

The most striking thing about all this was that the headquarters is entirely self-sufficient—not a dime has come from the Obama campaign. Instead, everything from the computers to the telephones to the doughnuts and coffee—even the building’s rent and utilities—is user-generated, arranged and paid for by local volunteers. It is one of several such examples across the country, and no other campaign has put together anything that can match this level of self-sufficiency.

But while his rivals continued to depend on big givers, Obama gained more and more small donors, until they finally eclipsed the big ones altogether. In February, the Obama campaign reported that 94 percent of their donations came in increments of $200 or less, versus 26 percent for Clinton and 13 percent for McCain. Obama’s claim of 1,276,000 donors through March is so large that Clinton doesn’t bother to compete; she stopped regularly providing her own number last year.

“If the typical Gore event was 20 people in a living room writing six-figure checks,” Gorenberg told me, “and the Kerry event was 2,000 people in a hotel ballroom writing four-figure checks, this year for Obama we have stadium rallies of 20,000 people who pay absolutely nothing, and then go home and contribute a few dollars online.” Obama himself shrewdly capitalizes on both the turnout and the connectivity of his stadium crowds by routinely asking them to hold up their cell phones and punch in a five-digit number to text their contact information to the campaign—to win their commitment right there on the spot.

How Obama raised money in Silicon Valley & using the Net Read More »