Security consultants have a vested interest in scaring you, your employer's IT department and the politicians. Mo' fear means mo' money. There are a few good guys out there, but none of them are working for McAfee, Norton, the Big Consultancies or the big software support companies. Those people are in it for the money. Here's a quick test for anyone who claims to be a computer security consultant. Ask them if you need McAfee or Norton running all the time on your computer. If they say YES, thank them for their time, show them the door and check you still have your watch and all your fingers when they've left. (Why you should is the subject of another post.)
Though the security consultants often seem to be against the Sigint community, their interests are more or less exactly aligned. The Signint guys want the Bad Guys off the Internet because the Bad Guys are lost in the noise there, so they spread stories about how the Internet and phone service is their bitch. The security consultants want to sell you their stuff, so they spread stories about how the Internet and phone service is anyone's bitch, but especially the sigint guys'.
(Don't get me wrong. Banks, medical companies and government departments that deal in personal data need to have secure communications and computers and data. They should vet their staff and make it difficult for even employees to sign on to their networks. You need to practice safe computing at home and in cafes, and run your OS firewalls. But like all security, this is to deter amateurs and up the cost of hacking you as against the next person. If the pros want access to your computers, they will get it.)
The hype says that the sigint agencies can search amongst all this data to find "patterns". There are two kinds of patterns. First those obtained by looking at who is contacting who, and who visits what websites, sometimes called "traffic analysis". The idea is that the agencies have certain kinds of pattern-archetypes they prepared earlier, and go looking for those in new traffic records, thus finding terrorists, drug dealers, illegal gambling lines and all sorts of other illegal activity. Because terrorists and drug dealers don't learn and are creatures of habit. This is more-or-less nonsense. Traffic analysis works when listening in on radio traffic between armed forces engaged in industrial-scale warfare (which is where it came from), but unless it's used in conjunction with a list of "numbers (or URL's) of interest", it's more or less useless on a retail scale. The second kind of patterns are about content: word use, photographs and the like. In business, this is known as predictive modelling, and there's a huge problem with it.
Predictive modelling is used to identify people who have a higher probability of doing whatever it is you're selling or supplying: using certain kinds of social services, taking insurance or loans, making insurance claims, defaulting on payments (that's a huge industry in the financial sector called "credit risk"), committing crimes, or redeeming coupons for Pampers. These are almost always events with a very low incidence - very few people do them each month - and a fairly low prevalence - the stock of people who have done them is less than 10%.
A bliding glimpse of the obvious is that if you want to predict a rare event with high probability, it must be with a bunch of indicators which line up just right almost equally rarely. In business, it can be acceptable to use a method that over-predicts wildly, as long as it over-predicts less wildly than the previous method. If you can send only half as many leaflets and get twice the response rate from those letters, you've halved your marketing costs and kept the same revenues. In business that counts as a result. In espionage, that's awful: you have far too many false positives.
The other blinding glimpse of the obvious is that you need enough examples of people doing whatever it is to find and prove patterns with statistical techniques. There just aren't enough terrorists in the UK, and there haven't been enough bombings, to gather that amount of data.
The holy grail of predictive modelling is that the private process has a public choke-point: everyone who does X, must do Y or Z and almost the only reason for doing Y or Z is X, and that Y and Z are both easily observable. Seeing someone come out of a branch of William Hill is pretty good evidence that they laid a bet. As far as anyone knows, there’s no equivalent of William Hill’s for terrorists and other nasties. And even if there was, it wouldn’t last for long, as they will change methods on an erratic basis. This is basic tradecraft that’s been practiced since Sun Tzu ran spies, and it’s not rocket science. You think that bit in The Wire where the bad guys sent each other photographs of clocks wasn’t based on a real example?
No. Nobody is using Big Data techiniques to spot malfeasors and terrorists. They might be trying, but you can rest easy that they will fail. The benefits of Big (commercial) Data are mostly hype, and the benefits of Big (Intelligence) Data are total vapourware. Except, and this is crucial, when the agencies have a bona fide target and can get that target’s phone numbers and other comms identities. That takes humint, not Big Data. Business has had Big Data for a long time, and the best it can do is improve the efficiency of its mail order shots from, oh, 0.2% to 0.6%.
Collecting data on “everyone” is so obviously pointless, un-economic and silly that if the NSA and GCHQ are doing it, or heading that way, the people in charge should be fired. I don’t think the people who run these agencies are stupid. I don’t think they are really doing what the FUD-meisters in the security business suggest they are doing. But I do think they don’t mind that the security FUD-meisters are saying that they can and are.
