On WikiLeaks Methods and Motivations

Recently, the WikiLeaks Task Force tweeted something quite inflammatory:

We are thinking of making an online database with all "verified" twitter accounts & their family/job/financial/housing relationships.

In other words, that it was determined to create and publish a database of personal interconnections between verified Twitter users. This database would include information about finances, family connections, cohabitation, jobs and so forth.

This statement has, at the very least, sparked outrage.

Let's look at this statement from two points of view: (1) that WikiLeaks made the statement , and (2) that someone else made the statement and wants us to think WikiLeaks said it.

(1) WikiLeaks made the statement

That, on the face of it, would be galling.

I ask you here, honestly: does everything have to be public?

I can understand Facebook and why they would want to collect their user graph. They protect their users' privacy (although that's far more nebulous, even given their periodic missives, famous missteps, and explanations of policy).

But let's look at the author of the tweet: WikiLeaks. This sounds more like a sinister plot to me. Let's address the main reason for this.

What's all this about WikiLeaks working with the Russians?

Though WikiLeaks may never have dealt directly with the Russian intelligence services, they certainly had to know that release of the data played right into the Russians' hands. It seems pretty clear, given the timing of the release of the Podesta emails, that WikiLeaks understands perfectly the consequences of their actions.

In fact, WikiLeaks' sensitive data releases almost always damage the west and leave Russia unscathed. A visit to the wlstorage.net torrent repository shows us specifically who they target. There are very few Russia-related information troves.

If they released a trove of data on the Russians, it seems clear to me that Assange and many others at WikiLeaks would find themselves sipping Polonium-210-laced tea like that ill-fated ex-KGB whistleblower Alexander Litvinenko. Bad press for the Kremlin (in his case, looking into the assassination of Russian journalist Anna Politkovskaya) is generally punished by death in Russia. Dig too deeply and you'll discover, much to your chagrin, that it's your own grave you have dug.

WikiLeaks denies they received the leaked emails from the Russians. The US claims they know the go-betweens that prove Putin ordered the operation.

Let's just say for a moment that WikiLeaks are enemies of the west. Then this is completely consistent with publishing a database of who is related to who, what their jobs are, how much they make, and where they live. This process, called doxing enables people and organizations with malicious intent to get handles on people they want to attack. If this were true, the database WikiLeaks apparently would want to publish is, in fact, an analog of the human flesh search engine.

This kind of data would be of immense use to the Russian intelligence services, such as the FSB. So it certainly seems plausible to me that WikiLeaks was behind the tweet. But what about the other possibility?

(2) Someone else made the statement and wants us to think WikiLeaks said it

Did they even say it? It was tweeted by the WikiLeaksTaskForce, the Official WikiLeaks support account. It is explicitly intended to "correct misinformation about WikiLeaks".

Very soon after the original tweet, which has since been deleted, WikiLeaks itself tweeted the following:

Media note: @WikiLeaks is the only official account of WikiLeaks. No other accounts are authorized to make statements on @wikileaks behalf.

So the narrative might be that some troll joined (or hacked into) WikiLeaksTaskForce and posted the tweet to spread false information.

Its not unlikely at all that someone would want to discredit WikiLeaks. After all, their business is to enable whistleblowers by providing foolproof ways to release sensitive information. So anyone that has been damaged (or may be damaged) certainly has the motivation to discredit WikiLeaks. This is a big list of people, like John Kerry, Hillary Clinton, and organizations, like Bank of America, the American Intelligence community, and so on.

Tom properly discredit WikiLeaks, they would plausibly possess the means to accomplish the database in question. To assess that, we must first know exactly how WikiLeaks works.

How does WikiLeaks work?

Their primary modus operandi, I believe, must generally be given by the following steps:

• accept large corpora of whistleblower information
• put it onto an air-gapped network
• strip it of all attribution, which entails editing it
• separate it into bins of sensitivity
• encrypt and encapsulate (using BitTorrent) the bins for transport
• upload the information on wlstorage.net
• get other sites to mirror the information
• periodically release keys for the purpose of disseminating the information a bit at a time

They would use an air-gapped network to prevent anyone from hacking into them, which is definitely possible. They would want to isolate the sensitive data to completely control what is done with it and where it goes.

The stripping of all attribution information, including email headers and telltale references is done to protect their sources. This may involve redaction of information that can hurt innocent parties. But also look at this on the face of it: they are intimately acquainted with the forensics of data present in email headers.

They have admitted that they separate the data into bins of sensitivity so they can control the impact of the releases. After all, the idea that some information is more sensitive than others is a natural consequence of the information itself. But they might also want to keep the most inflammatory information as a deadman switch. Such information can be released if Assange is killed, for instance. This was demonstrated recently when, in October 2016, Ecuador cut off Julian Assange's Internet access. Soon thereafter, WikiLeaks tweeted hashes to various troves of information, aimed at John Kerry, Ecuador, and the UK FCO. So it's a virtual certainty that Assange has deadman switches.

