[FACT comments: We haven’t reported on the Byzantine American legal lanyrinth known as the Digital Millennium Copyright Act for awhile. Here’s what it takes for a creator to get an exemption from using copyright protection

Theater of the DMCA Anticircumvention Hearings

Wendy Seltzer: May 8, 2009


Every three years, as mandated by Congress in Sec. 1201(a)(1)(C) of the Digital Millennium Copyright Act, the Librarian of Congress and Register of Copyrights conduct a rulemaking on exemptions from the DMCA’s prohibition on circumvention of access controls protecting copyrighted works. This year’s revival opened in Stanford, then moved here to Washington DC for a three-day run.

Now Rulemaking on Exemptions from Prohibition on Circumvention of Technological Measures that Control Access to Copyrighted Works may not sound like a Broadway hit, but there was plenty of drama (for the copyright geek, at least). I live-tweeted and Identi.ca-posted the hearings, and offer a few highlights from the show here:

As at past runs (2000, ‘03, and ‘06), DVD’s CSS technological protections were the star attraction. Film and media educators, librarians, filmmakers, and creators of transformative works argued that they should be permitted to circumvent CSS to take DVD clips for fair and non-infringing purposes: film studies, media literacy, classroom teaching of the law or medical ethics, creation of commentary in the videographic “language” of the works to which they respond.

Rebecca Tushnet, law professor and founder of the Organization for Transformative Works called the anticircumvention rule a modern-day literacy test or poll tax: law-abiding creators are chilled by the welter of rules seemingly designed to privilege some users over others. Francesca Coppa and Tisha Turk showed the direct impact of the circumvention rule on women and minority creators offering alternative readings of mainstream culture, while educators noted that a too-narrow exemption might let teachers make art with media clips but forbid students from using the same techniques after graduation.

The hearings’ setup is a perfect theater of the absurd: First, the LOC is authorized to exempt non-infringing users of “classes of works” from the circumvention prohibition, but not to legalize the tools needed to circumvent access controls (which are prohibited by 1201(a)(2)). That leaves all participants dancing around the question of how users are to exercise their rights, if granted — “surreal,” as Jon Band put it. Likewise, we all ignore the ready availability of DeCSS and the near-instant posting of DRM-free versions of anything issued in “protected” format.

Then Steve Metalitz, representing a Group of 9 copyright industries, argued that the proponents of an exemption were taking the law too seriously if they were being chilled by the remote threat of an anticircumvention lawsuit. Was he really advocating that we disregard the law??

The proceedings jumped the line to farce when Fritz Attaway and a colleague from the MPAA pulled out a cinematic demonstration of just how to camcord a movie from your television screen. (You start with a $900 HD video camera, a tripod, a flat-screen television, and a room that can be completely darkened.) Tim Vollmer captured the whole scene on a video of his own. Mind you, this is the same industry that has lobbied to make a crime of camcording in movie theaters, telling us how to frame shots properly from the television. (As Fred Benenson notes, they’re also demonstrating DRM’s impossibility of closing the “analog hole.”)

Finally, Bruce Turnbull, representing DVD CSS-licensing body, DVD-CCA, said we were all in the wrong place (LOC, rather than Congress) talking about the wrong subject. 1201 isn’t a copyright protection, but a technology protection, aimed at protecting the “commercial viability of the technological protection measure.” This may be operationally true, but it would sure surprise many in Congress who put anticircumvention into Title 17.

Other acts in the drama included Chris Soghoian’s argument for access to media after authentication servers go defunct; and Alex Halderman and Blake Reid’s arguments that security researchers should be able to investigate the hazards of DRM to personal computer security. Up today: eBooks, dongles, and cell phones.

Other reviews: Pat Aufderheide, Rebecca Tushnet, and Temple’s Media Education Lab live twitter-stream

Major Source of Pirated iPhone Apps Closes Down


TorrentFreak: May 5, 2009


A site thought to be the source of up to 60% of cracked iPhone apps added to the Appulous app database has ceased its operations. The site, home to well known cracker ‘kidmoneys’, is believed to have made use of hacked iTunes gift cards to maintain the supply of apps, but now says it will stop its operations.

In a major blow to the iPhone app scene, a site made home by some of the most prolific iPhone app crackers/suppliers has stopped its operations. iTunes Card VN (iPhone Vietnam Groups) turned out dozens of brand new releases every day.

The site was run by a very well known iPhone app cracker called ‘kidmoneys’ and it’s believed the message currently on the site’s homepage is his:

I won’t crack apps/games anymore

People who used the Installous application from Hackulo.us will be familiar with Appulo.us. Functioning a little like a torrent index, Appulo.us carries links to cracked iPhone applications hosted elsewhere, without carrying any of its own content. It’s believed that kidmoneys and other crackers from iTunes Card VN supplied around 60% of everything added to Appulo.us each day.

TorrentFreak spoke with most_uniQue, a cracker from Hackulo.us who explained the significance of the closure. “iTunes Card cracked about $1000-1500 worth of apps each week,” he told us. “About 50 apps a day.”

Of course, all these apps have to be purchased from the Apple App Store before they can be cracked and distributed, but we were told that some crackers use cracked iTunes gift card codes to make their purchases from Apple.

A physical card isn’t needed, the code from a card is enough and these are generated by crackers with the use of keygen-like software. most_uniQue told TorrentFreak that a $1000 worth of credit can be purchased for $50 and a quick search turned up offers even lower than that.

Since all requests for Apple apps were fulfilled on the iTunes Card site (kidmoneys had 23K+ ‘thanks’ from users), the speculation is that they used cracked iTunes gift cards to fund the purchase of the apps.

TorrentFreak was told that many of the most expensive apps did in fact originate from the iTunes Card website.

