The wizard war
MSNBC reprints an NYT article describing cyberattack and defense concepts that are either already in place or are being developed. Many of these concepts were apparently developed during the Bush Administration and their use and success is still highly classified. However, the cybermeasures which affected domestic information flows were canned because the Bush administration did not believe it had the “political capital” to carry it out. One of the most interesting nuggets in the article is reference to a kind of cyber-range, a simulation of the real world Internet, in which the effects of attack and defense could be observed.
When President George W. Bush ordered new ways to slow Iran’s progress toward a nuclear bomb last year, he approved a plan for an experimental covert program — its results still unclear — to bore into their computers and undermine the project.
And the Pentagon has commissioned military contractors to develop a highly classified replica of the Internet of the future. The goal is to simulate what it would take for adversaries to shut down the country’s power stations, telecommunications and aviation systems, or freeze the financial markets — in an effort to build better defenses against such attacks, as well as a new generation of online weapons.
Some of the information in the article will doubtless be familiar to people in the industry. The US can activate microcode or sleeper software in hardware or systems that it has marketed abroad. Doubtless the Chinese, French and other vendors have been playing the same game too. So on the day or Der Tag, the trumpets will blow and all the virtual angels and demons will be summoned to battle, not among the electrons — there is really no physical analogy for this — but in a truly abstract world, supported in by the physical layers but conceptually apart from it.
But that highlights another facet of cyberwarfare. Unlike physical war it is always taking place to a greater and lesser degree. Very often cyberattack and defense is conducted jointly with physical warfare. One example cited by the article was a US military hack into al-Qaeda’s messaging system to get a targeted individuals right where they could be taken out, proving that what you don’t know can really hurt you. One of the fascinations of information warfare (for me at least) is its ability materialize concepts. The gap which separates concepts from their physical manifestation is smaller than at any time in the past. Ideas can do things. Generations who heard the Biblical phrase “and the Word was made flesh” understood it in a mystical or allegorical way. But today the Word can come within half a step of reality in a very short time. Just think of your credit card. Hate, like stupidity, can materialize in the form of a wide-bodied airplane over New York city. Someone with whom I am in correspondence is working on a book on “cognitive warfare”. It’s an amazing concept and I hope someone gets his book going. I hope he can find a place in it for this quote:
“And there was war in heaven: Michael and his angels fought against the dragon; and the dragon fought and his angels, And prevailed not; neither was their place found any more in heaven. And the great dragon was cast out, that old serpent, called the Devil, and Satan, which deceiveth the whole world: he was cast out into the earth, and his angels were cast out with him.”
Richard wrote:
“The US can activate microcode or sleeper software in hardware or systems that it has marketed abroad. Doubtless the Chinese, French and other vendors have been playing the same game too.”
Really?? All computer manufactures install sleeper code for their national governments. I really do need a tinfoil hat to go with my acceptance of that one.
Have you seen Dawn of the Cognetic Age
: Fighting Ideological War by Putting Thought
in Motion with Impact by Lt Col Bruce K Johnson, USAF?
It’s on page 98 of the
Winter 2007 Air & Space Power Journal.
I must agree with ash on his comment above. Many of the transistors and part of the logic in a hugely complex device like a Intel CPU are rarely used. They are masked by the function of the operating system (OS). A professor I had years ago compared the CPU to the brain, but the Operating System to the mind. If the mind doesn’t call on that particular part of the brain it may as well not be there.
I don’t think the FedGov has bothered with much implantation of code into hardware because it would be entirely dependent upon the OS. Much of the third world is turning to open source code like LINUX operating systems. This code is reviewed continually by a lot of folks in different countries. It would be really difficult to sneak code in to take advantage of these hardware deep cover agents. In fact, it would be much simpler to implement all of your sneaking in software from the start, and just leave the hardware alone.
That’s just my two cents worth, as a recently retired SIGINT analyst, and engineer, currently working for a defense contractor in Silicon Valley.
Uh huh.
Armeggedon Rex says:
A professor I had years ago compared the CPU to the brain, but the Operating System to the mind. If the mind doesn’t call on that particular part of the brain it may as well not be there.
programmer smiles in a zen like way and says: Yes and No
I always wondered how difficult it would be to put in sleeper functions into complex systems like aircraft. How many junctions and black boxes are in them already and how hard would it be to put something that could be remotely addressed to cause an error?
The Soviets put millions of transmitters in concrete. agencies used to routinely put odd little circuits in telephones. Suppose the Chinese are putting back doors in cheap routers? They have been here and given the routers. Only time will tell.
The last thing I expected Habu to say about this is, “Uh huh.”
There were news articles a few years ago about the U.S. doing this with Soviet software; the Chinese have an entire division devoted to cyberwarfare. The Russians used denial-of-service attacks against Georgia last summer. And some of you pooh-pooh this? (BTW, Wretchard did not say ALL computer manufacturers are doing this.)
It would require a tin foil hat to think that this is NOT being done to some degree.
Daemon (computer software)
From Wikipedia,
“In Unix and other computer multitasking operating systems, a daemon is a computer program that runs in the background, rather than under the direct control of a user; they are usually initiated as background processes.
Systems often start (or “launch”) daemons at boot time: they often serve the function of responding to network requests, hardware activity, or other programs by performing some task. Daemons can also configure hardware (like devfsd on some Linux systems), run scheduled tasks (like cron), and perform a variety of other tasks.”
At least on the open source side we can see what software processes are running. Microsoft has that “secret” OS that we can not be sure of what it is doing.
There was a report that during Desert Storm the U.S. had inserted software, presumably by a modified ROM, into a printer purchased by the Iraqis, and which acted to disable Iraqi Air Defense Systems.
So this sounds plausible to me. No one who has ever had a software worm wander in through one of the louvers in the back of his computer, and without him even downloading anything or opening an e-mail, could doubt this could happen. And when I installed a firewall a few years ago I found connection attempts to sites in China by some previously undetected trojan programs. Imagine how this could be done if you had the resources to hardwire it into the computer, printer, modem, even the hard drives.
