Roughly three weeks later, there is a operation program available to crack ACBL hand records.
- Given three consecutive boards, all the remaining boards for that session can be determined.
- The program can be easily parallelized. This analysis can be finished while sessions are still running
this would permit the following type of attack:
- A confederate watch boards 1-3 of the USBF team trials on vugraph
- The confederate uses Amazon web services to crack all the rest of the boards for that session
- The confederate texts the hands to a players smart phone
- The player hits the head, whips out his smart phone, and …
Entries Tagged "cheating"
Page 2 of 7
Here’s an interesting case of doctored urine-test samples from the Sochi Olympics. Evidence points to someone defeating the tamper resistance of the bottles:
Berlinger bottles come in sets of two: one for the athlete’s “A” sample, which is tested at the Games, and the other for the “B” sample, which is used to corroborate a positive test of the A sample. Metal teeth in the B bottle’s cap lock in place, so it cannot be twisted off.
“The bottles are either destroyed or retain visible traces of tampering if any unauthorized attempt is made to open them,” Berlinger’s website says about the security of the bottles.
The only way to open the bottle, according to Berlinger, is to use a special machine sold by the company for about $2,000; it cracks the bottle’s cap in half, making it apparent that the sample has been touched.
Yet someone figured out how to open the bottles, swap out the liquid, and replace the caps without leaving any visible signs of tampering.
EDITED TO ADD: There’s a new article on how they did it.
In Room 124, Dr. Rodchenkov received the sealed bottles through the hole and handed them to a man who he believed was a Russian intelligence officer. The man took the bottles to a building nearby. Within a few hours, the bottles were returned with the caps loose and unbroken.
One commenter complained that I called the bottles “tamper-proof,” even though I used the more accurate phrase “tamper-resistance” in the post. Yes, that was sloppy.
If doping weren’t enough, cyclists are cheating in races by hiding tiny motors in their bicycles. There are many detection techniques:
For its report, Stade 2 positioned a thermal imaging camera along the route of the Strade Bianche, an Italian professional men’s race in March held mostly on unpaved roads and featuring many steep climbs. The rear hub of one bicycle glowed with almost the same vivid orange-yellow thermal imprint of the riders’ legs. Engineers and antidoping experts interviewed by the TV program said the pattern could be explained only by heat generated by a motor. The rider was not named by the program and could not be identified from the thermal image.
Cycling’s equivalents of the Zapruder film are online videos that show unusual patterns of bike changes that precede or follow exceptional bursts of speed by riders. Other videos analyze riders’ hand movements for signs of switching on motors. Still other online analysts pore over crashes, looking for bikes on which the cranks keep turning after separation from the rider.
Unlike the thermal images, however, the videos have only implied that a motor was present.
In a statement, the cycling union, which commonly goes by its French initials, U.C.I., said it had tested and rejected thermal imaging.
“The U.C.I. has been testing for technological fraud for many years, and with the objective of increasing the efficiency of these tests, we have been trialling new methods of detection over the last year,” the governing body said. “We have looked at thermal imaging, X-ray and ultrasonic testing, but by far the most cost-effective, reliable and accurate method has proved to be magnetic resonance testing using software we have created in partnership with a company of specialist developers.”
Story of Julie Miller, who cheated in multiple triathlon races:
The difference between cheating in 1980 and cheating today is that it’s much harder to get away with now. What trips up contemporary cheaters, Empfield said, is their false assumption that the only thing they have to worry about is their timing chip, the device they wear that records their time at various points along a course.
But the use of additional technology especially the ubiquitous course photos taken by spectators and professional photographers, which provide a wealth of information about athletes’ positions and times throughout a race makes it difficult for people to cover their tracks after the fact.
“What these people don’t understand is that the photos contain so much data they don’t know that this exists,” Empfield said of cheaters. “They think that if they hide in the bushes and re-emerge or take the chip off or whatever, they’re in the clear. But the problem is that people can now forensically recreate your race.”