Although it seems to be the end of the road for iTunes Card VN, some of the residents have already moved on to a new home ready to crack another day. Indeed, a brief look at Appulo.us today shows plenty of new apps.

[CJ Hinke of FACT comments: Unfortunately for freedom, we just don’t have slow news days at FACT. But we have always been big proponents of strong encryption–alien grade–to keep govt and other snoops out of your computer.

Readers may remember US charges against PGP creator Philip Zimmerman for munitions export: PGP code. I was very active in the fight to defend Phil.

We visited the NSA’s cryptology museum in Maryland last year and PGP wasn’t even mentioned. Does that mean the NSA has cracked it and can backdoor PGP or, NSA hasn’t cracked it yet and doesn’t want to public to use it on their emails and desktops?]

Mission Impossible: The Code Even the CIA Can’t Crack
Steven Levy
Wired: April 20, 2009


The most celebrated inscription at the Central Intelligence Agency’s headquarters in Langley, Virginia, used to be the biblical phrase chiseled into marble in the main lobby: “And ye shall know the truth, and the truth shall make you free.” But in recent years, another text has been the subject of intense scrutiny inside the Company and out: 865 characters of seeming gibberish, punched out of half-inch-thick copper in a courtyard.

It’s part of a sculpture called Kryptos, created by DC artist James Sanborn. He got the commission in 1988, when the CIA was constructing a new building behind its original headquarters. The agency wanted an outdoor installation for the area between the two buildings, so a solicitation went out for a piece of public art that the general public would never see. Sanborn named his proposal after the Greek word for hidden. The work is a meditation on the nature of secrecy and the elusiveness of truth, its message written entirely in code.

Almost 20 years after its dedication, the text has yet to be fully deciphered. A bleary-eyed global community of self-styled cryptanalysts—along with some of the agency’s own staffers—has seen three of its four sections solved, revealing evocative prose that only makes the puzzle more confusing. Still uncracked are the 97 characters of the fourth part (known as K4 in Kryptos-speak). And the longer the deadlock continues, the crazier people get.

Whether or not our top spooks intended it, the persistent opaqueness of Kryptos subversively embodies the nature of the CIA itself—and serves as a reminder of why secrecy and subterfuge so fascinate us. “The whole thing is about the power of secrecy,” Sanborn tells me when I visit his studio, a barnlike structure on Jimmy Island in Chesapeake Bay (population: 2). He is 6’7″, bearded, and looks a bit younger than his 63 years. Looming behind him is his latest work in progress, a 28-foot-high re-creation of the world’s first particle accelerator, surrounded by some of the original hardware from the Manhattan Project. The atomic gear fits nicely with the thrust of Sanborn’s oeuvre, which centers on what he calls invisible forces.

With Kryptos, Sanborn has made his strongest statement about what we don’t see and can’t know. “He designed a piece that would resonate with this workforce in particular,” says Toni Hiley, who curates the employees-only CIA museum. Sanborn’s ambitious work includes the 9-foot 11-inch-high main sculpture—an S-shaped wave of copper with cut-out letters, anchored by an 11-foot column of petrified wood—and huge pieces of granite abutting a low fountain. And although most of the installation resides in a space near the CIA cafeteria, where analysts and spies can enjoy it when they eat outside, Kryptos extends beyond the courtyard to the other side of the new building. There, copper plates near the entrance bear snippets of Morse code, and a naturally magnetized lodestone sits by a compass rose etched in granite.

The heart of the piece, though, is the encrypted text, scrambled, Sanborn says, by “a coding system that would unravel itself slowly over a period of time.”

When he began the work, Sanborn knew very little about cryptography, so he reluctantly accepted the CIA’s offer to work with Ed Scheidt, who had just retired as head of Langley’s Cryptographic Center. Scheidt himself was serving two masters. “I was reminded of my need to preserve the agency’s secrets,” Scheidt says. “You know, don’t tell him the current way of doing business. And don’t create something that you cannot break—but at the same time, make it something that will last a while.”

Scheidt schooled Sanborn in cryptographic techniques employed from the late 19th century until World War II, when field agents had to use pencil and paper to encode and decode their messages. (These days, of course, cryptography is all about rugged computer algorithms using long mathematical keys.) After experimenting with a range of techniques, including poly-alphabetic substitution, shifting matrices, and transposition, the two arrived at a form of old-school, artisanal cryptography that they felt would hold off code breakers long enough to generate some suspense. The solutions, however, were Sanborn’s alone, and he did not share them with Scheidt. “I assumed the first three sections would be deciphered in a matter of weeks, perhaps months,” Sanborn says. Scheidt figured the whole puzzle would be solved in less than seven years.

During the two years of construction, there were moments of intrigue and paranoia, in keeping with the subject matter and the client. “We had to play a little on the clandestine side,” says Scheidt, who talks of unnamed observers outside armed with long-range cameras and high-intensity microphones. “We had people with ladders climbing up the walls of my studio trying to photograph inside,” Sanborn says. He came to believe that factions within the CIA wanted to kill the project. There were unexplained obstacles. For instance, he says, “one day a big truckload of stone for the courtyard disappeared. Never found. I saw it in the evening, went back in the morning, and it had vanished. Nobody would tell me what happened to it.”

Sanborn finished the sculpture in time for a November 1990 dedication.

The agency released the enciphered text, and a frenzy erupted in the crypto world as some of the best—and wackiest—cryptanalytic talent set to work. But it took them more than seven years, not the few months Sanborn had expected, to crack sections K1, K2, and K3. The first code breaker, a CIA employee named David Stein, spent 400 hours working by hand on his own time. Stein, who described the emergence of the first passage as a religious experience, revealed his partial solution to a packed auditorium at Langley in February 1998. But not a word was leaked to the press. Sixteen months later, Jim Gillogly, an LA-area cryptanalyst used a Pentium II computer and some custom software to crack the same three sections. When news of Gillogly’s success broke, the CIA publicized Stein’s earlier crack.

