China's Internet Censorship Report 2006

Censorship is as bad, as looking directly into the sun which causes blindness, and still remains the among the few key prerequisites for successfully running a modern communism type of government, namely the leader's appearance. And while it's obvious that wearing eyeglasses is supposedly making you look smarter, I'm certain that it's not reading on candles, but censorship that's causing the overal blindness of party members on average.

Human Rights Watch recently reseased a very comprehensive report on China's Internet censorship philosophy, technologies, social implications and the business parties involved.

Meanwhile, the blocked since 2002 Blogger.com seems to be again accessible in China. A battle victory for free speech? Don't be naive, the reason it's still accessible is that they figured out how to censor what needs to be censored -- reverse model consisting of allowing everything, and blocking as well as monitoring access to potentially dangerous blogs. Less negative public opinion for sure, a good indication on why the Great Firewall has the potential to get breached into from within. Here are key summaries of what made me an impression:

01. URL de-listing on Google.cn, Yahoo! China, MSN Chinese and Baidu

02. Comparative keyword searches on Google.cn, Yahoo! China, MSN China, Baidu, Yahoo.com, MSN search and Google.com

03. The words you never see in Chinese cyberspace - courtesy of Chinese hackers located a document within the installation package of QQ instant messaging software :

falun, sex, tianwang, cdjp, av, bignews, boxun, chinaliberal, chinamz, chinesenewsnet, cnd, creaders, dafa, dajiyuan, dfdz, dpp, falu, falun, falundafa, flg, freechina, freedom, freenet, GCD, gcd , hongzhi , hrichina , huanet , hypermart , incest , jiangdongriji , lihongzhi ,making , minghui , minghuinews , nacb , naive , nmis , paper , peacehall , playboy , renminbao , renmingbao , rfa , safeweb, sex , simple , svdc , taip , tibetalk , triangle , triangleboy , UltraSurf , unixbox , ustibet , voa, voachinese, wangce, wstaiji, xinsheng, yuming, zhengjian, zhengjianwang, zhenshanren, zhuanfalun

04. The Great Firewall of China: Keywords used to filter web content :

Names of People
Bao Tong, Chen Yonglin, Cui Yingjie, Ding Jiaban, Du Zhaoyong, Gao Jingyun, Gao Zhisheng, He Jiadong, He Weifang, Hu Xingdou, Hu Yuehua, Hua Guofeng, Huang Jingao, Jiang Mianheng, Jiang Yanyong, Jiang Zemin, Jiao Guobiao, Jin Zhong, Li Zhiying, Liang Yuncai, Liu Jianfeng, Liu Junning, Liu Xiabobo, Nie Shubin, Nie Shubin (repeated),Sun Dawu, Wang Binyu, Wang Lixiong, Xu Zhiyong, Yang Bin, Yang Dongping, Yu Jie, Zhang Weiying, Zhang Xingshui, Zhang Zuhua,Zhao Yan, Zhou Qing, Zhu Chenghu, Zhu Wenhu, Zi Yang (in English), Ziyang (in Chinese), Ziyang (in English), zzy (in English, abbreviation for Zhao Ziyang)

Chinese Politics
17th party congress, Babaoshan,Beat [overthrow] the Central Propaganda Department, Blast the Central Propaganda Department, Block the road and demand back pay, Chief of the Finance Bureau, Children of high officials, China liberal (in English), Chinese Communist high officials, Denounce the Central Propaganda Department, Down with the Central Propaganda Department, Impeach, Lin Zhao Memorial Award, Patriots Alliance, Patriots Alliance (abbreviated), Patriots Alliance Web, Police chase after and kill police, Pollution lawsuit, Procedures for dismissing an official, Red Terror, Set fires to force people to relocate, Sons of high officials, The Central Propaganda Department is the AIDS of Chinese society, Villagers fight with weapons, Wang Anshi’s reform and the fall of the Northern Song dynasty, Specific Issues and Events, Buy corpses, Cadres transferred from the military, Cashfiesta (English), Cat abuse, Changxin Coal Mountain, China Youth Daily staff evaluation system, Chinese orphanage, Chinese Yangshen Yizhi Gong, Demobilized soldiers transferred to other industries, Dongyang, Dongzhou, Fetus soup, Foot and mouth disease, Fuzhou pig case, Gaoxin Hospital, High-speed train petition, Hire a killer to murder one’s wife, Honghai Bay, Horseracing, Jinxin Pharmaceutical, Kelemayi, Linyi family planning, Market access system, Mascot, Military wages, No Friendlies, Prosecutor committed suicide, Pubu Ravine, Shanwei government, Suicide of deputy mayor, Suicide of Kuerle mayor, Swiss University of Finance, Taishi village, Top ten worst cities, Wanzhou, Weitan [Village], Zhang Chunxian welcomes supervision against corruption, Falun Gong