Their favorite method of leak data storage is by encrypted, encapsulated databases, posted as a single file. This is so they can withhold the release of the data, processed using AES 256-bit encryption, until a later date, without withholding the data itself. Often, the files are hundreds of gigabytes in size, so they use BitTorrent as their transport. The file names often contain the word "insurance". This also corroborates the theory that the files constitute a deadman switch: if Assange or another key-holding WikiLeaks person is killed, then keys may be released by the others in retribution.

After the data is packaged, it is then uploaded to wlstorage.net, a storage site run by WikiLeaks that promotes mirroring. Unfortunately, from time to time, this data has often included malware which gets cleaned up, generally as soon as it is discovered.

Once there, any number of sites mirror the WikiLeaks databases. This includes CableDrum, and many other sites. This measure of redundancy prevents any single site from simply being destroyed to prevent the sensitive information from being released.

When WikiLeaks releases a trove of information, they simply need to release the AES 256-bit (64 hex digit) key. This allows anybody having access to any of the mirror sites to decrypt the information and begin the process of data mining it. Usually this means the press.

How does WikiLeaks modus operandi make the tweet more plausible, specifically?

First, because WikiLeaks is known to accept large corpora of hacked data, who says they haven't been able to get ahold of the verified Twitter database? If it's not plausible, then this tweet is a call to arms for the many hackers out there who need the cred that would stem from such a successful attack.

Second, because WikiLeaks is adept at stripping attribution information from email, metadata from photographs, wrappers from tweets, and other media, they are the perfect institution to be able to make use of that attribution information, symmetrically, to work against the "system".

Third, knowledge of encryption and the limits of its usefulness means they must also be knowledgeable about decrypting and cracking such information. They have a milieu of hackers that they are in regular contact with, certainly. They are trusted by hackers because it is WikiLeaks specific mission to protect them. They need to know what can and can't be cracked so they can keep their publicly available information troves secret from the most capable intelligence agencies in the world.

How does the tweet discredit WikiLeaks, specifically?

The ghastly specter of Big Brother looms over the tweet, that some clandestine organization is gathering information on all of us. This makes WikiLeaks the new NSA, the new GCHQ. Which makes those two organizations the ones most likely to discredit Assange.

Do they really need discrediting?

Currently their leader Julian Assange had been holed up in the Ecuadorean Embassy in London for 4 years and 7 months. This is because he has been granted asylum by Ecuador. Assange suspects that he will be extradited to the US to face charges under the Espionage Act of 1917. This could net him 45 years in a supermax prison, and potentially the death penalty.

Assange is also wanted for "lesser degree rape" in Sweden, a charge that will not expire until 2020.

The NSA has labelled WikiLeaks as a "malicious foreign actor".

Transparency: the Way of the Future?

Is full transparency in government a good thing?

Disruption

I believe the ascendence of wikipedia.org as a collaborative knowledge base has had a significant positive effect on the general access to knowledge. But it has also had a significant negative effect on existing encyclopedias. Recently, the venerable Encyclopedia Brittanica announced their final print edition. Really, it is no great surprise that an online knowledge base can be disruptive in this way. This is really quite similar to the disruption of printed news media (such as newspapers) by online new sources. But there are other ways that wikis can disrupt.

Wikileaks

The concept of a wiki is a compendium of material with contributions from several authors. There is a specific wiki called wikileaks.org that amasses secret material and publishes it, run by Julian Assange and his associates. The contributors are whistleblowers everywhere. Many of the contributions are centered on the secret doings of governments.

The interest in such wikis is fed by the conspiracy theorist and the popularization of the idea that governments are bad. That they are doing bad things. But weighing individual privacy against the common security is not a simple black-and-white issue.

That being said, I do believe that governments should not act unchecked. Doing evil "in the national interest" is wrong.

Wikileaks has the potential of disrupting a government's ability to operate. Perhaps they believe they can level the playing field between governments by rendering every government transparent. Perhaps they naïvely believe they are only seeking the truth. Unfortunately, they have done little to render Russia transparent, or Iran, or North Korea. Or even China. They have primarily been concentrating on the United States. Indeed, in some countries, if journalists attempt to render those countries transparent they will simply be murdered. Witness, for example, the purported state-supported murders of Anna Politovskaya and Alexander Litvinenko. Some countries simply have a history of dissuading whistleblowers by making sad examples of them.

It is doubtful wikileaks has the balls to assail any of these countries.

What this has done is to make it less possible for the United States (and some other target countries) to operate in the diplomatic arena, and consequently it lends a strong an advantage to their competitors. This is inevitable. And the trend is to only publish material from countries that are relatively easily penetrated: free countries. This disadvantage is coming soon to your country.

Competition between countries is not just political, or concerned with human rights. It also is about economic prevalence. Countries such as Russia, with its oil and natural gas pipeline that nearly controls Europe economically, and China, with its control over cheaply-made electronics (due to their singular labor policies compared with other countries) and its near-monopoly on rare earth elements, owes its prosperity to the influx of currency from other countries. It is a strong motivation these days: perhaps the only motivation that actually counts to China.

Transparency is not good for negotiation. Without it, countries can operate in secret. Keeping their agenda secret while they strive to achieve their goals is actually key to success. A level playing field would make things better for negotiation. Ironically, the playing field is being made less level by wikileaks.