James Sanborn buried his sculpture’s message so deeply that a CIA staffer took seven years to solve just the first three sections. Here’s what we know.

The first section, K1, uses a modified Vigenère cipher. It’s encrypted through substitution—each letter corresponds to another—and can be solved only with the alphabetic rows of letters on the right. The keywords, which help determine the substitutions, are KRYPTOS and PALIMPSEST. A misspelling—in this case IQLUSION—may be a clue to cracking K4.

K2, like the first section, was also encrypted using the alphabets on the right. One new trick Sanborn used, though, was to insert an X between some sentences, making it harder to crack the code by tabulating letter frequency. The keywords here are KRYPTOS and ABSCISSA. And there’s another intriguing misspelling: UNDERGRUUND.

A different cryptographic technique was used for K3: transposition. All the letters are jumbled and can be deciphered only by uncovering the complex matrices and mathematics that determined their misplacement. Of course, there is a misspelling (DESPARATLY), and the last sentence (CAN YOU SEE ANYTHING?) is strangely bracketed by an X and a Q.

Sanborn intentionally made K4 much harder to crack, hinting that the plaintext itself is not standard English and would require a second level of cryptanalysis. Misspellings and other anomalies in previous sections may help. Some suspect that clues are present in other parts of the installation: the Morse code, the compass rose, or perhaps the adjacent fountain.

But if anyone expected that solving the first three sections would lead to a quick resolution of the whole puzzle, their hopes were soon dashed. The partial solutions only deepened the confusion.

K1 is a passage written by Sanborn. “I tried to make it sound good and be inscrutable enough to be interesting,” he says. Judge for yourself how well he did: “Between subtle shading and the absence of light lies the nuance of iqlusion.” Yes, iqlusion—one of several misspellings that Sanborn says are intentional. The second section reads like a telegraph transmission. There’s a reference to a magnetic field and information transmitted to a specific latitude and longitude—geo-coordinates for a location a couple of hundred feet south of the sculpture itself (a spot where nothing of apparent interest lies).

K3 paraphrases a diary entry of anthropologist Howard Carter from his 1922 discovery of King Tut’s tomb, ending with a question: “Can you see anything?” When Gillogly turned up that passage, he says, he had “the same excitement and exultation that Carter described. In a way, it seems that the plaintext is a metaphor for the work of the code breaker, or perhaps of the CIA itself.”

The 97 characters of K4 remain impenetrable. They have become, as one would-be cracker calls it, the Everest of codes. Both Scheidt and Sanborn confirm that they intended the final segment to be the biggest challenge. There are endless theories about how to solve it. Is access to the sculpture required? Is the Morse code a clue? Every aspect of the project has come under electron-microscopic scrutiny, as thousands of people—hardcore cryptographers and amateur code breakers alike—have taken a whack at it. Some have gone off the deep end: A Michigan man abandoned his computer-software business to do construction so he’d have more time to work on it. Thirteen hundred members of a fanatical Yahoo group try to move the ball forward with everything from complex math to astrology. One typical Kryptos maniac is Randy Thompson, a 43-year-old physicist who has devoted three years to the problem. “I think I’m onto the solution,” he says. “It could happen tomorrow, or it could take the rest of my life.” Meanwhile, some of the seekers are getting tired. “I just want to see it solved,” says Elonka Dunin, a 50-year-old St. Louis game developer who runs a clearinghouse site for Kryptos information and gossip. “I want it off my plate.”

Making the effort more complicated is the fact that the puzzle maker is alive and, in theory at least, a potential resource. For years, there has been a delicate pas de deux between the artist and the rabid Kryptos community. Every word Sanborn utters is eagerly examined for hints. But they also have to wonder whether he’s trying to help them or throw them off track. Scheidt says that this process parallels the work of the CIA: “The intelligence picture includes mirrors and obfuscation.”

“It’s not my intent to put out disinformation,” Sanborn says. “I’m a benevolent cryptographer.” Some think otherwise, and Sanborn occasionally receives messages from people enraged that he knows the secret and they don’t. “It’s the fact that I have some sort of power,” he says. “You get stalkers. I don’t know how they get my cell numbers and everything off the Internet, but they do. People have called me and said pretty terrible things. There are some who say I’m an agent of Satan because I have a secret I won’t tell.”

Though Sanborn’s usual practice is to stay in the background, every so often he feels obliged to comment. In 2005, he refuted author Dan Brown’s claim that the “WW” in the plaintext of K3 could be inverted to “MM,” implying Mary Magdalene. (Brown included pieces of Kryptos on the book jacket of The Da Vinci Code and has hinted that his next novel will draw on the CIA sculpture, a prospect that deeply annoys Sanborn.)

Intentional or not, Sanborn’s comments (or lack thereof) seem to generate an added layer of confusion. Even a straightforward question, like who besides him knows the solution, opens up new wormholes. The official story is that Sanborn shared the answer with only one person, the CIA director at the time, William Webster. Indeed, the decoded K3 text reads in part, “Who knows the exact location only ww.” Sanborn has confirmed that these letters refer to Webster (not Mary Magdalene). And in 1999, Webster himself told The New York Times that the solution was “philosophical and obscure.”

But Sanborn also claims that the envelope he gave Webster didn’t contain the complete answer. “Nobody has it all,” he says. “I tricked them.”

So, Webster really doesn’t know?

