Distributed cracking of a utopian mystery code

If you have missed the opportunity to buy yourself a portable Enigma encryption machine, or didn't know you could devote some of your CPU power while trying to crack unbroken Nazi Enigma ciphers, now is the time to consider another distributed computing cracking initiative I just came across to - "Assault on the Thirteenth Labour", part of the utopian Perplex City alternate reality game.


More on the story itself :



"The story centers on a fictional metropolis known as Perplex City. The Receda Cube, a priceless scientific and spiritual artefact, has been stolen and buried somewhere on Earth, and the game offers a real-life $200,000 reward to whoever can find it."



As a matter of fact, ever heard of Hive7? This is where the future is going, as I think virtual worlds intrigues result in a more quality real life, don't they? Still, it can also result in security problems with stolen virtual goods. The trend, given the popularity of these, will continue to emerge -- people, both rich and poor are putting hard cash into virtual properties and DoS attacks and phishing practices are already gaining popularity as well.



Technorati tags:
Security, Cryptography, Perplex City, Virtual Worlds, Distributed, New Media Continue reading →

Wanna get yourself a portable Enigma encryption machine?

Hurry up, you still have 5 hours to participate in the sale at Ebay as the BetaNews reported "eBay has long been a purveyor of the unusual and the unique, but it's not often an authentic piece of tech history captures as much attention as the Enigma 3 portable cipher machine that has racked up bids of almost 16,000 euros. The Enigma device was used extensively by Nazi Germany during World War II."



The Enigma machine was a key success factor for the Germans during WWII, until of course its messages started getting deciphered, it's great someone managed to preserve and resell one. Today's situation is entirely different, namely an average Internet user can easily encrypt data achieving military standards with the use of public tools, where Phil Zimmerman's PGP has been cause troubles for governments across the world since its release.


However, what the majority of end users don't realize is the how the keys lenght and the passphrase's quality means totally nothing when law enforcement is sometimes empowered to use spyware, and that quantum cryptography is also subject to attacks. Client side attacks and social engineering ones don't take into consideration any key lenght -- just naivety. In one of my previous posts "Get the chance to crack unbroken Nazi Enigma ciphers"


I mentioned about the existence of a distributed project to crack unroken nazi ciphers you can freely participate into. Being a total paranoid in respect to my favorite SetiATHome, you should also consider the possibility of a SETI Hacker -- which partly happened in Contact in case you reckon.



Technorati tags :
Cryptography, Encryption, Enigma Continue reading →

Get the chance to crack unbroken Nazi Enigma ciphers

Nice initiative I just came across to. From the "M4 Message Breaking Project" :



The M4 Project is an effort to break 3 original Enigma messages with the help of distributed computing. The signals were intercepted in the North Atlantic in 1942 and are believed to be unbroken. Ralph Erskine has presented the intercepts in a letter to the journal Cryptologia. The signals were presumably enciphered with the four rotor Enigma M4 - hence the name of the project.


This project has officially started as of January 9th, 2006. You can help out by donating idle time of your computer to the project. If you want to participate, please follow the client install instructions for your operating system:

Unix Client Install
Win98 Client Install
Win2000 Client Install
WinXP Home Client Install
WinXP Pro Client Install



The first message is already broken as a matter of fact, and looks like that :



Ciphertext :

nczwvusxpnyminhzxmqxsfwxwlkjahshnmcoccakuqpmkcsmhkseinjus
blkiosxckubhmllxcsjusrrdvkohulxwccbgvliyxeoahxrhkkfvdrewezlx
obafgyujqukgrtvukameurbveksuhhvoyhabcjwmaklfklmyfvnrizr
vvrtkofdanjmolbgffleoprgtflvrhowopbekvwmuqfmpwparmfha
gkxiibg



Deciphered and in plain text :

From Looks:Radio signal 1132/19 contents:Forced to submerge during attack, depth charges. Last enemy location08:30h, Marqu AJ 9863, 220 degrees, 8 nautical miles, (I am) following(the enemy). (Barometer) falls (by) 14 Millibar, NNO 4, visibility 10.



