What happens when National Geographic steals your art?

September 23rd, 2014 by Barrett Lyon
Short story: They throw lawyers on you and threaten you to take almost nothing in return, because as a starving artist, you’ll be unable to pursue them legally and the maximum damages are so low that it’s not worth pursuing.

National Geographic used my Internet image (opte.org) on the cover of its bookazine, 100 Scientific Discoveries that Changed the World, and in the book, The Big Idea, without my permission or respecting the Creative Commons license that allows it to be used for non-commercial purposes for free.  I charge a nominal fee for the license which can be obtained on www.opte.org in minutes.  The license helps covers costs and furthers development of the project.  They couldn’t be bothered.

They responded to me acknowledging my claim, agreeing that they had infringed on my work (several times in the magazine). If the infringement is ‘willful infringement’, the settlement range is typically $150,000. But they will fight you until you (and they) have spent far more that. Apparently, infringement happens often with National Geographic, and they are willing to spend more money on legal costs than they would have given to the artist in the first place.

Several other artists have already run into this same situation with National Geographic. Many have come forward with a lot of rage as they went through the same, frustrating and unsuccessful process.

The apology from National Geographic’s lawyer included the following explanation on why they would be paying me (and other artists) nothing compared to the damages caused by willful infringement:

“After further investigation, I must respectfully disagree with the implication set forth in your reply email that statutory damages for willful infringement in the range of $150,000 per work are applicable to this situation. National Geographic stands firm in its position that it was not aware and had no reason to believe that the image it used was your and not an image by the individual whom National Geographic credited. In this situation there were no facts that could put National Geographic on notice or would lead it to reasonably conclude ownership of the copyright to the image was in question.

As this situation is a mistake and inadvertent infringement, the maximum amount of statutory damages you may claim under Section 504(c) of Title 17 of the United States Copyright Act. Statutory damages are based on your ability to prove the following: (1) that the image in question was copyrighted within ninety (90) days of first publication and that (2) National Geographic acted in bad faith. The burden of proof is on you to prove both elements. If you filed with the U.S. Copyright Office, you should have a dated certificate documenting your registration. You would certainly need to provide this documentation to confirm that you had met the first requirement to be eligible for statutory damages. National Geographic can document that it made a mistake; therefore, there is no support for a claim that it acted in bad faith. For this reason, National Geographic would be deemed an “innocent infringer” under U.S. Copyright law. Under such a determination, the statutory damages could be reduced to $200.

National Geographic considers the appropriate measure of damages in this case is the license fee for the uses of the image a total of $1,380 ($750 bookazine for use on the front cover and one interior placement; $630 book for use on a portion of front cover, a spot on the back cover, and one interior placement), which amount National Geographic is willing to increase to $2,760 to resolve this matter amicably. National Geographic would also correct the credits on subsequent editions of the publications.

Based on the obstacles and costs you would face to bring this to trial, resolving the issue through negotiation seems the most cost effective way to settle the matter. This correspondence is solely for settlement discussions and may be used for no other purpose. Thank you for your patience, I look forward to moving this matter to a mutually satisfactory conclusion.”

I agreed to take a lower license fee if they would publish a correction and use their twitter account to tweet an apology.

This was their response:

“I have checked thoroughly, and I regret that National Geographic will not accommodate your request for “published correction and a tweet from the natgeo twitter account apologizing about the situation[.]” The works are already published; National Geographic publishes corrections in its magazines only that relate to the specific magazine. Book corrections are done for any reprints or new editions. I will have National Geographic Society records updated so that all references to the image in subsequent reprinting or new editions of the works will be correctly credited, consistent with the requirements on your website or the Commercial License granted from your website. National Geographic Society operates no twitter account for corrections, and the accounts it operates are for coverage topics only.

I can, however, produce the Settlement Agreement that will be necessary to process the payment to you. In addition to correcting references to the image in any reprints or new editions of the works in which it currently appears, National Geographic will correct its files to ensure that any inquires about the image are referred to your website. It will help me if you could answer the question I posed below regarding how the Commercial License granted from your website actually read; if there is any more than the language stating the grant on the website.”

It appears that when they willfully infringe on an artist they use an institutionalized policy of ripping off artists.  They used my work in a way I am not comfortable with. It’s like having someone steal your car and then after they’ve driven it for a few days they give it back and decide how much to pay you for the rent.  There is no price that is acceptable in these conditions.

