Ged Carroll

Category: security | 保衛 | 정보 보안 | 情報セキュリティー

According to Wikipedia security can be defined:

Security is protection from, or resilience against, potential harm (or other unwanted coercive change) caused by others, by restraining the freedom of others to act. Beneficiaries (technically referents) of security may be of persons and social groups, objects and institutions, ecosystems or any other entity or phenomenon vulnerable to unwanted change. Security mostly refers to protection from hostile forces, but it has a wide range of other senses: for example, as the absence of harm (e.g. freedom from want); as the presence of an essential good (e.g. food security); as resilience against potential damage or harm (e.g. secure foundations); as secrecy (e.g. a secure telephone line); as containment (e.g. a secure room or cell); and as a state of mind (e.g. emotional security).

Back when I started writing this blog, hacking was something that was done against ‘the man’, usually as a political statement. Now breaches are part of organised crime’s day to day operations. The Chinese government so thoroughly hacked Nortel that all its intellectual property was stolen along with commercial secrets like bids and client lists. The result was the firm went bankrupt. Russian ransomware shuts down hospitals across Ireland. North Korean government sanctioned hackers robbed 50 million dollars from the central bank of Bangladesh and laundered it in association with Chinese organised crime.

Now it has spilled into the real world with Chinese covert actions, Russian contractors in the developing world and hybrid warfare being waged across central Europe and the middle east.

  • Hacknet + more things

    Hacknet

    Some Australian developers have made an immersive game about hacking that will be distributed on Steam when released. It’s called Hacknet and here’s the trailer.

    Key outtakes:

    • Misdirection: Matthews would allow surveillance teams to tail him, so that other colleagues would be tail free
    • Playing into stereotype and using them as a judo move; Warsaw Pact men tended to believe a woman’s place was in the home and didn’t think of Matthews’ wife as a potential operator
    • Interesting points on the problems that intelligence agencies have in understanding the motivations of ‘non state actors’ such as religiously motivated terrorists
    • During the cold war, Russians who spied for the US generally didn’t get to spend any money they made, as they would only survive 18 months on average
    • China’s approach is much more long-term ‘picking up grains of sand on the beach’
    • The most dangerous threats in his opinion: Iranian nuclear programme for the set of unknowns that it creates, China as a short, medium and long term threat, Russia as an ongoing but less serious threat than China and ‘non state actors’

    Matthews also took a New York Times journalist on the street to explain what surveillance infrastructure looked like now

    “You never try to elude or escape from surveillance,” he explained. “You want to lull them into thinking that you’re not operational on this particular day. You want to calm the beast.”

    Shadowing Jason Matthews, an Ex-Spy Whose Cover Identity Is Author | New York Times

    More posts on related areas here.

  • Hypeddit + more news

    Hypeddit

    Welcome To Hypeddit – brilliant selection of free tracks. Hypeddit from a content perspective is rather like an old school DJ pool, but online. I wonder how long Hypeddit can last in the face of the music labels copyright enforcement industrial complex

    Business

    Communities Dominate Brands: Matchmaker Matchmaker Make Me a Match – What if Microsoft sold Nokia back to Nokia – much as I would like to see a Jobsian style brand resurrection the market dynamics have moved on and Nokia has bigger issues to deal with. More wireless related posts here.

    Gadget

    It’s almost impossible to make money selling Android phones | Boy Genius Report – which shows the hard place where Microsoft, Nokia and BlackBerry have been. More wireless related posts here.

    Daring Fireball: Apple’s Share of Phone Handset Industry Profits Climbs to 92 Percent – John Gruber on Apple’s ‘profit monopoly’ in the smartphone sector

    Media

    The truth about blogging on Medium | TheNextWeb – why are we having to even have this discussion, Medium is the new Blogger or Typepad

    Online

    Hillary Clinton Takes Aim at Uber, Wall Street In First Economic Speech – it was inevitable the sharing economy was going to get political

    Security

    Privacy talk at DEF CON canceled under questionable circumstances | CSO Online – the information that’s out there points to a national security letter being served on the developers

    The Use of Encrypted, Coded and Secret Communications is an “Ancient Liberty” Protected by the United States Constitution – which puts the law at odds with the U.S. intelligence industrial complex

    Software

    What’s Weixin? A Short Guide to China’s Super App – What’s on Weibo – 100 million users in 400 days. What’s interesting is the way Weixin has managed to cram so much functionality in one app and not compromising on ease of use. This is in sharp contrast to the rise of app constellations

  • The July 7th bombing post

    The tenth anniversary commemoration of the July 7th bombings across London caused me to reflect on my memories of the day.

