Archive for the ‘Opinion’ Category

Opte and LGL 1.2

Tuesday, April 16th, 2013

It’s been several years since I have released a new “opte” image of the Internet.  I started working on the new images last week and I have run into a number of issues:

A)  LGL (large graph layout) 1.1 is outdated and needs to be fixed.  I’m currently trying to get the code to function in JRE 1.6 (for the viewer application).  I also want to create fixed points on the image for the largest networks, thus allowing me to create full motion animations of the Internet day-by-day.  I’m taking over the LGL project form its creator Alex Adai and we will be releasing LGL 1.2 very soon.

B)  The web site is outdated.  I’d like to replace the web site with a WordPress blog skin that is unique and works well.   In there I will release the entire Opte package with the updated LGL-1.2 release which should give people the ability to create their own images.

C)  I’d like to connect with some educators about the image to see if it’s possible to create some teaching curriculum for children grades k to 12.  I think children are woefully uneducated on how networking works.  Our lives are dependent on the Internet and yet we don’t teach networking basics to children.  It’s very painful for me to watch this generation grow up on trust that devices will just work.   Launching the new image will give me and whomever is interested a nice launching pad for discussions around this topic.

If you’re interested in helping at any level, please contact me.

Reclaiming Geek Culture

Monday, March 7th, 2011

When I started using computers as a little kid, it was all-inclusive; if you were interested, you were in the club. Eventually, communities were built around things like Bulletin Board Systems (BBS) that were places for getting email, downloading files, chatting with other people, and playing games.

The BBS operators wrote code and spent time designing a culture for their systems or communities. In the Northern California Foothills, we had what we called an MUPT meeting once a month. At our Modem User Pizza Thingy, we shared ideas, talked about communication, and generally were stupid, geeky nerds; and we loved it! I was too young to drive to the meeting so I had to be dropped off. Yet, that did not seem to matter to anyone. It was a blast and laid the foundation for my love of geek culture in motion and was ground zero for Northern California’s geek culture.

The BBS culture carried into the Internet and, wow, that’s where things got interesting. There was so much to learn, so much to do, so much more to talk about. Nothing was set in stone, there were no rules or regulations, and the only best common practices we could find were from the military. It was a free-for-all learning fest and that original MUPT/BBS culture remained intact. It was essentially the early days of online community building at its best.

Now, nearly 15 years have gone by and I have watched these groups of people that I deeply respect get older. Networking technology has aged with us and that original, youthful excitement has started to die. No longer is sharing considered a good thing. If you ask a “dumb” question on a large forum, you’re going to be flamed by some snarky person. This new culture has become one more akin to a “club” for only certain people and seems to be exclusive rather than inclusive like the geek culture I remember. Why is it that there are people that spend half of their day writing snide replies to prove that they are somehow smarter than the original poster?

It’s funny, as I was writing this post, I stumbled upon the Patton Oswalt article in Wired “Wake Up Geek Culture, Time to Die.” He had me in the first few sentences, particularly his phrase: “back when nerd meant something.” But, Oswalt experienced this more from a dedication to film and music, whereas I was devouring technology. Oswalt calls it an obsessive interest that led to deep knowledge and produced new artists. He points out that this innovation is missing today. We are just repurposing, manipulating past innovations.

Is this new culture the result or the reason for dwindling innovation?

Think about it; IPv4 has pretty much been mastered by the packet slingers that have learned everything there is to know about routing, load balancing, and networking. New technologies are faster and better, but are they new? The lack of interest in gathering, sharing in an “obsessive interest” manner, is creating an anti-geek culture.

All that said, I continue to choose to work in a start-up environment because I think it is one of the few remaining cultures that is working to foster innovation. It’s a place for creating and sharing new technologies to inspire. New ideas are new possibilities, and challenging the accepted is met with openness and consideration instead of arrogance or criticism. It feels brilliantly similar to the “old days.”

And if geek culture has gone to the trolls, then maybe it’s time we reclaimed it and restored it to its former glory. Being a true geek among peers requires comfort, trust, and the ability to be wrong, awkward, stupid, brilliant, genius, nerdy, and “out there” without ridicule – and for that, I salute my geeks!

The Internet is Beta

Tuesday, May 4th, 2010
Beta is an engineering way of saying “almost done” – the product is good enough to use but it’s not quite finished yet. Google often releases their new products with a cute little “BETA” logo. Gmail, the Google email system used by millions, has been in beta for five years.

Like Gmail, the Internet’s core protocol should also have had a Beta tag on it for an extended time – for the past 41 years to be precise. Generally speaking, it works pretty well, but the founding fathers of the Internet could not have anticipated that the software they were building would ever become what it is now: The infrastructure for all of society.

So it appears today that some major features were left out…but not because the people behind the design made a mistake. When MIT first used packet switching in 1965 to communicate with a remote computer in California (confirming that packet switching works), the furthest thing from anyone’s mind was security, network neutrality, network education, privacy, cyber warfare, and the slurry of problems that challenge both business and individual users of the Internet today.