“No,” says Sanborn, who has taken measures to ensure that someone will be able to confirm a successful solution even after he dies. He adds that even he doesn’t know the exact solution anymore. “If somebody tried to torture me, I couldn’t tell them,” he says. “I haven’t looked at the plaintext of K4 in a long time, and I don’t have a very good memory, so I don’t really know what it says.” What does the CIA make of all this?

“When it comes to the solution,” says spokesperson Marie Harf, “those who need to know, know.”

If anyone manages to solve the last cipher, that won’t end the hunt for the ultimate truth about Kryptos. “There may be more to the puzzle than what you see,” Scheidt says. “Just because you broke it doesn’t mean you have the answer.” All of this leads one to ask: Is there a solution?

Sanborn insists there is—but he would be just as happy if no one ever discovered it. “In some ways, I’d rather die knowing it wasn’t cracked,” he says. “Once an artwork loses its mystery, it’s lost a lot.”

The day I visited Kryptos, a rare snowstorm in Virginia had blanketed the courtyard in white. I circled the sculpture carefully, marveling at the way the colors and texture of the surrounding landscape affected the panels, as some character strings became highlighted in white and other phrases shimmered, reflecting the dull light bouncing off the windows. I examined all the pieces, brushing aside the snow to uncover the Morse code and the compass rose. It was like unearthing hieroglyphs in some ancient ruin. Agents and bureaucrats shuffled past, deep in thought, clutching cups of coffee from the onsite Starbucks. In their midst, Jim Sanborn’s statement in copper, wood, and granite remains, proof that even in the house of spies, some truths may never be found.

How Hackers Can Steal Secrets from Reflections
Information thieves can now go around encryption, networks and the operating system
Wayt Gibbs
Scientific American: May 2009


Through the eyepiece of Michael Backes’s small Celestron telescope, the 18-point letters on the laptop screen at the end of the hall look nearly as clear as if the notebook computer were on my lap. I do a double take. Not only is the laptop 10 meters (33 feet) down the corridor, it faces away from the telescope. The image that seems so legible is a reflection off a glass teapot on a nearby table. In experiments here at his laboratory at Saarland University in Germany, Backes has discovered that an alarmingly wide range of objects can bounce secrets right off our screens and into an eavesdropper’s camera. Spectacles work just fine, as do coffee cups, plastic bottles, metal jewelry—even, in his most recent work, the eyeballs of the computer user. The mere act of viewing information can give it away.

The reflection of screen images is only one of the many ways in which our computers may leak information through so-called side channels, security holes that bypass the normal encryption and operating-system restrictions we rely on to protect sensitive data. Researchers recently demonstrated five different ways to surreptitiously capture keystrokes, for example, without installing any software on the target computer. Technically sophisticated observers can extract private data by reading the flashing light-emitting diodes (LEDs) on network switches or by scrutinizing the faint radio-frequency waves that every monitor emits. Even certain printers make enough noise to allow for acoustic eavesdropping.

Outside of a few classified military programs, side-channel attacks have been largely ignored by computer security researchers, who have instead focused on creating ever more robust encryption schemes and network protocols. Yet that approach can secure only information that is inside the computer or network. Side-channel attacks exploit the unprotected area where the computer meets the real world: near the keyboard, monitor or printer, at a stage before the information is encrypted or after it has been translated into human-readable form. Such attacks also leave no anomalous log entries or corrupted files to signal that a theft has occurred, no traces that would allow security researchers to piece together how frequently they happen. The experts are sure of only one thing: whenever information is vulnerable and has significant monetary or intelligence value, it is only a matter of time until someone tries to steal it.

From Tempest to Teapot
The idea of stealing information through side channels is far older than the personal computer. In World War I the intelligence corps of the warring nations were able to eavesdrop on one another’s battle orders because field telephones of the day had just one wire and used the earth to carry the return current. Spies connected rods in the ground to amplifiers and picked up the conversations. In the 1960s American military scientists began studying the radio waves given off by computer monitors and launched a program, code-named “Tempest,” to develop shielding techniques that are used to this day in sensitive government and banking computer systems. Without Tempest shielding, the image being scanned line by line onto the screen of a standard cathode-ray tube monitor can be reconstructed from a nearby room—or even an adjacent building—by tuning into the monitor’s radio transmissions.

Many people assumed that the growing popularity of flat-panel displays would make Tempest problems obsolete, because flat panels use low voltages and do not scan images one line at a time. But in 2003 Markus G. Kuhn, a computer scientist at the University of Cambridge Computer Laboratory, demonstrated that even flat-panel monitors, including those built into laptops, radiate digital signals from their video cables, emissions that can be picked up and
decoded from many meters away. The monitor refreshes its image 60 times or more each second; averaging out the common parts of the pattern leaves just the changing pixels—and a readable copy of whatever the target display is showing.

“Thirty years ago only military suppliers had the equipment necessary to do the electromagnetic analysis involved in this attack,” Kuhn says. “Today you can find it in any well-equipped electronics lab, although it is still bulky. Sooner or later, however, it will be available as a plug-in card for your laptop.”

Similarly, commonplace radio surveillance equipment can pick up keystrokes as they are typed on a keyboard in a different room, according to Martin Vuagnoux and Sylvain Pasini, both graduate students in computer science at the Swiss Federal Institute of Technology in Lausanne. The attack does not depend on fluctuations in the power supply, so it works even on the battery-powered laptops you see by the dozen in any airport terminal.

Vuagnoux and Pasini showed off the feat in an online video recorded last October. They are now preparing a conference paper that describes four distinct ways that keystrokes can be deduced from radio signals captured through walls at distances up to 20 meters. One of the newer methods is 95 percent accurate. “The way the keyboard determines which key is pressed is by polling a matrix of row and column lines,” explains Kuhn, who proposed (but never demonstrated) one of these methods a decade ago. “The polling process emits faint radio pulses, and the position of those pulses in time can reveal which key was pressed.”

