What Do Virtual Viruses Look Like?

Alex Dragulescu, a grad student at MIT Labs, used data from MessageLabs to:

“visualize the threats the company finds in the 3 million messages it scans daily. Dragulescu used algorithms to find recurring patterns in the source code of viruses and Trojans and then fed the results into a visualization algorithm.The only manipulation involved was color-coding, setting the virtual position of the camera, and some lighting effects. The project lives somewhere between pure art and information visualization, Dargulescu says” (Wired).

Patrick Philippe Meier

Cyber defense policy

DHS Secretary Michael Chertoff spoke at one of the top IT security conferences yesterday. According to Information Week, he compared his project to improve American cyber defenses to the Manhattan Project. IW reports further that he is dissatisfied with the “backward-looking” nature of the existing Einstein monitoring system, meaning, if I understand, that he thinks it’s insufficient to evaluate the impact of cyber attacks.

Chertoff’s speech raises the issue of DHS’s role in national defense. There are good reasons that DHS should have a coordinating role in securing the nation’s critical infrastructure, as Chertoff rightly points out, with the cooperation of the private sector. It’s nearly impossible to imagine that meaningful information about the identities and geographic locations of sophisticated cyber attackers could be gathered without the aid of these private sector organizations. But that raises serious ethical and legal questions for the department: specifically, if the Department of Defense or the intelligence community are engaged in offensive operations, what are the laws and doctrines governing DHS’s sharing of information with those agencies? Cyber operations are extremely broad in their scope, involving everything from government databases to financial transactions to the SCADA systems that operate the power grid.

International law clearly defines acts of war in conventional warfare, but does not do so in cyber operations. Federal law establishes a number of civil and criminal penalties for unlawful cyber actions, but Chertoff’s Manhattan Project language suggests that we need governing law and doctrine for cyber conflict in the future. Uncertainty about law, capabilities, and doctrine may well destabilize the cyber domain. Defense also requires careful intelligence work on human, financial, and cyber networks at home and abroad, so it is essential that America develop operational policy to govern collaboration among the many federal, state, and local agencies in time of conflict.

UN space-based web for disaster relief operations

The UN has a program, under the sinister acronym SPIDER, that describes international protocols for space-based assistance with disaster relief. Unfortunately I haven’t read much on this, so I can’t comment whether they are having a huge impact in the way that Patrick’s communications technology is.

From their home page…

In its resolution 61/110 of 14 December 2006 the United Nations General Assembly agreed to establish the “United Nations Platform for Space-based Information for Disaster Management and Emergency Response – UN-SPIDER” as a new United Nations programme, with the following mission statement: “Ensure that all countries and international and regional organizations have access to and develop the capacity to use all types of space-based information to support the full disaster management cycle”.

Whereas there have been a number of initiatives in recent years that have contributed to making space technologies available for humanitarian and emergency response UN-SPIDER is the first to focus on the need to ensure access to and use of such solutions during all phases of the disaster, including the risk reduction phase which will significantly contribute to an increasing reduction in loss of lives and property.

The UN-SPIDER programme is achieving this by focusing on being a gateway to space information for disaster management support, by serving as a bridge to connect the disaster management and space communities and by being a facilitator of capacity-building and institutional strengthening, in particular for developing countries.

UN-SPIDER is being implemented as an open network of providers of space-based solutions to support disaster management activities. Besides Vienna (where UNOOSA is located), the programme also has an office in Bonn, Germany and will also have an office in Beijing, China and a Liaison Office in Geneva, Switzerland. Additionally, both Nigeria and Algeria are setting up Regional Support Offices.

US Military Building Virtual Strike Capabilities

Today’s Wired reports that U.S. military officials seeking to boost the nation’s cyberwarfare capabilities are looking beyond defending the Internet: They are developing ways to launch virtual attacks on enemies.

iRevolution blog

Patrick Philippe Meier‘s blog on iRevolution is available here.

iRevolution: Reporting Live and Undercover?

