Reciprocity – Making Progress

future-city-1Hey all. Just wanted to let people know that I’m still around. And as luck would have it, I’ve found myself with some free time; free time that I’ve put towards creative writing again! In the past two weeks in fact, I have come up with a lot of new ideas for both Oscar Mike and (more importantly) Reciprocity. On this latter project, I’ve spent the past few days working through the half-written spots, and now I have a full five chapters done.

More importantly, I have revised the overall plot yet again. The last time I did this (not that long ago), I chose to change the nature of the antagonist to that of a Chinese ex-pat who was a former member of Unit 61398 – the People’s Liberation Army’s cyber warfare division. His name was Shen, and his plot involved a string of kidnapping, double-dealing, and cyber-terrorism that threatened to change the global geopolitical balance.

I liked this idea because I felt that after a good deal of research, the focus of the story should be on post-communist China, where a great deal of social confusion and economic turmoil was leading to the emergence of a semi-fascist state. In a pattern that is reminiscent to modern-day Russia, Shen sought to take advantage of these changes in order to unleash a massive cyber attack.

The downtown district of Shanghai. One of many locations in the story.
The downtown business district of Shanghai. One of many locations in the story.

This would have the effect of completely preoccupying the west, disabling the US Pacific Fleet, and allowing China’s new government to occupy Taiwan and the South China Sea, thus asserting their territorial sovereignty over the region. While this was interesting (at least to me), it still fell short. What I really wanted was an antagonist in the story that would make the focus be all about the two greatest issues we will be facing in the not-too-distant future.

These issues are none other than climate change, which will result in more in the way of droughts, wildfires, flooding, coastal storms, tornadoes, and diminishing resources; and technological progress, which will result in the pace of change and getting faster and faster to the point of total unpredictability.

For awhile, I’ve been writing about these subjects, and they were supposed to be the centerpiece of the story. So here’s the new plot, in a nutshell: The year, same as always, is 2030. A technological magnate’s child disappears while slumming in the Pacific Northwest in what appears to be an act of kidnapping. However, his disappearance is in fact orchestrated as part of a complex cyber intrusion designed to steal company data.

InternettrafficThe man leading this theft – who is known only as Zeke – intends to leverage this data in mainland China, where a former member of Unit 61398, now himself a technological magnate, is in possession of a quantum-based cyber virus of last resort, a weapon that was created for a war that never happened. This virus is known as “Baoying”, which in Chinese, loosely translates to Reciprocity.

Zeke knows about this weapon because he spent years developing contacts around the world, bringing together gun runners, terrorists, socialist and anarchist militias, and Chinese ex-pats that reaches from Central Asia and the Middle East all the way to South America and the South Pacific. Though separated by ideological differences, these organizations are united in wanting to see an end to the status quo.

Zeke, however, has his own agenda. A one-time member of the technological magnates he is now using as pawns, he saw so much of the world and witnessed atrocities firsthand. He also witnessed how the privilege of developed countries is paid for in the blood of others. After a scandal in which he publicly aired all of his companies many shady dealings, his partners crucified him and cast him to the fringes of society.

^In an age where the richer nations are facing the prospect of limitless energy, quantum computing, abundant resources and post-mortality while other states are failing due to displacement and mass starvation, Zeke is hoping to level the playing field once and for all. He is a genius and a man moved by a personal sense of justice. But most of all, he is a man dealing with terrible demons and some deep trauma that he can’t begin to suppress.

This kind of plot, I think, works so much better. The antagonist seems much more socially relevant, the story more focused on the big issues I like to explore, and it all seems a little less hawkish than a story where the Chinese are essentially the bad guys. But most of all, I envisioned a climactic scene where the antagonist – while explaining his motivations – says something like this:

I want a future I can control. I want a future where I have a choice. I am sick of unpredictability, or chaos and confusion. I’m sick of people being left behind, and our world being torn apart. Tomorrow, everyone will find themselves on common footing. Tomorrow, we will begin thinking towards our common future.

Try getting something like that out of a former communist who just wants to see his country win a war! Well, that’s the idea as I see it right now. What do you think? Sound good?