Terms related to the banned Falun Gong spiritual movement, including phrases from its “NineCommentaries” manifesto against the Communist Party
Chinese Communist Party brutally kills people, dajiyuan (in English), Defy the heavens, earth and nature. Mao Zedong, Epoch Times, Epoch Times (written with a different character), Epoch Times news Web site, Evaluate the Chinese Communist Party, Evaluate the Chinese Communist Party (abbreviated), falundafa (in English), flg (in English), Fozhan Qianshou Fa, Guantong Liangji Fa, In the Chinese Communist Party, common standards of humanity don’t exist, Li Hongzhi, lihongzhi (in English), Master Li, minghui (in English), Mother and daughter accused each other, and students and teachers became enemies, New Tang dynasty TV Station, Nine Commentaries, No. 1 evil cult in the world, Obedient citizens under its brutal rule, People become brutal in violence, Chinese Communist Party, People developed a concept of the Chinese Communist Party, but, People who could escape have escaped, and had people to seek refuge with, Quit the party, Run the opposite direction of the so-called ideals of Communism, Shenzhou Jiachifa, Spring Festival Gala of the World’s Chinese, Steal people’s painstaking work, Truth, Compassion, Tolerance [Falungong slogan], Zhenshanren (in English) [same slogan in English]

Overseas Web Sites, Publications and Dissident Groups
Century China Foundation, China Issues Forum, China Renaissance Forum, China Society Forum, China Spring, Chinese Current Affairs, Chinese World Forum, EastSouthWestNorth Forum, EastWestSouthNorth Forum, Forum of Wind, Rain and the Divine Land, Freedom and Democracy Forum, Freedom to Write Award, Great China Forum, Han Style, Huatong Current Affairs Forum, Huaxia Digest, Huayue Current Affairs Forum, Independent Chinese PEN Center, Jimaoxin Collection, Justice Party Forum, New Birth Web, New Observer Forum, North American Freedom Forum, reminbao (in English), remingbao (in English), Small Reference, Spring and Summer Forum, Voice of the People Forum, Worldwide Reader Forum, You Say I Say Forum, Zhengming Forum, Zhidian Jiangshan Forum, Zhongshan Wind and Rain Forum

Taiwan
Establish Taiwan Country Movement Organization, Great President Chen Shui-bian, Independent League of Taiwan Youth, Independent Taiwan Association, New Party, Taiwan Freedom League, Taiwan Political Discussion Zone

Ethnic Minorities
East Turkestan, East Turkestan (abbreviated), Han-Hui conflicts [ethnic conflicts], Henan Zhongmu, Hui [muslim ethnic minority] rebellion, Hui village, Langcheng Gang, Nancheng Gang, Nanren Village, Tibet independence, Xinjiang independence, Zhongmu County

Tiananmen Square
Memoirs of June 4 participants, Redress June 4, Tiananmen videotape, Tiananmen incident, Tiananmen massacre, Tiananmen generation, World Economic Herald

Censorship
Cleaning and rectifying Web sites, China’s true content, Internet commentator, News blockade

International
Indonesia, North Korea falls out with China, Paris riots, Tsunami

Other
Armageddon, Bomb, Bug, Handmade pistol, Nuclear bomb, Wiretap, Chinese People Tell the Truth, Chinese People Justice and Evil, China Social Progressive Party, Chinese Truth Report, Dazhong Zhenren Zhenshi, Jingdongriji (English), Night talk of the Forbidden City, People’s Inside Information and Truth

Take your time to understand the Twisted Reality courtesy of China's Internet Censorship efforts, and learn more on how to undermine censorship.

Related resources and recent posts:
Censorship
China's Interest of Censoring Mobile Communications
South Korea's View on China's Media Control and Censorship Continue reading →

Malware Statistics on Social Networking Sites

Huge traffic aggregators such as the majority of social networking sites,attract not only huge percentage of the Internet's population on a regular basis, but also malware authors taking advantage of the medium as an infection vector -- and why not as a propagation one as well?