An institution such as National Geographic only exists because of the amazing minds behind it, the people that go to the ends of the earth to take photos in dangerous areas, the people that give their craft to make the institution work. When National Geographic defends itself when it knows it’s been wrong… It just harms their brand, overall creditability, and integrity.

In a age where anything can be copied, one would think that National Geographic would be very careful about what new licensing arrangements exist such as Creative Commons.

At this point, I think I am going to push my legal options… Not just for me, but for the rights of all the people they have ripped off.

Shame on you National Geographic.

Blue Apron: I’m not having fun.

May 12th, 2014 by Barrett Lyon

Open letter to Blue Apron from a dyslexic guy:

Your instructions look cute and fun… They’re well designed for someone without a learning disability.  To me… they are a confusing mess:


“Blue Apron makes cooking fun and easy.” (For people without learning disabilities)
  • Your “knick knacks” pack is never referenced in the directions.
  • You’re putting pictures of the ingredients that don’t look anything like what you’ve delivered.
  • The instructions require you to flip between two sides of a page (for someone like me that’s difficult and it fucks with my head).
  • I can’t follow directions like:  “gather the produce”.  You give me nothing labeled produce or anything that even matches a picture or what produce is.  I know what produce is but I am concentrated on following the instructions and they just scramble me.
  • The lettering is too small on the pages, you’re compressing too much into a single page.  Why?  Hell add additional directions online if you’re worried about printing costs.
  • Honestly, the pages are overwhelming to me and I shutdown just looking at them.
  • It’s not fun if I don’t have my wife participating. :(

Anyway… thank you, we did enjoy trying the service.  However, when my wife is not helping me navigate your instructions I am left angry and embarrassed.

Further, I can’t find any auxiliary ways to learn or get direction.  You could easily provide links to videos that show the directions without the awful back-to-back vague “recipe”.

I, like many people, learn differently and a lot of people process information differently.  You should help people like me have fun with your product by providing different ways to ingest your information.

So sadly I am canceling… I’ll come back if you guys fix this a bit. Startups are hard! I know! I’ve done a few. I hope you guys can help folks like me and I will become a loyal customer.

PS:  This is exactly why I don’t bake.  Oh and I love to cook.

I finally updated opte.org

May 12th, 2014 by Barrett Lyon

 

It’s been almost 11 years since www.opte.org has seen an update.  Today I updated the entire site with new code, a new image, and a new format.  This will be the foundation for releasing and creating new images starting this month.

Take a look and enjoy!

Opte and LGL 1.2

April 16th, 2013 by Barrett Lyon

It’s been several years since I have released a new “opte” image of the Internet.  I started working on the new images last week and I have run into a number of issues:

A)  LGL (large graph layout) 1.1 is outdated and needs to be fixed.  I’m currently trying to get the code to function in JRE 1.6 (for the viewer application).  I also want to create fixed points on the image for the largest networks, thus allowing me to create full motion animations of the Internet day-by-day.  I’m taking over the LGL project form its creator Alex Adai and we will be releasing LGL 1.2 very soon.

B)  The web site is outdated.  I’d like to replace the web site with a WordPress blog skin that is unique and works well.   In there I will release the entire Opte package with the updated LGL-1.2 release which should give people the ability to create their own images.

C)  I’d like to connect with some educators about the image to see if it’s possible to create some teaching curriculum for children grades k to 12.  I think children are woefully uneducated on how networking works.  Our lives are dependent on the Internet and yet we don’t teach networking basics to children.  It’s very painful for me to watch this generation grow up on trust that devices will just work.   Launching the new image will give me and whomever is interested a nice launching pad for discussions around this topic.

If you’re interested in helping at any level, please contact me.

Reclaiming Geek Culture

March 7th, 2011 by Barrett Lyon



When I started using computers as a little kid, it was all-inclusive; if you were interested, you were in the club. Eventually, communities were built around things like Bulletin Board Systems (BBS) that were places for getting email, downloading files, chatting with other people, and playing games.