So was Edward Snowden actually planted on us by the NSA to spread the fear? I don’t think so. Though it would explain why his location wasn’t found within an hour by an operator looking at hotel security footage from across the world, and why he wasn’t shot the next evening by a special forces sniper flown out to Hong Kong on a Gulfstream and guided by imagery of the hotel bedroom taken from one of the smartphone cameras that was turned on automatically from half-way across the world. Because that’s what the NSA and CIA can really do. Right?
Oh. And the scene in Citizen Four where the bullies from GCHQ make the Guardian journalists grind and drill holes in the hard drives to destroy the data? Pure hype. On a modern terabyte-storing 3.5" platter, a single write 0's pass will eradicate the data past all restoring, just as securely as some fancy 7-pass US DoD wiping algorithm. The forensic guys can deal with lightly damaged discs, discs that have lost their controllers and stuff like that, but once you do a standard disk wipe, it's gone. Hit it with a hammer a few times afterwards if you like. But the guys from GCHQ would prefer you believed that they can see past a data shred, so that you didn't bother in the first place. Then they could "recover" the data.
Thursday, 8 January 2015
Monday, 5 January 2015
Citizen Four (1): The Logistics of Tapping
Citizen Four is an excellent documentary about the first days of the Edward Snowden revelations. There’s a lot of him in the movie, and he seems to be an intelligent, savvy young man. This post isn’t about him or the rights and wrongs of indiscriminate surveillance, but about the feasibility of the claims being made about the recent activities of the NSA and GCHQ. It's therefore also about how worried you should be by all those revelations.
Right now the sigint (signals intelligence, as opposed to “humint” which is actual people) community are sending out some very mixed messages. On the one hand, they want to get content-level access to e-mails, websites, Facebook, Twitter and everything else, and they want ISPs to keep it all for a few months. On the other, seemingly they can tap and de-crypt anything, anywhere and in real time, they can turn on the microphone of your smartphone and listen in to your regular conversations of your smartphone, while using its GPS to track you.
Personally, I find the idea that, should I ever get lost or kidnapped, all anyone has to do is call Fort Meade and ask them where my phone is.
As if. The sigint community are, and have been for a good few years, drowning in digital noise. Let's do a little history.
The heyday of sigint was up to the mid 1990’s when most of the world’s telecoms traffic went through copper cable or by radio to satellites. That’s what the GPO Tower was built for: maser trunk transmission.
They took the masers away a couple of years ago. That’s what all those domes at Menwith Park and other places are for. It’s all still useful, as a lot of traffic to Africa, North Asia, parts of the Middle East and other assorted hot spots still goes over satellite. (The Sea-Me-We and FLAG cables go to the major towns in their destination countries, not to places like Syria or Kurdistan. Don't even think about trunk landlines in Syria or Kyrgyzstan.) All you have to do with copper was wrap some wire round it to pick up the magnietic fields created by the changes in current that is the signal, attach it to some headphones or a tape recorder and you're in the bugging business. It's much the same with radio waves. Point an ariel at the sky, tune your reciever to what you know is the satellite's frequency and wander around until you get a good signal. A few technical details aside, that's more or less it.
And then came fire-optic cable and digital. The Signint community hates fibre-optics and digital communication, because:
It makes effective encryption easy;
There’s no regulation of the technology;
It allows humungous amounts of traffic: they aren’t just looking for a needle in a haystack but a salt crystal in a ocean;
It’s horribly difficult clandestinely to monitor communications
That last bit contradicts what you will find on interwebz, which will have you believing that you too can tap into a fibre-optic cable for a tiny cost. Well, first you have to find it. Then you’ve got to dig it up. Then you have to put in your tapping device - and since that involves physically manipulating the fibre, it’s impossible to do without setting off alarms back at the carrier’s NOC - but let’s assume the operators were watching football at the time, and then you re-bury the cable.
Here’s the first question: how are you going to get all that data back to base? A main trunk line will pour out data at around 2T bits/second. Lucky for you that you just happen to have a similar quality fibre-optic cable laid right up to where you did the intercept? Because that doesn’t cost anything to do and isn’t a bureaucratic nightmare anywhere except the City of London. Ah, I see, you have a submarine - the USS Jimmy Carter - that specialises in doing this. And also happens to carry and be able to lay enough cable to get from your tapping point back to some secure naval base, because the commercial cable-layers are just kidding with those big specialised ships and nine-figure costs. Having got the data back to your secure naval base, you then send it down a secure high-capacity line that comes free with every big ol’ shed you build in Utah.