ScanSafe just came up with some nice stats on the average number of social networking pages hosting malware - based on five billion web requests, there's one piece of malware hosted in 600 social networking pages :

"According to an analysis of more than five billion Web requests in July, ScanSafe found that on average, up to one in 600 profile pages on social-networking sites hosted some form of malware. The company also reported that the use of social-networking sites, often assumed to be popular only with teens, accounted for approximately 1 percent of all Web use in the workplace. “Social-networking sites have been newsworthy because of the concern over our children’s safety, but beyond unsafe contact with harmful adults, these sites are an emerging and potentially ripe threat vector that can expose children to harmful software,” said Eldar Tuvey, CEO and co-founder, ScanSafe. “Users are frequently subject to unwanted spyware and adware that can compromise their PCs, track online behavior and degrade PC performance.”

SpiDynamics recent research into Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript , Hacking RSS and Atom Feed Implementations, and the countless web application vulnerabilities in popular portals turn this into a malware author's wet dream come true. You can also go through my key points on web application malware I made at the beginning of 2006, the "best" is yet to come.

Related resources and posts:
Malware
Malware Targets Social Networks - podcast
The Current State of Web Application Worms
Web Application Email Harvesting Worm Continue reading →

Analyzing the Intelligence Analysts' Factors of Productivity

Outstanding perspective, given the author is an ex-CIA analyst himself. Controversial to the common wisdom of a Project Manhattan type of departamental seperation -- everyone's working to achieve the same goal, whereas no one knows what the others are doing -- there's a growing trend of better analyzing and responding to an intelligence analyst's productivity needs. Watchin' the Analysts greatly descibes the Intelligence Community's efforts to sense and respond to these growing trends of collaboration, in between figuring out how to balance the possible security implications. Great reading, especially the infamous news headline on how the CIA got "hacked" through an internal unofficial communication chat room, one that they were unaware of by the time. The paper discusses LinkedIn, Del.icio.us, Blogs, and highlights the basic truth that "Anything You Can Do, I Can Do Meta..", an excerpt :

"Analysts interact among themselves, as a complex community web of knowledge. Analysis of those sorts of networks would be worthwhile, and is being done in the commercial sector, through a variety of tools. In the fall of 2000, the CIA shut down a so-called “chat room” operating unofficially over Agency networks; four employees lost their jobs, with other employees and contractors given reprimands. I had left the Agency in 1994, but numerous of those involved were friends and former colleagues. My impression was that what occurred was more embarrassing than threatening, and that agency management ought to understand how and why such virtual communities form—whether they’re facilitated or frustrated by the “official” infrastructure—and appreciate their value. Various network visualization tools would have readily revealed anomalous (at least as far as official business was concerned) traffic, but analysts will want and need an environment that fosters creativity and community, and ought to be given one."

However, there's a certain degree of internal censorship going on, the way employers often have strict guidelines on employees blogging activities, the CIA recently fired an analyst over an internal blog posting related to the Geneva Convention and torture. Risk management solutions, besides visualization are, of course, taking place as well.

Related resources and posts:
Intelligence
Visualization, Intelligence and the Starlight Project
"IM me" a strike order
Covert Competitive Intelligence
India's Espionage Leaks
Japan's Reliance on U.S Spy Satellites and Early Warning Missile Systems Continue reading →

AOL's Search Leak User 4417749 Identified

A Chief Privacy Officer and basic common sense anyone?

As you all know, during the weekend 20M search queries of 650,000 AOL users leaked, and are all over the Internet available for download. It's simple unbeliavable that the only measure to ensure the privacy of the data was the "unique ID", and how often does the excuse of improving search results pop out. No need for subpoenas this time, but basic use of filtering techniques.

Seems like AOL searcher 4417749 has been identified by a NYtimes reporter :

"Buried in a list of 20 million Web search queries collected by AOL and recently released on the Internet is user No. 4417749. The number was assigned by the company to protect the searcher’s anonymity, but it was not much of a shield. No. 4417749 conducted hundreds of searches over a three-month period on topics ranging from “numb fingers” to “60 single men” to “dog that urinates on everything.” And search by search, click by click, the identity of AOL user No. 4417749 became easier to discern. There are queries for “landscapers in Lilburn, Ga,” several people with the last name Arnold and “homes sold in shadow lake subdivision gwinnett county georgia.” It did not take much investigating to follow that data trail to Thelma Arnold, a 62-year-old widow who lives in Lilburn, Ga., frequently researches her friends’ medical ailments and loves her three dogs. “Those are my searches,” she said, after a reporter read part of the list to her."

Hope AOL gets to win the Big Brother Awards, nominated for sure.

