Hackers Make a Fake Hand to Beat Vein Authentication (vice.com)

← Back to Stories (view on slashdot.org)

Hackers Make a Fake Hand to Beat Vein Authentication (vice.com)

Posted by msmash on Monday December 31, 2018 @05:30PM from the how-about-that dept.

Devices and security systems are increasingly using biometric authentication to let users in and keep hackers out, be that fingerprint sensors or perhaps the iPhone's FaceID. Another method is so-called 'vein authentication,' which, as the name implies, involves a computer scanning the shape, size, and position of a users' veins under the skin of their hand. But hackers have found a workaround for that, too. From a report: On Thursday at the annual Chaos Communication Congress hacking conference in Leipzig, Germany, security researchers described how they created a fake hand out of wax to fool a vein sensor. "It makes you feel uneasy that the process is praised as a high-security system and then you modify a camera, take some cheap materials and hack it," Jan Krissler, who goes by the handle starbug, and who researched the vein authentication system along with Julian Albrecht, told Motherboard over email in German. Vein authentication works with systems that compare a user's placement of veins under their skin compared to a copy on record. According to a recent report from German news wire DPA, the BND, Germany's signals intelligence agency, uses vein authentication in its new headquarter building in Berlin.

One attraction of a vein based system over, say, a more traditional fingerprint system is that it may be typically harder for an attacker to learn how a user's veins are positioned under their skin, rather than lifting a fingerprint from a held object or high quality photograph, for example. But with that said, Krissler and Albrecht first took photos of their vein patterns. They used a converted SLR camera with the infrared filter removed; this allowed them to see the pattern of the veins under the skin.

66 comments

Min score:

Reason:

Sort:

So... by Anonymous Coward · 2018-12-31 17:35 · Score: 0

If I blow a vein out shooting dope I'll still be able to login...good news!
1. Re: So... by Anonymous Coward · 2018-12-31 18:35 · Score: 0
  
  Shsjsj
2. Re:So... by Rosco+P.+Coltrane · 2018-12-31 20:35 · Score: 1
  
  And when you're done logging in, you can use the fake hand to give yourself a stranger. What's not to love eh?
  
  --
  "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
3. Re:So... by drinkypoo · 2019-01-01 01:45 · Score: 1
  
  And when you're done logging in, you can use the fake hand to give yourself a stranger. What's not to love eh?
  It's a wax hand, not a whacks hand. Save your joke for when they start using this technique with video instead of still images, and it's necessary to make a silicone (or similar) hand so that it can be equipped with a pulse.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
4. Re:So... by Anonymous Coward · 2019-01-01 12:20 · Score: 0
  
  Then, they will never find enough wax to replicate that fat IT janitor huge clumsy hand so he is safe.
5. Re:So... by Anonymous Coward · 2019-01-01 12:34 · Score: 0
  
  Good point since bee wax must be used and bee wax is getting rarer and rarer ever since his uncle took him to the woods between Rosamund and Gorman,
If something is not secret, by Mr.+Dollar+Ton · 2018-12-31 17:36 · Score: 1

it is usually not very hard to copy.
1. Re: If something is not secret, by Anonymous Coward · 2018-12-31 18:25 · Score: 0
  
  What happened? I canâ(TM)t tell
2. Re:If something is not secret, by 93+Escort+Wagon · 2018-12-31 19:34 · Score: 1
  
  Are veins free as in beer or free as in speech?
  