The BBS operators wrote code and spent time designing a culture for their systems or communities. In the Northern California Foothills, we had what we called an MUPT meeting once a month. At our Modem User Pizza Thingy, we shared ideas, talked about communication, and generally were stupid, geeky nerds; and we loved it! I was too young to drive to the meeting so I had to be dropped off. Yet, that did not seem to matter to anyone. It was a blast and laid the foundation for my love of geek culture in motion and was ground zero for Northern California’s geek culture.

The BBS culture carried into the Internet and, wow, that’s where things got interesting. There was so much to learn, so much to do, so much more to talk about. Nothing was set in stone, there were no rules or regulations, and the only best common practices we could find were from the military. It was a free-for-all learning fest and that original MUPT/BBS culture remained intact. It was essentially the early days of online community building at its best.

Now, nearly 15 years have gone by and I have watched these groups of people that I deeply respect get older. Networking technology has aged with us and that original, youthful excitement has started to die. No longer is sharing considered a good thing. If you ask a “dumb” question on a large forum, you’re going to be flamed by some snarky person. This new culture has become one more akin to a “club” for only certain people and seems to be exclusive rather than inclusive like the geek culture I remember. Why is it that there are people that spend half of their day writing snide replies to prove that they are somehow smarter than the original poster?

It’s funny, as I was writing this post, I stumbled upon the Patton Oswalt article in Wired “Wake Up Geek Culture, Time to Die.” He had me in the first few sentences, particularly his phrase: “back when nerd meant something.” But, Oswalt experienced this more from a dedication to film and music, whereas I was devouring technology. Oswalt calls it an obsessive interest that led to deep knowledge and produced new artists. He points out that this innovation is missing today. We are just repurposing, manipulating past innovations.

Is this new culture the result or the reason for dwindling innovation?

Think about it; IPv4 has pretty much been mastered by the packet slingers that have learned everything there is to know about routing, load balancing, and networking. New technologies are faster and better, but are they new? The lack of interest in gathering, sharing in an “obsessive interest” manner, is creating an anti-geek culture.

All that said, I continue to choose to work in a start-up environment because I think it is one of the few remaining cultures that is working to foster innovation. It’s a place for creating and sharing new technologies to inspire. New ideas are new possibilities, and challenging the accepted is met with openness and consideration instead of arrogance or criticism. It feels brilliantly similar to the “old days.”

And if geek culture has gone to the trolls, then maybe it’s time we reclaimed it and restored it to its former glory. Being a true geek among peers requires comfort, trust, and the ability to be wrong, awkward, stupid, brilliant, genius, nerdy, and “out there” without ridicule – and for that, I salute my geeks!

The Internet is Beta

May 4th, 2010 by Barrett Lyon
Beta is an engineering way of saying “almost done” – the product is good enough to use but it’s not quite finished yet. Google often releases their new products with a cute little “BETA” logo. Gmail, the Google email system used by millions, has been in beta for five years.

Like Gmail, the Internet’s core protocol should also have had a Beta tag on it for an extended time – for the past 41 years to be precise. Generally speaking, it works pretty well, but the founding fathers of the Internet could not have anticipated that the software they were building would ever become what it is now: The infrastructure for all of society.

So it appears today that some major features were left out…but not because the people behind the design made a mistake. When MIT first used packet switching in 1965 to communicate with a remote computer in California (confirming that packet switching works), the furthest thing from anyone’s mind was security, network neutrality, network education, privacy, cyber warfare, and the slurry of problems that challenge both business and individual users of the Internet today.

In 1969, with the original workings of the Internet (ARPANET), security was simple: the network was tiny and users on the computers that were connected to it were trusted researchers. It was an open community. As Vint Cerf, one of the most notable developers of the Internet, was quote in Fatal System Error as saying, “My thought at the time, thirty-five years ago, was not to build an ultra-secure system, because I could not tell if even the basic ideas would work…We never got to do the production engineering.” The focus at the time, sensibly, was on fault tolerance, not security.
Vint Cerf – Photo by Charles Haynes

Now, nearly 41 years later, we read about Internet security issues constantly. The lack of security features in IP (Internet Protocol) has spawned entire industries, with vendors and service providers that are happy to sell you the next generation protect-all, whiz-bang software. If one were to ask a roomful of people in the security industry what they think about the security products, including their own, on the market today – if they think there are real solutions to the problems we all face – their answer would be a unified “NO”. No one thinks we are at the point where we can all just stop worrying about security.


