government

How the Greek cell phone network was compromised

From Vassilis Prevelakis and Diomidis Spinellis’ “The Athens Affair” (IEEE Spectrum: July 2007):

On 9 March 2005, a 38-year-old Greek electrical engineer named Costas Tsalikidis was found hanged in his Athens loft apartment, an apparent suicide. It would prove to be merely the first public news of a scandal that would roil Greece for months.

The next day, the prime minister of Greece was told that his cellphone was being bugged, as were those of the mayor of Athens and at least 100 other high-ranking dignitaries, including an employee of the U.S. embassy.

The victims were customers of Athens-based Vodafone-Panafon, generally known as Vodafone Greece, the country’s largest cellular service provider; Tsalikidis was in charge of network planning at the company.

We now know that the illegally implanted software, which was eventually found in a total of four of Vodafone’s Greek switches, created parallel streams of digitized voice for the tapped phone calls. One stream was the ordinary one, between the two calling parties. The other stream, an exact copy, was directed to other cellphones, allowing the tappers to listen in on the conversations on the cellphones, and probably also to record them. The software also routed location and other information about those phone calls to these shadow handsets via automated text messages.

The day after Tsalikidis’s body was discovered, CEO Koronias met with the director of the Greek prime minister’s political office. Yiannis Angelou, and the minister of public order, Giorgos Voulgarakis. Koronias told them that rogue software used the lawful wiretapping mechanisms of Vodafone’s digital switches to tap about 100 phones and handed over a list of bugged numbers. Besides the prime minister and his wife, phones belonging to the ministers of national defense, foreign affairs, and justice, the mayor of Athens, and the Greek European Union commissioner were all compromised. Others belonged to members of civil rights organizations, peace activists, and antiglobalization groups; senior staff at the ministries of National Defense, Public Order, Merchant Marine, and Foreign Affairs; the New Democracy ruling party; the Hellenic Navy general staff; and a Greek-American employee at the United States Embassy in Athens.

First, consider how a phone call, yours or a prime minister’s, gets completed. Long before you dial a number on your handset, your cellphone has been communicating with nearby cellular base stations. One of those stations, usually the nearest, has agreed to be the intermediary between your phone and the network as a whole. Your telephone handset converts your words into a stream of digital data that is sent to a transceiver at the base station.

The base station’s activities are governed by a base station controller, a special-purpose computer within the station that allocates radio channels and helps coordinate handovers between the transceivers under its control.

This controller in turn communicates with a mobile switching center that takes phone calls and connects them to call recipients within the same switching center, other switching centers within the company, or special exchanges that act as gateways to foreign networks, routing calls to other telephone networks (mobile or landline). The mobile switching centers are particularly important to the Athens affair because they hosted the rogue phone-tapping software, and it is there that the eavesdropping originated. They were the logical choice, because they are at the heart of the network; the intruders needed to take over only a few of them in order to carry out their attack.

Both the base station controllers and the switching centers are built around a large computer, known as a switch, capable of creating a dedicated communications path between a phone within its network and, in principle, any other phone in the world. Switches are holdovers from the 1970s, an era when powerful computers filled rooms and were built around proprietary hardware and software. Though these computers are smaller nowadays, the system’s basic architecture remains largely unchanged.

Like most phone companies, Vodafone Greece uses the same kind of computer for both its mobile switching centers and its base station controllers—Ericsson’s AXE line of switches. A central processor coordinates the switch’s operations and directs the switch to set up a speech or data path from one phone to another and then routes a call through it. Logs of network activity and billing records are stored on disk by a separate unit, called a management processor.

The key to understanding the hack at the heart of the Athens affair is knowing how the Ericsson AXE allows lawful intercepts—what are popularly called “wiretaps.” Though the details differ from country to country, in Greece, as in most places, the process starts when a law enforcement official goes to a court and obtains a warrant, which is then presented to the phone company whose customer is to be tapped.

Nowadays, all wiretaps are carried out at the central office. In AXE exchanges a remote-control equipment subsystem, or RES, carries out the phone tap by monitoring the speech and data streams of switched calls. It is a software subsystem typically used for setting up wiretaps, which only law officers are supposed to have access to. When the wiretapped phone makes a call, the RES copies the conversation into a second data stream and diverts that copy to a phone line used by law enforcement officials.

Ericsson optionally provides an interception management system (IMS), through which lawful call intercepts are set up and managed. When a court order is presented to the phone company, its operators initiate an intercept by filling out a dialog box in the IMS software. The optional IMS in the operator interface and the RES in the exchange each contain a list of wiretaps: wiretap requests in the case of the IMS, actual taps in the RES. Only IMS-initiated wiretaps should be active in the RES, so a wiretap in the RES without a request for a tap in the IMS is a pretty good indicator that an unauthorized tap has occurred. An audit procedure can be used to find any discrepancies between them.

It took guile and some serious programming chops to manipulate the lawful call-intercept functions in Vodafone’s mobile switching centers. The intruders’ task was particularly complicated because they needed to install and operate the wiretapping software on the exchanges without being detected by Vodafone or Ericsson system administrators. From time to time the intruders needed access to the rogue software to update the lists of monitored numbers and shadow phones. These activities had to be kept off all logs, while the software itself had to be invisible to the system administrators conducting routine maintenance activities. The intruders achieved all these objectives.

The challenge faced by the intruders was to use the RES’s capabilities to duplicate and divert the bits of a call stream without using the dialog-box interface to the IMS, which would create auditable logs of their activities. The intruders pulled this off by installing a series of patches to 29 separate blocks of code, according to Ericsson officials who testified before the Greek parliamentary committee that investigated the wiretaps. This rogue software modified the central processor’s software to directly initiate a wiretap, using the RES’s capabilities. Best of all, for them, the taps were not visible to the operators, because the IMS and its user interface weren’t used.

