Archive for the ‘Government’ Category

Conclusive Reason To NOT Use Gmail

Thursday, April 20th, 2017

Using an email service, Gmail for example, that tracks (and presumably reads) your incoming and outgoing mail is poor security judgement.

Following a California magistrate ruling on 19 April 2017, it’s suicidal.

Shaun Nichols covers the details in Nuh-un, Google, you WILL hand over emails stored on foreign servers, says US judge.

But the only part of the decision that should interest you reads:


The court denies Google’s motion to quash the warrant for content that it stores outside the United States and orders it to produce all content responsive to the search warrant that is retrievable from the United States, regardless of the data’s actual location.

Beeler takes heart from the dissents in In the Matter of a Warrant to Search a Certain E-Mail Account Controlled & Maintained by Microsoft Corp., 829 F.3d 197 (2d Cir. 2016), reh’g denied en banc, No. 14-2985, 2017 WL 362765 (2d Cir. Jan. 24, 2017), to find if data isn’t intentionally stored outside the US, and can be accessed from within the US, then its subject to a warrant under 18 U.S.C. § 2703(a), the Stored Communications Act (“SCA”).

I have a simpler perspective: Do you want to risk fortune and freedom on a how many angels can dance on the head of 18 U.S.C. § 2703(a), the Stored Communications Act (“SCA”) questions?

If your answer is no, don’t use Gmail. Or any other service where data can be accessed from United States for 18 U.S.C. § 2703(a), but similar statutes for other jurisdictions.

For that matter, prudent users restrict themselves to Tor based mail services and always use strong encryption.

Almost any communication can be taken as a crime or step in a conspiracy by a prosecutor inclined to do so.

The only partially safe haven is silence. (Where encryption and/or inability to link you to the encrypted communication = silence.)

Wikileaks Vault 7 “Grasshopper” – A Value Added Listing

Friday, April 7th, 2017

Wikileaks has released Vault 7 “Grasshopper.”

As I have come to expect the release:

  • Is in no particular order
  • Requires loading an HTML page before obtaining a PDF file

Here is a value-added listing that corrects both of those problems (and includes page numbers):

  1. GH-Drop-v1_0-UserGuide.pdf 2 pages
  2. GH-Module-Bermuda-v1_0-UserGuide.pdf 9 pages
  3. GH-Module-Buffalo-Bamboo-v1_0-UserGuide.pdf 7 pages
  4. GH-Module-Crab-v1_0-UserGuide.pdf 6 pages
  5. GH-Module-NetMan-v1_0-UserGuide.pdf 6 pages
  6. GH-Module-Null-v2_0-UserGuide.pdf 5 pages
  7. GH-Module-Scrub-v1_0-UserGuide.pdf 6 pages
  8. GH-Module-Wheat-v1_0-UserGuide.pdf 5 pages
  9. GH-Module-WUPS-v1_0-UserGuide.pdf 6 pages
  10. GH-Run-v1_0-UserGuide.pdf 2 pages
  11. GH-Run-v1_1-UserGuide.pdf 2 pages
  12. GH-ScheduledTask-v1_0-UserGuide.pdf 3 pages
  13. GH-ScheduledTask-v1_1-UserGuide.pdf 4 pages
  14. GH-ServiceDLL-v1_0-UserGuide.pdf 4 pages
  15. GH-ServiceDLL-v1_1-UserGuide.pdf 5 pages
  16. GH-ServiceDLL-v1_2-UserGuide.pdf 5 pages
  17. GH-ServiceDLL-v1_3-UserGuide.pdf 6 pages
  18. GH-ServiceProxy-v1_0-UserGuide.pdf 4 pages
  19. GH-ServiceProxy-v1_1-UserGuide.pdf 5 pages
  20. Grasshopper-v1_1-AdminGuide.pdf 107 pages
  21. Grasshopper-v1_1-UserGuide.pdf 53 pages
  22. Grasshopper-v2_0_1-UserGuide.pdf 134 pages
  23. Grasshopper-v2_0_2-UserGuide.pdf 134 pages
  24. Grasshopper-v2_0-UserGuide.pdf 134 pages
  25. IVVRR-Checklist-StolenGoods-2_0.pdf 2 pages
  26. StolenGoods-2_0-UserGuide.pdf 11 pages
  27. StolenGoods-2_1-UserGuide.pdf 22 pages

If you notice that the Grasshopper-*****-UserGuide.pdf appears in four different versions, good for you!

I suggest you read only Grasshopper-v2_0_2-UserGuide.pdf.

The differences between Grasshopper-v1_1-UserGuide.pdf at 53 pages and Grasshopper-v2_0-UserGuide.pdf at 134 pages, are substantial.

However, between Grasshopper-v2_0-UserGuide.pdf and Grasshopper-v2_0_1-UserGuide.pdf the only differences from Grasshopper-v2_0_2-UserGuide.pdf are these:

diff Grasshopper-v2_0-UserGuide.txt Grasshopper-v2_0_1-UserGuide.txt

4c4
< Grasshopper v2.0 
---
> Grasshopper v2.0.1 
386a387,389
> 
> Payloads arguments can be added with the optional -a parameter when adding a 
> payload component. 


diff Grasshopper-v2_0_1-UserGuide.txt Grasshopper-v2_0_2-UserGuide.txt

4c4
< Grasshopper v2.0.1 
---
> Grasshopper v2.0.2 
1832c1832
< winxppro-sp0 winxppro-sp1 winxppro-sp2 winxppro-sp3 
---
> winxp-x64-sp0 winxp-x64-sp1 winxp-x64-sp2 winxp-x64-sp3 
1846c1846
< winxppro win2003 
---
> winxp-x64 win2003 

Unless you are preparing a critical edition for the CIA and/or you are just exceptionally anal, the latest version, Grasshopper-v2_0_2-UserGuide.pdf, should be sufficient for most purposes.

Not to mention saving you 321 pages of duplicated reading.

Enjoy!

Naming German Censors

Friday, April 7th, 2017

Germany gives social networks 24 hours to delete criminal content by Simon Sharwood.

From the post:

Germany has followed through on its proposal to make social networks remove slanderous hate speech and fake news or face massive fines.

The nation’s Bundesministerium der Justiz und für Verbraucherschutz (Federal Ministry of Justice and Consumer Protection) has announced that cabinet approved a plan to force social network operators to create a complaints mechanism allowing members of the public to report content that online translate-o-tronic services categorise as “insults, libel, slander, public prosecutions, crimes, and threats.”

The Bill approved by Cabinet proposes that social networks be required to establish complaints officer who is subject to local law and gets the job of removing obviously criminal content 24 hours after receiving a complaint. A seven-day deadline will apply to content that’s not immediately identifiable as infringing. Social networks will also be required to inform complainants of the outcome of their takedown requests and to provide quarterly summaries of their activities.

The ministry’s statement also suggests that those who feel aggrieved by material posted about them should be able to learn the true identity of the poster.

A Faktenpapier (PDF) on the Bill says that if the deadlines mentioned above aren’t met the social network’s designated complaints-handler could be fined up to five million Euros, while the network itself could cop a fine of 50 million Euros. An appeal to Germany’s courts will be possible.

Sharwood’s post is a great summary of this censorship proposal but fails to identify those responsible for it.

“Germany” in the abstract sense isn’t responsible for it. And to say the “Cabinet,” leaves the average reader no more informed than saying “Germany.”

