Slashdot Mirror
Grad Student's Work Reveals National Infrastructure
CodeHog writes "The WP reports about a student working on a PhD and how it relates to national (US) security. Very interesting that he has been able to get all this information. It raises some very challenging questions, should some of this information be classified?"
In the background, he plays the Beastie Boys.
He's got the right to party!
--------
Free your mind.
This software is used in the firmware of WMDs! It should be taken of the public internet immediatley!
I can't figure out how to download his dissertation. I want to judge for myself whether "tedious and unimportant" is an apt description.
Here's the story on the washington post. Parallels between the critical infrastructure question and computer security professionals. There's a certain point where information should be kept quiet.
--
Annotateit at Annotateit.com
You're either "land of the free", or you are not. So either live up to the hype, or change the tagline. Can't have it both ways, with a closed society fueled on fear, claming to be "free".
[jole]
Thanks shithead, Especially well before the article was /.'ed. Nice karma whoring attempt.
what national security infrastructure????
:)
Consensus is good, but informed dictatorship is better
After this kind of publicity, he'll have some job offers coming in, I guarantee it.
I'd tell 'em to classify it all they want, just looks BETTER on the resume...
For instance, this is not the first time Sean Gorman has been talked about:
Article in Science Daily
Plus, someone with the same email address has posts in rec.sports.rowing...
The bottom line is that if you know where to look, you can find out lots of stuff. Classifying this guy's dissertation isn't going to prevent someone else (from anywhere on the planet) using the same tools he did to do the same things he did.
We either have to control all information (hello, Mr. Orwell!) or accept that information can't be controlled and plan accordingly. It's been said many times before, but security through obsucrity just doesn't work.
libertarianswag.com
national infrastructure? I mean, if I knew Verizon and AOL were the main providers of services for a firm, how does that affect national security?
And incidentally, this could be a good thing for Linux. An entire country operating on a single flavor of Windows, is the perfect recipe for disaster.
If you keep throwing chairs, one day you'll break windows....
I work for Transport for London (Transport Authority in London, UK, duh), and, after 9/11 my boss asked me to print out a huge map of the city and put a little sticky label over every "potential terrorist target". Buckingham Palace, Houses of Parliament, the big wheel thing, ministry of defence, big office blocks, army barracks, more palaces....
After three hours I was running out of sticky labels and was very scared.
But hey, look on the bright side, maybe it'll never happen!!!
evil math within Nature's Cubic Creation!
You cannot keep information like this secure forever, or even very long. Someone will always have this information. The question is, will we allow the US government to to deprive us of our liberties to the extent that the gov't really can keep this information for ourselves, and only let it out when it's in their interest for a building to get bombed, or do we fight to keep information free?
People who claim this information is a security risk are looking at things the wrong way round.
A hen is only an egg's way of making another egg. -- Samuel Butler
Is what kind of database and what kind of software he has used to create the program that is the basis of his PhD.
On a more serious note, I think his work is great. While it certainly has serious security implications, it could also be used by ISPs, telcos, power companies, etc. to disseminate information on outages and/or find the root causes of problems.
Ah, well... I suppose we'll never see the results... but I do hope he gets his PhD.
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
Did anyone else think that this article had a dark undertone of government and corporerations looking to lock down information in the name of security. I mean, some of this information is important and may have benefits to the general public.
The scariest line is that they wanted to burn his research. Flash backs of 1984 flashed in my mind.
--------
Free your mind.
Some people might wonder why in the world you'd need to have maps of electrical grids and fibre lines...
I'm working on the periphery of the emergency response industry, and suffice it to say, any infrastructure data is vital as hell for responding to major natural disasters like quakes, hurricanes and tornadoes.
Tossing all this "scary" data into the classified domain will hammer on emergency responders' ability to effectively map this stuff.
It's vital, and I think the anti-"security through obscurity" comment in the article hits the nail on the head...
It's very interesting the way that an assemblage of publicly available information is suddenly a matter of national security. This must be based on the assumption that evildoers are never grad students.
(Jodie Foster) from the movie Contact, "What, you want to classify prime numbers now?"
Extra points for somehow removing the carriage returns and making it into unreadable gobbledygook...
I don't really know what he's driving at, anyway. This newest wave of technology is flashy, but we seem to have forgotten that recognizing and exploiting consumer attention is the key to unlocking the door of success in this cutthroat business -- not simply coming up with bigger and better, but maximizing the potential of what you've got.
Take the game industry for example; the earliest games functioned on single-sided single-density floppy disks, which didn't permit a great deal of graphics or fanciful algorithms. Games, as a standard, were terse and text-based until a programmer came up with a method of doubling the graphical storage -- and ended up making games that outperformed the standards of those on technically superior systems. Or go to the console wars, where the concept of making a dual-processor system (SNES) was outshone by the concept of vastly improving the storage space (Playstation) on a technically inferior CPU.
Same deal with this mapping stuff. Just show me how to get from Point A to the mall and I'm set -- I don't need to know the infrastructure along the way.
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
It sounds kind of cool actually.
(ummm.. Does this mean I really AM a geek?)
Dude, you're gettin' a cavity probe by Ashcroft!
No-one can deny that the Internet has opened a can of worms that the people who wrote the constitution could have never imagined would exist when they put it together. Our Bill of Rights and many other pieces of legislature were designed before the global information network became available to any 6th grade dropout with an AOL account and perhaps we need to look at updating it with this in mind.
I'm not suggesting we should become a police state or anything, just that perhaps we need to take the world as it stands today and re-write parts of the constitution with this in mind.
I can live with less "rights" provided I'm safe and secure.
All the best,
--Bob
From the article, all of the data he compiled was obtained from public sources. If anybody else wanted to replicate the work, it would only take their time. I'd imagine that you could get all the information you need through public records for building permits and right of way use. I mean, squelching the person who took the time to compile it all isn't going to do much good unless you classify every public record the US has for infrastructure.
This has nothing to do with Windows or Linux. A terrorist with access to this information could simply look up points that have the biggest confluence of fiber optic cables and communication equipment and attack. They could similarly do the same with energy infrastructure.
Wires don't run Windows or Linux.
"Tedious and boring?" He's got an application that can actually do some of the stuff Hollywood hackers have been doing for years. How could anyone think that's boring?
"Tank, find a structural drawing of this building. Find it fast."
Dissertation Could Be Security Threat
Student's Maps Illustrate Concerns About Public Information
By Laura Blumenfeld
Washington Post Staff Writer
Tuesday, July 8, 2003; Page A01
Sean Gorman's professor called his dissertation "tedious and unimportant." Gorman didn't talk about it when he went on dates because "it was so boring they'd start staring up at the ceiling." But since the Sept. 11, 2001, attacks, Gorman's work has become so compelling that companies want to seize it, government officials want to suppress it, and al Qaeda operatives -- if they could get their hands on it -- would find a terrorist treasure map.
Tinkering on a laptop, wearing a rumpled T-shirt and a soul patch goatee, this George Mason University graduate student has mapped every business and industrial sector in the American economy, layering on top the fiber-optic network that connects them.
He can click on a bank in Manhattan and see who has communication lines running into it and where. He can zoom in on Baltimore and find the choke point for trucking warehouses. He can drill into a cable trench between Kansas and Colorado and determine how to create the most havoc with a hedge clipper. Using mathematical formulas, he probes for critical links, trying to answer the question: "If I were Osama bin Laden, where would I want to attack?" In the background, he plays the Beastie Boys.
For this, Gorman has become part of an expanding field of researchers whose work is coming under scrutiny for national security reasons. His story illustrates new ripples in the old tension between an open society and a secure society.
"I'm this grad student," said Gorman, 29, amazed by his transformation from geek to cybercommando. "Never in my wildest dreams would I have imagined I'd be briefing government officials and private-sector CEOs."
Invariably, he said, they suggest his work be classified. "Classify my dissertation? Crap. Does this mean I have to redo my PhD?" he said. "They're worried about national security. I'm worried about getting my degree." For academics, there always has been the imperative to publish or perish. In Gorman's case, there's a new concern: publish and perish.
"He should turn it in to his professor, get his grade -- and then they both should burn it," said Richard Clarke, who until recently was the White House cyberterrorism chief. "The fiber-optic network is our country's nervous system." Every fiber, thin as a hair, carries the impulses responsible for Internet traffic, telephones, cell phones, military communications, bank transfers, air traffic control, signals to the power grids and water systems, among other things.
"You don't want to give terrorists a road map to blow that up," he said.
The Washington Post has agreed not to print the results of Gorman's research, at the insistence of GMU. Some argue that the critical targets should be publicized, because it would force the government and industry to protect them. "It's a tricky balance," said Michael Vatis, founder and first director of the National Infrastructure Protection Center. Vatis noted the dangerous time gap between exposing the weaknesses and patching them: "But I don't think security through obscurity is a winning strategy."
Gorman compiled his mega-map using publicly available material he found on the Internet. None of it was classified. His interest in maps evolved from his childhood, he said, because he "grew up all over the place." Hunched in the back seat of the family car, he would puzzle over maps, trying to figure out where they should turn. Five years ago, he began work on a master's degree in geography. His original intention was to map the physical infrastructure of the Internet, to see who was connected, who was not, and to measure its economic impact.
"We just had this research idea, and thought, 'Okay,' " said his research partner, Laurie Schintler, an assistant professor at GMU. "I wasn't even thinking about implications."
Cockarse.
.
Which makes me wonder, was that intentionally left unformatted so that we would miss critical information in that article?
In a word, No.
Those who would exploit it for ill already have the data, or can easily obtain it. Classsifying the data now would only hide it from those with reasonable use; and would allow for mistakes or security lapses to be covered up.
If you don't think authorities - whomever they might be - won't abuse the privlege of 'classifying' data, then you have some big surprises in store...
Everyone will start to cheer when you put on your sailin' shoes.
With all this information, maybe he can tell me when they're going install my damn DSL line...
A close relative of mine applied for a job at the State Dept. while finishing up his doctoral dissertation on Cuba (back when Cuba was highly volatile). They asked to see a draft and he consented. Having read it, they said he could have the job provided he NEVER, EVER publish the dissertation.
He said okay and now he's ABD but pretty high up in the CIA/NSA (yeah, they work together now).
Gorman didn't talk about it when he went on dates because "it was so boring they'd start staring up at the ceiling."
What is this going on 'dates' thing? I guess stuff for nerds, as in stuff that matters to nerds. Guess im not a nerd then.
The other interesting thing this brings up is the student's right to earn a living and do what he enjoys vs. the national security implications of this. Like he says, putting classified down on a resume doesn't get you very far, especially outside the Military/Intelligence arena.
The other thing is that, yes, he did put all of the together, but according to the article the raw data he used is all available on the internet. Who's to day that Al Qadea hasn't hasn't already done the research to create their own version of his map. In that case this work could very well prove to be a map of what to defend.
"You can't fight in here! This is the war room" --Dr. Stra
Correlating information is what gives you the bigger picture. Sure, it might be a secuirty threat as a whole, but it's been made up of snippets of information gleaned individually that probably aren't much use on their own.
Same as a bomb really, component parts are pretty common; chemicals, circuitry. It's about knowing how to connect stuff together to make it a bomb. 9/11 was flying lessons, plane timetables, GPS and box cutters. Each on their own is pretty harmless until you join the dots...
Same with information, connected together in the right way, it's just as dangerous. Ask the CIA or any intelligence agency...
I'm not sure what you were talking about re: the SNES and dual CPUs. I believe you were thinking of the Turbo Graphics 16, which had dual CPUs, but was outshone by the SNES and its superior graphics chipset. Clearly, the Playstation was far superior hardware in every way to the SNES.
-- sudo.ca
Sean Gorman's professor called his dissertation "tedious and unimportant." Gorman didn't talk about it when he went on dates because "it was so boring they'd start staring up at the ceiling." But since the Sept. 11, 2001, attacks, Gorman's work has become so compelling that companies want to seize it, government officials want to suppress it, and al Qaeda operatives -- if they could get their hands on it -- would find a terrorist treasure map.
Tinkering on a laptop, wearing a rumpled T-shirt and a soul patch goatee, this George Mason University graduate student has mapped every business and industrial sector in the American economy, layering on top the fiber-optic network that connects them.
He can click on a bank in Manhattan and see who has communication lines running into it and where. He can zoom in on Baltimore and find the choke point for trucking warehouses. He can drill into a cable trench between Kansas and Colorado and determine how to create the most havoc with a hedge clipper. Using mathematical formulas, he probes for critical links, trying to answer the question: "If I were Osama bin Laden, where would I want to attack?" In the background, he plays the Beastie Boys.
For this, Gorman has become part of an expanding field of researchers whose work is coming under scrutiny for national security reasons. His story illustrates new ripples in the old tension between an open society and a secure society.
"I'm this grad student," said Gorman, 29, amazed by his transformation from geek to cybercommando. "Never in my wildest dreams would I have imagined I'd be briefing government officials and private-sector CEOs."
Invariably, he said, they suggest his work be classified. "Classify my dissertation? Crap. Does this mean I have to redo my PhD?" he said. "They're worried about national security. I'm worried about getting my degree." For academics, there always has been the imperative to publish or perish. In Gorman's case, there's a new concern: publish and perish.
"He should turn it in to his professor, get his grade -- and then they both should burn it," said Richard Clarke, who until recently was the White House cyberterrorism chief. "The fiber-optic network is our country's nervous system." Every fiber, thin as a hair, carries the impulses responsible for Internet traffic, telephones, cell phones, military communications, bank transfers, air traffic control, signals to the power grids and water systems, among other things.
"You don't want to give terrorists a road map to blow that up," he said.
The Washington Post has agreed not to print the results of Gorman's research, at the insistence of GMU. Some argue that the critical targets should be publicized, because it would force the government and industry to protect them. "It's a tricky balance," said Michael Vatis, founder and first director of the National Infrastructure Protection Center. Vatis noted the dangerous time gap between exposing the weaknesses and patching them: "But I don't think security through obscurity is a winning strategy."
Gorman compiled his mega-map using publicly available material he found on the Internet. None of it was classified. His interest in maps evolved from his childhood, he said, because he "grew up all over the place." Hunched in the back seat of the family car, he would puzzle over maps, trying to figure out where they should turn. Five years ago, he began work on a master's degree in geography. His original intention was to map the physical infrastructure of the Internet, to see who was connected, who was not, and to measure its economic impact.
"We just had this research idea, and thought, 'Okay,' " said his research partner, Laurie Schintler, an assistant professor at GMU. "I wasn't even thinking about implications."
The implications, however, in the post-Sept. 11 world, were enough to knock the wind out of John M. Derrick Jr., chairman of the board of Pepco Holdings Inc., which provides power to 1.8 million customers. When a reporter showe
the same questions have been asked about some of Tom Clancy's work. I remember reading that he was paid a visit by the FBI asking where he got his classified information, only it turned out everything he used was publicly available. My thought is that suppressing information will not prevent terrorism, only when would-be terrorists change the way they think of the free world will it stop. /rant
Imagine what a great company you could start just by optimizing the grid layouts of the different companies for them. Spotting particularly bad locations for lines for planning and helping the firms reroute them. yay!
The article mentions an interesting website: But even with the wonderous google I am unable to find the website that they are talking about.
Anyone know of it?
--Tim
I thought the whole point was to create a massively redundant network that could bypass any damaged links. Now this student's work says this isn't true?
should some of this information be classified?
whats really needed is a campus along the lines of Camp X-Ray to deal with this sort of thing. This way the Govt can controll what the studenets research and who can distribute this information to. The new open wire cage format for the dorms will have the added avantage they it will be easy to immediately identify students sharing files illegally thus saving the RIAA money to track them down
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
Is everyone forgetting that a part of the price of freedom is safety? An open society is a vulnerable society in some ways. The same vulnerability keeps society safe from itself and its own excesses.
Of course if we classified everything like this no one would have a road map to destruction. But they could still poison the water supply, blow up buildings and cause untold grief. They could still locate some of the bottlenecks themselves and exploit them.
Like so many things the government/corporations seek to classify, the real people they don't want to know are the ordinary people. It puts me in mind of the many "the area bombed last night is classified...we don't want to give the enemy important information" remarks we see. Like the enemy doesn't know they were bombed...
we could tell you but then we'd have to kill you - Verizon
When Tom Clancy published the Hunt for Red October the US Navy wanted to nail him because they thought he stole some confidential info about their submarine ops.
It turned out that he got all his info from public domain sources. And they could not do much about it. He just knew where to search.
The dangers of excessive individualism are nothing compared to the oppressiveness of excessive collectivism
Gorman's work and the access he used is vital - if I'm paying for two links that should be separate, I need to know that I can really check that we have separated physical facilities.
There are a lot more backhoe operators than terrorists - and historically, the chances of a backhoe impact on infrastructure are pretty high.
The NIPC (www.nipc.gov) should be addressing these sorts of issues, and working with the individual telecoms companies and customers to make sure their networks are resilient. I don't think Sean Gorman's future should be in any doubt now. Any graduate school that refused to recognize the end result of his work (evidently a very useful atlas) would have difficultly justifying their stance.
I do not understand why the information would be classified. Our national highways are critical infrastructure, without which we would all be brought to a standstill, yet maps of them are readily available online or at any bookstore.
Could you imagine if the locations of communications infrastructure were classified? Would you need clearance to set up a node? Would you need to pay to have every line technicican get a full background check? This reminds me of the reaction of "security" people when they see WHOIS entries for their companies for the first time. Their foreheads are usually bruised for weeks because of the knee jerking. The first thing they want to do is take it down. They forget that a certain level of openness is neccesary for a system that benefits everyone.
The whole point of a privatised distributed communications infrastructure is that a terrorist or enemy state cannot cripple the entire thing. Now if the people at banks and government insititutions have not done a good job of ensuring redundancy and disaster recovery then it's their own fault. The solution is to fix it, not suppress information about it.
Obviously, no one recommends mailing al-qaeda a copy of the telecom/data infrastructure, but this exposes a major flaw with what's going on and we would be foolish to ignore it or suppress it.
"The plural of anecdote is not data." -- Roger Brinner
If you read the article, you would understand why you can't download his dissertation. It is a road map for terrorism throughout the United States. Everybody knows where major landmarks are, but these are major hubs in the IT infrastructure of this country. From the sound of it, power grids, information pipelines and all kinds of other electronic infrastructure is a whole lot more interconnected than I originally imagined.
The writer is concerned he will not be able to work if he cannot get published, since he will only be publishing the most general of ideas from the paper. I am sure Uncle Sam will make certain he is well taken care of. You have a future in government consulting. Lets just hope he does not get snatched one morning as he's rowing across the lake.
The cancel button is your friend. Do not hesitate to use it.
Hack into that guy's box, steal that goddamn map and publish it on the net so we could have some REAL fun? :) This article is like a review of some really cool movie you're never going to see. Come, bring it to Kazaa so everyone could grab it and see it :)
i should think that emergency responders would be among the approved entities to have access to this data.
my big question: how current is this data? it's taken years to compile and in that time, natural disasters and the like would have changed some elements, rendering certain data inaccurate. that's why db records invariably have a "last updated" date/time stamp field in 'em. the only thing worse than no data is data whose accuracy is in question, IMX.
ed
I always wondered what someone would do with that...
Since Gorman created this map with only publicly available information, it should not be classified because it's already too late. Once the existance of such a map became known, it was too late. In fact, once it became known that it was possible to create such a map with only publicly available information it was too late. Now, any government/terrorist/whacko (is there a difference b/w the last 2?) can start creating a similar map with the confidence that they can get enough accuracy to scare the hell out of top executives at power companies. Who the f*** at Homeland Security let this article run??
Webmaster Wanted - Entropic Reactions
From the article:
"This is why CEOs of major power companies don't sleep well these days," [CEO of power co. Pepco Holdings] Derrick said, flattening the pages with his fist. "Why in the world have we been so stupid as a country to have all this information in the public domain? Does that openness still make sense? It sure as hell doesn't to me."
Because security through obscurity is just as brainless an alternative for the physical infrastructure as it is for virtual infrastructure.
Hiding things doesn't make them safe. It makes them safe until found. With the added bonus of fostering the kind of clandestine, repressive, bitter societal climate that our govnt seems bent on pursuing these days.
You want to protect something? 1) Make it less desirable as a target (i.e. take away people's reasons for attacking in the first place). 2) Build in redundancies to dilute vulnerability. 3) Monitor, patrol, survey in an open and visible manner
Did you know, not all of your readers are from the US.. maybe someday, you should run a poll to see how many are from a "other country"
Sounds like he could make a mint in the data security business, consulting with large firms to identify the weak points in their networks.
When laying out large redundant networks, one of the primary goals is to ensure that your primary and backup circuits don't end up in the same trench along a railroad track, or going through the same manhole access vault. I recall reading in Wired about how a Pacific sub-sea fiber optic cable operator was concerned about having both loops on the same island, much less coming ashore at the same beach.
Same applies to goverment organizations, of course. I'd like to see the Federal Reserve purchase his info, as I have an interest in making sure I get paid each month. Couldn't care less about the rest of them (INS, IRS, DHS, etc), but I'd like to see FedWire stay up.
Cliff S. in "The Cukoos Egg" tails down a spy selling secrets to the russians. Most of the info he steals is *NOT* classified, but by having *ALL* the info, he can piece together something he doesn't know:
1. New fighter being developed
2. Contract awarded to company X
3. Rifle through purchase orders for titanium and other strategic parts.
4. Get shipping info on said parts
5. now you know the facility where it will be built.
6. find airline reservations from company in question
7. look for engineers and test personell.
8. find nearest test base from point of arrival.
9. Fighter X will be built in location A and tested at location B, between arrival date and departure date.
Needless to say, this is why more things have become classified since the early 80's
meh
But I want his monitor!!
/sig
Hey, there IS a certain treshold where "national security" ends and "public domain" starts. Agreed, this is not a clear line, but a rather (thick) grey band between...
Problem is in the "human rights" department... everybody with a brain can use it [information] to do good or to wreak havoc.
Any democracy is far more exposed to terrorist acts than any totalitarian regime, and there's a cause-and-effect link between them.
YES, you could sacrifice all possible "public information" to the altar of "national security", but then where's the all-so-praised democracy and freedom of information ???
So we end up again and again to the same dillema: what is the treshold between democracy and a police state?
That "kid" was just exposing weaknesses. IF you were to classify something, you should classify the INFORMATION that he gathered to reach a result in his research, not clasify his research's result! This is as stupid as classifying (for instance) the formula of gunpowder and leaving all other informations about chemical reactions available to everybody!
That being said, would you rather live in a "safe and steril" or in a "free but slightly dangerous" environment ?
By reading this signature you agree to not disagree with the post you just read.
People are _SO_ freaking paranoid these days. Having access to a database like this could be enormously helpful to a great range of people. But all people think about is, "What will al Queda do with it?"
Since 2000 about 3,000 people have died in terrorist attacks. About 175,000 have died in car accidents. About what should we be worried?
This guy is funny... uhuhu...uhuhu.....
Sooooooo... what's the point??? Yes, he made it easier to acces the information(one click!!! Yupiiiiii!!!), but that still doesn't change the fact that almost anyone who want(and don't give a fuck about his dissertation may have it....).All he did was sort information avalable in the public domain and offer it with a nicer interface.... God.... A freaking genius......
Then again should the acces to this info be limited??? 'Course not!!!
1. No sig. 2. ???? 3. Profit!!!
Where to begin?
I'm opposed to a closed society where information is kept for those who are allowed to view it. It creates fractures in society, where people who have access to information dictates are better off than others and not for reasons like they're smarter or work harder. How are people supposed to raise themselves out of a lower position in society if they don't have the same privileges as those in the higher places have?
Next train of thought...
The executives that wanted to keep him in the confines of their building, along with his laptop, make me want to gag! How proposterous are these people to think of a suggestion like that?! And they run big companies... They definitely don't have the average person in mind in their decision making process.
I do see the drawbacks of an open society, especially one where the nerves of an entire global economy can be shocked with a few choice blows, but the idea of this information is to also protect against this kind of thing from happening. If we don't know where we're vulnerable then we have no chance in protecting ourselves.
In an analogy, sports teams review footage of other teams to see where their weaknesses are, and suredly watch videos of themselves for the same purpose. They use this knowledge to both prepare offensive strategies, and defensive ones. It's a technique that works, and needs to be done! Remember, we're the home team, we're talking defense here.
Last train of thought...
Who knows, maybe this information is exactly the thing needed to kick-start the IT sector. With knowledge that our infrastructure is brittle and not properly prepared for attack, we'd be sure to see companies invest in redundancy and that means more jobs, better structured systems, and more peace of mind! Isn't this exactly what we need?!?
"We are not always what we seem, and hardly ever what we dream."
Schmendrick the Magician
True, it is not hard to find the information, but how difficult is it to pull it all together into one package as Gorman has done? Yes, classify it after the guy gets his sheep skin. Its one thing to have information out there to develop a bomb, its quite another thing to post schematics in a periodical.
The cancel button is your friend. Do not hesitate to use it.
"When their computer crashed, they removed the hard drive, froze it, smashed it and rubbed magnets over the surface to erase the data."
They seem to be pretty angry people. When (If) my computer crashes I just restart.
Killing people causes terror, because nobody wants to get killed. Cutting off infrastructure causes annoyance, because it happens regularly already. And when it happens, people will get by like they always have.
Ita erat quando hic adveni.
I think you failed to notice the joke....
I thought the whole point of the Internet, being a packet-switched network, was that it could survive damage... like from nuclear war.
So now we're worried that a terrorist with a scissors is gonna bring it down?
...I am sure Uncle Sam will make certain he is well taken care of....
... of well taken care. ;)
I am sure Uncle Sam will make certain he is
He's able to leverage the data so that he can see gains (I'm thinking an entire career) while the folks that have lots to lose (banks, utilities, transportation, US gov) pay for him to help show their achilies heels and bottlenecks.
If 25 telcos happen to be sharing the same 'pipe' of fibre, it may not be a terrorist that breaks that connection... regardless of who severs that line, it ain't good for the telcos -- and the telcos should be using his data to reduce risks.
Insurance companies and actuaries for corporations and governments love this kind of stuff, as do operations research people. Tell me how much it'll cost to reduce risk to this level, or: I have $10,000,000 -- how can I spend it to ensure that the worst case scenario isn't as bad.
Hopefully the information doesn't become classified; hopefully, it's used over the next few years to sure up the bottlenecks and other weak points, making the infrastructure far more robust in the following years.
Support a few technologists in Washington.
I don't think I need a Ph. D. thesis to tell me how to cause havoc.
What this really indicates is that information in and of itself can be pretty useless, but when some raw brute-force intelligence is applied to it, making associations with the information, then it can become a national security issue. I think he should go ahead with his thesis with the condition that someone or some body (of the US Government) should start implementing plans to defend the businesses, institutions, and utilities within and working with the infrastructure.
Of course the US Government doesn't want him to publish the work, THAT would create a lot of work for the US Government to protect and prevent attacks on the infrastructure. In the end, if this guy doesn't publish his work, someone else will follow in his footsteps and do the same work but keep the information/results obtained from it private or possibly sell it to the highest terrorist network. Isn't capitalism fun? And since much of the work on this project is done, is the PROJECT secure? Is it on a laptop? Is it on a web server? Is it in an email? Is it on a burned CD lying in the open for the taking? It will be discovered sooner on later.