While video footage of the riots in Tibet did leak out, it was nevertheless limited and there were often delays. The Nokia N95, however, can stream live video from the phone to the Internet. So imagine, writes Andy Carvin, “if the protestors were able to webcast their protests – and the ensuing crackdowns – live over their phones using China’s GSM network? The video would stream live and get crossposted via tools like YouTube, Seesmic and Twitter, spreading the content around so it can’t be snuffed.”

Andy asks: what about the need for securing anonymity during transmission? Surfers can hit the waves whenever they choose to since software such as TOR allows them to remain anonymous by causing their online communications to bounce through a random series of relay servers around the world.

For example, let’s say you’re in Beijing and you publish a blog the authorities don’t like. If you just used your PC as usual and logged into your publishing platform directly, they could follow your activities and track you down. With Tor, you hop-scotch around: your PC might connect to a server in Oslo, then Buenos Aires, then Miami, then Tokyo, then Greece before it finally connects to your blogging platform. Each time you did this, it would be a different series of servers. That way, it’s really difficult for authorities to trace your steps.

The question Andy poses is when (or whether) Tor or related software projects will (or can) adapt their services to meet the mobile needs of activist networks and nonviolent movements? Taking a different angle, the question I would raise is whether video encryption might be render the need for anonymity less pressing?

Several techniques are available the most and the one that makes the most sense here given our security concerns is the “Cut & Rotate” approach. This scrambling method cuts each scanned line into pieces and reassembles them in a different order. The advantage of this technique compared to others is that it provides a compatible video signal, gives an excellent level of data security, as well as good decode quality and stability. The disadvantage, however, is that the technique requires specialized scrambling equipment. That said, a good example of this system is the Viewlock II & micro-Viewlock II:

The micro-Viewlock II is battery operated with low current drain and is designed for highly covert applications, such as body-worn video surveillance. So my question is whether hardware rather than software such as Tor might be a potential path to consider?

Patrick Philippe Meier

GSM versus People Power in Africa

Let’s force GSM tariffs down. Join a mass protest switch off ur fone on fri sept 19 ’03. They’ll lose millions. It worked in US & Argentina. Spread Dis txt.

It’s been close to 5 years since the Great GSM Boycott in Nigeria. Some claim that up to 75% of mobile phone users switched off their phones on 9/13 in widespread protests that were regarded as much of a charge against the Nigerian state as it was a statement of protest vis-a-vis the country’s corrupt telecommunication companies. Many disaffected users even drew parallels between the activities of the phone companies and those of oil companies which operate in the country’s delta region and are known for conniving with the Nigerian state.

Following the boycott, the companies set off on a charm offensive to win back their clientèle after acknowledging that a substantial number of customers did switch off their phones. The companies did give in to a number of customer demands but found other ways to compensate for the drop in revenue (by shifting additional costs to users). An important positive impact of the boycott was the noticeable increased determination of the National Communications Commission to enforce the sector’s basic regulations.

One question in particular came to mind when reading Odabare’s account of the Great Boycott: If a tactic as basic as switching off a mobile phone apparently worked in the US, Argentina and Nigeria, then why haven’t we seen additional copycat tactics since that have proved successful?

Patrick Philippe Meier

Conference: Complexity and Conflict

Conflict Research Society and Conflict Analysis Research Centre
Tuesday 2nd – Wednesday 3rd September 2008
University of Kent, Canterbury, UK

Call for papers

The Conflict Research Society and Conflict Analysis Research Centre at the University of will be co-hosting a conference on Conflict and Complexity the Fall. The theme of the conference is a development of the themes of the 2007 conference: cyberconflict and modelling social conflict. Contributions continuing the themes of previous conferences are welcomed.

Abstracts receive to date span an exciting mix of disciplinary backgrounds: international relations, peace research, political science, cultural studies, management science, economics, physics and mathematics.

