Schneier on Security
A blog covering security and security technology.
« I Received an Honorary Doctorate |
| Carrier IQ Spyware »
December 2, 2011
Friday Squid Blogging: Squid-Inspired Robot
It crawls on land.
Posted on December 2, 2011 at 4:34 PM
• 21 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Newly discovered Schneier fact: Bruce Schneier can write blog posts through time.
This may have been inspired by squid, but it sounds more like the way a starfish works.
"Comedy of errors lead to reports of water pump hack"
The sad thing about this is that everybody in a TLA is pointing the finger at each other over the release of the report by the fusion center. And predictably they are investigating at best only the periphery items (such as how Wiess got a copy of the report) not what actually happened prior to the compilation and release of the report.
As a technical person I want to see the actual information that rules out an attack and the supposed proof positive it was "an electro-mechanical failure" of the pump.
As I've pointed out before the logs of instrument readings that are recorded by the SCADA system are of such low bandwidth you could hide a whole host of things above the instruments cut off frequency.
As an analogy you could look at it like a photograph of a high speed sports action game taken with a very long shutter time. Objects that are static or move only fractionaly in the period of the shutter being open are sharp and clear. However the faster the movment of a player or ball the more blured and ghostlike the image. So that fast penalty kick the player is as a blured ghost and the ball an all but invisable faint blur of colour against a clear and sharp background.
Whilst I would be the first to talk about "the pervasiveness of inanimate objects (AKA Murphys Law) a physical examination of the motor should show certain indications as to the mode of failure.
As with all forensic examination you have to be extreamly cautious when arguing back from "effect" to "cause". So to say "electro-mechanical fault" requires strong and persuasive evidence.
If the evidence is weak or non existant as a technical person you would be best advised to say "insufficient evidence for a meaningfull conclusion". The main reason for this is because most argument from effect to cause is based on probability, and this always has an underlying set of assumptions. That is an effect (burnt out pump motor) can have many causes (old age, poor maintanence, defecctive manufacturing, etc, etc). And the probabilities change dramaticaly depending on the particular view point.
Also mucking up the probabilities is if the system has failed or been attacked, it is obviously in the attackers intrest to be as covert as possible and make any result look like an unfortunate failure not an attack.
We have seen a number of past examples of "pilot error" or other incorrect atribution of cause that have subsiquently been shown to have been something else. An early example of this was the first Comet Jet crash which was initialy attributed to an on board fire, which was later shown to have been chronic "metal fatigue".
However if you have a political axe to grind (as the DHS CERT people most assuradly have) then the best thing is to ignore a lack of evidence, sit on all information grasp any handy straw floating by and point the finger at somebody else... Which in effect is what we are seeing.
The best thing to do if they want to kill any suggestion it was a cyber attack is to release all the evidence they have in an open and honest way and let people judge it for themselves.
Otherwise they make themselves look compleatly incompetent, or worse as though they are trying to hide something, which inevitably gives rise to people making further adverse comment...
Mind you the Russian angle on this realy does make one heck of a fine straw floating by to reach out for, as they say "you coulden't make it up if you tried".
As for the "squidly didly" robot, I can see that the design could be significantly improved if there was also some way to move it's center of gravity (COG).
If you think about it another method of locamotion would be up on all fours and extend a leg out and then putting it down. The current design does not realy alow this as it is likly to topple in the direction of the extending leg before it has extended far enough. The toppling would be caused by the COG moving towards the extending leg as it extends. Having a small counter weight that moves initially away from the leg as it extends and then towards it after it had extended would correct this problem.
When I read this article, I immediately thought of the Friday squid post. However, I might blasphemy by suggesting that an arthropod design might be faster. They could use the same pneumatic soft internals with an exoskeleton to get faster movement on land. The soft body would be great for mimicking a squid in the water, especially if they could throttle it fast enough to create a water jet.
Came across an interesting development in random number generation. Don't have enough expertise to determine if this is research is workable for day-to-day cryptography needs but it is an interesting read. Will leave it to more knowledgeable minds on this site to provide more insight.
Here (http://www.schneier.com/blog/archives/2011/11/bad_cia_operati.html#c637525) you mentioned there being some books on fieldcraft and tradecraft. Can you list some good ones?
You could have scored squid bonus points with a related El Reg story,
It's titled "SQUID calls 'virtual photons' into real existence"
The last sentance of which says,
"Photons were observed emerging from the vacuum in pairs, a microwave energies – and the researchers say the observed photons have properties predicted by quantum theory."
Both ideas are within reason effectivly the same (ie using the apperance of virtual particles) when your aim is to get random information.
That is part of "predicted by quantum theory" is to do with what we like to think of as "predictable events that happen at random times". That is like radio active decay we know how many particles we expect to appear over a large period of time (the half life) but we don't know when each partical will actualy appear or the time interval between appearances.
However currently of the two methods described, my money is on the SQUID method, partly because it already produces a signal in the microwave frequencies, that we already routinely and very cheaply handle and partly because the other method involves a 3mm diamond and the sensors required to atain the same frequencies either don't currently exist or are like the diamond going to be quite expensive...