The full version of the software would have recorded the phone numbers being tapped in an official registry within the exchange. And, as we noted, an audit could then find a discrepancy between the numbers monitored by the exchange and the warrants active in the IMS. But the rogue software bypassed the IMS. Instead, it cleverly stored the bugged numbers in two data areas that were part of the rogue software’s own memory space, which was within the switch’s memory but isolated and not made known to the rest of the switch.

That by itself put the rogue software a long way toward escaping detection. But the perpetrators hid their own tracks in a number of other ways as well. There were a variety of circumstances by which Vodafone technicians could have discovered the alterations to the AXE’s software blocks. For example, they could have taken a listing of all the blocks, which would show all the active processes running within the AXE—similar to the task manager output in Microsoft Windows or the process status (ps) output in Unix. They then would have seen that some processes were active, though they shouldn’t have been. But the rogue software apparently modified the commands that list the active blocks in a way that omitted certain blocks—the ones that related to intercepts—from any such listing.

In addition, the rogue software might have been discovered during a software upgrade or even when Vodafone technicians installed a minor patch. It is standard practice in the telecommunications industry for technicians to verify the existing block contents before performing an upgrade or patch. We don’t know why the rogue software was not detected in this way, but we suspect that the software also modified the operation of the command used to print the checksums—codes that create a kind of signature against which the integrity of the existing blocks can be validated. One way or another, the blocks appeared unaltered to the operators.

Finally, the software included a back door to allow the perpetrators to control it in the future. This, too, was cleverly constructed to avoid detection. A report by the Hellenic Authority for the Information and Communication Security and Privacy (the Greek abbreviation is ADAE) indicates that the rogue software modified the exchange’s command parser—a routine that accepts commands from a person with system administrator status—so that innocuous commands followed by six spaces would deactivate the exchange’s transaction log and the alarm associated with its deactivation, and allow the execution of commands associated with the lawful interception subsystem. In effect, it was a signal to allow operations associated with the wiretaps but leave no trace of them. It also added a new user name and password to the system, which could be used to obtain access to the exchange.

…Security experts have also discovered other rootkits for general-purpose operating systems, such as Linux, Windows, and Solaris, but to our knowledge this is the first time a rootkit has been observed on a special-purpose system, in this case an Ericsson telephone switch.

So the investigators painstakingly reconstructed an approximation of the original PLEX source files that the intruders developed. It turned out to be the equivalent of about 6500 lines of code, a surprisingly substantial piece of software.

How the Greek cell phone network was compromised Read More »

9 reasons the Storm botnet is different

From Bruce Schneier’s “Gathering ‘Storm’ Superworm Poses Grave Threat to PC Nets” (Wired: 4 October 2007):

Storm represents the future of malware. Let’s look at its behavior:

1. Storm is patient. A worm that attacks all the time is much easier to detect; a worm that attacks and then shuts off for a while hides much more easily.

2. Storm is designed like an ant colony, with separation of duties. Only a small fraction of infected hosts spread the worm. A much smaller fraction are C2: command-and-control servers. The rest stand by to receive orders. …

3. Storm doesn’t cause any damage, or noticeable performance impact, to the hosts. Like a parasite, it needs its host to be intact and healthy for its own survival. …

4. Rather than having all hosts communicate to a central server or set of servers, Storm uses a peer-to-peer network for C2. This makes the Storm botnet much harder to disable. …

This technique has other advantages, too. Companies that monitor net activity can detect traffic anomalies with a centralized C2 point, but distributed C2 doesn’t show up as a spike. Communications are much harder to detect. …

5. Not only are the C2 servers distributed, but they also hide behind a constantly changing DNS technique called “fast flux.” …

6. Storm’s payload — the code it uses to spread — morphs every 30 minutes or so, making typical AV (antivirus) and IDS techniques less effective.

7. Storm’s delivery mechanism also changes regularly. Storm started out as PDF spam, then its programmers started using e-cards and YouTube invites — anything to entice users to click on a phony link. …

8. The Storm e-mail also changes all the time, leveraging social engineering techniques. …

9. Last month, Storm began attacking anti-spam sites focused on identifying it — spamhaus.org, 419eater and so on — and the personal website of Joe Stewart, who published an analysis of Storm. I am reminded of a basic theory of war: Take out your enemy’s reconnaissance. Or a basic theory of urban gangs and some governments: Make sure others know not to mess with you.

9 reasons the Storm botnet is different Read More »

The Chinese Internet threat

From Shane Harris’ “China’s Cyber-Militia” (National Journal: 31 May 2008):

Computer hackers in China, including those working on behalf of the Chinese government and military, have penetrated deeply into the information systems of U.S. companies and government agencies, stolen proprietary information from American executives in advance of their business meetings in China, and, in a few cases, gained access to electric power plants in the United States, possibly triggering two recent and widespread blackouts in Florida and the Northeast, according to U.S. government officials and computer-security experts.

One prominent expert told National Journal he believes that China’s People’s Liberation Army played a role in the power outages. Tim Bennett, the former president of the Cyber Security Industry Alliance, a leading trade group, said that U.S. intelligence officials have told him that the PLA in 2003 gained access to a network that controlled electric power systems serving the northeastern United States. The intelligence officials said that forensic analysis had confirmed the source, Bennett said. “They said that, with confidence, it had been traced back to the PLA.” These officials believe that the intrusion may have precipitated the largest blackout in North American history, which occurred in August of that year. A 9,300-square-mile area, touching Michigan, Ohio, New York, and parts of Canada, lost power; an estimated 50 million people were affected.

Bennett, whose former trade association includes some of the nation’s largest computer-security companies and who has testified before Congress on the vulnerability of information networks, also said that a blackout in February, which affected 3 million customers in South Florida, was precipitated by a cyber-hacker. That outage cut off electricity along Florida’s east coast, from Daytona Beach to Monroe County, and affected eight power-generating stations.

A second information-security expert independently corroborated Bennett’s account of the Florida blackout. According to this individual, who cited sources with direct knowledge of the investigation, a Chinese PLA hacker attempting to map Florida Power & Light’s computer infrastructure apparently made a mistake.