Barack Obama
Courtesy The White House
The disturbing fact is that the engine that enables our modern global economy is based on a really cool experiment that was not designed for security. Risks can be reduced, but the naughty truth is that the ‘Net is not a secure place for business or society.

The role that the Internet plays in our economy places it in the category of a critical resource that the government must protect – just as it does our water supply and the national power grid. A threat to Internet security is a threat to national security. In May 2009, President Obama spoke about this issue and the plan his administration has to address it. He stated that the US is “not as prepared as it should be” to defend against cyber threats and he proposed new “digital infrastructure” initiatives to “ensure that these networks are secure, trustworthy and resilient.”

But can the US Government, or any other governing authority, ever adequately protect and defend the Internet? How can that be done if the Internet Protocol itself was not designed to, in Obama’s words, “deter, prevent, detect, and defend against attacks”?

Given the world economy’s substantial dependence on the Internet, wouldn’t it make sense to create a well-funded think-tank with the brightest minds in society to design a new protocol with a new vision? This time when we start the process, we will have the benefit of 41 years of Internet beta testing and we can rethink the vision to also include things such as:

  • Security: Transmitting data safely but easily without special software.
  • Privacy: Balancing anonymity and accountability. Allowing people to communicate freely but ensuring accountability to protect against abuses and criminal activity.
  • Routing Intelligence: Routing data without neutrality issues and allowing the protocol itself to route traffic based on a myriad of metrics, conditions, agreements, and other factors.
  • Enculturation and Education: Bringing new people (children, emerging nations, etc) onto the network with a step approach to ensure that they learn about network culture and functionality before they make mistakes.

I don’t think any of us who are involved with cyber security on a professional level can see the Internet as it is today functioning successfully for the next 50 years. I can envision a world of networking much different than today’s. So why not start turning the ship now?

Is designing a better protocol difficult? Yes. Can it be done? Absolutely!

I will be writing more on this topic in the coming months. Stay tuned.

The Top 10 Things To Do While Under DDoS Attack

January 24th, 2010 by Barrett Lyon

In my past decade-plus dealing with distributed denial-of-service attacks, I have noticed a few patterns in the way that companies handle these attacks. Usually when an unprepared virgin company is first attacked, all hell breaks loose. The lack of preparedness causes several chain reactions that make the situation worse. Addressing these most common mistakes ahead of time can help a situation tremendously.

When someone calls me for advice, the first few items I go over have nothing to do with fixing the attack. I’m giving advice that I think is common sense, and I’ve been surprised that others don’t find it obvious.

Here are my Top 10 To-do’s for making life less painful during an attack.

1. Don’t Panic

While the network and your services are exploding and bouncing offline, there must be someone that is comfortable enough to make good decisions. I’ve seen managers freak out and threaten everyone with the prospect of the company collapsing. I think they were trying to motivate people to figure out some solution, but they ended up creating more chaos during an already tough situation.

Once I saw employees hastily rip out the network’s firewalls and re-configure the load balancers. They ended up creating more mess than they had before because they were reacting to an angry and stressed manager.

You are going to create a disaster if you approach with a sledgehammer and wishes. Don’t let anyone make quick changes; try to follow your company’s policies. Sit back, analyze the problem, isolate the actual device that’s failing in the chain, and make an informed–and usually small–adjustment.

If you’re in the 10th hour and things don’t seem to be improving, gather everyone, go away from the office, have a beer, relax for 15 minutes, and talk about something positive. The information flow after that beer might just save you and motivate everyone to do a good job – the solution will come!

2. Create a contact list of external email addresses and phone numbers.

This one is sadistically funny. Most companies host their email, VoIP system, IRC, Wiki, databases, primary storage, etc. all in the same colocation behind the same network connection that hosts their web sites and services. This is, for lack of better words, stupid. All of your digital eggs are in one basket, and that basket is also holding a grenade. A DDoS attack ends up crippling the company’s infrastructure, leaving it with no phones, email, or any communications structure whatsoever.

I’ve seen CEOs of massive companies using their hotmail account and cell phone to contact me because it was their only way of communicating from their multi-million dollar offices.

If you insist on being an “eggs in one basket” company, keep a list of vital email accounts and cell phone numbers on a notepad. That way you can at least call your IT person when everything is down.