Even simple straightforward operations with today’s computers usually get complicated. I recently repaired one that had gone down at work, apparently due to a total hard drive failure. Installation of a new drive revealed that Windows would not recognize the new drive, until suddenly, after multiple installation trys, it did, and that once the OS was reinstalled on the new drive there seemed to be nothing at all wrong with the old drive when hooked up as a slave.
And maybe all those Microsoft glitches are Something Else.
I don’t have any personal knowledge of microcode and embedded stuff in anything, other than stuff I’ve heard in passing, but the MSNBC article makes reference to it specifically.
I didn’t mean to say it was in everything, but it may be in some things. Just where exactly is the problem. And even if didn’t exist, the mere fact that it could exist probably means that provenance and lineage management are things that are key to critical systems. I was at a talk given by a senior guy from Intel last year and the systems they had in place to track the lineage of chips in the pipe was an incredible story. It’s not an easy thing.
On the hardware side one of the first microprocessors in use had some interesting instructions.
“Motorola 6800 Microprocessor
The 6800 is an 8-bit microprocessor produced by Motorola and released shortly after the Intel 8080 in late 1974. It had 78 instructions, including the (in)famous, undocumented Halt and Catch Fire (HCF) bus test instruction.”
I have several of these in use right now. I guess the feds can smoke my pinball machines anytime they want.
The old Cray mainframe supercomputers had the Pop/LZ functional units installed in them as a requirement of the NSA. The Cray mainframes were designed primarily to serve the needs of the bomb designing and cryptographic users (they were Cray’s main customers). The Pop/LZ assembly language instructions were intended for cryptographic work and nobody else seemed to know how to use those machine instructions.
Armeggedon Rex said:
“Much of the third world is turning to open source code like LINUX operating systems. This code is reviewed continually by a lot of folks in different countries. It would be really difficult to sneak code in to take advantage of these hardware deep cover agents. In fact, it would be much simpler to implement all of your sneaking in software from the start, and just leave the hardware alone.”
I generally agree with the above however there are large blocks of code in the Linux kernel that was provided by the NSA to enhance security. A couple weeks ago, I was recompiling a Linux kernel on my home machine and was thinking about whether or not to toss out the NSA security stuff. I opted to leave it in. I think the NSA stuff gives the kernel some added hardness against hacking so it’s worth keeping. Whether or not the code activitates something spooky in the CPU chip is another question. However a good electrical engineer probably could spot spooking stuff with a logic analyser. I think the down side of someone finding this and blabbing it to the world would tend to discourage the NSA from planting back doors in the Linux kernel and CPU chips (the Linux community would go totally bonkers). Also it’s a good thing that the third world is opting for Linux. I wish more of the developed world would do the same.
Urban legend has it that Kernighan, Ritchie or some other Bell Labs genius wrote a hacked version of the C Language compiler that could insert practical joke machine language routines into executables (a very early version of a virus). Supposably they did this to show that they could and then threw the hacked C compiler into the trash.
If you were going to play games with the hardware, or more precisely, the firmware, routers would be ideal places to do it! Cable MODEM boxes and cable or satellite TV set top boxes are another great place to do something interesting in firmware or software. Home computers are easy targets. This is all low hanging fruit.
The problem with all this is that it doesn’t really have much impact on government infrastructure.
A large scale effective attack would cripple much of the Western world’s home entertainment industry. People might have to read a book, or take a stroll, or get a real hobby, or hold an actual conversation with their neighbor instead of zoning out on the web or TV.
The Intelligence Quotient of all Western Civilization might rebound following such an attack!
Even civilian government agencies use intranets instead of the World Wide Web, WWW, to conduct much of their critical business, and most use dedicated leased lines as back up to TCP/IP connectivity. Much of the really critical information is either in systems not connected to the WWW at all, or there are data back ups, and paper hard copies of important data.
Ships, planes, and armored divisions are mobile and not really connected to the Internet very well. They can be protected easily if the will to do so exists. Some non-government civilian targets however are really soft. Finance and manufacturing are both critical to the health of our society today. Both are somewhat connected to the Internet, and both have been repeatedly shown to be easy targets. I hope the new cyber command, or what ever they call it next week, will concentrate on protecting our financial and manufacturing industries. It’s not that they can’t be hardened, it’s that there’s no will to do so.
As an aside, a few decades ago I remember when some slick smarty opined that the newly ubiquitous small computer in every workplace was going to render paperwork obsolete. Everything would be electronic. What a joke! I think paper usage has gone up with computer penetration of the workplace. We kill more trees for office paper now than ever before! We just don’t employ as many accountants, or clerks or secretaries to do it.
So Chinese analysts spend lots of man-hours sorting through our tax returns, porn surfing, web browsing, tedious e-mails, etc.
I’m sure they glean some valuable nuggets, but they’ve got to pan a lot of gravel to find that bit of gold. Even with key phrase detecting software examining the data stream, just the comments from this blog alone must keep an entire company of PLA analysts tied up night & day, permanently.
By the way, the Nigerian scam e-mails have really picked up in the past few weeks. I have gotten one supposedly from a USA Sgt in Iraq who has found $20M he needs to get out of the country (traced back to South Africa), a Nigerian Lt General who wants to send me money, the FBI, who will arrest me if I don’t take the money that is coming from Nigeria, a Russian who says she has $46M from Yukos, as well as the usual Nigerian ministers desperately trying to shed some unwanted millions. And many of these (except the one from Russia) show use of Cyrillic characters. I guess the economic downturn has hit everybody.
Eggplant: see ‘Reflections on Trusting Trust’, by Ken Thompson (co-author of original Unix), his acceptance speech for the 1983 Turing award that he & Dennis Richie received for Unix (explanation: http://en.wikipedia.org/wiki/Thompson_hack).