The industry source, who conducts security research for government and corporate clients, said that hackers in China have devoted considerable time and resources to mapping the technology infrastructure of other U.S. companies. That assertion has been backed up by the current vice chairman of the Joint Chiefs of Staff, who said last year that Chinese sources are probing U.S. government and commercial networks.

“The Chinese operate both through government agencies, as we do, but they also operate through sponsoring other organizations that are engaging in this kind of international hacking, whether or not under specific direction. It’s a kind of cyber-militia.… It’s coming in volumes that are just staggering.”

In addition to disruptive attacks on networks, officials are worried about the Chinese using long-established computer-hacking techniques to steal sensitive information from government agencies and U.S. corporations.

Brenner, the U.S. counterintelligence chief, said he knows of “a large American company” whose strategic information was obtained by its Chinese counterparts in advance of a business negotiation. As Brenner recounted the story, “The delegation gets to China and realizes, ‘These guys on the other side of the table know every bottom line on every significant negotiating point.’ They had to have got this by hacking into [the company’s] systems.”

During a trip to Beijing in December 2007, spyware programs designed to clandestinely remove information from personal computers and other electronic equipment were discovered on devices used by Commerce Secretary Carlos Gutierrez and possibly other members of a U.S. trade delegation, according to a computer-security expert with firsthand knowledge of the spyware used. Gutierrez was in China with the Joint Commission on Commerce and Trade, a high-level delegation that includes the U.S. trade representative and that meets with Chinese officials to discuss such matters as intellectual-property rights, market access, and consumer product safety. According to the computer-security expert, the spyware programs were designed to open communications channels to an outside system, and to download the contents of the infected devices at regular intervals. The source said that the computer codes were identical to those found in the laptop computers and other devices of several senior executives of U.S. corporations who also had their electronics “slurped” while on business in China.

The Chinese make little distinction between hackers who work for the government and those who undertake cyber-adventures on its behalf. “There’s a huge pool of Chinese individuals, students, academics, unemployed, whatever it may be, who are, at minimum, not discouraged from trying this out,” said Rodger Baker, a senior China analyst for Stratfor, a private intelligence firm. So-called patriotic-hacker groups have launched attacks from inside China, usually aimed at people they think have offended the country or pose a threat to its strategic interests. At a minimum the Chinese government has done little to shut down these groups, which are typically composed of technologically skilled and highly nationalistic young men.

The military is not waiting for China, or any other nation or hacker group, to strike a lethal cyber-blow. In March, Air Force Gen. Kevin Chilton, the chief of U.S. Strategic Command, said that the Pentagon has its own cyberwar plans. “Our challenge is to define, shape, develop, deliver, and sustain a cyber-force second to none,” Chilton told the Senate Armed Services Committee. He asked appropriators for an “increased emphasis” on the Defense Department’s cyber-capabilities to help train personnel to “conduct network warfare.”

The Air Force is in the process of setting up a Cyberspace Command, headed by a two-star general and comprising about 160 individuals assigned to a handful of bases. As Wired noted in a recent profile, Cyberspace Command “is dedicated to the proposition that the next war will be fought in the electromagnetic spectrum and that computers are military weapons.” The Air Force has launched a TV ad campaign to drum up support for the new command, and to call attention to cyberwar. “You used to need an army to wage a war,” a narrator in the TV spot declares. “Now all you need is an Internet connection.”

The Chinese Internet threat Read More »

Lots of good info about the FBI’s far-reaching wiretapping of US phone systems

From Ryan Singel’s “Point, Click … Eavesdrop: How the FBI Wiretap Net Operates” (Wired News: 29 August 2007):

The FBI has quietly built a sophisticated, point-and-click surveillance system that performs instant wiretaps on almost any communications device, according to nearly a thousand pages of restricted documents newly released under the Freedom of Information Act.

The surveillance system, called DCSNet, for Digital Collection System Network, connects FBI wiretapping rooms to switches controlled by traditional land-line operators, internet-telephony providers and cellular companies. It is far more intricately woven into the nation’s telecom infrastructure than observers suspected.

It’s a “comprehensive wiretap system that intercepts wire-line phones, cellular phones, SMS and push-to-talk systems,” says Steven Bellovin, a Columbia University computer science professor and longtime surveillance expert.

DCSNet is a suite of software that collects, sifts and stores phone numbers, phone calls and text messages. The system directly connects FBI wiretapping outposts around the country to a far-reaching private communications network.

The $10 million DCS-3000 client, also known as Red Hook, handles pen-registers and trap-and-traces, a type of surveillance that collects signaling information — primarily the numbers dialed from a telephone — but no communications content. (Pen registers record outgoing calls; trap-and-traces record incoming calls.)

DCS-6000, known as Digital Storm, captures and collects the content of phone calls and text messages for full wiretap orders.

A third, classified system, called DCS-5000, is used for wiretaps targeting spies or terrorists.

What DCSNet Can Do

Together, the surveillance systems let FBI agents play back recordings even as they are being captured (like TiVo), create master wiretap files, send digital recordings to translators, track the rough location of targets in real time using cell-tower information, and even stream intercepts outward to mobile surveillance vans.

FBI wiretapping rooms in field offices and undercover locations around the country are connected through a private, encrypted backbone that is separated from the internet. Sprint runs it on the government’s behalf.

The network allows an FBI agent in New York, for example, to remotely set up a wiretap on a cell phone based in Sacramento, California, and immediately learn the phone’s location, then begin receiving conversations, text messages and voicemail pass codes in New York. With a few keystrokes, the agent can route the recordings to language specialists for translation.

The numbers dialed are automatically sent to FBI analysts trained to interpret phone-call patterns, and are transferred nightly, by external storage devices, to the bureau’s Telephone Application Database, where they’re subjected to a type of data mining called link analysis.