Reciprocity – The Deets

self-aware-colonyHey again, all. I find myself with some spare time for the first time in awhile. So I thought I might take a moment to share an idea I’ve been working with, in a bit more detail. Last post I made, I talked about the bare bones of a story I am working on known as Reciprocity, the successor to the story known as Apocrypha. But as it turns out, there are a lot of details to that story idea that I still want to share and get people’s opinion on.

You might say this is a story that I am particularly serious about. Should it work out, it would be my break from both space-opera sci-fi and zombie fiction. A foray into the world of hard-hitting social commentary and speculative science fiction.

The Story:
So the year is 2030. The world is reeling from the effects of widespread drought, wildfires, coastal storms, flooding, and population displacement. At the same time, a revolution is taking place in terms of computing, robotics, biomachinery, and artificial intelligence. As a result, the world’s population finds itself being pulled in two different directions – between a future of scarcity and the promise of plenty.

space-solar-headSpace exploration continues as private aerospace and space agencies all race to put boots on Mars, a settlement on the Moon, and lay claim to the resources of the Solar System. India, China, the US, the EU, Russia, Argentina, Brazil, and Iran are all taking part now – using robotic probes and rovers to telexplore the System and prospect asteroids. Humanity’s future as an interplanetary species seems all but guaranteed at this point.

Meanwhile, a new global balance of power is shaping up. While the US and the EU struggle with food and fuel shortages, Russia remains firmly in the grips of quasi-fascist interests, having spurned the idea of globalization and amicable relations with NATO and the EU in favor of its Collective Security Treaty, which in recent years has expanded to include Iran, Afghanistan and Pakistan.

shanghai_towerMeanwhile, China is going through a period of transition. After the fall of Communism in 2023, the Chinese state is lurching between the forces of reform and ultra-nationalism, and no one is sure which side it will fall on. The economy has largely recovered, but the divide between rich and poor is all too apparent. And given the sense of listless frustration and angst, there is fear that a skilled politician could exploit it all too well.

It’s an era of uncertainty, high hopes and renewed Cold War.

The MacGuffin:
The central item of the story is a cybervirus known as Baoying, a quantum-decryption algorithm that was designed by Unit 61398 in the early 2020’s to take down America’s quantum networks in the event of open war. When the Party fell from power, the Unit was dissolved and the virus itself was destroyed. However, rumors persisted that one or more copies still exist…

MatrixBackgroundNotable Characters:
For this ensemble to work, it had to represent a good cross-section of the world that will be, with all its national, social and economic boundaries represented. And so I came up with the following people, individuals who find themselves on different sides of what’s right, and are all their own mix of good, bad, and ambiguous.

William Harding: A privileged high school senior with an big of a drug problem who lives in Port Coquitlam, just outside of the Pacific Northwest megalopolis of Cascadia. Like many people his age, he carries all his personal computing in the form of implants. However, a kidnapping and a close brush with death suddenly expand his worldview. Being at the mercy of others and deprived of his hardware, he realizes that his lifestyle have shielded him from the real world.

Amy Dixon: A young refugee who has moved to Cascadia from the American South. Her socioeconomic status places her and her family at the fringes of society, and she is determined to change their fortunes by plying her talents and being the first in her family to get a comprehensive education.

Climate_ChangeFernie Dixon: Amy’s brother, a twenty-something year-old man who lives away from her and claims to be a software developer. In reality, he is a member of the local Aryan Brotherhood, one of many gangs that run rampant in the outlying districts of the city. Not a true believer like his “brothers”, he seeks money and power so he can give his sister the opportunities he knows she deserves.

Shen Zhou: A former Lieutenant in the People’s Liberation Army and member of Unit 61398 during the Cyberwars of the late teens. After the fall of Communism, he did not ingratiate himself to the new government and was accused of spying for foreign interests. As  result, he left the country to pursue his own agenda, which places him in the cross hairs of both the new regime and western governments.

artificial-intelligenceArthur Banks: A major industrialist and part-owner of Harding Enterprises, a high-tech multinational that specializes in quantum computing and the development of artificial intelligence. For years, Banks and his associates have been working on a project known as QuaSI – a Quantum-based Sentient Intelligence that would revolutionize the world and usher in the Technological Singularity.