The kind of transparency that wikileaks.org offers is total transparency. They constantly work to reveal everything they can: entire full sets of diplomatic dispatches, even full sets of military communiques. This will naturally reveal plenty of stuff that could be necessary for a country's economic survival.

Indeed, it would be to a competitor's advantage to extract such information and provide it to wikileaks. Whether this has actually happened is something I can't really verify, because wikileaks scrupulously seeks to anonymize the information, scrubbing away email MIME headers (so you can't be sure the emails were genuine in the first place!), zeroing empty blocks, and redacting content that could reveal their source.

If the publishing of the information is a crime, then they are accomplices and co-conspirators. But how do you prove that the information is true? You can't. They have scrubbed away all that can be used to prove it true. And if you independently verify one piece of information, can you trust the rest if you can't say where it actually came from? I doubt that wikileaks even knows whether the information they post is true or not. They may not even know for certain where it came from. Which makes the publishing of the information an incredibly questionable activity.

Wikileaks has also revealed information about companies as well, such as Bank of America. I am sure it would love to reveal information about people as well.

So, when Julian Assange commits a sexually predatory act in Sweden, for instance, he should be glad that such things can be transparent. And he should be glad to participate in a transparent legal process there, right? No. He is a hypocrite. It's OK to reveal other people's secrets. But when his secrets get revealed, then he objects! And fails to own his actions.

Hacktivism

Hacktivism, hacking for the purposes of vigilante social justice, has been on the rise. The Anonymous group is famous for hacking in retaliation for the removal of credit card support in wikileaks. Really, anything they set their collective minds to, if they think it represents an injustice, is cause for a retaliatory hack. This makes them judge, jury, and executioner for their brand of justice.

Many of the Anonymous crowd also perpetrate hacks that simply reveal lists of credit card numbers and email accounts and passwords. Don't they know that the rogue and state-supported Chinese and Eastern European hack squads are going to exploit these? They disrupt businesses like Sony's Playstation accounts. These acts are essentially criminal acts. And if they aren't criminal acts, they almost certainly lead to them.

In some ways, hacktivism can also produce effects that may be useful, such as making us aware that we should change our passwords. But these are secondary, reactive effects, and not the ones that they were seeking to accomplish. Not by a long shot.

Really, such lawless acts are indefensible. In this day and age where so much is constantly being attacked by Chinese hack squads, why don't these hackers join the good guys and help to build better defenses against the barrage of cyberattacks? There is a real need, and they have the talent. Please, Anonymous, step forwards and help. And I'm not talking about defacing Chinese government web sites.

Perhaps the FBI will have to bust these hackers and conscript them, like they did Sabu.

Either way, we need to get organized to fight cyberattacks and cyberterrorism.

Even if laws could keep up with technology, there are still Chinese state-supported hack squads to deal with. Maybe wikileaks will try to keep them accountable. Sure.

The Moral

Those interested in transparency and who are eager to reveal things must own their actions and practice what they preach. An anonymous hack is an asymmetric form of warfare. Not exactly transparent, is it?

Hackers, Part 2

Today, the FBI took down LulzSec, the splinter group of hackers responsible for so many incursions. Months ago, I speculated that they were known down to the person but I was premature. It turns out that their leader, "sabu" was known, though. That's when the FBI secretly arrested him and turned him into the most interesting mole in hacker history. While, in Hackers Part 1, I speculated that they were disbanded, it turns out that they had turned their efforts onto a new theme, AntiSec. It is good someone got them, because they supposedly had thousands of infected servers at their beck and call (topiary claimed this).

LulzSec, populated with personalities like sabu (Hector Xavier Monsegur of New York), kayla (Ryan Ackroyd of London), topiary (Jake Davis of London, actually arrested last year), pwnsauce (Darren Martyn of Ireland), palladium (Donncha O'Cearrbhail of Ireland), and anarchaos (Jeremy Hammond of Chicago), were responsible for a number of attacks that penetrated systems (mostly using password hacks), stole data and simply posted it (mostly on pastebin.com). Data sometimes included identity information and credit card information. But they really liked to ply DDoS attacks, which are made possible (and apparently popular) using off-the-shelf software like LOIC. The complicated process in finding anarchaos is detailed in this link.

Then things heated up, and in June 2011, other groups started outing LulzSec members. The link points to a pastebin post by the A-Team, a public rival hacking group. Their speculation about topiary was wrong, it appears, but they got sabu right. I wonder how other specified members uncommon, laurelai, eekdakat, nigg, madclown, avunit, tflow, and joepie91 are faring. They are listed in this link, some with names and addresses. Maybe they are on the way. But again, if they got topiary wrong and sabu right, then their record isn't exactly perfect.

In either case, Alpha Mike Foxtrot!

So it's clear that, when this happened, the FBI moved in and turned him. That can't be good for the other members.

This is on the heels of two interesting developments in hackerdom. The first is Anonymous and their prying into the international anti-hacking taskforce's conference calls. The second is the spoofing of Anonymous for the insertion of malware into their actual computers.