The numerical scope of DCSNet surveillance is still guarded. But we do know that as telecoms have become more wiretap-friendly, the number of criminal wiretaps alone has climbed from 1,150 in 1996 to 1,839 in 2006. That’s a 60 percent jump. And in 2005, 92 percent of those criminal wiretaps targeted cell phones, according to a report published last year.

These figures include both state and federal wiretaps, and do not include antiterrorism wiretaps, which dramatically expanded after 9/11. They also don’t count the DCS-3000’s collection of incoming and outgoing phone numbers dialed. Far more common than full-blown wiretaps, this level of surveillance requires only that investigators certify that the phone numbers are relevant to an investigation.

In the 1990s, the Justice Department began complaining to Congress that digital technology, cellular phones and features like call forwarding would make it difficult for investigators to continue to conduct wiretaps. Congress responded by passing the Communications Assistance for Law Enforcement Act, or CALEA, in 1994, mandating backdoors in U.S. telephone switches.

CALEA requires telecommunications companies to install only telephone-switching equipment that meets detailed wiretapping standards. Prior to CALEA, the FBI would get a court order for a wiretap and present it to a phone company, which would then create a physical tap of the phone system.

With new CALEA-compliant digital switches, the FBI now logs directly into the telecom’s network. Once a court order has been sent to a carrier and the carrier turns on the wiretap, the communications data on a surveillance target streams into the FBI’s computers in real time.

The released documents suggest that the FBI’s wiretapping engineers are struggling with peer-to-peer telephony provider Skype, which offers no central location to wiretap, and with innovations like caller-ID spoofing and phone-number portability.

Despite its ease of use, the new technology is proving more expensive than a traditional wiretap. Telecoms charge the government an average of $2,200 for a 30-day CALEA wiretap, while a traditional intercept costs only $250, according to the Justice Department inspector general. A federal wiretap order in 2006 cost taxpayers $67,000 on average, according to the most recent U.S. Court wiretap report.

What’s more, under CALEA, the government had to pay to make pre-1995 phone switches wiretap-friendly. The FBI has spent almost $500 million on that effort, but many traditional wire-line switches still aren’t compliant.

Processing all the phone calls sucked in by DCSNet is also costly. At the backend of the data collection, the conversations and phone numbers are transferred to the FBI’s Electronic Surveillance Data Management System, an Oracle SQL database that’s seen a 62 percent growth in wiretap volume over the last three years — and more than 3,000 percent growth in digital files like e-mail. Through 2007, the FBI has spent $39 million on the system, which indexes and analyzes data for agents, translators and intelligence analysts.

Lots of good info about the FBI’s far-reaching wiretapping of US phone systems Read More »

China’s increasing control over American dollars

From James Fallows’ “The $1.4 Trillion Question” (The Atlantic: January/February 2008):

Through the quarter-century in which China has been opening to world trade, Chinese leaders have deliberately held down living standards for their own people and propped them up in the United States. This is the real meaning of the vast trade surplus—$1.4 trillion and counting, going up by about $1 billion per day—that the Chinese government has mostly parked in U.S. Treasury notes. In effect, every person in the (rich) United States has over the past 10 years or so borrowed about $4,000 from someone in the (poor) People’s Republic of China. Like so many imbalances in economics, this one can’t go on indefinitely, and therefore won’t. But the way it ends—suddenly versus gradually, for predictable reasons versus during a panic—will make an enormous difference to the U.S. and Chinese economies over the next few years, to say nothing of bystanders in Europe and elsewhere.

When the dollar is strong, the following (good) things happen: the price of food, fuel, imports, manufactured goods, and just about everything else (vacations in Europe!) goes down. The value of the stock market, real estate, and just about all other American assets goes up. Interest rates go down—for mortgage loans, credit-card debt, and commercial borrowing. Tax rates can be lower, since foreign lenders hold down the cost of financing the national debt. The only problem is that American-made goods become more expensive for foreigners, so the country’s exports are hurt.

When the dollar is weak, the following (bad) things happen: the price of food, fuel, imports, and so on (no more vacations in Europe) goes up. The value of the stock market, real estate, and just about all other American assets goes down. Interest rates are higher. Tax rates can be higher, to cover the increased cost of financing the national debt. The only benefit is that American-made goods become cheaper for foreigners, which helps create new jobs and can raise the value of export-oriented American firms (winemakers in California, producers of medical devices in New England).

Americans sometimes debate (though not often) whether in principle it is good to rely so heavily on money controlled by a foreign government. The debate has never been more relevant, because America has never before been so deeply in debt to one country. Meanwhile, the Chinese are having a debate of their own—about whether the deal makes sense for them. Certainly China’s officials are aware that their stock purchases prop up 401(k) values, their money-market holdings keep down American interest rates, and their bond purchases do the same thing—plus allow our government to spend money without raising taxes.

China’s increasing control over American dollars Read More »

Virtual kidnappings a problem in Mexico

From Marc Lacey’s “Exploiting Real Fears With ‘Virtual Kidnappings’ ” (The New York Times: 29 April 2008):

MEXICO CITY — The phone call begins with the cries of an anguished child calling for a parent: “Mama! Papa!” The youngster’s sobs are quickly replaced by a husky male voice that means business.

“We’ve got your child,” he says in rapid-fire Spanish, usually adding an expletive for effect and then rattling off a list of demands that might include cash or jewels dropped off at a certain street corner or a sizable deposit made to a local bank.

The twist is that little Pablo or Teresa is safe and sound at school, not duct-taped to a chair in a rundown flophouse somewhere or stuffed in the back of a pirate taxi. But when the cellphone call comes in, that is not at all clear.

This is “virtual kidnapping,” the name being given to Mexico’s latest crime craze, one that has capitalized on the raw nerves of a country that has been terrorized by the real thing for years.

A new hot line set up to deal with the problem of kidnappings in which no one is actually kidnapped received more than 30,000 complaints from last December to the end of February, Joel Ortega, Mexico City’s police chief, announced recently. There have been eight arrests, and 3,415 telephone numbers have been identified as those used by extortionists, he said.