3. Setup a “War Room”

Convert your conference room into a war room. Get everyone that has influence in the company in that room. This includes marketing, IT, the CEO, etc. It ensures everyone is on the same page, leaders can lead, and everyone can be in sync.

I typically fill the room with a constant flow of healthy snacks, coffee, and other beverages. If you don’t have anything like that handy, order pizza immediately or send someone shopping.

4. Get one of your guys to the colo ASAP

If you are offline due to DDoS attack, chances are your IT staff cannot log in to the remotely hosted hardware in your datacenters. The easy solution is to physically get them there. They can console in to the hardware and actually see what is going wrong. It’s not fun, but it will result in a much faster resolution to the problem (Make sure they have folding chairs, cash for the vending machines, and serial cables).

5. Find an old hub

Yes, I said hub. You know, those old things that cause collisions? If you’re dealing with an attack and yours is like a lot of companies, it may be difficult for you to set up a traffic monitoring port on your main routers. Assuming you’re setup with Ethernet, at least you can bridge a hub in-line and connect a laptop to the hub and sniff or analyze the traffic!

This is key because having eyes into the data stream really helps figure out how to filter it. Pulling random cables and shutting down random services is not the solution. Make an informed call because you were thoughtful enough to have a hub or SPAN/Mirror port pre-configured.

6. Understand the nature of the attack

There’s a reason you are the target for this attack. Obviously there are a lot of reasons for any given attack, yet understanding the attacker’s motivation is key to creating a better defense strategy.

In the field I have observed a very strange phenomenon; the people working at a victim company usually have a gut feeling about why they are being attacked. So far, their gut instinct has been correct.

Some people know they are being extorted and some people feel it’s a competitor trying to shut them down. Others have a customer that has pissed someone off so the attacker takes down the whole company just to silence one customer. Maybe shutting down the attacker’s target for awhile may actually save the entire ship. Go with your gut on this, make a hypothesis and test it.

7. Document everything

Your business was just smacked around by some bad guys, but what proof do you have? If you don’t have any, then what do you think the law enforcement is going to do for you?

During the attack, lock down all your logs and assign someone within the company to be the custodian of the records. Save server logs, web logs, email logs, any packet capture, network graphs, reports – anything – including a timeline of events.

8. Call your ISP

Your ISP can help, however they have a process to follow. The process usually requires a ticket escalation requirement before you can get real help. If you call early in the attack and open a ticket, that can help you when you really need someone.

Your ISP also has hardware that may be capable of filtering or rate-limiting the attack. The more you know about the attack and you can point them in the right direction, the more they can help you.

They may also suggest you to sign up for their DDoS protection system. Don’t do that right away; reserve that until you are out of all other options. If you do sign up, make sure there is a service level agreement. In the meantime, there are a number of free services you can request:

Null routing of the target IP address
Router ACLs of the top attacking source addresses
New IP addresses
Detailed traffic reports

If you can find the guru at the ISP that knows how to fix these problems, that might be time well spent.

9. Setup “We are down” web hosting services

If the attack is running longer than you had anticipated and you don’t have a solution in sight, you could get your site working at least enough to communicate to your customers.

There are web-hosting companies, which as part of what they do, provide DDoS service level agreements. For a small amount of money you could quickly sign up with several of these companies, upload a “Sorry we’re down, but contact us here” page, and flip your DNS to the cluster of hosted servers.

Your customers will have more confidence in your performance and the attackers may get bored because the attack has not completely shut everything down. If this plan doesn’t work, at least you have diverted some of the attack away from your network.

10. Learn from the event

Post attack can be a blur; everyone is exhausted and burnt out. Mostly, everyone just wants the day-to-day atmosphere to return to status quo. Well, if you’ve been attacked and you did not learn and improve your strategy on how to deal with future attacks, then you are not doing your job.

You should start a review the very day after, while everything is fresh, and make sure that everyone is prepared. Go over what worked, what did not work, and how to improve your system’s overall technology.

Spend the money to fix things properly. Don’t just duct-tape it.

Digital Assassination – The Ultimate Revenge!

July 30th, 2009 by Barrett Lyon

All examples included in this posting are for educational purposes only and should never be put to practice or used. In other words, do not do them!