Here’s the real joke. When you’ve done all that, all you’re getting is a light show. Billions and billions of different-coloured photons. You have no idea which photons belong where and do what. The telcos and ISPs have expensive multiplexers at each end of the cable to send and receive all those photons. Those multiplexers have to be set up and synchronised, and can be changed quite easily and without telling the NSA. Without knowing how the sending multiplexer is set up, all you’re getting is a very fast sparkler. So it’s a good thing you have an inside source at the ISP or carrier. You do, right? And no, you can’t use some fancy algorithm to find the order in the light show. Just in case you were thinking that.
No. Nobody’s doing any large-scale tapping of modern fibre-optic cable. The logistics are impossible. What the sigint services do is connect some kit to the telco's switch (for TDM / SS7 voice traffic) or router (for data traffic) so they get a feed that's been neatly structured. They still have to de-crypt it, maybe, and search it, but it's a manageable amount of traffic. They are supposed to have a Court Order when they do that, and I'm sure they do, but... I'm guessing that what's in their kit these days is an array of multi-terabyte drives, and they copy more data than they have permission for. Every week they pop in and swap out the storage arrays. Hence their desire to make legal what they are doing now anyway. But this is a guess.
(To be continued)
Right now the sigint (signals intelligence, as opposed to “humint” which is actual people) community are sending out some very mixed messages. On the one hand, they want to get content-level access to e-mails, websites, Facebook, Twitter and everything else, and they want ISPs to keep it all for a few months. On the other, seemingly they can tap and de-crypt anything, anywhere and in real time, they can turn on the microphone of your smartphone and listen in to your regular conversations of your smartphone, while using its GPS to track you.
Personally, I find the idea that, should I ever get lost or kidnapped, all anyone has to do is call Fort Meade and ask them where my phone is.
As if. The sigint community are, and have been for a good few years, drowning in digital noise. Let's do a little history.
The heyday of sigint was up to the mid 1990’s when most of the world’s telecoms traffic went through copper cable or by radio to satellites. That’s what the GPO Tower was built for: maser trunk transmission.
They took the masers away a couple of years ago. That’s what all those domes at Menwith Park and other places are for. It’s all still useful, as a lot of traffic to Africa, North Asia, parts of the Middle East and other assorted hot spots still goes over satellite. (The Sea-Me-We and FLAG cables go to the major towns in their destination countries, not to places like Syria or Kurdistan. Don't even think about trunk landlines in Syria or Kyrgyzstan.) All you have to do with copper was wrap some wire round it to pick up the magnietic fields created by the changes in current that is the signal, attach it to some headphones or a tape recorder and you're in the bugging business. It's much the same with radio waves. Point an ariel at the sky, tune your reciever to what you know is the satellite's frequency and wander around until you get a good signal. A few technical details aside, that's more or less it.
And then came fire-optic cable and digital. The Signint community hates fibre-optics and digital communication, because:
It makes effective encryption easy;
There’s no regulation of the technology;
It allows humungous amounts of traffic: they aren’t just looking for a needle in a haystack but a salt crystal in a ocean;
It’s horribly difficult clandestinely to monitor communications
That last bit contradicts what you will find on interwebz, which will have you believing that you too can tap into a fibre-optic cable for a tiny cost. Well, first you have to find it. Then you’ve got to dig it up. Then you have to put in your tapping device - and since that involves physically manipulating the fibre, it’s impossible to do without setting off alarms back at the carrier’s NOC - but let’s assume the operators were watching football at the time, and then you re-bury the cable.
Here’s the first question: how are you going to get all that data back to base? A main trunk line will pour out data at around 2T bits/second. Lucky for you that you just happen to have a similar quality fibre-optic cable laid right up to where you did the intercept? Because that doesn’t cost anything to do and isn’t a bureaucratic nightmare anywhere except the City of London. Ah, I see, you have a submarine - the USS Jimmy Carter - that specialises in doing this. And also happens to carry and be able to lay enough cable to get from your tapping point back to some secure naval base, because the commercial cable-layers are just kidding with those big specialised ships and nine-figure costs. Having got the data back to your secure naval base, you then send it down a secure high-capacity line that comes free with every big ol’ shed you build in Utah.