But identifying the phone numbers — they are now listed on a government Web site — has done little to slow the extortion calls. Nearly all the calls are from cellphones, most of them stolen, authorities say.

On top of that, many extortionists are believed to be pulling off the scams from prisons.

Authorities say hundreds of different criminal gangs are engaged in various telephone scams. Besides the false kidnappings, callers falsely tell people they have won cars or money. Sometimes, people are told to turn off their cellphones for an hour so the service can be repaired; then, relatives are called and told that the cellphone’s owner has been kidnapped. Ransom demands have even been made by text message.

No money changed hands in her case, but in many instances — as many as a third of the calls, one study showed — the criminals make off with some valuables. One estimate put the take from telephone scams in Mexico in the last six months at 186.6 million pesos, nearly $20 million.

Virtual kidnappings a problem in Mexico Read More »

Abuse of “terrorist” investigative powers

From BBC News’ “Council admits spying on family” (10 April 2008):

A council has admitted spying on a family using laws to track criminals and terrorists to find out if they were really living in a school catchment.

A couple and their three children were put under surveillance without their knowledge by Poole Borough Council for more than two weeks.

The council admitted using powers under the Regulation of Investigatory Powers Act (RIPA) on six occasions in total.

Three of those were for suspected fraudulent school place applications.

RIPA legislation allows councils to carry out surveillance if it suspects criminal activity.

On its website, the Home Office says: “The Regulation of Investigatory Powers Act (RIPA) legislates for using methods of surveillance and information gathering to help the prevention of crime, including terrorism.”

Abuse of “terrorist” investigative powers Read More »

Bush’s Manicheanism destroyed him

From Glenn Greenwald’s “A tragic legacy: How a good vs. evil mentality destroyed the Bush presidency” (Salon: 20 June 2007):

One of the principal dangers of vesting power in a leader who is convinced of his own righteousness — who believes that, by virtue of his ascension to political power, he has been called to a crusade against Evil — is that the moral imperative driving the mission will justify any and all means used to achieve it. Those who have become convinced that they are waging an epic and all-consuming existential war against Evil cannot, by the very premises of their belief system, accept any limitations — moral, pragmatic, or otherwise — on the methods adopted to triumph in this battle.

Efforts to impose limits on waging war against Evil will themselves be seen as impediments to Good, if not as an attempt to aid and abet Evil. In a Manichean worldview, there is no imperative that can compete with the mission of defeating Evil. The primacy of that mandate is unchallengeable. Hence, there are no valid reasons for declaring off-limits any weapons that can be deployed in service of the war against Evil.

Equally operative in the Manichean worldview is the principle that those who are warriors for a universal Good cannot recognize that the particular means they employ in service of their mission may be immoral or even misguided. The very fact that the instruments they embrace are employed in service of their Manichean mission renders any such objections incoherent. How can an act undertaken in order to strengthen the side of Good, and to weaken the forces of Evil, ever be anything other than Good in itself? Thus, any act undertaken by a warrior of Good in service of the war against Evil is inherently moral for that reason alone.

It is from these premises that the most amoral or even most reprehensible outcomes can be — and often are — produced by political movements and political leaders grounded in universal moral certainties. Intoxicated by his own righteousness and therefore immune from doubt, the Manichean warrior becomes capable of acts of moral monstrousness that would be unthinkable in the absence of such unquestionable moral conviction. One who believes himself to be leading a supreme war against Evil on behalf of Good will be incapable of understanding any claims that he himself is acting immorally.

That is the essence of virtually every argument Bush supporters make regarding terrorism. No matter what objection is raised to the never-ending expansions of executive power, no matter what competing values are touted (due process, the rule of law, the principles our country embodies, how we are perceived around the world), the response will always be that The Terrorists are waging war against us and our overarching priority — one that overrides all others — is to protect ourselves, to triumph over Evil. By definition, then, there can never be any good reason to oppose vesting powers in the government to protect us from The Terrorists because that goal outweighs all others.

But our entire system of government, from its inception, has been based upon a very different calculus — that is, that many things matter besides merely protecting ourselves against threats, and consequently, we are willing to accept risks, even potentially fatal ones, in order to secure those other values. From its founding, America has rejected the worldview of prioritizing physical safety above all else, as such a mentality leads to an impoverished and empty civic life. The premise of America is and always has been that imposing limitations on government power is necessary to secure liberty and avoid tyranny even if it means accepting an increased risk of death as a result. That is the foundational American value.

It is this courageous demand for core liberties even if such liberties provide less than maximum protection from physical risks that has made America bold, brave, and free. Societies driven exclusively or primarily by a fear of avoiding Evil, minimizing risks, and seeking above all else that our government “protects” us are not free. That is a path that inevitably leads to authoritarianism — an increasingly strong and empowered leader in whom the citizens vest ever-increasing faith and power in exchange for promises of safety. That is most assuredly not the historical ethos of the United States.

The Bill of Rights contains numerous limitations on government power, and many of them render us more vulnerable to threats. If there is a serial killer on the loose in a community, the police would be able to find and apprehend him much more easily if they could simply invade and search everyone’s homes at will and without warning. Nonetheless, the Fourth Amendment expressly prohibits the police from undertaking such searches. It requires both probable cause and a judicial warrant before police may do so, even though such limitations on state power will enable dangerous killers to elude capture.

The scare tactic of telling Americans that every desired expansion of government power is justified by the Evil Terrorist Threat — and that there is no need to worry because the president is Good and will use these powers only to protect us — is effective because it has immediate rhetorical appeal. Most people, especially when placed in fear of potentially fatal threats, are receptive to the argument that maximizing protection is the only thing that matters, and that no abstract concept (such as liberty, or freedom, or due process, or adhering to civilized norms) is worth risking one’s life by accepting heightened levels of vulnerability.

But nothing in life is perfectly safe. Perfect safety is an illusion. When pursued by an individual to the exclusion of all else, it creates a tragically worthless, paralyzed way of life. On the political level, safety as the paramount goal produces tyranny, causing people to vest as much power as possible in the government, without limits, in exchange for the promise of maximum protection.