Death by Ethernet Given that today is the opening day for DEFCON 17 (a hacker conference), I figured I would pay homage by exposing some cyberwar techniques that are more social in nature, easier than writing amazing meterpeter exploits, but just as (if not more) impactful.

These days, cyber bullying is popular. Cyber bullying is when a bully makes fun of a kid online using MySpace, email, posting jokes, etc. Cyber-bullying is so harmful to a child’s mind and online persona that it has led several victim children to suicide. Cyber-bullying was brought to light when Megan Meier’s suicide was attributed to cyber-bulling via MySpace.

Children are not the only possible victims of cyber-bullying; someone’s online persona is also a great target. An online persona is an important commodity these days; a Google search on someone’s name is almost the modern day resume. These online personas are part of a larger group of what I term Digital Natives. The Internet has simply amplified older techniques used by intelligence agencies and governments.

Attacking someone’s online persona or discrediting someone using their online persona could have horrific consequences.

With communication and social media, there are new attack vectors, and cyber-bulling can be taken to a new level, something I call “Digital Assassination”. Digital Assassination, which is not anything new per-say, takes old methods and some new methods to manipulate, embarrass, cause jail time, discredit associations, politicians, corporations, or (in some people’s minds) have the ultimate result by invoking someone to commit suicide.

I had an internal struggle about writing this post. I do not condone the methods I discuss, nor have I ever practiced them. I hope this posting is used merely as a mean to inform people and protect them from being victims, rather than encouraging unethical, illegal, or nefarious actions.

There are a lot of tricks to the SEO (Search Engine Optimization) trade. Most of them involve manipulating Google, embedding data on pages to cause Google to think your site is more important than another site. This is what I call “search engine de-optimization.” What if the same techniques used in SEO were used to power a disinformation (or smear) campaign designed to destroy or manipulate someone or something’s digital existence? What if those techniques were combined with hacking, social manipulation? The result is scary.

At first you may feel that the general concept seems somewhat “out there”, but let’s look at some of the possible implementations.

Blog Pressure and Disinformation

    If an attacker is trying to eliminate a movement or politician’s influence, what better way is there to do so than ruining the essence of the movement or tainting the politician’s reputation? Someone can hire a team of paid bloggers; say 150 of them, working in India. There are companies that provide small blogger armies (just Google “paid bloggers”). They all operate on the Internet as if they come from different parts of the world (via proxy servers to make it more convincing), and all they do is post negative sentiments.

    The more this is deployed, the more the victim’s name in Google becomes associated with these negative blog postings. Thus, a Google search for the victim reveals blog postings about how he or she is an alcoholic, child molester, a physical abuser, etc.

    This can be amplified by using mailing list postings and USENET.

    Taking that further, one can link each blog comment to each other and create a more articulated web of links, which will help Google optimize the data.

    Likewise, what if you wanted to start marital troubles for someone? The attacker could start posting about the victim on dontdatehimgirl.com or various places such as twitter:

    “This guy is an asshole, we met at a corporate dinner three years ago, have been having an ongoing affair, and he’s been telling me that he was going to leave his wife, now he just cut me off! I want to expose for who he really is.”

    Or

    “I met last week at the conference, it was an amazing, romantic whirlwind. Now I am pregnant he refuses to return my calls or emails. Help!”

    What’s worse is this could be used via Facebook or even via pure email to the wife. With a little Photoshop help, by creating fake caught-cheating photos, it may be a hard to disprove

    Taking the caught-cheating photos and placing them on various sites will also help Google cache them in images.google.com. Further, if the images are named after the person’s name, it will help them come up first in a Google search.

    Cheating can also be replaced with other actions like industrial espionage, bad associations (having dinner with people you should hate). Imagine photoshopped photos of a VP of a company handing documents to the CEO of a competing company.

Jail Time

    Another method requires a little more work and some hacking skills that some people may not have. Yet it’s one of the most powerful methods one could use. This method basically involves hacking someone’s computer or taking it over remotely, implanting a lot of child porn on the computer, and posting that same child porn on USENET with the victim’s real email address.

    USENET is patrolled so carefully for this type of material that the result would be an FBI agent’s knock on the victim’s door, jail time, public embarrassment, maybe a pile of felonies, and to top it off… everyone thinks the victim is a pedophile.

