Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: 01/23/06

Monday, January 23, 2006

Visualization, Intelligence and the Starlight project

Today, I came across a stunning collection of complex networks visualizations, that reminded of how we must first learn to visualize and than go deeper into VR. Until, I first visited this project, the Atlas of Cyberspace was perhaps my favorite visualization resource, rather outdated, still has a lot to show.

Visualization is important for today's greatly developed knowledge networks, data mining, and even information security or basic network management issues. But at the bottom line, who always has the best toys, or at least develops them? The academic world? Sort of, except that they need the private sector to go public, so that leaves the U.S military in my point of view :) and they sure do.

The Starlight - Information Visualization Technology is simply a remarkable concept that these folks actually turned into a reality. It uses both structured, unstructured, spatial and multimedia data and provides real-time output, and if you also consider that the project is reportedly down several years ago, for me it opens up the question, who's the successor?

It's national security applications and the syndication of data sources are so clearly visible, that reducing paper-work, platform dependence, information sharing, and perhaps not another Able Danger scenario(if one actually happened!) is the biggest advantage of such a project.

Going back to the "reality"(yeah sure!), in case you've never seen ChicagoCrimes, the free database of crimes reported in Chicago, it's yet another great initiative that again visualizes based on reports and Google Maps, and you don't need a security clearance to use it :) What's else to mention, is CNET's introduction of "The Big Picture" in cooperation with Liveplasma.com of course, clearly, the waves of information flow must be somehow filtered and there's a clear, both, commercial, public and intelligence need for it. Even VR investments are actively taking place, a lot's to come for sure!

Some concepts and clips on visualization :

TouchGraph Google Browser
Real-Time and Forensic Network Data Analysis Using Animated and Coordinated Visualization
F-Secure's visualization of the 1st PC virus, and W32.Bagle, and you can actually see the clip itself.
Visualization study the U.S - clip

Technoratai tags :
security,information security,intelligence,OSINT,starlight,visualization,virtual reality

Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com

Homebrew Hacking, bring your Nintendo DS!

Yesterday, Engadget reported about a "WiFi sniffer" that turns your Nintendo DS, into a wardriving tool and while it lacks certain features, it can still prove "handy", even fuel further security concerns over this steadily developing trend of homebrew hacking experiments.

Removable media is a problem, but would gaming devices turn into a security threat as well? They can sure result in more malware, and this trend, among the many other, made me an impression in respect to the need of interoperability in the upcoming future.

Technorati tags :
security,information security,hacking,homebrew,nintendo,nintendo DS

Dancho Danchev

Still worry about your search history and BigBrother?

The Patriot Search, recently started "helping" any government by making your search activity "public". Its search syntax terrorist:true *keyword*, and terrorist:false *keyword*, gives everyone the opportunity to be honest :) Why did the idea start at the first place?

Because "only 4 out of 5 search engines allowed the government to see "private" user data". Though, a distinction between private searches VS personally identifiable searches should be made as well.

What's going to happen in the future? Search engines regulation, P3P, or stock market losses due to an initiative whose requirements I feel were totally wrong from the very beginning?

Consider going though David Berlind's comments as well!

Technorati tags :
google,bush,privacy,search engine

Dancho Danchev

Cyberterrorism - recent developments

I've once blogged about why you shouldn't stereotype when it comes to Cyberterrorism, and going through the most recent and well researched report on"Terrorism Capabilities for Cyberattack : Overview and Policy Issues"I came across great similarities to what I posted. I think cyberterrorism shouldn't be just perceived as shutting down a stock exchange, or slowing it down, the irony here is that it could actually happen for "good" on a certain occasions :)

Going back to the report, it's a very recent overview of cyberterrorism, and the way it's perceived. Flawed or not I'll leave up to you to decide. What made me an impression anyway?

- CIA's 2005 "Silent Horizon" to practice defending against a simulated widespread cyberattack directed against the United States. I really don't think frontal attack are of any interest, or are they?

- Stolen credit cards were used in the terrorist attacks in Bali. There have also been other cases, of exactly the same, using cyber activities for funding real world crime and terrorism.

- How sensitive information on a future Army command and control system was stolen from an unclassified system by at least reportedly, Chinese hackers. Unclasiffied doesn't necessarily mean someone wasn't having a false sense of security on a .mil domain I guess.

- The U.S Elite Military Hacking Crew, the so called Joint Functional Component Command for Network Warfare (JFCCNW) I feel every military forces have or should have these.

The report also highlights that the Internet is now a prime recruiting tool for insurgents in Iraq. Insurgents have created many Arabic-language Web sites that are said to contain coded plans for new attacks. Some reportedly give advice on how to build and operate weapons, and how to pass through border checkpoints .

- Other news articles report that a younger generation of terrorists and extremists, such as those behind the July 2005 bombings in London, are learning new technical skills to help them avoid detection by law enforcement computer technology

Which is exactly what I've mentioned in my post on Cyberterrorism. I feel, communication, and coordination, besides research is the ultimate goal here.

The only thing that make made me sort of a bad impression was how the only major innovation mentioned is quantum cryptography, and steganography mentioned just twice. I think that this isn't entirely the case, and breaking cryptography doesn't necessarily have to come in form of directly attacking the algorithm itself. That happens to be impossible sometimes, but the first time when I came across the fact that the AU government can use spyware on criminals with the idea too obtain keys, or whatsoever, it makes such issues irrelevant.

On the other hand, the way the Internet provides "them" with more opportunities, the more their traceability improves, or at least give clues to a certain extend.

Technorati tags :
security,information security,cyberterrorism,Terrorism,al qaeda

Dancho Danchev

2006 = 1984?

I recently came across great, and very informative slides on current, and future trends of surveillance technologies that simply stick to the point, as any good slides so to say. "From Target Market to Total Surveillance" is courtesy of the The Special Interest Group for Military Applications (SIGMil) at the University of Illinois, and is among the many talks and quality projects they have running.

"The Survey of Orwellian Technologies" outlines the current situation of privacy invasion and who's who on the market for censorship solutions.

For instance it correctly states that :

- Cisco built the Great Firewall at discount to corner router market

-Video and telephone surveillance networks

-Buying habits and physical location history

-Net access history, web posts and email

Nortel, developed network traffic analysis system dedicated to catching political opposition (Falun Gong)

Motorola, competed with Nokia to provide location tracking

Microsoft, censors words in blog software

Yahoo, actively collaborates in tracking state political opponents via their email, search and chat usage

Google, censors prohibited sites/queries from search– Alters news results to favor nationalized news(Still, Google recently declined the request for access for its databases, compared to the rest of search engines, Yahoo!, MSN)

The worst in this case, from my point of view the experience gained by the companies, in the wrong direction.

I once mentioned how businesses don't have a business choice but to comply, the thing is now the Western media has already started seeking accountability and higher levels of moral.

Basically, profitability shouldn't be an objective,when encouraging the further development of such "regimes". I guess, I still don't have a content filtering agreement with the Chinese government, but I don't even want to..:)

The entire idea of censorship in here is to avoid events in direct confrontation with current "reality", and I think the it isn't wise, keeping it quiet is even worse. The bad thing is that even IBM used to do "business" with the wrong party I guess . What is greed and profit maximization, what is business and morale? Words we remember on Xmas's day for sure!

More info on the topic can also be found at :

International Campaign Against Mass Surveillance

Balancing surveillance

Justifying the cost of digital video surveillance

Protecting Personal Data in Camera Surveillance

Society-and-Surveillance study journal

Technorati tags :

security,privacy,free speech,censorship,surveillance,1984