In 1969, with the original workings of the Internet (ARPANET), security was simple: the network was tiny and users on the computers that were connected to it were trusted researchers. It was an open community. As Vint Cerf, one of the most notable developers of the Internet, was quote in Fatal System Error as saying, “My thought at the time, thirty-five years ago, was not to build an ultra-secure system, because I could not tell if even the basic ideas would work…We never got to do the production engineering.” The focus at the time, sensibly, was on fault tolerance, not security.
Vint Cerf – Photo by Charles Haynes

Now, nearly 41 years later, we read about Internet security issues constantly. The lack of security features in IP (Internet Protocol) has spawned entire industries, with vendors and service providers that are happy to sell you the next generation protect-all, whiz-bang software. If one were to ask a roomful of people in the security industry what they think about the security products, including their own, on the market today – if they think there are real solutions to the problems we all face – their answer would be a unified “NO”. No one thinks we are at the point where we can all just stop worrying about security.

Barack Obama
Courtesy The White House
The disturbing fact is that the engine that enables our modern global economy is based on a really cool experiment that was not designed for security. Risks can be reduced, but the naughty truth is that the ‘Net is not a secure place for business or society.

The role that the Internet plays in our economy places it in the category of a critical resource that the government must protect – just as it does our water supply and the national power grid. A threat to Internet security is a threat to national security. In May 2009, President Obama spoke about this issue and the plan his administration has to address it. He stated that the US is “not as prepared as it should be” to defend against cyber threats and he proposed new “digital infrastructure” initiatives to “ensure that these networks are secure, trustworthy and resilient.”

But can the US Government, or any other governing authority, ever adequately protect and defend the Internet? How can that be done if the Internet Protocol itself was not designed to, in Obama’s words, “deter, prevent, detect, and defend against attacks”?

Given the world economy’s substantial dependence on the Internet, wouldn’t it make sense to create a well-funded think-tank with the brightest minds in society to design a new protocol with a new vision? This time when we start the process, we will have the benefit of 41 years of Internet beta testing and we can rethink the vision to also include things such as:

  • Security: Transmitting data safely but easily without special software.
  • Privacy: Balancing anonymity and accountability. Allowing people to communicate freely but ensuring accountability to protect against abuses and criminal activity.
  • Routing Intelligence: Routing data without neutrality issues and allowing the protocol itself to route traffic based on a myriad of metrics, conditions, agreements, and other factors.
  • Enculturation and Education: Bringing new people (children, emerging nations, etc) onto the network with a step approach to ensure that they learn about network culture and functionality before they make mistakes.

I don’t think any of us who are involved with cyber security on a professional level can see the Internet as it is today functioning successfully for the next 50 years. I can envision a world of networking much different than today’s. So why not start turning the ship now?

Is designing a better protocol difficult? Yes. Can it be done? Absolutely!

I will be writing more on this topic in the coming months. Stay tuned.

Digital Assassination – The Ultimate Revenge!

Thursday, July 30th, 2009

All examples included in this posting are for educational purposes only and should never be put to practice or used. In other words, do not do them!

Death by Ethernet Given that today is the opening day for DEFCON 17 (a hacker conference), I figured I would pay homage by exposing some cyberwar techniques that are more social in nature, easier than writing amazing meterpeter exploits, but just as (if not more) impactful.

These days, cyber bullying is popular. Cyber bullying is when a bully makes fun of a kid online using MySpace, email, posting jokes, etc. Cyber-bullying is so harmful to a child’s mind and online persona that it has led several victim children to suicide. Cyber-bullying was brought to light when Megan Meier’s suicide was attributed to cyber-bulling via MySpace.

Children are not the only possible victims of cyber-bullying; someone’s online persona is also a great target. An online persona is an important commodity these days; a Google search on someone’s name is almost the modern day resume. These online personas are part of a larger group of what I term Digital Natives. The Internet has simply amplified older techniques used by intelligence agencies and governments.

Attacking someone’s online persona or discrediting someone using their online persona could have horrific consequences.

With communication and social media, there are new attack vectors, and cyber-bulling can be taken to a new level, something I call “Digital Assassination”. Digital Assassination, which is not anything new per-say, takes old methods and some new methods to manipulate, embarrass, cause jail time, discredit associations, politicians, corporations, or (in some people’s minds) have the ultimate result by invoking someone to commit suicide.

I had an internal struggle about writing this post. I do not condone the methods I discuss, nor have I ever practiced them. I hope this posting is used merely as a mean to inform people and protect them from being victims, rather than encouraging unethical, illegal, or nefarious actions.

There are a lot of tricks to the SEO (Search Engine Optimization) trade. Most of them involve manipulating Google, embedding data on pages to cause Google to think your site is more important than another site. This is what I call “search engine de-optimization.” What if the same techniques used in SEO were used to power a disinformation (or smear) campaign designed to destroy or manipulate someone or something’s digital existence? What if those techniques were combined with hacking, social manipulation? The result is scary.