Bush’s Manicheanism destroyed him Read More »

How technologies have changed politics, & how Obama uses tech

From Marc Ambinder’s “HisSpace” (The Atlantic: June 2008):

Improvements to the printing press helped Andrew Jackson form and organize the Democratic Party, and he courted newspaper editors and publishers, some of whom became members of his Cabinet, with a zeal then unknown among political leaders. But the postal service, which was coming into its own as he reached for the presidency, was perhaps even more important to his election and public image. Jackson’s exploits in the War of 1812 became well known thanks in large measure to the distribution network that the postal service had created, and his 1828 campaign—among the first to distribute biographical pamphlets by mail—reinforced his heroic image. As president, he turned the office of postmaster into a patronage position, expanded the postal network further—the historian Richard John has pointed out that by the middle of Jackson’s first term, there were 2,000 more postal workers in America than soldiers in the Army—and used it to keep his populist base rallied behind him.

Abraham Lincoln became a national celebrity, according to the historian Allen Guelzo’s new book, Lincoln and Douglas: The Debates That Defined America, when transcripts of those debates were reprinted nationwide in newspapers, which were just then reaching critical mass in distribution beyond the few Eastern cities where they had previously flourished. Newspapers enabled Lincoln, an odd-looking man with a reed-thin voice, to become a viable national candidate …

Franklin Delano Roosevelt used radio to make his case for a dramatic redefinition of government itself, quickly mastering the informal tone best suited to the medium. In his fireside chats, Roosevelt reached directly into American living rooms at pivotal moments of his presidency. His talks—which by turns soothed, educated, and pressed for change—held the New Deal together.

And of course John F. Kennedy famously rode into the White House thanks in part to the first televised presidential debate in U.S. history, in which his keen sense of the medium’s visual impact, plus a little makeup, enabled him to fashion the look of a winner (especially when compared with a pale and haggard Richard Nixon). Kennedy used TV primarily to create and maintain his public image, not as a governing tool, but he understood its strengths and limitations before his peers did …

[Obama’s] speeches play well on YouTube, which allows for more than the five-second sound bites that have characterized the television era. And he recognizes the importance of transparency and consistency at a time when access to everything a politician has ever said is at the fingertips of every voter. But as Joshua Green notes in the preceding pages, Obama has truly set himself apart by his campaign’s use of the Internet to organize support. No other candidate in this or any other election has ever built a support network like Obama’s. The campaign’s 8,000 Web-based affinity groups, 750,000 active volunteers, and 1,276,000 donors have provided him with an enormous financial and organizational advantage in the Democratic primary.

What Obama seems to promise is, at its outer limits, a participatory democracy in which the opportunities for participation have been radically expanded. He proposes creating a public, Google-like database of every federal dollar spent. He aims to post every piece of non-emergency legislation online for five days before he signs it so that Americans can comment. A White House blog—also with comments—would be a near certainty. Overseeing this new apparatus would be a chief technology officer.

There is some precedent for Obama’s vision. The British government has already used the Web to try to increase interaction with its citizenry, to limited effect. In November 2006, it established a Web site for citizens seeking redress from their government, http://petitions.pm.gov.uk/. More than 29,000 petitions have since been submitted, and about 9.5 percent of Britons have signed at least one of them. The petitions range from the class-conscious (“Order a independent report to identify reasons that the living conditions of working class people are poor in relation to higher classes”) to the parochial (“We the undersigned petition the Prime Minister to re-open sunderland ice rink”).

How technologies have changed politics, & how Obama uses tech Read More »

An elderly Eskimo & his unusual knife

From Wade Davis’ “Wade Davis: an Inuit elder and his shit knife” (Boing Boing: 26 September 2008):

The Inuit didn’t fear the cold; they took advantage of it. During the 1950s the Canadian government forced the Inuit into settlements. A family from Arctic Bay told me this fantastic story of their grandfather who refused to go. The family, fearful for his life, took away all of his tools and all of his implements, thinking that would force him into the settlement. But instead, he just slipped out of an igloo on a cold Arctic night, pulled down his caribou and sealskin trousers, and defecated into his hand. As the feces began to freeze, he shaped it into the form of an implement. And when the blade started to take shape, he put a spray of saliva along the leading edge to sharpen it. That’s when what they call the “shit knife” took form. He used it to butcher a dog. Skinned the dog with it. Improvised a sled with the dog’s rib cage, and then, using the skin, he harnessed up an adjacent living dog. He put the shit knife in his belt and disapp eared into the night.

An elderly Eskimo & his unusual knife Read More »

Modern piracy on the high seas

From Charles Glass’ “The New Piracy: Charles Glass on the High Seas” (London Review of Books: 18 December 2003):

Ninety-five per cent of the world’s cargo travels by sea. Without the merchant marine, the free market would collapse and take Wall Street’s dream of a global economy with it. Yet no one, apart from ship owners, their crews and insurers, appears to notice that pirates are assaulting ships at a rate unprecedented since the glorious days when pirates were ‘privateers’ protected by their national governments. The 18th and 19th-century sponsors of piracy included England, Holland, France, Spain and the United States. In comparison, the famed Barbary corsairs of North Africa were an irritant. Raiding rivals’ merchant vessels went out of fashion after the Napoleonic Wars, and piracy was outlawed in the 1856 Declaration of Paris (never signed by the US). Since the end of the Cold War, it has been making a comeback. Various estimates are given of its cost to international trade. The figure quoted most often is the Asia Foundation’s $16 billion per annum lost in cargo, ships and rising insurance premiums.

The International Maritime Bureau (IMB), which collects statistics on piracy for ship owners, reports that five years ago pirates attacked 106 ships. Last year they attacked 370. This year looks worse still.

