Wikileaks – Why Operation Payback failed to make a dent

“Operation Payback” is a coordinated effort by hackers to disrupt the operations of some of the financial institutions who have turned their guns on Wikileaks, for revealing embarassing truths about Western espionage (lets be honest: official secrets usually are secret because they don’t want the voters to know, rather than than fear of giving an advantage to the enemy.)

It appears that Operation Payback has had little success in hurting these big institutions but let’s look at the big picture. Gone are the days of “cyber-anarchism” – the motivation these days is financial or military. These institutions have hardened themselves against relentless spamming, phishing and sustained efforts by underground criminal gangs. The amateur hacking community has been overtaken by highly organized commercial concerns, perhaps in Eastern Europe, China or who knows where.

The reality is: if the controllers of the biggest botnets got all their botnets doing a mass denial of service on Amazon, it would have had more of an effect. However, these botnets are busy making money for their owners. Also, hackers have undiscovered exploits up their sleeves. These are like gold-dust. Would they reveal these exploits for this goal. At one time, they probably would, however these days, they can get paid for this information, either by playing good and giving them to Google (in exchange for cash) or using a “black hat” method.

If there was a lucrative prize for taking Amazon down, I have no doubt it would have happened already, In terms of motivation, noble political and moral ideas usually play second fiddle to the power of the Dollar.


Cyber security and UK government “spending review”

Iranian nuclear power station

Nuclear power stations at risk

Traditional formula, announce cuts, then take people’s attention elsewhere using fear. Usually its a fear of a foreign threat, whether it is the “red menace” of the Soviet Union during the Cold War, Iraqi weapons of mass destruction, or the new “Cyber warfare” threat. So what is this latest threat, and should we be worried?

In the good old days, power stations, national grids, telephone networks, communication systems, even banks were all separate entities. Initially computers started appearing in these critical parts of our infrastructure, but they were special isolated computers, often running a custom operating system, designed for the purpose of say monitoring and controlling the temperature of a reactor core in a nuclear power station. Back in the 50s and 60s, there was no internet as we know it today. The first networks were appearing, but these were dedicated networks, connected by expensive runs of cable and exclusively for that organisation. They were called “leased lines” or “dedicated circuits.” Mostly, the mission critical machines that controlled reactor cores, air traffic control, banks’ computers etc were isolated from these early networks, and were relatively simple, in that they only had to perform a few (important) functions, for example, measure the temperature of a core and inject coolant when it exceeds a certain temperature, and sound a buzzer, flash a warning light etc. They didn’t need email, media players, office applications etc.

Now, many mission critical systems are connected to the Internet in order to allow remote control by operators, and instead of using dedicated circuits that cost 1000s per month, they use the internet.
Of course, they are protected by heavy-duty firewalls, they use encryption and certificates to sign traffic and so on, but you can’t escape the fact that they are physically connected to the internet.

The new breed of malware, viruses, trojans, spyware are unlike the more commonly encountered type that consumers experience. The more common types rely on mass circulation across the world in order to use spam, or to extort from people whose PC’s get infected by hoax anti-spyware programmes that lock up their systems unless they give their credit card details. Most of these threats are detected by security companies and antivirus signatures get updated to clean people’s systems. Nearly all these type of malware advertise themselves.

In contrast, cyber malware doesn’t want to get found. Take this scenario. A piece of malware gets developed in a government’s top-secret labs, installed as a hidden file on a memory stick, branded as new, and exported to the west. It is marketed to a foreign civil service, silently gets installed by a government / utility worker’s computer. It sits there silently, doesn’t advertise itself at all, and on a given date, or upon a signal, bounces into life, perhaps records passwords, makes a database of all computers this user’s computer talks to. It could then launch a denial of service attack, or just start shutting down important devices, if it can penetrate from a soft target inside a government network, to a core target such as a power station control computer.

The Stuxnet worm is one example of a piece of malware that targets industrial systems. It was used to target Iran’s nuclear facilities. It begs the question, who would want to damage Iran’s nuclear programme, but lets avoid politics!

With this type of malware, antivirus is probably useless. The malware is likely to remain undiscovered until it is triggered, eg in the event of war. Security patches and updates are also of limited value, as the authors of these malware will discover their own vulnerabilities and keep them secret. By the time the vulnerability is discovered, it will likely be too late.

What can we do? As consumers, nothing. What can governments/organisations do? Perhaps they are taking the same approach as in the Cold War, preliminary action…will we see the big nations fighting by proxy, by testing their cyber warfare techniques in third world countries or in sensitive parts of the world, such as the Middle East? Perhaps we should be relieved, instead of 1000s of nukes all being launched, they will all be disabled. No, that’s too hopeful.

