Tag Archives: energy

Libya’s Stuxnet?

A group of security professionals who have good credentials and strong links to the U.S. government have outlined a Stuxnet-type attack on Libyan infrastructure, according to a document released this week. But is the group outlining risks to regional stability, or is it advocating a cyber attack on Muammar Gadhafi?

The document, Project Cyber Dawn (PDF), was released on May 28 2011 by CSFI – the Cyber Security Forum Initiative, which describes itself as

non-profit organization headquartered in Omaha, NE and in Washington DC with a mission “to provide Cyber Warfare awareness, guidance, and security solutions through collaboration, education, volunteer work, and training to assist the US Government, US Military, Commercial Interests, and International Partners.”

CSFI now numbers about 7,500 members and an active LinkedIn forum.

To be clear, the document does not advocate anything. It merely highlights vulnerabilities, and details scenarios. It concludes, for example:

CSFI recommends the United States of America, its allies and international partners take the necessary steps toward helping normalizing Libya‘s cyber domain as a way to minimize possible future social and economic disruptions taking place through the Internet.

But before that it does say:

A cyber-attack would be among the easiest and most direct means to initially inject into the systems if unable to gain physical engineering attacks against the facility. Numerous client-side attack vectors exist that support payloads capable of compromising SCADA application platforms.

Elsewhere it says:

The area most vulnerable to a cyber-attack, which could impact not only the Libyan‘s prime source of income, but also the primary source of energy to the country, would be a focused attack on their petroleum refining facilities. Without refined products, it is difficult to fuel the trucks, tanks and planes needed to wage any effective war campaign.

The document itself is definitely worth a read; it doesn’t just focus on the cyberweapon side of things. And complicating matters is that one of the contributors to the report, a company called Unveillance, was hacked by a group called LulzSec around the time that the report was being finished. It’s not clear whether this affected release of the report.

Emails stolen from Unveillance and posted online by LulzSec indicate that two versions of the report were planned: one public one, linked to above, and one that would “go to staffers in the White House.” In another email a correspondent mentions an imminent briefing for Department of Defense officials on the report.

The only difference between the two reports that I can find are that the names of some SCADA equipment in Libya have been blacked out in the public version. The reports were being finalized when the hack took place–apparently in the second half of May.

Other commentators have suggested that we seem to have a group of security researchers and companies linked to the U.S. government apparently advocating what the U.S. government has, in its own report International Strategy for Cyberspace released May 17, would define as an act of cyberwar.

I guess I’m surprised by something else: That we have come, within a few short months, from thinking as Stuxnet as an outlier, as a sobering and somewhat shocking wake-up call to the power of the Internet as a vector for taking out supposedly resilient and well-defended machinery to having a public document airily discussing the exact same thing, only this time against non-nuclear infrastructure.

(The irony probably won’t escape some people that, according to a report in the New York Times in January, it was surrendered Libyan equipment that was used to test the effectiveness of Stuxnet before it was launched. I’m yet to be convinced that that was true, but it seems to be conventional wisdom these days.)

Frankly, I think we have to be really careful how we go about discussing these kinds of things. Yes, everything is at arm’s length in the sense that just because bodies such as CSFI may have photos of generals on their web-page, and their members talk about their reports going to the White House, doesn’t mean that their advice is snapped up.

But we’re at an odd point in the evolution of cyberwar presently, and I don’t think we have really come to terms with what we can do, what others can do, and the ramifications of that. Advocating taking out Libyan infrastructure with Stuxnet 2.0 may sound good, but it’s a road we need to think carefully about.

The Conflict of Interest of CO2

image

Quite a hoo ha over one of those weekend type stories whose headline in the Times of London says it all:

Revealed: the environmental impact of Google searches

Physicist Alex Wissner-Gross says that performing two Google searches uses up as much energy as boiling the kettle for a cup of tea

The article liberally quotes Wissner-Gross “a Harvard University physicist whose research on the environmental impact of computing is due out soon.” Lower down the storiy It also says “Wissner-Gross has submitted his research for publication by the US Institute of Electrical and Electronics Engineers and has also set up a website www.CO2stats.com.”

True. Though what it doesn’t say is that the website—and Wissner-Gross–directly benefits from this kind of research. C02Stats offers clients plans, ranging from $5 a month to $100, to calculate their websites total energy consumption, make it more energy efficient, and then neutralizes their carbon footprint by buying renewable energy from wind and solar farms.

The startup is funded by Y Combinator, which specializes in giving modest funding—about $10,000—to small startups. Indeed, Wissner-Gross, an environmental fellow, has set up four such companies.