The FBI kind of got a black eye when Anonymous posted details of a conference call (the Anon-Lulz International Coordination Call) that occurred between the anti-hacking taskforces in both the US and the UK. The FBI recently admitted that this occurred. So that tells us that the posted transcript of the call was actually correct. It was during this call that the Anonymous member tehwongz was outed. Well, he's a 15-year-old kid, so no names were mentioned. He claimed to have hacked Valve's Steam network. The conference call was hacked by palladium (also known as anonsacco) and this is detailed in this link.

The other notable incident seemed to pass by without notice, although it did receive netplay. Here, a purported Anonymous tool for hacking, posted on pastebin.com, was actually malware in itself. This means that all the Anonymous sympathizers that downloaded and used this code, were infected with malware that would send their dox (identities and other useful information) to someone. This was detected by Symantec very recently.

I speculate that someone wants to know who they are. And get this interesting tidbit of information: the malware was spoof-posted on pastebin right after the MegaUpload raid.

It might be a perfect thing for a government to do to get these guys. First the MegaUpload raid occurs, enraging the hacktivists, then a malware post occurs, then the Anonymous hacktivists decide to use the tool to stage a DDoS attack. And voila! Plenty of names and IP addresses are streaming in.

We will see in the coming weeks and months what comes of this, I think.

Future, Part 1

Is technology advancement accelerating? What's holding it back? When can I get my flying car? Enquiring minds want to know!

To answer these questions and others that shape the future, let's look at a concrete example of technological advancement and see what it tells us.

Display Panels

In 2007, when I got my first iPhone, I knew I was holding the future in my hands. And when the iPad arrived, it seemed that Apple single-handedly propelled us into the 24th century. But these inventions also depended upon the relentless advancement of technology: capacitive touch panels, software and hardware for multitouch processing, thin display panels, battery technology, architecture for economical power consumption, MEMS, and so many other cool things. We will look at thin display panels for a moment just to get an idea of how technology advances. This will give us a time frame that we can use to understand how fast the future might arrive.

Thinner, brighter display panels that consume less power, clearly necessary for smartphones and tablets, are one invention that has taken years and years. Let's consider the timeline from conception to real-world commercial availability.

George du Maurier's illustration in Punch, 1879

In 1851 to 1855, Czar Nicholas I had a prototype Pantelegraph installed between Moscow and Saint Petersburg and about 5,000 faxes were sent between those dates. So people were certainly interested in sending images at least in the form of faxes.

On December 9, 1878, George du Maurier's sketch for the Telephonoscope appeared in the Punch Almanack for 1879, which showed a window-sized display of video transmitted from another source, and it shows people talking to each other at a great distance, like FaceTime. Although it was intended as a spoof of Edison's inventions, it indicates that people were thinking of this as something they wanted.

Philo Farnsworth and the first television

The first real television was demonstrated to the press on September 1, 1928 by Philo Farnsworth. But RCA Corporation disputed his patent and it was stalled in the US for ten years. However, German companies licensed it in 1935 and sets were produced in limited numbers. The 1939 World's Fair in New York City brought a public demonstration of the technology. Farnsworth's patent was finally licensed by RCA and Gaumont that year, but World War II stalled the development once again. In 1948, after Farnsworth's patent finally ran out, the commercial availability of television was finally realized in the US.

But I remember our first color TV when I was a kid, and it was quite large, and even had tubes inside. Well, all CRTs have at least one tube, the Cathode Ray Tube it is named for. At some point CRTs were replaced almost entirely by flat panel displays. Did that happen right away?

Not at all. The first flat plasma panel displays were introduced in 1964 at the University of Illinois at Urbana-Chamapign. It took 33 years until the first color plasma panel display as introduced by Fujitsu.

LCDs have been researched since the 1880s but LCD panels didn't start appearing until 1972 when Westinghouse demonstrated the first active-matrix LCD panel.

Because technology marches on in separate but simultaneous paths, plasma panels were the dominant television flat-panel technology from about 2000 through 2008, when LCD panels finally took more than a 50% share of the flat-panel television market.

Now, companies are producing thin bright TVs that appear to be bringing us directly into the world of Total Recall, where the walls are just displays. Sharp Electronics is bringing us ultra thin displays with their factory that is building 10th-generation panels. Also, an ID card has been shown with an embedded OLED panel with a 3D display of the person, that is activated by RFID. Just like Total Recall.

In fact, the movie is now being remade, in part because its technology is realizable and just doesn't seem so much like the future any more.

Apple iPhone 4

Today, with LED-backlit LCD panels in virtually every smartphone, tablet, laptop, computer monitor, and television, resolution has become even more important. Particularly with the introduction of the iPhone 4, with its retina display, in 2010. In October, 2011, Toshiba announced a 2560 by 1600 panel in a 6.1 inch display, a resolution of about 428 pixels per inch.

So, to sum it up

• 161 years ago people first started transmitting images
• 135 years ago people first imagined having a transmitted image display on a wall
• 84 years ago people first demonstrated an all-electronic display
• 67 years ago that television's commercial success began
• 48 years ago people first demonstrated a flat panel display
• 40 years ago companies first started marketing LCD panels
• 29 years ago Seiko introduced the first hand-held TVs
• 20 years ago portable computers first featured flat panel displays
• 16 years ago Fujitsu commercially introduced a 42" plasma display panel
• 9 years ago Kodak and Sanyo introduced the first AMOLED color panel
• 5 years ago Apple introduced the iPhone

My first point is that technology advancement definitely accelerates over time. My second point is that, also, sociological, political, and economic forces hold technology back. A third point, not specifically illustrated by the display panels example is that external requirements can force progress.

