December 15, 2009
FACT ต้องการความช่วยเหลือจากคุณ – รับสมัครอาสาสมัครเปี่ยมแรงดลใจ
กลุ่มเสรีภาพต่อต้านการเซ็นเซอร์แห่งประเทศไทย (FACT) เป็นเครือข่ายนักกิจกรรมที่รณรงค์ต่อต้านการเซ็นเซอร์ในประเทศไทยตั้งแต่ 15 พฤศจิกายน 2549
จุดยืนของเราคือไม่ยอมรับการเซ็นเซอร์ทุกรูปแบบ และเราจะไม่ประนีประนอมใดๆ ทั้งสิ้น คำว่าไม่ของเราคือไม่!
FACT เป็นกลุ่มเดียวที่รวบรวมประเด็นเกี่ยวกับการเซ็นเซอร์จากทั่วทุกมุมโลก เรารายงานและนำเสนอข้อคิดเห็นเกี่ยวกับประเด็นการเซ็นเซอร์ในทุกประเทศ จากมุมมองของประเทศไทย และแน่นอน รายงานประเด็นการเซ็นเซอร์ในประเทศไทยที่มีมากมายด้วย
เราไม่มีวาระทางการเมือง เราเชื่อว่าทุกคนมีสิทธิที่จะแสดงออก เราเชื่อว่าสาธารณชนที่ได้รับข้อมูลครบถ้วนสมบูรณ์จำเป็นจะต้องเข้าถึงข้อมูลทั้งหมดก่อนที่จะตัดสินใจสำหรับประเทศของเราอย่างรับผิดชอบได้ เราต่อต้านเพียงการเซ็นเซอร์ทุกรูปแบบ
FACT เป็นองค์กรต่อต้านที่มุ่งพิทักษ์สิทธิมนุษยชน ประเด็นเกี่ยวกับการเซ็นเซอร์บางประเด็นที่เราโพสและเสนอข้อคิดเห็นเป็นเรื่องของการปิดกั้นเสรีภาพทางวิชาการ การแบนหนังสือ โทษประหารและโทษจำคุก การเซ็นเซอร์ผ่านกฎหมายลิขสิทธิ์ กฎหมายคอมพิวเตอร์ การแชร์ไฟล์ ยาเสพติดผิดกฎหมายและสงครามต่อต้านยาเสพติด การเซ็นเซอร์ภาพยนตร์และศิลปกรรม กฎหมายเสรีภาพข้อมูล อาหารดัดแปลงพันธุกรรม การเซ็นเซอร์เกมและของเล่น การเซ็นเซอร์ประเด็นเกย์และเพศสภาพ กฎอัยการศึกและความมั่นคงภายใน การเซ็นเซอร์ดนตรี ปัตตานีและองค์กรที่ถูกแบน การลุแก่อำนาจของตำรวจ เนื้อหาลามกอนาจาร เซ็กซ์และโสเภณี การเหยียดผิว ชนกลุ่มน้อยและผู้อพยพ การเซ็นเซอร์วิทยุ ศาสนา การเซ็นเซอร์การฆ่าตัวตายและการทำแท้ง สังคมสอดส่องทุกฝีก้าว การเซ็นเซอร์โทรทัศน์ สงครามและอาวุธ
FACT ต้องการอาสาสมัครที่ลงนามหรือยินดีลงนามในแถลงการณ์ของเราที่ต่อต้านการเซ็นเซอร์ทุกรูปแบบ – https://facthai.wordpress.com/sign
FACT ต้องการอาสาสมัครที่อ่านข่าวภาษาไทยเป็นประจำ ไม่ว่าจะอ่านสื่อกระแสหลัก สื่อทางเลือกหรือออนไลน์ ผู้ยินดีอุทิศเวลาให้กับการโพสและเขียนข้อคิดเห็นลงบนเว็บไซต์ของ FACT เป็นภาษาไทย
นอกจากนี้ การรายงานข่าวและการแถลงข่าวเพื่อเผยแพร่ของ FACT ส่วนใหญ่ก็เป็นภาษาอังกฤษ เราต้องการอาสาสมัครที่สามารถแปลงานของเราจากอังกฤษเป็นไทย และแปลประเด็นประเทศไทยจากไทยเป็นอังกฤษเป็นครั้งคราว สำหรับผู้อ่านชาวต่างชาติของเรา
ปัจจุบัน FACT มีผู้อ่านกว่า 600,000 คน คุณจะไม่มาร่วมกับเราหรือ?
December 15, 2009
FACT needs your help – a call for motivated volunteers
Freedom Against Censorship Thailand (FACT) is a network of activists campaigning against censorship since November 15, 2006.
We stand for NO censorship, NO compromise! Read that again: NO means NO!
FACT is the only international news aggregator of censorship issues worldwide. We report and comment on censorship issues in every country from a Thai perspective and, of course, report on the many Thai censorship issues.
We have no political agenda. We believe that everyone has a right to be heard. we believe a fully-informed public must have access to all information in order to make responsible decisions for our country. Our only issue is censorship in its many forms.
