Some Early Lessons from The Georgian Cyberwar

By | November 22, 2011
0 Comment

image

illustration fron Arbor Networks

There’s some interesting writing going about the Georgian Cyberwar. This from VNUnet, which seems to confirms my earlier suspicion that this was the first time we’re seeing two parallel wars: 

“We are witnessing in this crisis the birth of true, operational cyber warfare,” said Eli Jellenc, manager of All-Source Intelligence at iDefense.

“The use of cyber attack assets in conjunction with kinetic military operations in the current crisis now stands among the most significant developments ever seen in the field of information security or cyber conflict studies.”

Others suggest that in fact there are examples of earlier parallel conflicts: Kosovo, among them, says Arbor Networks’ Jose Nazario.

ZDNet’s Dancho Danchev takes the idea that this is all about denying participants a chance to get their message out a stage further: those put out of action are being forced to get their message out through other channels. Georgia’s foreign ministry, for example, has set up a blog at Blogger and the website of the Polish president.

The mainstream press is having a go at the story, too, including the Journal and the NYT. The main culprit, the articles suggest (following Georgia’s own claims), is the Russian Business Network, a St. Petersburg-based gang.

But as this article points out, finding out who is responsible is a slow business. Indeed, this is a strange feature of cyberwar that makes it more akin to terrorism than to warfare. This kind of makes the notion of establishing responsibility a little beside the point. Cyberattacks are a chance for ordinary (well, sort of ordinary) citizens to do their bit for the war effort. In this sense the government is a customer for the services of botnet and hacker groups or individuals with skills the government is happy to see deployed on its behalf, while able to plausibly deny it has anything to do with.

Indeed, we may be missing the more interesting aspect of this, one that predates South Ossetia. Now we’re just seeing cyber attacks work alongside the physical, or kinetic, attacks. A sort of psywar, since it’s mainly about getting the word out and winning hearts and minds.

But what about a cyberwar conducted on its own, but one that leads to a physical war—at least, a cold one? Joel Hruska at arstechnica points out in a piece written a week ago, that an uncovered little cyberwar—or rather cyber-hacktivism—in Lithuania, led to a serious cooling of relations between its government and that of Russia. As with Estonia last year, the attack “marked the first time I was aware of in which a single individual with a computer was able to notably impact relations between two neighboring nations.”

Georgia, however, represents the first time we’ve seen a government almost wiped off the Internet. Whether this is a prelude to it being wiped off the map is something we’ll have to wait and see. But already some conclusions are becoming obvious:

  • Cyberwar is too powerful a tool for any government to ignore, both offensively and defensively;
  • Cyberwar is not just about putting citizens of a target country in the dark; it’s about making it impossible for the target government, and its citizens, to get their side of the story out.
  • As these tools get more powerful, when will we see cyberwar as a specific phase in a physical war designed to achieve what used to be done by the physical bombardment of communication centers?
  • Botnets, and their owners, are powerful players beyond the underworld of spam and phishing. A government that has them operating within their borders must surely know of their existence; if it hasn’t shut them down already, is it too great a leap of logic to suggest there must, at some level, be a relationship between them?

Georgia gets allies in Russian cyberwar – vnunet.com

Why Do People Contribute Stuff for Free?

By | August 12, 2008
0 Comment

By Jeremy Wagstaff

If you want to see two worlds collide, introduce a Wikipedian to a bunch of journalists.

I’ve been doing this quite a bit recently, partly for fun, and partly because I’ve decided a key part of training journalists to be ready for online media is understanding what they’re up against. “This is your competitor,” I say, introducing them to a slightly pudgy PhD candidate in ancient Greek and Latin, still sweating from his journey and a couple of hours of fencing lessons. “This person works for the single biggest media property on the web.”

Needless to say, they all look askance at the man, and me, and I can see them thinking to themselves, “Well that’s something we don’t have to worry about.” Especially when the guy, called Edward, tells them he does all his work for free and largely, he says, because he’s a pedant.

Of course Wikipedia—that online encyclopedia that now boasts 2.5 million articles in English alone—doesn’t pretend to compete with traditional newspapers or media. It’s an encyclopedia, after all, although it’s updated far more frequently than most encyclopedias, and, dare I say it, many traditional media websites.

But it’s the fact that all this is done for free that gets the journalists in my class all riled up. Edward tells them he spends about 20 minutes a day working on pieces, either adding something to a page on an obscure Chinese bridge, or tidying up someone’s grammar on a page about a kind of Southeast Asian bread. Why? they ask? Why would you spend all this time doing all this?