Rhianna Sanchez: Commander of Joint Task Force 2, an elite unit attached to National Security Agency’s Cyberwarfare Division. For years, she and her task force have been charged with locating terror cells that are engaged in private cyberwarfare with the US and its allies. And Shen Zhou, a suspected terrorist with many troubling connections, gets on their radar after a mysterious kidnapping and high-profile cyberintrusion coincide.

And that about covers the particulars. Naturally, there are a lot of other details, but I haven’t got all day and neither do you fine folks 😉 In any case, the idea is in the queue and its getting updated regularly. But I don’t plan to have it finished until I’ve polished off Oscar Mike, Arrivals, and a bunch of other projects first!

Rebooting An Idea – Reciprocity

future-city3For awhile now, I’ve been tinkering with a story idea known as Apocrypha. It first came to me back in 2009 when I decided to move away from space opera and into more hard science fiction. I even decided to relaunch the idea a few months back, which would be the second time I decided to reboot the idea. And now, I’m rebooting it yet again, but with one major change.

Basically, I’ve re-conceived the plot to focus on a world set in 2030, where China’s Communist system has collapsed, Russia continues to exist as a semi-fascist state, the internet of things is in full swing, and several different forces are competing for control over which direction the future takes. Some want to rehash old rivalries, while others want to bring about a revolution in computing that will dissolve all boundaries.

shanghai_towerThe name of the new story is Reciprocity, which is taken from the Chinese concept of Bao Ying. I chose this as a name because while researching Chinese ancestral religion, I came across a central theme which states that the fate of all human beings is determined by cosmic reciprocity.

The concept of Bao Ying is also expressed as follows in various Zhou-Dynasty texts:

On the doer of good, heaven sends down all blessings, and on the doer of evil, he sends down all calamities.

This belief incorporates two separate elements:

  1. Ming yun: which loosely translated, means personal destiny. Whereas ming is “life” or “right”, the word yun defines “circumstance” and “individual choice”. In the Chinese ancestral faith, it is perceived as something both fixed (bound by fate) and flexible (implying choice and free will).
  2. Yuan fen: which means “fateful coincidence”, describing good and bad possibilities and potential relationships. Here too, the elements of fate and choice intersect, with good and bad casualties being assigned usually to one or the other.

Both concepts are linked, because what appears on the surface to be chance events (for better or worse), are part of the deeper rhythm that shapes personal life based on how destiny is directed. Given the fact that I thought the story should focus on China, this concept spoke to me.

cyber_virusOriginally, Apocrypha was all about a group of apocalyptic terrorists who have ties to various anti-modernist, anti-western groups who try to use a Chinese cyber-virus named Hǔnluàn (Chinese for chaos) to accomplish their goals. However, this idea wasn’t panning out in a few ways. Mainly, the antagonists didn’t seem believable to me, especially where their motivations are concerned.

But after talking it over with a friend and neighbor, I came to realize that the real focus of the story was China – or rather, how the aftermath of Maoism would affect the country and the global balance of power. In this sense, the antagonists were much more believable if they themselves were Chinese ex-pats, people who were unhappy with the current world order and wanted to change it.

Unit-61398-Chinese-Army-Hacking-Jobs-With-Great-BenefitsBorrowing from Russia’s post-Communist experience, I basically foresee China going through many of the same problems in the near future. First, the state would find itself under a great deal of pressure due to ongoing demands for reform, pro-democracy protests, and the memory of Tienanmen Square. And I also imagine the health effects of air pollution and cancer farms would also add to the resistance.

But by the 2020s, I expect that the country will also be reeling from the effects of drought, famine, and the destruction of water tables. And then there would be the collapse of the economy caused by the implosion of the real estate bubble – a very likely possibility – which would end the Party’s long history of buying loyalty with economic growth. At that point, the Party would officially fall under the weight of its own corruption, bankruptcy and failure.

phoenix-towers-worlds-tallest-wuhan-china-designboom-01Ten years later, China would find itself in a state of serious change and facing an ambiguous future. On the one hand, it would remain a major power economically and militarily, but would still be suffering from lingering environmental damage and uneven development. As a result, it would find itself vulnerable to quasi-fascist politicians looking to exploit people’s uncertainty and funnel it towards a revisionist agenda.

I think you’ll agree, this idea makes way more sense than its predecessor. What’s more, it would give me a chance to cover a big angle I was looking at, which was the involvement of former members of the People’s Liberation Army Cyberwarfare Division (aka. Unit 61398). Assuming that said people were out a job in the not-too-distant future, they would be seriously upset and willing to help in a malicious plot.