FACT is a radical resistance organisation dedicated to human rights. Some of the censorship issues we have posted and commented upon are academic censorship; book censorship; capital punishment and prisons; censorship by copyright, and file-sharing; cybercrime law; data retention and deep packet inspection; defamation and libel; illegal drugs and drug wars; film and fine art censorship; freedom of information law; genetically-modified foods; game and toy censorship; gay and gender censorship; globalisation and free trade; jihadi censorship; lese majeste law; martial law and internal security; music censorship; Patani and banned organisations; police impunity; pornography, sex and prostitution; racism, minorities and refugees; radio censorship; religion; suicide and abortion censorship; the surveillance society; TV censorship; war and weapons.
FACT needs volunteers who have signed or are willing to sign FACT’s petition against all censorship: https://facthai.wordpress.com/sign
Because international censorship issues are reported in English, we need to expand our Thai language postings.
FACT needs volunteers who regularly read a wide variety of Thai news, mainstream, alternative and Web-based, who will post and comment to FACTsite in Thai.
Most of the original reporting and press releases FACT creates are in English. FACT need volunteers who can translate our output from English to Thai and occasionally translate Thai issues from Thai to English for our international readership.
FACT has reached more than 600,000 readers. Won’t you join us?
July 22, 2009
[FACT comments: FACT wants Thailand’s Computer-Related Crimes Act repealed, pure and simple. It is a repressive law outlawing freedom of expression passed by a military puppet legislature. The CCA is too broken to be amended; let’s start over. However, know thy enemy is good advice so plan to attend.]
สำหรับเผยแพร่ (ENGLISH FOLLOWS)
เครือข่ายพลเมืองเน็ต ด้วยการสนับสนุนจาก Media Legal Defense Initiative (MLDI) และ Electronic Frontier Foundation (EFF)
ขอเชิญร่วมสัมมนา เรื่อง กฎหมายเกี่ยวกับอาชญากรรมทางคอมพิวเตอร์: มุมมองจากสากลและหลักปฏิบัติ
วันจันทร์ที่ 27 กรกฎาคม 2552 ณ โรงแรมโนโวเทล ห้องโมเน่ต์ – พิซซาโร่ ชั้น 4
09.00 – 11.00 น. บรรยาย “กฎหมายเกี่ยวกับอาชญากรรมทางคอมพิวเตอร์: มุมมองจากสากลและหลักปฏิบัติ”
- “ภาพรวมกฎหมายเกี่ยวกับอาชญากรรมทางคอมพิวเตอร์จากทั่วโลก” โดย Eddan Katz ผู้อำนวยการฝ่ายกิจการต่างประเทศ EFF
- “การ วิเคราะห์เชิงเปรียบเทียบ กฎหมายเกี่ยวกับอาชญากรรมทางคอมพิวเตอร์ในต่างประเทศและในประเทศไทย” โดย ทศพล ทรรศนกุลพันธุ์ คณะนิติศาสตร์ มหาวิทยาลัยเชียงใหม่
- “มุมมองจากเจ้าหน้าที่รัฐ” โดย ตัวแทนกระทรวงเทคโนโลยีสารสนเทศและการสื่อสาร หรือ กระทรวงยุติธรรม*
11.00 – 11.30 น. พัก
11.30 – 12.30 น. ถามตอบ ดำเนินโดย สุภิญญา กลางณรงค์ กรรมการเครือข่ายพลเมืองเน็ต
12.30 – 13.30 น. อาหารกลางวัน
13.30 – 15.00 น. อภิปราย “เสรีภาพบนอินเทอร์เน็ตทั่วโลก: ก้าวหน้าหรือถดถอย” ร่วมอภิปรายโดย
- Danny O’Brien ผู้ประสานงานนานาชาติ EFF,
- ผศ.ดร.พิรงรอง รามสูต รณะนันทน์ คณะนิเทศศาสตร์ จุฬาลงกรณ์มหาวิทยาลัย,
- สฤณี อาชวานันทกุล กรรมการเครือข่ายฯ
15.00 – 16.30 น. อภิปราย ดำเนินโดย อิสริยะ ไพรีพ่ายฤทธิ์ ที่ปรึกษาฝ่ายเทคโนโลยีสารสนเทศ SIU
16.35 น. แถลงข่าว “ข้อเสนอต่อการบังคับใช้พระราชบัญญัติว่าด้วยการกระทำผิดเกี่ยวกับคอมพิวเตอร์ พ.ศ. 2550” โดย คณะกรรมการเครือข่ายพลเมืองเน็ต
เนื่องจากที่นั่งมีจำนวนจำกัด ขอความกรุณาท่านที่สนใจ ลงทะเบียนในกล่องด้านล่างภายในคืนวันที่ 23 กรกฎาคม 2552
Thai Netizen Network with support from Media Legal Defense Initiative (MLDI) and Electronic Frontier Foundation (EFF) would like to invite you to a seminar on
Cyber-Crime laws: Global perspectives and Legal practice
Monday 27 July 2009 at Monet & Pissarro room, 4th floor, Novotel Hotel, Siam Square, Bangkok
09.00 – 11.00 Public lecture “Cyber-crime laws: Global perspective and Thai’s legal practice.”