Last May a group led by Giovanni Vigna of the University of California, Santa Barbara, published details of a fifth way to capture typing that does not require a fancy radio receiver; an ordinary webcam and some clever software will do. Vigna’s software, called ClearShot, works on video of a victim’s fingers typing on a keyboard. The program combines motion-tracking algorithms with sophisticated linguistic models to deduce the most probable words being typed. Vigna reports that ClearShot reconstructs the typed text about as quickly as human volunteers do, but not quite as accurately.

It might seem implausible that someone would allow their own webcam to be used against them in this way. It is not. Gathering video from a webcam can be as simple as tricking the user into clicking on an innocuous-looking link in a Web page, a process known as clickjacking. Last October, Jeremiah Grossman of WhiteHat Security and Robert Hansen of SecTheory revealed details of bugs they discovered in many Web browsers and in Adobe’s Flash software that together allow a hostile Web site to collect audio and video from a computer’s microphone and webcam. Just a single errant click launches the surveillance.

Eye See You
Still, Backes points out, “almost all these interception methods are accessible only to experts with specialized knowledge and equipment. What distinguishes the attack based on reflections is that almost anyone with a $500 telescope can do it, and it is almost impossible to defend against completely.”

Backes, a fellow of the Max Planck Institute for Software Systems in Saarbrücken, Germany, who made a name for himself at IBM’s research lab in Zurich before entering academia, spends most of his time working on the mathematics that underlies cryptography. But every year he works on a new project with his students just for fun. This year they wrote computer code that translates an audio recording of a dot-matrix printer—the noisy variety that is still often used by airlines, banks and hospitals—into a picture of the page that was being printed at the time. Based on the success of that work, Backes’s group has been performing experiments to determine whether the method could be extended to retrieve text from recordings of ink-jet printers. “Obviously, this is much harder because ink-jets are so quiet,” Backes says.

Last year the idea for the annual fun project dawned on Backes as he was walking past the office where his graduate students were furiously typing away. “ ‘What are they working on so hard?’ I wondered,” Backes says. As he noticed a small blue-white patch in a teapot on one student’s desk and realized it was the reflection of the computer screen, the idea struck. “The next day I went to a hobby shop and bought an ordinary backyard telescope [for $435] and a six-megapixel digital camera.”

The setup worked surprisingly well. Medium-size type was clearly legible when the telescope was aimed at reflections in a spoon, a wine glass, a wall clock. Nearly any shiny surface worked, but curved surfaces worked best, because they revealed wide swathes of the room, thus eliminating the need for a peeping hacker to find a sweet spot where the reflected screen is visible. Unfortunately, all of us who use computer screens have nearly spherical, highly reflective objects stuck to our faces. Could digital secrets be read off the eyes of their beholders?

Backes knew he would need a bigger telescope and a more sensitive camera to find out. Because eyeballs are rarely still for more than a second or so, the shutter speed on the camera would have to be fast to reduce motion blur. “For eyes, it is the brightness of the reflected image, not its resolution, that limits how far away a spy can be,” Backes says.

He bought a $1,500 telescope and borrowed a $6,000 astronomical camera from the Max Planck Institute for Astronomy in Heidelberg, Germany. Now he was able to make out 72-point text in the eye of a target 10 meters away.

He figured he could do even better by borrowing something else from astronomy: a process called deconvolution that removes blur in photographs of distant galaxies. The idea is to measure how a point of light in the original image (such as a star or a reflected status LED on a monitor) smears when captured by the camera. A mathematical function can then reverse the blurring to restore the point, sharpening the rest of the image at the same time [Purchase the digital edition to see related sidebar]. The deconvolution software lowered the threshold of legibility to 36-point type at 10 meters for a telescope that could easily be hidden inside a car. A van-size telescope could do even better.

Backes will present his results this month at the IEEE Symposium on Security and Privacy, but he already has ideas for further improvement. “A real attacker could train an invisible laser on the target,” he notes. That would enable autofocusing on the eyeball and better deconvolution of the motion blur. Spies could take advantage of software from HeliconSoft that can assemble one clear image of an object by combining many partially blurry images; only those regions that are in focus are retained. They could also exploit software for high dynamic-range imaging that uses similar techniques to create one high-contrast photograph from images shot with a variety of exposures.

A Blind Defense
Protecting ourselves against our overly communicative computers is much harder in some ways than defending against spam, phishing and viruses. There is no convenient software package one can install to dam the side channels. On the other hand, it is not clear that anyone is actively exploiting them. Backes and Kuhn say it is safe to assume that military organizations have used the techniques to gather intelligence, but they can cite no specific examples.

The blinds in Backes’s office were drawn as we discussed these possibilities, and curtains are one obvious way of frustrating a reflection thief. But Backes points out that it is naive to expect that people will always remember, or be able, to cover their windows. Although many laptop users apply “privacy filters” to their screens to protect against over-the-shoulder eavesdropping, these filters increase the brightness of the reflection on the viewer’s eyes, thus making the hacker’s job easier.

Flat-panel displays emit polarized light, so a polarizing film on a window could in principle block reflections from every screen in the room. In practice, however, this fix does not work. Small variations in the polarization angle of displays are common, and the resulting small mismatches let enough light escape that a good telescope can still make out the screen.

Compared with conventional forms of computer espionage, side-channel attacks do have a couple of major limitations, Kuhn notes. “You have to be close to the target, and you must be observing while a user is actively accessing the information. It’s much easier if you can instead convince someone to open an e-mail attachment and install malicious software that opens a back door to their entire system. You can do that to millions of people at once.”