What do you think? Too political? Or does it have potential?

Cyberwars: Latest Snowden Leaks

FRANCE-US-EU-SURVEILLANCE-SNOWDENThe case against the NSA’s program of cyberwarfare and espionage has become somewhat like an onion. With every new revelation, the matter becomes more stinking and fetid. Certainly, the first release of classified NSA documents – which dealt with the US’s ongoing cyberwarfare against China and other nations – was damaging to the agency’s image. But it has been the subsequent publication of documents that deal with domestic surveillance that have been the most damning.

According to Snowden, he was motivated to leak this information because of the troubling case of hypocrisy inherent in the NSA programs. And in the lastest leak, Snowden has now confirmed that at least five Muslim-Americans – including prominent lawyers, a civil rights leader and academics – were the subject of years’ worth of surveillance by both the FBI and the National Security Agency.

under_surveillance_full_v2Among the targets were Nihad Awad, the executive director of the Council on American-Islamic Relations – the top Muslim-American civil rights organization in the United States – and Faisal Galil, a longtime Republican operative and former Bush Administration official who worked for the Department of Homeland Security and held a top-secret security clearance during the time he was under surveillance.

Also among the American targets was Asim Ghafoor, an attorney for the al-Haramain Islamic Foundation who who has represented clients in terrorism-related cases . He is also the man who famously discovered in 2004 that he and his clients were under surveillance after the Treasury Department mistakenly released to him a document listing calls he’d made to his clients.

wire_tappingOther targets include Hooshang Amirahmadi, an Iranian-American professor of international relations at Rutgers University and Agha Saeed, a former political science professor at California State University who champions Muslim civil liberties and Palestinian rights. All of the targets appear to have been singled out because of their Muslim backgrounds and their activities either defending Muslim clients or on behalf of various causes.

The individuals appear on an NSA spreadsheet in the Snowden archives called “FISA recap”—short for the Foreign Intelligence Surveillance Act. Under that law, the Justice Department must convince a judge with the top-secret Foreign Intelligence Surveillance Court that there is probable cause to suspect of an American of being engaged in or abetting terrorism, espionage, or sabotage against the US.

FILE PHOTO  NSA Compiles Massive Database Of Private Phone CallsThe authorizations must be regularly renewed by the court for the surveillance to remain in effect, usually every 90 days for U.S. citizens. In none of these cases were the individuals singled out for surveillance because they were suspected of committing or planning a crime. And six years after the period the document covers, none of them has been charged with any crime related to the surveillance.

Greenwald says the revelations offer a more detailed look at who the government is targeting. Although there are some Americans on the list who have been accused of terrorism, the five highlighted in The Intercept piece have all led what appear to be law-abiding lives. As Greenwald explained:

This is the first time that there’s a human face on who the targets are of their most intrusive type of surveillance. [H]ere you really get to see who these people are who are the people worthy of their most invasive scrutiny. I think it’s important for people to judge—are these really terrorists or are these people who seem to be targeted for their political dissidence and their political activism?

 

faisal_gillAll of these five individuals identified in the article has gone on record to vehemently deny any involvement in terrorism or espionage. Outside of their ancestry, there appears to be no justification whatsoever for the surveillance. Faisal Gill, whose AOL and Yahoo! email accounts were monitored while he was a Republican candidate for the Virginia House of Delegates, had this to say when interview by The Intercept:

I just don’t know why. I’ve done everything in my life to be patriotic. I served in the Navy, served in the government, was active in my community—I’ve done everything that a good citizen, in my opinion, should do.

Ghafoor was also of the opinion that profiling had everything to do with him being targeted for electronic surveillance. When told that no non-Muslim attorneys who defended terror suspects had been identified on the list, he replied:

I believe that they tapped me because my name is Asim Abdur Rahman Ghafoor, my parents are from India. I travelled to Saudi Arabia as a young man, and I do the pilgrimage. Yes, absolutely I believe that had something to do with it.

https://i0.wp.com/media.nj.com/ledgerupdates_impact/photo/2012/06/muslim-lawsuitjpg-88e364e9b8e195f4.jpgCivil liberties groups have expressed anger that the five appear to have been targeted largely for having Muslim backgrounds. One such group is the Muslim Advocates, which released the following statement shortly after the story was published:

This report confirms the worst fears of American Muslims: the federal government has targeted Americans, even those who have served their country in the military and government, simply because of their faith or religious heritage. Muslim Advocates calls on the President and Congress to take steps immediately to reform the NSA surveillance program to uphold basic privacy rights and civil liberties that the Constitution guarantees to every American, regardless of faith.