- Overview on global perspectives on cyber-crime laws by Eddan Katz, Electronic Frontiers Foundation www.eff.org
- Comparative analysis of cyber-crime laws: Global and Thai practice by Tossapol Tassanakulpan, Faculty of Law, Chiangmai University
- Perspective from Thai authority by the representative from the Ministry of ICT or Ministry of Justice*
11.00 – 11.30 Break
11.30 – 12.30 Q&A, discussed and moderated by Supinya Klangnarong, Thai Netizen Network
12.30 – 13.30 Lunch
13.30 – 15.00 Panel discussion “Internet freedom worldwide: moving forward or backward?”
- Danny O’Brien, EFF’s international outreach coordinator,
- Assist. Prof. Pirongrong Ramasoota Rananand, Faculty of Communication Arts, Chulalongkorn University, and
- Sarinee Achavanuntakul, Thai Netizen Network
15.00 – 16.30 Discussion, moderated by Isriya Paireepairit, Siam Intelligence Unit
16.35 Press conference on the proposal for Computer-related Crime Act 2007 by Thai Netizen Network committee
* Speaker awaiting confirmation
[FACT comments: We haven’t reported on the Byzantine American legal lanyrinth known as the Digital Millennium Copyright Act for awhile. Here’s what it takes for a creator to get an exemption from using copyright protection
Wendy Seltzer: May 8, 2009
Every three years, as mandated by Congress in Sec. 1201(a)(1)(C) of the Digital Millennium Copyright Act, the Librarian of Congress and Register of Copyrights conduct a rulemaking on exemptions from the DMCA’s prohibition on circumvention of access controls protecting copyrighted works. This year’s revival opened in Stanford, then moved here to Washington DC for a three-day run.
Now Rulemaking on Exemptions from Prohibition on Circumvention of Technological Measures that Control Access to Copyrighted Works may not sound like a Broadway hit, but there was plenty of drama (for the copyright geek, at least). I live-tweeted and Identi.ca-posted the hearings, and offer a few highlights from the show here:
As at past runs (2000, ‘03, and ‘06), DVD’s CSS technological protections were the star attraction. Film and media educators, librarians, filmmakers, and creators of transformative works argued that they should be permitted to circumvent CSS to take DVD clips for fair and non-infringing purposes: film studies, media literacy, classroom teaching of the law or medical ethics, creation of commentary in the videographic “language” of the works to which they respond.
Rebecca Tushnet, law professor and founder of the Organization for Transformative Works called the anticircumvention rule a modern-day literacy test or poll tax: law-abiding creators are chilled by the welter of rules seemingly designed to privilege some users over others. Francesca Coppa and Tisha Turk showed the direct impact of the circumvention rule on women and minority creators offering alternative readings of mainstream culture, while educators noted that a too-narrow exemption might let teachers make art with media clips but forbid students from using the same techniques after graduation.
The hearings’ setup is a perfect theater of the absurd: First, the LOC is authorized to exempt non-infringing users of “classes of works” from the circumvention prohibition, but not to legalize the tools needed to circumvent access controls (which are prohibited by 1201(a)(2)). That leaves all participants dancing around the question of how users are to exercise their rights, if granted — “surreal,” as Jon Band put it. Likewise, we all ignore the ready availability of DeCSS and the near-instant posting of DRM-free versions of anything issued in “protected” format.
Then Steve Metalitz, representing a Group of 9 copyright industries, argued that the proponents of an exemption were taking the law too seriously if they were being chilled by the remote threat of an anticircumvention lawsuit. Was he really advocating that we disregard the law??
The proceedings jumped the line to farce when Fritz Attaway and a colleague from the MPAA pulled out a cinematic demonstration of just how to camcord a movie from your television screen. (You start with a $900 HD video camera, a tripod, a flat-screen television, and a room that can be completely darkened.) Tim Vollmer captured the whole scene on a video of his own. Mind you, this is the same industry that has lobbied to make a crime of camcording in movie theaters, telling us how to frame shots properly from the television. (As Fred Benenson notes, they’re also demonstrating DRM’s impossibility of closing the “analog hole.”)
Finally, Bruce Turnbull, representing DVD CSS-licensing body, DVD-CCA, said we were all in the wrong place (LOC, rather than Congress) talking about the wrong subject. 1201 isn’t a copyright protection, but a technology protection, aimed at protecting the “commercial viability of the technological protection measure.” This may be operationally true, but it would sure surprise many in Congress who put anticircumvention into Title 17.
Other acts in the drama included Chris Soghoian’s argument for access to media after authentication servers go defunct; and Alex Halderman and Blake Reid’s arguments that security researchers should be able to investigate the hazards of DRM to personal computer security. Up today: eBooks, dongles, and cell phones.
May 7, 2009
Major Source of Pirated iPhone Apps Closes Down
TorrentFreak: May 5, 2009
A site thought to be the source of up to 60% of cracked iPhone apps added to the Appulous app database has ceased its operations. The site, home to well known cracker ‘kidmoneys’, is believed to have made use of hacked iTunes gift cards to maintain the supply of apps, but now says it will stop its operations.