From the article:
Recently, Derrick received an e-mail from an atlas company offering to sell him a color-coded map of the United States with all the electric power generation and transmission systems. He hit the reply button on his e-mail and typed: "With friends like you, we don't need any enemies in the world."
WTF? Like a terrorist needs a map to find power plants and transmission lines? At least most other vital infrastructure is buried and largely hidden from view. It's not obvious where the major fiber optic trunks are, at least to the untrained eye. But electricity? Give me a break! Am I supposed to avert my gaze when I see high voltage power lines because their location is "classified"?
It is easy enough for anybody to find out anything that they want about the US, but it is not due to ease of access. It is that we are a hetergenous society. Anybody can move easily here and simply look. This article, and some of people act like this info is difficult to obtain. It isn't. Want to locate fiber optics? Follow the rail system, the high tension power lines, and the highways. The installation involved obtaining ROWs which were almost always easier to follow other ROWs. As to finding out a set of central offices, simply get a job at a rboc or a power company. Once inside the company, the info is freely available.
For those who think this is bad, look at the old soviet union. Even for all their hard security (which seems to be the direction that we are headed), we knew most of their soft spots. So even if we truely implement the same society that Soviet Union had, we would still be a main target. Any time you have fixed assets, it is a target. period.
I prefer the "u" in honour as it seems to be missing these days.
If this is classified, there will be no insentive for the comm companies to fix the problem and reduce vulnerability.
People (and big companies) do not move until it hurts. Make it hurt and they will move. If average Joe the Shareholder reads in the newspaper that company X has all their infrastructure in one place and the cables are wide open, you better believe it company X will do something.
Otherwise, it is classified, public do not know about the problem, nobody does anything, but the potential evildoers will get this info anyway.
A better Post article this morning.
Cutting infrastructure cables has already been happening w/o help from those of ill-intent. What we need to work on is assuming the worst can happen and concentrate making very fast repairs to get things back up as sson as possible. I recall back around 1997 a back hoe in the Chicago area took out 1/3 of the U.S. the Internet traffic for most of the day. What we need in an emergency is an army of huffy sys admins to stay on the phone the telco providers to shout "THIS IS UNACCEPTABLE... I WAS INSTALLING DEBIAN OVER HTTP AND NOW MY SERVER IS DEAD!!! I NEED CONNECTIVETY NOW!!!" and keep it up until the cable repairs are done. Well maybe not like that but we would do better training an army of technicians to repair infrastructure quickly in an emergency that way less downtime, less havoc. In other words don't rely on the cable company repair people who will be there next week sometime between 8AM and 8PM.
This poor schlub has just made himself the nation's #1 target for a "disappearing."
Either by the bad guys or the (*cough*) "good" guys.
I have asked this question a number of times, but I am still confused.
The Internet was designed to be durable. It is built with many points of failure and it is supposed to function even with many of those points disabled.
Why is it then that a backhoe operator in California can knock out Internet access or at least cripple traffic for the entire country?
Is it simply that there is not enough redundancy to make this possible? If that is the case, forget about supressing research like Gorman's and increase the infrastructure.
Regrettably, I must agree that spilling this information out into the public domain is not the best. Computer security concerns should be publicized, but physical security issues should not. They differ insofar as the means of resolving security issues. If some operating system has a vulnerability, it is repaired once and the patch gets disseminated to all affected systems. You cannot simply build a stronger door and pass that door around to all affected sites.
Nevertheless, we should make efforts to nullify the vulnerability so that when this information becomes public, the point is moot and a few bombs destroying some fiber will do nothing.
Join Tor today!
You must live in a very interesting, not to mention scary, bumper-sticker-mentality world...
...between all the pieces of information being publicly available and all the information being publicly available.
From most of the comments so far, it appears the majority of people seem to think that this guy's PhD took about as long to compile as mapping a route from coast to coast with MapQuest. Hello? I imagine there was quite a bit of work put into compiling this information, and that not just anyone would have the time, persistence or devotion to duplicate the complilation. So yes, there is a HUGE difference between the information being available scattered across the 'net and having it all compiled, cross referenced and searchable in one easily downloaded program.
And IMHO, you most definitely can had a compilation of 100% publicly available information be classified as a threat to national security.
And personally, I don't believe there is a "publicly beneficial" use for this info in its compiled form that couldn't be easily be satisfied with the publicly available pieces - if a link is severed, you only need the info for the area of the problem (where the tornado hit, for example), not for the whole country. And the utilities that would be effected and responsible for the repairs would have the info they need anyhow.
I think the biggest value to the public of this information is the fact that it exists and that this can be done. The information itself is only important to those who would protect it or exploit it.
666-607: 6th floor apartment of the beast
After all, IGNORANCE IS STRENGTH.
And unfortunately must give up some of our rights to buy security, or the terrorists will have already won. As we know, FREEDOM IS SLAVERY.
And it goes without saying - although it's been said many, many times recently by our dear Commander In Chief - that WAR IS PEACE.
We must ignore those who would warn us against this, and march into the brave new world of strictly one sided Total Information Awareness with flags waving and proudly chanting the pledge of subservience. As Jeb would no doubt tell us, Big Brother knows best.
If you were blocking sigs, you wouldn't have to read this.
Sometimes, small bits of information are not considered classified, when taken by themselves. However, when certain critical unclassified pieces are aggregated, the collection of information *is* considered classified. I believe this individual's work may qualify as classified information as just such an aggregate.
Yes, anyone with the time and resources can duplicate the effort, but they'd have to duplicate the effort, and expend the resources. And that's the point. It's not a guarantee that the information will not be collected by adversaries, but there's no point in making it any easier to hand it over to them either.
How's my programming? Call 1-800-DEV-NULL
For the right price, you can just buy the data from Platts - power line rights of ways, water pipes, etc. Once you have the data, you can throw it into any GIS software (purchased for the right price). Example: you need to get the natural gas pipline information to the road repair crews, so when they dig they're sure they won't hit anything... all this data used to be open, because noone thought you could do anything with it.
So what if I know where the local 500KV transformer yard is located over the 3rd hill on the left, who in their right mind would want to damage it? Then we realized how many people in the world really aren't in their right minds... I'm not complaining that this data should be bottled up again; what was really lacking was the chain of custody of who accessed the data, and for what purpose.
29 years-old and making fame on the fact that he google'd his ass off for a few years and compiled a BFM (big fucking map).
Great.
Maybe there should be a show on a major station that is like "Mail Call" but for geek questions. I know there are shows on TechTV like this, but I think if TLC or Discovery channel had one, it would reach more of the average Joe.
Here a Sig There a Sig Everywhere a Sig Sig...
When their computer crashed, they removed the hard drive, froze it, smashed it and rubbed magnets over the surface to erase the data.
Yes, it pisses me off when my machine crashes as well, but that's just over-reacting.
The smartest thing they could do, is use his information and go through each weakness and look to secure it as much as possible. Many of them may look at that as cost prohibitive and just try to obsure the information and hope no one finds it.
I'm not drunk, I just have a speech impediment. And a stomach virus. And an inner ear infection.
"Grad Student's Work Reveals National Infrastructure"
Oh my god, we have a national infrastructure? Quick, kill it. Get rid of it. Will somebody please think of the children?
"Grad Student's Work Reveals National Infrastructure"
It took a student earning their PhD to discover this? Should I be worried about the status of the University educational system?
I agree in principle that the information should remain unclassified.......that forcing the right security measures is a better solution than security through obscurity, but the fact is this stuff is highly vulnerable right NOW. I think a better solution would be for Gorman to arrange to have the data released publically in five years. IE, The government and corporations have that much time to make the necessary infrastructural changes to protect these things. Of course, he may go to jail for such an action. And he has to hope the government doesnt get to the data before the deadline.......
With all this concern over whether the "terrorists" should be allowed to know where all of our weak spots are, where is the concern for our real weak spot: creating more terrorists? If we could just figure out how to stop behaving so idiotically and stomping all over the world, we wouldn't have to worry quite so badly about being open with our information. Granted, there would still be people who want to do damage, but not nearly as many.
An open, friendly society breeds safety simply by virtue of not pissing so many people off to the point where they want to do unsafe things. On the other hand, greed, power-lust and secrecy just breeds more conflict. With less secrecy, greed and power-lust become a lot more difficult to hide, and therefore more difficult to perpetrate. This information, as well as so much more, should be out in the open.
Besides, if he got it, it already is, as has been pointed out.
It strikes me as very odd, that we are so concerned about fighting the symptoms of terrorism rather then eliminating the cause.
Actually, it would be easy for me to put "classified" on my list of publications on my résumé. It is just the "mostly as bullshit" part that wouldn't do me any good.
Why is it the slashdot community continually flames the software world when they attempt to hide vunerablities by restricting access to the inner workings of software but there is rarely talk about applying the same approach to our nations infrastructure? I can understand scenarios in which there is no feasible way to secure the vulnerability but in cases where a mechanism exists for securing or at least reducing the vuln shouldn't our society be more open about it's infrastructure secrets. With the current model it all comes down to trusting an exclusive group of individuals with the secrets of our nations achilles heel not to abuse the power this knowledge grants for their own personal gain. With no public oversight these vulns can simply be ignored until terrorist discover the vuln by indirect means or simply brute force in the case of an invading army. If the public becomes aware of vulns then ideally they'll apply more pressure to have the vulns addressed rather than just placing our bets on the fact that "those stupid terrorists would never figure that out".
"much like the sexual relationship between cmdrtaco and rob malda"
Folks, this is a troll. Otherwise, no apparent modifications.
-uso.
Dreams, dreams, don't doubt dreams, dreaming children's dreaming dreams. Sailor Moon SS
The problem is that terrorism is all about using simple means to get effective results. It is practically impossible to prevent all possible types of terrorist attacks.
If you've got an imagination, try thinking about what you would do if you were a terrorist. If you really wanted to create havoc, you wouldn't necessarily do it by stuff like cutting communications cables. What you would want to do is make the man on the street afraid to do basic everyday things. I've thought about it a bit (let me emphasise - just as an entertaining mental exercise!) and I think there are things that a single person or small group could do that would cause chaos in a big city. And they are things that don't require access to any particular technology. Relatively simple things. But I'm not going to post those types of ideas on a public forum like this.
If there is one thing that September 11th should have taught us it is that terrorists don't need access to fancy technology. People are maybe going to slam me down for this, but I beleive one of the main abilities of an effective terrorist is a good imagination and - to use a cliche - the ability to think "outside the box".
So what's my point? My point is that passing laws and banning things (and invading countries and dropping bombs) isn't the best way to combat terrorism.
Terrorism is a symptom of a disease. You can try to combat the symptom, but it will never be cured if the disease is not cured. I always thought that they way Tony Blair and the rest of them tackled the Northern Ireland situation was very sensible. They did not take the easy route - the easy route is to say "we will not be influenced by terrorists", and "shoot to kill" - that was Thatchers approach. It didn't work. More recently, the actual disease has been tackled rather than the symptoms, and although there isn't peace in N.Ireland yet, things are much better now than they were a decade or so ago.
I'm afraid that Bush is taking the "hard man" approach to terrorism like Thatcher did. I'm afraid that the war on terrorism is going to be a very long one.
Vatis noted the dangerous time gap between exposing the weaknesses and patching them: "But I don't think security through obscurity is a winning strategy."
Too bad other entities do not feel this sentiment.
BSD is designed. Linux is grown. C++ libs
Your post makes baby Jesus' eyes bleed!
The infrastructure is all interconnected... High voltage lines and their rights of way are used for fiber optic cable runs, Oil and gas pipelines and their rights of way are used for fiber optic runs, same for railway rights of way... because they all have the same basic need, to go from point A to point B, without crossing anyone else's properties. Start correllating telco/internet outages with railroad derailings (which tend to dig up the right of way), and you'll see what I mean. I have known for 10 years, the easiest way to cripple "the typical city" (since the fire in chicago, that destroyed the phone Central Office!) -Jazz
-- All That's Evil in the Geek Space
Here's a dangerous application for a rather new field: GIS.
Plastic freezes polycarbons for generations in landfills.
Internal combustion engines have shaped our landscape and controlled the structure of our society in many ways.
Power lines? deep cell protein denaturalization? Neuron deformation? who knows (nobody wants to find out-- too costly at this time)
very few swords of science have one edge.
name me one that doesn't, eh?
Why is the first reaction from the people that can do something about security holes always "We can't let this information get out!" instead of "Oh, so that's what we need to fix next."?
Do they go to these security seminars and breifings to get "warm fuzzies" and pats on the back and when someone exposes a chink in the armor they are now a threat to National Security?!?
Perhaps they don't WANT to go through the trouble to fix it? Don't have the MONEY to fix it? Simply don't know HOW to fix it?
lexbaby
"Be Brave, Be Loyal, Be True." -- Hawkeye Pierce
This is the epitome of information is power. A couple people at each of these sensitive points were probably aware of their personal weakness, but this guy's research collects all of them into one place -- kind of making a menu from which attacks can be selected.
But if you had wide-reaching data on any system/infrastructure you could see its vulnerabilities. For example, just using Rand McNally or some equivalent you could determine what locations on what highways would need to be blocked in some way in order to completely paralyze those in a nearby area from leaving/escaping. Then from this collection choose the one with the most populated area in the center, combined with some form of attack -- voila you've just wreaked more havoc than any attack could alone with a few staged accidents, spills, etc using only Rand McNally to guide you.
where'd my typewriter go?
They make it sound like it will be hard for him to get a job because most of his dissertation won't be published. I think that's probably completely wrong.
Even though it does suck that he can't release it in its original form; he'll have absolutely no problems finding a job. If that many large financial corporations were concerned about their communication infostructure surely one (if not all of them) are scratching to hire him.