Reminds me of this 2012 story about marathon cheating.
EDITED TO ADD (4/27): An update with proof of cheating.
It was a manipulation of the terminals.
The 5 Card Cash game was suspended in November after Connecticut Lottery and state Department of Consumer Protection officials noticed there were more winning tickets than the game’s parameters should have allowed. The game remains suspended.
An investigation determined that some lottery retailers were manipulating lottery machines to print more instant winner tickets and fewer losers….
An investigator for the Connecticut Lottery determined that terminal operators could slow down their lottery machines by requesting a number of database reports or by entering several requests for lottery game tickets. While those reports were being processed, the operator could enter sales for 5 Card Cash tickets. Before the tickets would print, however, the operator could see on a screen if the tickets were instant winners. If tickets were not winners, the operator could cancel the sale before the tickets printed.
Interesting article on detecting cheaters in professional bridge using big-data analysis.
Basically, a big part of the game is the communication of information between the partners. But only certain communications channels are permitted. Cheating involves partners sending secret signals to each other.
The results of this can be detected by analyzing lots of games the partners play. If they consistently make plays that should turn out badly based on the information they should know, but end up turning out well given the actual distribution of the cards, then we know that some sort of secret signaling is involved.
For the past six years, Volkswagen has been cheating on the emissions testing for its diesel cars. The cars’ computers were able to detect when they were being tested, and temporarily alter how their engines worked so they looked much cleaner than they actually were. When they weren’t being tested, they belched out 40 times the pollutants. Their CEO has resigned, and the company will face an expensive recall, enormous fines and worse.
Cheating on regulatory testing has a long history in corporate America. It happens regularly in automobile emissions control and elsewhere. What’s important in the VW case is that the cheating was preprogrammed into the algorithm that controlled cars’ emissions.
Computers allow people to cheat in ways that are new. Because the cheating is encapsulated in software, the malicious actions can happen at a far remove from the testing itself. Because the software is “smart” in ways that normal objects are not, the cheating can be subtler and harder to detect.
We’ve already had examples of smartphone manufacturers cheating on processor benchmark testing: detecting when they’re being tested and artificially increasing their performance. We’re going to see this in other industries.
The Internet of Things is coming. Many industries are moving to add computers to their devices, and that will bring with it new opportunities for manufacturers to cheat. Light bulbs could fool regulators into appearing more energy efficient than they are. Temperature sensors could fool buyers into believing that food has been stored at safer temperatures than it has been. Voting machines could appear to work perfectly — except during the first Tuesday of November, when they undetectably switch a few percent of votes from one party’s candidates to another’s.
My worry is that some corporate executives won’t interpret the VW story as a cautionary tale involving just punishments for a bad mistake but will see it instead as a demonstration that you can get away with something like that for six years.
And they’ll cheat smarter. For all of VW’s brazenness, its cheating was obvious once people knew to look for it. Far cleverer would be to make the cheating look like an accident. Overall software quality is so bad that products ship with thousands of programming mistakes.
Most of them don’t affect normal operations, which is why your software generally works just fine. Some of them do, which is why your software occasionally fails, and needs constant updates. By making cheating software appear to be a programming mistake, the cheating looks like an accident. And, unfortunately, this type of deniable cheating is easier than people think.
Computer-security experts believe that intelligence agencies have been doing this sort of thing for years, both with the consent of the software developers and surreptitiously.
This problem won’t be solved through computer security as we normally think of it. Conventional computer security is designed to prevent outside hackers from breaking into your computers and networks. The car analogue would be security software that prevented an owner from tweaking his own engine to run faster but in the process emit more pollutants. What we need to contend with is a very different threat: malfeasance programmed in at the design stage.
We already know how to protect ourselves against corporate misbehavior. Ronald Reagan once said “trust, but verify” when speaking about the Soviet Union cheating on nuclear treaties. We need to be able to verify the software that controls our lives.
Software verification has two parts: transparency and oversight. Transparency means making the source code available for analysis. The need for this is obvious; it’s much easier to hide cheating software if a manufacturer can hide the code.