Why Technology Accelerates

My theory is that there is a copy effect, a synergy effect, and a forcing effect and together they accelerate technology.

One of the basic principles of technology advancement is that once a technology has been demonstrated, it is only a small amount of time before someone else can duplicate it. This I call the copy effect. Whether it happens because of stealing of information, or because there are a large number of clever people is a good question. People are motivated by the understanding that the advancement is highly desirable.

In 1945, the secrets of the atom bomb were smuggled out of Los Alamos by Klaus Fuchs and Sergeant David Greengrass through Harry Gold, and delivered directly to Julius and Ethel Rosenberg and from them to Anatoly Yakovlev, their Soviet contact. When there is desire, information finds its way out.

Today, information doesn't need to be smuggled. In order to transmit it, all one needs is an internet cafe. There is evidence that information doesn't even need to be encrypted to be disseminated widely. So all it takes is one whistleblower to move technological secrets.

Although it is not about technology per se, it can quickly be seen that Bradley Manning and Julian Assange were able to move large amounts of secret information very quickly through the WikiLeaks scandal.

There is another basic principle of technology advancement, demonstrated admirably by the display panels example, is that technology is created by standing upon the shoulders of those who have come before. I call this the synergy effect, particularly when it is accelerated by free dissemination of information. In other words, the internet.

Why synergy? With synergy, 2+2=5, or the sum is greater than the parts. When person A discovers something, and person B knows that, it is possible that person B can improve upon it in some way that makes it truly useful.

For instance, the invention of money enabled us to advance beyond a barter system. The invention of electronic exchange of money enabled banks to create commerce on a larger scale. But it wasn't until the invention of point-of-sale systems for transacting commerce, including credit, debit cards, and the systems for reading them, that the promise of electronic commerce became really useful for all people.

A third basic principle guiding progress is that necessity is the mother of invention. Once the telegraph was in common use, the need to convey emotion and intent forced the invention of the telephone. This is the forcing effect.

Many technological inventions have been made in order to gain the upper hand in matters of conflict. The creation of armor emboldened the knights of the crusade. Attacks by large numbers of people spurred on the advancements in defense: castles, heavy stone walls, towers, moats, and traps. Advancements in defense forced the creation of new technologies for advanced sieges, such as trebuchets, siege towers, and siege hooks. The American Civil War led to the invention of the Gatling gun and later the machine gun, which was prominently used in World War I. And then came the dawn of the nuclear age, when the atom bomb became the deciding technology that ended World War II.

It continues to this day, with man-in-the-loop systems, precision-guided munitions and bombs, and UAVs.

When you put these three principles together and into the hands of billions of people, it becomes impossible for technology to be held back. And, at some point, information spread will reach a maximum limit, where everybody knows everything as soon as it is known. But also notice that some events can simultaneously hold back and push forwards technology.

All in all, this is still good news for the future, if we survive it.

Why Technology Gets Held Back

Public sentiment is a very good first reason that technology can get held back. Right now, we seem poised on the brink of new methods of portable energy storage, like fuel cells. But the electricity required to generate enough hydrogen for mass fuel cell adoption is large. Where will we get the electricity? One technology that seems almost certain to be able to provide this electricity is nuclear energy.

But such events as Three Mile Island and Chernobyl, and more recently the effect of the March 11, 2011  Tohoku tsunami on the Fukushima nuclear power plant, are turning public sentiment against nuclear power. The dangers associated by the storage of High Level Waste (HLW) such as spent fuel rods are also widely known problems, and their implications for future generations cannot be ignored. This has led to the rejection of the Yucca Mountain facility in Nevada (though it's not over yet), and also to the creation of better HLW storage facilities, such as the Östhammar Forsmark facility in Sweden, which could be completed in 2015.

Political turmoil is a second reason that technology can get held back. As discussed earlier, World War II held back the advancement of television. It also held back jet engines.

Periodically, purges have caused huge destruction of information. The burning of the Library of Alexandria was one example and it is speculated that the plans for mechanical inventions, including perhaps the Antikythera mechanism for predicting astronomical positions, was destroyed accidentally by Julius Caesar in 48 BC. This disrupted scientific progress since huge stores of knowledge were lost.

When, between 213 and 206 BC, the Qin dynasty ordered the burning of books and then ordered more than 460 scholars to be buried alive, they however decided to keep the military technology.

Pressure from economic interests is an excellent third reason that technology can get held back. Existing investments in infrastructure can quickly be obsoleted by disruptive technology. Companies wishing to retain control over a market can buy up invention rights to prevent them from coming to market. Or simply suppress them.