For that reason, side-channel hacks are unlikely to become as common as spam, malware and other assaults through the network. Instead they will likely be used to infiltrate a few highly lucrative targets, such as the computers of financiers and high-level corporate and government officials. In these cases, side-channel leaks probably offer the easiest way to bypass elaborate network security systems and do it without leaving any trail that a security team could trace after the fact. Anecdotal evidence suggests such surveillance is already taking place. “Some people in investment banks cite cases where information has disappeared, and they are certain it wasn’t a traditional attack such as a software hack or the cleaning lady duplicating a hard disk,” Kuhn says. “But to my knowledge, no one has ever been caught in the act.”

This story was originally printed with the title “How to Steal Secrets without a Network”

[FACT comments: Google Translate?!?]

Artificial Intelligence Cracks 4,000-Year-Old Mystery
Brandon Keim
Wired: April 23, 2009


An ancient script that’s defied generations of archaeologists has yielded some of its secrets to artificially intelligent computers.

Computational analysis of symbols used 4,000 years ago by a long-lost Indus Valley civilization suggests they represent a spoken language. Some frustrated linguists thought the symbols were merely pretty pictures.

“The underlying grammatical structure seems similar to what’s found in many languages,” said University of Washington computer scientist Rajesh Rao.

The Indus script, used between 2,600 and 1,900 B.C. in what is now eastern Pakistan and northwest India, belonged to a civilization as sophisticated as its Mesopotamian and Egyptian contemporaries. However, it left fewer linguistic remains. Archaeologists have uncovered about 1,500 unique inscriptions from fragments of pottery, tablets and seals. The longest inscription is just 27 signs long.

In 1877, British archaeologist Alexander Cunningham hypothesized that the Indus script was a forerunner of modern-day Brahmic scripts, used from Central to Southeast Asia. Other researchers disagreed. Fueled by scores of competing and ultimately unsuccessful attempts to decipher the script, that contentious state of affairs has persisted to the present.

Among the languages linked to the mysterious script are Chinese Lolo, Sumerian, Egyptian, Dravidian, Indo-Aryan, Old Slavic, even Easter Island — and, finally, no language at all. In 2004, linguist Steve Farmer published a paper asserting that the Indus script was nothing more than political and religious symbols. It was a controversial notion, but not an unpopular one.

Rao, a machine learning specialist who read about the Indus script in high school and decided to apply his expertise to the script while on sabbatical in Inda, may have solved the language-versus-symbol question, if not the script itself.

“One of the main questions in machine learning is how to generalize rules from a limited amount of data,” said Rao. “Even though we can’t read it, we can look at the patterns and get the underlying grammatical structure.”

Rao’s team used pattern-analyzing software running what’s known as a Markov model, a computational tool used to map system dynamics.

They fed the program sequences of four spoken languages: ancient Sumerian, Sanskrit and Old Tamil, as well as modern English. Then they gave it samples of four non-spoken communication systems: human DNA, Fortran, bacterial protein sequences and an artificial language.

The program calculated the level of order present in each language. Non-spoken languages were either highly ordered, with symbols and structures following each other in unvarying ways, or utterly chaotic. Spoken languages fell in the middle.

When they seeded the program with fragments of Indus script, it returned with grammatical rules based on patterns of symbol arrangement. These proved to be moderately ordered, just like spoken languages.

As for the meaning of the script, the program remained silent.

“It’s a useful paper,” said University of Helsinki archaeologist Asko Parpola, an authority on Indus scripts, “but it doesn’t really further our understanding of the script.”

Parpola said the primary obstacle confronting decipherers of fragmentary Indus scripts — the difficulty of testing their hypotheses — remains unchanged.

But according to Rao, this early analysis provides a foundation for a more comprehensive understanding of Indus script grammar, and ultimately its meaning.

“The next step is to create a grammar from the data that we have,” he said. “Then we can ask, is this grammar similar to those of the Sanskrit or Indo-European or Dravidian languages? This will give us a language to compare it to.”

“It’s only recently that archaeologists have started to apply computational approaches in a rigid manner,” said Rao. “The time is ripe.”

Citation: “Entropic Evidence for Linguistic Structure in the Indus Script.” By Rajesh P. N. Rao, Nisha Yadav, Mayank N. Vahia, Hrishikesh Joglekar, R. Adhikari and Iravatham Mahadevan. Science, Vol. 324 Issue 5926, April 24, 2009.

Hacked filter reveals blacklist in 30 seconds
Brett Winterford
iTnews: March 24, 2009


A 30-second hack of a NetAlert-approved family-friendly filter exposes a list of websites banned in Australia.

The vulnerability, leaked to iTnews over the weekend and verified by IT security consultants, is due to a flaw in the Integard internet filtering software developed by Brisbane’s Race River Corporation.

A source claimed to iTnews that Integard can be reverse-engineered with a hex editor to reveal material the software is designed to keep secret.

iTnews asked three IT security specialists for their opinions.

They all refused to go on the record but they said the list of banned URLs is exposed in a process that takes about 30 seconds.

“Put it this way: it took longer to download Integard than to hack it,” said a senior security researcher speaking on condition of anonymity.

iTnews has been asking Integard managing director John Hedges for comment since yesterday.

ISP’s and content hosts in Australia are required by law to remove locally-hosted websites deemed by the Australian Communications and Media Authority to be illegal under Australian law.

Sites deemed illegal that are hosted overseas are added to a blacklist ACMA sends as regular updates to the manufacturers of client-based internet filters. These sites would potentially be blocked under the network-level mandatory ISP filtering scheme currently on trial.

[FACT comments: We’ve always worried Wired would go all corporate reactionary big business on us. Their editorial conclusions on the Pirate Bay trial and now this are a worrying trend for an independent tech news leader.]