Perhaps this helps: German Cabinet / Censors:

Peter Altmaier Alexander Dobrindt Sigmar Gabriel
Hermann Gröhe Barbara Hendricks Ursula von der Leyen
Heiko Maas Thomas de Maizière Angela Merkel
Gerd Müller Andrea Nahles Wolfgang Schäuble
Christian Schmidt Manuela Schwesig Johanna Wanka
Brigitte Zypries

I don’t have their staff listings, yet, but that’s a start on piercing the veil that “Germany,” and “Cabinet” puts between the reader and wannabe censors.

Other veils that hide/protect censors that need piercing?

The Upside To Overturning Internet Privacy Rules

Monday, April 3rd, 2017

Trump signs measure overturning internet privacy rules by David McCabe.

From the post:

President Trump has signed a Congressional resolution overturning Federal Communications Commission rules that would have required internet providers to get their customers’ permission before sharing personal data like browsing history with advertisers. The rules had yet to go into effect.

Is this a bad thing?

Sure, but there is an upside.

You have already seen media reports urging everyone to start using VPNs and the like to protect their privacy from ISP predators.

What happens if VPNs come into everyday use by the average user? Aside from greater profits for VPN vendors.

Hmmm, several orders of magnitude more VPN connections than are being tracked by the usual alphabet soup agencies.

Encourage every user you know to use a VPN connection. Hell, offer them as swag at conferences.

Teacher and library conferences. Church camps. Oh, yeah, technical conferences too.

Hackers in the mist? 😉

Hacking vs. Buying Passwords – Which One For You?

Monday, March 27th, 2017

You remember the Dilbert cartoon on corporate security where the pointed haired boss asks what Dilbert would do if a stranger offered to buy company secrets. Dilbert responds asking how much is the stranger offering? See the strip for the boss’ answer and Wally’s follow up question.

Danny Palmer reports the price point for employees who would sell their access, maybe less than you think.

From the post:

A cyberattack could cost an organisation millions, but an employee within your company might be willing to give an outsider access to sensitive information via their login credentials for under £200.

According to a report examining insider threats by Forcepoint, 14 percent of European employees claimed they would sell their work login credentials to an outsider for £200. And the researchers found that, of those who’d sell their credentials to an outsider, nearly half would do it for less.

That’s about $260.00 U.S. at today’s exchange rates.

Only you know your time and expense of hacking passwords and/or buying them on the dark web.

I suspect the price point is even lower in government agencies with unpopular leadership.

I haven’t seen any surveys of US employees, but I suspect employees of companies, suppliers, contractors, banks, etc., involved in oil pipeline construction are equally open to selling passwords. Given labor conditions in the US, perhaps even more so.

Not that anyone opposing a multi-generational environmental crime like an oil pipeline would commit a crime when there are so many lawful and completely ineffectual means to oppose it at hand.

PS: As recent CIA revelations demonstrate, the question isn’t if government will betray the public’s interest but when. The same is true for environmental, health and other concerns.

Peeping Toms Jump > 16,000 In UK

Monday, March 27th, 2017

The ranks of peeping toms swells by at least 16,000 in the UK:

More than 16,000 staff in the public sector empowered to examine your web browsing by Graeme Burton.

From the post:

More than 16,000 staff in the public sector and its agencies have been empower by Section 4 of the Investigatory Powers Act to snoop on people’s internet connection records.

And that’s before the estimated 4,000 staff at security agency MI5, the 5,500 at GCHQ and 2,500 at MI6 are taken into account.

That’s according to the responses from a series of almost 100 Freedom of Information (FOI) requests made in a bid to find out exactly who has the power to snoop on ordinary people’s web browsing histories under the Act.

GCHQ, the Home Office, MI6, the National Crime Agency, the Ministry of Justice, all three armed forces and Police Service of Scotland all failed to respond to the FOI requests – so the total could be much higher.

My delusion that the UK has a mostly rational government was shattered by passage of the Investigatory Powers Act. Following web browsing activity, hell, even tracking everyone and their conversations, 24 x 7, isn’t going to stop random acts of violence.

What part of random acts of violence being exactly that, random, seems to be unclear? Are there no UK academics to take up the task of proving prediction of random events is possible?

Unless and until the UK Parliament comes to its senses, the best option for avoiding UK peeping toms is to move to another country.

If re-location isn’t possible, use a VPN and a Tor browser for all web activity.

March 25th – Anniversary Of Triangle Fire – The Names Map

Sunday, March 26th, 2017

The Names Map

From the website:

The Names Map displays the name, home address, likely age, country of origin, and final resting place of all known Triangle Fire victims.

(map and list of 146 victims)

The Remember the Triangle Fire Coalition connects individuals and organizations with the 1911 Triangle Factory Fire — one of the pivotal events in US history and a turning point in labor’s struggle to achieve fair wages, dignity at work and safe working conditions. Outrage at the deaths of 146 mostly young, female immigrants inspired the union movement and helped to institute worker protections and fire safety laws. Today, basic rights and benefits in the workplace are not a guarantee in the United States or across the world. We believe it is more vital than ever that these issues are defended.

The “not guilty” verdict on all counts of manslaughter for Triangle Factory owners Max Blanck and Issac Harris:

is often overlooked in anniversary celebrations. (Image from Cornell University, ILR School, Kheel Center’s Remembering The 1911 Triangle Factory Fire, Transcript of Criminal Trial)

That verdict is a forerunner to the present day decisions to not prosecute police shootings/abuse of unarmed civilians.

Celebrate the progress made since the 1911 Triangle Factory Fire while mindful exploitation and abuse continue to this very day.

The Remember the Triangle Fire Coalition has assembled a large number of resources, many of which are collections of other resources, including primary materials.

Politics For Your Twitter Feed

Sunday, March 26th, 2017

Hungry for more political tweets?

GovTrack created the Members of Congress Twitter list.

Barometer of congressional mood?

Enjoy!

Looking For Installed Cisco Routers?

Saturday, March 25th, 2017

News of 300 models of Cisco Catalyst switches being vulnerable to a simple Telnet attack, Cisco issues critical warning after CIA WikiLeaks dump bares IOS security weakness by Michael Cooney, for example, has piqued interest in installed Cisco routers.

You already know that Nmap can uncover and identify routers.

What you may not know is government hemorrhaging of IT information may be a useful supplement to Nmap.

Consider GovernmentBids.com for example.

You can search by federal government bid types and/or one or more of the fifty states. Up to 999 prior to the current date, for bids, which includes the bids as well as the winning vendor.

If you are routinely searching for IT vulnerability information, I would not begrudge them the $131/month fee for full information on bids.

From a topic map perspective, pairing IT bid information with vulnerability reports, would be creative and valuable intelligence.

How much IT information is your office/department hemorrhaging?

The New Handbook For Cyberwar Is Being Written By Russia

Wednesday, March 22nd, 2017

The New Handbook For Cyberwar Is Being Written By Russia by Sheera Frenkel.

From the post:


One US intelligence officer currently involved in cyber ops said, “It’s not that the Russians are doing something others can’t do. It’s not as though, say, the US wouldn’t have the technical skill level to carry out those types of attacks. It’s that Russian hackers are willing to go there, to experiment and carry out attacks that other countries would back away from,” said the officer, who asked not to be quoted by name due to the sensitivity of the subject. “It’s audacious, and reckless. They are testing things out in the field and refining them, and a lot of it is very, very messy and some is very smart.”