The new revelations confirm for the first time that the government targeted U.S. attorneys, sometimes without warrants. Crucially, the revelations also give targets of the domestic surveillance legal standing to sue. Snowden indicated to Greenwald last year that he included the target list in the cache of leaked documents because he wanted people who had been under such surveillance to have evidence to challenge the spying in court.

An illustration picture shows the logo of the U.S. National Security Agency on the display of an iPhone in BerlinIn the past, journalists and attorneys have tried to challenge the constitutionality of the government’s surveillance activities in court. But since the defendants did not have proof that they in particular had been targeted, the courts were forced to rule that they did not have standing. The spreadsheet, however, provides evidence of targeted surveillance for those who have now been identified.

In short, this latest revelation has provided Americans, and not just those of Muslim descent, with the means to hold the NSA and the FBI accountable for the first time. Since the historic episode known as the “war on terror” began, revelations have led to challenges and promises for reform. But in all cases, the crucial issue of whether or not these programs would be allowed to continue has been carefully sidestepped.

cyber_security2Whether it was the failure of FISA reform to reign in domestic wiretapping and data mining, or the Obama administrations endorsement of “transparent” surveillance, it seems obvious clear that an administrative solution was not in the works. But opening the way for successive lawsuits for wrongful surveillance might just prove to be more effective.

What is certain, though, is that the battle between civil liberties and surveillance in the “Digital Age” is nowhere close to being resolved. As the daily volume of data sent around the world continues to grow – from terabytes to petabytes to exabytes – there will continually be a need for monitors to watch for sinister things. And as long as they are willing to push the boundaries in the name of security, there will continue to be challenges.

Sources: wired.com, firstlook.org

Cyberwars: Watching the US and China in Real-Time

norse-hacking-map-640x353Since the dawn of the internet age, there has been no shortage of stories about hackers, malware-peddling malcontents, online scams and identity theft. Add to that the growing consensus that wars in the future will be fought online through “cyberwarfare divisions”, and you can understand why such positive statements once made about the internet – like how it would bring the world together and create “a global village” – would seem incredibly naive now.

However, despite the prevalence of hacking and cyberwarfare-related fear, very few people have actually experienced what it is like. After all, the effects of hacking are mostly invisible to the untrained eye, with the exception of very-high-profile database breaches. Now, though, a security company has produced a fascinating geographic map that shows global hacking attempts in real-time. And of course, the ongoing battle between US and Chinese forces accounts for much of it.

norse-china-usa-hacking-smallerThe real-time map, maintained by the Norse security company, shows who’s hacking who and what attack vectors are being used. The data is sourced from a network of “honeypot” servers – essentially a juicy-looking target that turns out to be a trap -maintained by Norse, rather than real-world data from the Pentagon, Google, or other high-profile hacking targets. The Norse website has some info about its “honeynet,” but it’s understandably quite sparse on actual technical details.

If you watch the map for a little while, it’s clear that most attacks originate in either China or the US, and that the US is by far the largest target for hack attacks. You can also see that the type of hack used, indicated by the target port, is rather varied. Microsoft-DS (the port used for Windows file sharing) is still one of the top targets , but DNS, SSH, and HTTP are all very popular too. CrazzyNet and Black Ice – two common Windows backdoor programs often used by script kiddies and criminals – is also sure to pop up.

Unit-61398-Chinese-Army-Hacking-Jobs-With-Great-BenefitsOn occasion, the map is likely to show a big burst of coordinated attacks coming from China and directed towards the US. And while it is difficult to blame these attacks directly on the Chinese government (as they are adept at routing their attacks through other servers) government and independent researchers are confident the majority of these attacks are being directed by the People’s Liberation Army’s Unit 61398 – aka. the PLA’s cyberwarfare division.