Other item to check on is the MIPS-X processor with NSA extensions (at least according to the assembler manual, there is a HCF equivalent instruction for it).
Armeggedon Rex said:
“If you were going to play games with the hardware, or more precisely, the firmware, routers would be ideal places to do it! Cable MODEM boxes and cable or satellite TV set top boxes are another great place to do something interesting in firmware or software.”
Another thing to play games with is the Powertrain Control Modules (PCM) on automobiles. Some cars today have the PCM controlling the engine –and– accessing data from a GPS receiver –and– accessing a cellular telephone. The potential for mischief boggles the mind.
It’s interesting how carefully automobile manufacturers control access to PCM code. My wife owns a 1996 Saturn SL-1 with an OBD-II PCM. After we bought the car, I purchased a complete set of factory manuals and discovered that the published OBD-II (state mandated On Board Diagnostic Two) protocols were only a small subset of the information that the PCM controlled. There were all sorts of things that the PCM could do or tell me about that I did not have access to. I then went to the trouble of getting a junk yard PCM identical to the one in my wife’s car, wired it into my home computer and then tried to break into it. I could actually get this disembodied PCM to do all of the OBD-II stuff published by the Society of Automotive Engineers. However the really deep General Motors software was inaccessible. I eventually found out that to fully access the PCM, I had to “logon” via a seed-key algorithm. This required issuing a seed request to the PCM and it would hand back a 4 digit hexidecimal number that was a “seed”. Based upon this “seed” number, the user was supposed to tell the PCM a 4 digit hexidecimal key number that would unlock the PCM (put the user into a priviledged mode where he could read and write to the PCM’s memory). I found that if I gave the PCM the wrong key number, it would lock up until I gave it a hard reboot (cycle the power). I know that many people on the Internet have tried to hack into the Saturn OBD-II PCM but no one succeeded except one bunch of guys. Supposably that one bunch of guys had some inside information from the people who originally programmed the PCM.
mwalls,
Thank you for the link. Very interesting! One hopes that the GNU C compiler (open source) is immune from such naughty tricks.
I don’t believe the MSNBC article is so much referring to Windows or *nix operating systems as much as it is the embedded boards in “dual use” products such as telecomm equipment, industrial control systems and air traffic control systems. Certain weapon systems would fall into this realm as well.
Armageddon Rex is correct that in cyberwarfare controlling the routers is important, more to the point, controlling key routing nodes is of utmost importance. The same protocols apply to stopping the spread of computer virii as biological virii.
ie. Defense in depth is of utmost importance; control the perimeter, control key nodes, harden individual hosts, create redundant systems, log attacks, analyze attacks, create and deploy defenses, analyse results…
lather, rinse, repeat…
Big Safari itself is a shadowy Air Force unit that has developed small numbers of specialized reconnaissance systems, including drones, in what are often classified programs. The Suter technology was developed during the last several years by BAE Systems and involves invading enemy communications networks and computer systems, particularly those associated with integrated air defense systems (AW&ST Aug. 16, 2004, p. 24; Nov. 4, 2002, p. 30). Suter 1 allowed U.S. operators to monitor what enemy radars could see. The capability enables U.S. forces to assess the effectiveness of their stealth systems or terrain-masking tactics. Suter 2 permits U.S. operators to take control of enemy networks as system managers and actually manipulate the sensors, steering them away from penetrating U.S. aircraft. Suter 3 was tested last summer to add the ability to invade the links to time-critical targets, such as battlefield ballistic missile launchers or mobile surface-to-air missile launchers. Aircraft involved in the Suter programs include the EC-130 Compass Call, RC-135 Rivet Joint and F-16CJ strike aircraft specialized for suppression of enemy air defenses.
Information operations and computer network attack programs are now considered the military’s most closely guarded projects, surpassing even new stealth advances. Some of the info ops code names include Space 7 (Air Intelligence Agency’s advanced programs division, directorate of information operations), Quick Draw (AIA information operations center), Midnight Stand (Strategic Command offensive information operations advanced concept technology demonstration), Iron Hare 99 (first demonstration of offensive computer warfare capabilities), Evident Surprise (to deconflict and execute offensive info war), Crucial Player (predictive analysis of info war and terrorist threats to emerging technologies), Constant Web (Air Force database for adversary military command, control and communications structures), Adversary (USAF command-and-control analysis for info war targeting), Arena (info war analyses, evaluation and decision-making to create country studies of electronic infrastructure) and Black Demon (USAF cyber-warfare exercise to develop network operations warfighting capabilities from the tactical level through full-scale warfare).
opening doors
13. Eggplant:
Urban legend has it that Kernighan, Ritchie or some other Bell Labs genius wrote a hacked version of the C Language compiler that could insert practical joke machine language routines into executables (a very early version of a virus). Supposably they did this to show that they could and then threw the hacked C compiler into the trash.
==============================
Richard Stallman, author of GCC, The GNU Compiler Collection, has made similar comments about GCC. Namely that if he put “bad” code in GCC, it would be self replicating when you compiled a new copy of GCC from code. (The Linux kernel is compiled with GCC).
So we just have to trust him. His agendas are open and not hidden, so I’m OK with that.
You know, I have a renewed appreciation for simple, mechanical things after all this. Things that are not susceptible to EMP, things that go bang when you pull the trigger, and things with sharp edges that cut.
Sometimes simple really is better.
Slower. More primitive. But still deadly.
“cognitive warfare”
As a result of millions of years of biological evolution, humans use their senses instinctively, without conscious thought, which is one reason why instinctive physiological reactions seem so swift. In contrast, military organisations of analogous integrated complexity do not respond as swiftly (relatively speaking) – precisely because the processing of sensation into perception by the organisation as a whole does require conscious thought, in the form of interpretation and decision making by human operators.
Move on. There’s nothing to see here….
7. Oh, bother
I said it because I have been talking about the Chinese and Russsians penetrating our systems on this site and others for over a year. This doesn’t surprise me in the least.
I mentioned less than three weeks ago the Chinese and Russian both planting Trojan horses in our systems. I did not mention the flow going the other way but the USA isn’t dumb. My concern was that it did not appear to me that we had sufficient resources to do what was being done to us. This is a huge credit to our intelligence community. We managed to keep a secret for a couple of years. I’m proud.
I just didn’t think I could add a whole lot other than what I’d already said over the course of the last year, or here for the past few months…..which BTW if I recall correctly got very little reponse…
But what we don’t know about US intelligence the better off the world is. I am proud we’re screwing them for a change but honestly I wish no one knew except those involved in the project.
Apparently Hamas acquired Stinger Manpads and attempted to use them against Israeli aircraft during Operation Cast Lead in January. The Stinger has IFF built-in and wouldn’t fire against US aircraft. Doh! So it is possible to add safeguards or secret code to devices to thwart enemy usage of those devices.
@Eggplant, all compilers are susceptible to the backdoor exploit mentioned in mwalls link. All compiler engineers in the world know about the backdoor exploit. Make your own conclusions.
Slightly off topic but once upon a time I worked for an integrated circuit manufacturer, company Y, who would at times license other peoples monolithic designs. We were presented a certain FET design by company Z to evaluate for a possible purchase of the license. Upon a fairly routine reverse engineering exercise, we were taking off layer by layer of the silicone and taking scans with a scanning electron microscope, a strange little anomaly showed up in the corner of the device. When we assembled all of the pictures into a master mask a logo appeared assembled from the small bits… it was company X’s logo and not company Z’s. Tricky, tricky, tricky. Company Y uncovered a plot from company Z to lift an IC design from company X.
Spy vs Spy. Good espionage is keeping your counterpart busy with mundane counter-surveillance while you are completely ripping them off. The Chinese have perfected this because they are a tyranny that is not answerable to the people. You leak a secret, you disappear. Here in the US, you leak a secret, you make the front page of the NYT and become a hero of the left.
AR “We kill more trees for office paper now than ever before!”
Funny thing. We used to type documents, sign with a pen and make corrections with WhiteOut. Now you’d be lucky if a document wasn’t printed out 10 times and tossed in the trash before the first draft was completed.
You’re all very naughty.
RWE,
If you get an email from a retired Navy helo pilot who needs a little financial assistance to get to a Swiss bank account, it’s legit.
For years I have thought that the best way for us to erect better defenses against cyber attacks on our defense and civilian systems is for our most sensitive computer networks to be using a new, proprietary, and top secret operating system. This is a project that should have been undertaken years ago. After all, you cannot hack into a system that you do not know the language for.
Hiring the best minds for this should be a top priority. Furthermore, we would need to make sure we don’t make the vetting mistakes that were made during the Manhattan Project. The Soviets had that project totally and thoroughly penetrated.
A good friend of mine works for the division of a large international conglomerate that shall remain nameless, that happens to have sold a large number of modern locomotives to the Chi-Coms. I once jokingly asked him if they had inserted any secret lines of code in the locomotives operating software, so that we could disable them, and correspondingly the Chinese rail system, remotely via satellite in case of war. He just kind of laughed and changed the subject…
How are all these sleeper chips & code going to be remotely activated?
Not everything is connected via unfiltered internet. And I doubt the rest have mini-antennas in them to receive a wireless signal.
That might be suspicious to an enemy tinkerer.
I suppose these sleeper chips could have an unrecognizable antenna that is only capable of receiving very strong, local signals. You could activate them by parachuting in a device nearby blasting the activation signal on the appropriate frequency.
Or, use low level frequencies which can be signaled easily from far away.
I guess I should start reaching for my Reynolds foil now.
Habu says, “Uh huh.” and disappears? Oh, yeah. Makes me want to do some research on this little article.
Elijah/23
A detour, but why not…
As a result of millions of years of biological evolution, humans
Hmmm… current paradigm is that humans aren’t here for that long (~250kya), though some content we would need several million years to get us where we were even then. The humans from 250kya aren’t morphologically much different, the differences fall easily into the margins of genetic and morphological variations present today.
use their senses instinctively, without conscious thought, which is one reason why instinctive physiological reactions seem so swift.
I don’t recall the name of a guy that did some research in 70′s about timing of responses to stimulae. The hard data shown that we react 500 ms prior the arrival of sensory input to the brain. He couldn’t make much sense of it and left it open, but Fred Allan Wolf posited that we must be getting the information by some other means. The actual responses that travel through neural pathways are sort of a backup that affect involuntary responses of the body, while the primary signal is processed more in an analytical sense. In his view, events create a ripple in fabric of time. As 500 ms is pretty close, we are getting a strong “signal”, but further in time the signal is weaker by interference with other event ripples. However, in some cases, there is a resonance factor, where an event quite distant in time may have its signal amplified to the degree that we register it. We disregard the input from the past as that is fairly known–there is simply no novelty factor and it usually is manifesting as a sudden burst of memories, but we tend to receive the future signal if we are trained that way. Most of us aren’t and filter it out completely–which we are actually trained to do since our earliest childhood.
pel/33
Routers are connected to the net infrastructure, so building some form of activation (or deactivation) would make a sense. Otherwise, is is more difficult.
You could use router firmware chip to send packets to a machine(s) raw sockets and make it do your bidding. That applies mostly to Windoze OS, with more secure OS’ that would be more difficult. You’d need to escalate privileges to root to use raw sockets on *nix machine, so that would need actually a human (hax0r) intervention.
Naive, stupid or 0 is poised to destroy the US
I don’t know, but it is one of the three, or combination of them.
Re Chinese and Russian intelligence, true or false, an organization or individual will be effective to the extent of invulnerability to the campaign vicissitudes (summons of) of US Senator Foghorn Leghorn or US Congressman “Red” Leftylover.