The 2008 conference seeks to bring together developments in the ‘real’ world and developments in academic understanding. Contemporary conflicts emerge out of complex global conditions, blurring the traditional boundaries between the intra-state and inter-state. As we peer into the future, it is anticipated that future conflicts and the conditions that give rise to them will be characterised by increasing turbulence and complexity. At the same time the science of complex systems is providing radical new ways of understanding the physical, biological, ecological and social universe. This conference provides an opportunity for conflict researchers and complexity researchers to disseminate their work and to explore the interrelationship between conflict and complexity.

Possible complexity topics include: networks; control of complex systems, complex adaptive systems and policy; game theory / interacting agents; self-organisation and evolution; social behaviour and socio-technical systems, macro from micro, inference from data, ecology.

Possible conflict topics include: the future of defence and security; arms control and international security; deterrence theory; harmony and conflict; cooperation, alliances and games; game and related theory; mathematical approaches to conflict management; mathematical models of arms races and wars; empirical and historical studies on the causes of war; crises and war studies; world models; critical economic aspects of the global crises; long-run aspects of the behaviour of international systems; peace science methodology and theory; conflict analysis and management; mediation and conflict resolution; artificial intelligence and cognitive studies; behavioural studies; and hierarchy theory.

The programme will be designed to permit the maximum possible time for discussion. The Society is particularly keen to obtain input from student researchers. An initial expression of interest would be extremely helpful. Contributions will be accepted on the basis of a 150-250 word abstract should be emailed to: g.j.burt@open.ac.uk.

Patrick Philippe Meier

SMS = Secure Messaging Service = iRevolution?

WirelessWeek: Analysts predicted SMS revenues of up to $80 billion worldwide in 2007, with the number of text messages expected to reach a whopping 1.8 trillion by 2010.

CellTrust was founded in 2006 by a group of Internet security experts who wanted to place security high on the mobile agenda taking a proactive approach. This week, they rolled out SecureSMS, the first global secure SMS Gateway. Users can now meet security compliance standards with a cost effective solution providing military strength encryption. The service includes a remote wipe API which means that when a handset is lost or stolen, the user can remotively wipe the handset. The secure SMS Gateway is available in 160 countries worldwide.

This is precisely the technology that I’ve been waiting for and with the revenue stream in the billions of dollars, it’s only a matter of time before sending encrypted texts messages becomes standard operating procedures for Smart Mobs and nonviolent movements alike. SecureSMS may soon be synomimous with the iRevolution. Will this change the balance of power between repressive regimes and social resistance networks? Or will coercive states find a way to block this kind of functionality? Stay tuned.

Patrick Philippe Meier

Iraq Goes Mobile

There was little difference between the Internet and the regular postal mail system when Saddam Hussein was in power. Emails would be sent to a central monitoring unit which would screen the content and determine whether to forward it on to the intended recipient. According to Ameer, the replies to these emails were also censored and would sometimes take weeks to get through, if ever. As for the few Internet cafes that existed (in hotels), communication was regularly monitored and some websites blocked.

This recalls the days of the Soviet Union where centralization was also taken to an extreme. As Brafman and Beckstrom note, if someone in Siberia made a phone call to a comrade living just a hundred miles away, the call would be routed through Moscow. In fact, all phone calls were routed through Moscow. Evidently, the Soviets weren’t the first and certainly not the last to impose central control of communication lines. The expression “All roads lead to Rome” reflected the Roman Empire’s highly centralized transportation system, which in a way was also the information super roadway of the day.

Iraq had no mobile phone network prior to the US invasion, and as Ameer notes, even satellite phone were banned. Today, there are three mobile networks and a dozen Internet Service Providers, which means millions of users. And despite the violence, ISPs continue to roll out Internet and modern telephony systems across the war torn country. Is an Iraqi Smart Mob potentially in the making?

Patrick Philippe Meier