In a major blow to the iPhone app scene, a site made home by some of the most prolific iPhone app crackers/suppliers has stopped its operations. iTunes Card VN (iPhone Vietnam Groups) turned out dozens of brand new releases every day.
The site was run by a very well known iPhone app cracker called ‘kidmoneys’ and it’s believed the message currently on the site’s homepage is his:
I won’t crack apps/games anymore
People who used the Installous application from Hackulo.us will be familiar with Appulo.us. Functioning a little like a torrent index, Appulo.us carries links to cracked iPhone applications hosted elsewhere, without carrying any of its own content. It’s believed that kidmoneys and other crackers from iTunes Card VN supplied around 60% of everything added to Appulo.us each day.
TorrentFreak spoke with most_uniQue, a cracker from Hackulo.us who explained the significance of the closure. “iTunes Card cracked about $1000-1500 worth of apps each week,” he told us. “About 50 apps a day.”
Of course, all these apps have to be purchased from the Apple App Store before they can be cracked and distributed, but we were told that some crackers use cracked iTunes gift card codes to make their purchases from Apple.
A physical card isn’t needed, the code from a card is enough and these are generated by crackers with the use of keygen-like software. most_uniQue told TorrentFreak that a $1000 worth of credit can be purchased for $50 and a quick search turned up offers even lower than that.
Since all requests for Apple apps were fulfilled on the iTunes Card site (kidmoneys had 23K+ ‘thanks’ from users), the speculation is that they used cracked iTunes gift cards to fund the purchase of the apps.
TorrentFreak was told that many of the most expensive apps did in fact originate from the iTunes Card website.
Although it seems to be the end of the road for iTunes Card VN, some of the residents have already moved on to a new home ready to crack another day. Indeed, a brief look at Appulo.us today shows plenty of new apps.
May 5, 2009
[CJ Hinke of FACT comments: Unfortunately for freedom, we just don’t have slow news days at FACT. But we have always been big proponents of strong encryption–alien grade–to keep govt and other snoops out of your computer.
Readers may remember US charges against PGP creator Philip Zimmerman for munitions export: PGP code. I was very active in the fight to defend Phil.
We visited the NSA’s cryptology museum in Maryland last year and PGP wasn’t even mentioned. Does that mean the NSA has cracked it and can backdoor PGP or, NSA hasn’t cracked it yet and doesn’t want to public to use it on their emails and desktops?]
Mission Impossible: The Code Even the CIA Can’t Crack
Wired: April 20, 2009
The most celebrated inscription at the Central Intelligence Agency’s headquarters in Langley, Virginia, used to be the biblical phrase chiseled into marble in the main lobby: “And ye shall know the truth, and the truth shall make you free.” But in recent years, another text has been the subject of intense scrutiny inside the Company and out: 865 characters of seeming gibberish, punched out of half-inch-thick copper in a courtyard.
It’s part of a sculpture called Kryptos, created by DC artist James Sanborn. He got the commission in 1988, when the CIA was constructing a new building behind its original headquarters. The agency wanted an outdoor installation for the area between the two buildings, so a solicitation went out for a piece of public art that the general public would never see. Sanborn named his proposal after the Greek word for hidden. The work is a meditation on the nature of secrecy and the elusiveness of truth, its message written entirely in code.
Almost 20 years after its dedication, the text has yet to be fully deciphered. A bleary-eyed global community of self-styled cryptanalysts—along with some of the agency’s own staffers—has seen three of its four sections solved, revealing evocative prose that only makes the puzzle more confusing. Still uncracked are the 97 characters of the fourth part (known as K4 in Kryptos-speak). And the longer the deadlock continues, the crazier people get.
Whether or not our top spooks intended it, the persistent opaqueness of Kryptos subversively embodies the nature of the CIA itself—and serves as a reminder of why secrecy and subterfuge so fascinate us. “The whole thing is about the power of secrecy,” Sanborn tells me when I visit his studio, a barnlike structure on Jimmy Island in Chesapeake Bay (population: 2). He is 6’7″, bearded, and looks a bit younger than his 63 years. Looming behind him is his latest work in progress, a 28-foot-high re-creation of the world’s first particle accelerator, surrounded by some of the original hardware from the Manhattan Project. The atomic gear fits nicely with the thrust of Sanborn’s oeuvre, which centers on what he calls invisible forces.
With Kryptos, Sanborn has made his strongest statement about what we don’t see and can’t know. “He designed a piece that would resonate with this workforce in particular,” says Toni Hiley, who curates the employees-only CIA museum. Sanborn’s ambitious work includes the 9-foot 11-inch-high main sculpture—an S-shaped wave of copper with cut-out letters, anchored by an 11-foot column of petrified wood—and huge pieces of granite abutting a low fountain. And although most of the installation resides in a space near the CIA cafeteria, where analysts and spies can enjoy it when they eat outside, Kryptos extends beyond the courtyard to the other side of the new building. There, copper plates near the entrance bear snippets of Morse code, and a naturally magnetized lodestone sits by a compass rose etched in granite.