You no longer need the NSA to assist in here, still they sure have contributed a lot while "Eavesdropping on Hell", didn't they?



Distributed Computing is a powerful way to solve complex tasks, or at least put the PC power of the masses in use. It's no longer required to hire processing power on demand from any of these jewels, but download a client, start participating, or find a way to motivate your future participants. In my previous post "The current state of IP spoofing" I commented on the ANA Spoofer Project and featured a great deal of other distributed projects. Meanwhile, the StartdustAThome project also started gaining grounds, so is it ETs, Space dust, global IP spoofing susceptibility, or unbroken Nazi's ciphers - you have the choice where to participate!



Technorati tags :
Security, Cryptography, Enigma, Distributed Continue reading →

The current state of IP spoofing

A week ago, I came across a great and distributed initiative to map the distribution of spoofable clients and networks - the ANA Spoofer Project, whose modest sample of 1100 clients, 500 networks and 450 ASes can still be used to make informed judgements on the overall state of IP Spoofing. I once posted some thoughts on "How to secure the Internet" where I was basically trying to emphasize on the fact that securing critical infrastructure by evaluating how hardened to attacks it really is, can be greatly improved as a concept. What if that infrastructure is secured, but the majority of Internet communications remain in plain-text, and are easily spoofable, which I find as one of the biggest current weaknesses. If you can spoof there's no accountability, and you can even get DDoSed by gary7.nsa.gov, isn't it? (in the original Star Trek series, Gary Seven was the covert operative who returned from the future to fix sabotage to the United States' first manned rocket to the moon moments before lift off).

On the other hand, according to Gartner IPSec will be dead by 2008, but I feel this is where its peak and maturity would actually be reached. IPv4 will evolve to IPv6, therefore IPSec will hopefully be an inseparable of the Internet.

So what's the bottom line so far?

- 366 million spoofable IP addresses out of 1.78 billion
- 43,430 spoofable netblocks
- 4700 spoofable ASes out of 18450
- NAT's and XP SP2's make their impact

The higher the population the scarier the numbers for sure! I have always believed in distributed computing and the power of the collective intelligence of thousands of people out there. Be it integrating powerful features whose results are freely available to the public through OEM agreements or whatsoever, I feel in the future more vendors will start taking advantage of their customers' base for

How you can contribute? Pick up your client, start spoofing, but make sure your actions don't raise someone's eyebrows, even though you simply wanted to contribute, that's just a couple of packets to a university's server that's looking forward to receiving them this time :)

Dshield.org - the Distributed Intrusion Detection System is a very handy and useful OSINT tool that is obviously being used by the NSA as well (check out the Internet Storm Center's post on this, and the photo itself) UPDATE : Cryptome also featured fancy pictures from the NSA's Threat Operations Wizardy.

What is your opinion on the current state of IP Spoofing on the web and the fact how handy this insecurity comes to DDoS attacks? What should be done from your point of view to tackle the problem on a large scale?

You can also consider going through many other distributed concepts :

The original DES Cracker Project
DJohn - Distributed John
Bob the Butcher distributed password cracker
Seti at Home
ForNet : A Distributed Forensics Network
Pandora - Distributed Multirole Monitoring System
FLoP - distributed Snort sensor
DNSA - DNS auditing tool
Despoof - anti packet spoofing

As well as read more info on IP Spoofing, Distributed concepts and related tools :

IP Spoofing - An Introduction
Distributed Tracing of Intruders
Distributed Phishing Attacks
MAC Distributed Security
IPv6 Distributed Security(draft)
Distributed Firewalls
Web Spoofing
The threats of distributed cracking

Technorati tags:

security, information security, spoofing, IPSec, IPv6, distributed

Continue reading →