  --
  #DeleteChrome
3. Re:If something is not secret, by Mr.+Dollar+Ton · 2018-12-31 19:57 · Score: 1
  
  Free as in "the best things in life are free".
4. Re:If something is not secret, by Anonymous Coward · 2019-01-02 00:17 · Score: 0
  
  Exactly. So instead of going "this approach is now useless, lets look for another unique bio-thing", they ought to consider "will the next bio-thing also be easy to spoof". And if so, just don't bother developing it at all.
Handmodels by Anonymous Coward · 2018-12-31 17:57 · Score: 0

A former German hand model turned secret agent will find it hard to get a clearance into the office.
1. Re: Handmodels by Anonymous Coward · 2018-12-31 18:44 · Score: 0
  
  Why
2. Re:Handmodels by Anonymous Coward · 2018-12-31 18:59 · Score: 0
  
  From the country that advertises public hairstylists on prime time TV.
3. Re: Handmodels by Anonymous Coward · 2018-12-31 22:15 · Score: 0
  
  Why not
I want to know by Anonymous Coward · 2018-12-31 18:00 · Score: 1

Which idiot decided to use an identification as an authorization. Someone deserves to be beaten to pulp for being so stupid. Identification is not authorization, especially when it cannot determine intent. More specifically whether the person being identified is actively seeking service pr is being presented under duress and external force
1. Re: I want to know by Anonymous Coward · 2018-12-31 18:15 · Score: 0
  
  Is there any indication that anyone would care if someone were under duress? I doubt it
2. Re:I want to know by Anonymous Coward · 2018-12-31 19:43 · Score: 0
  
  you mean authentication not authorisation. once you are authenticated then it is fine to use that as authorisation.
3. Re: I want to know by Anonymous Coward · 2019-01-01 01:04 · Score: 1
  
  No it's not. It answers just one of the 3 - it is the something that you are. It does not answer what do you know and what do you have.
  Who you are is utterly insufficient. You always are who you are.
  What you know is used to determine intent. It is used to determine what kind of service you are seeking and if you are under duress.
  What you have is used to determine whether you are trusted by the system or not. When you can no longer present back the token the system has given you you may have been compromised or the trust removed from you
4. Re: I want to know by Sique · 2019-01-01 01:59 · Score: 2
  
  You messed something up here.
  First: No one said that the biometric identification was the sole source for authorisation. It is a means to establish identity, not more, and not less. And this method was now defeated. The BND mentioned in the article does not use veins as the sole source of identification, it's just one of the layers of security there. There are still badges to be worn, pin codes to be entered and personal documents checked by security personel at the BND sites etc.pp.
  Second: The main problem with biometric identification is that you can't change your identification after yours got compromised. When your password becomes known to someone else, you can change it. When someone steals or copies your badge, you get issued a new one, and the old one gets blocked. But you can't change your vein pattern, your retina or your hand shape that easily.
  
  --
  .sig: Sique *sigh*
5. Re: I want to know by orlanz · 2019-01-01 07:01 · Score: 1
  
  And then I think you got things mixed up.
  Your vein/finger/retinal ID should be your login ID. Not it's verification token. The password, however simple, should still be a secret, hash communicated, mutable unique to an authentication system.
  You can use your Bio-based user ID to be tracked around a secured building, but shouldn't be used to keep you out of a room. It's should be treated no differently than a badge or RFID tag.
  But for the reason you gave, I think it is still a bad idea to use your bio as an ID. If it is used for DOSing or Spaming, you are efficiently blocked out. And you can't just go get another ID number.
6. Re: I want to know by Anonymous Coward · 2019-01-01 08:32 · Score: 0
  
  you are making assumptions here. We use biometrics for authorisation all the time, it is an excellent 3rd factor to sign a transaction after identification and authentication has occurred. Use technologies for their proper purpose and they are fine. and yes the OP mixed up authentication and authorisation, many people do.
7. Re:I want to know by gravewax · 2019-01-01 08:46 · Score: 1
  
  Very few do, but it is a significant increase in security to do so. As others stated you seem to have confused your terms.
  Identification is WHO YOU ARE. Bio-metrics handy for that.
  Authentication is proving who you are or at least that you have the associated secret/device.
  Authorisation is simply given who you are, are you allowed to perform Y Action or Access X Resource. e.g. an ACL lookup, adding biometrics to this would be a significant increase from what 99.999% of systems do today. basically authorisation comes post identification and authentication.
8. Re: I want to know by Anonymous Coward · 2019-01-01 15:39 · Score: 0
  