Pop Superstar Sting Supports Pentagon Hacker, Condemns U.S.
Kevin Poulsen
Wired: March 3, 2009


International pop star Sting is the latest British celebrity to throw his weight behind 9/11 truther and admitted Pentagon hacker Gary McKinnon, the U.K. man who’s still fighting tooth and nail to avoid a U.S. trial on computer hacking charges.

“It’s a travesty of human rights that Gary McKinnon finds himself in this dreadful situation,” the former Police front man told the Mail on Sunday.

“The U.S. response in relation to the true nature of Gary’s crime is disproportionate in the extreme,” Sting said, referring to the extremely disproportionate response of charging a 42-year-old man with computer intrusion, when all he did was intrude into some computers.

Prosecutors say McKinnon broke into more than 90 unclassified Pentagon systems in 2001 and 2002, allegedly crashing some of them. He has said he was looking for proof of a UFO cover-up, though he left this message in an Army computer in 2002:  “U.S. foreign policy is akin to government-sponsored terrorism these days … It was not a mistake that there was a huge security stand down on September 11 last year … I am SOLO. I will continue to disrupt at the highest levels.”

With the help of British police, “Solo” was easily tracked down, and is now charged with damaging protected computers in violation of the Computer Fraud and Abuse Act.

Threat Level knows better than anyone that hackers in the United States are starting to face life-ruining sentences stretching to decades in prison. McKinnon, though, is not. He already turned down an 18-month plea deal, and he now faces six months to six-and-a-half years in custody under federal sentencing guidelines, depending on how much damage he caused. He claims to have caused none, and if he’s telling the truth, he could be extradited tomorrow and be back home for Christmas.

Instead, McKinnon has garnered massive support in the U.K. in a years-long legal battle to avoid extradition. Several prominent British lawmakers joined his side after his lawyer announced last August that McKinnon had been diagnosed with Asperser’s syndrome. It’s not clear, though, if any of them have the foggiest idea what they’re talking about, since they’re often heard grumbling about McKinnon’s “70-year” sentencing exposure on “terrorism charges.”

Even Sting worries that the hacker might take his own life rather than go to jail “as a terrorist.” He also complains: “The British Government is prepared to hand over this vulnerable man without reviewing the evidence.”

That last bit is especially puzzling, because McKinnon gave the British government a signed confession in January. He was hoping to get U.K. prosecutors to charge him locally, keeping him out of America. They recently declined and his case is now under judicial review to decide if his alleged Asperger’s syndrome should keep him from being tried in the United States.

Throwing the kitchen sink into his defense of his countryman, Sting even told the Mail that  McKinnon faces extradition under a one-sided treaty the U.K. signed, and the United States did not. Wrong again. Who would have thought a pop star would be ignorant of international treaty law?

[FACT comments: Not mentioned are the conflicts between the cybercrime law and Thailand’s Constitutional protections. And we presume they meant “key-logging”!]

Cyber law struggles with tech terms
Sasiwimon Boonruang
Bangkok Post Database: December 10, 2008


The Computer Related Crime Law was announced almost four months ago now, however, there are many ambiguous points within it that are still being argued. Legal experts have suggested considering the intention of the law in the cases where the statement of meaning is questionable.

During a panel discussion on the Computer Related Crime Act: Confusing or Constructive, Nectec legal expert Surangkana Wayuparb said the law was a new area and thus there were teething problems.

The problem of enforcement creates confusion for software buyers; she raised the example of the distribution of hacking software which was against the law, but was acceptable if a company bought it to test their own system.

The law needs to consider intent as a primary concern, she said.

Meanwhile, she said, social networking web sites, which are rapidly growing is popularity, raise issues about regulating content, as they can potentially be used as a source of defamation. “How should service providers manage them? There are risks for permission providers,” she said.

According to Dol Bunnag, Civil Court judge of the Presidential of the Supreme Court, the law comprised many technical terms, for example “sniffing”. How to define them in Thai and check whether they portrayed their original English meaning was the difficult part. The law has been defined, he said, through the definition of terms used within its wording, for example “key locker” or “service providers”.

Article 20 refers to “blocking web sites” which in Thai means to stop a site’s content distribution, but the implications of this term were broader than just simply blocking access to a site, the judge said.

When there were problems with understanding the law, Dol said, two techniques were used to clarify – defining the terms used or looking at the intention of the law.

The final decision falls to the court’s judgement. If a term’s definition is ambiguous, then it is clarified by the intention of the law, the judge noted.

Mahanakorn University president Dr Sujet Chantarang noted that since technology was advancing so rapidly, many articles thus needed to be defined.

People also should have a measure to protect their own rights, he said.

“Understanding this law is sometimes difficult.”

He also mentioned that the use of the word “unlawfully” in Article 5-10, had raised questions about what was specifically meant by the term.

[FACT comments: Some citizens may see this as legitimate law to protect the public. However, it’s not the code that’s criminal, it’s the people who exploit it. Criminalising code merely represses innovation and open sources.]

DoS and distributed hacking tools finally criminalised>
Computer Misuse Act updated
The Register: November 14, 2008


A law criminalising denial of service attacks and the supply of hacking tools has been brought into force in England and Wales after a number of delays. The law was already in force in Scotland.

Denial of service (DoS) attacks involve the simultaneous sending of millions of messages or page requests to an organisation’s servers. The sudden, massive deluge of information can render website and email servers inoperable.

The UK’s main cybercrime law is the Computer Misuse Act, passed 18 years ago. Its application to denial of service attacks had been the subject of some confusion.