If all he wants is money and no real academic prestige this is great. Otherwise, it wouldn't be fun to be in his position right now
Disagreement does not a troll make.
I don't understand how you jump to the "black and white"/"oversimplification" conclusion. I understand some things should be classified, the point is temporal; if it wasn't classified five years ago, it probably shouldn't be classified now. You people aren't thinking straight, you're reacting on fear, not reason.
The "but it could possibly be potentially dangerous bla bla bla" is just rationalizations without which you cannot go on closing up your society. Maybe if you asked yourselves the question "does this really make sense? Are we applying reason, not fear?" you'd see that the question would go away, and the questioner with it.
You'd be surprised at how easy it is to penetrate the security of a lot of facilities.
For instance, I worked in one somewhat secure facility that requires ID bages with magnetic stripes to get in and out.
Only thing is, they had one door to the facility that didn't have a card reader attached to it. It was for the union guys that worked in the shop, who according to contract, could not be required to swipe an ID badge.
Which is fine, because to get into any place but the shop you have to have a card swipe anyway.
Only thing is, the doors between the shop and the badge-secured office area were kept open more often than not. And even if they weren't there was one interior door that you could use to access the service tunnel that wasn't carded either.
So you could walk into the service tunnel. Once there, you could get into the badge-coded office area because the doors near the elevator that takes you to the office area had to be kept open for ADA compliance (a wheelchair user couldn't be expected to swipe their card and open the door, apparently)
So once in the elevator, you were free and clear. You just got in the building without a single card swipe. And though there are cameras, anyone walking around with anything that looked *close* to the visible badges around their neck/clipped to their lapel, etc. were ignored.
I simply observed my surroundings and in less than a day of working there, I knew how to get in and out of the facility without going through security. Even if I left my security pass at home, I could get in and out, no problem. I've noticed similar scenarios in hospitals or banks other places where tight security is supposed to be the rule but the people working there just don't think this stuff through.
My journal has hot
All the source info for his work is publicly available, no problem there. If he compiles public information and provides some analysis which is considered "sensitive," why not classify it? You're still free to compile the same information and do your own analysis, dude.
for $5
It's scary when the attitudes allow for getting away with writing stuff like this:
His story illustrates new ripples in the old tension between an open society and a secure society.
I never realized before that these things were contrary to each other!
Well, I'm off to North Korea now. It must be the safest place on earth!
This is the United States of America. You have no
rights as a student.........
With the Chief-War Monger-In Command
Cheers,
W00t
From the Clancy FAQ:2 0CIA%20and%20FBI.htm
http://www.clancyfaq.com/Clancy%20contacted%20by%
And indeed, there's a difference between being secure, and feeling secure.
You can cure the symptoms, but the disease will still be there. Some day, it'll come back and bite you, and in the meantime that false feeling of security can really undermine big parts of society, especially those parts that are made up of people that are not fooled.
Real security is still important, the false variety I chose to speak up against. It is just sad that the slashdot community is a reflection of the US mentality, and isn't open minded enough that one can disagree without being labeled a troll -- hence the anon.
[jole]
This reminds me of an article I once read regarding a Princeton physics student and his research project into building an atomic bomb. He did all of his research in the public domain and was able to successfully create a nuclear device on paper. While the student received an A on his project, it was never returned to him as the US government decided to classify the work.
The information that currently exists in the public domain isn't frightening to the thousands of drones that run the public and private sectors. What is frightening to them is when someone connects all the dots and creates something useful.
In a stunning moment of self-realization, they come to understand just how vulnerable they actually are and instead of planning to mitigate the possible damage caused by a hostile act; they instead choose to grab the offending work and dig a big hole and stick it in. After all, if it's out of sight, it's out of mind and no energy need be expended worrying over it.
Kiss ass while you bitch so you can get rich but the boss gets richer off you. --Dead Kennedys
Gee, I hope the military isn't using the Internet for critical communications. Same with air traffic control.
If all this stuff is transmitted over something as insecure as the Internet, I'd say we have something to worry about...
...why can't he just e-mail me the entire database, and I'll look into it... ;)
(Alternatively, you could pull a "Blake's 7 - Star One", and kill/mindzap everyone who knows anything, thus making everything totally inaccessable to anyone.)
The better solution is to not put all your eggs in one basket. Have planned redundancy. If you have N potential paths from A to B, then an attacker must eliminate all N of them to disrupt communications.
This is stuff this Internet is designed for. Look at routing protocols. They're not based on the concept of "one point, one route", they're based on the concept of "what's the best path, right at this moment?"
When the Internet/ARPANET was first designed, it was intended to resist a nuclear assault. Presumably, precicely BECAUSE it can support redundant lines of communication, and fail-over as needed, in the event of a catastrophic failure.
The only reason there's a problem now is that cheapskates don't bother to build their networks with failure in mind. Sorry, but I have little sympathy for intentional acts of corporate suicide.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
I thought it was pretty tame, all things considered.
Yes, it's probably a security threat.
For the record it's quite possible to take non-classified sources and make a document whose classification should be at least SECRET and probably TOP SECRET. You can do this.
I wish the guy didn't sound so adolescent though. If he makes something dangerous he should own the fact and recognize that his research SHOULD be classified. There are responsibilities that each of us has for the actions we take. He did something very interesting - but also potentially quite dangerous to the national security.
So take the knowledge, classify the resource, and go make a zillion dollars in the private sector.
I'm reminded of when some in the government wanted to prohibit public-key crypto, and Paul Zimmerman (1) created PGP in order to free the information/ability.
Does anyone know how to go about recreating some of this work for public use?
Let's let the cat out of the bag before the government ties it shut.
(1) See http://www.cypherspace.org/~adam/timeline/ for details.
Somebody get that guy an ambulance!
public knowledge that you could find a few rogue backhoe operators in Columbus, cut some copper and fiber on Compu$erve's network, and kill every credit card transaction in the US, as they all went through CS's network.
Ask anyone who's been a phone guy. We don't fear lusers, we don't fear over-zealot bosses, we fear backhoes.
I also have a real problem with classifying/patenting things that have been funded with educational dollars. OSU has patents on what their grad students have done for their Ph.D stuff, and I'm not sure I really like that. Those students were receiving government grants to fund their research, and now, the public is 'protected' by it...even though they paid for it.
I disable sigs...do you?
Ok, I work for a test and measurement company.(one everyone would know, and you have probably used our scopes) Anyway, we have a product that does this. It takes fiber routes, equipment, access points, etc. and puts them on a physical map. Then you can integrate it with a monitoring system so the NOC (Network Operations Center) can have it pop up on their screens when something fails. There is no way this kid went out on the internet and found everything.
We did a trial for one of the telcos in one state. You know how they gave us the information? 4 boxes of printed engineering diagrams. They don't have it in a database, and absolutely don't publish it on the internet. This kid probably has 5-10% of what is really out there.
I mean I know where a number of the local public water supplies are (you can't exactly hide a lake) or major trunk power lines, they are well big and kind of obvious when you drive under one, not to mention when you fly over it in a small plane. I would imagine that if someone were to take out several of the trunk lines that feed power into NYC it would do a hell of a lot of damage. And there is really no way to hide them.
Erlang Developer and podcaster
Just about zero details on the guy's work, and the 'terrorist' keyword thrown in there for effect, and some comments from worried pencil-pushers. That is to say: "A guy has made a thing; you the reader should be afraid; and some mucky-muck who was pals with Bush and got appointed head of one of our new plethora of ridiculous security offices says it's true."
Feels like I'm watching Fox news. I wonder how far news can stray from having actual content before we create an alternate reality, where much of our population is no longer in contact with reality at all.
Oh, wait... that's already here, isn't it?
Now all kinds of axis of evils and osamas are lining up to get their hands on said document. Get them while they're hot!
two words: GPL it
Big corporations have been compiling huge databases and mining them for interesting and very valuable information about individuals for a long time. It should not be a surprise to anyone reading slashdot that given a social security number and access to the right databases, it's not hard to discover enough about you that you'll feel that your privacy and security have both been seriously compromised.
So it's a little bit funny that Sean Gorman has apparently compiled and mined a big database full of information on corporations and government, and that it scares the pants off them. I'd like to think that in the long run, Gorman's work might inspire some hard thinking on how and when databases can be compiled and combined, and this might eventually lead to greater protection for both our national security AND individual privacy.
Real terrorists don't use scissors... they use box cutters.
The implications, however, in the post-Sept. 11 world, were enough....
In this post-September 11th world, I'm getting REALLY sick of that phrase.
"I either want less corruption, or more chance
to participate in it." -- Ashleigh Brilliant
In the sixties, many atlases did not show or index the ENTIRE CITY of Fort Knox. I've never been able to find out why, but presumably it was someone's bright idea for protecting the gold repository. Never mind that road maps with the repository marked on them were available from AAA, or that a detailed map graced the flyleaf of Ian Fleming's novel, "Goldfinger"
"How to Do Nothing," kids activities, back in print!
Most of the posts above say that information should be free and no one should be allowed to withold information.
And whenever there is a talk about spam or privacy the whole slashdot community cant stop hanging or shooting the "defaulters"....
Strange?
Nandz.
Sorry, couldn't resist. I grew up in the USSR where everything was classified - so here is a map story for you.
Map information was classified and map publishers were required to add deliberately inaccurate information to their maps. You would have whole cities that were not on the map or shown a couple of hundred km away from their real location. This was done in the name of national security, so the enemy (US) would not be able to use maps to plan a nuclear strike or sabotage military installations.
The enemy of course just used satellite imaging to create their own maps and ended up with better maps of Russia than the Russians had. In the 80s folks who needed maps (geologists, archeologists, hikers, ...) would try really hard to get their hands on foreign made maps, because they were so much more accurate.
Security by obscurity is counterproductive...
That information wasn't readily available when I was interested in that back before 2000 and I assume it's even harder to come by now.
I suspect that we are a lot more vulnerable than we suspect. And considering a power outage in Northern Mexico affected parts of the U.S. I wonder if someone could successfully attack our infrastructure without even attacking a physical point in the U.S., but in Mexico or Canada.
If this information can be collected by a student, it should be possible to get by anyone. SURE, it may take a while, but if someone is determined, it can be done. Now the problem is that this information can be used against us by Al Qaeda or an angry h4x0r. Should this info be classified, no even though it could be deadly if used the wrong way. Should nuclear reactors be banned too, they can be just as deadly?
Your choice of words betrays your point: information is just random facts, it is only when they are coherently integrated that they become data. As far as the article implies, there isn't much in the way of analysis or theoretical conclusions involved in this thesis. His supervisor is right: this is a waste of a PhD student's time and not appropriate for work at this level.
Yes, compiling the information may be hard, but difficulty does not research make. I wouldn't give this guy a PhD until he generates some significant results that could be applied to a country with completely different infrastructure, or even my next game of SimCity (possibly with the inclusion of Terrorist Strike disasters).
Also in the post today is an article on one persons response to total information awareness: Government information awarness.
Security through obscurity is NOT "security" at all, because it's impossible to know what the other guy knows.
In fact, STO is WORSE than NO security because it leads to a FALSE sense of security.
This weekend I took a ferry to Long Island and I used my GPS to record my track. As I was doing so it occured to me that my activity could be considered suspicious, and suddenly I got very nervous about using my GPS on the ferry. What the fuck kind of country are we living in now? Why should ANYTHING _I_ do be considered suspicious? I am an upstanding tax paying public serving ham radio operating red blooded patriotic citizen of the USA. If I really WAS planning some kind of attack on the ferry, why would I bother with GPSing it? Why would I bother to pull it out of my pocket in public in the first place? Am I wearing a towel? NO!
Knowledge is power and if EVERYBODY knew EVERYTHING then the world would be in perfect balance. That was the idea that brought about the Internet as we know it today, a medium for the free exchange of information. Open the fucking floodgates!
KNOWLEDGE IS POWER!
-73, de n1ywb
www.n1ywb.com
Peace out!
Look, I haven't seen his work, but this article and the previous one cited both seem hype-ridden and reek of cluelessness.
I mean, it's great that here in America someone can actually get a PhD by doing a lot of traceroutes and then using gnuplot of whatever to overlay the data onto scanned images of telco fiber-maps or whatever, but the whole premise of the article - including the moronic comments about how the guy shouldn't be allowed to leave the building with the laptop (maybe I have too much faith in humanity, but I can't imagine anyone making such a stupid comment other than in jest) is much ado about nothing.
This information has been available for years, and continues to be available; it's just that this guy has nothing better to do than sit around collating it and putting it into MySQL or somesuch. So what? Terrorists aren't interested in blowing up the Internet - they're interested in blowing up -you-.
So does this mean that I can now justify a PhD by sitting around correlating MapQuest thumbnails with wardriver plots open WiFi APs, or something, and then claim I'm mapping possible 'nodes of anonymous 'terrorist Internet access'? Sign me up!
Think about it.
When their computer crashed, they removed the hard drive, froze it, smashed it and rubbed magnets over the surface to erase the data.
Sucks to be them. When my computer crashes, I just press the restart button.
big deal
9 out of 10 gradu works (engineering works, not gradu actually but basically same thing) in my school get classified for 5-15 years because they're made in co-operation with some company and contain classified material
Conpanies (i.e. financial institutions) don't mind compiling scads of public information on us until they can tell what brand of hemorrhoid cream you use, but when we do the same thing to them, they scream bloody murder.
Hmmm.....
If you locked up all of the infomation he's compiled, you'd shut down the Economy just as effectively as using that same infomation to blow up critical infrastructure points. The real point of his data is that he also allows the good guys to see just whwre the choke points are so that they can design backup plans and structures.
As Ghandi said (and I'd bet he'd be on the terrorist watch list if he was doing his work today).