Now, the research may well be right. (Some doubt it.) And the idea of certifying websites is not a bad idea. But I guess what troubles me is that an academic is able to publish research which tries to prove a point which would benefit the same academic’s business which offers green certification which depends upon a service which the business sells.

I’m sure it’s not the only example, but it strikes me as quite a compromise going on there.

The Long Tail of the LongPen

Writer Margaret Atwood launched her LongPen invention over the weekend, allowing authors to sign books over the Internet. As CTV.ca, Canada’s CTV news reports, a technical glitch marred the LongPen’s first test:

Atwood and fans had to wait while the invention got some final adjustments. When it came back to life, she used the LongPen to sign a copy of her new book, The Tent, for Nigel Newton, chief executive of Bloomsbury. While Atwood talked with Newton over a video linkup, the LongPen mirrored her hand motions and signed Newton’s book. She then signed books for her Canadian fans in Guelph, Ont., far across the Atlantic Ocean.

The idea here is a simple one: Atwood got sick of the demand of book tours, especially when she was being asked to be in more than one place at the same time. Finding that no device existed which allowed her to sign books without actually touring, she set up the Unotchit company in 2004. She hopes the LongPen can also “help authors sign books for readers in places not normally on promotion tours, such as small towns or countries.”

There’s been a lot of criticism about this. How dare an author sign by remote control? How can authors be close to their readers if they don’t even turn up for book tours? I only know a couple of famous authors, and my understanding is that book tours take up a ridiculous amount of time for very little actual purpose. Book signings are either crowded or empty, radio interviews inane and pointless, and all this saps the energy of the writer who would, presumably, be much happier back home penning their next tome.

The only problems I can see with this are if the gadget goes wrong and makes a mess on someone’s new book, or if the author mishears the intended dedication. I think on the whole it will add to the mystique. Who has ever met an author hero and found her/him to stand up to our expectations? Much better to be a hazy image on a screen and a disembodied pen scratching over a page of a proferred book. Plus it will, in theory, allow smaller booksellers to get a slice of the book-signing action, as well as authors with only a small but loyal audience to get a glimpse and a signature out of their heroes.

Forward Looking or Tired and Reactionary? Welcome to the Faux Community Site

You’re familiar with the faux blog — a blog launched by a marketing company to look like a grassroots blog to promote a product, but actually maintained by PR drones. Naff is probably the word that springs to mind. But how about the faux community site? What word springs to mind when you visit YourPointofView.com, a website set up by marketing company JWT on behalf of HSBC? Despite all the flash (and there’s lots of it), it seems to be community-oriented, interested in your point of view on gorillas, organic food, sports fans and the like.

Your point of view is sought, sort of. Click on a window and another window pops up, letting you select from a drop down list of choices (no, you can’t type anything in) and then you’re taken to another window where you have to register and then offer some personal information (approach to life? realist/optimist/surrealist/pessimist) and then it goes on. Call it a survey pretending to be interested in you, so long as your choices are listed among their choices. So what’s the point?

“We’re sort of teasing out differences,” said JWT worldwide creative director Craig Davis. “The bank has always considered itself a sensitive organization, kind of a guest in different countries.” Davis added: “This is about the HSBC brand and its point of view. It’s living proof of the values of the brand.”

I have no idea about what ‘teasing out differences’ means. But if Davis is being quoted correctly, it sounds like the site has less to do with your point of view, and more to do with HSBC’s. I suppose it’s an attempt to show how sensitive HSBC is to everyone’s point of view, so long as you’ve got a high speed connection, and your views aren’t so extreme they loosely match with HSBC’s choices. You can’t help wondering whether these guys have looked at the Internet since 2000. We’ve moved on, fellas.

Especially when you find out the cost. This is part of a $300 million advertising campaign by JWT and 30 sister agencies, and while the TV ads are award-winning, imaginative and genuinely thought-provoking — looking at things like wind farms, an elderly Asian woman, adding descriptions that are polar opposites, but could be apposite — it’s scary to see how dated the web site itself looks. Blogs have long since made such attempts to woo customers and custom look ham-fisted and, well, phony. Even if they spent only 10% of that $300 million on the website, it’s still a ridiculous amount of money. Set up a blog, guys, and listen to the people. I’m pretty sure that if you asked them, they’d have plenty to say about HSBC, and banking in general. You might not like what they say, but it might help you build a better product.

HSBC aren’t alone in these kind of faux outreach programs. Chevron has also had a marketing blitz around its website WillYouJoinUs.com, which at least looks and feels, when you get past the graphics, to be a place where people can leave their opinions on the future of energy. I’m sure there are more. Welcome to the future, or is it the past?