In 2005, charges were brought under that Act against teenager David Lennon who sent his former employer five million emails at once. The massive volume of email disabled the office server. A Magistrates’ Court said that Lennon had no case to answer because the employer’s system was designed to receive email. But the High Court later said that the original judge had erred in that ruling. Lennon eventually pleaded guilty and, in 2006, he was sentenced to two months’ curfew with an electronic tag.

The first attempt to amend the Computer Misuse Act, to put the illegality of DoS attacks beyond doubt, dates back six years. A Private Member’s Bill to amend the Act was introduced by the Earl of Northesk in 2002, but like most Private Members’ Bills, it failed to become law.

Changes were made to the Computer Misuse Act in 2006 but they were not made live at the time. In October 2007 they were adopted in Scotland, but not in England and Wales.

The Home Office said that the changes would be brought into force in April 2008, but they were not. The Statutory Instrument to bring them into force was finally passed on 24th September and the changes came into effect for England and Wales on 1st October 2008.

The changes make it a criminal offence to conduct DoS attacks. The original legislation included offences of unauthorised access to computer material and of unauthorised modification of computer material. There is now a new offence of doing anything without authorisation with intent to impair, or with recklessness as to impairing, the operation of a computer.

The new offence carries a maximum penalty of 10 years’ imprisonment and a fine. It replaces the more limited offence of unauthorised modification, which carried a five-year maximum sentence.

The changes also increase the maximum penalty for unauthorised access to computer material from six months’ imprisonment and a fine to two years’ imprisonment and a fine.

The Computer Misuse Act has also been changed to make it an offence to make, adapt, supply or offer to supply any article which is “likely to be used to commit, or to assist in the commission of, [a hacking or unauthorised modification or DoS] offence”. It is also an offence to supply an article “believing that it is likely” to be used to commit such an offence.

The meaning of “article” includes any program or data. The provisions would cover the supply of DoS or virus toolkits. Anyone convicted of breaking this section of the Act could be jailed for up to two years.

This part of the law has been controversial because security researchers have said that it could impede their work.

“The difficulty in the Act is that it says ‘any item’ and people are worried that that might include information about a piece of software’s security vulnerability,” Cambridge University security researcher Dr Richard Clayton previously told OUT-LAW.COM. “If you distribute information about a security vulnerability and the bad guys use it to attack it then the information about that vulnerability might qualify.”

The Statutory Instrument which came into force this October amends the Police and Justice Act of 2006. The Instrument makes live provisions in that Act which in turn amend the Computer Misuse Act.

[FACT comments: Herein lies the Achilles heel of all censorship or security laws–anything can be illegal! And now Thailand’s ICT ministry wants to scrap even basic judicial safeguards. This is one more flagrant example of “national security” being abused by those in power.]

“Any act detrimental to the security of the state”
Square Table
New Mandala: November 13, 2008


Now here’s an exciting piece of news from Bernama, the official Malaysian news service, via Xinhua, monitoring a journal in Yangon: Myanmar is set to go wireless. “Myanmar is striving to introduce a wireless internet system of WiFi by early next year,” an article dated 12 November said. It is also “striving for the development of ICT to contribute its part to the national economic development.”

All that striving is of course not going on willy-nilly but in accordance with a law introduced in 2004, the Electronic Transactions Law. The law aims,

(a) to support with electronic transactions technology in building a modern, developed nation;

(b) to obtain more opportunities for all-round development of sectors including human resources, economic, social and educational sector by electronic transactions technologies;

(c) to recognize the authenticity and integrity of electronic record and electronic data message and give legal protection thereof in matters of internal and external transactions, making use of computer network;

(d) to enable transmitting, receiving and storing local and foreign information simultaneously, making use of electronic transactions technologies;

(e) to enable communicating and co-operating effectively and speedily with international organizations, regional organizations, foreign countries, local and foreign government departments and organizations, private organizations and persons, making use of computer network.

Sounds great! But wait, there’s more. The first article of Chapter XII, Offences and Penalties, reads as follows:

33. Whoever commits any of the following acts by using electronic transactions technology shall, on conviction be punished with imprisonment for a term which may extend from a minimum of 7 years to a maximum of 15 years and may also be liable to a fine:

(a) doing any act detrimental to the security of the State or prevalence of law and order or community peace and tranquillity or national solidarity or national economy or national culture.

(b) receiving or sending and distributing any information relating to secrets of the security of the State or prevalence of law and order or community peace and tranquillity or national solidarity or national economy or national culture.

Clearly, just about anything could be a violation of this section. If you’re one of the estimated 300,000 people in Myanmar who now goes within reaching distance of a computer with an online connection, then you can be found guilty of something.

That’s the lesson of blogger Nay Phone Latt (middle name pronounced “pone” not “fone”), who was sentenced this week to over 20 years in jail under section 33(a), and a couple of other laws to boot. (His photo has already been put on New Mandala and he has made it onto the BBC.)

Apparently, after the police opened up his account they found a bunch of stuff inside it that in their opinion did not enable communicating and cooperating effectively and speedily with people in international and regional organizations, foreign countries and foreign government departments and organizations, etc. etc.. These included what they deemed not-so-funny cartoons and doctored pictures of Senior General Than Shwe. 15 out of the 20-odd years’ imprisonment came from Nay Phone Latt’s Inbox.

Nay Phone Latt is, as is obvious from the photo, just a kid. He’s a kid from Myanmar’s small middle class who was doing what millions and millions of kids are doing across the world right now: mucking around with things on the Internet. Like the other 299,999 or so current users in Myanmar, he came into it late but caught on fast, maybe too fast to notice that he was still on the wrong side of the cyberspace superhighway. So while the government carries on with its aims to join in the World Wide Web party (If China can do it, why not us?), Myanmar will have to WiFi on without Nay Phone Latt for a while.

%d bloggers like this: