Moving this blog to LiveJournal

Although 20six.co.uk has served me well for a couple of years, I found LiveJournal to be better suited for my current needs.

The new location for the Enterning the Networked World blog is http://jabolins.livejournal.com/ 

See you there!

J.D. Abolins 

23.11.07 05:41


Spoof of "24" with 1990s Tech

Topics: Weird & Humorous, Networked World, TV, 1990s, Tech Changes

What if the TV action series "24" was set back in 1994? This video picks up on the idea.

I especially love the part where:

CT Computer Techie: "I can see it... he's hacking into the mainframe..."
Supervisor: "We just installed Windows 3.1; there's no way!"

By the way, the X-Files episode "Unusual Suspects" did a similar "retro" twist when it depicted an earlier moment in Agent Mulder's career. Normally, Mulder is seen with a compact mobile phone. In this particular episode, he is carrying a large "brick" mobile similar to the one here.

I wonder how we will look back at 2007's tech from 2020. I figure we may be laughing about Windows Chicken... I mean Vista. (Vista means "chicken" in Latvian.) 

J.D. Abolins

16.11.07 03:49


419 Scammers Get "Scammed" by ScamBaiters

Topics: Security & Insecurity, Networked World, Item, Item

Interesting article from the 12 Nov 2007 Newark (NJ) Star Ledger...

Web scam artists get taken in, too:

---
Just who is Babatope and why is he eating a loaf of bread while holding a dead fish on his head?

To prove, of course, that despite his plea for money and despite his location in the Internet swindle epicenter of Nigeria, he is one honest and God-fearing man.

Babatope is an Internet scammer, the kind responsible for those ubiquitous e-mails offering untold wealth to anyone willing to help move their funds to the U.S. It might be a $20-million estate entangled in government regulation, or a $30-million charity fund that needs an American handler. The scammers' stories are limitless and ever-changing.

But in this particular case, it was Babatope who was the target of a scam that cost him months of effort and the humiliation of posing for a goofy picture to prove his devotion to the fictitious Church of Fish and Bread.

Babatope is one of the countless victims of so-called scambaiters, a decentralized group of savvy netsters who spend their time turning the tables on Internet scam-artists by luring them into believing they are a bunch of wealthy patsies.
---

Some of the scambaiter sites are 419eater.com,scamorama.com, thescambaiter.com, and scambusters.org. The "trophy room" gallery on the 419eater site is humorous exhibit of how far scammers will go to play a potential victim.

Many scambaiting sites will warn that scambaiting can have some risks. After all, the baiter is dealing with criminals and not everybody will play nice.

More on 419-type of scams:

Although one hears much about Nigerians in these scams, it should be remembered that fraud is not confined to one nationality. Scammers come from many nations and peoples. Meanwhile, the scammers who are Nigerians have created a reputation problem for their countrymen. They've made it more difficult for legitimate Nigerian bussine people to do business, especially internationally. This is a cost of crime that isn't often mentioned.
J.D. Abolins
13.11.07 20:55


Frank Abagnale, Jr. on Technology, Crime and Ethics

Topics: Security & Insecurity, Insights, Networked World, Cybercrime, Ethics

Back in mid-October, ComputerWorld published excepts from an interview it had with Frank Abagnale, Jr., a former con artist and a consultant for the FBI. Abagnale's exploits were depicted in the movie "Catch Me If You Can".

One of the questions asked Mr. Abagnale was, "Suppose you'd been born in 1990. How much of what you got away with 40 years ago do you think you'd be able to get away with as a 17-year-old today?" Abagnale answered, "It would be 4,000 times easier to do today, what I did 40 years ago, and I probably wouldn't go to prison for it. Technology breeds crime -- it always has, it always will."

He explained how expensive and time consuming it was to pull off some of his scams in the 1960s and how current technologies make the same action cheaper and easier. Also the online information resources make it far easier to scout out information useful for scams.

 When asked about ways to make computer crime less attractive to young people, Abagnale commented upon ethical shortcomings in present day society.

---
There are about four reasons why we have crime to begin with. One of them is, of course, that we live in an extremely unethical society. We live in a society that doesn't teach ethics at home, a society that doesn't teach ethics in school because the teacher would be accused of teaching morality. We live in a society where you can't find a four-year college course on ethics. I have three sons who went through graduate school; only the one who went to law school had a course even offered on ethics. So today you have a lot of young people who have no character, no ethics and they find no problem in defrauding somebody or stealing from somebody or cheating somebody. Until we change that, crime is just going to get easier, faster, more global, harder to detect.
[....] 
I really think the more technology there is in the world, the more you have to instill character and ethics. You can build all the security systems in the world; you can build the most sophisticated technology, and all it takes is one weak link -- someone who operates that technology -- to bring it all down. People don't like to talk about that issue, because they think it's over-simplified. But the fact is, in all my experience, that's where the problem lies. Until that changes, crime is always going to be with us.
---
It may seem ironic that a former scam artist lectures on the need for teaching ethics, but he is right. Many of the current technology problems such as privacy and cybercrime are much more human problems than technology problems. The technology extends human capabilities to do the good, the bad, and the ugly.