A lot of hacks originate in the US, too, but their targets are much more varied. And in cases where Chinese facilities (or other nations that are nominally identified as hostile to the US) you can bet that the US Cyber Command at Fort Meade is behind the lot of them. But the map is still limited in that it uses Norse’s own honeypot operations to identify these attacks, and it therefore cannot be said with absolute certainty that real attacks happen in the same fashion.

nsa_aerialBut a general picture of the size and shape of global hacking and cyberwarfare can be divined by looking at the stats. Back in 2012, the US DOD reported that it was the target of 10 million cyber attacks per day. Likewise, the National Nuclear Security Administration says it saw 10 million attacks per day in 2012. In 2013, BP’s CEO said it sees 50,000 cyber attacks per day, and the UK reported around 120,000 attacks per day back in 2011.

While the extent and purpose of these attacks certainly varies, it is pretty clear that hacking and cyberwarfare is a global problem and something that governments, corporations, and institutions need to pay attention to. Last year, the Obama administration’s announced that it would not sit idly by in the face of stepped up attacks from China. However, the subsequent testimony and document leaks by Snowden showed that the US has been conducting its own attacks the entire time (and even beforehand).

And such is the nature of war, regardless of the context or the weapons used. States rattle their swords claiming they will not tolerate aggression, but there is always a fine line between maintaining one’s defenses and escalating a situation to the point that mutual destruction becomes inevitable. Perhaps the people who are currently fighting this alleged cyberwar should look to the past – specifically to the First World War and the Cold War – to see just how effective “arms races” are!

Source: extremetech.com, map.ipviking.com

Cyberwars: ACLU and NSA ex-Director to Debate Tomorrow!

keith-alexander-nsa-flickrIn what is sure to be a barn-burner of a debate, the former head of the National Security Agency – General Keith Alexander – will be participating tomorrow in a with ACLU Executive Director Anthony Romero. The televised, surveillance-themed debate, will take place tomorrow –  June 30th, 10:30am Eastern Time – on MSNBC. The subject: whether or not the NSA’s vast surveillance and data mining programs are making American’s safer.

While many would prefer that the current head of the NSA be involved in the debate, General Alexander is a far better spokesperson for the controversial programs that have been the subject of so much controversy. After all, “Emperor Alexander” – as his subordinates called him – is the man most directly responsible for the current disposition of the  NSA’s cyber surveillance and warfare program.Who better to debate their merit with the head of the ACLU – an organization dedicated to the preservation of personal freedom?

Edward-Snowden-660x367And according to classified documents leaked by Edward Snowden, General Alexander’s influence and power within the halls of government knew no bounds during his tenure. A four-star Army general with active units under his command, he was also the head of the National Security Agency, chief of the Central Security Service, and the commander of the US Cyber Command. It is this last position and the power it wields that has raised the greatest consternation amongst civil-libertarians and privacy advocates.

Keith Alexander is responsible for building this place up between 2005 and 2013, insisting that the US’s inherent vulnerability to digital attacks required that he and those like him assume more authority over the data zipping around the globe. According to Alexander, this threat is so paramount that it only makes sense that all power to control the flow of information should be concentrated in as few hands as possible, namely his.

NSA_fort_meadeIn a recent security conference held in Canada before the Canadian Security Intelligence Service (CSIS), Alexander expressed the threat in the following, cryptic way:

What we see is an increasing level of activity on the networks. I am concerned that this is going to break a threshold where the private sector can no longer handle it and the government is going to have to step in.

If this alone were not reason enough to put people on edge, there are also voices within the NSA who view Alexander as a quintessential larger-than-life personality. One former senior CIA official who agreed to speak on condition of anonymity, claimed:

We jokingly referred to him as Emperor Alexander—with good cause, because whatever Keith wants, Keith gets. We would sit back literally in awe of what he was able to get from Congress, from the White House, and at the expense of everybody else.

And it is because of such freedom to monitor people’s daily activities that movements like the February 11th “The Day We Fight Back” movement – an international cause that embraced 360 organizations in 70 countries that were dedicated to ending mass surveillance – have been mounted, demanding reform.

us_supremecourtIn addition, a series of recent ruling from the US Supreme Court have begun to put the kibosh on the surveillance programs that Alexander spent eight years building up. With everything from cell phone tracking to cell phone taps, a precedent is being set that is likely to outlaw all of the NSA domestic surveillance. But no matter what, the role of Snowden’s testimony in securing this landmark event cannot be underestimated.