At first you may feel that the general concept seems somewhat “out there”, but let’s look at some of the possible implementations.

Blog Pressure and Disinformation

    If an attacker is trying to eliminate a movement or politician’s influence, what better way is there to do so than ruining the essence of the movement or tainting the politician’s reputation? Someone can hire a team of paid bloggers; say 150 of them, working in India. There are companies that provide small blogger armies (just Google “paid bloggers”). They all operate on the Internet as if they come from different parts of the world (via proxy servers to make it more convincing), and all they do is post negative sentiments.

    The more this is deployed, the more the victim’s name in Google becomes associated with these negative blog postings. Thus, a Google search for the victim reveals blog postings about how he or she is an alcoholic, child molester, a physical abuser, etc.

    This can be amplified by using mailing list postings and USENET.

    Taking that further, one can link each blog comment to each other and create a more articulated web of links, which will help Google optimize the data.

    Likewise, what if you wanted to start marital troubles for someone? The attacker could start posting about the victim on or various places such as twitter:

    “This guy is an asshole, we met at a corporate dinner three years ago, have been having an ongoing affair, and he’s been telling me that he was going to leave his wife, now he just cut me off! I want to expose for who he really is.”


    “I met last week at the conference, it was an amazing, romantic whirlwind. Now I am pregnant he refuses to return my calls or emails. Help!”

    What’s worse is this could be used via Facebook or even via pure email to the wife. With a little Photoshop help, by creating fake caught-cheating photos, it may be a hard to disprove

    Taking the caught-cheating photos and placing them on various sites will also help Google cache them in Further, if the images are named after the person’s name, it will help them come up first in a Google search.

    Cheating can also be replaced with other actions like industrial espionage, bad associations (having dinner with people you should hate). Imagine photoshopped photos of a VP of a company handing documents to the CEO of a competing company.

Jail Time

    Another method requires a little more work and some hacking skills that some people may not have. Yet it’s one of the most powerful methods one could use. This method basically involves hacking someone’s computer or taking it over remotely, implanting a lot of child porn on the computer, and posting that same child porn on USENET with the victim’s real email address.

    USENET is patrolled so carefully for this type of material that the result would be an FBI agent’s knock on the victim’s door, jail time, public embarrassment, maybe a pile of felonies, and to top it off… everyone thinks the victim is a pedophile.

    There are other methods such as filling a USB Drive full of child porn and simply dropping it near the victim’s car where he or she may pick it up. The attacker then tips off the police.

    In essence, the attacker frames someone for a crime. With the anonymous nature of the Internet, Operating Systems, and general digital accounting, it’s easy to put these crimes on the shoulders of the victim.

Fake Logs

    Another vicious attack vector would be simply to make-up an attack. Create logs of someone uploading child porn to a web site, making fake posting to your blog threatening to kill the president, or just a fake hacking attempt. System logs are all text, so typing up a log that looks real would be very simple and law enforcement can use that information as evidence.

    If fake evidence is introduced, it could have more power than actually attempting to frame someone for a crime.

Rogue Disinformation

    Hacker groups, governments, terrorist groups, politicians, businesses, and other activist groups use the Internet to spread their propaganda, turning their web sites into recruiting machines.
    What better way is there to disrupt them by using disinformation to discredit and fragment the momentum?

    One can hack their web site, and rather than a full website defacement, only change the wording a tiny bit, just enough to turn people off. Doing so will make their followers go, “huh?” and it may take a while for the changes to be caught.

    As an example (which should never be done and is fictitious), on a Governor’s web page, there is usually an about section. Let’s just say the text officially reads, “People who know me know that besides faith and family, nothing’s more important to me than our beloved Alaska.”

    IF one were to change that text to read; “People who know me know that nothing’s more important to me than my liberal views and beloved Alaska. In my life, I reject faith and family.”

    If the site massaging is not detected, the new text would sit for a few weeks would spread some serious disinformation.

    It’s also possible to register web sites that appear to be supporting a victim, gather viewing, and then negatively morph the message over time. For example, register, copy the full text and content from other governor support sites. Link the site in places such as Wikipedia and other political blogs. Once there is traffic and linking going directly to the site (people are reading it/using it), slowly morph the text to make her messaging appear negative. Using DDoS attacks to shutdown the official web site to force people to the alternative fake site would also help force people to your messaging.

    For “informal movements” such as “the anti-sec movement”, a few well-placed postings usually derail them quickly. I suggested in a previous post that their threat of finding exploits to OpenSSH may have been someone not with the anti-sec movement anonymously posting using their name as a smear campaign. This hurt their public reputation.

Moving on…

There are many other examples of using Digital Assassination to control situations. I’m sure my readers could think of many other methods of using the Internet to control people and movements. I would be interested in hearing these ideas and attribute them in this page.

What you see, read, and link to may not always be reality.