But transparency doesn’t magically reduce cheating or improve software quality, as anyone who uses open-source software knows. It’s only the first step. The code must be analyzed. And because software is so complicated, that analysis can’t be limited to a once-every-few-years government test. We need private analysis as well.
It was researchers at private labs in the United States and Germany that eventually outed Volkswagen. So transparency can’t just mean making the code available to government regulators and their representatives; it needs to mean making the code available to everyone.
Both transparency and oversight are being threatened in the software world. Companies routinely fight making their code public and attempt to muzzle security researchers who find problems, citing the proprietary nature of the software. It’s a fair complaint, but the public interests of accuracy and safety need to trump business interests.
Proprietary software is increasingly being used in critical applications: voting machines, medical devices, breathalyzers, electric power distribution, systems that decide whether or not someone can board an airplane. We’re ceding more control of our lives to software and algorithms. Transparency is the only way verify that they’re not cheating us.
There’s no shortage of corporate executives willing to lie and cheat their way to profits. We saw another example of this last week: Stewart Parnell, the former CEO of the now-defunct Peanut Corporation of America, was sentenced to 28 years in prison for knowingly shipping out salmonella-tainted products. That may seem excessive, but nine people died and many more fell ill as a result of his cheating.
Software will only make malfeasance like this easier to commit and harder to prove. Fewer people need to know about the conspiracy. It can be done in advance, nowhere near the testing time or site. And, if the software remains undetected for long enough, it could easily be the case that no one in the company remembers that it’s there.
We need better verification of the software that controls our lives, and that means more — and more public — transparency.
This essay previously appeared on CNN.com.
EDITED TO ADD (10/8): A history of emissions-control cheating devices.
Chess player caught cheating at a tournament:
I kept on looking at him. He was always sitting down, he never got up. It was very strange; we are taking about hours and hours of playing. But most suspicious of all, he always had his arms folded with his thumb under his armpit. He never took it out.”
Mr Coqueraut said he was also “batting his eyelids in the most unnatural way.”
“Then I understood it,” he said. “He was deciphering signals in Morse code.”
The referee attempted to expose Mr Ricciardi by asking him to empty his pockets, but nothing was found. When the Italian was asked to open his shirt, he refused.
Tournament organisers then asked the 37-year old to pass through a metal detector and a sophisticated pendant was found hanging around his neck underneath a shirt. The pendant contained a tiny video camera as well as a mass of wires attached to his body and a 4cm box under his armpit. Mr Ricciardi claimed they were good luck charms.
Interesting research detecting betrayal in the game of Diplomacy by analyzing interplayer messages.
One harbinger was a shift in politeness. Players who were excessively polite in general were more likely to betray, and people who were suddenly more polite were more likely to become victims of betrayal, study coauthor and Cornell graduate student Vlad Niculae reported July 29 at the Annual Meeting of the Association for Computational Linguistics in Beijing. Consider this exchange from one round:
Germany: Can I suggest you move your armies east and then I will support you? Then next year you move [there] and dismantle Turkey. I will deal with England and France, you take out Italy.
Austria: Sounds like a perfect plan! Happy to follow through. And — thank you Bruder!
Austria’s next move was invading German territory. Bam! Betrayal.
An increase planning-related language by the soon-to-be victim also indicated impending betrayal, a signal that emerges a few rounds before the treachery ensues. And correspondence of soon-to-be betrayers had an uptick in positive sentiment in the lead-up to their breach.
Working from these linguistic cues, a computer program could peg future betrayal 57 percent of the time. That might not sound like much, but it was better than the accuracy of the human players, who never saw it coming. And remember that by definition, a betrayer conceals the intention to betray; the breach is unexpected (that whole trust thing). Given that inherent deceit, 57 percent isn’t so bad.
Back when I was in high school, I briefly published a postal Diplomacy zine.
Sidebar photo of Bruce Schneier by Joe MacInnis.