In fact, in a recent interview, the ACLU’s Anthony Romero acknowledged a great debt to Snowden and claimed that the debate would not be happening without him. As he put it:

I think Edward Snowden has done this country a service… regardless of whether or not what he did was legal or illegal, whether or not we think the sedition laws or the espionage laws that are being used to possibly prosecute Snowden are too broad, the fact is that he has kick-started a debate that we did not have. This debate was anemic. Everyone was asleep at the switch.

One can only imagine what outcome this debate will have. But we can rest assured that some of the more predictable talking points will include the necessities emerging out of the War on Terror, the rise of the information revolution, and the dangers of Big Brother Government, as well as the NSA’s failure to prevent such attacks as the Boston Marathon Bombing, the Benghazi Embassy bombing, and a slew of other terrorist incidents that took place during Alexander’s tenure.

Do I sound biased? Well perhaps that’s because I am. Go ACLU, stick to Emperor Alexander!

Sources: engadget.com, democracynow.org

Cyberwars: The Heartbleed Bug and Web Security

heartbleed-iconA little over two years ago, a tiny piece of code was introduced to the internet that contained a bug. This bug was known as Heartbleed, and in the two years it has taken for the world to recognize its existence, it has caused quite a few headaches. In addition to allowing cybercriminals to steal passwords and usernames from Yahoo, it has also allowed people to steal from online bank accounts, infiltrate governments institutions (such as Revenue Canada), and generally undermine confidence in the internet.

What’s more, in an age of cyberwarfare and domestic surveillance, its appearance would give conspiracy theorists a field day. And since it was first disclosed a month to the day ago, some rather interesting theories as to how the NSA and China have been exploiting this to spy on people have surfaced. But more on that later. First off, some explanation as to what Heartbleed is, where it came from, and how people can protect themselves from it, seems in order.

cyber_securityFirst off, Heartbleed is not a virus or a type of malware in the traditional sense, though it can be exploited by malware and cybercriminals to achieve similar results. Basically, it is a security bug or programming error in popular versions of OpenSSL, a software code that encrypts and protects the privacy of your password, banking information and any other sensitive data you provide in the course of checking your email or doing a little online banking.

Though it was only made public a month ago, the origins of the bug go back just over two years – to New Year’s Eve 2011, to be exact. It was at this time that Stephen Henson, one of the collaborators on the OpenSSL Project, received the code from Robin Seggelmann – a respected academic who’s an expert in internet protocols. Henson reviewed the code – an update for the OpenSSL internet security protocol — and by the time he and his colleagues were ringing in the New Year, he had added it to a software repository used by sites across the web.

Hackers-With-An-AgendaWhat’s interesting about the bug, which is named for the “heartbeat” part of the code that it affects, is that it is not a virus or piece of malware in the traditional sense. What it does is allow people the ability to read the memory of systems that are protected by the bug-affected code, which accounts for two-thirds of the internet. That way, cybercriminals can get the keys they need to decode and read the encrypted data they want.

The bug was independently discovered recently by Codenomicon – a Finnish web security firm – and Google Security researcher Neel Mehta. Since information about its discovery was disclosed on April 7th, 2014, The official name for the vulnerability is CVE-2014-0160.it is estimated that some 17 percent (around half a million) of the Internet’s secure web servers that were certified by trusted authorities have been made vulnerable.

cyberwarfare1Several institutions have also come forward in that time to declare that they were subject to attack. For instance, The Canada Revenue Agency that they were accessed through the exploit of the bug during a 6-hour period on April 8th and reported the theft of Social Insurance Numbers belonging to 900 taxpayers. When the attack was discovered, the agency shut down its web site and extended the taxpayer filing deadline from April 30 to May 5.