  You are not completely right.
  A properly designed system will allow you to have more than one valid authenticaton all with the same identification. This allows communicating your intent back to the system.
  You may be issued authentications
  â to use in case all is normal but read only
  â for read-write
  â indicate you are under duress so that the system logs you in into a honeypot, alerts security, start data destruction, etc.
  Depending on the state of the system it may require you to present a preshared authorization - something that you have - otp, x509 cert, u2f, etc
9. Re: I want to know by DredJohn · 2019-01-02 01:44 · Score: 1
  
  My voice is my passport, verify me.
Obligatory orange-bot translation by Anonymous Coward · 2018-12-31 18:15 · Score: 0

"I don't have small hands, believe me! CNN sewed fake small hands on me while I was banging Sto...sleeping. Totally rigged limbs from low-ratings fake-news. My real hands, which are Yuuuge by the way, just like my down-there equipment, are building a big beautiful wall at the once-leaky border! No more bad hombres with rapey hands. You don't know about it because fake news won't show my wall, nor my bigly hands. So sad."
Looks like the BND work by Anonymous Coward · 2018-12-31 18:27 · Score: 0

was all in vain.
* laughs manically for 25 seconds *
Ay Yup by JustAnotherOldGuy · 2018-12-31 18:39 · Score: 2

I'm sure at the time this seemed like something that would be damn near impossible to spoof, and I can see where the idea was so compelling that it made it all the way into implementation and deployment.
When deployed it was essentially un-spoofable because it was a new kind of "lock"; no one had made a "key" for it because this kind of lock never existed before.
But as soon as the lock (in the form of a vein scanner) appeared, the "getting defeated" part was sure to follow.
I think the surprising part was that it was defeated fairly quickly...I'm sure the people using this thing expected it to be the end-all-be-all of security for the next decade or so.

--
Just cruising through this digital world at 33 1/3 rpm...
1. Re:Ay Yup by Anonymous Coward · 2018-12-31 18:54 · Score: 1
  
  Prior Art. Old 1998 Sony see through camera. And many others were modded. Even an Iris scan can be defeated, and 3d printing will only get better.
  Face scans have moved to 256 points, up from 64 or so. Use a bolo to read fresh keypad codes. The experts still say voice is best.
2. Re:Ay Yup by 93+Escort+Wagon · 2018-12-31 19:38 · Score: 2
  
  This will be interesting to follow. The question I have is - is this fundamentally easily hackable, or are the current implementations just too sloppily done?
  I really want to see more info on just how accurate and detailed these photos can be at a distance.
  
  --
  #DeleteChrome
3. Re:Ay Yup by ShanghaiBill · 2018-12-31 20:03 · Score: 3, Insightful
  
  ... or are the current implementations just too sloppily done?
  An obvious improvement would be to take multiple images a fraction of a second apart, and look for a pulse. Some fingerprint scanners already do this.
  More importantly, any biometric identifier should be used IN ADDITION to a password or PIN for anything important.
4. Re:Ay Yup by Anonymous Coward · 2018-12-31 20:11 · Score: 0
  
  Well, that depends on the "guarantee" provided by the manufacturer. If the manufacturer guaranteed security for 10 years and backed by liability insurance of $1,000,000.00 per "incident" then they probably believed it secure. On the other hand if the manufacturer only provided a 30-day warranty against manufacturing defects, then they clearly did not believe that it was secure.
  In other words, the issue is (as it almost always is) a matter of misplaced trust.
5. Re: Ay Yup by Anonymous Coward · 2019-01-01 01:10 · Score: 0
  
  A manufacturer warranty is at least 2 years by law in EU
6. Re:Ay Yup by drinkypoo · 2019-01-01 01:42 · Score: 3, Insightful
  
  What seems "obvious" to you is actually very, very, very complex
  Obviousness is orthogonal to complexity. An obvious idea can be difficult to implement.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
7. Re:Ay Yup by Anonymous Coward · 2019-01-01 04:29 · Score: 0
  
  Sorry, this just seems too easy to fool. You would simply need an LCD in front of some IR reflecting/absorbing material. You could possibly just go simpler with an LED panel and send whatever image you want. The sensor is going to read the relative differences and LEDs. LEDs emit quite a bit of IR light already.
8. Re:Ay Yup by Anonymous Coward · 2019-01-01 04:54 · Score: 0
  
  When deployed it was essentially un-spoofable because it was a new kind of "lock"; no one had made a "key" for it because this kind of lock never existed before.
  Just like any kind of lock, no matter how simple it is.
  