For instance, General Electric engineer Ed Hammer invented the compact fluorescent light (CFL) in 1976, but GE failed to bring this device to market, or to prioritize its research. It is believed that they thought their incandescent light bulb business would be disrupted by such a technology. In reality, they might have owned that market for the many intermediate years before LED light bulbs were introduced. And saved the world plenty of energy in the meanwhile. But they were also selling nuclear reactors, you see.

It isn't a real stretch of the imagination to think that petrochemical energy companies might not want alternative energy sources to come to light. Some of these speculations border on conspiracy theory, but such incidents have certainly happened in the past.

Flying Cars

One of the most common predictions of the future is the flying car. In fact, we have flying machines today, in the form of airplanes. And we have magnetic levitation and induction, used in bullet trains. But to realize the flying car without using the ground effect or a rocket to keep it aloft (both rather a problem for those underneath it) requires something different.

It requires antigravity.

Anti-gravity seems like so much science fiction today, but what would it really entail? We know gravity is one of the four non-contact forces, alone with electromagnetism, the strong nuclear force, and the weak nuclear force. In the hypothetical Theory of Everything (ToE), the gravitational force is unified with the other three forces by a single theory that clarifies the origins of all forces.

If force unification can be achieved, then it may be possible to treat gravity like another force. There is some experimental proof that gravity travels in waves. This is because it is known that gravitation propagates at the speed of light. So, if gravity can be treated like electromagnetism, then perhaps it can be polarized or cancelled.

We always assume that a vacuum is empty, that space is completely devoid of all matter. Gravity waves are interesting because of how they must propagate: through the curvature of space-time itself. This implies that vacuum is not vacuum at all, but is permeated with energy (known as dark energy). In one theory, the Superfluid Vacuum Theory, space is actually made up of a Bose-Einstein Condensate, a dilute gas of weakly-interacting subatomic particles. This theory might be a basis for quantum gravity, which attempts to explain the gravitational force through the quantum interactions between these particles.

The duality of photons, tiny bits of light, as either particles or waves may also testify to the internal workings of space. Since photons can be polarized, it is not a stretch of the imagination to think that gravity can also be polarized, and thus components of gravity that act in a particular direction might be cancelled.

The discovery of dark matter, matter with mass but which doesn't interact with light or any other electromagnetic radiation, shows us that some kinds of matter can exist outside the Standard Model of particle physics, which in turn indicates that we have a lot to learn about physics in general.

Communication Through the Earth

The verification of quantum teleportation shows how communication between two entangled photons can be done. It has been verified through free space over distances of multiple kilometers. However, several problems exist that make the process currently unsuitable for transmitting classical information. First, only a quantum state can be transmitted. Second, the information is not transported instantly, but is instead transmitted at the speed of light.

Yet, at the end of the day, a quantum state does get transmitted between the two entangled photons without interacting with the intermediate space. This is clearly evidence for the non-Cartesian connectedness of the fabric of space-time, at least at the quantum level.

While this technology does not accomplish zero-time transmission, it does have the promise of transmitting information from point-to-point without the possibility of an intermediate interloper. Such a technique is extremely important to secure transmission, and would employ quantum cryptography, a two-key cryptosystem that is entirely based upon the entanglement of quantum states.

Using such a system, you could communicate with a satellite in orbit at arbitrary bandwidths, regardless of whether or not it was on the other side of the planet. And to intercept the information being transmitted, you would have to be at one end or the other. And even then, you couldn't get the information because it would be dependent upon highly-randomized quantum states, which are kept in sync at both photons at either end.

Perfect for keeping secrets.

To create such an entangled pair of photons, called an Einstein-Podolsky-Rosen (EPR) pair, you would need a source for single photons that operates at room temperature. NASA is sponsoring the creation of such a device.

Biometrics

As you know from the Hackers post, interlopers are out there and they are trying to get your data! My personal opinion is that better kinds of security are needed. Particularly when a 4-digit password can sometimes be guessed just by looking at the smudges on the screen. And good passwords can be hard to remember, while easy-to-remember passwords can be easily cracked by simple perl scripts and a datafile. So what can we do? Well, technology is coming to the rescue because the science of biometrics can be used to make sure you are you. And since you are you, you won't have to remember any passwords.

Biometrics are on the tips of your fingers, the flecks of color in your eyes, the backs of your eyeballs, the shape of your face, and even the tiny imperfections in your skin. To measure a biometric identification technology, we use the false acceptance rate and the false rejection rate. The false acceptance rate is the probability that an interloper's biometrics will match a legal user in the database. The false rejection rate is the probability that a legal user's biometrics will not match their own database entry. Both are undesirable for good security.

Fingerprint

Ever since Dr. Henry Faulds first devised a system for identifying fingerprint patterns and classifying them, fingerprints have been used as a method of unique identification. Some laptops, such as the HP Pavilion have optional fingerprint scanners. One swipe becomes your password identification to log in. Numerous fingerprint scanners exist, such as the Eikon To Go USB fingerprint reader, and they are even Mac compatible. Current fingerprint scanners have a 3% false rejection rate, which is rather high. But their false acceptance rate is 0.1%. These can be confused by an uneven finger scanning rate when swiped.