Well, first off, I can tell he spends way more time on it than 20 minutes. In class you can see him get distracted by an article and then start tweaking it. We’re speaking serious compulsive tendencies here. But the truth is, he does it because he enjoys it. He really is a pedant, in the nicest sense. He can’t stand to see things online that aren’t, in his view, correct. Whether it’s a serious error or a more esoteric one (he’s the first person I’ve met who can talk about ligatures until the tripthongs come home.)

Edward may be unusual, but he, and people like him, are the bedrock of sites like Wikipedia. In fact, while Wikipedia is the seventh most popular website on the planet, only 0.2% of visitors contribute anything, and only a tiny fraction of that do most of the grunt work.

This isn’t just true of Wikipedia. The history of the Internet is about the few creating, the rest doing what is usually called lurking—sitting within earshot but not actually saying anything. The ratio is called the 1% rule, meaning 90 percent lurk, 9% contribute occasionally, and 1% account for most of the contribution.

This is probably true offline as well; anybody who’s tried to get volunteers to help out on committees or at events know all about freeloaders. The web just makes this more obvious—that a lot of people tend to freeload, and a handful of people just seem to keep on giving.

But that’s not exactly true. Everyone is motivated somehow, and the Edwards of this world are motivated too. Studies have been done to show how a Wikipedia environment is very much like an academic one: those who do contribute find themselves in a weird sort of social hierarchy. Some recognise their work—there’s a merit system within Wikipedia where contributors are given barnstars by other grateful contributors. Others complain they get no recognition and that the whole thing is political anyway.

Sound familiar?

For most websites like this, I suspect the story is similar. People get involved because they’re interested, and then they find it’s a community, and then they want to be a useful member of that community, and then they seek recognition in that community, and the rest is history. That’s not to denigrate it; a lot of fine work has been done for worse reasons.

The same is true of open source software, of Amazon book reviews, of comments on obscure ornithology websites about the lesser-spotted rabbit catcher. The Internet is a great leveler, in that anyone with an Internet connection can join in, but then human nature kicks in, and hierarchies form. In this case it tends to be around what you know, and how much you hang around and contribute.

But there’s a bigger point here. Just as each online community depends on these power users, so do they depends on ordinary folk like us. Editing a Wikipedia entry is remarkably easy, and the warm fuzzy feeling you get for correcting even the smallest error is a a heady one. Try it and you’ll see how easy it is to get addicted.

Indeed, websites make it so easy for us to play a role that in a way the model is changing. We can add our voice while doing nothing more tiring than listening to music on our computer. Software will feed our choices of songs to others who may share our tastes and are looking for new artists to listen to. We can easily add websites to social lists of bookmarks with just a mouse click. Increasingly we do this kind of thing with our friends via social networking sites–partly because it’s fun and partly because we like to be useful.

And maybe, in the end, that’s all it comes down to. My Dad used to walk around the village picking up bits of litter—some of them so small my toy microscope wouldn’t have spotted them—just because he wanted to be useful. I suspect Edward, and all those other Wikipedians out there, are doing something similar. Which gives me a warm fuzzy feeling about the future of the Internet. Of course, a couple of barn stars wouldn’t go amiss either.

Is PaperMaster Finally Dead?

By | November 22, 2011
32 Comments

image

A reader tells me that PaperMaster, the once great scanning and file saving software, is no longer available. Tech support, the reader says, says only that the product was pulled today and no other info is available. 

Try to order one online and the message ‘531031 PaperMaster Pro International – not available’.

A sad end to what was once—and for many still is—the best program for scanning documents into folders where you can easily find them again. Paperport just isn’t quite the same, somehow.

That said, the company that bought PaperMaster, j2, have had it coming to them for a while. I found them unhelpful in my efforts to review earlier versions of the software, and this blog has been something of a gathering point for disgruntled users.

I don’t think they really understood the software, or the fanbase, that they had. The product has not been mentioned on their corporate website for some time (except, interestingly, on their legal page.)

Sad, really, given that there are lots of users still out there. If you’re in that boat, and you’re still looking for a replacement, you might want to try Evernote. It’s not quite ready to do what PaperMaster did, but they’re promising PDF thumbnails (Macs already have it, natively) so you might find it works for you.

South Ossetia: The First Cyber/Physical War?

By | November 22, 2011
10 Comments

image

BBC picture

Wikipedia is doing a good job of chronicling the war in South Ossetia; its mention of several apparent cyberattacks on both sides makes me wonder whether this is the first instance of a physical war being accompanied by a cyberwar? All those listed on Wikipedia are not parallel attacks, i.e. they are not part of an actual physical war.

So far the attacks have been by Georgian supporters on two Ossetian media sites, and attacks by supporters of South Ossetia on the Georgian National Bank website and the Georgian Ministry of Foreign Affairs (which was reportedly splashed with a collage of of Saakashvili and Hitler photos.) The Georgian news site, Civil Georgia that reported the attacks on the South Ossetian websites itself now appears to be down.