Well, “…testing things out in the field and refining them…” is the difference between a potential weapon on a dry erase board and a working weapon in practice. Yes?

Personally I favor the working weapon in practice.

It’s an interesting read despite the repetition of the now debunked claim of Wikileaks releasing 8,761 CIA documents (Fact Checking Wikileaks’ Vault 7: CIA Hacking Tools Revealed (Part 1))

Frenkel of course covers the DNC hack:


The hack on the DNC, which US intelligence agencies have widely attributed to Russia, could be replicated by dozens of countries around the world, according to Robert Knake, a former director of cybersecurity policy in the Obama administration.

“Russia has laid out the playbook. What Russia did was relatively unsophisticated and something that probably about 60 countries around the world have the capability of doing — which is to target third parties, to steal documents and emails, and to selectively release them to create unfavorable conditions for that party,” Knake told the BBC’s Today. “It’s unsubtle interference. And it’s a violation of national sovereignty and customary law.”

Kanke reflects the failure of major powers to understand the leveling potential of cyberwarfare. Sixty countries? You think? How about every kid that can run a phishing scam to steal John Podesta’s password? How many? 600,000 maybe? More than that?

None of who care about “…national sovereignty and customary law.”

Are you going to write or be described in a chapter of the new book on cyberwar?

Your call.

Congress API Update

Saturday, March 18th, 2017

Congress API Update by Derek Willis.

From the post:

When we took over projects from the Sunlight Foundation last year, we inherited an Application Programming Interface, or API, that overlapped with one of our own.

Sunlight’s Congress API and ProPublica’s Congress API are similar enough that we decided to try to merge them together rather than run them separately, and to do so in a way that makes as few users change their code as possible.

Today we’ve got an update on our progress.

Users of the ProPublica Congress API can now access additional fields in responses for Members, Bills, Votes and Nominations. We’ve updated our documentation to provide examples of those responses. These aren’t new responses but existing ones that now include some new attributes brought over from the Sunlight API. Details on those fields are here.

We plan to fold in Sunlight fields and responses for Committees, Hearings, Floor Updates and Amendments, though that work isn’t finished yet.

The daily waves of bad information on congressional legislation will not be stopped by good information.

However, good information can be used to pick meaningful fights, rather than debating 140 character or less brain farts.

Your choice.

Creating A Social Media ‘Botnet’ To Skew A Debate

Friday, March 10th, 2017

New Research Shows How Common Core Critics Built Social Media ‘Botnets’ to Skew the Education Debate by Kevin Mahnken.

From the post:

Anyone following education news on Twitter between 2013 and 2016 would have been hard-pressed to ignore the gradual curdling of Americans’ attitudes toward the Common Core State Standards. Once seen as an innocuous effort to lift performance in classrooms, they slowly came to be denounced as “Dirty Commie agenda trash” and a “Liberal/Islam indoctrination curriculum.”

After years of social media attacks, the damage is impressive to behold: In 2013, 83 percent of respondents in Education Next’s annual poll of Americans’ education attitudes felt favorably about the Common Core, including 82 percent of Republicans. But by the summer of 2016, support had eroded, with those numbers measuring only 50 percent and 39 percent, respectively. The uproar reached such heights, and so quickly, that it seemed to reflect a spontaneous populist rebellion against the most visible education reform in a decade.

Not so, say researchers with the University of Pennsylvania’s Consortium for Policy Research in Education. Last week, they released the #commoncore project, a study that suggests that public animosity toward Common Core was manipulated — and exaggerated — by organized online communities using cutting-edge social media strategies.

As the project’s authors write, the effect of these strategies was “the illusion of a vociferous Twitter conversation waged by a spontaneous mass of disconnected peers, whereas in actuality the peers are the unified proxy voice of a single viewpoint.”

Translation: A small circle of Common Core critics were able to create and then conduct their own echo chambers, skewing the Twitter debate in the process.

The most successful of these coordinated campaigns originated with the Patriot Journalist Network, a for-profit group that can be tied to almost one-quarter of all Twitter activity around the issue; on certain days, its PJNET hashtag has appeared in 69 percent of Common Core–related tweets.

The team of authors tracked nearly a million tweets sent during four half-year spans between September 2013 and April 2016, studying both how the online conversation about the standards grew (more than 50 percent between the first phase, September 2013 through February 2014, and the third, May 2015 through October 2015) and how its interlocutors changed over time.

Mahnken talks as though creating a ‘botnet’ to defeat adoption of the Common Core State Standards is a bad thing.

I never cared for #commoncore because testing makes money for large and small testing vendors. It has no other demonstrated impact on the educational process.

Let’s assume you want to build a championship high school baseball team. To do that, various officious intermeddlers, who have no experience with baseball, fund creation of the Common Core Baseball Standards.

Every three years, every child is tested against the Common Core Baseball Standards and their performance recorded. No funds are allocated for additional training for gifted performers, equipment, baseball fields, etc.

By the time these students reach high school, will you have the basis for a championship team? Perhaps, but if you do, it due to random chance and not the Common Core Baseball Standards.

If you want a championship high school baseball team, you fund training, equipment, baseball fields and equipment, in addition to spending money on the best facilities for your hoped for championship high school team. Consistently and over time you spend money.

The key to better education results isn’t testing, but funding based on the education results you hope to achieve.

I do commend the #commoncore project website for being an impressive presentation of Twitter data, even though it is clearly a propaganda machine for pro Common Core advocates.

The challenge here is to work backwards from what was observed by the project to both principles and tactics that made #stopcommoncore so successful. That is we know it has succeeded, at least to some degree, but how do we replicate that success on other issues?

Replication is how science demonstrates the reliability of a technique.

Looking forward to hearing your thoughts, suggestions, etc.

Enjoy!

XQuery Ready CIA Vault7 Files

Friday, March 10th, 2017

I have extracted the HTML files from WikiLeaks Vault7 Year Zero 2017 V 1.7z, processed them with Tidy (see note on correction below), and uploaded the “tidied” HTML files to: Vault7-CIA-Clean-HTML-Only.

Beyond the usual activities of Tidy, I did have to correct the file page_26345506.html: by creating a comment around one line of content:

<!– <declarations><string name=”½ö”></string></declarations&>lt;p>›<br> –>

Otherwise, the files are only corrected HTML markup with no other changes.

The HTML compresses well, 7811 files coming in at 3.4 MB.

Demonstrate the power of basic XQuery skills!

Enjoy!

That CIA exploit list in full: … [highlights]

Wednesday, March 8th, 2017

That CIA exploit list in full: The good, the bad, and the very ugly by Iain Thomson.

From the post:

We’re still going through the 8,761 CIA documents published on Tuesday by WikiLeaks for political mischief, although here are some of the highlights.

First, though, a few general points: one, there’s very little here that should shock you. The CIA is a spying organization, after all, and, yes, it spies on people.

Two, unlike the NSA, the CIA isn’t mad keen on blanket surveillance: it targets particular people, and the hacking tools revealed by WikiLeaks are designed to monitor specific persons of interest. For example, you may have seen headlines about the CIA hacking Samsung TVs. As we previously mentioned, that involves breaking into someone’s house and physically reprogramming the telly with a USB stick. If the CIA wants to bug you, it will bug you one way or another, smart telly or no smart telly. You’ll probably be tricked into opening a dodgy attachment or download.