The coolest new fingerprint technology is the TI LightCrafter, a MEMS device that uses structured light illumination (SLI) technology to scan a small 3D object such as your finger. This means you don't even have to touch the device for it to read your fingerprints. And it will read faces, teeth, and palms easily as well. It uses a DLP projector with 416,000 micro-mirrors to project stripes of light onto an object, then it measures the deformations of the stripes to reconstruct the object's 3D height field.

But at $600 each, it won't be included in your smartphone any time soon - until the price comes down.

Infrared-scanned eye and Iris code
Source: John Daugman

One of the most promising biometrics techniques is iris recognition. The best iris scanners operate using near-infrared illumination and sensing. First, the iris scanner takes a picture of your iris (the part of your eyes that make them blue, brown, hazel, and gray) in relatively high resolution. It doesn't have to be a complete picture of your iris, though. This is fortunate, because most people don't open their eyes wide enough to see the entire circular iris. The portion of the iris that is visible, minus things like specular shines, is unrolled from its circular format using a polar projection and thresholded. The areas that are not present are labelled don't care and the other areas are labelled with a one or a zero. Then this matrix of ternary bits (trits) is matched (using wrap-around to account for face rotation) with a database using special comparison algorithms.

When properly done, iris scanners are good enough to provide nearly 100% security and uniqueness on a population of many million. And, by the way, identical twins have different iris patterns, too. So that scene in Eagle Eye when the identical twin gets into the system and matches his brother's biometrics: that just can't happen! The false acceptance rate of an iris scanning system that is state-of-the-art is a mere 0.00008%. The false rejection rate is nearly 0%.

There is some evidence that moderately high-resolution video cameras in normal daylight can do iris scanning and verification. This is the technology that seems most likely to be applicable to smartphones, with their modern high-resolution cameras.

Voiceprint

Voiceprint identification systems are another cool and reliable biometric. Studies show an error rate of only 0.31% for false identifications, and 0.53% for false eliminations, which is quite good. Still, it might indeed be too easy to hear the phrase used as a password. And to record it as it is being uttered.

Facial detail identification is another technology that is being investigated. Here's my example of this technology. In my red-eye work, I came across this image that looks like Mark Zuckerberg. But is is really him? Let's use this technology to prove that it is him.

Here is the picture (to left). He's having fun at a party. So to prove it is really him, I will find a baseline image of Zuck somewhere on the web. Ahh, here's one (below to the right)!

Guillaume Paumier / Wikimedia Commons, CC-by-3.0

Comparing, we see that the eyebrow shapes and shiny superorbital ridge are remarkably similar, but (!) vastly more importantly, the three spots on the right cheek, the spot nearly in the center of the left cheek, and the one spot above the left eyebrow are just too much alike to be a coincidence. That, the canine teeth, and the right ear shape make it a 100% certain match. So, if you don't want to be identified - don't be famous!

Soon, perhaps it will be entirely unnecessary to enter passwords. And, to me, it looks like the iris scanning system is the most secure.

Hackers

Hacking is not new, nor are the motives for hacking. But not all people know what they are, nor how the hackers act on their motives, nor how they can protect themselves or their companies from hacking. Let's talk about hackers for a bit.

Means

All it takes is a computer and a connection to the internet, right? Wrong. It takes mad skills to get anywhere in the hacking game. A penchant for puzzles. A love for spy vs. spy. A more than average intelligence. And it takes friends, either real people or just botnets. Or, just access to the right tools.

Attacks on organizations, particularly DDoS (distributed denial of service) attacks, are typically organized via social media, coordinated on Twitter, and accomplished with tools such as Low Orbit Ion Cannon (LOIC), a tool specifically designed to accomplish DDoS attacks. These attacks quickly make websites useless because their servers are overloaded with incoming messages.

The hacker's toolkit includes the rootkit, basically a way of achieving administrative privilege security level on a computer. Usually malware starts the ball rolling, perhaps installed by a zero-day exploit. This malware subsequently installs some processes designed to be completely undetectable that aid the hacker in accomplishing their tasks. Once a rootkit has penetrated a computer, that computer can then be used remotely and it becomes a zombie (or bot). When a large number of these computers have been secured, they become a botnet. So a hacker can, for instance, install LOIC onto several computers in this fashion to provide more power (and bandwidth) for a DDoS attack.

But, of course, it is possible to simply rent the computers to accomplish the same task. It's easy to rent hundreds of computers from Amazon Web Services. The attack against Sony Corporation's online entertainment services, which resulted in the compromise of the personal accounts of over 100 million customers, was facilitated in this way by users with fake names.

Tools are available online and some people just use them without realizing how they do their job. Such people are called script kiddies in the hacking world. Hacking tools are apparently available for several purposes. Keyloggers are a kind of malware intended to record each keystroke the computer's user types, including their username and password. They are often structured as a trojan horse, a program designed to look like a trusted system, perhaps the login screen. There are plenty of techniques used by modern hacking groups like the recently-disbanded LulzSec and the active group Anonymous.

Most of these tools and techniques are designed to penetrate a computer and obtain system administrator privilege. Once a hacker has this privilege then they can access or change any file on that computer. The files can contain other passwords, or perhaps valuable data such as credit card information or personal addresses and phone numbers. Or perhaps it contains private information.