Some attacks appear to preceded the war, suggesting that they were part of a deliberate build-up ahead of the entry of Russian troops into South Ossetia. On July 21 the Georgian president’s website was attacked. I wasn’t able to access the website as of early Aug 9. While tensions have been growing between Georgia and Russia for several weeks, it seems clear that the botnet involved in this attack was set up for this purpose only a few weeks ago.

Of course, none of this means that it’s done at an official level. But it’s interesting that at a time the Georgians and the South Ossetians would presumably like to get their sides of the story out, they can’t because their websites, official and unofficial, are down.

As the Georgian ambassador to the UK put it to Al Jazeera:

“Georgia has been attacked by a formidable force, it is a brutal attack with the use of air force, tanks and even the trademark cyber attack.”

“If this is not an all out war what is?” he asked.

War in South Ossetia (2008) – Wikipedia, the free encyclopedia

Update on Aug 12: some more links

http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/063820.html

http://news.cnet.com/8301-1009_3-10014150-83.html

Six Degrees of Networking

By | August 7, 2008
0 Comment

A recent report by Microsoft researchers had breathed life back into something that looked like a myth: the idea that we’re only six people away from everyone on the planet. Six Degrees of separation, as it’s called, suggested that someone we knew would know someone else who would know someone else who would know someone else who would know someone else who would know the person we’re trying to reach. It’s called the small world experiment, and we like it because it makes the world seem smaller, somehow, more cozy.

That idea is more than 40 years old. And most people had begun to think it wasn’t true. Of course, then, there were only 3.5 billion people on the planet. Now it’s nearly double that. I’m not a mathematician, so I’m not actually sure whether that makes it easier or harder.

Anyway, the idea wasn’t doing terribly well until recently, when researchers from Microsoft gobbled up 30 billion chats on Microsoft’s instant messaging system between some 240 million people around the world and concluded that the average path length between any messenger user and another is 6.6.

What the Microsoft guys have really discovered is that the Internet has created a new kind of connection. The Internet is all about connecting computers to other computers; we just happen to be sitting at their keyboards.

Facebook, for example, is a very efficient tool for turning even the most scatterbrained recluse into a social networker. If you’ve ever used Facebook, you’ll know that it can reassemble the disparate networks of friends, colleagues, relatives and childhood foes alarmingly quickly. I now have 399 friends on Facebook, and they span the globe and a lifetime of boozy lunches and cigarettes behind the squash courts. A little application on the side will constantly nudge me with suggestions for people I might know but haven’t added.

But these networks are about more than recreating the bulging address book of half-forgotten friends you would occasionally send Christmas cards to. Other services, liked LinkedIn, try to leverage connections to build business networks. I have a modest 518 connections on LinkedIn, and another 194 invitations still awaiting a reply, but I have no idea who most of them are. They might be people I once met, interviewed, emailed, or, more likely, contacts of people I once met, interviewed or emailed, or even just people who thought I was a cool guy and wanted to be linked to me.

Of course, they’re not interested in me so much as who I know: And vice versa. If I want to reach someone at the Daily Telegraph, for example, I could reach more than 35 of them through people in my network, who either know someone there, or know someone who knows someone who is there.

I found that simply by typing in the name of the company. It took me 30 seconds and cost me nothing.

The reality is that the Internet makes our networks very efficient, so that the line gets blurred between what these connections actually mean. Are we gathering friends and business connections because we’re interested in these people, or because we want to a) show off or b) start selling them vacuum cleaners or sending them our CV? Perhaps it’s always been like that. There was always someone who seemed keener to know you for your friends than a fascination with your collection of tie-dye t-shirts.

But things are different. Those of us plugged into the net—or our cellphone—for much of the day are already familiar with how we unconsciously layer and maintain our networks—whether it’s on tools like twitter, or Facebook, or Skype, or Windows Messenger. Back in 1967, when the six degrees separation experiment took place, they used letters to explore the connections between people. The quickest took four days: 232 of the 296 letters never reached the destination.

Now we have 100 different ways to connect almost immediately to anyone else on the planet—who happens to be on a network. We may think they’re the same, but they’re different worlds. We’re connected to people, not because of any innate sociability of social skill, but because of the awesome power of the Internet.

That said, some thing never change. The Microsoft study also found that people on instant messaging tend to communicate more with people of the same background. That makes sense. But there was one area where this wasn’t true: cross-gender conversations, as they put it, are both more frequent and of longer duration than conversations with users of the same reported gender. In short, most instant messaging is about flirting. I’m guessing that was probably true back in 1967 too.