  I think the surprising part was that it was defeated fairly quickly...I'm sure the people using this thing expected it to be the end-all-be-all of security for the next decade or so.
  As others point out, the idea of any lock based on biometrics is to feed it sufficiently equivalent playback of whatever it records. If what it records is light alone, then all you need is a camera to record the necessary information--and it obviously exists if they lock has it--and a display to play it back--this may be more tricky. Going as far as building a fake hand is just the obvious end-stage evolution of any sort of technique involving hand measurements. It's really the overkill approach and the much less trivial way, so I imagine not the realistic approach for most who would bypass their lock. Even so, if they truly didn't consider the possibility and cost of a fake hand, then they were clearly incompetent. My guess is they decided it was too costly based on their own estimates, not that it was unbeatable for even a few months.
9. Re:Ay Yup by colin_young · 2019-01-11 06:19 · Score: 1
  
  The Fujitsu palm scanners do just that (look for blood flow that is), or at least claim to. When I worked with those scanners, I always idly wondered just how difficult it would be to take the image, use a 3d printer to make a fake hand with veins and then pump some sort fluid through it to fool the system.
  I also wondered about verifying the blood flow thing, but was never able to verify due to lack of access to a supply of corpse hands.
The usual for today please... by SirAstral · 2018-12-31 20:18 · Score: 1

Identification, Authentication, and Authorization are all VERY different things.
Identification = Information about who you are
Authentication = verifying that ID information being provided is correct through a predefined/established process
Authorization = gaining permissions or actual access AFTER authentication has checked out.
bio-metrics foolishly rolls all 3 of those things into ONE and that is just bad security practice and it's not going to likely change. The fact that this is still being pursued and developed in this way is tacit proof that real security is not desired or required. Security Theater once again... wins the day!
1. Re:The usual for today please... by angel'o'sphere · 2019-01-01 03:06 · Score: 1
  
  bio-metrics foolishly rolls all 3 of those things into ONE and that is just bad security practice and it's not going to likely change.
  No it does not.
  Authentication and Authorization are still separate. Or are you suddenly "root" when you put my fake hand on my sensor?
  
  --
  Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
2. Re:The usual for today please... by SirAstral · 2019-01-01 03:51 · Score: 1
  
  Goal Post moving fallacy and straw-man fallacy argument well done... Authorization does not automatically mean "root" access. Gaining root access is irrelevant regardless if such access is going to be attempted. Is a person hacking into your email account search for root access too? Not likely, meaning root access is not the only goal possible.
  The point is that Authorization is a piece of a pyramid that rests on top of Identification and Authentication. When either of those base pieces fail, the top piece topples just like the stones would in a physical pyramid.
3. Re:The usual for today please... by Anonymous Coward · 2019-01-01 07:14 · Score: 0
  
  However clever you want to sound, your original argument is wrong. Biometrics do not roll all 3 things into one. Authorization remains separate from the other two and can be modified, extended or restricted independently of the other two.
  You are right however about the fundamental issue here: most biometric schemes confuse identification and authentication. This is the root problem.
4. Re:The usual for today please... by AHuxley · 2019-01-01 11:07 · Score: 1
  
  That would depend on the building and staff.
  A human guard who can remember names and faces and new biometric authentication? Then you know someone put some money into a "secret" project.
  That just get the person in the front door.
  What they do later to get into their computer network is often different.
  