As for their ability to generate "truly random" information that is mainly a philisophical debate...
What we do know is the majority of "physical events" ie those that are constrained by the normal physical laws to do with forces and constrained by the speed of light exhibit behaviour that is to some extent predictable and to another extent unpredictable. In general the unpredictable appears as a form of noise in the measuring system. For instance reading data from a hard drive, the position of the raw informattion on the platter contains a small positional error, likewise the position of the read head, the platter speed under the head has small variations due in part turbulance and in part the motor etc etc etc all of which causes the information bits to jitter backwards and forward around an expected time.
Usually we try to engineer the noise out as it's an undesirable byproduct of a determanistic process that actually puts limits on things like the number of information bits per unit of area etc.
Which usually means when it comes to random bit stream generation the random signal is both low bandwidth and significantly swamped by the determanistic process signal. But worse subject to significant bias and other determanistic signals that have to be removed.
Thus the holy grail of random bit stream generation is a high level source that is very high bandwidth without bias or those hidden determanistic signals and variations over time which costs next to nothing to make or use. And currently quantum effects appear to offer us stable, high level, high bandwidth, lacking in bias, but... unfortunatly mainly costly to make.
But the underlying elephant in the room is still the philosophical question of what is "truly random". The fact we cannot predict an outcome does not make it non-determanistic, just that we cannot currently detect the determanistic process. What we do know is that as science progresses we are likly to find more currently hidden determanistic processes behind our random signals. But will we eventually discover there is no random, it apears unlikely for a whole host of reasons, but... Our understanding of the quantum world is less than a century old and prior to that we realy did think the universe ran "just like clock work" in a fully determanistic and measurable way. Thus our next quantum leap in understanding our universe could potentialy give meaning to what we currently consider unknowable and thus currently believe to be non-determanistic... Who knows all we can say is we will know more when we get there, till then enjoy the journey.
I've been asked in the past why I think the China APT mob of war hawks are blowing in the wind.
Well one reason I've given is what the Chinese are doing with cornering the supply market of certain raw materials and using them to gain access to technology. Usually by the simple process of getting foreign manufactures to set up their manufacturing plants in China in return for guaranteeing supplies (see rare earth metals for instance). Obviously this achives rather more than APT in a shorter period of time and without the political issues.
However there is another reason to do with the supply chain of "off the shelf" semiconductor items. It is well known that China has quite happily been the worlds refuse / scrap heap for some time. And that sometimes they "recycle in unexpected ways" one such that Bruce has bloged about being the reconstruction of scrapped Euro coins rather than melting them down as they were contracted to do.
Well have you ever wondered what they do with all that scrap electronics they have many thousands of metric tonnnes of going back to the mid 1980's?
Well it looks like they are recycling some of the chips onto the black market and these dodgy chips are making their way into US defense and military weapons systems where they have a habit of failing... Which is not what you want to happen in the avionics system of the Military troop transporter like the C130 etc...
Well you may not have heard about it even though RobertT, Nick P and myself have discussed it on this blog a number of times and we think it has been happening for atleat ten years and in all probability over twenty years.
Well any way it appears that the UK's Telegraph Newspaper has picked up on this Chinese black market supply chain issue,
When you have read it and had a think, then maybe you will see why I find the China APT mob of war hawks so yawnworthy.
In effect it's like screaming hysterically about the fact you are losing blood by being biten by a mosquito, when you keep quiet about the fact a tiger is also ripping your leg off with it's teeth and blood is fountaining out in all directions.
to gain access to technology. Usually by the simple process of getting foreign manufactures to set up their manufacturing plants in China
Made me think of this article I read awhile ago. (May/2011)
Shell's bridgehead in China threatens to crumble. Now that China herself controls the technology, the oil company has to possibly withdraw from a large petrochemical complex. It is the largest investment by Shell in China. "We are being bullied out of the country."
Says former Shell manager Frans van Gunsteren, who was responsible for building the complex. According to him the Chinese now want to get rid off Shell. "They no longer have need of expensive expats and believe they can manage it themselves."
A Western diplomat in Beijing who wishes to remain anonymous, recognizes a pattern. According to him it is being made increasingly difficult for foreigners to do business in China. Companies that compete with large state enterprises, have to be "really careful".
Since 2006 Shell has a large petrochemical plant, one and a half times the size of Moerdijk, where oil products are being made for the Chinese market. The complex is owned by a joint venture in which Shell and the Chinese state oil company CNOOC each own half of the shares.
The plant, which costs $ 4.3 billion dollar (3 billion euro), is one of the largest investments of a non-Chinese party with a Chinese partner in the country. Tension has risen in recent months due to talks re a new oil installation in the vicinity.
Partner CNOOC wants to expand an existing refinery for $ 7.5 billion. Shell also wants to participate. The company still has no refinery in China, and also wants to position its refining operations closer to the fastest growing market in the world.
But the Chinese seem to have less apetite in their Western partners than ten years ago. China Daily newspaper quoted regional official of the Communist Party earlier this year who said that Shell will never get a 50-percent stake in a joint venture again. "CNOOC has no shortage of capital or technology in order to lift the plant off the ground," said Diao Guo Tao to the Chinese newspaper.