The heart of the piece, though, is the encrypted text, scrambled, Sanborn says, by “a coding system that would unravel itself slowly over a period of time.”
When he began the work, Sanborn knew very little about cryptography, so he reluctantly accepted the CIA’s offer to work with Ed Scheidt, who had just retired as head of Langley’s Cryptographic Center. Scheidt himself was serving two masters. “I was reminded of my need to preserve the agency’s secrets,” Scheidt says. “You know, don’t tell him the current way of doing business. And don’t create something that you cannot break—but at the same time, make it something that will last a while.”
Scheidt schooled Sanborn in cryptographic techniques employed from the late 19th century until World War II, when field agents had to use pencil and paper to encode and decode their messages. (These days, of course, cryptography is all about rugged computer algorithms using long mathematical keys.) After experimenting with a range of techniques, including poly-alphabetic substitution, shifting matrices, and transposition, the two arrived at a form of old-school, artisanal cryptography that they felt would hold off code breakers long enough to generate some suspense. The solutions, however, were Sanborn’s alone, and he did not share them with Scheidt. “I assumed the first three sections would be deciphered in a matter of weeks, perhaps months,” Sanborn says. Scheidt figured the whole puzzle would be solved in less than seven years.
During the two years of construction, there were moments of intrigue and paranoia, in keeping with the subject matter and the client. “We had to play a little on the clandestine side,” says Scheidt, who talks of unnamed observers outside armed with long-range cameras and high-intensity microphones. “We had people with ladders climbing up the walls of my studio trying to photograph inside,” Sanborn says. He came to believe that factions within the CIA wanted to kill the project. There were unexplained obstacles. For instance, he says, “one day a big truckload of stone for the courtyard disappeared. Never found. I saw it in the evening, went back in the morning, and it had vanished. Nobody would tell me what happened to it.”
Sanborn finished the sculpture in time for a November 1990 dedication.
The agency released the enciphered text, and a frenzy erupted in the crypto world as some of the best—and wackiest—cryptanalytic talent set to work. But it took them more than seven years, not the few months Sanborn had expected, to crack sections K1, K2, and K3. The first code breaker, a CIA employee named David Stein, spent 400 hours working by hand on his own time. Stein, who described the emergence of the first passage as a religious experience, revealed his partial solution to a packed auditorium at Langley in February 1998. But not a word was leaked to the press. Sixteen months later, Jim Gillogly, an LA-area cryptanalyst used a Pentium II computer and some custom software to crack the same three sections. When news of Gillogly’s success broke, the CIA publicized Stein’s earlier crack.
James Sanborn buried his sculpture’s message so deeply that a CIA staffer took seven years to solve just the first three sections. Here’s what we know.
The first section, K1, uses a modified Vigenère cipher. It’s encrypted through substitution—each letter corresponds to another—and can be solved only with the alphabetic rows of letters on the right. The keywords, which help determine the substitutions, are KRYPTOS and PALIMPSEST. A misspelling—in this case IQLUSION—may be a clue to cracking K4.
K2, like the first section, was also encrypted using the alphabets on the right. One new trick Sanborn used, though, was to insert an X between some sentences, making it harder to crack the code by tabulating letter frequency. The keywords here are KRYPTOS and ABSCISSA. And there’s another intriguing misspelling: UNDERGRUUND.
A different cryptographic technique was used for K3: transposition. All the letters are jumbled and can be deciphered only by uncovering the complex matrices and mathematics that determined their misplacement. Of course, there is a misspelling (DESPARATLY), and the last sentence (CAN YOU SEE ANYTHING?) is strangely bracketed by an X and a Q.
Sanborn intentionally made K4 much harder to crack, hinting that the plaintext itself is not standard English and would require a second level of cryptanalysis. Misspellings and other anomalies in previous sections may help. Some suspect that clues are present in other parts of the installation: the Morse code, the compass rose, or perhaps the adjacent fountain.
But if anyone expected that solving the first three sections would lead to a quick resolution of the whole puzzle, their hopes were soon dashed. The partial solutions only deepened the confusion.
K1 is a passage written by Sanborn. “I tried to make it sound good and be inscrutable enough to be interesting,” he says. Judge for yourself how well he did: “Between subtle shading and the absence of light lies the nuance of iqlusion.” Yes, iqlusion—one of several misspellings that Sanborn says are intentional. The second section reads like a telegraph transmission. There’s a reference to a magnetic field and information transmitted to a specific latitude and longitude—geo-coordinates for a location a couple of hundred feet south of the sculpture itself (a spot where nothing of apparent interest lies).
K3 paraphrases a diary entry of anthropologist Howard Carter from his 1922 discovery of King Tut’s tomb, ending with a question: “Can you see anything?” When Gillogly turned up that passage, he says, he had “the same excitement and exultation that Carter described. In a way, it seems that the plaintext is a metaphor for the work of the code breaker, or perhaps of the CIA itself.”