Google being hounded on wifi listening – wrong message being learned

Google is currently facing a lawsuit for “eavesdroping” on unsecured wireless networks. It has a global fleet of vehicles that drive around recording the transmissions of wifi networks. The idea behind this is to add the presence of these “nodes” to Google maps. However, the software used has been recording everything broadcast on those networks, and everyone is up in arms about intrusion into their privacy. My take on this is that they should be glad its Google doing it and not criminal gang of fraudsters looking to hijack their online bank account. Perhaps they should be less indignant about it and thank Google for raising the issue so they can protect their networks.

All the attention is on breach of privacy, however, I think this is all wrong. It should be about the idiots who broadcast all their online activity in a plain unencrypted format. All modern wireless routers these days come with encryption built in, and if its not enabled by default, the installation instructions tell you how to enable it.
It seems that some of the idiots who openly broadcast their network activity include members of US congress and the department of homeland security. My mother has better security in place than these numpties, and they should be eating humble pie, not pointing the finger at Google. If you stand on your roof with a louhailer and should out your bank details and credit card number, and someone overhears you, would you sue them? Get a grip, guys.

More people leaving Facebook over privacy concerns

Do you join things because they’re popular and you’re afraid of missing out on something cool?
Well, Facebook is now officially uncool, at least according to Jason Calacanis The list of well known IT pundits leaving Facebook grows, not only the arguably biased bunch at Google such as Matt Cutts (the anti-spam and SEO guru) but more independent people like Leo Laporte and Peter Rojas, two of the leading IT journalists in the states.

Another interesting article shows the emotional blackmail Facebook uses when you try to deactivate your Facebook account

On a slightly different note, although still related to Facebook’s quest for global domination, Zynga, the maker of Mafia Wars and Farmville, may also be leaving Facebook, according to the timeonline, a move that will hurt FB’s revenue stream. This is over their own issues of getting screwed out of a big % of their cut. Joel Brodie writes an interesting article comparing subscriber bases for FB, Zynga, MySpace, etc.

I doubt the mass market will take any interest in any of these issues, blithely stumbling through the maze of techology that envelopes our lives. What % of people who watched terminator would remember what Skynet was all about? I predict that however uncool Facebook becomes to the geeks, the mass market will still be there, sending imaginary glasses of champagne and fake hugs to their 1000+ “friends.”

Personally, I’m not quite ready to take the plunge and deactivate, although I am letting it slide into dormancy, for which Facebook can apparently close my account as it breaches their terms and conditions.

Stephen Fry, the leader of the anti dumbing down fightback

I could cry sometimes at what has happened to Britain. The dumbing down of our television is so upsetting, we have all this wonderful new technology, digital tv, 5.1 surround sound, flat panel displays, but when I turn on the tv, I every so often hear the Dire Straits lyric, “200 channels with nothing on”

Repeats are one thing, but the dumbing down is worse. This is particularly the case with the news. Why has it got so bad?

This is my theory. If you aim to produce a programme that is comprehensible to only 50% of the population, you are going to lose the rest. Therefore, you dumb it down so more people – say 90% can understand it. Once upon a time, programme makers took a more educational viewpoint, help the users learn more about the world. Now we have so much choice (well not real choice, but setting that aside) people are more likely to flick over, and attention spans are less. Therefore, they don’t do anything that might put the viewers off, like offer alternative viewpoints. So, for example, its easier and quicker to say the Palestinians launching missiles into Israel are terrorists, rather than explain the history of how their country has been occupied by a settler army for several decades and that the Israeli army bulldoze their homes and fire artillery at the areas from where the missiles came. There are many wrongs in that situation, and the innocent always suffer on both sides; violence is not the solution, but the full picture is often left missing.

On a lighter note, I see Stephen Fry as a standard bearer for the fightback against dumbing down. His QI programme got off to a slightly awkward start as he seemed so enthusiastic about the sound of his own voice and what seemed like a sincere passion for spreading knowledge for its own sake, not for any ulterior motive, like financial gain. He got a better balance as the show progressed, though. The contestants were a good choice for adding humour to the show, and to his credit, he prevented the banter from drifting too far from the point whilst not making the show too dry.

His recent programme about HIV/AIDS was also good to watch. I expected a depressing, pessimistic programme, but found it surprisingly light to watch. I considered myself moderately up to date with current affairs but I realised how little I knew about medical progress with HIV. It can almost be managed with drugs and victim’s lifespans are extended, it seems, close to the average person. However, why has there been a virtual media silence on the subject the last 10 years? There are more infected with HIV in Britain today than there were 20 years ago, when the news was filled with people dieing from AIDS in our hospitals.

Anyway, kudos to Stephen Fry for casting a spotlight on the issue! Vive le fightback!