The Humiliation Of Being An Editor

Grammar, words and spelling are humiliating. I used to be good at this kind of thing in school, but going back to editing reminds me how shaky are the foundations of one’s knowledge. Where do commas go when you use quotation marks? Is ‘none’ singular or plural? Is ‘willpower’ one word or two? These are all questions that came up recently, and oftentimes the answer is not what I expected. I console myself that these differences are the little cracks between American and British English, but I think I’m fooling myself.

I only recently realised, for example, that I’ve always been saying ‘esconced’ for some reason. Only yesterday did I find out it should be ‘ensconced’, as I’m sure you all know. (Well, maybe not all of you: There are more than 5,000 sites where the word ‘esconced’ is used. But you’re right to laugh at me.)

This doesn’t stop me having my bugbears. I once nearly got myself fired for suggesting to his face that the then head of the multinational news organisation I was working for was using the word ‘enervated’ incorrectly, and that it meant the opposite of how it sounded. (It means ‘lacking energy’.)

Then I noticed a couple of newspapers recently have misspelled ‘loath’ as ‘loathe’. Loathe is the verb, loath is the adjective. I am loath to point such a thing out, but loathe it when I see the words misused.

I must stop being an editor. Two things happen: You quickly turn into a pedant, while at the same time realising that you knew far less about the English language than you thought you did.

What Katie.com Did Next

Can someone be turfed off their domain by someone bigger?

The experience of Katie Jones, recent mother and owner of an online chat site in the UK, has been well documented elsewhere. (Katie.com is the name of a book about the ordeal of a teenager sexually molested by a man she met in an Internet chatroom. Katie Jones is nothing to do with the book, but has been the owner of the address katie.com since 1996.) Jones’ latest report on her website suggests that she is being unfairly pressured by the publishers of the book that carries her website’s name to donate the website to them. (It is not entirely clear in the posting as to whether the lawyer who contacted her was working on behalf of the author or the publisher, or both.) Anyway, if true, this does seem to take things too far.

I’m no lawyer, but one can’t help wondered how things would look were the roles reversed. If a big player owned the website address, would there not be large amounts of money changing hands by now? Or at least, would not the publishers have changed the name of the book, and not been trying to browbeat her into handing over the domain name?

For Jones herself, I can well imagine the discomfort caused by receiving hundreds of emails, either from individuals detailing their traumas in the mistaken belief they are talking to a fellow victim, or from folks abusing her. It’s nothing compared to what the Katie of the book endured, but that is not the point. It’s easy enough to say, ‘why don’t you just change your email address and drop the domain name?’ but why should she? Why should an individual be hounded from her sentimental slice of online real estate if she doesn’t want to?

I sought a comment from the lawyer linked to in Ms Jones’ latest posting, Parry Aftab, who is described in her online bio as ‘is one of the leading experts, worldwide, on cybercrime, Internet privacy and cyber-abuse issues’ as well as ‘being called “The Angel of the Internet” for her extensive work in Internet safety and cybercrime and abuse prevention around the world’.

Aftab had posted a message to her blog on Thursday saying she was working with Katie Tarbox, the author of the original book, and an organisation called WiredSafety to “help create a place where children who have been victimized by Internet sexual predators can go for help and support”. The program will be called Katie’s Place. A logo of the new, as yet unlaunched site, is prominently displayed at the top of the WiredSafety homepage. Aftab is executive director of WiredSafety, ‘the world’s largest Internet safety, help & education organization’.

Aftab declined to respond in detail to Jones’ account of the telephone conversation or the case, writing: “Katie Jones’ statements are either false or misleading. She obviously has an agenda. And I frankly don’t have the time or energy to be part of it.”

Update: The Dana Wireless Is Out

 As I noted earlier, AlphaSmart are upgrading their Dana keyboard (a PDA? a laptop? a word-processor?) to include Wi-Fi. It’s now out. The Dana Wireless includes Wi-Fi (802.11b) connectivity and software applications for accessing the Internet. AlphaSmart are aiming at students and educators, professionals in healthcare, energy, social services, insurance, etc. which have Wi-Fi in their offices or campus. It may not be the best way to surf the net, but it would be great for sending emails and accessing basic data. Dana Wireless is a two-pound, highly durable laptop alternative powered by Palm OS® with a large screen and integrated full-size keyboard. It’s not cheap: it sells for $429.

News: Worms and Blackouts

 Conspiracy theorists reckon the big power blackout in the U.S. Northeast and part of Canada may have been caused by the Blaster worm. Here’s Robert X. Cringely from InfoWorld: “Many plants on the grid run a Windows-based SCADA (Supervisory Control and Data Acquisition) system that receives remote commands through the same RPC (Remote Procedure Call) protocol exploited by MSBlaster. Among other things, SCADA systems control the amount of energy each plant produces.”