“It would require a tin foil hat to think that this is NOT being done to some degree.”
—
exhelodrvr,
To the contrary:
A head filled with Ash will do just fine, thank you, sans hat.
Don Obama has made Don Corleone look like Daffy Duck. Don Corleone was nothing compared to Don Obama. You want to talk loan sharking? Let me tell you how this loan sharking worked. Bondholders, people who purchased General Motors bonds, did so to the tune of $27 billion.
Big government, Don Obama put up $15 billion, just a tad less than that. So basically the private sector bondholders put up almost twice as much money to save General Motors as Don Obama did. And at the end of the day, Don Obama gets 50% of the company, and the bondholders get 10% of the company.
The bondholders put up twice as much as Don Obama, and Don Obama gets half the company; the bondholders get 10%.
That means they invested in the bonds wanting a profit. There are bondholders who were using the $800,000 throw-off. That’s how much some of these bondholders had gained over the years, the bonds had thrown that much income off. One guy’s retirement is worth nothing. It’s worth 10% of that. So he’s got a requirement now worth $80,000 thanks to Don Obama. Don Obama owns half of General Motors, and Don Obama’s army — his consiglieris, his capo di tuttis or whatever they are — they have the other 39% of the company. How does somebody put up half as much money and get five times as much control of the company? What makes this even worse is that if General Motors would go bankrupt, the bondholders wouldn’t get 10%, they’d get a hundred percent! That’s what reorganization and restructuring is all about.
So someone has to ask the question:
How in the world would any bond buyer trust a bond again?
So, in the case of Don Obama, you keep your friends close, your enemies closer. World War II, ladies and gentlemen, ended with a surrender on the USS Missouri. Capitalism may have surrendered in the General Motors boardroom. You go over to Chrysler, it’s even worse…
– Lindbaugh and Kudlow
31. fred:
For years I have thought that the best way for us to erect better defenses against cyber attacks on our defense and civilian systems is for our most sensitive computer networks to be using a new, proprietary, and top secret operating system.
=================================
Windows 7?
=================================
=================================
After all, you cannot hack into a system that you do not know the language for.
=================================
Start with program one byte in length set to zero. Execute and then add one until it does what you want. If this fails make it one byte longer.
Or you could use a robust system and limit access.
=================================
=================================
Speaking of cyber security, the Gummint of the O-verlord wants to take THAT over too. Both public and private. And I ain’t kidding.
You have to read this:
http://www.e3gazette.com/2009/04/senate-bill-773-cybersecurity-act-of.html
Prepare to have your jaw wired shut after reading, because that’s the only way you’ll get it to close.
42. peterike
I was half way through, and couldn’t get my jaw closed.
This is going to get pushed through so fast that noboby will ever have time to read through the documents, like the stimulus bill.
Then it will be too late. This is scare-ier than the 2×4 NGB story. By Sept of this year, I won’t recognize the good old USofA anymore.
Which makes me suspect the timing of Pentagon letting public know the chicomm cyber attack…
/still shaking my heads at ‘US based non-profit institution or organization’ and ‘small-and-medium sized businesses’
Lordy, Doug, those GM bondholders are lucky there is ANY value in those GM bonds at all.
Re: sleeper micro-code manufactured into systems sold abroad – while I don’t doubt there is widespread attempts to hack and penetrate enemy systems I think it is a stretch of tinfoil hat proportions to suggest that manufactures around the world are co-operating with their national governments (especially given the distributed nature of manufacturing in our globalized world) and planting moles in machines. If the Manhattan project was compromised by spies how tough would it be to keep secret the co-operation of all these private companies and their engineers? ain’t happenin’. Heck, the Bush admin couldn’t even keep secret the co-operation of the Telco’s in their data-mining schemes.
So, becuz government is totally incompetent, we should stop with the worrying? Oy.
Hey, Dougo is complaining that the Gov. got too good a deal on it’s GM “investment”. I guess they should have just shoveled the cash in an got nothing back. No real value there anyway ‘cept maybe the opportunity for Habu to stick some micro-code into the engine control chips. Seein’ as the gov. is captain of that ship they may as well try…no?
Having worked at a telecom equipment company, I know for a fact that in some systems there were backdoors put in for the Feds to monitor traffic. But then, that was back when the kit was still made in the United States. That all changed in a few years during the 90s, when American tech CEOs sold our manufacturing souls to the Chi-coms for a bag of gold, and our software souls to the Indians for a bag of silver.
God knows what goes on now in those Chinese manufacturing plants and in those Bangalore software shops (how easy would it be to bribe an Indian engineer to slip backdoors into the software? Answer: extremely easy).
If we still had a real government they would never have allowed computer and networking equipment manufacturing to leave our shores. It’s an absolute disgrace, on so many levels.
I hope everyone at Belmont is enjoying the 100 Days celebrations and the sickening, sycophantic media coverage of same. Over at Time, Joe Klein wet himself while lauding the O. Naturally, the Time website doesn’t allow for comments. Cowards and fools.
I am not a techy. I am, however, a devious old fart. I can think of severaly ways to approach the cyber problem…both offense and defense. If I can, there are smart guys in all three camps, with resources, who are miles ahead of us all.
While the entire cyber-war meme is important, I am reluctant to go about crying wolf; cautious, careful yes. Afraid, not yet. (Partially because I just surveyed my own life, professional and private, and determined I could live without deus ex machina for several months if needed)
Buddy/45
The only competence they display is in power grabs.
Thus we have to worry twice as much. Once because of the wholesale power grab and second when they “nationalize” all the key elements of economy, their incompetence in other than power grabs kicks in and it all will get ruined.
There is this leftist concept that US should harmonize with the rest of the world (e.g. lower living standards to the world average). Of course, when US gets flu, the rest of the world would gets pneumonia. I dunno… do they really want the depopulation explosion so bad?
peter @42,
If America really needs a new government bureaucracy to tell people to install all the latest patches we are in far more trouble than was previously imagined.