  --
  Domestic spying is now "Benign Information Gathering"
5. Re:The usual for today please... by angel'o'sphere · 2019-01-01 19:32 · Score: 1
  
  The parent claimed that Authentification and Authorization is the same as soon as I use my eye ball or my finger print to authentificate me. No, it is not ... go away with your fallacy mind ...
  
  --
  Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
Wrong conclusion by Anonymous Coward · 2018-12-31 21:23 · Score: 1

The utter stupidity of the idiots who still think biometrics are a good idea in the face of all the evidence to the contrary simply doesn't count. Because tt was hackers, that hacked, with hacks! You really can't begin to defend against hackers, hacking, with hacks. Because they're hackers, and they do hacking, with hacks! Everyone knows this!
Well, at least msmash cherry-picks the "news" to look like that.
Beat Vein Authentication by mentil · 2018-12-31 21:40 · Score: 2

If I made a fake hand, I'd use it to beat something else.
Some eggs, for instance.

--
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
1. Re:Beat Vein Authentication by serviscope_minor · 2018-12-31 22:42 · Score: 1
  
  If I made a fake hand, I'd use it to beat something else.
  Glad it wasn't just me! I got 7 words in and that's where my mind was.
  Some eggs, for instance.
  Well played sir.
  But since we both find these funny, have a complementary one. Here's a recent "don't masturbate" poster thing which is just hilarious:
  https://i0.wp.com/www.wehunted...
  If you don't want to visit the link, the text says:
  "Strugling with the addiction to masturbation? Reach out to me and we will beat it toether." -- Jesus
  
  --
  SJW n. One who posts facts.
2. Re:Beat Vein Authentication by mentil · 2018-12-31 23:55 · Score: 1
  
  Touched by the hand of God, indeed.
  
  --
  Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
3. Re:Beat Vein Authentication by Anonymous Coward · 2019-01-01 08:38 · Score: 0
  
  They dubbed it: "The Stranger."
4. Re:Beat Vein Authentication by Anonymous Coward · 2019-01-01 22:19 · Score: 0
  
  If I made a fake hand, I'd use it to beat something else.
  Some eggs, for instance.
  I am greatful to you; I appreciate your humor, thank you for sharing this, you have improved my day.
Re: So... Nazis were leftists like Democrats by Anonymous Coward · 2018-12-31 22:39 · Score: 0

Putin's l33t h@X0rs are to blame for everything. LOL
Key by Anonymous Coward · 2018-12-31 23:31 · Score: 0

This is just like the key locks everyone uses on their doors. Key locks are easily picked, but it is the cheapest thing we have, so we keep using them. Veins can be copied, but not that easily, so the system is still the best there is.
1. Re:Key by Gavagai80 · 2019-01-01 00:50 · Score: 1
  
  The difference is that these wonderful biometrics allow you to enjoy ADA lawsuits from people whose hands were amputated, or never grew due to a birth defect. (For retinal scanners, likewise with people whose eyes have been poked out.)
  
  --
  This space intentionally left blank
Still best by markdavis · 2019-01-01 01:09 · Score: 1

This is not anything fantastic. It is no great feat to make a fake "hand" to fool a deep-vein-palm-scanner. It changes nothing.
Fingerprints- you leave them everywhere.
DNA- you leave it everywhere.
Face- you show it everywhere.
Iris- visible when look at any device.
Hand/finger shape- not live, visible in any photo.
The whole point of deep vein scan is that what is being scanned is never left anywhere (latent) and not casually visible or obtainable. The veins are beneath the skin in the palm, in an area rarely exposed "outward" and can be seen only in infrared at very close range. When you "enroll", you know you are doing so and typically have to be an active participant. Combined with a password, something you "know", not "are", it is perhaps the most secure in-use thing out there while also being the most private, and actually very cheap to implement, and still fast enough for real-time use (those last qualifications throwing out things like retina, which is typically expensive, complex, and slow).
Meanwhile, fingerprint and faceID systems continue to erode privacy and diminish actual security. DNA, when it eventually comes, well.... go watch the old film GATTACA.
1. Re: Still best by Anonymous Coward · 2019-01-01 17:30 · Score: 0
  