Mail: More on Pirates

 More mail about online piracy and the music industry. I wrote earlier:  
 
I agree with you about people being upset, but I’m not so sure about the recording off the radio bit. Digital versions don’t have DJs interrupting before the end of the song, and they’re perfect copies, and can be copied perfectly and distributed easily. I can give you my whole music collection on a CD or two. That makes it a different ballgame…
 
Here’s Lynn Dimick again:
 
That’s true. The question I have is this: Is music swapping costing the industry money? Now, on the surface anytime you have a product being given away for free it is going to take away from sales. But, if the product is being given to a consumer who cannot or will not buy it, even if it cost $1 then there is no lost sale. My suspicion is that the music industry is producing music that is appealing to those who have less money and less inclination to spend than before. Even if music sharing were not available they would not be buying CDs.
 
 I am 43. I have well over 200 CDs in my collection that I have bought. But I haven’t bought a CD in the past 3 years. Why? Because they (the music industry) are not producing a product that I listen to. The demographics that I belong to (white male 40+) has more money than any other age group, especially the teenagers that seem to be doing all of the sharing.
 
I heard on the news this morning that Bruce Springsteen had a concert last night at the Meadowlands in New Jersey. 55,000 people came to see the show. He has 9 more dates there. Most of those attending are going to be my age and not teenagers. Who has the money and who is being ignored by the music industry?
 
Thanks for that. Thoughts, anyone? A friend recently forwarded me a piece from The Guardian on this very topic. My view is that the music world has splintered so effectively, hastened by the advent of the Net, that it makes it so much harder nowadays to find the music we want. There’s some very appealing stuff out there — my favourite of the moment is Lemongrass, for example — but you’re not going to find them in a CD shop. In a way this diversity is good but us busy folks (I’m no spring chicken either) don’t have the time or energy to look too hard for this kind of thing. I’ve found a sanctuary of sorts in Emusic where at least one can experiment legally without blowing a hole in the housekeeping.

Column: Christmas stuff

Loose Wire — Have a Bidet Christmas

 
By Jeremy Wagstaff, from the 27 December 2001 edition of the Far Eastern Economic Review, (c) 2001, Dow Jones & Company, Inc.
For most of us, this Christmas is going to be what I would call (remember where you heard it first) a “bidet Christmas.” In a nutshellthis means we’re not looking to buy a whole new bathroom, but we’d like to buy something to remind ourselves we’re still consumers and there are still things out there we don’t need but we’ll buy anyway. Hence the bidet.

I’d like to point you in the direction of some items, which might charitably be called gizmo add-ons. You might not be expecting to get the latest gadget in your stocking this year, but you can at least make your existing gadget more functional.

First, your cellphone. The biggest drawback to these things is battery life. True, the batteries on most cellphones last a lot longer than they used to, and charge more quickly, but it’s still a pain to find you’ve run out of juice and are nowhere near an outlet. Help is at hand. Try these:

The Instant Power Charger (www.electric-fuel.com) draws energy from a disposable cartridge the size of a matchbox that in turn draws its power from oxygen in the air. Plug it into a cellphone (or personal digital assistant) and you can start using it straightaway: The battery will be recharged in a couple of hours. The cartridge lasts for three charges.

Consider chargers using normal batteries — you can usually find these at specialist electronic stores or cellphone shops. They’re keyring-size adaptors that fit into the charger socket of your phone and attach to a standard nine-volt battery.

Tired of carrying around an adaptor on business trips? From computer peripheral shops you can buy a cable that plugs into your personal computer’s USB port, which will also do the job of recharging your cellphone (or PDA), albeit it at a somewhat slower rate.

Be careful in all these cases to get the right cable for your cellphone or PDA, since one size doesn’t fit all. And try to buy a reputable brand, since in some cases you could damage your gadget.

Now, that’s the practical stuff out of the way. I love my PDA but I’m mighty bored with carrying the same PDA case all the time. I’d recommend trying out alternative cases. I’ve taken the liberty of road-testing a number on your behalf, my only rule of thumb is the case shouldn’t cost more than the PDA:

Britain’s Scribble (www.scribble.co.uk) also put out an interesting range of cases, including a black plastic Palm case with interchangeable panels, from black to sharp blue. Scribble also make a simple synthetic rubber case with added protection front and back, as do Marware (www.marware.com).

The more rugged adventurer might want to consider GrinderGear, who prefer to call their PDA cases Sport Utility Bags, or SUBs for short. These are padded, dripping with zips, tassels and tags, and come with hooks so you can strut along a ridge with your PDA bouncing off your hip.

Have a good Christmas and New Year-with or without the bidet.