Shell would have to settle for 30 percent. But according to sources the company would also have to reduce its 50-percent stake in the existing joint venture to 30 percent. Van Gunsteren, "In the end what will happen is that the Chinese will draw the remainder to themselves (push us out)." Shell would not comment Friday on the issue.
"Made me think of this article I read awhile ago"
Yup it's just one of oh so many examples.
The stupidity of situation is that it's the marketing, accountants and "managment chancers" driving their organisations into these traps for the sake of "shareholder value", and the stupidity is they think they can win in these games...
And with that sort of predominately short sighted attitude being highly prevalent, I sometimes wonder why the Chinese (or others) bother with APT...
@ Nick P,
A little while ago you asked about DeepWater Horizon and BP's problematical sub contractor's and I indicated at the time that the word in the industry was it was the pair of them not BP who were actually responsible for the disaster. And one of them (Haliburton) had quite deliberatly destroyed evidence and manufactured other evidence...
Well it looks like BP has got tired of waiting for the US Gov to act and have filled court papers asking that Haliburton be punished accordingly...
At the end of the day, I think the Chinese are just the better businessmen here. :o) -- Us Dutch would have done exactly the same lol. And I agree with your take on the APT threat. This is a so much more graceful way of going about it.
Had some Indonesian-Chinese just before. Two full plates, it was delicious.
They say that before a technology becomes main stream it's first the tool of heratics and criminals...
Well it looks like 3D Printers are being used for criminal acttivities,
I must admit looking at the photos the crimbo's have done a very nice job and I think from now on I'm standing in the "teller que" no matter how inconveniant...
One evil thought it did raise was a custom card reader system. If you go into a large chain restaurant these days and pay by card, as likley as not they come around with one of those WiFi card readers. How difficult would it be to swipe one and add a little extra such as a mobile phone SMS sender to send out the Mag Stripe info and PIN entered...
Interesting crypto end run.
How does BozoCrack do its voodoo? The author explains: "Instead of rainbow tables, dictionaries, or brute force, BozoCrack simply finds the plaintext password. Specifically, it googles the MD5 hash and hopes the plaintext appears somewhere on the first page of results. / It works way better than it ever should."
According to a Washington Post background/briefing piece,
An elite team working in a windowless room at the National Security Agency soon determined that a rogue program had infected a classified network, kept separate from the public Internet, that harbored some of the military’s most important secrets, including battle plans used by commanders in Afghanistan and Iraq
Ho humm "elite" maybe "airgap crossing malware" quite common these days... but hey this was supposadly back in Oct 2008...
Nor could they tell how long it had been there, but they soon deduced the ingeniously simple means of transmission according to several current and former U.S. officials. The malicious software, or malware, caught a ride on an everyday thumb drive that allowed it to enter the secret system and begin looking for documents to steal. Then it spread by copying itself onto other thumb drives
Hmm I'm getting that "been there, done that, and written the book and printed the T-Shirts" feeling (same as I did with Stucnet).
I've certainly done the research to do air-gap crossing and written example code to try it out and mentioned it here and on other blogs longer ago than Oct 2008. Admittedly I was looking into "How to steal an election" by working out how to infect voting machines via technicians laptops etc, or via the memory key/SD card used for tallying up the vote counts. I named the method "Fire and Forget" to distinguish it's "oportunistic nature" over that of the "directed nature" of a focussed attack. And guess what,
The malware ... had circulated on the Internet for months without causing alarm, as just one threat among many. Then it showed up on the military computers of a NATO government in June 2008
One likely scenario is that an American ... went to an Internet cafe, used a thumb drive in an infected computer and then inserted the drive in a classified machine. “We knew fairly confidently that the mechanism had been somebody going to a kiosk and doing something they shouldn’t have as opposed to somebody who had been able to get inside the network,” one former official said.
Just the way I designed my system, except I also included a few other covert wrinkles to get around the "becon" control channel issue the article mentions.
Any way appart from the "I told you so" feeling it gives that warms my heart ;) it realy is an issue that most if not all operators of networks carrying confidential information should have tattooed on the back of their hands to remind them.
The hard part is stoping it and the article goes on to describe just some of the problems this causes.
So well worth the read, and put a print out on your bosses intray (or better yet his bosses, bosses, bosess intray ;)
Anyway speaking of "heart warming feelings" as I'm back up on my feet and pottering around although still ill according to the Dr. I though time to make some home made bread to go with not just the home made jam but some nice homemade heart warming leek & Potato soup 8)
I might not be "A Domestic God" but there is something very de-stressing about neading the crap out of 2Kg of bread dough, especialy when it comes to "knocking back" that bloated pasty looking face ;)
Gosh, talk about hijacking a thread. Some of you need to drink less coffee.
The bots and squid-bots have an evolution of sorts working on them, thanks to human brains, and I had fun watching that video, thanks.
Although I have to admit I find the stuffed squid toys a lot cuter :)
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.