That’s actually a silver lining to all this: end-to-end encrypted apps, such as Signal and WhatsApp, are so strong, the CIA has to compromise your handset, TV or computer to read your messages and snoop on your webcam and microphones, if you’re unlucky enough to be a target. Hacking devices this way is fraught with risk and cost, so only highly valuable targets will be attacked. The vast, vast majority of us are not walking around with CIA malware lurking in our pockets, laptop bags, and living rooms.

Thirdly, if you’ve been following US politics and WikiLeaks’ mischievous role in the rise of Donald Trump, you may have clocked that Tuesday’s dump was engineered to help the President pin the hacking of his political opponents’ email server on the CIA. The leaked documents suggest the agency can disguise its operations as the work of a foreign government. Thus, it wasn’t the Russians who broke into the Democrats’ computers and, by leaking the emails, helped swing Donald the election – it was the CIA all along, Trump can now claim. That’ll shut the intelligence community up. The President’s pet news outlet Breitbart is already running that line.

Iain does a good job of picking out some of the more interesting bits from the CIA (alleged) file dump. No, you will have to read Iain’s post for those.

I mention Iain’s post primarily as a way to entice you into reading the all the files in hopes of discovering more juicy tidbits.

Read the files. Your security depends on the indifference of the CIA and similar agencies. Is that your model for privacy?

Gap Analysis Resource – Electrical Grid

Wednesday, March 8th, 2017

Electricity – Federal Efforts to Enhance Grid Resilience Government Accounting Office (GAO) (January 2017)

What GAO Found

The Department of Energy (DOE), the Department of Homeland Security (DHS), and the Federal Energy Regulatory Commission (FERC) reported implementing 27 grid resiliency efforts since 2013 and identified a variety of results from these efforts. The efforts addressed a range of threats and hazards—including cyberattacks, physical attacks, and natural disasters—and supported different types of activities (see table). These efforts also addressed each of the three federal priorities for enhancing the security and resilience of the electricity grid: (1) developing and deploying tools and technologies to enhance awareness of potential disruptions, (2) planning and exercising coordinated responses to disruptive events, and (3) ensuring actionable intelligence on threats is communicated between government and industry in a time-sensitive manner. Agency officials reported a variety of results from these efforts, including the development of new technologies—such as a rapidly-deployable large, highpower transformer—and improved coordination and information sharing between the federal government and industry related to potential cyberattacks.

(table omitted)

Federal grid resiliency efforts were fragmented across DOE, DHS, and FERC and overlapped to some degree but were not duplicative. GAO found that the 27 efforts were fragmented in that they were implemented by three agencies and addressed the same broad area of national need: enhancing the resilience of the electricity grid. However, DOE, DHS, and FERC generally tailored their efforts to contribute to their specific missions. For example, DOE’s 11 efforts related to its strategic goal to support a more secure and resilient U.S. energy infrastructure. GAO also found that the federal efforts overlapped to some degree but were not duplicative because none had the same goals or engaged in the same activities. For example, three DOE and DHS efforts addressed resiliency issues related to large, high-power transformers, but the goals were distinct—one effort focused on developing a rapidly deployable transformer to use in the event of multiple large, high-power transformer failures; another focused on developing next-generation transformer components with more resilient features; and a third focused on developing a plan for a national transformer reserve. Moreover, officials from all three agencies reported taking actions to coordinate federal grid resiliency efforts, such as serving on formal coordinating bodies that bring together federal, state, and industry stakeholders to discuss resiliency issues on a regular basis, and contributing to the development of federal plans that address grid resiliency gaps and priorities. GAO found that these actions were consistent with key practices for enhancing and sustaining federal agency coordination.
…(emphasis in original)

A high level view of efforts to “protect” the electrical grid (grid) in the United States.

Most of the hazards, massive solar flares, the 1859 Carrington Event, or a nuclear EMP, would easily overwhelm many if not all current measures to harden the grid.

Still, participants get funded to talk about hazards and dangers they can’t prevent nor easily remedy.

What dangers do you want to protect the grid against?

Confirmation: Internet of Things As Hacking Avenue

Tuesday, March 7th, 2017

I mentioned in the Internet of Things (IoT) in Reading the Unreadable SROM: Inside the PSOC4 [Hacking Leader In Internet of Things Suppliers] as a growing, “Compound Annual Growth Rate (CAGR) of 33.3%,” source of cyber insecurity.

Today, Bill Brenner writes:

WikiLeaks’ release of 8,761 pages of internal CIA documents makes this much abundantly clear: the agency has built a monster hacking operation – possibly the biggest in the world – on the backs of the many internet-connected household gadgets we take for granted.

That’s the main takeaway among security experts Naked Security reached out to after the leak went public earlier Tuesday.

I appreciate the confirmation!

Yes, the IoT can and is being used for government surveillance.

At the same time, the IoT is a tremendous opportunity to level the playing field against corporations and governments alike.

If the IoT isn’t being used against corporations and governments, whose fault is that?

That’s my guess too.

You can bulk download the first drop from: https://archive.org/details/wikileaks.vault7part1.tar.

Wikileaks Armed – You’re Not

Tuesday, March 7th, 2017

Vault 7: CIA Hacking Tools Revealed (Wikileaks).

Very excited to read:

Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency. Code-named “Vault 7” by WikiLeaks, it is the largest ever publication of confidential documents on the agency.

The first full part of the series, “Year Zero”, comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election.

Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.

Very disappointed to read:


Wikileaks has carefully reviewed the “Year Zero” disclosure and published substantive CIA documentation while avoiding the distribution of ‘armed’ cyberweapons until a consensus emerges on the technical and political nature of the CIA’s program and how such ‘weapons’ should analyzed, disarmed and published.

Wikileaks has also decided to redact and anonymise some identifying information in “Year Zero” for in depth analysis. These redactions include ten of thousands of CIA targets and attack machines throughout Latin America, Europe and the United States. While we are aware of the imperfect results of any approach chosen, we remain committed to our publishing model and note that the quantity of published pages in “Vault 7” part one (“Year Zero”) already eclipses the total number of pages published over the first three years of the Edward Snowden NSA leaks.

For all of the fretting over the “…extreme proliferation risk in the development of cyber ‘weapons’…”, bottom line is Wikileaks and its agents are armed with CIA cyber weapons and you are not.

Assange/Wikileaks have cast their vote in favor of arming themselves and protecting the CIA and others.

Responsible leaking of cyber weapons means arming everyone equally.

Covert FM Radio Stations For Activists – Thumb In Eye Of Stingray Devices

Thursday, March 2nd, 2017

Singing posters and talking shirts: UW engineers turn everyday objects into FM radio stations by Jennifer Langston.

From the post:


They overlaid the audio and data on top of ambient news signals from a local NPR radio station. “FM radio signals are everywhere. You can listen to music or news in your car and it’s a common way for us to get our information,” said co-author and UW computer science and engineering doctoral student Anran Wang. “So what we do is basically make each of these everyday objects into a mini FM radio station at almost zero power.

”Such ubiquitous low-power connectivity can also enable smart fabric applications such as clothing integrated with sensors to monitor a runner’s gait and vital signs that transmits the information directly to a user’s phone. In a second demonstration, the researchers from the UW Networks & Mobile Systems Lab used conductive thread to sew an antenna into a cotton T-shirt, which was able to use ambient radio signals to transmit data to a smartphone at rates up to 3.2 kilobits per second.