The agency also said it would provide anyone affected with credit protection services at no cost, and it appears that the guilty parties were apprehended. This was announced on April 16, when the RCMP claimed that they had charged an engineering student in relation to the theft with “unauthorized use of a computer” and “mischief in relation to data”. In another incident, the UK parenting site Mumsnet had several user accounts hijacked, and its CEO was impersonated.

nsa_aerialAnother consequence of the bug is the impetus it has given to conspiracy theorists who believe it may be part of a government-sanctioned ploy. Given recent revelations about the NSA’s extensive efforts to eavesdrop on internet activity and engage in cyberwarfare, this is hardly a surprise. Nor would it be the first time, as anyone who recalls the case made for the NIST SP800-90 Dual Ec Prng program – a pseudorandom number generator is used extensively in cryptography – acting as a “backdoor” for the NSA to exploit.

In that, and this latest bout of speculation, it is believed that the vulnerability in the encryption itself may have been intentionally created to allow spy agencies to steal the private keys that vulnerable web sites use to encrypt your traffic to them. And cracking SSL to decrypt internet traffic has long been on the NSA’s wish list. Last September, the Guardian reported that the NSA and Britain’s GCHQ had “successfully cracked” much of the online encryption we rely on to secure email and other sensitive transactions and data.

Edward-Snowden-660x367According to documents the paper obtained from Snowden, GCHQ had specifically been working to develop ways into the encrypted traffic of Google, Yahoo, Facebook, and Hotmail to decrypt traffic in near-real time; and in 2010, there was documentation that suggested that they might have succeeded. Although this was two years before the Heartbleed vulnerability existed, it does serve to highlight the agency’s efforts to get at encrypted traffic.

For some time now, security experts have speculated about whether the NSA cracked SSL communications; and if so, how the agency might have accomplished the feat. But now, the existence of Heartbleed raises the possibility that in some cases, the NSA might not have needed to crack SSL at all. Instead, it’s possible the agency simply used the vulnerability to obtain the private keys of web-based companies to decrypt their traffic.

hackers_securityThough security vulnerabilities come and go, this one is deemed catastrophic because it’s at the core of SSL, the encryption protocol trusted by so many to protect their data. And beyond abuse by government sources, the bug is also worrisome because it could possibly be used by hackers to steal usernames and passwords for sensitive services like banking, ecommerce, and email. In short, it empowers individual troublemakers everywhere by ensuring that the locks on our information can be exploited by anyone who knows how to do it.

Matt Blaze, a cryptographer and computer security professor at the University of Pennsylvania, claims that “It really is the worst and most widespread vulnerability in SSL that has come out.” The Electronic Frontier Foundation, Ars Technica, and Bruce Schneier all deemed the Heartbleed bug “catastrophic”, and Forbes cybersecurity columnist Joseph Steinberg event went as far as to say that:

Some might argue that [Heartbleed] is the worst vulnerability found (at least in terms of its potential impact) since commercial traffic began to flow on the Internet.

opensslRegardless, Heartbleed does point to a much larger problem with the design of the internet. Some of its most important pieces are controlled by just a handful of people, many of whom aren’t paid well — or aren’t paid at all. In short, Heartbleed has shown that more oversight is needed to protect the internet’s underlying infrastructure. And the sad truth is that open source software — which underpins vast swathes of the net — has a serious sustainability problem.

Another problem is money, in that important projects just aren’t getting enough of it. Whereas well-known projects such as Linux, Mozilla, and the Apache web server enjoy hundreds of millions of dollars in annual funding, projects like the OpenSSL Software Foundation – which are forced to raise money for the project’s software development – have never raised more than $1 million in a year. To top it all off, there are issues when it comes to the open source ecosystem itself.

Cyber-WarTypically, projects start when developers need to fix a particular problem; and when they open source their solution, it’s instantly available to everyone. If the problem they address is common, the software can become wildly popular overnight. As a result, some projects never get the full attention from developers they deserve. Steve Marquess, one of the OpenSSL foundation’s partners, believes that part of the problem is that whereas people can see and touch their web browsers and Linux, they are out of touch with the cryptographic library.

In the end, the only real solutions is in informing the public. Since internet security affects us all, and the processes by which we secure our information is entrusted to too few hands, then the immediate solution is to widen the scope of inquiry and involvement. It also wouldn’t hurt to commit additional resources to the process of monitoring and securing the web, thereby ensuring that spy agencies and private individuals are not exercising too much or control over it, or able to do clandestine things with it.

In the meantime, the researchers from Codenomicon have set up a website with more detailed information. Click here to access it and see what you can do to protect yourself.

Sources: cbc.ca, wired.com, (2), heartbleed.com