Here’s the real joke. When you’ve done all that, all you’re getting is a light show. Billions and billions of different-coloured photons. You have no idea which photons belong where and do what. The telcos and ISPs have expensive multiplexers at each end of the cable to send and receive all those photons. Those multiplexers have to be set up and synchronised, and can be changed quite easily and without telling the NSA. Without knowing how the sending multiplexer is set up, all you’re getting is a very fast sparkler. So it’s a good thing you have an inside source at the ISP or carrier. You do, right? And no, you can’t use some fancy algorithm to find the order in the light show. Just in case you were thinking that.
No. Nobody’s doing any large-scale tapping of modern fibre-optic cable. The logistics are impossible. What the sigint services do is connect some kit to the telco's switch (for TDM / SS7 voice traffic) or router (for data traffic) so they get a feed that's been neatly structured. They still have to de-crypt it, maybe, and search it, but it's a manageable amount of traffic. They are supposed to have a Court Order when they do that, and I'm sure they do, but... I'm guessing that what's in their kit these days is an array of multi-terabyte drives, and they copy more data than they have permission for. Every week they pop in and swap out the storage arrays. Hence their desire to make legal what they are doing now anyway. But this is a guess.
(To be continued)
Thursday, 1 January 2015
Happy New Year - With Some 70s’ Songs
Happy New Year. Three 70's tunes for you.
"As complete a portrait of total alienation as I've ever heard in music" (Charles Shaar Murray, NME)
It starts in the middle of a phrase, has a downbeat swing, stunning vocals and I get lost in it after a couple of bars
Is this where the Bee Gees got that Saturday Night Fever feel from?
"As complete a portrait of total alienation as I've ever heard in music" (Charles Shaar Murray, NME)
It starts in the middle of a phrase, has a downbeat swing, stunning vocals and I get lost in it after a couple of bars
Is this where the Bee Gees got that Saturday Night Fever feel from?
Monday, 29 December 2014
Those In-Between Days
Sunday Evening; I'm watching Celine and Julie Go Boating - though I may have to do it in two parts because I'm going into work Monday. If you haven't seen this film, do so and you will understand something has been missing from your life.
Also I've spent a couple of days immersed in complex analysis and Riemann-Roch and finally found the simple proof. Not a holomorphic one-form, divisor or sheaf in sight. Well, there is for the projective case, but that's another proof.
Next post will be 2015. That is not a real year. For the first twenty years of my life, 2015 was a different world. Where's my interstellar transport?
Also I've spent a couple of days immersed in complex analysis and Riemann-Roch and finally found the simple proof. Not a holomorphic one-form, divisor or sheaf in sight. Well, there is for the projective case, but that's another proof.
Next post will be 2015. That is not a real year. For the first twenty years of my life, 2015 was a different world. Where's my interstellar transport?
Thursday, 25 December 2014
Ruby Rose: Transformation
(Props to Fashion Copious)
Ruby is supposed to be "genderfluid", which only make sense if you think that gender is determined by where you buy your shirts. Basically. 80-proof nonsense, but who cares? If only the average British TV drama had these production values and photography.
Happy Christmas.
Monday, 22 December 2014
Why You Drink
Someone circulated this at work.
It could also be why you buy lottery tickets. Or it could be a good example of how capitalism uses humour to disguise victim-blaming. You shouldn't need to drink because you're not scrambling up the greasy pole. You should have a meaningful, satisfying life instead. But you don't, because capitalism, commuting and socialist-state level taxes. But it's still your fault you drink. Because you could put up with all that shit sober, and therefore have a choice.
But I think they thought they were being funny.
It could also be why you buy lottery tickets. Or it could be a good example of how capitalism uses humour to disguise victim-blaming. You shouldn't need to drink because you're not scrambling up the greasy pole. You should have a meaningful, satisfying life instead. But you don't, because capitalism, commuting and socialist-state level taxes. But it's still your fault you drink. Because you could put up with all that shit sober, and therefore have a choice.
But I think they thought they were being funny.
Thursday, 18 December 2014
It's Carl Jung's Colours Time Again!
Every now and then, we do Colours. It’s supposed to make us aware of each others' differing personal styles and so help us work better together. It was invented by C G Jung and is based on two scales: introversion – extraversion and intellectual – feeling.