The system works by taking an everyday FM radio signal broadcast from an urban radio tower. The “smart” poster or T-shirt uses a low-power reflector to manipulate the signal in a way that encodes the desired audio or data on top of the FM broadcast to send a “message” to the smartphone receiver on an unoccupied frequency in the FM radio band.

For the details:


The UW team has — for the first time — demonstrated how to apply a technique called “backscattering” to outdoor FM radio signals. The new system transmits messages by reflecting and encoding audio and data in these signals that are ubiquitous in urban environments, without affecting the original radio transmissions. Results are published in a paper to be presented in Boston at the 14th USENIX Symposium on Networked Systems Design and Implementation in March.

So government agents can cover cellphone frequencies with Stingray (“cell site simulators”) devices.

Wonder if they can cover the entire FM band? 😉

I’m guessing not. You?

Imagine a phone or shirt that is tuned to the frequency of a covert FM transmitter at a particular location. The information is just hanging out there but unless the “right” receiver walks by, its never known to anyone.

Ideal for messages directing public gatherings with near zero risk of interception by, shall we say, unfriendly parties?

Or other types of messages, imagine a singing dead drop as it were. You move away, the song goes away.

Enjoy!

Pipelines Stopped By Prayer [Research Question]

Tuesday, February 28th, 2017

I encountered this depiction of gas and hazardous liquid pipelines in the United States:

Or view the full-sized original image.

The map omits pipelines stopped by prayer.

Organizing tactics to oppose pipeline construction along a continuum of success, requires identifying pipelines stopped by prayer. I want to add those to this map.

No disrespect intended for those who pray against pipelines but being a child of a culture that scars and exploits the earth itself, I measure tactics in more immediate results.

It’s true some day Dick Cheney will roast on a spit in Hell, but that’s little comfort to the victims of his preventable crimes against them.

I have mentioned DAPL becoming a $3.8 Billion non-operational pipeline warning to investors. Changing their culture, driving investments into renewable energy, making pipelines an investment to be feared, are some outcomes that can change pipeline culture in the US and elsewhere.

Data science, broadly conceived, can create persuasion campaigns, disfavor entities attempting to finance, build or operate pipelines, identify corrupt public officials, enable interference with unlawful pipelines, etc.

If you know of any pipelines permanently stopped by prayer, ping me patrick@durusau.net with the details.

If you are interested in using data science to advance your cause, same address.

#Resist vs. #EffectiveResist

Monday, February 27th, 2017

DAPL Could Be Operational In Less Than 2 Weeks

From the post:


“Dakota Access estimates and targets that the pipeline will be complete and ready to flow oil anywhere between the week of March 6, 2017, and April 1, 2017,” company attorney William Scherman said in the documents filed in Washington, D.C., on Tuesday.

Opponents to the Dakota Access Pipeline (DAPL) have two choices, #Resist or #EffectiveResist.

The new moon for February, 2017, was February 26, 2017 (yesterday). (Bookmark that link to discover other new moons in the future.)

Given the reduced visibility on nights with a new moon, you can take up rock sculpting with a thermal lance.

This is a very portable rig, but requires the same eye protection (welding goggles, no substitutes) and protective clothing as other welding activities.

Notice in the next video, which demonstrates professional grade equipment, the heavy protective headgear and clothing. Thermal lances are very dangerous and safety is your first concern.

If you create a bar-b-que pit from large pipe, follow Zippy the Razor‘s advice, “Down the block, Not across the street” to create long cuts the length of your pipe.

Will DAPL be a lesson to investors on the risk of no return from oil pipeline investments? Pending court litigation may play a role in that lesson.

#ProtectTheTruth [Reframing Opposition to Energy Transfer Partners]

Monday, February 27th, 2017

#ProtectTheTruth by George Lakoff.

From the post:

Journalists are bravely standing up to Trump’s attacks on the free press, as they should. Yet one way in which they’re expressing their solidarity and resistance shows how little most journalists know about political framing and messaging.

Case in point: Trump has labeled journalists as “enemies.” So, journalists have responded by labeling themselves “#NotTheEnemy.” This hashtag is currently trending on Twitter, which is unfortunate. Adopting this slogan is a big mistake that helps Trump.

Anyone who has read my books or taken my classes at Berkeley will immediately understand why. For those new to political framing and messaging, I’ll explain briefly here.

Quick: Don’t think of an elephant!

Now, what do you see? The bulkiness, the grayness, the trunkiness of an elephant. You can’t block the picture – the frame – from being accessed by your unconscious mind. As a professor in the cognitive and brain sciences, this is the first lesson in framing I have given my students for decades. It’s also the title of my book on the science of framing political debates.

The key lesson: when we negate a frame, we evoke the frame.

I don’t know current characters known to both children and parents, but what if instead of:

#NoDAPL

we said:

#SaveSmokeyTheBear

would that be a better framing?

Or even better:

#SaveBambi

What are some more current memes to swell support to stop the ecocide promised by Energy Transfer Partners?

ForWarn: Satellite-Based Change Recognition and Tracking [Looking for Leaks/Spills/Mines]

Sunday, February 26th, 2017

ForWarn: Satellite-Based Change Recognition and Tracking

From the introduction:

ForWarn is a vegetation change recognition and tracking system that uses high-frequency, moderate resolution satellite data. It provides near real-time change maps for the continental United States that are updated every eight days. These maps show the effects of disturbances such as wildfires, wind storms, insects, diseases, and human-induced disturbances in addition to departures from normal seasonal greenness caused by weather. Using this state of the art tracking system, it is also possible to monitor post-disturbance recovery and the cumulative effects of multiple disturbances over time.

This technology supports a broader cooperative management initiative known as the National Early Warning System (EWS). The EWS network brings together various organizations involved in mapping disturbances, climate stress, aerial and ground monitoring, and predictive efforts to achieve more efficient landscape planning and management across jurisdictions.

ForWarn consists of a set of inter-related products including near real time vegetation change maps, an archive of past change maps, an archive of seasonal vegetation phenology maps, and derived map products from these efforts. For a detailed discussion of these products, or to access these map products in the project’s Assessment Viewer or to explore these data using other GIS services, look through Data Access under the Products header.

  • ForWarn relies on daily eMODIS and MODIS satellite data
  • It tracks change in the Normalized Difference Vegetation Index (NDVI)
  • Coverage extends to all lands of the continental US
  • Products are at 232 meter resolution (13.3 acres or 5.4 hectares)
  • It has NDVI values for 46 periods per year (at 8-day intervals)
  • It uses a 24-day window with 8-day time steps to avoid clouds, etc.
  • The historical NDVI database used for certain baselines dates from 2000 to the present

Not everyone can be blocking pipeline construction and/or making DAPL the most-expensive non-operational (too many holes) pipeline in history.

Watching for leaks, discharges, and other environmental crimes as reflected in the surrounding environment is a valuable contribution as well.

All you need is a computer with an internet connection. Much of the heavy lifting has been done at no cost to you by ForWarn.

It occurs to me that surface mining operations and spoilage from them are likely to produce artifacts larger than 232 meter resolution. Yes?

Enjoy!

Countering Inaccurate/Ineffectual Sierra Club Propaganda

Sunday, February 26th, 2017

This Sierra Club ad is popular on Facebook:

First problem, it is inaccurate to the point of falsehood.