Related resources and posts:
Privacy
Still worry about your search history and BigBrother?
The Feds, Google, MSN's reaction, and how you got "bigbrothered"?
What search engines know, or may find out about us?
Security vs Privacy or what's left from it
Snooping on Historical Click Streams
Brace Yourself - AOL to Enter Security Business Continue reading →

Big Momma Knows Best

Wish it was the Chinese equivalent of Big Brother I'm refering to, in this case it's a mother of six tracking down teenagers who toilet-papered her house, and mind you, she didn't even bother to use MySpace, instead :

"Base persuaded supermarket managers to tally daily toilet-paper buys for the week and a Stater Bros. manager said there was a run on bathroom tissue two days before her home was vandalized. At 7:30 p.m. Feb. 17, someone bought 144 rolls of toilet paper, cheese, dog food, flour and plastic forks, the same items found on her lawn and house. It was a cash transaction, making it difficult to trace the purchaser, but the store had video surveillance. The video showed four teenagers making the purchase, one of them wearing a Norco High School letterman's jacket with a name stitched across the back. The store's parking lot surveillance camera showed the truck they were using. Base then borrowed a Norco High yearbook and used online databases to get the name, phone numbers and addresses of the teens on the store tape."

One question remains though. If she managed to socially engineer the supermarket's staff to pass her transactions info, even a surveillance camera footage, I wonder where they were shopping from, and would her detective work findings hold in court given how they were obtained. What if they used a distributed shopping practice?

You may also find a previous post on Big Brother in the Restroom, a relevant one.

UPDATE: Great post at Angela Gunn's Tech_Space. Keep your friends close, your neighbors closer! Continue reading →

JitterBugs - Covert Keyboard Communication Channels

WarTyping, keyboard acoustic emanations, and here comes a full-scale covert espionage tool recently discussed in an in-depth research at the 15th USENIX Security Symposium. Researchers at the CS department of University of Pennsylvania developed a working prototype of a JitterBug Covert Channel :

"This paper introduces JitterBugs, a class of inline interception mechanisms that covertly transmit data by perturbing the timing of input events likely to affect externally observable network traffic. JitterBugs positioned at input devices deep within the trusted environment (e.g., hidden in cables or connectors) can leak sensitive data without compromising the host or its software. In particular, we show a practical Keyboard JitterBug that solves the data exfiltration problem for keystroke loggers by leaking captured passwords through small variations in the precise times at which keyboard events are delivered to the host. Whenever an interactive communication application (such as SSH, Telnet, instant messaging, etc) is running, a receiver monitoring the host's network traffic can recover the leaked data, even when the session or link is encrypted. Our experiments suggest that simple Keyboard JitterBugs can be a practical technique for capturing and exfiltrating typed secrets under conventional OSes and interactive network applications, even when the receiver is many hops away on the Internet."

The trade-off remains on whether physically restoring the device would remain undetected, compared to directly streaming the output outside the network. I'll go for the covert network timing whereas insecurities and flexibility are always a matter of viewpoint.

UPDATE: The future defined - Projection Keyboards

Related resources:
Espionage Ghosts Busters
Covert Channel
Gray-World Team
IP Covert Timing Channels: An Initial Exploration
Information Theory of Covert Timing Channels
Detection of Covert Channel Encoding in Network Packet Delays Continue reading →

Malware Bot Families, Technology and Trends

In case you want to know more about the evolution of bots, and ease of assembling a botnet, why families take the largest zombie share compared to single bachelors only, or which technologies dominate the threatscape - go through the slides of this study on identifying "interesting" bot technologies within a large malware collection. Bot Feature & Technology Trends by Robert Lyda also highlights distribution of bot variants from the following families :

GaoBot
SpyBot
MyTob
PolyBot
PoeBot
gBot
BrepiBot
DanishBot
NetBot
KvdBot
TriBot
TongBot
SdBot
KwBot
BugBot

As well as :

- Emergence of Bots as of eggdrop's 1993 appearance
- 2005 Bot Family Percentage per Month
- Bot Feature Percentage of All Variants
- Bot Feature Percentage Over All Variants
- Bot Technology Trends for 2005
- Bot Packing Analysis
- Prelevance of the Top 12 Packing Tools

To bottom line - bot families result in anti virus software detecting over 200,000 pieces of malware already, trouble is the majority of them have long converted into family members rather than staying bachelors only as it used to be. Malware on demand and Open Source Malware, combined with the ease of packing, are definitely making their impact.