    Unlike a lot of London, I was non-plussed about the winning Olympic bid as I had a keen idea of the kind of disruption it would bring to my part of London. The events that happened on July 7, rolled out in a more gradual way for me, so there wasn’t a moment etched in my memory in the same way as I had watching the TV footage of the airplanes hitting the World Trade Center towers. My memory is less distinct. July 7, 2005 started just like most other summer week days for me at the time.
    London tube bombing
    I was working as part of the European marketing team at Yahoo! based out of 125 Shaftesbury Avenue, I had been working there for a few months. My journey to work on the central line was the usual experience of arriving to the office as a hot and sweaty mess due to the overcrowded trains. I wasn’t aware of the tube bombing that happened roughly about the time that I had travelled in.

    It was before 10am when I wandered into the legal department who where in the north east corner of our building on Shaftesbury Avenue. I was trying to get a rush on a press release approval. We were high enough up that it offered a good view over central London north of Oxford Street. Whilst chatting to Liyen McCoy, both of us  heard a crack that sounded to me like exhaust backfiring on a car. Liyen mentioned that she hoped it wasn’t a bomb, I didn’t think it was at the time. In retrospect, it could have been just a coincidence, or it was the sound of the bomb going off on the bus as it passed through Tavistock Square in Bloomsbury.

    I went back to my desk and word started to come through from via the internal grapevine from engineering, through the editorial staff and on to the marketing team. Something was up as the first pictures started to hit flickr and attract a surge in viewer numbers. It was pretty soon after this that I noticed that the cell phone network had gone down, I was on Orange (now EE) at the time; soon other colleagues on Vodafone and O2 noticed similar drop in network access. Soon after that email stopped working properly.

    A little later, word came back into our corner of the office that the editioral team where taking the Yahoo! UK home page offline. They were going to strip the adverts off the page (partly because it wouldn’t be great to brand adverts positioned against news of this nature, and partly to reduce the strain we were seeing on our servers due to the web traffic coming in). The home page would be hard coded in HTML using Dreamweaver and updated manually.

    This gave the UK readers a fighting chance of getting up to date news, meanwhile I struggled to get any web page at all over the office network as web access degenerated into a series of blank browser screens.  My desk phone couldn’t dial out, in fact the only thing that did seem to work was Yahoo! messenger. Rumours started to swirl around the the government had somehow locked down all the networks near the bomb sites, but the fact that messenger worked indicated to me that it was just too much traffic. Eventually I managed to contact Jonathan Hopkins who was the account manager on the Yahoo! account at Bite back then. I found out from him that all his colleagues were accounted for and safe.

    There was concerns that there maybe other blasts and I can’t remember going out for lunch as we were all advised to stay in the building.  Eventually we were allowed home and I walked the six miles back to Bow. I didn’t know my way, my smartphone at the time was a Palm Treo 650 which worked off GPRS, or if you were really lucky EDGE, not that would have made a difference. I didn’t have cell reception to look up maps online. Even if I had got access to online maps, the Treo 650 didn’t have a built in GPS unit, that didn’t come along until Nokia launched the N95 18 months later.

    I remember I followed the crowds heading east and kept on going as their numbers started to thin. Occasionally I rooted around in my bag for my dog-eared spiral bound A-to-Z atlas of London to make sure I was going the right way by checking road names against the map. Eventually I managed to find my way to Stepney Green tube station and from there it was plain sailing. As I got near home I managed to text my parents to let them know I was alright. More London themed posts here.