The 97 characters of K4 remain impenetrable. They have become, as one would-be cracker calls it, the Everest of codes. Both Scheidt and Sanborn confirm that they intended the final segment to be the biggest challenge. There are endless theories about how to solve it. Is access to the sculpture required? Is the Morse code a clue? Every aspect of the project has come under electron-microscopic scrutiny, as thousands of people—hardcore cryptographers and amateur code breakers alike—have taken a whack at it. Some have gone off the deep end: A Michigan man abandoned his computer-software business to do construction so he’d have more time to work on it. Thirteen hundred members of a fanatical Yahoo group try to move the ball forward with everything from complex math to astrology. One typical Kryptos maniac is Randy Thompson, a 43-year-old physicist who has devoted three years to the problem. “I think I’m onto the solution,” he says. “It could happen tomorrow, or it could take the rest of my life.” Meanwhile, some of the seekers are getting tired. “I just want to see it solved,” says Elonka Dunin, a 50-year-old St. Louis game developer who runs a clearinghouse site for Kryptos information and gossip. “I want it off my plate.”
Making the effort more complicated is the fact that the puzzle maker is alive and, in theory at least, a potential resource. For years, there has been a delicate pas de deux between the artist and the rabid Kryptos community. Every word Sanborn utters is eagerly examined for hints. But they also have to wonder whether he’s trying to help them or throw them off track. Scheidt says that this process parallels the work of the CIA: “The intelligence picture includes mirrors and obfuscation.”
“It’s not my intent to put out disinformation,” Sanborn says. “I’m a benevolent cryptographer.” Some think otherwise, and Sanborn occasionally receives messages from people enraged that he knows the secret and they don’t. “It’s the fact that I have some sort of power,” he says. “You get stalkers. I don’t know how they get my cell numbers and everything off the Internet, but they do. People have called me and said pretty terrible things. There are some who say I’m an agent of Satan because I have a secret I won’t tell.”
Though Sanborn’s usual practice is to stay in the background, every so often he feels obliged to comment. In 2005, he refuted author Dan Brown’s claim that the “WW” in the plaintext of K3 could be inverted to “MM,” implying Mary Magdalene. (Brown included pieces of Kryptos on the book jacket of The Da Vinci Code and has hinted that his next novel will draw on the CIA sculpture, a prospect that deeply annoys Sanborn.)
Intentional or not, Sanborn’s comments (or lack thereof) seem to generate an added layer of confusion. Even a straightforward question, like who besides him knows the solution, opens up new wormholes. The official story is that Sanborn shared the answer with only one person, the CIA director at the time, William Webster. Indeed, the decoded K3 text reads in part, “Who knows the exact location only ww.” Sanborn has confirmed that these letters refer to Webster (not Mary Magdalene). And in 1999, Webster himself told The New York Times that the solution was “philosophical and obscure.”
But Sanborn also claims that the envelope he gave Webster didn’t contain the complete answer. “Nobody has it all,” he says. “I tricked them.”
So, Webster really doesn’t know?
“No,” says Sanborn, who has taken measures to ensure that someone will be able to confirm a successful solution even after he dies. He adds that even he doesn’t know the exact solution anymore. “If somebody tried to torture me, I couldn’t tell them,” he says. “I haven’t looked at the plaintext of K4 in a long time, and I don’t have a very good memory, so I don’t really know what it says.” What does the CIA make of all this?
“When it comes to the solution,” says spokesperson Marie Harf, “those who need to know, know.”
If anyone manages to solve the last cipher, that won’t end the hunt for the ultimate truth about Kryptos. “There may be more to the puzzle than what you see,” Scheidt says. “Just because you broke it doesn’t mean you have the answer.” All of this leads one to ask: Is there a solution?
Sanborn insists there is—but he would be just as happy if no one ever discovered it. “In some ways, I’d rather die knowing it wasn’t cracked,” he says. “Once an artwork loses its mystery, it’s lost a lot.”
The day I visited Kryptos, a rare snowstorm in Virginia had blanketed the courtyard in white. I circled the sculpture carefully, marveling at the way the colors and texture of the surrounding landscape affected the panels, as some character strings became highlighted in white and other phrases shimmered, reflecting the dull light bouncing off the windows. I examined all the pieces, brushing aside the snow to uncover the Morse code and the compass rose. It was like unearthing hieroglyphs in some ancient ruin. Agents and bureaucrats shuffled past, deep in thought, clutching cups of coffee from the onsite Starbucks. In their midst, Jim Sanborn’s statement in copper, wood, and granite remains, proof that even in the house of spies, some truths may never be found.
May 2, 2009
How Hackers Can Steal Secrets from Reflections
Information thieves can now go around encryption, networks and the operating system
Scientific American: May 2009
Through the eyepiece of Michael Backes’s small Celestron telescope, the 18-point letters on the laptop screen at the end of the hall look nearly as clear as if the notebook computer were on my lap. I do a double take. Not only is the laptop 10 meters (33 feet) down the corridor, it faces away from the telescope. The image that seems so legible is a reflection off a glass teapot on a nearby table. In experiments here at his laboratory at Saarland University in Germany, Backes has discovered that an alarmingly wide range of objects can bounce secrets right off our screens and into an eavesdropper’s camera. Spectacles work just fine, as do coffee cups, plastic bottles, metal jewelry—even, in his most recent work, the eyeballs of the computer user. The mere act of viewing information can give it away.