It looks plausible and it’s fun. But it’s also based on a misleading concept of human action and personality. Here’s my take on it:
If I’m Cautious it’s because this is the kind of stuff that can wind me up in the shit , and I want to be sure I’m not going to wind up in the ….
If I’m Meticulous, it’s because wrong details will wind me up in the shit
I’m not Deliberate
If I’m Systematic, it’s because it saves effort when I have to do it again
I’m not Formal
If I’m Candid it’s because that’s what I think it might take to get the results I want
I’m Straightforward, because I’m a man
If I’m Single- minded, it’s because I want to get this shit done and out of my life
I’m not Purposeful
If I’m Persevering, it’s because this shit won’t go away so we may as well get done with it
If I’m Diplomatic, it’s because I think you’ve got thin skin or a bad sense of entitlement
I’m Nurturing, Supportive and Patient it’s because I’m a decent person, and you deserve it
I’m Dependable, because I’m a man, and you haven’t done anything to disqualify yourself
If I’m Impulsive, it’s because the sun is shining
I’m not Energetic, I just grind this shit out
I’m Optimistic when the odds justify it, which is not often
I’m not Lively
I’m Persuasive when I think you can be persuaded and I give a shit about whatever it is
People have styles, but these are superficial. The transition into adulthood is about living a life that is about achieving results, in a broad sense that includes raising children, making and nurturing friendships and having fun. So our actions are directed towards those ends, and the style with which we do them reflects the people with whom and the circumstances in which we’re doing them. We do what’s needed to get the job done. People who say “I can’t do that” or “I can’t be like that” might be having a childish moment, but mostly we say things like “Really? Is it worth it?” which is about risk/effort vs reward. That’s a very adult view of the world. So I’m meticulous when I need to be, but not otherwise, as are most people. Some people are just super-control freaky (I am meticulous, you are a little obsessed with details, he/she is a control freak) most of the time, and they have psychological problems. That’s why you need to be careful round them, not because they are detail freaks.
In other words, being an adult is exactly not about being at the mercy of whatever whimsical character genetics you were born with. It’s about transcending those to be someone who gets the shit they need doing, done. And Colours measure the residual stuff that we do when we’re not thinking about how we’re acting.
It looks plausible and it’s fun. But it’s also based on a misleading concept of human action and personality. Here’s my take on it:
If I’m Cautious it’s because this is the kind of stuff that can wind me up in the shit , and I want to be sure I’m not going to wind up in the ….
If I’m Meticulous, it’s because wrong details will wind me up in the shit
I’m not Deliberate
If I’m Systematic, it’s because it saves effort when I have to do it again
I’m not Formal
If I’m Candid it’s because that’s what I think it might take to get the results I want
I’m Straightforward, because I’m a man
If I’m Single- minded, it’s because I want to get this shit done and out of my life
I’m not Purposeful
If I’m Persevering, it’s because this shit won’t go away so we may as well get done with it
If I’m Diplomatic, it’s because I think you’ve got thin skin or a bad sense of entitlement
I’m Nurturing, Supportive and Patient it’s because I’m a decent person, and you deserve it
I’m Dependable, because I’m a man, and you haven’t done anything to disqualify yourself
If I’m Impulsive, it’s because the sun is shining
I’m not Energetic, I just grind this shit out
I’m Optimistic when the odds justify it, which is not often
I’m not Lively
I’m Persuasive when I think you can be persuaded and I give a shit about whatever it is
People have styles, but these are superficial. The transition into adulthood is about living a life that is about achieving results, in a broad sense that includes raising children, making and nurturing friendships and having fun. So our actions are directed towards those ends, and the style with which we do them reflects the people with whom and the circumstances in which we’re doing them. We do what’s needed to get the job done. People who say “I can’t do that” or “I can’t be like that” might be having a childish moment, but mostly we say things like “Really? Is it worth it?” which is about risk/effort vs reward. That’s a very adult view of the world. So I’m meticulous when I need to be, but not otherwise, as are most people. Some people are just super-control freaky (I am meticulous, you are a little obsessed with details, he/she is a control freak) most of the time, and they have psychological problems. That’s why you need to be careful round them, not because they are detail freaks.
In other words, being an adult is exactly not about being at the mercy of whatever whimsical character genetics you were born with. It’s about transcending those to be someone who gets the shit they need doing, done. And Colours measure the residual stuff that we do when we’re not thinking about how we’re acting.
Subscribe to:
Posts (Atom)