Now, at least, these companies are clear that they need to get their ISPs to use different fiber lines to deliver their data. It's not like they couldn't have known this before. It's just that now they have it at their fingertips.
Free Software: Like love, it grows best when given away.
Guys, this is a typical aggregation problem. The info on where individual cables are is not sensitive, but the aggregate info is. Military (manual) security has never been very good at dealing with this, and on the net, the cat's quite obviously out of the bag since basically anybody can do the aggregation. I could argue the problem is that too many sensitive points were designed into the infrastructure in the first place (starting to sound familiar?) but if you try to block the info, you wind up suddenly having to treat a vast amount of info as sensitive, and take a large hit for all of that handling, that previously was not taken. Either you try to classify the location of every pipe, power line, fiber, phone line, etc., and clear everybody that has to know it (ok, where can I dig in my yard?), as well as all the info on where these are, or you have to admit we cannot afford such massive efforts and just forget it. If you think adversaries haven't gotten to this info before, I suspect you are overly Pollyanna-ish. The costs of classifying the component info is huge, the number of cleared people too low, and connections on the Internet too ubiquitous to block this kind of thing.
Actually if this gets published, everybody knows where the danger points are and some sensible work can be done in keeping them from getting bigger and in guarding them. This seems the most rational approach for the moment.
The longer term issue is to find some way to deal with info aggregation, if anyone can (it has been a research topic for decades now). I am not optimistic a solution will be forthcoming anytime soon.
BTW yes, give the guy his PhD ASAP.
Obviously he has contributed to knowledge...
I know that's what I feel like doing when my computer crashes.
Julia Roberts' character pieced things together from public information and came up with a theory about something. She didn't know if it was right, but the dissertation made it to the gov't and suddenly she was on a hit list until she was able to get a reporter (Denzel Washington) to publish it.
It would seem that life is imitating art here.
> should some of this information be classified?
:j
No! Secrecy and democracy are incompatible. We have far too much secrecy already (especially under the Bush administration). We need more open government---closed government leads to the deterioration of democracy.
True security comes from risk reduction and mitigation. In the case of the dam (or chemical factory or other dangerous installation) the people who might be affected by a dam colapse need to know what kind of danger it is. They should have been told about the danger it posed BEFORE it way built. You can't keep the location of that dam secret so why try? And terrorist are the least likely cause of most earth dam failure.
As for the fiber optic cable, you should assume that it can fail. I don't know about terrorist, but I do know that Joe farmer is going to be digging a ditch and WILL cut through a critical cable this year. If the phone company does not have a redundent solution then the end-users need to know about it so thay can plan for that kind of failure.
Many eyes makes for quick risk reduction
Finally, lets put 9/11 in perspective. While any loss of life is tragic, we lost the equivelent of several weeks of smoking deaths to 9/11. The economic distruction was less than a few weeks of a war in the middle east. The thing to keep in mind is that this is terrorism not war. The goal of terrorism is to inflict terror not destruction. They could have done more economic damage by blowing up a few "uneffective: car bombs in front of shopping malls the day after Thanksgiving with little risk to the terrorist. Why haven't they done something like that? It's been two years and nothing happened. Something will happen again, but there is so much good we could be doing with our talents and time rather than frittering it away on tin-hat paranoia. Let's fix the few glairing problems, reduce risks from all sources (those old toxic solvent drumbs in the back of your company for example) and move on.
Tell me how comparing access to a student list at a University compares to a country? Oversimplification? You sound like a Grade-A moron! When did people forget that WE own the government? WE ARE THE GOVERNMENT! And now It's time to take back the reigns yet again. I guess revolution will just keep happening as long as greed helms the ship. That information you speak of is OUR information. WE PAID FOR IT. We should decide we and who sees it. The theme here is accountability. Sometimes it takes a good ass-kicking to be held accountable. That's just what many G8 governments need right now. And it will happen on some level once things go too far.
when googling information on this I came across John Young and his website jya.com. Mister Young's website, jya.com, is down. So is cryptome.org. IS this new? I haven't been to that site in a long time. When was the site and/or content taken offline? I am looking into putting up an offshore mirror for information such as this so that at least we have freedom of information. As clunky as it seems to me, freenet is starting to be a really appealing and unfortunately an absolute imperative as a tool for protecting our collective rights. I have waited too long as it is and now hope it isn't too late.
a slut did tulsa
Seems to me that the reason all of this information "needs to be classified" is because it's too expensive to secure the infrastructure properly and that includes putting in redundant systems, circuits, fiber buried in the ground, etc.
Isn't that one of the real reasons the CIOs are all agast over this?? It's not as much the security issue, its how do you defend against every crackpot. That costs money, which both doesn't help the bottom line, and also prevents it from getting bonus checks, and stock options.
*sigh* Great. Organizations build critical systems which are easy to attack, hard to defend, and difficult to repair, and then try to hush it up, instead of saying, "thank you," and rushing to fix the problems. Bah! Why didn't they build rugged, defensible, maintainable systems in the first place?
I think this thing is really a map of all the places where you could say, "no engineer has looked at this or, if one has, he was overruled."
I was working last night fixing a blown disk system in my phone switch, and as I was returning from another cancer stick, I swiped my card to get in the exit door (which requires a swipe to exit as well). The first time I got the ACK to open the door, but I didn't and walked to look at something a few feet away. I swiped again and went back to work.
What surprised me is, why should it accept me swiping twice to get in? Shouldn't I be required to swipe "out" to get in? And what about the elevators? We have a bunch of floors and when I swipe in the elevator, I can hit multiple floors on the same swipe, enabling me to effectively "get lost" as far as where I went on the elevator.
I think that most card systems have multiple vulnerabilities as far as tracking, entry, and so forth that would allow someone to fake entries, have multiple entries on a single card code and so on, obscure their destinations, and so on, although I'm not sure how you fix them short of having a security guard monitor and mandate individual swipes per pass-through and check all double entrance/exits and so on, which would be a real pain.
Simply calling miss utility will give you most of the information about gas lines, power lines, fibre lines etc, in fact, before you do any construction, by law you have to call Miss Utility (stupid name, and I think they are changing it now too), who then go and notify the relavant parties (power, gas, telco), who then come out to mark with chalk or paint, exactly where their lines run in that area.
And there is no way they can classify that info, else you would have to get ALL building contractors, electricians, basically everyone who wants to do any digging or construction, clearances.
Building permits and architectural diagrams are also publically available, aerial maps are out there too.
There is just really alot of info that is freely available that must remain that way for our society to function.
Rather then shutting this poor student up, they should try to resolve the problems, not keep it quiet.
I came, I conquered, I coredumped
It's likely he used the traceroute utility, and correlated hostnames with domain name records, combined that with geolocation systems.
Not too novel or ingenious, just tedious. Will the US ban traceroute now?
-- Samir Gupta, Ph. D. Head, New Technology Research Group, Nintendo Co. Ltd., Kyoto, Japan.
1. Map important stuff.
2. Indulge paranoid fantasies of security-industrial complex.
3. Sell them "exclusive access" to your map.
4. Profit!!!
1) As many people have pointed and will continue to point out, classifying the report won't make any difference because people can re-create the work. And this wouldn't take much effort, because an attacker has no need to map the entire US, they can pick whatever area is convenient for them.
2) Slowing down internet connections doesn't scare people. Temporarily cutting corporate offices off from the grid doesn't scare anyone (save, perhaps, the CEO). Think how much more terror-bang a terrorist could get for his buck with a 9mm in mall. That would terrify people and significantly damage the economy. Attacking communications infrastructure isn't "terrorism," it's something else. It's guerilla warfare, directed against an economy rather than a person, I suppose. If our "war" descends to this point, we are totally screwed, as it is impossible to defend (or even think of) all the economically "soft" targets.
3) In the end, the security of all civillians and civillian infrastructure depends on good will. Well, that, and fear of punishment. But the latter doesn't apply to acts of international sabatoge and/or murder. I am sick of all this talk about defending our civillian infrastructure, securing the homeland, etc. It can't happen. Until there is a soldier in body armor with a rifle every few yards down every street in the USA, this goal will not be achieved. That isn't the society any of us want to live in. We haven't put any effort into civillian security up to this point, and I say: Good for us. We didn't need to, because the general good will of human beings was protecting us. Our effort would be better spent restoring *that* state of things, rather than moving toward the soldier-on-every-corner model. For those who would like to call me naive, I ask you: why has there not been an attack on soft infrastructure before? Why has there never been a wave of men with 9mms in malls? These things are undefended. The only reason it hasn't happened is that no one ever wanted to do it.
Three good reasons why it is a waste of time and effort to classify this fellow's dissertation. I'll let others cover the reasons why classifying it is damaging to security, an open society, and democracy.
What's good for the syndicate is good for the country. --Milo Minderbinder
The Ministry of Truth should also censor the Nature journal and the "Al" Caida web-site, as these are some of the sources Sean P. Gorman cites on some of his e-mails.. just query "sgorman1@gmu.edu" on Google...
The job of a free government is not to protect people, but to organize people to protect themselves.
Did you get that from someone or are those your own words? I think im going to print that sentence out, frame it, and put it on my wall.
Well said.
Im not here now... Im out KILLING pepperoni
i do know a little about national security, mis-information, and being a pin head. well, alot about the latter...
it seems that everyone is spooked by the leading personalities of the middle east these days. but consider our most dreaded terrorist 'mother nature'. this terrorist has systematically destroyed whole cities, economies, familes, and download times.
as for the utilities, this stuff should be no surprize, because its federal law not to be. but as for the corporate ego's that are 'running' our economy, maybe its time to wake and smell the burnt wiring.
the 'choke points' that were slightly hinted at are easily correctable. as for hidden choke points. i believe that to classify this work would be on a level of the 'burning of the books' event. you can't correct what you don't know, or don't think is wrong. i classify the concept of "don't ask, don't tell" to be 'fellony studpidity'. the Slience Solution always sets a person up for future failure which will be more expensive in the long run.
i read the article. as for the phd issue; its secondary, now. this phd canidate should be more concerned about which bank will offer the best rates, and which booking agent will get him the most coverage. i'd love to be in his shoes right now! it should end up with the bank account, the trophy wife, the mansion, and the car. damn, i wish i'd thought of it...
good work slick, ya done good. --m.i.b
I completely agree, a lot of people in academia, or even working, aren't just in it for the money. I'm in publishing myself, ask me what I think of IT salaries.
That said, what is a geography degree for anyway? Security issues aside, it doesn't sound like a terribly innovative topic for a PhD. useful, interesting, and not necessarily trivial, but a doctorate?
And to the geography fans out there, I honestly don't know what goes on in university level study for it, and therefore could be completely wrong.
Yes, it's probably a security threat.
.
The disclosure that a threat exists is not in itself a threat, it is the first step in reducing the vulnerability.
Why do people want to attack the messager, and not the companies and government departments who built an unreliable critical national infrastruction? An infrastructure that uses technologies that make it fairly easy, abeit more expensive, to build highly redundant internetworking.
Why not stop pretending there is no problem, and start to fix the problem? Perhaps there too many lies from the telecom "boom" that would be exposed
Terrorists used information like this to attack the U.S.? I may just be young and stupid, but I don't recall any attacks that would have been thwarted if locations of buildings or infastructure was better hidden. It always seems to be bombs, bombs in public places.
Hiding information like this that one can go out into the world and witness for themselves (I can walk up to a powerplant and see it, as well as all the wires attached to it) seems impossible to me.
We have a word for that: security through obscurity.
;)
Um, that's three words, not one.
"It's a very tangled subsystem." --Windows kernel guru
An interesting read and "EIKA" to me seems more important that the article that was posted.
Back in September of 2002, I wrote an essay entitled, Cyberwar: How Terrorists Could Defeat the U.S., and Why They Won't.
www.cryptogon.com/docs/cryptogon_cyberwar.pdf
This brief essay explains how vulnerable information infrastructures are to very simple attacks. I intentionally removed all company names and locations of the critical assets, not because I was afraid my written-in-one-evening essay would be used by terrorists, but because I was afraid the FBI would think I was a terrorist.
After reading about the pressure that Sean Gorman is under, I am convinced that I would have had a (probably not pleasant) sit down with federal agents if I hadn't sanitized my essay.
What we see here is a combination of simple things building up. Information here, information there - but add the tools to combine it all together, and suddenly said information is a lot more meaningful and powerful.
It's not just the data. It's not just the technology. It's what you get when you combine them, mine the data, and find something that isn't there originally.
The problem of regulating this, of course, is that the various sources of information are "innocent," and that information itself can be deceptively harmless until you combine it with something else.
So what do you do? You can't control the information, you can't know what to control, you can't outlaw the process. Welcome to the 21st century, where Data Mining is our new concern.
As an IT professional, I've had to deal with much lesser concerns of the same nature - what happens when you combine and mine data. A simple-to-create synergy can reveal far more than the data sources it uses, and that synergy has to be treated as a completely different thing when it comes to concerns over access, availability, etc.
"The Sage treasures Unity and measures all things by it" - Lao Tzu
Reminds me of the Bells suing the hackers for releasing info that was for sale from their own catalogs. Info that was worth $8.60 or something by mail was suddenly classified and stolen, and worth hundreds of thousands when the hackers were sued. ...I think it was Phrack...
Well, I guess you must be happy with the direction that society is going: paranoid, repressed, and ignorant.
/alleged/ terrorists want to send. The way people talk these days, it is as if a terrorist is on every corner, just waiting to cause mayhem.
Sorry, I just don't buy into your approach. I would rather have a terrorist blow up a fiber-optic connection or a power grid than kill thousands of people in a crowded city. The is not the kind of message that
What is next on your list of restricted information?
No, I don't trust in god. He'll have to pay up front, like everybody else.