  Exactly! Too many here go,'well it's been beaten. Totally useless now'.
  All security can be beaten. All of it. Yet we use it anyway. Why?
  - needing a hack slows down the hackers;
  - many hacks aren't practical (fake hands? Really? With accurate vein patterns? I call BS);
  -all you need to do is make a pen attempt too expensive, risky, or beyond attacker resources;
  - MFA does a good-to-great job at keeping bad people out;
  - as always, talking authorized people into doing unsafe things invalidates all technical security;
  Really, as long as your security tech is better than your people, the tech is usually good enough.
As always... any biometric can be spoofed. by Anonymous Coward · 2019-01-01 01:16 · Score: 0

And that isn't going to change no matter how much rah-rah-rah (aka BS) is said about how "secure" it is or how "impossible to duplicate" is claimed.
You're so vein by Applehu+Akbar · 2019-01-01 02:08 · Score: 1

Biometrics is turning into the ligne Maginot of the IT world, a fixed defense that someone, somewhere will always find a way around.
1. Re:You're so vein by Ol+Olsoc · 2019-01-01 03:17 · Score: 1
  
  Biometrics is turning into the ligne Maginot of the IT world, a fixed defense that someone, somewhere will always find a way around.
  Since this "exploit" requires the bad actor somehow getting photographs of the person's palm, some nice lightweight cotton gloves defeats the hack.
  I wonder how any people walk around with their palms exposed anyhow?
  If Biometrics are the only thing giving access to whatever is classified - well, that's just stupid. Even my phone requires me to input a PIN every so often in order to use the fingerprint reader. And if someone actually went to the trouble of raising my prints they better pick the right one or after three tries they better know my PIN. There are ten choices you know.
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
The most freaky thing by Anonymous Coward · 2019-01-01 08:49 · Score: 0

Now THAT'S one scary handjob
biometric authentication is a joke by Anonymous Coward · 2019-01-01 09:00 · Score: 0

Always has been. Its so easy to bypass.
Thats why by AHuxley · 2019-01-01 11:04 · Score: 1

in places that matter a human guard sits behind glass and knows all the staff allowed into an area.
Biometric authentication gets you part way in.

--
Domestic spying is now "Benign Information Gathering"
And so on by Impy+the+Impiuos+Imp · 2019-01-01 17:41 · Score: 1

As usual for high tech, sex applications lead the way with fake body parts with accurate veining.

--
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Pulse required by Anonymous Coward · 2019-01-11 07:45 · Score: 0

Modern finger and vein scanners require active blood flow. Model is useless.
One attraction of a vein based system by Anonymous Coward · 2019-01-15 17:19 · Score: 0