“…about to start their chainsaws…. …trying to clearcut America’s largest forest, the Tongass National Forest in Alaska…. (emphasis added)”

Makes you think clearcutting is about to start in the Tongass National Forest in Alaska. Yes?

Wrong!

If you go to Forest Management Reports and Accomplishments for the Tongass, you will find Forest Service reports for logging in the Tongass that start in 1908. Cut History 1908 to Present.

The first inaccuracy/lie of the Sierra ad is that logging isn’t already ongoing in the Tongass.

The Sierra ad and its links also fail to mention (in millions of board feet) harvesting from the Tongass:

Calendar Year Board Feet
2016 44,076,800
2010 35,804,970
2000 119,480,750
1990 473,983,320
1980 453,687,320
1970 560,975,120

A drop from 560,975,120 board feet to 44,076,800 board feet looks like the Forestry Service is moving in the right direction.

But you don’t have to take my word for it. Unlike the Sierra Club that wants to excite alarm without giving you the data to decide for yourself, I have included links with the data I cite and data I don’t. Explore the data on your own.

I say the Sierra Club propaganda is “ineffectual” because it leaves you with no clue as to who is logging in Tongass?

Once again the Forestry Service rides to the rescue with Timber Volume Under Contract (sorry, no separate hyperlink from Forest Management Reports and Accomplishments), but look for it on that page and I picked Current Calendar Year Through: (select Jan).

That returns a spreadsheet that lists (among other things), ranger district, unit ID, contract form, purchaser, etc.

A word about MBF. The acronym MBF stands for thousand, as in Roman numberals, M = 1,000. So to read line 4, which starts with Ranger District “Thorne Bay,” read across to “Current Qty Est (MBF)”, the entry “6.00” represents 6,000 board feet. Thus, line 23, starts with “Juneau,” and “Current Qty Est (MBF)”, reads “3,601.00” represents 3,601,000 board feet. And so on. (I would have never guess that meaning without assistance from the forestry service.)

The Sierra Club leaves you with no clue as to who is harvesting the timber?, who is purchasing the timber from the harvesters?, who is using the timber for what products?, etc. The second and third steps removed the Forestry Service can’t provide but the harvesters gives you a starting point for further research.

A starting point for further research enables actions like boycotts of products made from Tongass timber, choosing products NOT made from Tongass timber and a whole host of other actions.

Oh, but none of those require you to be a member of the Sierra Club. My bad, it’s your dues and not the fate of the Tongass that is at issue.

If the Sierra Club wants to empower consumers, it should provide links to evidence about the Tongass that consumers can use to develop more evidence and effective means of reducing the demand for Tongass timber.

BTW, I’m not an anti-environmentalist. All new factory construction should be underground in negative-pressure enclaves where management is required to breath the same air as all workers. No discharges of any kind that don’t match the outside environment prior to its construction.

That would spur far better pollution control than any EPA regulation.

Availability Cascades [Activists Take Note, Big Data Project?]

Saturday, February 25th, 2017

Availability Cascades and Risk Regulation by Timur Kuran and Cass R. Sunstein, Stanford Law Review, Vol. 51, No. 4, 1999, U of Chicago, Public Law Working Paper No. 181, U of Chicago Law & Economics, Olin Working Paper No. 384.

Abstract:

An availability cascade is a self-reinforcing process of collective belief formation by which an expressed perception triggers a chain reaction that gives the perception of increasing plausibility through its rising availability in public discourse. The driving mechanism involves a combination of informational and reputational motives: Individuals endorse the perception partly by learning from the apparent beliefs of others and partly by distorting their public responses in the interest of maintaining social acceptance. Availability entrepreneurs – activists who manipulate the content of public discourse – strive to trigger availability cascades likely to advance their agendas. Their availability campaigns may yield social benefits, but sometimes they bring harm, which suggests a need for safeguards. Focusing on the role of mass pressures in the regulation of risks associated with production, consumption, and the environment, Professor Timur Kuran and Cass R. Sunstein analyze availability cascades and suggest reforms to alleviate their potential hazards. Their proposals include new governmental structures designed to give civil servants better insulation against mass demands for regulatory change and an easily accessible scientific database to reduce people’s dependence on popular (mis)perceptions.

Not recent, 1999, but a useful starting point for the study of availability cascades.

The authors want to insulate civil servants where I want to exploit availability cascades to drive their responses but that’a question of perspective and not practice.

Google Scholar reports 928 citations of Availability Cascades and Risk Regulation, so it has had an impact on the literature.

However, availability cascades are not a recipe science but Networks, Crowds, and Markets: Reasoning About a Highly Connected World by David Easley and Jon Kleinberg, especially chapters 16 and 17, provide a background for developing such insights.

I started to suggest this would make a great big data project but big data projects are limited to where you have, well, big data. Certainly have that with Facebook, Twitter, etc., but that leaves a lot of the world’s population and social activity on the table.

That is to avoid junk results, you would need survey instruments to track any chain reactions outside of the bots that dominate social media.

Very high end advertising, which still misses with alarming regularity, would be a good place to look for tips on availability cascades. They have a profit motive to keep them interested.

White House blocks news organizations from press briefing [Opsec vs. Boromir, Ethics]

Friday, February 24th, 2017

White House blocks news organizations from press briefing by Dylan Byers, Sara Murray and Kevin Liptak.

From the post:

CNN and other news outlets were blocked Friday from an off-camera White House press briefing, raising alarm among media organizations and First Amendment watchdogs.

The New York Times, the Los Angeles Times, Politico and BuzzFeed were also excluded from the meeting, which is known as a gaggle and is less formal than the televised Q-and-A session in the White House briefing room. The gaggle was held by White House press secretary Sean Spicer.

In a brief statement defending the move, administration spokeswoman Sarah Sanders said the White House “had the pool there so everyone would be represented and get an update from us today.”

The pool usually includes a representative from one television network and one print outlet. In this case, four of the five major television networks — NBC, ABC, CBS and Fox News — were invited and attended the meeting, while only CNN was blocked.

And while The New York Times was kept out, conservative media organizations Breitbart News, The Washington Times and One America News Network were also allowed in.
… (emphasis in original)

Good opsec counsels silence in the face of such an outrage but as Boromir says in The Fellowship of the Ring:

But always I have let my horn cry at setting forth, and though thereafter we may walk in the shadows, I will not go forth as a thief in the night.” (emphasis added)

I trust this outrage obviates “ethical” concerns over distinctions between leaking, hacking, or other means of obtaining government information?

Influencing Pipeline Investors (False DAPL Flags)

Thursday, February 23rd, 2017

Standing Rock Becomes Symbolic Battlecry by HechoEnLA.

From the post:

Water Protectors have meticulously defended moral and ethical obligations on behalf of the greater good for years now. Today, we all watched and waited for what would be the symbolic #LastStand and collision between Militarized forces and Peaceful Protectors. Things are ending peacefully as many left the camps in anticipation of the forces that hovered but some remain and sing peacefully in the face of riot gear and weapons. They still remain, they continue to sing, they burn sage, they are women, they are men, their hearts are heavy, but they will continue to pray peacefully.