With Gorman's work, he is highlighting choke points in the infrastructure. Would the rational response to this situation not be to diversify off those choke points? We should identify key weaknesses with this kind of research then solve them. We should not simply hide the information.
Basically the approach that I think works best here is one similar to what we see when dealing with Internet security. Take the risky information and keep it under wraps temporarily while work is done to fix the problems. Then once the majority of the problems are fixed, release the information.
If they burn the information like is suggested in the article, then it just means the weaknesses are left there until somebody with the resources and motivation decides to recreate this persons's efforts. Security through obscurity only goes so far, and if a PHD student with no special access can build up a system like this, it's reasonable to assume that national enemies could do so as well. Heck, for all we know, they already have. They certainly aren't going to publicize that fact.
Of coruse the problem here is that, unlike in software, fixing these choke points is likely terribly expensive. It's hard to justify the investment to fix them when the threat to them can't be clearly measured.
This sig has been temporarily disconnected or is no longer in service
Would anyone here be willing to have their usage fees for their net connection go up by %50 to cover the cost of installing and maintaining this additional redundant infrastructure? (Bear in mind that if you say "Stick it to big businesses!", they will indirectly stick it back to you.)
There is a lot of public information. It has lots of stuff that 99% of the population finds useless. The other 1% of the population either wants to use it for 'good' or 'evil' and thus finds it useful. Those that want to use it for 'good' are welcome to it, but because there are those that want to use it for evil, let's lock it all up and make sure no one knows it...except for those 'evil' people who can find it out anyway.
Hey while we're at it. Let's make sure that no one is allowed to see, let alone come near, critical pieces of infrastructure like bridges, power plants, or country roads that have large amounts of fiber under them. That way we'll know who the terrorists are because they'll go near those things in order to figure out how to blow them up.
Pardon? What's that? We should acknowledge the weaknesses and put people to work making them less vulnerable? Why? It's so much better to hide them and pretend they don't exist until snotty grad students point them out.
</mini-rant>
In all seriousness, I applaud Sean Gorman and Laurie Schintler. They took one step from corporate/private risk analysis and expanded the view of where risks are and how big they are. This is something that organizations should be thinking about constantly. It's not enough to say "Well in order to hurt us directly you have to go through this, that, and the other hoop." You have to say "Ok, we've dealt with the direct risks. Now how bad are the n-fold indirect risks? What happens if this, that, or the other thing is directly or indirectly damaged and how does that affect me?" Most of the time, companies limit this to power and communication lines and as a result some of them make separate locations with duplicate functionality that can start working when the primary location goes down, but that's not enough all the time.
Personally, I think the dissertation should be treated like any other dissertation. And then FEMA should hire them (and others) to figure out ways to protect the identified weak points.
The next big field will probably be risk-mitigation.
You know the NRA's "If guns are outlawed, only outlaws will have guns" saying? I'm finding that it applies to more and more things in modern times. Crypto -- do you really think if the US bans crypto, al Queda terrorists are going to stop using it? This -- if he could find this information, don't you think organized terrorists could, too? If not more information? I can understand the concern, but frankly, censoring the information will probably have no effect on keeping terrorists from it. (And do you really think Osama's going to be running around New York clipping fiber lines with a pair of scissors to slow down some random company's Internet connection?)
________________________________________________
suwain_2
The whole point is for the population to live in fear of Communism, Terrorism, whatever, anything, so that they won't question the government!
What's his major?
PhD for making maps?
There's got to be more to his "research" than mapping utility lines.
I'm no Einstein but even my dissertation was more theoretical.
There was a very similar situation back in the eighties (am I dating myself here?). A student, I believe at Columbia, built a nuclear bomb using publically available information. All that was missing was the nuclear material. The point was that anyone with the education, the drive (and access to uranium or whatever they used, I'm no expert) was perfectly capable of building nuclear explosives.
Information is dangerous. But so is restricting information...
I keep seeing comments to the effect that the information is out there, so "why try and hide it because someone else can do the work and compile it anyway?".
.02.
It seems to me that this neglects a critical piece of the puzzle, namely resources involved.
I'm no general (though I *was* in the military for a bit...) but from my experience one does not win a war by killing the other soldiers, one wins a war by making it increasingly difficult for the enemy to fight, ie: hinder their ability to make war.
Yes, the information may be able to be compilied by someone else. The thing, though, is that it takes time and resources to do it, and, make no mistake, any information denied to the "enemy" that causes them to expend more time and resources has a positive effect on security.
No, it may not be ultimate. No, it may not be complete. But yes, it does help...
Just my
Have you ever read a Tom Clancy book? They're full of 'classified' bits of information. So much so he actually spoke with Reagan about it in the 80's.
Sure, nuclear subs don't seem as much of a secret any more, but consider when The Hunt for Red October was released... I bet his research will definitely see the light of day.
Then again, maybe he should have wrapped it all in a gripping Cold War storyline ;)
"I can't give you a brain, so I'll give you a diploma" - The Great Oz (blatently stolen sig)
There's an old adage: You can please all people some of the time, or some people all of the time.
It is entirely impossible to keep everyone in the entire world from being pissed off at some nation (U.S. or other). Conflict is in the human nature. It's difficult enough to keep even the most sophisticated nations at peace, letalone trying to keep the smallest, most militant factions happy.
We can all sit around the campfire and sing songs, or we can face reality. There will always be someone out there with malicious intentions and we would be remiss not to prepare ourselves to defend against them.
"It's a very tangled subsystem." --Windows kernel guru
So what are they going to do now, make GIS illegal, what I'm I suposed to do for a job? I'm sure they've gone light on the details but I could make a "super-map" similar to this one in my spare time at work. Any kind of infrastucture information needed for this is readily availible from MapInfo & ESRI.
Jaysyn
There is a war going on for your mind.
I really like the idea that this guy is projecting towards an open source international security and intelligence & knowledge agency. :)
Matrix4.net was a good read, but hey i'm still reading and it will take me a day to finish comprehending most of it LOL :)
The "great" blackout in the sixties that blacked out most of the Northeastern United States, was I believe, finally attributed to a switching station on or around the canadian border.. so yes this kind of thing can happen, has happened.. and will continue to happen. -Jazz
-- All That's Evil in the Geek Space
I have yet to meet someone who proposes that the US Constitution be rewritten for modern times that isn't some sort of state-loving authoritarian.
Show us, oh enlightened one, how you would rewrite the Constituion. Would I enjoy the same rights as I enjoy now under the current one? Please show us.
Former senator Daniel Patrick Moynihan wrote a book detiling his experience with just this issue, listing many cases where cold-war over-classification lead to serious policy shortcomings. He was referring primarily to foreign policy. Adding basic domestic public services to the "classified" list will compund the problem.
Personally, I feel Iraq was merely a distraction from the fact that most of the terrorists were from friendly Saudi Arabia...
Sorry, I wasn't explicit-- most of the terrorists who kamakazed the WTC and Pentagon were from Saudi Arabia. Not most terrorists in general.
Sorry about that.
Microsoft is to software what Budweiser is to beer.
...can hijack a gasoline tanker truck and drive it into the side of a school auditorium.
This attack would take an hour tops to plan and execute.
My point: there is no viable active defense against terrorism.
The concept of "security through obscurity" is bogus.
I am very small, utmostly microscopic.
well "matrix 4" beat the hell out of the freedom of information act. Now all I see is "what I knew was always there" in the back of my mind. Give http://www.matrix4.net a good read - it is well in-depth and thought-out :)
Interesting that there is an extension to DNS as described in RFC 1876 that allows an owner to identify the location of their host.
If you give or take a couple of miles when defining your host's location, it'll still be enough to get everyone a nice visual traceroute, but it wouldn't hurt security. I guess.
It was a station in Ontario
http://www.cmpco.com/about/system/blackout.html
The event started at the Ontario - New York border, near Niagara Falls.
A single transmission line from the Niagara generating station tripped (opened).
Within 2.5 seconds, five other transmission lines became overloaded and tripped, isolating 1,800 MW of generation at Niagara Station.
After their isolation, the generators became unstable and tripped off-line.
The northeast power system became unstable and separated into isolated power systems (islands) within 4 seconds.
Outages and islanding occurred throughout New York, Ontario, most of New England, and parts of New Jersey and Pennsylvania.
Most islands went black within 5 minutes, due to imbalances between generation and load (generator overspeed/underspeed tripping).
The massive blackout left 30 million people without electricity for as long as 13 hours
The Post article refers to a similar project initiated by John Young, a New York City architect.
A search on Google shows that E_P_paper_v2.pdf is a file associated with his networkgeography site. Someone must have have pulled it down by now... All terrorists can't be stupid (otherwise 9/11 would not have occurred). Having this information available to the government is good so they can put in redundancies at key choke points. If they sit on their arse forever and hope for the best, they are doing all of us a serious injustice. This information is mostly public domain and needs to be for construction purposes, city planning, etc. If they were smart they should have leaked misinformation and used it catch the terrorists.
I'm going to post this link again because when I surfed to the bottom of the page there is a great map of the US-Canada power network.
http://www.cmpco.com/about/system/blackout.html
He's worked hard on his research and doesn't want it to get seen by him, his professor, and a few miscellaneous others. He wants to be proud and publish his results...
Why does he have to publish to be proud? I'd be pretty damn proud to have my work classified.
You are making his work seem trivial and it's not.
His own professor called the work "tedious and unimportant." Do you have more knowledge about this work than this guy's professor?
Good for you. When you come up with something that the government thinks should be classified, you be as proud as you like and keep it all to yourself. The title and subject matter of what is classified will also probably be classified because letting people know about what was classified is likely to be deemed sensitive information that should be classified. See where this is going?
Sean Gorman wants to graduate with his degree, publish and continue academic research. It's not unreasonable that he would want others to see the product of what he's been on working for years. Part of completing a PhD is to do a defense of your research, which usually is before a panel of peers and professors who have some knowledge of the area you are studying. Dissertation defenses are usually open to the public (read "other students and academics" because few people tend to be interested in specific disserations) which means that potentially anyone can sit in and learn about the subject matter. If his research is classified then none of that can take place because it would be illegal for anyone to read the paper or hear about its contents without first getting clearance from the government.
Just because his professor lacks imagination, vision and insight (not uncommon in academic circles I assure you) it doesn't mean this prof is right. Maybe his prof is tedious and unimportant. There are lots of people who said the same sort of thing about the Internet. Even "visionary" Bill Gates is on record as saying the the Internet is a fad, though he quickly changed his tune. History is full of brilliant people whose work went unrecognized because it was considered fringe, tedious and unimportant. In this case, based on the attention this research is getting, there are obviously many people who think otherwise.
His professor, John McCarthy, thought that the research was important enough to introduce Gorman to national security contacts, so the "tedious and unimportant" line smells like a red herring. The article also talks about how the university is trying to get government funding beacuse it wants to develop a ''relationship'' with the Department of Homeland Security.
From the article:
"The government uses research funding as a carrot to induce people to refrain from speech they would otherwise engage in," said Kathleen Sullivan, dean of Stanford Law School. "If it were a command, it would be unconstitutional."
The article did reference a site by John Young that it says is still on-line, but I can't find any URL for it, on line or shut down. Does anyone know where that site is???
I'm an American. I love this country and the freedoms that we used to have.
Why do people always assume that someone is a karma whore when they repost the article in a comment? Why can't it be that they are just being courteous to those of us who only tried to read the article AFTER the server has been slashdotted?
IANAL... But I play one on
You get a paper and some letters after your name.
You release a thesis that interested people can read.
You get job offers.
Now, if the government classifies his document, and lets industry use it to prevent attacks, then #2 & #3 still happen. All that doesn't happen is his letters.
So what's he lose out on? You think that places that employ people for "research and teaching" aren't going to hire him due to his thesis "only" being classified? Looks to me like the only thing he loses is the letters.
"You are making his work seem trivial." Uh, no. Unlike most thesises, which ARE trivial, we are seeing the actual impact his thesis can have. And don't want that information available to any shmuck who feels like grabbing it.
I amazes me how often the bureaucrats in the Intelligence Comunity ignore what they already know.
The nth Country Expiriment proved that once knowlege is available to the public, and similar results can be obtained without knowlege of the methods used in previous successes.
If this grad student could compile this information, then so could sombody else, and it's probable that sombody already has.
This information should be used to point out the weaknesses inherent in our infrastructure, and show where this infrastructure needs to be diversified. IMHO, attempts to improve security by centralizing comunications and power distribution are doomed to failure, and will only make us weaker. Micro supliers and home based power generation would make terrorist attacks against the power grid inconsequential. The weaknesses in comunications infrastructure can probably only be cured by creating a third alternative (community high-band?) to the cablemodem and telephone company monopolies on delivering service.
Read, L
How do you enforce access controls on a database?
When you put two boring pieces of information together you can get an interesting piece of information.
You can set up your medical records database so that only authorized people can see names of patients. But then unauthorized people can search for "23-year old female HIV patients in towns of 50 people or less" and look for the only 23-year-old in town.
My personal opinion is that classification decisions should be made on a cost basis. If the enemy would need their own $2 billion Manhattan project to figure out the classified data, secrecy makes sense. If the enemy can figure it out with one graduate student, secrecy isn't worth the cost to our own side.
At work, we call it the "Ticka-tick-tick-bing Syndrom."
Account Execs think that when they need something changed, I sit at my Mac, punch a few keys, and it's good-to-go, a la the movies: "Can you zoom in on that? Enhance, please." *ticka-tick-tick-bing*
You know what?
Well doesn't this somewhat feel like the same thing. Back then, the big car Corporations could buy the engine designs and patents and shelf them. No promises, just money. Of course for the Petroleum industry it also meant a lot of money. Now they plan to shelf this guy's work. What a surprise.