sTmyFdWQ ekrbmv8C eEw. 6I75 YPVLPJHk e6K5Wm7y czUyVl. v O-frjToe CBqGf5h6 daaUvBhk 1JCbElo7 Wpsn7c-w A9rTrd76 kVMpRql7 qvnpyhz. 9RE3F53. 34eKAi1G mUQY2JMn 1UB2VvBd 2SAViskW xrXTA1sE 0TfjE29L K-XLiaXt-A7fnvEZ n7xjBW0S aMPcajpf zpdXfGeY-aiW9mw7 Pv17Np1s HnmMx9. X kPxfDud7 ybY2GCIL dRMDG2rh wx3ph-OF auWirHHf XvT0CZ7. SbBvkZla SP1ZYwFn tMoWJcIY KBMWABTV E8mAH5PV 4g53PDSk 0307IEj7 0WT2z6GF Szv-U8jH WqjRPuhd FVuVK3yv 22Rz8s5S rsULeVDs AsVeAsmP xedsodlj. sNLroGX G7OvHLUM ufmRYXKE dSdfrDQv DymBLlOu TBTTkD0M fRFFGbNR OFcnzdzq 5vRXDmb3 66Obq4KC phf5lKKE. oOMnNI5 z3UxJSrM abNTKZIo fiIMO9vT q64cppan vEmodv3F WbEC3cFS VsRj-i9N u6AQHIH8 JfqWTR2z cUyr75X6 m8aKUc8t z5RXJQMy qzSrgi1e 9QDNawpO kJX5ZJQT KCW8Ci9t yQ5R5cv9 6Y6. 4H5C qQolmosx ihUTXGuY 1fZp15Zf IQvcPxyM XKy2fO0K BqrIxlSQ 9Vlig1zJ 9Psvj499 mozbjE4s. 4XobqdG qcAjr1PO eJjdjnLV-6XbN38j 5ylO5DLZ ibftJMsD KVjNH-hz Bt-IGIZZ Vn3Peig9 WFRkRLqU oiBa7tVa 5OlB7o7L yIwZ3ave JmCQXvyX DhiVEx8H Tm. egZVV em80ohQQ 736gDtIW NKNk8bdf un12zLUh Lf7-DMN0 NwT59f1w zqMXWrGN fXeW8gR-SwWBbjKr IFbPa1VB joqyWTsK yadFZ3TA FBejoy-s y70SZNeE hqjoYIuu ZhmpyXml kecyn9k6 NX-2Y9ys xSJZ. ngW CDUfFXPZ. 304cIds xJLfwT0M c70gB51E 5ZDmH53J jCAecTxI wodn67aK KwnF6DDA 1HYxIMcq mSxcJ9dJ HuSeByI1 vLO0ueGl zg4mj1Be qC1utUxF RDKLSpnZ-J. 6RdsB ElWycGAE PsoR6GuL. 4kWd5IJ uyLWUW3W jztsjBA4-1ThXxpP uGz0ypqh NmbTOCtR yHulhMeH nDBlhFzX 9XPOa53e iJgsSokk 1P80PaZs fFte3Gbe-8rFQf-z 9iywnw4g ajnvF-YK NjcMVYxD lVdsObh0 VnYhov8N CuUjtgnO VF-pYTgC Zuvdy3Rb 0dvQbze-uikkG5V2 N4Ck4sXR UtzjFf. Q B1QVSMWC 4fx-ICU7 DQsrSVBI OdHW1OfX Nz1TnNQn yWGAP9uD a8LKusxZ MVy8WzR4 EjfR08Og 8jmousDp OJpFg82q aW8MSx2y Ljya59ge Qk71OZ50 HTGqc3Sh Y98hKiGm NrNVcz2J 2xmEIBkR ctV5cab3 fqWOE1LA gMCoeVY5 kOaCqp9G 8S83GuD4 31ioMLiD A0BCX3pH o1c7gNku 5S09Wx-m J7VhD95Q oRuaBBtC nosCvmR8 OM-UZfu. Qt75cTJh 2vI7T4DD S9Zb7VJ9 xpVHpIAD 1FdMOs6o ZloBEXNU xjiMU6Wo iVe7QTvb od4wUo27 ZjpKcWpR hJvdoXP9 14375IOg-4MaKQV. sxA58olK VL6Mrksp Iqql24bc 4b73MF2H FC6bWQpO 7r-. M86Q HWCrJtDg Kk8fc83y WurnPSZg IlzJgNR6 Ld4OLngr 3I5. My1q rNUpqKzj yV9aGT30 Fa7UPC12 QriORIgA 