Related resources and posts:
Malware
Splitting a Botnet's Bandwidth Capacity
An Intergalactic Security Statement
Malware Search Engine Continue reading →

DVD of the Weekend - The Final Cut

This weekend's featured DVD is a marvelous representation of a full-scale 1984 type of mass surveillance society, but compared to an utopian party acting as the caring BigBrother, here it's the inavitable advances of technology, and availability of services leading to the ultimate digital preservation of our entire living -- through our own eye-embedded implants. Worth taking your time to watch this "remixing" of reality leading to the ultimate saint, but I have to agree with SFAM's comments on the "usefulness" of the technology for compiling a 30 min funeral clip only. The rest is the plot itself.

A brief summary of The Final Cut :

"In a near undefined future, people may have a Zoe microchip implanted in their nervous system to permit their families retrieve the best moments of their memories and watch on video after their deaths. This process is called "Rememory" and Alan H. Hakman (Robin Williams), a man traumatized by an incident in his childhood, is the best cutter of the Eye Tech Corporation. The company is facing groups that oppose to the "Rememory" and the ex-cutter Fletcher (Jim Caviezel) is leading these opponents. When Alan is assigned to prepare the final cut of the memories of the Eye Tech lawyer Charles Bannister, his Zoe chip is disputed by Fletcher. Meanwhile, Alan finds that he has also an implanted microchip, which is against the rules of a cutter."

You can also go through CyberPunkReview's comments and snapshots of The Final Cut.

Related resources:
Surveillance
Privacy

UPDATE: Seems like Blogspot is only searching through 7 out of my 209 posts, and ignoring the conspiracy theory you can still do it the old fashioned way - Surveillance, Privacy, Malware, Censorship, Cyber terrorism, Intelligence, etc. Continue reading →

Future in Malicious Code 2006

What's new on the malware front? Quite some new developments to be included in Q2's summary for 2006, I'm about to finalize any time now. Just came across to a great continuation of my original Malware - Future Trends publication, this time courtesy of the Royal Canadian Mounted Police, quoting and further expending the discussion on my key points :

- Mobile malware will be successfully monetized
- Localization as a concept will attract the coders' attention
- Open Source Malware
- Anonymous and illegal hosting of (copyrighted) data
- The development of Ecosystem
- Rise in encryption and packers
- 0day malware on demand
- Cryptoviral extortion / Ransomware will emerge
- When the security solutions (antivirus etc.) ends up the security problem itself
- Intellectual property worms
- Web vulnerabilities, and web worms - diversity and explicit velocity
- Hijacking botnets and infected PCs
- Interoperability will increase the diversity and reach of the malware scene

A brief summary :

"This report will provide an overview of the numerous malicious code trends experts are observing and those they predict will be seen in the foreseeable future. This is not a document that will chart the future of malicious code as that would be impossible. Malware writers move very quickly. They are adaptable and very often they are exploiting vulnerabilities before the rest of the security industry is fully aware of them. Their flexibility and reaction speed is essential if they wish to continue to make a profit and stay ahead of the anti-virus companies who are constantly devising new ways to detect and remove hostile code. As a result, some of the trends covered in this document may never fully evolve and others that have not been mentioned will, no doubt, appear.This document will give readers a better sense of what is coming “down the pipe” and perhaps, a better idea of what to look for when dealing with tomorrow’s malicious code."

Professionally questioning a vendor's or mogul's self-mythology is the anti-mogul speciality. Don't just slice the threat on pieces and take credit for slicing it, let's discuss the pie itself.

Meanwhile, keep an eye on my Delicious Information Warfare summaries, and syndicate them if time equals opportunities. Continue reading →

Mobile Devices Hacking Through a Suitcase

Define:nerd

"Luca Carettoni and Claudio Merloni are security consultants at Milan, Italy-based Secure Network. The two created the BlueBag to raise awareness about the potential of attacks against Bluetooth-enabled devices, they said in an interview at the Black Hat security event in Las Vegas. The BlueBag is a roll-aboard suitcase filled with hardware. That gear is loaded with software to scan for Bluetooth devices and launch attacks against those, the two men said. We started evaluating how Bluetooth technology was spread in a metropolitan area, Carettoni said. We went around airports, offices and shopping malls and realized that a covered bag can be used quite effectively for malicious purposes."

Outstanding execution of the idea, I still wonder what would the content of the suitcase look like through an X-ray if they ever get to pass through one of course. Go through the entire photo session at Black Hat 2006, by Joris Evers @CNET NEWS.com's team, as well as over the basics of bluetooth (in)security.

