Tag Archives: security

Did North Korea hack Sony Corporation?

The attack on the networks of Sony Corporation was revealed in November. Almost immediately North Korea was blamed. Nobody in computer security circles took the accusations seriously. Now it appears that only a couple of weeks after the incident FBI is certain that North Korea was behind the attack.

Apparently, there were many traces of North Korea involvement left behind. So many, in fact, that it becomes reasonable to question the motivation of those who push the blame.

Attackers used computer servers in Bolivia, Cypress, Italy, Poland, Singapore, Thailand and the United States to attack Sony. The IP addresses associated with those servers have “previously [been] linked to North Korea” by the FBI. The malware used against Sony had what the FBI calls “lines of code” and “data deletion” methods similar to malware “North Korean actors previously developed.” The computer-wiping software used against Sony was also used in a 2013 attack against South Korean banks and news outlets, which the FBI attributed to North Korea. The malware was built on computers set to Korean language — unusual in the hacking world. Hackers demanded Sony Pictures pull “The Interview” to avoid starting a war over a movie.

Nobody in their right mind would execute a long term attack while leaving behind so many traces. Like in criminal stories, when something is too obvious, it may well be the planted evidence.

Political motivation is even more questionable. Sony is a private Japanese company. Why does the US government show such involvement? Obviously, they want an excuse to disconnect North Korea from the Internet or, even better, receive a pretext for a war against them. Obama already promised to strike back at North Korea “proportionately”, without waiting for any evidence of North Korea involvement in the act.

Too often, USA declares something to be true and uses their own statements as justification for waging economic and military aggression against other countries. Now it’s North Korea’s turn. I wouldn’t be surprised if the whole thing has been orchestrated and executed under the US command.… -->

continue reading →

Got “social contract”?

I have heard the words “social contract” one too many times lately. My idea of freedom starts with the freedom of thought and I do not like fuzzy concepts that cloud judgement. I decided to find out what “social contract” actually means. Did you know that the concept itself is centuries old?

At its very basic, we are told that the social contract is an implied contract that one enters into by being a member of society. The contract offers the citizen certain protections while requiring that the citizen will be justly punished for breaking the laws of that society. The concept was first fleshed out by Socrates although he himself refuted the concept as the source of justice later arguing that the justice is inherent to men and cannot originate externally.

This contradiction and inconsistency is carried through the later works of Thomas Hobbes that form the ground for nearly all social contract theorists. The inconsistency, presented by Hobbes, could only be resolved again by admitting that the relationship between the society and the individual does not form the ground for morality. On the contrary, the natural morality of men makes the ground for the forming of the society and its rules.

People do not have an inherent desire to kill, rob and rape. Quite the contrary, if the society norms and laws were lifted today, we would likely go ahead just as we did before, cheerfully helping each other and being nice to strangers. People do not steal, rape and murder not because of some ephemeral social contract but because they are not inclined to. However, we do notice that some people have a tendency for misbehaving, right?

On the one hand, we have to admit that people who have the tendency to steal, murder and rape do so whether the society has mechanisms for punishing the said behaviours or not. On the other hand, we notice that these behaviours are tightly coupled to the possession of property. Unsurprisingly, Locke based his concept of social contract on the idea that men only have disputes when property is involved. The relationships within families are pre-social, they are moral agreements entered to and carried out willingly. As soon as people start having property, claims to property and property disputes, the relationships deteriorate and the necessity to protect oneself and one’s property arises.

Recognizing the problem, … -->

continue reading →

Global survillance economic results

An article in The Morning Call talks about economic impact of the NSA surveillance, but limits the discussion to its area of interest – the US companies, while making me think about the rest of the world:

Worldwide spending on the cloud is expected to double over the next three years to more than $200 billion. U.S. firms have been leaders in developing the technology. According to a new report from the Information Technology & Innovation Foundation, however, global worries about NSA surveillance are likely to reduce U.S. market share.

The report’s admittedly loose estimate is that U.S. cloud-computing firms will lose $21 billion to $35 billion in revenue between now and 2016. According to the report, some 10 percent of non-U.S. members of the Cloud Security Alliance said they’ve canceled a project with a U.S. company since the disclosure of the NSA’s surveillance. In addition, 56 percent indicated “that they would be less likely to use a U.S.-based cloud computing service.”