I think it even less of a surprise that I'm becoming more and more jaded by these types of stories, or maybe I'm turning out old and grouchy. At this point, I could care less, and you avid /. readers, moreso. Lessso? Anyhoo.
I wonder when people will stop making excuses for progress. In this case they say it's a question of National Security. In which case I say foo. This is utter crap. Public information is public information regardless. The guy decided to make some form of cognizant application by gathering this information together, and all of a sudden! Oh NO. Fooey. America is vulnerable! You cannot leave your home without an agent, and you use the red plunger when you flush, be careful the blue one calls in the troops and the 1st air unit division.
Here's a very real question Mr. National Security: What if a non-American citizen came up with the idea and developped it? I'm willing to bet that your so-called National Security would impede on any diplomatic privilege such candidate would have and toss it aside like it didn't matter. Like you can step on my lawn, but I can't step on yours. Why? Well cause, your the US. The tough guy in the neighborhood. Again, we're getting used to that one too. Peacekeepers the States are not, bullies on the other hand... funny they should even run that add on FOX. And without sounding overly righteous, I sympathize with anyone stuck in the US that can't do a goddamned thing about this whole f****** mess and are opposed to being cattle-proded.
In a very possible future use, this system could benefit more than one country with the information it gives out; and that organized criminal activity, still needs to be organized regardless, but because of Sept. 11, and the failiure of American security to stop what happened, Osama managed to do the one thing no other country managed to do. Show everyone that America, like every other country, is vulnerable from within. (like we didn't know that already) And now with a bruised ego, it's trying to do something that hasn't even been thought out properly. Penalize everyone, ask questions later.
Hell hath no mercy like a woman scorned
Is pretty much the only thing that pops to mind regarding America's new stand on security. Register everyone in a database, tag em, give em' some iodine solution and find out when they eat, sleep and flush. Just not the blue plunger please. That one's rather expensive.
Just don't all you baztadz and bichaz come running up to Canada after they bomb the sh** out of your country and call us friends and neighbors all of a sudden. We know how you feel about us deep inside. Think about that next time you hang up on a Canadian customer. A-holes. Pfft.
QD
This rant sponsored by Molson Canadian and the letter A, also the number 7. Peace!
"In the background, he plays the Beastie Boys."
Is he by any chance listening to the album, Sabotage?
This comment is fully compliant with RFC 527.
But what happens when a terrorist group that specializes in coordinated, synchronized attacks kills a key bit of infrastructure at the same time they kill a lot of people? A piece of infrastructure that the emergency responders depend on?
Also, consider what happens in New York every time there's a blackout -- massive looting. Keep the power out for a few days, and you could have Baghdad-on-the-Hudson.
The only reason we can pack millions of people into cities and keep them all alive at the same time is our public infrastructure.
Must Have Maps... Must Destroy CAPITALISM!!!
-makoffee
If you guys get to put in requests for terrorist bombings then we should hear from all parts of the world that are likely terrorist targets. Speaking for L.A., I nominate the Getty Center.
If we have a government in whose interest it is to let our buildings get bombed, we're already in trouble.
because it still isn't slashdotted...
Another way of looking at it is that this is yet another attempt by the government to oppress us by suppressing impression. However I have a pragmatic view: all this information needs to be public anyway. (If I want to dig a ditch, wouldn't the owners of underground fiber want me to know where it is?) We can never have absolute security if we don't want to become a police state. So instead of screaming hysterically about the sky falling, why don't we think about the underlying causes of terrorism? Why would someone go to all this effort to hurt us? These are not script kiddies.
Disclaimer: I too have one of these here PhD dissertations under my belt. And I'm sure every dissertation has at some point been called tedious and uninteresting; I know mine has!
Unlimited growth == Cancer.
I'd be more worried about a backhoe operator working to near MAE-East.
Theoretically the Internet would route around it. However there's unlikely to be enough capacity. And every one locking down their routing tables to prevent malicious route pertebation suddenly finds why routing tables were dynamic to begin with.
Somewhere in the USA there is a person that has done this and is not trying to gain a Phd from it. They don't goto school. Hell they might not have even graduated highschool. But the real kicker is they can't get a job without a POS highschool diploma and a degree. He is lucky that other people know about his work or else he'd be MIA. Hey already took his website offline. Remember that french cat that was workin on rail gun tech. He didn't live very long.
Security through assasination, the only way to go...
this sig is classified..how about yours?
Sounds to me like this is the result of some decent map software, a database, book reading and good old fashioned social engineering. Focused and refined, certainly, but nothing new.
I found the WP article to be just a bit disappointing, dancing around the entire subject of the paper and it's methodology. bah.
Can you show me the math for this? You have to realize that there's no way we can be made completely invulnerable to attack. Therefore we have to draw the line somewhere at which point the costs are too high to justify given the relative risk. Where that point is, I do not know, but it does exist, and blindly wasting money isn't going to help things.
You figure out how many resources it would take to accomplish a given act, then figure out the availability of those resources to the enemy. Then you just make sure that the cost to them is higher than they'd be willing to invest and that the cost to prevent it is less than the cost to accept the risk. If a given vulnerability can be exploited to great effect by modestly trained, poorly equipped, angry people, then you probably need to fix it.
This sig has been temporarily disconnected or is no longer in service
He should put it on freenet!!!
*twitch*
I just don't understand how the home of the brave could act so chickenish lately.
So, for the record:
YOU ARE NOT IN DANGER! THERE IS NO TERRORIST CONSPIRACY IN YOUR COUNTRY! YOU ARE SAFE!
THOSE GUYS HAD ONLY ONE ADVANTAGE: SURPRISE!
Furthermore:
YOUR CHANCE TO DIE IN A CAR ACCIDENT IS WAY HIGHER!
And finally:
THERE IS ONLY ONE THING FREE CITIZENS SHOULD BE ALWAYS AFRAID OF: THEIR OWN GOVERNMENT!
bye.
You know, it seems that every time us Sheeple need some direction, we get a little global disaster to set us on the course.
m
WW1, Pearl Harbour were the major world events that aligned everything so perfectly. But, for the new generation, they didn't care at all...
Now, 9/11 is being used to re-centre everyone's debates, thoughts, hopes and dreams. Hell, the insurance in my condo went up because of 9/11. Apparently, until 9/11, planes never hit anything but the runway.
Get used to the new argument. In this rational age, you set the parameters for the arugements (everything changed cause of 9/11), and you cannot debate outside of them, lest you are called a terrorist (ie Why did they target the US? That is not within the rational arguement, therefore, you are against us!)
http://www.freedom-force.org/granddeception.htm
http://www.freedom-force.org/granddeception2.ht
The only solution may be suicide. There are terrorists who object to your existence on this planet.
Mea navis aericumbens anguillis abundat
A useful parallel here is the way that security works in the software industry. Often times a software vendor will be notified of a security vulnerability in their product only to shrug it off to the 'security through obscurity' bucket.
But....post that security vulnerability to BugTraq (or your security mailing list of choice) and the vendor is usually pretty quick to make some changes so that they can start wiping the proverbial egg off of their face.
If you don't understand that the world for the US has fundamentally changed after September 11, 2001, then you will never understand policy and security concerns again. You may not have to agree with the decisions, but by "getting REALLY sick" of hearing that you show that you are just doomed to sit on the sidelines, head in the sand, not understanding the world around you.
But it does work that way on a Mac, doesn't it?
One of the SF writers back in the 40s did get such a visit - something to do with atomics, where the data in the story was publicly available.
One of Chuck Jones' "Private Snafu" cartoons was squelched when it featured a super bomb (picture a big blast that destroys an island, leaving ocean water pouring into a big hole - just a silly example of cartoon physics) - they thought it was too much like the then-secret atomic bombs.
Yeah, maybe some nuts will make trouble again. But no national leader is going to help them. Attack the US, and in a few months, US troops are in your palace. State-sponsored terrorism is over.
NO. Security is not acheived by obscurity in the non-code world anymore than within it. Security is acheived by other means such as redundancy, access controls, surveillance (properly modulated by privacy of course) and so on. This work is extremely valuable in that it shows exactly where we are infrastructure-wise and what is weak or vulnerable and could use shoring up. It also opens up a lot of new innovation opportunities as it exposes existing needs and limitations.
This may be tedious but it is a potential goldmine to a lot more than would-be terrorists.
This is like the Bugblatter Beast of Traal- if you can't see the problem, then the problem doesn't exist. It's the whole security full disclosure vs. non-disclosure argument only in the 3d world.
The information is out there, it was found once. It can (and will) be found again. Fix the problem instead of burying it.
"Omnis tuus capsa sunt inesse nos"
Funny how these articles always take it for granted that fort-building is the only path to security. Another way to get there is to give people fewer reasons to go ballistic. Sure, there will always be lunatics who think they have to destroy a city to please Jesus or Allah or whatever. But they tend to recruit their legions of selfless followers from the ranks of ordinary people who legitimately feel they are getting squashed. If the greedy, shortsighted bastards who seem to make most of the big decisions in our world didn't see the rest of us as trash to be walked on, we might not have to be so scared that the points of vulnerability in the system are so accessible.
The article stated that the government officials to whom the student presented his research suggested immediately that his work be taken from him and classified, and that he not be allowed to leave the building with his laptop.
If this reaction does not cause you as an average citizen, concern, it should.
The attitude displayed by these government officials is one of, "We do not control it, therefore we must suppress it".
How dare an elected official behave in this way. But you know what, it probably wasn't an elected official at all. It was an appointed official or it was an official hired by an appointed official.
How disgusting it is that we have individuals in positions of power with the potential for abuse, conducting themselves with this attitude, individuals which we as private citizens have no direct or immediate means of knowing, preventing, or limiting certain abusive behaviors, actions, and practices of.
The solution to terrorism is not to treat everyone as a potential terrorist.
The solution must involve the recognition that we as persons in this modern society are due certain rights to privacy, to the potential to know the world around us: the good that could be done but isn't and the bad that is done in our name, and to a government which is maximally accountable to us within reasonable and minimal constraints which are never perpetual or absolute.
Whether or not realizing these rights leaves open the door to terrorism, these rights should not be negotiable. A solution which recognizes these rights must be found, or if none can be found, then we must live with these consequences of our freedoms.
http://www.allbookstores.com/book/0835766381
Also, historically bits of information that are classified when put together may sometimes be unclassified when separate. The key to making them important is the association, not the ideas themselves.
-1 Humorless
> It raises some very challenging questions,
> should some of this information be classified?"
Of course. And MapQuest should be shut down, and you should be required to have license to use Google. In fact, no one should be allowed to put up a Web site without a permit from the Ministry for State Security.
And, of course, libraries should be required to report attempts to check out or read books on the "sensitive" list, and bookstores should be forbidden to sell them to anyone with out a permit...
Why, there are so _many_ more things we could doing to assure our "safety"!
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
the real issue here is much bigger than terrorism.
controlling information will define human existence moving forward in time. it's about how we live, and what we are allowed to do.
Who gets to decide what is public? Do we all think the government (a slow/greedy beurocracy) should decide?
Folks,
..., because they might hurt US, or "My God!" can you imagine how much it will cost US to defend against that ..., or I cannot get in trouble for something that I can plausibly deny knowing anything about .... ... how can anyone be blamed fired or sent to jail for any culpable (?duplicitous?) actions .... There ain't no god-dang-frick'en proof of any dum-dung.
....
... type leader ready to move as decisively against our enemy as against our freedoms and open culture.
Our greatest enemy may be CEOs, politicians, managers, saying shush we don't want the enemy to know about
So, now we have the new "Sergeant Schultz" mantra for the folks in charge "I saw nothing, I knew nothing, I signed nothing, I did nothing,
What you don't know can hurt you! This is proven by every successful megalomaniacal murderous aristocrat, holy-man, dictator, politician, assassin and terrorist throughout history (which now includes 2001/09/11) with thousands dead.
Michael Vatis said, in the WP article, "But I don't think security through obscurity is a winning strategy" shows a proactive attitude about reality not what you expect from the duds in charge these days
John M. Derrick Jr., chairman of the board of Pepco Holdings Inc., exhaled sharply, and said "This is why CEOs of major power companies don't sleep well these days. Why in the world have we been so stupid as a country to have all this information in the public domain? Does that openness still make sense? It sure as hell doesn't to me."
John proves my point, that far to many leaders maintain the "Ostrich Stance" keeping their head in the sand, because their narrow minded reality is a little scary today.
Rather these leaders should recognize that a mobilized free and open people can fight any war of any duration, defeat any enemy anywhere anytime, and then force the enemy to surrender or die. The mobilized free and open people in a responsible (not draconian) open society can be the greatest weapons systems on the face of the earth today. However, I don't see a Roosevelt, Marshall, Churchill,
How much more is going on where our leaders' plans, for national and global defense, are "Security through obscurity" and "Dissension Oppression Activities (DOA)". It is better that fear should die with our enemies, then that our freedoms and culture suffer a fearful seizure due to timid immanent dejure/fiat.
OldHawk777
Reality is a self-induced hallucination.
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?
IMHO, the best thing to do would be restrict access to the info while addressing any potential vulnerabilities.
***
Radio Shack. You've got questions...we've got blank stares(TM).
Jazz,
I have been in meetings where, when the bosses are told the reality of how stuff really works
Also, gee, I am willing to bet other countries develop infrastructure that is almost identical in pattern and method to US. So, why someone would say such an intuitive and logical dissertation should be classified expresses the simplicity of some minds in charge.
OldHawk777
Reality is a self-induced hallucination.
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?
Dear SWP,
... is stupid, because it is simple minded Security Through Obscurity (STO) and BS-PHD. This is just one of the topics under discussion.
..., and it is fun, sort of a game for some of US. I suspect that the Social Security Number of all US citizens are available to China, Been- Lie'n, ....