The reflection of screen images is only one of the many ways in which our computers may leak information through so-called side channels, security holes that bypass the normal encryption and operating-system restrictions we rely on to protect sensitive data. Researchers recently demonstrated five different ways to surreptitiously capture keystrokes, for example, without installing any software on the target computer. Technically sophisticated observers can extract private data by reading the flashing light-emitting diodes (LEDs) on network switches or by scrutinizing the faint radio-frequency waves that every monitor emits. Even certain printers make enough noise to allow for acoustic eavesdropping.
Outside of a few classified military programs, side-channel attacks have been largely ignored by computer security researchers, who have instead focused on creating ever more robust encryption schemes and network protocols. Yet that approach can secure only information that is inside the computer or network. Side-channel attacks exploit the unprotected area where the computer meets the real world: near the keyboard, monitor or printer, at a stage before the information is encrypted or after it has been translated into human-readable form. Such attacks also leave no anomalous log entries or corrupted files to signal that a theft has occurred, no traces that would allow security researchers to piece together how frequently they happen. The experts are sure of only one thing: whenever information is vulnerable and has significant monetary or intelligence value, it is only a matter of time until someone tries to steal it.
From Tempest to Teapot
The idea of stealing information through side channels is far older than the personal computer. In World War I the intelligence corps of the warring nations were able to eavesdrop on one another’s battle orders because field telephones of the day had just one wire and used the earth to carry the return current. Spies connected rods in the ground to amplifiers and picked up the conversations. In the 1960s American military scientists began studying the radio waves given off by computer monitors and launched a program, code-named “Tempest,” to develop shielding techniques that are used to this day in sensitive government and banking computer systems. Without Tempest shielding, the image being scanned line by line onto the screen of a standard cathode-ray tube monitor can be reconstructed from a nearby room—or even an adjacent building—by tuning into the monitor’s radio transmissions.
Many people assumed that the growing popularity of flat-panel displays would make Tempest problems obsolete, because flat panels use low voltages and do not scan images one line at a time. But in 2003 Markus G. Kuhn, a computer scientist at the University of Cambridge Computer Laboratory, demonstrated that even flat-panel monitors, including those built into laptops, radiate digital signals from their video cables, emissions that can be picked up and
decoded from many meters away. The monitor refreshes its image 60 times or more each second; averaging out the common parts of the pattern leaves just the changing pixels—and a readable copy of whatever the target display is showing.
“Thirty years ago only military suppliers had the equipment necessary to do the electromagnetic analysis involved in this attack,” Kuhn says. “Today you can find it in any well-equipped electronics lab, although it is still bulky. Sooner or later, however, it will be available as a plug-in card for your laptop.”
Similarly, commonplace radio surveillance equipment can pick up keystrokes as they are typed on a keyboard in a different room, according to Martin Vuagnoux and Sylvain Pasini, both graduate students in computer science at the Swiss Federal Institute of Technology in Lausanne. The attack does not depend on fluctuations in the power supply, so it works even on the battery-powered laptops you see by the dozen in any airport terminal.
Vuagnoux and Pasini showed off the feat in an online video recorded last October. They are now preparing a conference paper that describes four distinct ways that keystrokes can be deduced from radio signals captured through walls at distances up to 20 meters. One of the newer methods is 95 percent accurate. “The way the keyboard determines which key is pressed is by polling a matrix of row and column lines,” explains Kuhn, who proposed (but never demonstrated) one of these methods a decade ago. “The polling process emits faint radio pulses, and the position of those pulses in time can reveal which key was pressed.”
Last May a group led by Giovanni Vigna of the University of California, Santa Barbara, published details of a fifth way to capture typing that does not require a fancy radio receiver; an ordinary webcam and some clever software will do. Vigna’s software, called ClearShot, works on video of a victim’s fingers typing on a keyboard. The program combines motion-tracking algorithms with sophisticated linguistic models to deduce the most probable words being typed. Vigna reports that ClearShot reconstructs the typed text about as quickly as human volunteers do, but not quite as accurately.
It might seem implausible that someone would allow their own webcam to be used against them in this way. It is not. Gathering video from a webcam can be as simple as tricking the user into clicking on an innocuous-looking link in a Web page, a process known as clickjacking. Last October, Jeremiah Grossman of WhiteHat Security and Robert Hansen of SecTheory revealed details of bugs they discovered in many Web browsers and in Adobe’s Flash software that together allow a hostile Web site to collect audio and video from a computer’s microphone and webcam. Just a single errant click launches the surveillance.
Eye See You
Still, Backes points out, “almost all these interception methods are accessible only to experts with specialized knowledge and equipment. What distinguishes the attack based on reflections is that almost anyone with a $500 telescope can do it, and it is almost impossible to defend against completely.”
