Slashdot Mirror
Mapping The Net And Hunting Down Evil
DiviN writes: "An FT article headlined the Dark
Side of the Web talks about a company that started a while ago to compile a
complete map of the Web. Not only do they claim to have it, but moreover they
say that they can trace any file on the Internet, any attachment and any posting
in a newsgroup to it's origin."
PJRC: Electronic Projects, 8051 Microcontroller Tools
Several points made in the article give me the impression that the capabilities of the database are not as powerful as claimed.
:)
:) I'm also unsure how someone would "generate" the address of cardholders. That would be information contained in a database which would have to be "obtained". Its not information that is obtained within the number itself. As for "robbing" ATM machines. I'll give you 3 good ways to do it. Shouldersurf someone's PIN number, mug them, then drain their account, use a sledgehammer and blowtorch to extract the cash from the machine, or wait until someone draws some cash from it, and just steal it from them. I wouldn't consider any of these ways to be smart, but I certainly don't know of any other way to do it. Nor do I expect there to be any reliable information out there that would express such possibilities.
First are the statistics on pornography sites. Yes, most sites just harvest material from public sources and redistribute it. However, how exactly were they able to determine how many images are stored on membership pages? Porn sites are notoriously pay per view services. Useful statistics on the volume of data a porn site will hold will simply not be available unless memberships were purchased on every single site. I don't care if they said they dont' care how much it costs, I know for a fact they're not purchasing memberships on 20,000 porn sites each day.
How do they claim they can archive EVERY newsgroup on USENET? No newsserver serves EVERY newsgroup, as its a distributed network. Most of them offer 98% of the groups, but they'd be hard pressed to have EVERY single one of them.
Then there's the discussion about "hackers", followed immediately about information about bomb building, lock picking, and credit card numbers.
I'm also somewhat unsure what good a list of "unissued credit card numbers" would accomplish. If its unissued, then its useless, right? IT WON'T WORK. Here's an unissued credit card number: 4204 4502 5092 2942
There. I GUARANTEE you that NOBODY has this number. Its "unissued". Now I'm a hacker! Oh goody!
How is steganography considered to be the 3rd biggest threat? According to this article, its more dangerous than nuclear weapons. All it is is a form of encryption. I suppose if I can't read a message of yours its less dangerous than if I CAN read a message, but it turns out to be the wrong message. forget the fact that I shouldn't be reading your messages anyways. If someone wanted to send a message detailing an assassination attempt, its unlikely anyone would obtain it until after the deed had been attempted.
Now.. lets examine some lines of FUD:
Unsuspecting companies are largely unaware that a great deal of the world's criminal communications are carried out using their own PCs, notes Whitelaw.
Security experts are seriously worried about the threat of attacks on airport flight management computers, power systems, and hospital equipment, let alone stock markets such as Nasdaq.
Anyone notice a pattern here? Sounds like this is the same techniques that antivirus vendors spew out in an attempt to get people to buy their products. Your computers are just CRAWLING with viruses and you'll most likely die if you don't use our product. True, the above lines were a tad more subtle, but the issue is the same.
oh well.. something to think about
-Restil
Play with my webcams and lights here
And tomorrow, it will all be obsolete. I can put a server up today at an IP and domain, then the next day ship it off to another state or country to give to someone else to host.
Or I can just decide that my FTP server needs to house jazz tunes tomorrow instead of the rap tunes today.
Who knows? The net changes that anyone who spent the time "mapping" it mapped it while it was changing, and after compiling the map, has realized that much of it is already outdated. Look at the search engines and how often a 404 creeps up, or even server not found.
No way they can know definitely attachments and files. It changes too fast too often.
Dragon Magic
Human nature is the same everywhere; the modes only are different. -- Earl of Chesterfield
They claim that they archive over 80GB an hour, and then talk about the content of porn sites, etc. Of course, how do they have access to all of these porn sites is another thing altogether - that must cost quite a lot for all of those memberships! The system appears to be some kind of massive search engine/archive similar to Alexa Internet except much more broad and with more sophisticated tracking and reporting capabilities. Although they decline to specify how, apparently they are able to compare images against each other, track texts, and do some massive queries to track back things like the Melissa virus to their first known wherabouts. They claim to have one of the largest databases in Europe, and to have found the perpetrator of the I Love You virus two days before the Feds. This really seems unlikely, and it would be nice to have some outside information, such as pictures, or results. How you can catalog and search this amount of data must really be a feat, considering their DB is larget than TerraServer and they aren't IBM or Microsoft, with billions to burn. Luckily, they can only "track" web pages and Usenet postings, so far, and they apparently classifiy it all by domain name and various other (unexplained) patterns.
It's a battle out there. The battle between net net users' and programmers' desire to be anonymous and private, and their desire (especially the programmers) to log every damn thing that happens.
There seems to be a huge contradiction in the hacker mentality, on the one hand to collect endless log files, traces, data stores, id's, usernames, passwords, tags and the rest of it, and on the other hand to want to remain entirely private, safe behind their screen.
Personally I'd love to remove all the log files. No more http log files analysis. No more SMTP message-id's and paths in the headers. No more off the cuff usenet postings archived for the next n decades and cross referenced by the university userid of the the guy who posted it 6 years ago.
I don't see what's so good about archiving the Internet. It's like having a ten hour meeting where nothing gets decided but hey - we'll be able to see exactly what was said 10 years from now!
If you want it to last, print it out. On non-bleached paper. [Anyone who knows where you can buy unbleached long life printer paper please let me know...].
So, I'm all for Buchanan and it's sleuthing. I'm not convinced they can do all they said they can do, but hey, you leave enough log files lying around and sooner or later someone'll make a living reading through them.
You can't have your cake and eat it!
-----
Claims like this smack only of bold leaps in self-promotion and hype. Considering the number of NEW devices connected to the internet on a daily basis, and the increasing number of sites using dynamically generated content, claims such as "we've mapped every byte on the internet" are insane.
At the heart of these new "Internet Private Investigator" type companies is a desire to develop methodology or technology that is marketable to law enforcement or private companies who have an interest in tracking users down for a number of legal reasons. Whether it's a hate group posting bomb schematics, or a geek programmer reposting DeCSS source code for for the five hundredth time, "THEY" would like to find you.
These companies fail to realize that the persons they are trying to track down, in many cases are better than those doing the tracking. When you have high school kids able to deface NASA web pages, sniff credit card numbers off a Fortune 500 company's server, hijack telnet and ftp sessions, IP spoof, and root clueless ISP's servers to use as jumping-off points, it makes it very easy to stay anonymous.
But if the company in question told investors they had developed technology that enabled them to catch idiots, it wouldn't sizzle, would it.
If the government required licencing for anyone able to purchase T1 or greater bandwidth, ala FCC licencing for radio stations - AND, pass a basic certification test verifying they understand essential, basic security measures for the OS they choose to employ, it would make the internet a much more secure (and accountable) place, and give higher professional creditability (and marketability) to the persons holding the licence.
THIS SPACE INTENTIONALLY LEFT BLANK.
The quest to control internet anarchy is indeed frightening. When an entity wants to quash a viewpoint (or a group of people), all that is necessary is to declare them "dangerous". In most cases, that's not a stretch. The ideas that the powers that be want to control most often are just that; they're very dangerous to the powers that be. They threaten the status quo. Just now, it looks like they' re not doing anything terribly frightening. They've refused to use the technology to bend to the whims of certain oppressive governments, thus far. The question remains, though. Do you want any single entity to have the power to say what's "undesirable" on the internet?
--
Donating to the EFF now...
.sig: file not found