Classification of common knowledge, published information, data derivatives of public and/or obtainable information,
Finding information ain't difficult
OldHawk777
Reality is a self-induced hallucination.
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?
Our enemies have this information, the public at large does not. If one grad student was able to collect it in a few years, do you think Communitst China lacks any of it? Do you think they or others won't have given that information to terrorists? Censorship of anything but specific military manuvers only hides information from the public. Our enemies know where to go and who to send to collect it all for themselves.
Friends don't help friends install M$ junk.
"wearing ... a soul patch goatee"
WTF is a soul patch? And why put a goatee on it? Really, the face-pubes on this guy just scream square trying to be hip.
As I see it we have several options.
1. Make it next to impossible (ie. almost impossible) for anyone to put this information together. In this case, noone knows what the risks may be or how to minimise them or cope in a crisis.
2. Have at least one person/organisation responsible for gathering and tracking this information.
The fact is, as soon as you take approach number 2, this information WILL get out (that's assured). So we can either live in ignorance or be prepared. Personally, I'd rather know that we understand the infrastructure of utilities and have built in redundancy and crisis strategies.
Also, given that the information has been out there, who else has compiled it? Any recommendations of "let's take it away and pretend it doesn't exist" are unlikely to have the impact people are "implying".
AC
First, the cat is out of the bag. If terrorists were interested then they have guys on it now collecting the same information.
Second, trying to keep information classified would be a huge undertaking. From the examples mentioned, we have to get security clearance for every trucker, technician, engineer, or architect that has access and knowledge of these key areas. I don't think the fbi is up to the challenge of doing all those background checks.
Third, I am sure that there is not one key target mentioned in that document that is this country's Archilles heel. Thus terrorist would have to be able to sustain multiple attack in short window of time to cause real trouble. They haven't demonstrated this ability to do that. Their attacks, even in the Middle East and Asia, have been isolated over a few months.
So, it would best to make it available (if not publicly) to those who could best use that information to sure up those vulnerabilities through redundacies, or contingency plans.
This is advantage of our open society. Someone can find mistakes and be able to speak up openly so someone can deal with it. Don't let fear that cut off.
You don't have to be smart to use a Mac, you just have to be smart enough to buy one
The last house I lived in was across a street from the Florida East Coast rail line. There were sign posts every few meters along the rail line warning about digging becuase of the fiber optic lines.
A half a km or so south of where I was living, there were two small air-conditioned barbed-fenced-in buildings, sitting next to sizeable propane tanks (presumably for backup generator). I assume they must be optical relay stations or something of the sort having to do with those fiber lines.
What sucked was that when I was living there, I couldn't get higher than a 21.6k internet connection (it was a rural area), but all the while there was likely gigabits/sec flying by my front yard =D
Please consider making an automatic monthly recurring donation to the EFF
What the hell do those guys think they're doing? Are they actually surprised people don't want that public? Maybe if terrorists hit someplace near them, they'd change their mind. Do they really want that info in the public domain? If they want to defy authority, isn't this kind of a pussy way to go about it?
This guy is way out there
WTF??
> Terrorism, n. The unlawful use or threatened use of force or violence by a person or an organized group against people or property with the intention of intimidating or coercing societies or governments, often for ideological or political reasons.
E.g., the invation and occupation of Iraq by US forces.
unlawful - check (according to the international law)
use or threatened use of force or violence - check (both)
by a person or an organized group - check (US military)
against people or property - check (mostly people but some property git damaged in the process)
intimidating or coercing societies or governments - check (forced regime change)
for ideological or political reasons - big check
Thank you for clearing this up.
OMFG you fucking suck!!! Please stop posting so much utter fucking shite all over this already crap filled board!
The folks like that utility CEO are obsessing about the risks involved in an information-rich society. Still, at the same time, they and their peers are massively hiring hundreds of thousands of people from places like India and China via the H-1b and the L-1a program--and via agencies that have rather loose attitudes on immigration rules. Regardless of the intent here, a young man, a long way from home, in a new culture is vulnerable to all kinds of pressures--as are his relatives back home. Can these folks really do a good background check anywhere in the world? I don't think so.
I've personally worked in financial environments in which organized fraud rings were active--these gangs are quite adept at exploiting all kinds of vulnerabilities. I honestly think that stuff like Gorman's document is down on their list of priorities (they tend to do stuff more like threaten to kill someone's relatives back home where they can get away with it or gather material for blackmail).
I'm personally much more concerned about the tendency of companies to violate the Pentagon guidelines and use foreign nationals--or outsourcing firms to manage critical US infracture than I am about the release of what Gorman did. If the CEO's are really worried about security, they can start hiring people on whom they really can do background checks, locate their facilities in places with good physical security and start worrying about their basic processes.
All too often, the attitude in corporate America is that if a risk doesn't show up in an insurance premium it must not exist. To often, CEO's grossly neglects public safety and national security and their actions deserve close scrutiny here--and in many cases these corporate captains should be forcibly relieved of their office and property or placed in prison. Classifying Gorman's dissertation isn't going to protect them or the public--they have much more basic work to do.
Uh oh, now the terrorists could possibly use this information in an ATTACK ON AMERICAN INTERESTS.
Cool! Amazing Toys.
Haven't you been thinking about this a little too precisely? I'm not saying that what you said is suspicious; just don't answer the door for the next few days.
Attack its weak point for massive damage!
Mission critical infrastructure should have a properly protected communications link, and at least some form of redundancy (wireless or satellite with ipsec encryption as a backup, perhaps?) to cope with incidents like these...
smash.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
I wont punch you in the head when I seen you in the street coz I respect your right to have teeth.
So can you perhaps stop taking my rights away by being big Nanas? I want to be able to go to a Chinese takeout without being considered a security risk.
Perhaps freaking out all the time wanting new laws/Your Govtnerment to kill things to protect you, how about working on not pissing people off in the first place so they don't want to blow anything up.
Start with you local member of government and hassle them about all the lame arse laws/policies they put up with.
Eventually, they'll sort it out, but there is value to the attackers in how long that will take. If the Pentagon releases a nice, color-coded map of exactly where they dropped the bombs (they do know exactly what was hit, what with precision armaments), it *will* help the enemy du jour.
The moral: don't expect perfect self-knowledge among the other side. There is value in obscurity during warfare.
anthony_dipierro (543308) says:
Spoken as someone who:
The answer is clearly Option 5. All of the above (sorry, no CowboyNeal option just like the Polls as of late!) :)
Seriously for a moment, anthony says:
How do you know what the government will or will not classify or when it will choose to do it?
A resume full of CLASSIFIED means nothing. It doesn't look "better" - it looks COOL to ignorant Vin Diesel TripleX wannabes. Classified academic work means that there is no way to prove any of your work so it's useless. In other words, he won't be able to get a job as an academic and pursue research because he can't prove any of his prior research or put it up for scrutiny by other academics.
Ever dealt with government intelligence agencies? Clearly not. They often don't even acknowledge anyone works there, even after you have spoken with their staff several times or you're returning their calls.
This would be an order of magnitude or so larger than the kid from Wisconsin(?) who left pipe-bombs in mailboxes across the western states, (in a big smiley-face pattern on a U.S. map). The plan seems flawed somehow, but I'm not an expert. I think that the teams would be highly exposed by visiting 500 sites. After one or two explosions the authorities might be on to them in almost no time. It also might be more likely to just piss us off instead of terrorize us.
My other car is a 1984 Nark Avenger.
"While I hope the bell went off in their heads, that something needs to be done, my guess is that they will instead over-react and try to restrict the public's access to even more information.(whew, long run-on.) "
No. It's not. It's a valid sentence. The terem "run-on" is primarily a way for english teachers to avoid showing students how to form long, complex sentences.
The attitude of the former Government cyberterrorism guy is totally inappropriate. Making this fellow destroy his research would be non-productive at best, and possibly counter-productive. Heres why.
Axiom: What can be done once can be done many times, all things remaining constant. Destroying this research will not prevent someone else from reproducing the work.
Instead, the government should buy this database and hire the guy to work with the FBI CT unit (after he gets his PH.D). He would be an enormous asset for helping to anticipate acts of terror.
Remember that the only weapon potential victims have against terrorism is vigilance, because the only weapons terrorists have are patience and daring. Bureaucrats sometimes forget this in their search for quick solutions.
Unfortunately, my cynical nature leads me to wonder if the CEOs really care (based upon a cost/benefit analysis)... if there is a terrorist attack, is the company going to have to pay for it or are the American people / government?
btw: I thought the DOJ originally designed arpanet to handle such attacks by rerouting?
National patrioism upped by 40%
National IQ down by 20%
I guess it's a good tradeoff
This map is a good thing; it shows where redundancies need to be added. The whole nature of the Internet (IP routing) allows for routing packets around choke-points and outages. That was the point of the DARPA project, to have a data communication system that could survive a nuclear attack, much like the highway system was added so "people could escape in an emergency." As to power and other utilities, it just shows that our infrastructure is not that good, that we need more redundancies in the "grid." From knowledgeable sources, I hear that in the 1980s and even now, there are many choke-points where there are no redundancies.
The electrical "grid" is more like a bus than a fully-connected network. Even in urban centers, the utilities are rarely planned (San Jose has some of the worst "planning" of utilities imaginable) and often are interrupted by construction crews that seem to be tearing up the road repeatedly for no obvious reasons. And then the city repaves it, and they're out there next week tearing up the recently repaved roads. No wonder why this state doesn't have any money, and why San Jose has the worst roads in the nation, even though it is in a mild climate. *cough* Union corruption, back-room deals, and inefficient(&corrupt) bureaucracies (state && local). */cough*
The biggest trick the devil pulled was letting lawyers become politicians so they can write the laws.
Of course they could. You may have heard of the 1977 "Blackout" of New York. That event was initiated by a lightning strike in Quebec. One blown circuit breaker led to another, and the next thing you know most of the New England power grid was dead for a week.
Personally, I'm just surprised that this guy allowed his name to be printed in mass media. It's enough that the government knows who he is, where he sleeps, etc. But, to let everyone else know? With all of the fanatics in the world (Bin Laden related and non-BL related), I'd be scared for my life.
I'm sure someone will reply with both "safest possible disguise is wide out in the open" and "security through obscurity is no security at all", but somehow neither of those really register in my mind as the best idea in this case.
Then again, the most cloak-and-dagger thing I typically do is surprise my girlfriend by showing up unexpectedly at her door with flowers.
I figured out as child how to reach high spaces. I used this to get to my Dads gun.
Your children will suprise you.
No moral to this tale, but think a little more eh ?
the discussion...
Let me explain something to you idiots.
What this kid has done, ANYONE ELSE can do - especially someone with the big bucks like Saddam (oh, wait, somebody here said he was dead a while back! Really? Who did the video the other day?) or Osama.
So what good does it do to classify his one lousy little dissertation?
Remember the Princeton kid that designed the feasible A-bomb? They restricted his stuff, too. Big deal. Anybody with the math background and access to a fucking Linux box today can duplicate that feat. You think terrorists can't get this information?
Get serious. The fact that this kid can be threatened with IMPRISONMENT BY FUCKING CEOS demonstrates that this country DESERVES to be trashed by terrorists!
As Georgie said, "BRING IT ON!"
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
Hallo!!!
Anybody with 2 eyes and a bit of imagination can walk around their local city or town and find sensitive area's to blow up. Unless the US governement plans on poking everybodys eyes out that comes to the US this sort of childish nonsense won't help.
All it is doing by classifiying stuff like this, besides being a nuisance is bringing us that much closer to 1984. If this guy was to have posted his paper on the internet he could have been detained the rest of life without trial according to the current laws. This is a scary proposition.
When will everybody learn that security through obscurity DOESN'T WORK. This for the simple fact that nobody has the power the keep everything abscure. You can fool some of the people some of the time but not all the people all the time. The only people you are hurting with this are your own civilians. Terrorists will find out stuff to blow up one way or another.
Sorry, this is not meant to be funny, but I keep thinking of the voice in Counterstrike saying "Terrorists Win".
I also think that the way the US government has responded to terrorism reflects what they wanted to do anyway, the terrorism just gives them a reason the public will accept. So, because the government chooses to enact the Patriot Act without telling people what it involves, the terrorists win. The government helps the terrorists win by taking away over liberties.
I am saying this without knowing what can be done to stop or prevent terrorist attacks without restricting freedom. Its a dichotomy between freedom and potential terrorism.
I also think that if the US didn't invade other countries and overthrow governments and throw its weight around, it wouldn't be a target or terrorists.
http://github.com/gbook/nidb
When Tom Clancy wrote The Sum of All Fears, he mentioned in the afterword that when he was researching how to build a nuke, he was able to get all the information he needed; so much so, in fact, that he changed details for the book, as he didn't want to put in an accurate, step-by-step description.
He mentions, for example, calling up..Oak Ridge? Or was it Lawrence Livermore? One of those places, and asking for information on the machinery, and having schematics and manuals and what not fed-ex'd to him the next day.
The trick is almost never in finding the information, only in drawing disparate information into a cohesive whole.
Vintage computer games and RPG books available. Email me if you're interested.
DLS = digital subscriber line
so what the hell is a "DSL line"?
From "Vancouver Town" by Rolf Harris:
Ontario darkened the whole East Coast,
So it gives Vancouver a chance to boast,
With BC Hydro's Columbia Plan
We can black out the rest of the US, man!
It doesn't mean much now, it's built for the future.
I was also bugged by this for quite some time, but came up with a resolution. A terrorist attack is characterized not by its target but by its goal: to cause terror. If killing U.S. soldiers in Iraq causes people in the U.S. personal fear then it satisfies this requirement for being considered terrorism (personally I don't think such attacks causes significance fear).
With this definition, it is possible for a terror attack to be legal as it is internationally acceptable to attack an occupying military presence.