BTW, watch for any new legislation concerning food safety, nutrition and drugs.
They are already going after road-side produce sellers–without proper certification (an arm) and insurance (a leg) one can be fined $1 million (all body parts as a small produce farmer is concerned).
Once they start harmonizing with Codex Allimentarius and prohibiting sales of produce based on their content of chemicals (broccoli–dioxins) and “drugs” (peppers–capsicin, tomatoes–glutamates), the nightmarish times would arrive.
All what it would take is for good men to say nothing.
100 DAYS CLOSER TO THE AMERICAN PINOCHET ???
“Start with program one byte in length set to zero. Execute and then add one until it does what you want. If this fails make it one byte longer.”
Or you could just really start over, with a 13-bit byte.
One of the fascinations of information warfare (for me at least) is its ability materialize concepts. The gap which separates concepts from their physical manifestation is smaller than at any time in the past. Ideas can do things. Generations who heard the Biblical phrase “and the Word was made flesh” understood it in a mystical or allegorical way. But today the Word can come within half a step of reality in a very short time.
………….
I’ve been musing about this too lately on matters of water desalination. Several times in the last year–I have called for things to happen and low and behold they happen. I’ll be blogging about another such event in my next blog. Specifically for that last couple years I’ve been calling for a technology that would place a desalination plant underwater so as to let ocean pressures push freshwater through membranes — rather than expensive pumps. Why? this will make the process much cheaper. And low and behold a company recently has put out the design specs for just such a tech. The costs they are projecting for the project are 1/2 current RO costs.
I have to ask myself, did I have anything to do with that? I don’t think so. But if I did, then the reason there was a cause and effect was because I said a logical thing–that is something that did not depend on me to be true.
Also, I was in the groove. What is groovy? On any subject matter, you can get a “feel” for the flow of information. ie what’s important, what’s not; if event x happens then –the liklihood of event y becomes more probable over event z. what event Q needs to happen in order for outcome A rather than outcome B etc. What is in the groove? You’re inside the flow of thought, the OODA loop (for Observe, Orient, Decide and Act) . After awhile, you can become predicative and maybe even shape outcomes.
Why not go from science to political science? why trip out into christian theology? the reason is imho that christian theology (& 99% of that is OT theology) is much more rigorous than political science. there is another reason. political science is about the government. typically governments like corporations self destruct when they no longer serve the people.
The question is how can technology be implimented such “that this nation, under God, shall have a new birth of freedom — and that government of the people, by the people, for the people, shall not perish from the earth.”
Here’s a pretty good prayer song
markb said:
“Richard Stallman, author of GCC, The GNU Compiler Collection, has made similar comments about GCC. Namely that if he put “bad” code in GCC, it would be self replicating when you compiled a new copy of GCC from code. (The Linux kernel is compiled with GCC). So we just have to trust him. His agendas are open and not hidden, so I’m OK with that.”
I’m also OK with that. Maybe I’m naive or stupid but there are too many sharp technical guys using GCC and Linux for a back door to exist undetected. Also, one could break a Ken Thompson style compiler hack on GCC by simply compiling GCC directly from source using an Intel C compiler. I know that the big Beowulf clusters at NASA run on Linux (I think(?) the big clusters at LLNL and LANL also run on Linux). Also, supposably the NSA has gone over Linux with a fine tooth comb (they probably also run under Linux).
Now having said all of this, I’ve noticed that once in a while, my machine at home which runs under Ubuntu Linux will bang on the network switch for no apparent reason. When I see it doing that, I kill the Pppd daemon and the process stops. I suspect it’s some script in Firefox trying to call home.
ASh, I believe you are wrong again.
If GM and Chrysler had gone through legal bankruptcy proceedings, not illegal obamanations, then the bondholders would have been much better protected.
Please, Ash do inform us under what authority was our hallowed Dear Leader able to steal from the bondholders and give the unions this huge gift.
Sometimes Obama’s great and all merciful magical powers do perplex me no end.
You may be correct there Unsk, then again, there may be nothing left to emerge from legal bankruptcy proceedings much less some hair on the head of bond holders. In any case O’s bailout appears a no win situation for him with the wingnuts – either taxpayer money goes down a hole showing no return or, in Rush’s/Doug’s whine – gov does too good from a business perspective.
Aplumber
That would be a “byte” + a “nibble” + a “bit”?
DOWNTOWNDUBAI said:
“100 DAYS CLOSER TO THE AMERICAN PINOCHET ???”
The economy will have to decay a bit more. Sometime between Memorial Day and Halloween, we will probably see some major market capitulation. Also the Iranians or al Qaeda will need to play their trick (Will they do that if they think they can extract bloodless concessions from Obama?). What could accelerate the process is if kangaroo courts and show trials were setup for former Bush administration people. I suspect Obama is too smart to fall into that trap but he might be overruled by the moonbats or his own handlers.
In a flush of madness a few years ago i bought ten grand (face) worth of GM bonds now worth a few dinners-and-a-movie. At Chili’s, not Alphonse’s. Why do i hold? we need to support heavy industry. But that zillion dollar Volt was supposed to be in a package that included more nukes, not cap and g00d-God-alMightY trade.
cap n trade, four grand per household per year to fight CLIMATE CHANGE????? Who was that King who commanded the tide not to rise? If they would JUST call it a Democrat Payoff Slush & Bribery Tax, at least it would quit terrorizing the children.
Ash,
Richard did not write “All computer manufactures install sleeper code for their national governments.”
The practice can be done on an ad hoc basis, to a particular piece of equipment. The sleeper code can be added to CPU’s, ROM or other programmable chips in the system by CIA programmers before the equipment is sold on to the target country.