    There are other methods such as filling a USB Drive full of child porn and simply dropping it near the victim’s car where he or she may pick it up. The attacker then tips off the police.

    In essence, the attacker frames someone for a crime. With the anonymous nature of the Internet, Operating Systems, and general digital accounting, it’s easy to put these crimes on the shoulders of the victim.

Fake Logs

    Another vicious attack vector would be simply to make-up an attack. Create logs of someone uploading child porn to a web site, making fake posting to your blog threatening to kill the president, or just a fake hacking attempt. System logs are all text, so typing up a log that looks real would be very simple and law enforcement can use that information as evidence.

    If fake evidence is introduced, it could have more power than actually attempting to frame someone for a crime.

Rogue Disinformation

    Hacker groups, governments, terrorist groups, politicians, businesses, and other activist groups use the Internet to spread their propaganda, turning their web sites into recruiting machines.
    What better way is there to disrupt them by using disinformation to discredit and fragment the momentum?

    One can hack their web site, and rather than a full website defacement, only change the wording a tiny bit, just enough to turn people off. Doing so will make their followers go, “huh?” and it may take a while for the changes to be caught.

    As an example (which should never be done and is fictitious), on a Governor’s web page, there is usually an about section. Let’s just say the text officially reads, “People who know me know that besides faith and family, nothing’s more important to me than our beloved Alaska.”

    IF one were to change that text to read; “People who know me know that nothing’s more important to me than my liberal views and beloved Alaska. In my life, I reject faith and family.”

    If the site massaging is not detected, the new text would sit for a few weeks would spread some serious disinformation.

    It’s also possible to register web sites that appear to be supporting a victim, gather viewing, and then negatively morph the message over time. For example, register supportgovernorname.com, copy the full text and content from other governor support sites. Link the site in places such as Wikipedia and other political blogs. Once there is traffic and linking going directly to the site (people are reading it/using it), slowly morph the text to make her messaging appear negative. Using DDoS attacks to shutdown the official web site to force people to the alternative fake site would also help force people to your messaging.

    For “informal movements” such as “the anti-sec movement”, a few well-placed postings usually derail them quickly. I suggested in a previous post that their threat of finding exploits to OpenSSH may have been someone not with the anti-sec movement anonymously posting using their name as a smear campaign. This hurt their public reputation.

Moving on…

There are many other examples of using Digital Assassination to control situations. I’m sure my readers could think of many other methods of using the Internet to control people and movements. I would be interested in hearing these ideas and attribute them in this page.

What you see, read, and link to may not always be reality.

We are Digital Natives

July 4th, 2009 by Barrett Lyon
A new class of person has emerged in the online world: Digital Natives. While living in San Francisco, I also live on the Internet. The Internet is now a place: a two dimensional world that has transcended the web; there is no government, and the citizens are Digital Natives. As Digital Natives, we are not people that only exist in a physical sense–we are something or someone metaphysically different. We are no longer just citizens of say, the United States; we are also citizens of the Internet.

The concept of the Digital Native is a paradigm shift. In the past, there were movements, but not full worlds where one can exist and do as one pleases in parallel with their physical being. Some Digital Natives are deeply affiliated with all sorts of interests that bring them together organically: Piracy groups, massively multiplayer online games, open source software development, cracking encryption, etc. Others become deeply interested in movements such as Anonymous, the RBN (Russian Business Network), or even terrorist organizations.

I’m not trying to say a Digital Native is better than someone unplugged in the Congo, I am trying to say they exist in a different social construct.

Some Digital Natives may feel like their digital citizenship takes precedence over their physical citizenship. They choose not to define themselves by what country they live in but, rather, by what online movement(s) they are involved in. In these situations, what law does one live by? How are the actions of a Digital Native regulated? Governments don’t know how to react to, control, or assert power over them in these situations.

Digital Americans are no longer just American citizens–they have a deep affiliation as Internet citizens as well.

This scares the crap out of Governments all over the world, because they are ill prepared to deal with these situations. To government regimes that are comfortable asserting their control, this concept is terrifying. How do they counteract the changes online and the movements? Do they need to change their politics, defense, propaganda, and warfare?