Continue reading →

Achieving Information Warfare Dominance Back in 1962

The point here isn't the consolidation indicated in the article :

"The consolidation involves Singer’s headquarters staff, and subordinate Naval Security Group Activities (NSGA) and detachments (NSGD). When fully completed, the action will combine the Navy's enlisted Cryptologic Technicians and Information Warfare officers into the same organization as the Navy’s Information Systems Technicians and Information Professional officers. The IO warfare area is composed of five core integrated capabilities: Electronic Warfare, Computer Network Operations, Psychological Operations, Military Deception and Operational Security. These combine with related capabilities to provide “Information Dominance,” the concept of controlling an adversary’s use of the information and communications environment while protecting one’s own."

but the advances of intercepting electromagnetic emissions reflected off the Moon back in 1962, through the NRRO 600-Foot Steerable Parabolic Antenna :

"Naval Radio Research Observatory (NRRO). This observatory is to be erected at Sugar Grove, West Virginia for exploiting lunar reflective techniques for the purposes of intelligence collection, radio astronomy, and communications-electronics research. A 600-foot steerable parabolic radio antenna will provide for the reception of electromagnetic emissions reflected off the moon. As an intelligence device it will provide for reception and analyzing emissions from areas of the world not now accessible by any other known method, short of physical penetration. The Observatory is planned to be operational in FY 1962."

Here's more info on the concept :

"Although the 600-ft telescope was never built, a satellite-based alternative, called `GRAB' (Galactic RAdiation Background), was launched in June of 1960. Again, this was a dual-use system. The world's first elint satellite and astronomical observatory were integrated into the same satellite bus, with astronomy serving as an operational front for the whole. A second GRAB was launched in 1962. This interface of classified and basic research tells us about the pursuit of science and science-based technologies during the Cold War."

Nowadays it just seems to be full of bird listeners using parabolic microphones, activists "hacking" TV and Radio signals, and others conducting sophisticated TECHINT on the war field.

Related resources:
InformationWarfare
Cyber Warfare
PSYOPS
Intelligence Continue reading →

One Time Password Generating Credit Card

This is cute as it solves a major problem with customers having to use, and more easily lose tokens. Neat integration with the push of a button on the one time password generating credit card :

"It took InCard four years to develop the card, Finkelstein said. The company combined technology from a Taiwanese display maker, a U.S. battery manufacturer and a French security team, he said. A Swiss partner, NagraID, owns the rights to the process to combine the pieces and actually manufacture the technical innards of the card. The biggest development challenges were the ability to bend the card, power consumption and thickness, Finkelstein said. The result is a card that's as thin and flexible as a regular credit card and is guaranteed to work for three years and 16,000 uses. "Which is about 15 times a day, seven days a week," Finkelstein said."

Compliance with the FFIEC, or an emerging trend of convergence, trouble is it doesn't solve the majority of issues related to phishing attacks, rather it has the potential to undermine other companies' offerings. Now all they need is someone who'll take the role of an evangelist besides the well networked company executives.

Related posts:
Anti Phishing Toolbars - Can You Trust Them?
Heading in the Opposite Direction
No Anti Virus Software, No E-banking for You Continue reading →

But Of Course It's a Pleasant Transaction

Great example of automated bots attacking Ebay's core trust establishing process- the feedbacks provided by users taking advantage of the wisdom of crowds to judge on their truthfulness :

"Again, a sharp eye may notice that feedback comments received from sellers are identical, and read almost in the same order. This is because most 1-cent-plus-no-delivery-cost sellers automate the whole transaction: should someone buy their eBooks for one cent each, some scripts email it automatically to the buyer, and leaves a standard feedback comment on the buyer’s profile. So, if we recollect everything, the following is probably happening:

1. Someone is massively creating randomly named, fake user accounts (probably in a more or less automated fashion).
2. Those fake users, powered by automated web spider software, are set to scavenge eBay for 1-cent "buy it now" items and buy them.
3. Automatically, the 1-cent item seller script is emailing the buyer with the item, and posts its standard feedback on his profile.
4. The fake user automatically responds with a standard feedback comment on the seller’s profile.

In a nutshell: Two bots are talking. And doing business."

The use of CAPTCHAs, and ensuring the bots never manage to register themselves, is as important as the automated the process of bypassing CAPTCHA authentication . Expect to see a much better random generation of pseudo users, and their feedbacks compared to these one. And since Ebay is no longer an intermediary, but a platform, bots got plenty of seed data to begin their life with, don't they?