WE HAVE DEFUNDED $69 Million Dollars from Big Banks: just from the people alone. Seattle Divested over $3 BILLION Dollars from Wells Fargo! University of California Divested $250 Million and Santa Monica is in the process of Divesting as well. There is more that is coming and we are all uniting behind the battle cry #StandingRock #NoDAPL #WaterProtectors there is beauty where there is pain, there is glory in defeat, there can be a better tomorrow when we come together and commit to fight.

… (emphasis in the original)

Speaking of going forward:

  1. Beyond DAPL
  2. Why Invest In Pipelines
  3. Investor Uncertainty
  4. DAPL False Flags


 
 
Beyond DAPL

Defunding is the right note to strike with banks, but DAPL isn’t the only injury investors have planned for the Earth.


Using pipelines for the movement of crude oil, NGLs, refined products, and natural gas greatly benefits the United States economy. Direct capital investments for the construction of new pipelines will average approximately $55 billion between 2014 and 2025, with more being spent between 2016 and 2020. This estimate considers a conservative path of oil and gas production during that time period. If access to off limit areas of production, like the Atlantic, the Eastern Gulf of Mexico, the Pacific, and Alaska, is granted, direct capital investments will increase and average around $65 billion between 2014 and 2025. Regardless of the amount of production, these direct investments will further elicit indirect investments from others in the supply chain, such as steel manufacturing and engineering companies. Wages provided to workers will also be used to purchase consumer goods and contribute even further to the economy. In the end, while the approximate direct investment value may be between $55 and $65 billion, more contributions to the economy are likely providing all the indirect factors that are a part of construction and maintenance of gas and liquid pipelines. (Investing In Pipelines February 23, 2017)

There is a distinction between gas and oil pipelines. Gas pipeline projects that are pending, can be found the Major Pipeline Projects Pending (Onshore) page, which is maintained by the Federal Energy Regulatory Commission.

Can you guess who doesn’t regulate oil pipelines? Yes, the Federal Energy Regulatory Commission (FERC).

Dan Zukowski lists 14 proposed pipeline projects in 14 Pipeline Projects in 24 States … Which Will Be the Next Battleground?, mapped as:

That didn’t scale down very well but as you can see, if DAPL wasn’t close enough for you to take action, a closer opportunity is at hand.


 
 
Why Invest In Pipelines?


There currently are about 40 major interstate pipelines connecting to about 100 minor interstate pipelines operating in a highly regulated environment. As I wrote above, the barriers to entry are quite high if you’re considering building a pipeline any time soon. Most of the grid is in place, with access to building new lines ever more difficult because of urbanization. Oil and gas pipelines are simply great fixed assets that offer excellent long-term prospects for income-oriented investors seeking stable cash flow, upside appreciation and tax benefits from the way they are structured for the capital markets.

Because they are capital-intensive businesses, pipeline operators choose a structure that allows them to aggressively depreciate the huge amounts of money that go into building out and maintaining their lines. In practice, master limited partnerships (MLPs) pay their investors through quarterly required distributions (QRDs), the amount of which is stated in the contract between the limited partners (the investors) and the general partner (the managers).

Because of the stringent provisions on MLPs and the nature of the QRD, the vast majority of MLPs are energy-related businesses, of which pipeline operators tend to earn very stable income from the transport of oil, gasoline or natural gas. Because MLPs are a partnership, they avoid the corporate income tax on both a state and federal basis. Additionally, the limited partner (investor) also may record a prorated share of the MLP’s depreciation on his or her own tax forms to reduce liability. This is the primary benefit of MLPs and allows MLPs to have relatively cheap funding costs.

The tax-free income component to oil-and-gas-pipeline MLPs is very attractive to me at a time when higher income taxes are a reality fueled by a debt-ridden government. My view is that income investors seeking tax-advantaged income will continue to own MLPs and other tax-free investments if the tax code remains as is or becomes even more burdensome. I don’t see any major overhaul in the tax code with next year’s election because neither party in Congress has the will to cut spending. (The Advantages Of Investing In Oil And Gas Pipelines, February 23, 2017)

Altering the tax code to impact investment in pipelines is a theoretical possibility, but not an effective one.

Consult a tax lawyer for the exact details but investors in a pipeline partnership make money two ways:

  1. Pass through of depreciation for the pipeline and its maintenance
  2. Pass through of income from operation of the pipeline

Assuming there is nothing to be done to alter #1 (changing the tax code), altering investor behavior depends solely upon #2.

Altering #2 means no oil or gas flowing through the pipeline.


 
 
Investor Uncertainty

One of the aspects of pipeline that make them attractive to investors, as mentioned above, is stable income. Whatever the prices of oil or gas, it’s not worth anything unless it can be brought to market, hence the constant demand for pipelines.

As I mentioned in Stopping DAPL – One Breach At A Time, a pipeline cannot deliver oil or gas if it has even one breach in it. A breach renders it just pipe in the ground and that doesn’t produce any income.

Breaches in pipelines do occur but as far as reported, only by accident, so investors see no uncertainly to the revenue they expect from pipelines.

What if that were to change?

What if the final 13% of DAPL becomes irrelevant because the completed 1,172 miles of pipe begins to resemble Swiss cheese?


 
 
DAPL False Flags

Because I mentioned thermite recently, someone asked about a video showing its capabilities:

Be forewarned this was created by a 9/11 conspiracy theorist but it is a good illustration of the power of a pound or so of thermite. Properly used, breaching even 1/2″ steel pipe is a matter of seconds.

Getting there:

could take a bit longer.

That plus a #NoDAPL flag:

made me think of a DAPL false flag operation.

Assuming someone is to foolish as to dig up a portion of DAPL and breach it with thermite, then cover it back up with dirt and plant a #noDAPL flag, how would you distinguish that from a freshly dug area, with a #noDAPL flag?

Or any number of freshly dug areas with #noDAPL flags?

Would you not dig on the hopes there wasn’t a breach of the pipe?

Gives the idea of a “false flag operation” more immediate currency. Yes?

PS: Tracking proposed oil pipelines requires monitoring all fifty (50) states. There is no centralized regulation of such pipelines.

Letterlocking [Activist Security]

Thursday, February 23rd, 2017

Letterlocking The technology of folding & securing an epistolary writing substrate to function as its own envelope.

From the about page:

Letterlocking – Unlocking History

Welcome to letterlocking! You can find essential information about letterlocking and the Unlocking History research team on this page. We will be updating the website regularly in the coming months, including major uploads to the Dictionary of Letterlocking (DoLL) – so please check in periodically, and follow us on social media for all the news.

Unlocking History

Unlocking History is the name for a group of conservation specialists, scholars, publishers, book-artists, imaging specialists, engineers, and scientists who are interested in the historical practice of letterlocking. We want to make sure letters are conserved properly so that they can be studied for the historical secrets they reveal. The material features of letters can speak to us about the past, but in order to hear them we have to learn their language. Unlocking History is dedicated to bringing together all the tools we need to do so – a dictionary, instructional videos, images, and hands-on workshops in libraries, museums, universities, and schools around the world.

Letterlocking and the Dictionary of Letterlocking (DoLL)

Letterlocking refers to the technology of folding and securing an epistolary writing substrate to function as its own envelope – a vital communications technology before the invention of the mass-produced envelope in the 19th century. A full definition of letterlocking can be found in the Dictionary of Letterlocking (DoLL).