Motive

The DARPA Shredder Challenge

In 1974 when I was a freshman at Caltech, there was a bit of hacking about. One blonde-haired "troll" was quite proud that he had penetrated a security kernel of a system remotely by hand-disassembling it from an IBM 370 machine code dump. Over Christmas break, some students orchestrated and accomplished the "McDonald's Sweepstakes Caper". I was in Steve Klein's dorm room listening to Pink Floyd's Dark Side of the Moon in Page House when someone walked in with a bag of McDonald's. A contest entry form was passed around and the guys discovered that the entry form said "enter as often as you wish". Even more damaging was that the fine print on the entry form didn't say the forms had to be handwritten or signed by a human, or even that they couldn't be printed separately. We thought this was hilarious! When I went home for Christmas break, they used a computer to print out hundreds of thousands of entry forms and distributing them into as many McDonald's as they could find. By the end of my freshman year, they had won 20% of the contest's prizes, including a car. Although the caper wasn't exactly hacking, it demonstrates the first motivation for hacking: it's for the honor of saying "I did this". Yes, it is very similar to the reason people climb Mount Everest.

So, honor and a sense of one-upmanship is a very powerful psychological motivation for hacking. Witness the years-long rivalry between MIT and Caltech that finally erupted in Caltech's cannon being stolen.

These days it's quite a challenge to keep secrets, it seems. The more valuable your secrets are, the more people are trying to get them. The more damaging your secrets are, the more people are trying to publish them. The more famous you are, the funnier people think it is to harass you. These illustrate three other motives: the criminal, social activist, and humorous motives for hacking. Nowadays, there is one more overarching reason for hacking, and its totally wrong: state-supported hacking. Hacking for destabilization, infrastructure attack, and for gaining the economic upper-hand are increasingly becoming common.

Indeed, some of the more infamous attacks use rootkits to penetrate special-purpose systems and accomplish political gains. The Greek wiretapping hack is one example: the perpetrators were never discovered. The Stuxnet virus, a brazen frontal attack on the Iranian nuclear weapon ambitions, has been long suspected to be Israeli, American, or Russian in origin but we may never know. It also attacked special-purpose hardware using a root kit.

Criminal hacks abound. Consider the phone hacking scandal involving the News of the World. The British tabloid hacked into the voice mail of the murdered school girl Milly Dowler in order to secure an interview with her mother. This was intended to sell more newspapers, so the motive was money; the act was criminal. But it was only the tip of the iceberg.

The release of damaging information often results from a sense of social activism. They believe they are advancing the cause of transparency, accountability, and freedom. The case of Bradley Manning and WikiLeaks illustrates this trend more than any other case, although it really wasn't hacking. For hacking-related social activism, it's better to look at Anonymous and the emergence of the hacktivist.

Opportunity

Hacking is definitely a crime. There's even a name for it: cybercrime. But is it the only crime being committed? Is there perhaps some stupidity or worse gross negligence that enables hacking and the subsequent loss of data, by creating a huge low-hanging-fruit opportunity? Oh, most certainly!

The largest presented opportunity is fame. But sometimes you can't help being famous. Sometimes it's not even your ambition to be famous. Still, when you are famous, people love to see what you are doing. This is why data about them is highly prized: to sell gossip zines. It appears to have become common for paparazzi to be in league with hackers, sometimes freelancing and sometimes connect with specific media outlets. Media outlets often offer huge sums for pictures of celebrities. My favorite is the National Enquirer, which offered a cool $1M for an Obama love tryst video.

The next presented opportunity is lack of proper security. This almost doesn't need to be explained. Anybody with a password of 123456 or qwerty probably doesn't know how insecure they are - simply because of cluelessness. There are plenty of available lists of common passwords. All a hacker has to do is try them. But truthfully, any word in the dictionary can be tried by using a password-cracking tool. There is even a list of commonly-used iPhone passwords. So it is very important to choose a username/password pair that is secure. They say to (1) use a word not in the dictionary, (2) have the password be 8 characters or longer, (3) include at least one or more numeral in the password, and (4) to include both upper and lower case letters. Using the same password for several accounts is also not a good idea. E-mail passwords are typically sent across the wires in plaintext format, so bear that in mind.

Sometimes getting into a computer is not very hard due to zero-day exploits: an exploit such as a buffer overrun that you can use right now (because it's installed in several running computers) that nobody knows about. And if they are in, then they don't need your password. So your security should go even deeper. Information stored on your computer that has intrinsic value, or is held in confidence for your customers should be encrypted. Failure to do so has led to several infamous hacks and also of loss of data in the wild. This is inexcusable, particularly in the presence of such viable alternatives as Transparent Database Encryption in Oracle systems.

A browser vulnerability, known as parameter tampering, where the browser address string is simply changed from one account number to the next, caught Citibank off guard when hackers used their computers to modify the string tens of thousands of times and access confidential data.

Finally, hackers are increasingly becoming emboldened by the opportunity of being able to easily sell their ill-gotten credit card and user identity information. Online bazaars are professional-looking sites that allow the hackers to easily connect with their buyers, who use the information to impersonate the victims and buy merchandise.