Interestingly, this does not only apply to the US economy. There are companies everywhere that would rather prefer not to be monitored. That would rather prefer to go about their business without this stranger looking over their shoulder day and night. What will happen?

I think we may be facing a new arms race soon. The businesses with money were not all that interested in keeping things private until now. Now they will likely invest in tools for privacy and the tools will get better. And so off we go, there will be demand for privacy from the, ahem, private sector and the demand for surveillance from the government sector. Big money to be made.

Just wondering… will the common citizen become “collateral damage” in this war?… -->

continue reading →

Surveillance and resistance

Quite interestingly, it seems there is some resistance to total surveillance, both in the minds and in the reality. Yes, the surveillance is increasing and the automated processes for surveillance, linking of events, things and people and follow-up and recognition is driving the technological advances now in the so-called “big data” processing. Not only your shopping habits but also all of your whereabouts can be linked together and clearly identified with sufficient data and processing power.… -->

continue reading →

Про учителя

Однажды Учитель шёл по своим делам через глухой лес. Один, без учеников. На заброшенной тропинке его встретил известный всей провинции разбойник Го Пу Ник. На его несчастье, Учителя в лицо он не знал.
– Слышь, чувак, – сказал он в своей обычной манере, небрежно сплёвывая шелуху от семечек. – Дай позвонить, а?
– Без проблем, – согласился Учитель.
Он как-то хитро повёл рукавом, и в воздухе повис здоровенный колокол. Тонн этак на пятнадцать.
– Звони, – велел Учитель.
Разбойник понял, с кем имеет дело и попытался удрать. Но тяжёлая бамбуковая палка Учителя была наготове.
– Ты позвонить хотел, – напомнил Учитель, после того, как с полчаса вразумлял разбойника по почкам.
Кряхтя от боли, забыв про семечки, разбойник подковылял к колоколу и взялся за канат.
Звонил он долго. До самого вечера. А учитель сидел рядом на травке, попивал сакэ и выразительно помахивал тяжёлой бамбуковой палкой.
К закату разбойник упал без сил.
– Чё, не дозвонился? – ласково поинтересовался Учитель.
Разбойник помотал головой.
– Наверное, абонент не в сети, – участливо заметил Учитель.

Читать еще про учителя и вторая часть …… -->

continue reading →

Why do they write insecure code?

First of all, nobody teaches engineers to write secure code. When people study mechanical engineering, they spend an awful lot of time calculating the designs for reliability and safety. They learn that the bridges must be redundantly safe, that there is a plethora of things that may go wrong with an elevator and so on. Do they learn anything like that in computer classes? No, far from it. People learn the computer programming languages and sometimes about cryptographic protocols. But they never learn how to make the systems stable, safe and secure. They never learn what may happen to a computer system in real life. They do not practice taking preventive measures the way any other engineering specialists would.

Many programmers are then lured into the fake safe heavens of firewalls, safe languages that “take care of things for them” and the proclaimed security of frameworks. Guess what, none of that is true, no language is “safe”, no firewall helps and no framework is perfect. But people are inherently lazy and they prefer to blame someone else instead of taking the responsibility.

And on top of all that comes the cost. Software is a form of art. The good, really professional programmers cost a lot of money. The good designs and their implementations take a lot of resources, read money. Security features are costly, security measures are even more costly. And companies are not willing to pay, customers are not willing to pay, everybody just bitches about poor security and the world moves on, selecting the lowest bidder for security critical infrastructure implementation.

We’re sitting on four million pounds of fuel, one nuclear weapon and a thing that has two hundred thousand moving parts built by the lowest bidder.
— “Rockhound” in the movie “Armageddon”

Do you really think anything will change to the better if none of the above changes?… -->

continue reading →

Surveillance at large

It was only a matter of time before all those security cameras would supply the images to a central location and become a part of a large surveillance network. It was inevitable from the beginning. Now Wikileaks apparently revealed some documents that shed light on the USA surveillance network that is, indeed, using those surveillance cameras all over the country as this article in io9 reports. Inevitable.… -->

continue reading →

USA love TSA!

The Reg reports on a recent survey that conclusively shows that “the majority of Americans think the Transportation Security Administration, which handles security screening at US airports, is doing just fine…”

Overcoming the initial shock, my conclusion is that if the government keeps something up long enough, people will just swallow it in the end because they will no more know any better. Duh, the humanity.… -->

continue reading →