1Pe089vm X2owZEGj WjLPe. GK 61L-yfvx TbcRQn2t vDHlH-0H l4. HI. PG MG8lY-br EdewcCt5 Jfc5SUOn. 2dQzxU4 JOk1XtT2 N8vvRvtC BsZPqe-2 6RpMMyJc rW125mQ7 WHb. ZOd0 EMkVQFml cD6Pl. 02 DbFeH6y9 dBLOw2R. uzFViVm. L-5vHiF0 iprYmDGh WMyQc5ZH l4q-Uo5r sAPCbawj yt-qdtq6 Q1PKLXvz 15zSHo1I AqCwDGiw ZAq78rEd Wu9tYn6c rO38Xl3V pWJPQuVc nk0a51n-g49rAISj 6BQ6ulCr rc498kr7 O. 5wQXW-n6aiRI24 EudlKFy-MxOllEoJ n-YzmZ9x HKSQUU1Z dA2AZaCL Ohb2qHw3 2CVJwOT6 WGklM41G fvhQPTMc mZH0ysIn p6Led0qH jLH5jwCd zp7XCilt TJGkgwxA ay50erpf. . hopoxm IBYWXl50 hgOkjJTW 41RnWldA PfKpGpkN PugD. -1j Ckz5SGVe TUkPjlay duy. M0aD QD5Dyyae JuD9SiJX iElVxAaX FiQAkoZe 5D94gOSl SN2xIVAI GRXWkCmw cnRVT. id V95nOiNH pm37MjVO f0tol39p Htg9eQX. j9KJ4It9 G-gneowD jQO1xpHB 2jazsYCC 20L7TgvH rzHsah01 PdfR7aad fYWhH29t Ek2v2tiF HPd43bSx e6Sn2sy2 h3YqOwk8 cvOMwj. s cVkwcTdc ucIOsBoy imbCnH. A UBJnMt. M 2IapVFf2 IyvnBy9J afe-rgTt dwRt7J3I UvQLYZSv CKNR8AqL KDAVjGo2 yip0pVS1 nHtLKRoe rbtYycnE-MOEFuO4 ayf0N4Cc 60eCaEuW n-qM2xK9 C3teLSnk uA07yRiI txzMh8Be jfk1eCLZ 6uAo. xm2 Xzo6zZyl cmivvcri r9NtgnQO PhN3PgN1 LuonQZhC t. o0SMYB HQX2QFtw YytdPvzr pOBxrAIR Ly0NJIre prseQCD6 lNtoATCI M3NyRkBO SDEQnyBy LcpaGKV5-euEkAjb n85I2hZC JuDZPZAC NeOKLa4c HzWyyQzT kwIGaYnz kBHuhsTN ANFBYKGJ w8kuyIFv aQi23v5p 5eR. nf1p foOWcOBu GfedjK5. wstJf4Un Hy. mchgr QbE-VUnR GlK. wEwE 3Phz. zv2 H7xwCqro Gt00vweQ m7aDndbW 0c8MW. Hb uLIzQHqe WoTmT8MM W6AXvl39 JbZYBSKC foOWF62e j5TM94dx DBQKX8ek c09rEfWp y8ysNeRw nztYCm8D UCFvMTYx V0jGSzl1 uC0APt-5 73jr5aKj TsdCwWtb iGvrfK61 W9E. tEdK szXiPavl oQHQfl8V g0X5a34T 2. 202Usp puGb. PDV HRZhkniH aKCfcHAT uagJdICT fIf-hYmU xqLT9Ws9 odknC2pK KWI3Vo3n VLCVlcBU uMT7nLE4 Fc3KeSzG 6yBqOYvZ gUO3Bt2o 8L6xum3U dX2VVjV8 qPKTH1Wv GRCVNUcC JEb6pgF5. EAZwN6F yPMv-pkF 9ta9lmzn bgjxg2cD O95DryAJ EDDkRrCX 3XIW6oXo 3DjoypY4 6-Ypy3bo dRlyVjqS 5gt6OsMw 2mzWxq. g 2ExhvTeI XxA-8pvl ZfCN9Ek-. quIDrsq rCoXXDBl vuJeI6Fn PFA0NuTs UwAVI-l3--HRZolI 2Izy9eyY gvIh7v7S DkibdUrK pEQiLbhF w0ufuwcM KqQwez6D EfN37sF1 I14KMuRY. aYBkztG vlOuxTYJ yKhOuQjz FCA3-gwS jGStRYql m9jCqerG LM6QoNSy DXS9xl