These very same techniques apply to common networks such as the Internet Relay Chat, and the majority of instant messengers where malware tries to, either take advantage of a momentum and forward itself to a buddy, or keep the discussion going until the time for a fancy photo session exchange has come. Continue reading →

Things Money Cannot Buy

1. Love with tingles
2. True Friends
3. Respect, one when the results go beyond the position and size of market capitalization
4. Style
5. Childhood full of joy
6. Knowledge, diploma and insider leaks are something else
7. And obviously Innovation as you can see at this slide and compare it to the rough reality for the top tech R&D spenders. 800 pound market capitalization gorillas for sure, but not innovators. A knowledge driven society results in talent wars -- permanently attracting the walking case studies is also important.

Outspending ends up in budget allocation myopia, compared to actually prioritizing your R&D efforts. You aren't productive when you have all the cash in the world, exactly the opposite, and passion does play a crucial role when it comes to creativity. Go through a handy summary of a study on Does R&D spending deliver results? as well. Continue reading →

Japan's Reliance on U.S Spy Satellites and Early Warning Missile Systems

With China breathing down Japan's neck, and North Korea crying for attention by actively experimenting with symmetric and asymmetric warfare capabilities, Japan's need for better reconnaissance, and limiting of its imagery gathering dependence has been in the execution stage for years as Reliance on U.S. intelligence on missile launch shows need for improvement :

"The two spy satellites currently in operation are both polar orbiters circling the globe at altitudes of 400 to 600 kilometers. If the fourth, a SAR satellite, is launched in 2007 as planned, it will complete the four-satellite reconnaissance system, and the country will be able to monitor any point on Earth at least once a day, officials said. It will therefore become possible for Japan to monitor day-to-day changes in North Korean missile-launching sites. The problem, however, is if the system will be effective at the moment of a missile launch, which would depend on the weather and positions of the satellites at the time, officials said on condition of anonymity. In stark contrast with Japan, the United States has orbited more than 100 satellites, at least 15 of which are reportedly for intelligence-gathering purposes, they said. As experts put it, the U.S. satellites can identify objects as small as 8 to 9 centimeters in size if weather conditions are ideal. The United States has five early-warning satellites, including one for backup purposes, keeping watch over North Korea around the clock, they said."

They're definitely using open source IMINT on North Korea as well, or requesting detailed imagery on demand through commercial providers, in between further developing their early warning systems. Go through an article on Japan's Information Gathering Satellites Imagery Intelligence in case you're interested in their past efforts in this direction. However, I feel it's their neighbors' cyber warfare capabilities they should be also worried about.

Image courtesy of Northrop Grumman. Continue reading →

DVD of the Weekend - Path to War

As I've been busy catching up with way too many things to list them, I'd better finalize my creativity efforts and provide you with the results as they appear during the week. Meanwhile, current events being constantly streamed and brainwashed from every TV channel you try to watch -- remember how in 1984 only the party leaders had the privillege to turn off their 24/7 propaganda streams? Feel empowered nowadays -- made me think on how today's situation slightly represents the one filmed in the Path to War, especially the partisan warfare activities.You can never win a partisan war, what you'll end up with is your ego and nose bleeding, and your heroistic wings sort of broken. Feeling, or positioning yourself for powerful PSYOPS while destroying a country's infrastructure to eradicate the partisan fighters, is one of my favorite moments in the movie, especially when they realized how they've managed to destroy 140% of Vietnam's infrastructure and were still losing the war.

Even worse, having to power and diplomatic influence to make a change,while being a beauraucrat to win time as someone else's about to take care of your dirty laundry is such a bad example for the rest of the democratic world, yet a convenient one.

Great post at DefenseTech on autonomous warfare, destroy the oil resources to limit the movement of suppliers - have a dozen of grannies move them on bycicles or take it personally, destroy a bridge, and see a wooden one build within day or two, every war is an act of terrorism by itself, where the term "acceptable levels of casualties" constantly jumps from the military to the political dictionary.

Previous DVDs of the Weekend and related comments:
DVD of the Weekend - The Lone Gunmen
DVD of the Weekend - The Outer Limits - Sex And Science Fiction Collection
DVD of the Weekend - War Games
DVD of the Weekend - The Immortals
DVD of the Weekend - Lawnmower man - Beyond Cyberspace Continue reading →

The Beauty of the Surrealistic Spam Art

Given the volume of spam representing over 50% of the world's email traffic, obviously to some it represents a huge sample to draw sadness or anger out of, and of course, visualize the findings. One man's spam is Alex Dragulescu's art :

"He doesn't use Photoshop but simply writes code to create computer art. For the Spam Plants, he parsed the data within junk e-mail--including subject lines, headers and footers--to detect relationships between that data. Then he visually represents those relationships. For example, the program draws on the numeric address of an e-mail sender and matches those numbers to a color chart, from 0 to 225. It needs three numbers to define a color, such as teal, so the program breaks down the IP address to three numbers so it can determine the color of the plant. The time a message is sent also plays a role. If it's sent in the early morning, the plant is smaller, or the time might stunt the plant's ability to grow, Dragulescu said. The size of the message might determine how bushy the plant is. Certain keywords, such as "Nigerian," might trigger more branches. But Dragulescu did not inject any irony. Messages about Viagra do not grow taller, for example."