In my experience back in the 1990s with kids getting trouble with certain approaches to hacking,  I saw a gap in mentoring. All the people in their lives who could talk about ethics did not know about technology and the techies the kids knew did not talk about ethics. The kids were mentoring each other and, well, they are kids. The online world can look so much like a video game where physical world considerations don't work the same way.

Today, I believe it is getting better but we are a long ways off from effective teaching ethics & technology. Some of the current efforts seem to be hobbled by "Thou shalt not pirate music" and similar themes, not really helping to develop the ability think further about what one's actions do to others. (E.g.; The anti-piracy themes and such fail to look further at the ethics "intellectual property", of fair use allowances for the public, and such.)

The interview went on to examine international aspects of cybercrime and how organisations can protect themselves. Some good insights.

I do question one of Abagnale's comments concerning background checks of people running systems:
---
So I think most companies fail to take into consideration that they've developed this great system, but then they've failed to look at the person who's operating the system, the person who has information about the system -- his background and how much that person can be trusted. Companies hire people today with very little background checking; they're put into positions or they earn their way up to positions where they can do something to harm or cheat that company. So we have to pay a lot more attention to that weak link -- the human part of the system.
---
I do agree with the importance of knowing who's working for you. But he makes it sound like there were more background checks years ago than today. This strikes as quite odd, given things such as post-9-11 emphases on background checks and the expansion of positions for which a background check is required. Perhaps it is the phrase "very little background checking" that is the misleading.

The problem is not the amount of checks but how good they are. Abagnale may be thinking of earlier, less mobile eras, when it was likely people would know a job applicant personally or, at least know people who knew the applicant.

Many background checks today rely primarily upon databases and this is a mingled deal. There is more accessible data, but what does the available data really tell about the person? No hits on criminal records checks may seem good but the full data might not be available for the search. The searches tell little about the person's character. How does the person deal with conflict? How mature is the person? How does the person deal with alluring temptations? (In some instances, people with clean records become crooks on the job because they face temptations they never had before in their lives. Before the particular work position, they had nothing valuable to steal and sell.) Perhaps the person is a scoundrel who knows how not to get caught committing a recordable offence.

Then there is the problem that the data might not be really connect with the person. Mismatched data or impersonation can make things difficult both for employers hiring a false negative and for innocent people hit with false positives.

J.D. Abolins 

13.11.07 03:34


Interesting essay re: "The Five Myths About Rendition"

Topics: Privacy & Liberties, Security & Insecurity, US, GWOT, CIA, international, terrorism, counterterrorism

Last Saturday (20 Oct 2007), the Washington Post carried a short essay by Daniel Benjamin about 5 Myths About Rendition (and That New Movie).

Benjamin is a a senior fellow at the Brookings Institution and the co-author of The Next Attack: The Failure of the Global War on Terror and a Strategy for Getting It Right. [[More about the book] The movie referenced in the essay's title is "Rendition", a story about an American woman whose Egyptian-born husband has been abducted and transfered to a foreign country for interrogation. Benjamin tries to address some popular perceptions about the practice of "rendition". (Rendition in counterterrorism contexts is the transfer of a person from one country to another outside of the normal extradition processes.)

The myths Benjamin addresses are:

  1. Rendition is something the Bush administration cooked up.
  2. People who are "rendered" inevitably end up in a foreign slammer -- or worse.
  3. Step one of a rendition involves kidnapping the suspect.
  4. Rendition is just a euphemism for outsourcing torture.
  5. Pretty much anyone -- including U.S. citizens and green card holders -- can be rendered these days.

Although Benjamin challenges these common claims about rendition, he does note some significant problems with the way it is being done nowadays.

Benjamin also gives some glimpses from the the history of the rendition practice, including examples of its use in the Reagan and the Bush (the elder) Administrations. Also, the Israeli s 1960 capture of Nazi war criminal Adolf Eichmann in Argentina could be called a rendition even though the term wasn't used back then.