Apparently the U.S. Government thinks so. In June of 2009, under an order signed by Defense Secretary Robert Gates, the Pentagon announced it will create a Cyber Command to oversee the U.S. military’s efforts to protect its computer networks and have presence in “cyberspace”.

Now even the US Military war machine is joining the world of Digital Natives.

I’m a bit worried, not for us, but for them.

Barrett Lyon creates fun companies that do all sorts of innovative exciting things with video and security.

CDN cdn
BitGravityBitGravity Barrett Lyon
BitGravityBitGravity
Barrett Lyon
LimeLight Networks LimeLight Networks
EdgeCast EdgeCast
CDNetworks CDNetworks
Consulting Consulting
Speaker Speaking Opportunity
Speaker Speaking Opportunity
Content Delivery Network Content Delivery Network
Content Delivery Content Delivery
Flash Streaming Flash Streaming
Interactive Video Interactive Video
Live Streaming Live Streaming
Live Video Live Video
Streaming Audio Streaming Audio
Streaming Media Streaming Media
Video Delivery Video Delivery
Video Hosting Service Video Hosting
Video Podcasting Video Podcasting
Video Podcasts Video Podcasts
Video Services Video Services
Video Streaming Video Streaming
Barrett Lyon Barrett Lyon
Barrett Lyon Barrett Lyon
Barrett Lyon Barrett Lyon
Barrett Lyon Barrett Lyon
Barrett Lyon Barrett Lyon
Barrett Lyon Barrett Lyon
Barrett Lyon Barrett Lyon

“With software anything is possible!”

June 22nd, 2009 by Barrett Lyon

 

When Perry Wu and I started BitGravity, we had high hopes and dreams to build technology that may someday change the Internet. The thought of someday creating technology that pushes the limits of the Internet gave me the drive to build our first server farms in my garage, design a new traffic distribution system, and eventually take our baby and scale it across the entire planet.

As the company grew from my garage and a Starbucks “office”, our views began to culminate. I began to view software as art and not merely a means to an end. I also began to view our team of technologists as wizards that could create and accomplish anything. To this day, if I were to ask one of our principle engineers Edward Crump if something were possible he would undoubtedly respond with his token mantra:

“With software anything is possible!”

The view that Internet service engineering is an art with endless possibilities has become a philosophical pillar at BitGravity and within myself. We viewed the designs on the network, servers, drivers, kernels, and everything up the stack should be done as an art, not strictly a science that results in a bottom line.

It is my view that new technology is only possible because passionate people dream of new concepts and harness their passion to drive it to completion. It’s those same people who are not afraid to answer a question that appears to be impossible to solve.

As I continue to grow as a technologist and start new companies, I always see something unexpected: my customers’ creativity is exploding and I am in awe of their accomplishments.

I am pleased to introduce my blog, ‘Verbophobia’. Here on blyon.com I will be releasing free technology, views and opinions. This will be my playful outlet for technology and philanthropy that should give back to the general community that has helped me become successful.

When Perry Wu and I started BitGravity we had high hopes and dreams to build technology that may someday change the Internet. The thought of someday creating technology that pushes the limits of the Internet gave me the drive to build our first server farms in my garage, design a new traffic distribution system, and eventually take our baby and scale it across the entire planet.
As the company grew from my garage and a Starbucks “office”, our views began to culminate. I began to view software as art and not merely a means to an end. I also began to view our team of technologists as wizards that could create and accomplish anything. To this day, if I were to ask one of our principle engineers Edward Crump if something were possible he would undoubtedly respond with his token mantra:
“With software anything is possible!”
The view that Internet service engineering is an art with endless possibilities has become a philosophical pillar at BitGravity and within myself. We viewed the designs on the network, servers, drivers, kernels, and everything up the stack should be done as an art, not strictly a science that results in a bottom line.
It is my view that new technology is only possible because passionate people dream of new concepts and harness their passion to drive it to completion. It’s those same people who are not afraid to answer a question that appears to be impossible to solve.
As I continue to grow as a technologist and start new companies, I always see something unexpected: my customers’ creativity is exploding and I am in awe of their accomplishments.
I am pleased to introduce my blog, ‘Verbophobia’. Here on blyon.com I will be releasing free technology, views and opinions. This will be my playful outlet for technology and philanthropy that should give back to the general community that has helped me become successful.