For example, the Iranians could buy a server computer for running a network at a nuclear research center from an unscrupulous French vendor. But the CIA get’s wind of the sale and with the help of French intelligence they install a specially programmed ROM chip into the motherboard. No matter what operating system or virus protection system the network administrators use on that server, they cannot find the bug, or get rid of it. It lays dormant until such time as it is activated, either by counting the calender to a predetermined date, or through a wake-up hack into the network. Then the code goes to work and destroys the data.
This type of thing has been done already by the US and other countries.
“Heck, the Bush admin couldn’t even keep secret the co-operation of the Telco’s in their data-mining schemes”
I believe these were vicious partisan attacks from Democratic enemy combatants from within the CIA and the NSA who leaked it to their co-combatants the MSM. This Telco thing was a secret for decades under the FBI.
Bush was wrong not to prosecute domestic spies to the fullest extent. Always playing nice against the sworn enemies of Freedom, the fascist big D. They will be tried for all their troubles for bipartisan quid pro quo. Some good that did. 50% of the American people were screwed. The aggressors are very proud of themselves that they have undermined the democratic process. I wonder how well that is going to turn out once they have screwed the pooch and made democratic governance impossible?
buddy larsen said:
“In a flush of madness a few years ago i bought ten grand (face) worth of GM bonds now worth a few dinners-and-a-movie. At Chili’s, not Alphonse’s. Why do i hold? we need to support heavy industry. But that zillion dollar Volt was supposed to be in a package that included more nukes, not cap and g00d-God-alMightY trade.”
I was recently thinking about buying some GM bonds. People are so pessimistic about GM that I figured the bonds were undervalued. Then I read some more Denninger and opted instead to buy UltraShort SmallCap600 ProShares (SDD). So far, I’ve lost money but remain guardedly optimistic about my long term pessimism.
careful, egg –we may first have a flush of market health, to set up the rentiers for a bond default as soon as the over-the-horizon ten trillion worth of checkout counter impulse purchase debtload heaves into view. THAT will bring in the Age of Aquarius alright –but between here and there those ultrashorts are maybe gonna get beat up. imho.
any way to invest in guillotines? double-edged investment, you make a little $ and later when your head comes off it’ll be a high quality decap. no muss n fuss, quick n easy –yippee!
“They are already going after road-side produce sellers–without proper certification (an arm) and insurance (a leg) one can be fined $1 million (all body parts as a small produce farmer is concerned).”
51. twobyfour:
Damned smart, and damned sure much needed!
Those Federal Corn Ethanol Mandates are decimating restaurants, bakeries, and donut shops throughout the USA via the wheat shortage/runup in prices, not to mention the hardship imposed on tens of Millions of impoverished Mexicans paying exorbitant Corn Mandate-Fueled prices on for their Tortillas.
Nevertheless, these much needed, planet saving mandates have left produce professionals virtually unscathed, necessitating the food-safety provisions you mention, not only to save the children, but also at the same effectively taking those poisons completely off the market by running the providers of these “natural” poisons out of business.
Maximum benefits are always attained by spreading both costs and benefits equally to Americans and Mexican Americans throughout the socioeconomic strata.
Buddy and Eggplant:
Any good ideas for spreading the pain equally to Ford Motors if Ford persists in turning down the Feds generous offers to aid them?
doug, Ford Foundation has many friends in the far left limo lib crowd. It has long been a goliath in funding communist enterprise.
Unsk,
What part of CHANGE do you not understand when it comes to outmoded concepts like
“Rule of Law?”
Why should contracts be worth any more than the fair market price for ink, and the paper they are printed on?
Buddy,
So that will give them immunity, and they will be able to continue to produce cars and trucks people want to buy, giving them a leg up over Government Motors and their Central Planning derived fleets?
Doug/66
If you compare lists of BoD members of Monsanto/ADM and FDA honchos, a strange pattern emerges… It’s like people flow from one to another and back. You would also find out that a sizable portion of them has a variety of attachments to D congresscritts and senatecritts, either a relation or business partners in the past.
Control of … say car industry is of course important and nice, but one(s) that control(s) the ring of food supply would bind them all.
They then can endow a War on Obesity with some desirable figures (F – 90lb, M – 120lb) and War on Poisons (those nasty killer tomatoes).
What is the retirement age? 65? If the nutrition distribution supports a bit shorter average life span, then the honchos can run any retirement ponzi scheme they desire. Those that would make it to live past the boundary would feel like hitting the lottery jackpot! (Kinda a neighborhood raffle, but a jackpot nevertheless).
P Clancey wrote:
“Hey Dennis!
I hear GM is coming out with a new car… the 2010 Pelosi.
Lots of annoying features and a lot of after-market work on the grille.
Those Obesity standards appear a little lax if we want to attain the desirable levels of the NoKors, 2 by !
Doug, it’ll give them immunity so long as they don’t slip in the market and annoy the Nomenklatura. The protection (freedom from extortion) extends so far as the convenience –the historical “royal perogative”.
they’re gonna intro the Vomet –a cross between Volt and Comet. it has a throw-up hood, bucket seats, and an horn that bleats “OOObama OOObama”
53. Agoraphobic Plumber:
“Start with program one byte in length set to zero. Execute and then add one until it does what you want. If this fails make it one byte longer.”
Or you could just really start over, with a 13-bit byte.
=============================================
Modify algorithm to increase program length by 1 bit sans 1 byte.
Secure access to the machine and my algorithm will not execute.
The new plant in Hellsrectum, Michigan, will produce Vomet. Assembly-line workers start at $6,000/hr. Vomet will sell for $19.99 thru the USPS, cartonized, disassembled, under the People’s Cooperative Lend-a-Hand Program popularly known as “We Screw USA”.