I feel that now every spammer can pretend about being a stylish art admirer, with his spamming historical performance hanging on the wall, or perhaps it's my surrealistic black humor.

Related posts on spam and visualization :
Fighting Internet's email junk through licensing
An Over-performing Spammer
Consolidation, or Startups Popping out Like Mushrooms?
Dealing with Spam - The O'Reilly.com Way

Visualization, Intelligence and the Starlight project
Visualization in the Security and New Media world Continue reading →

Splitting a Botnet's Bandwidth Capacity

Metaphorically speaking, I always say that the masssess of end users' bandwidth is reaching that of a mid size ISP, while the lack of incentives or plain simple awarenss is resulting in today's easily assembled botnets. Freaky perspective, but that's what I perceive the trade-off out of this major economic boost given the improved connectivity France Telecom is about to offer to its customers in 2007/2008 - Fiber at Home with 2.5Gbits/s download, and 1.2Gbits/s upload. As it looks like, an end user is gonna be worth a hundred more infected ones in the near future.

More on malware. Continue reading →

Latest Report on Click Fraud

Google does have countless features, and it's not even considering to stop rolling new ones, but the secret to its huge market capitalization and revenue stream remains its advertising model fully utilizing the Long tail's concept. Therefore, click fraud remains the key issue to deal with, if they want to continue beating Wall Street's expectations. Last week Google released a commissioned report evaluating their anti click fraud methods, here's an excerpt on the four lines of defense :

"Google has built the following four 'lines of defense' for detecting invalid clicks: pre-filtering, online filtering, automated offline detection and manual offline detection, in that order. Google deploys different detection methods in each of these stages: the rule-based and anomaly-based approaches in the pre-filtering and the filtering stages, the combination of all the three approaches in the automated offline detection stage, and the anomaly-based approach in the offline manual inspection stage. This deployment of different methods in different stages gives Google an opportunity to detect invalid clicks using alternative techniques and thus increases their chances of detecting more invalid clicks in one of these stages, preferably proactively in the early stages."

Despite Eric Schmidt's comments on click fraud as "self correcting" issue, Mark Cuban takes another perspective I find a very relevant one.The key remains the balance between Google's technologies and efforts to build awareness on the problem, very informative report. Pay-per-click is a powerful model forwarding the responsibility for eventual transactions to the advertiser's value added propostion, as compared to a Pay per action model. I doubt Google would have ever reached a stock split debate in its history if it were to use one.

Moreover, with the growing interest in a Pay-per-call model and the rise in voice phishing, it turns the trend into a hot one to keep an eye on for the upcoming future. Continue reading →

An Intergalactic Security Statement

Hell of a comment on the Malware Search Engine. Hackers crack secret Google malware search codes :

"Hidden malware search capabilities within Google which were reserved for antivirus and security research firms just weeks ago have been cracked by hackers, according to security industry sources. The key to finding malware in Google lies in having the signature for the specific malware program, according to researchers from enterprise IT security firm Secure Computing. However, the company reported that these previously hidden search capabilities have recently fallen into the hands of hackers. Why bother creating a new virus, worm or Trojan when you can simply find one and download it using Google? said Paul Henry, vice president of strategic accounts at Secure Computing. Unskilled hackers can use this previously unknown capability of Google to download malware and release it on the internet in targeted attacks as if they wrote it themselves."

Bothering to create a new piece of malware and ensuring its payload gets regularly updated to avoid AV detection is perhaps the most logical need compared to doing reconnaissance for known malware through Google. Looking for the signature means the piece of malware has already been detected somehow, somewhere, namely it's useless even to a script kiddie as I doubt one would do a favor to another, thus increasing the size of someone else's botnet. What you can actually use it for, is look for packed binary patterns, or known functions, and draw up better conclusions.

I really hope Secure Computing are more into harnessing the brand and product portfolio's power of CipherTrust, than they are into the dangers of known malware, not that there aren't exceptions of course!

Space wisdom courtesy of Doctor Fun. Continue reading →