In waters where piracy flourished in the past, the tradition embodied in figures such as Captain Kidd has persisted: off the Ganges delta in Bangladesh, in the Java and South China Seas, off the Horn of Africa and in the Caribbean. Three conditions appear necessary: a tradition of piracy; political instability; and rich targets – Spanish galleons for Drake, oil tankers for his descendants. A fourth helps to explain the ease with which it happens: ‘The maritime environment,’ Gunaratna said, ‘is the least policed in the world today.’

The IMB has not been able to persuade the international community or the more powerful maritime states to take serious action. The Bureau’s director, Captain Pottengal Mukundan, believes there is nothing crews can do to protect themselves. National maritime laws are not enforced beyond national boundaries – which is to say, over more than half the earth’s surface. Beyond territorial waters, there are no laws, no police and no jurisdiction. Many countries lack the will or the resources to police even their own waters. The IMB advises all ships against putting in anywhere near states like Somalia, for instance, where there is a near certainty of attack. … Piracy is a high-profit, low-risk activity.

The IMB urges crews to take more precautions, but owners can’t afford every recommended improvement: satellite-tracking devices, closed circuit cameras, electric fencing and security officers on every ship. Owners and trade unions discourage the arming of merchant ships in the belief that firearms will put crews’ lives at greater risk. Only the Russians and the Israelis are known to keep weapons aboard. Competition in the shipping business forces owners to minimise expenditure on crews as on everything else. A commission of inquiry into the 1989 Exxon Valdez spill that nearly destroyed the Alaskan coast reported that ‘tankers in the 1950s carried a crew of 40 to 42 to manage about 6.3 million gallons of oil . . . the Exxon Valdez carried a crew of 19 to transport 53 million gallons of oil.’ [Quoted in Dangerous Waters: Modern Piracy and Terror on the High Seas by John Burnett] With the automation of many shipboard tasks, vessels today carry even fewer seamen than they did when the Exxon Valdez ran aground. That means fewer eyes to monitor the horizon and the decks for intruders.

Air and land transport routes have come under tighter scrutiny since 11 September 2001, but improvements to maritime security are few. An oil tanker can carry a load that is far, far more explosive than any civil aircraft. And most piracy, including the seizure of oil tankers, takes place near countries with powerful Islamist movements – Indonesia, Malaysia, the Philippines, Yemen and Somalia. Lloyd’s List reported on 4 November that Indonesia is ‘the global black spot’ with 87 attacks in the first nine months of this year – ‘the number of attacks in the Malacca Straits leaped from 11 in 2002 to 24 this year.’ Indonesia, which consists of two thousand islands, is the world’s most populous Muslim country. It has experienced decades of repression by a kleptocratic military, communal violence and the degradation of a once vibrant economy. Radical Islamists have made it the focus of their activity and recruitment in Asia.

Modern piracy on the high seas Read More »

Out now: Microsoft Vista for IT Security Professionals

Microsoft Vista for IT Security Professionals is designed for the professional system administrators who need to securely deploy Microsoft Vista in their networks. Readers will not only learn about the new security features of Vista, but they will learn how to safely integrate Vista with their existing wired and wireless network infrastructure and safely deploy with their existing applications and databases. The book begins with a discussion of Microsoft’s Trustworthy Computing Initiative and Vista’s development cycle, which was like none other in Microsoft’s history. Expert authors will separate the hype from the reality of Vista’s preparedness to withstand the 24 x 7 attacks it will face from malicious attackers as the world’s #1 desktop operating system. The book has a companion CD which contains hundreds of working scripts and utilities to help administrators secure their environments.

This book is written for intermediate to advanced System administrators managing Microsoft networks who are deploying Microsoft’s new flagship desktop operating system: Vista. This book is appropriate for system administrators managing small networks of fewer than 10 machines up to enterprise-class networks with tens of thousands of systems. This book is also appropriate for readers preparing for the Microsoft exam MCDST 70-620.

I contributed two appendices to this book:

  • Appendix A: Microsoft Vista: The International Community
  • Appendix B: Changes to the Vista EULA

Appendix A, “Microsoft Vista: The International Community”, was about Microsoft’s legal troubles in Europe and Asia, and the changes the company had to make to Vista to accommodate those governments. Appendix B, “Changes to the Vista EULA”, explained that the EULA in Vista is even worse than that found in XP, which was worse than any previous EULA. In other words, Vista has a problematic EULA that users need to know about before they buy the OS.

Read excerpts: Front Matter (350 KB PDF) and Chapter 1: Microsoft Vista: An Overview (760 KB PDF). You can flip through the entire book, although you’re limited to the total number of pages you can view (but it’s a pretty high number, like 50 or so).

Out now: Microsoft Vista for IT Security Professionals Read More »

Maintaining control in a subdued country

From Louis Menard’s “From the Ashes: A new history of Europe since 1945” (The New Yorker [28 November 2005]: 168):

[Tony Judt, author of Postwar: A History of Europe Since 1945] notes that France, a country with a population of some forty million, was administered by fifteen hundred Nazis, plus six thousand Germen policemen. A skeleton team sufficed in the Netherlands as well.

Maintaining control in a subdued country Read More »

How to wiretap

From Seth David Schoen’s “Wiretapping vulnerabilities” (Vitanuova: 9 March 2006):

Traditional wiretap threat model: the risks are detection of the tap, and obfuscation of content of communication. …

POTS is basically the same as it was 100 years ago — with central offices and circuit-switching. A phone from 100 years ago will pretty much still work today. “Telephones are a remarkable example of engineering optimization” because they were built to work with very minimal requirements: just two wires between CO and the end subscriber, don’t assume that the subscriber has power, don’t assume that the subscriber has anything else. There is a DC current loop that provides 48 V DC power. The current loop determines the hook switch state. There’s also audio signalling for in-band signalling from phone to CO — or from CO to phone — or for voice. It all depends on context and yet all these things are multiplexed over two wires, including the hook state and the audio signalling and the voice traffic.

If you wanted to tap this: you could do it in three different ways.

* Via the local loop (wired or wireless/cellular).
* Via the CO switch (software programming).
* Via trunk interception (e.g. fiber, microwave, satellite) with demultiplexing.