Documenting the physical details of well-preserved letters has helped us discern and define different locking formats with multiple levels of built-in security and various authentication devices. DoLL will explain the key differences between these formats – and show you how to make them. With practice, you will be able to examine flattened historical letters in libraries and archives, and make models to show you which letterlocking format the writer or secretary was using. These formats may correlate to the sensitivity of the information contained inside, or contribute to the meaning of the text they carry.

Imaging and Conservation

The study of letterlocking is important for the preservation of documents because it informs conservators about the evidential value of folds, creases, and intentional damage.

View and share images of letterlocking preservation: #PreserveTheFolds.

Letterlocking interests curators and historians but has advantages for modern activists as well.

Those advantages include:

  1. Accessible to nearly anyone
  2. Flummoxes the average FBI agent
  3. Provides visual evidence of tampering
  4. Slower search than digital communications
  5. Supports physical encryption (measurable distances)

Not to mention the use of “antiquated” technology will draw attention to the letters, whether they contain valuable or useless information. Government agents, being risk adverse, will fear some later review will prove the letters had valuable intelligence.

A trap entirely of their own making and one you should exploit whenever possible.

If that captures your interest, continue onto: A Postal Treasure Trove:

In 1926, a seventeenth-century trunk of letters was bequeathed to the Museum voor Communicatie in The Hague, then as now the centre of government, politics, and trade in The Netherlands. The trunk belonged to one of the most active postmaster and post mistress of the day, Simon and Marie de Brienne, a couple at the heart of European communication networks. The chest contains an extraordinary archive: 2600 “locked” letters sent from all over Europe to this axis of communication, none of which were ever delivered. In the seventeenth century, the recipient also paid postal and delivery charges. But if the addressee was deceased, absent, or uninterested, no fees could be collected. Postmasters usually destroyed such “dead letters”, but the Briennes preserved them, hoping that someone would retrieve the letters – and pay the postage. Hence the nickname for the trunk: “the piggy bank” (spaarpotje). The trunk freezes a moment in history, allowing us to glimpse the early modern world as it went about its daily business. The letters are uncensored, unedited, and 600 of them even remain unopened. The archive itself has remained virtually untouched by historians until it was recently rediscovered. Our international and interdisciplinary team of researchers has now begun a process of preservation, digitization, transcription, editing, and identification of letterlocking formats that will reveal its secrets for the first time – even, we hope, those of the unopened letters.

How cool is that? Letters preserved because the post office was hoping to nick the recipient for the postage!

Does that explain pay-in-advance postal systems of today. 😉

Both Letterlocking and A Postal Treasure Trove provide links to other resources on letterlocking.

A YouTube search on letterlocking returns approximately 525 videos.

On Twitter, follow @letterlocking, among others.

Any CS/Math types in the crowd who want to express letterlocking more formally? Thinking of Paper Folding Geometry and the exploration of folding algorithms more generally, such as with protein folding (except in 2 dimensions).

Transparent Government Has Arrived (sorta)

Tuesday, February 21st, 2017

I saw US Cities Exposed: Industries and ICS, source of this graphic, in Violet Blue‘s report Hacking and infosec news: February 21, 2017

Violet’s report has other useful security news but I just had to share the increasing government transparency graphic with you.

The growing insecurity of government computers makes the news organization stance that leakers must hand them documents all the more puzzling.

I don’t know if that is a result of being hand fed all these years, genuine concern over prosecution or both.

Think about it this way, short of a source outing themselves, how is anyone going to know that a journalist enlisted hackers versus having a genuine leaker?

Put that way, perhaps there are loose confederations of hackers breaching government networks right now. (Sorry, didn’t mean to panic any security types.)

😉

Read the rest of the report and Violet’s post as well.

Enjoy!

DAPL – 49 Sheriffs + Bull Connor of the North

Tuesday, February 21st, 2017

Before reporting on a spreadsheet about the 49 sheriffs and Bull Connor of the North, I have to share this urgent plea that arrived just moments ago:

Militarized police have completely surrounded the camp. If you intend to join the camp as a protector, the time is now.

I don’t have any reports on who is surrounding any of the 1,172 odd miles of the DAPL pipeline. Seems to me that turn about would be fair play. Yes?

I have created a spreadsheet that lists all 50 counties and their sheriffs where the DAPL pipeline runs.

The columns are as follows:

A – Name of County

B – Name of Sheriff

C, D, E, F – street address, town, state, zip code

G – Sheriff’s email (if they have one)

H – Phone

I – Fax

J – Link to Wikipedia on county

K – County population

L – County area (in square miles)

M – Population density

N – Geohack URL from Wikipedia that lists numerous map resources for that county (This is especially important for planning purposes.)

(Apologies! I forgot to link to the file: dapl-counties-sheriffs.xls)

Reasoning that you may want to concentrate your monitoring of DAPL for breeches in areas of low population density. While you may stand out, there are fewer people to notice you in such places.

Someone asked me earlier today if DAPL could be breached using explosives, to which any number of government publications, FM 3-34.214 Explosives and Demolitions, Steel Cutting with High-Explosive Charges, and private publications, Cutting Techniques for Facilities Dismantling in Decommissioning Projects, all answer in the affirmative. Cutting Techniques… includes coverage of a number of cutting techniques, including explosives.

If anyone asks you to use explosives to interrupt the DAPL pipeline you should, of course, decline, but if, nevertheless, they persist, give them this advice:

  1. Under no circumstances use explosives (commercial or homemade) so as to endanger law enforcement personnel, members of the public or even yourself. Many law enforcement officers are avid hunter and care as much for the environment as anyone. Don’t make yourself “special” by endangering or harming members of law enforcement or the public.
  2. Always use commercial explosives. Homemade explosives as seen on the Internet are dangerous and a trap for the “independent” minded. Sure, you can waste your time, energy and endanger yourself by attempting to make homemade explosives but why? Yes, there restrictions on the sales of explosives but there are laws against human trafficking as well.

    The Trafficking in Persons Report 2016 — Complete Report (PDF) reports that despite being illegal, human trafficking continues. I’ve seen it reported that 200 to 300 children are trafficked through the Atlanta airport, every month. Somehow I doubt the existence super effective enforcement efforts on explosives.

A longer post is coming but remember that investors, even investors in pipelines, are risk adverse. Should it come to pass that even a passing mention of DAPL creates waves of panic over the potential for entirely lost pipeline investments, the investment environment of and interest in pipeline investments will change.

After all, who wants to invest in 1,172 miles of sporadically broken, virgin pipe that has never carried a drop of oil? Yes?

PS: If you don’t know 1960’s civil rights history, the moniker Bull Connor of the North may escape you. Bull Connor used fire hoses and dogs against children marching for civil rights in Birmingham, Alabama. He, like the Bull Connor of the North, is a stain on the history of law enforcement in the United States.

Red Team Journal [Lessons for Standing Rock?]

Sunday, February 19th, 2017

Red Team Journal

From the homepage:

Red Team Journal was founded in 1997 to promote the practice of red teaming, alternative analysis, and wargaming. Since its founding, the site has influenced a generation of red teamers to think systematically and creatively about their assumptions, challenges, adversaries, and competitors.

My encounter with Red Team Journal was quite accidental but welcome since despite years of protests, the Dakota Access Pipeline, spanning four states, is nearing completion.

The bravery and dedication of those who have fought a long and lonely fight against that project are to be admired. But continuing with tactics that allowed near completion of an 1,172 mile long pipeline isn’t a winning strategy.

What tactics for stopping the Dakota Access Pipeline occur to you?