Funny quote
I think this is one of the funniest judicial excerpts I’ve read to date. Three cheers for dry wit.
If there were a book on the subject of Appellate Game Theory (there is not), this appeal could furnish rich examples for a chapter inevitably entitled “Diversionary Appellate Strategies” or “How to Finesse the Flaw of Immateriality.” . . . Lost in the din of battle may be the more pertinent and dispositive question of, “Does it really make any difference, one way or the other?” . . . Far from being inelegant, therefore, it should be the prime directive of appellate inquiry constantly to ask, “So what?” It is never out of place to question materiality. Wood v. State, 196 Md. App. 146, 151-52 (Md. Ct. Spec. App. 2010).
Westboro Baptist Church
In a strange turn of events, news outlets are reporting Anonymous, the same ‘group’ (or loose association depending on who you listen to) responsible for the HB Gary fiasco is now threatening the Westboro Baptist Church. Or is it? Suspicions are surfacing the threat was posted by Westboro Baptist Church itself. I have an interesting observation regarding the & symbol.
First, this is the press release by ‘anonymous’ which contains some peculiar uses of the & as illustrated below.
- Free Speech & the Advocate of the People
- chauvinists & religious zealots
- attention & in the name of religion
- Freedom of Speech & Freedom of Information
- intimidation and mental & emotional abuse
- Cease & desist your protest campaign
- Kansas, & close your public Web sites.
- propaganda & detestable doctrine
- conduction & promotion
- bigoted operations & doctrines
Note the significant use of & – Westboro Baptist Church is a fascinating group to me. I feel they represent a test of our dedication to free speech, the first amendment’s Gethsemane so to speak. Something about the post sounds like the WBC. For as long as it remains up, look at WBC’s reply. Very curious. Anonymous posted a reply to the WBC reply, note the difference in word usage.
Now look at this sentence:
You have condemned the men and women who serve, fight, and perish in the armed forces of your nation; you have prayed for and celebrated the deaths of young children, who are without fault; you have stood outside the United States National Holocaust Museum, condemning the men, women, and children who, despite their innocence, were annihilated by a tyrannical embodiment of fascism and unsubstantiated repugnance.
Note the super-run-on-super-comma sentence structure with two semi-colons. This is the same type of sentence structure used by WBC. There has been some research in the past to identify unique aspects of an individual’s writing style for author identification. I’m not overly impressed by its application in general because anyone who is aware of it can alter their writing style to suit. However, if you are not aware of it you can be betrayed by your own writing style. It is contended in the anonymous second reply that WBC has left their ports open to collect IPs for legal action. That would be an interesting outcome.
Personally, I think the “Operation Westboro” call to arms sounds remarkably like Westboro Baptist Church themselves, and any evidence of a WBC honey pot only strengthens that view.
HBGary.* part II
More information, or at least a more coherent complete set of information, is available as of this morning from Ars Technica. They have done a really good job of putting the pieces into a clear picture. What I heard in passing seems to be correct, the initial compromise was a SQL injection and the rest of the time line goes from there. The hackers in question apparently compromised the mail server for a number of hours before moving further and monitored email communications for over 30 hours undetected.
The HB Gary, Inc. CEO tried to reason with anonymous to avoid the email disclosures (IRC Log while it remains up). This part was a little painful to read because it is easy to empathize with someone whose company’s value is essentially being destroyed because someone else stirred the hornet nest – but once data like that has made it into multiple hands, distributed technology is distributed technology, there really is no going back.
Aaron Barr – the individual from HB Gary Federal whose ‘research’ started this mess – was looking to do primitive data mining and correlation with social networking data to identify individuals from anonymous as well as geographic regions they were located in. According to the quotes and excepts on Ars, his hypothesis was (a) individuals friended by his targets would be less likely to secure or censor identifying information, (b) that someone’s location could be extrapolated by looking at the general geographic locations of their friends (I assume his idea was most friends would be local friends), and (c) by correlating activity times of posts to social networking sites with presence in IRC channels a connection could be drawn from IRC handle to real life identity. He appears to have had something similar to success as the chat logs indicate he had identified people connected to Anonymous members, but some of those individuals were innocent (e.g. false positives) – one of the individuals in the chat logs’ girlfriend was identified, for example. Continue reading
The Sad Saga of HBGary
Yesterday I took a trip to UNO to listen to a presentation from one of our bioinformatics professors on immunology. We’re working on some research proposals to develop network defense techniques based on biological immunity systems – why reinvent the wheel, if nature has some cool ideas eh? After the presentation we got to talking about HB Gary’s recent run in with Anonymous, and I thought I’d make some commentary which likely no one will read.
First, let me point to a couple posts I made in 2009 about social engineering and users being the weakest link:
<>< [Phish / Fish] ing attacks are still viable
Wikipedia has as good a definition of Social Engineering as any
Social engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques.[1] While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim.
This is a “Term of Art” which has been popularized in security parlance, the first link to the <>< post has a youtube clip from the movie Hackers which illustrates this concept quite poignantly.
Anonymous is an ‘anonymous’ group of individuals who entered common cognizance with their exploits against Scientology. They’ve made recent headlines from Distributed Denial of Service attacks against companies and organizations which have attacked Wikileaks. Their tool of choice is actually an open source project, and allows anyone to join in or voluntarily turn control over to someone else in directing an attack. The merits and flaws of their political statements, the legality of their actions, and the technical analysis of the tool in particular are beyond my scope here, it suffices to understand that Anonymous is a group of individuals, who have been conducting DDoS attacks against third parties as retaliation for those parties being perceived as attacking Wikileaks in some manner.
The Brits crack some emails
This is an interesting tid bit from across the pond:
Police took months to break encrypted messages on his computer. They found he had been in direct contact with Awlaki, who is accused of having links to the attempted bombing of a plane over Detroit during Christmas in 2009 and an attempt last year to explode ink printer bombs on freight planes heading to the US.
- The Guardian
The plot came to light after expert from the Metropolitan Police Service Counter Terrorism Command spent nine months cracking 300 encrypted emails found on Karim’s hard drive.
- The Register
I say interesting, because encryption is a thorny issue. Generally, common wisdom holds a sufficiently large key size will take forever and a day to brute force. The common wisdom has to be balanced with a host of other factors such as the omnipresent human error, bad encryption (esp any encryption described as ‘proprietary’), but the real unknown is what kind of firepower various governments have at their disposal. It would be interesting to know how the emails were encrypted – a few more details on that and it could be viable to estimate what kind of number crunching 007 has over there.