Harold, your exemple is appropriate, EDF is well organised, in the contrary, it’s EDF that is spying possibles hackers
greenpeace spying by EDF
but I find interesting that you choose this exemple
but it is apparently easier to infect american sites :
http://www.securityvibes.com/ver-slammer-offert-centrale-nucleaire-americaine-jsaiz-news-200420.html
the new rubber-band/AA battery hybrid will come in black & blue
The Swine Fl…. no, let’s call it what it should be called, the Mexican Flu, is just what the Doktor ordered for taking over the health care system. After all, with such a crisis a-borning, who else but the Savior can save us? Hence also Ms. Napolitano’s blithe unconcern about the border (border? what’s a border?).
They WANT a pandemic. They are sacrificing lambs nightly to all their dirty gods in order to bring down a plague.
I would laugh my ass off if Obama catches the Mexi flu and croaks. The hand of God at work indeed.
“The Marxist’s conviction of rightness was the result of having swallowed a dogma and gone to live in a myth.” — Edmund Wilson
MC,
You are basing your conclusion on one piece of data, no matter how seemingly prominent?
Slammer did hit a lot of people, all over the world. It was an equal opportunity MS servers’ killer.
Doug/73
I know. It would just show how they care. Anorexic citizens would burden the health care system, which would diminish the returns on ponzi investments. Balance, my friend, balance!
Of course to figure out the precise nutrition scope would take some trial, errors and tribulations. As they say… “you have to break some eggs to make an omelette”. In this case, they think that they have to break about 200 eggs to make a 20 eggs omelette.
I made no conclusion, just illustrated the comparaison between 2 nuclear computer protection organisations
MC
You said:
but it is apparently easier to infect american sites
There is no “american” protection vs. some other protection. There are numerous computer security companies and applications. The fault was with the admin in the case the article mentions. But to extrapolate it as some sort of specific “american” problem based on that case is silly, to put it mildly.
The slammer did the greatest damage in Asian networks. That was also one of reasons for greater acceptance and deployment of Linux based systems in Asia.
Egg,
You might want to compare XLF, UYG and SKF on a 1-year chart.
If rules allowed, one could make a bundle short-selling both leveraged-long and leveraged-short ETF’s at the same time.
JWT,
Thank you. I wonder if SKF remains a smart investment given the federal government seems hell bent to prop up the financials no matter the cost. I noticed that Citigroup Inc. seems to have a floor at $1. I presume the federal government won’t allow Citigroup to drop under a dollar.
Marie Claude, Please “knock it off” or Habu won’t be able to sleep at night.
Here’s a tidbit (for our English reading guests) on the Davis-Besse Slammer worm incident from the NRC reading room.
“While in agreement with the additional guidance provided in RG 1.152, allowing communication
between digital systems in general does introduce the potential for compromising safety. One
example is the disabling of a safety parameter display system at the Ohio Davis-Besse nuclear power
plant that occurred in January 2003 [Davis-Besse, 2003]. The slammer worm first penetrated the
unsecured network of a Davis-Besse contractor, then worked its way through a T1 line bridging that
network and Davis-Besse’s corporate network. The T1 line was one of multiple ingresses into the
Davis-Besses’s business network that completely bypassed the plant’s firewall. The plant was
reported to have been offline when the incident occurred, thus the breach did not affect the operation
of the plant. However, the case does illustrate an important issue: that a cyber security breach can
compromise a safety system where interconnection is allowed between plant and corporate networks
(or any other network)”
I have commented on this before, the key phrase is “safety parameter display system”. Yes, it obscured information from the operator. Did it prevent the operator from safely operating the plant? No. Did it suck? Yes.
Habu, and other parties interested in cutting edge power issues, the NRC Reading Room at http://www.nrc.gov has great information and is well indexed for a local google search.
It wouldn’t be traditional commercial companies selling infected hardware. Who would do it, and probably does, are defense contractors selling to foreign countries. There are always different code bases for what America uses and what we sell elsewhere (to close allies as well as countries we are trying to influence with weapons sales).
There is no way a commercial company is going to do this. When it leaked out, and was proven true by independent reverse engineering, their products would be decommissioned and never purchased again.
The US is inserting viruses into computers abroad, in defensive, offensive and intelligence capacities. Definitely. And I support it.
In some ways, I’m bummed I’ve grown so dependent on this wonderful Internet. It will be good while it lasts, but I fear for its survival when it becomes just another battle field.
Ken Thompson’s Turing Lecture describes how you put a trojan horse in a product so that it is undetectable even if you have open source; and it would work for microcode trojans too. link pdf .
We also plant more trees: those are fast-growing plantation pulpwoods. They are cut when their rate of growth (pounds of wood accumulated per year) slows.
If you want to remove carbon from the biosphere, the best thing you can do is bury all that paper and let new trees soak up more.
I’m NOT against recycling paper; I think it’s a Good Thing. But if getting carbon out of the biosphere were All That Important, burying wood where it cannot quickly decay would be a good way to do it, assuming you didn’t have to burn too much fuel to do it.
Ron Hardin,
Thanks for the PDF. Very interesting. The article was written almost 25 years ago but is still very relevant. One wonders how many Trojan Horses are out there hiding in hard disk controllers, network switches, etc. waiting to be triggered.
Buddy, you nailed it with your comment on the Vomet, From Cinafrocco at Redstate:
“The public question relates to Fiat. Marchionne has been very emphatic that he will put no cash into Chrysler in return for Fiat’s stake, which starts at 20% and could go as high as 51% by 2016. Fiat is giving nothing but access to small-car technology. That can only mean that the government intends to dictate Chrysler’s production mix. That in turn means that the government has chosen to enter the auto business in a forthright and unprecedented way.”
We’ll be seing the Chrysler-Fiat- Obama Vomet soon in a showroom soon near you.
That’s just great. The government makes the standards then offers the product that meets them. I miss when the government only dictated military technological requirements.
There was recently a crash in China of an aircraft carrying 35 of their top computer warfare experts. They clearly think this was a western attack.
http://www.timesonline.co.uk/tol/news/world/article673579.ece