J.D. Abolins

23.10.07 02:40


NYC MoCCA Exhibit: Infinite Canvas: The Art of Webcomics

Topics: Weird & Humorous, Interesting Tech, Networked World, Comics, Art, Graphic Novels

The Museum of Comics and Cartoon Art (MoCCA) in New York City is currently running the "Infinite Canvas" exhibit on Web comics. I am hoping to visit the museum and see the exhibit this fall. It's running until 14 January 2008.

Even if you cannot go, the exhibit's page has links to various Web comics' sites. Among them was Supernatural Law, which I found to be a great spoof of the horror genre and of lawyers. Also mentioned on the Web comics exhibit page is User Friendly, one of my favourite comics. (My recent posting on the UK crypto law changes included one of the UF comics on that topic.)

One interesting Web comic I recently browsed after reading a reference to it in a recent Wall Street Journal article  is Shooting War. (The original Web comic can be read via the "Web Comic" link at the top of the page.) Shooting War is a story about a Web blogger/journalist sent to Iraq; it is set in 2011 0r 2012. The conflicts in Iraq continue and the US is still there. Whether you agree with the political views in the comic or not, the depiction of one possible future is interesting.

By the way, if you are interested in comics and how they communicated, there's an informative series of books by Scott McCloud. Understanding Comics, Reinventing Comics, and Making Comics -- all done in comic format -- well explain how comics work and what directions they may take in the future. They are a thinking person's comic book series.

J.D. Abolins

15.10.07 04:58


UK law now can compell disclosure of decryption keys in certain cases

Topics: Security & Insecurity, Privacy & Liberties, Cryptography, Law, Investigations, UK, RIPA

As of 1 October 2007, a change in UK laws has made it illegal to refuse to decrypt and/or hand over cryptography keys requested by the authorities in criminal or terrorism cases. A person believed to have the keys necessary for decryption who refuses to comply in a criminal case can face a maximum of two years in prison. In a terrorism case, the prison sentence can be five years.

This requirement and penalties for non-compliance is specified by Part 3, Section 49 of the Regulation of Investigatory Powers Act (RIPA).  Here is an excerpt from RIPA specifying situations where the authorities must given the decrypted information and/ot the decryption keys:

---
Part III Investigation of electronic data protected by encryption etc.

49 Notices requiring disclosure

[...]
(3) A disclosure requirement in respect of any protected information is necessary on grounds falling within this subsection if it is necessary—

(a) in the interests of national security;

(b) for the purpose of preventing or detecting crime; or

(c) in the interests of the economic well-being of the United Kingdom.
---

Yes, encrypted data can pose significant challenges for investigators. But the RIPA section on investigation of encrypted data presents several difficulties. Among them is the broadness of this section and who may be subject to it.

For example, financial institutions may be required to decrypt or hand over keys in, say, a terrorism case involving funds transfers. The possibility may discourage financial firms from basing their operations in the UK. (The interests of UK's economic well-being reference in the above RIPA snippet may raise concerns for foreign firms.) Richard Clayton, a Cambridge University security expert, had commented in 2006:

---
The notion that international bankers would be wary of bringing master keys into (the United Kingdom) if they could be seized as part of legitimate police operations, or by a corrupt chief constable, has quite a lot of traction. With the appropriate paperwork, keys can be seized. If you're an international banker, you'll plunk your headquarters in Zurich.
---

(See also Richard Clayton's recent posting on the Light Blue Touch Paper site. He goes into more details about some of the problems with the RIPA crypto provisions.) 

One of difficulties that could arise is where a person is believed to possess the ability to decrypt the data sought in the investigation doesn't really have that ability. Perhaps the person really has forgottent the passphrase and/or deleted the cryptographic keys. Would "I simply cannot remember" be an adequate defence? Probably not and the person goes to prison.

In some cases, there would be an incentive to pretend to have forgotten or otherwise hamper the access to the encrypted data. If the encrypted data could net a significantly longer sentence, a two or five year prison sentence may be a good deal. But would would be a reasonable penalty to discourage such an option? Give the maximum sentence for whatever crime the police suspected had been committed? That would strain concepts of justice.

Many issues to be considereed and resolved. 

See also... 

There's a posting & an interesting discussion on this matter at Schneier on Security blog. Elsewhere on the Web, J.D. "Illiad" Frazer has done a couple of comic strips on the new law on Oct 5th and this one on Oct 6th:

UserFriendly.org comic strip
Comic strip posted per Web use conditions specified in the UF FAQ.

Actually, the comment in the above comic strip that a decryption key isn't a physical object but something in one's head may be confusing if one is thinking of, say, public and private keys as electronic files. The character's reference fits things such as passphrases that can be required to practically decrypted encrypted data. Still, the comic strip make a good point, 

Cryptically yours,
J.D. Abolins

12.10.07 01:01


 [next page]
powered by
20six.co.uk