How do LEAs do it? Almost always at local loop or CO. (By contrast, intelligence agencies are more likely to try to tap trunks.)

How to wiretap Read More »

Why the US toppled Chile’s government

From Robert Sherrill’s “100 (Plus) Years of Regime Change” (The Texas Observer: 14 July 2006):

Kissinger, then secretary of state, was certain he detected the odor of communism in the election of Salvador Allende Gossens to the presidency of Chile. …

Chile was one of the most stable countries in South America, with a high literacy rate, a relatively large middle class, and a strong civil society. But millions of its people lived in desperate poverty, and Allende made no secret of his ambition to lift that class – and to do it by controlling some of the giant corporations operating in Chile but owned by yanquis.

Topping his hit list, besides consumer-product companies like PepsiCo Inc., were the world’s two largest copper mining companies, Kennecott Corp. and Anaconda Mining Co., and International Telephone and Telegraph Co., all owned by U.S. interests. Allende wanted the Chilean government to take them over. …

Kinzer’s account of these rebellious years ends with the death of Allende in La Moneda, the presidential palace and traditional seat of Chilean democracy. He had been president for 1,042 days. He refused an offer of free passage out of the country and committed suicide.

So Kissinger and Nixon and Rockefeller and their friends got what they wanted: a Chile run by Gen. Augusto Pinochet, who took office after the coup of September 11, 1973.

Why the US toppled Chile’s government Read More »

Why the US toppled Guatamala’s democratic government

From Robert Sherrill’s “100 (Plus) Years of Regime Change” (The Texas Observer: 14 July 2006):

At roughly the same time Secretary of State Dulles was destroying democracy in Iran, he was also busy destroying democracy in Central America, and once again it was on behalf of a renegade industry: United Fruit Co. …

“Few private companies have ever been as closely interwoven with the United States government as United Fruit was during the mid-1950s,” writes Kinzer. For decades, Dulles had been one of its principal legal counselors. (At one time Dulles negotiated an agreement with Guatemala that gave United Fruit a 99-year lease on a vast tract of land, tax free.) Dulles’ brother – Allen, the CIA Director – had also done legal work for the company and owned a big block of its stock. So did other top officials at State; one had previously been president of United Fruit. The head of our National Security Council was United Fruit’s former chairman of the board, and the president of the International Bank for Reconstruction and Development was a former board member.

These fine chaps and their numerous colleagues in our government were, not surprisingly, very upset when between 1944 and 1954, Guatemala entered what would be known as its “democratic spring,” denoting the presidencies of Juan José Arevalo and – after the first peaceful transfer of power in Guatemalan history – Jacobo Arbenz.

What those two did was nothing less than breathtaking. Under Arevalo, the National Assembly was persuaded to establish the first social security system, guarantee the rights of trade unions, fix a 48-hour workweek, and even slap a modest tax on the big landholders – meaning three American companies: a huge electric monopoly, a rail monopoly, and, of course, United Fruit, which controlled the other two.

Arbenz was even bolder. He persuaded the National Assembly to pass the Agrarian Reform Law, which gave the government the power to seize and redistribute uncultivated land on estates larger than 672 acres. United Fruit owned more than 550,000 acres, about one-fifth of the country’s arable land, but cultivated less than 15 percent – while many thousands of Guatemalans were starving for land. So in 1953, Arbenz’s government seized 234,000 uncultivated acres of United Fruit’s land, for which the government offered in compensation (one can imagine the vengeful hilarity this must have stirred in Arbenz’s circle) a paltry $1.185 million – the value United Fruit had declared each year for tax purposes. …

Arbenz was forced into exile and replaced by Col. Carlos Armas, who promptly canceled reforms and established a police state.

Why the US toppled Guatamala’s democratic government Read More »

Why the US toppled Iran’s government

From Robert Sherrill’s “100 (Plus) Years of Regime Change” (The Texas Observer: 14 July 2006):

In 1953 the brutal, venal shah of Iran, Mohammad Reza Pahlavi, was pushed into exile by Mohammad Mossadegh, the democratically elected prime minister. …

Iranians loved Mossadegh. He made clear that his two ambitions were to set up a lasting democracy and to strengthen nationalism – by which he meant get rid of the Anglo-Iranian Oil Co., which had been robbing Iran for half a century. Indeed, the British company had been earning each year as much as all the royalties it paid Iran over 50 years. Mossadegh intended to recapture those riches to rebuild Iran.

In a scheme to get rid of Mossadegh, the British enlisted Secretary of State [John Foster] Dulles; he in turn enlisted his brother, CIA Director Allen Dulles, and what ensued was a truly masterful piece of skullduggery. … The CIA plotters ousted Mossadegh and restored the shah to his Peacock Throne.

For Secretary of State Dulles and his old law clients – including Gulf Oil Corp., Standard Oil Co. of New Jersey, Texaco Inc., and Mobil Corp., who were subsequently allowed to take 40 percent of Iran’s oil supply – the shah’s return was a happy and very lucrative event.

Why the US toppled Iran’s government Read More »

Prescription drug spending has vastly increased in 25 years

From Clifton Leaf’s “The Law of Unintended Consequences” (Fortune: 19 September 2005):

Whatever the answer, it’s clear who pays for it. You do. You pay in the form of vastly higher drug prices and health-care insurance. Americans spent $179 billion on prescription drugs in 2003. That’s up from … wait for it … $12 billion in 1980 [when the Bayh-Dole Act was passed]. That’s a 13% hike, year after year, for two decades. Of course, what you don’t pay as a patient you pay as a taxpayer. The U.S. government picks up the tab for one in three Americans by way of Medicare, Medicaid, the military, and other programs. According to the provisions of Bayh-Dole, the government gets a royalty-free use, forever, of its funded inventions. It has never tried to collect. You might say the taxpayers pay for the hat–and have it handed to them.

Prescription drug spending has vastly increased in 25 years Read More »