Backes, a fellow of the Max Planck Institute for Software Systems in Saarbrücken, Germany, who made a name for himself at IBM’s research lab in Zurich before entering academia, spends most of his time working on the mathematics that underlies cryptography. But every year he works on a new project with his students just for fun. This year they wrote computer code that translates an audio recording of a dot-matrix printer—the noisy variety that is still often used by airlines, banks and hospitals—into a picture of the page that was being printed at the time. Based on the success of that work, Backes’s group has been performing experiments to determine whether the method could be extended to retrieve text from recordings of ink-jet printers. “Obviously, this is much harder because ink-jets are so quiet,” Backes says.
Last year the idea for the annual fun project dawned on Backes as he was walking past the office where his graduate students were furiously typing away. “ ‘What are they working on so hard?’ I wondered,” Backes says. As he noticed a small blue-white patch in a teapot on one student’s desk and realized it was the reflection of the computer screen, the idea struck. “The next day I went to a hobby shop and bought an ordinary backyard telescope [for $435] and a six-megapixel digital camera.”
The setup worked surprisingly well. Medium-size type was clearly legible when the telescope was aimed at reflections in a spoon, a wine glass, a wall clock. Nearly any shiny surface worked, but curved surfaces worked best, because they revealed wide swathes of the room, thus eliminating the need for a peeping hacker to find a sweet spot where the reflected screen is visible. Unfortunately, all of us who use computer screens have nearly spherical, highly reflective objects stuck to our faces. Could digital secrets be read off the eyes of their beholders?
Backes knew he would need a bigger telescope and a more sensitive camera to find out. Because eyeballs are rarely still for more than a second or so, the shutter speed on the camera would have to be fast to reduce motion blur. “For eyes, it is the brightness of the reflected image, not its resolution, that limits how far away a spy can be,” Backes says.
He bought a $1,500 telescope and borrowed a $6,000 astronomical camera from the Max Planck Institute for Astronomy in Heidelberg, Germany. Now he was able to make out 72-point text in the eye of a target 10 meters away.
He figured he could do even better by borrowing something else from astronomy: a process called deconvolution that removes blur in photographs of distant galaxies. The idea is to measure how a point of light in the original image (such as a star or a reflected status LED on a monitor) smears when captured by the camera. A mathematical function can then reverse the blurring to restore the point, sharpening the rest of the image at the same time [Purchase the digital edition to see related sidebar]. The deconvolution software lowered the threshold of legibility to 36-point type at 10 meters for a telescope that could easily be hidden inside a car. A van-size telescope could do even better.
Backes will present his results this month at the IEEE Symposium on Security and Privacy, but he already has ideas for further improvement. “A real attacker could train an invisible laser on the target,” he notes. That would enable autofocusing on the eyeball and better deconvolution of the motion blur. Spies could take advantage of software from HeliconSoft that can assemble one clear image of an object by combining many partially blurry images; only those regions that are in focus are retained. They could also exploit software for high dynamic-range imaging that uses similar techniques to create one high-contrast photograph from images shot with a variety of exposures.
A Blind Defense
Protecting ourselves against our overly communicative computers is much harder in some ways than defending against spam, phishing and viruses. There is no convenient software package one can install to dam the side channels. On the other hand, it is not clear that anyone is actively exploiting them. Backes and Kuhn say it is safe to assume that military organizations have used the techniques to gather intelligence, but they can cite no specific examples.
The blinds in Backes’s office were drawn as we discussed these possibilities, and curtains are one obvious way of frustrating a reflection thief. But Backes points out that it is naive to expect that people will always remember, or be able, to cover their windows. Although many laptop users apply “privacy filters” to their screens to protect against over-the-shoulder eavesdropping, these filters increase the brightness of the reflection on the viewer’s eyes, thus making the hacker’s job easier.
Flat-panel displays emit polarized light, so a polarizing film on a window could in principle block reflections from every screen in the room. In practice, however, this fix does not work. Small variations in the polarization angle of displays are common, and the resulting small mismatches let enough light escape that a good telescope can still make out the screen.
Compared with conventional forms of computer espionage, side-channel attacks do have a couple of major limitations, Kuhn notes. “You have to be close to the target, and you must be observing while a user is actively accessing the information. It’s much easier if you can instead convince someone to open an e-mail attachment and install malicious software that opens a back door to their entire system. You can do that to millions of people at once.”
For that reason, side-channel hacks are unlikely to become as common as spam, malware and other assaults through the network. Instead they will likely be used to infiltrate a few highly lucrative targets, such as the computers of financiers and high-level corporate and government officials. In these cases, side-channel leaks probably offer the easiest way to bypass elaborate network security systems and do it without leaving any trail that a security team could trace after the fact. Anecdotal evidence suggests such surveillance is already taking place. “Some people in investment banks cite cases where information has disappeared, and they are certain it wasn’t a traditional attack such as a software hack or the cleaning lady duplicating a hard disk,” Kuhn says. “But to my knowledge, no one has ever been caught in the act.”
This story was originally printed with the title “How to Steal Secrets without a Network”