The Doghouse: Sniper Flash Cards
They have a cryptanalysis contest with a $5,000 prize, but a $100 entry fee.
Sounds like a scam to me.
(My comments on cracking contests can be seen here.)
Entries Tagged "contests"
Page 7 of 7
Movie-Plot Threat Contest Winner
I can tell you one thing, you guys are really imaginative. The response to my Movie-Plot Threat Contest was more than I could imagine: 892 comments. I printed them all out—195 pages, double sided—and spiral bound them, so I could read them more easily. The cover read: “The Big Book of Terrorist Plots.” I tried not to wave it around too much in airports.
I almost didn’t want to pick a winner, because the real point is the enormous list of them all. And because it’s hard to choose. But after careful deliberation (see selection criteria here), the winning entry is by Tom Grant. Although planes filled with explosives is already cliche, destroying the Grand Coulee Dam is inspired. Here it is:
Mission: Terrorize Americans. Neutralize American economy, make America feel completely vulnerable, and all Americans unsafe.
Scene 1: A rented van drives from Spokane, WA, to a remote setting in Idaho and loads up with shoulder-mounted rocket launchers and a couple of people dressed in fatigues.
Scene 2: Terrorists dressed in “delivery man” garb take over the UPS cargo depot at the Spokane, WA, airport. A van full of explosives is unloaded at the depot.
Scene 3: Terrorists dressed in “delivery man” garb take over the UPS cargo depot at the Kamloops, BC, airport. A van full of explosives is unloaded at the depot.
Scene 4: A van with mercenaries drives through the Idaho forests en route to an unknown destination. Receives cell communiqué that locations Alpha and Bravo are secured.
Scene 5: UPS cargo plane lands in Kamloops and is met at the depot by terrorists who overtake the plane and its crew. Explosives are loaded aboard the aircraft. The same scene plays out in Spokane moments later, and that plane is loaded with explosives. Two pilots board each of the cargo planes and ask for takeoff instructions as night falls across the West.
Scene 6: Two cargo jets go airborne from two separate locations. A van with four terrorists arrives at its destination, parked on an overlook ridge just after nightfall. They use infrared glasses to scope the target. The camera pans down and away from the van, exposing the target. Grand Coulee Dam. The cell phone rings and notification comes to the leader that “Nighthawks alpha and bravo have launched.”
Scene 7: Two radar operators in separate locations note with alarm that UPS cargo jets they have been tracking have dropped off the radar and may have crashed. Aboard each craft the pilots have turned off navigational radios and are flying on “manual” at low altitude. One heading South, one heading North.
Scene 8: Planes are closing in on the “target” and the rocket launcher crew goes to work. With precision they strike lookout and defense positions on the dam, then target the office structures below. As they finish, a cargo jet approaches from the North at high velocity, slamming into the back side of the dam just above the waterline and exploding, shuddering the earth. A large portion of the center-top of the dam is missing. Within seconds a cargo plane coming from the South slams into the front face of the dam, closer to the base, and explodes in a blinding flash, shuddering the earth. In moments, the dam begins to fail, and a final volley from four rocket launchers on the hill above helps break open the face of the dam. The 40-mile-long Lake Roosevelt begins to pour down the Columbia River Valley, uncontrolled. No warning is given to the dams downriver, other than the generation at G.C. is now offline.
Scene 9: Through the night, the surging wall of water roars down the Columbia waterway, overtopping dam after dam and gaining momentum (and huge amounts of water) along the way. The cities of Wenatchee and Kennewick are inundated and largely swept away. A van of renegades retreats to Northern Idaho to hide.
Scene 10: As day breaks in the West, there is no power from Seattle to Los Angeles. The Western power grid has failed. Commerce has ground to a halt west of the Rocky Mountains. Water is sweeping down the Columbia River gorge, threatening to overtop Bonneville dam and wipe out the large metro area of Portland, OR.
Scene 11: Bin Laden releases a video on Al Jazeera that claims victory over the Americans.
Scene 12: Pandemonium, as water sweeps into a panicked Portland, Oregon, washing all away in its path, and surging water well up the Willamette valley.
Scene 13: Washington situation room…little input is coming in from the West. Some military bases have emergency power and sat phones, and are reporting that the devastation of the dam infrastructure is complete. Seven major and five minor dams have been destroyed. Re-powering the West coast will take months, as connections from the Eastern grid will have to be made through the New Mexico Mountains.
Scene 14: Worst U.S. market crash in history. America’s GNP drops from the top of the charts to 20th worldwide. Exports and imports cease on the West coast. Martial law fails to control mass exodus from Seattle, San Francisco, and L.A. as millions flee to the east. Gas shortages and vigilante mentality take their toll on the panicked populace. The West is “wild” once more. The East is overrun with millions seeking homes and employment.
Congratulations, Tom. I’m still trying to figure out what you win.
There’s a more coherent essay about this on Wired.com, but I didn’t reprint it here because it contained too much that I’ve already posted on this blog.
Movie-Plot Threat Contest: Second Status Report
On April 1, I announced my (possibly First) Movie-Plot Threat Contest (update here).
The submission deadline was the end of April, and I had hoped to have picked winners by now. But there are just too many entrants to wade through.
I’ll announce winners by the next Crypto-Gram; that’s June 15.
Promise.
(If any of you want to suggest a winner, please list your choices here.)
Movie Plot Threat Contest: Status Report
On the first of this month, I announced my (possibly First) Movie-Plot Threat Contest.
Entrants are invited to submit the most unlikely, yet still plausible, terrorist attack scenarios they can come up with.
Your goal: cause terror. Make the American people notice. Inflict lasting damage on the U.S. economy. Change the political landscape, or the culture. The more grandiose the goal, the better.
Assume an attacker profile on the order of 9/11: 20 to 30 unskilled people, and about $500,000 with which to buy skills, equipment, etc.
As of this morning, the blog post has 580 comments. I expected a lot of submissions, but the response has blown me away.
Looking over the different terrorist plots, they seem to fall into several broad categories. The first category consists of attacks against our infrastructure: the food supply, the water supply, the power infrastructure, the telephone system, etc. The idea is to cripple the country by targeting one of the basic systems that make it work.
The second category consists of big-ticket plots. Either they have very public targets—blowing up the Super Bowl, the Oscars, etc.—or they have high-tech components: nuclear waste, anthrax, chlorine gas, a full oil tanker, etc. And they are often complex and hard to pull off. This is the 9/11 idea: a single huge event that affects the entire nation.
The third category consists of low-tech attacks that go on and on. Several people imagined a version of the DC sniper scenario, but with multiple teams. The teams would slowly move around the country, perhaps each team starting up after the previous one was captured or killed. Other people suggested a variant of this with small bombs in random public locations around the country.
(There’s a fourth category: actual movie plots. Some entries are comical, unrealistic, have science fiction premises, etc. I’m not even considering those.)
The better ideas tap directly into public fears. In my book, Beyond Fear, I discusse five different tendencies people have to exaggerate risks: to believe that something is more risky than it actually is.
- People exaggerate spectacular but rare risks and downplay common risks.
- People have trouble estimating risks for anything not exactly like their normal situation.
- Personified risks are perceived to be greater than anonymous risks.
- People underestimate risks they willingly take and overestimate risks in situations they can’t control.
- People overestimate risks that are being talked about and remain an object of public scrutiny.
The best plot ideas leverage one or more of those tendencies. Big-ticket attacks leverage the first. Infrastructure and low-tech attacks leverage the fourth. And every attack tries to leverage the fifth, especially those attacks that go on and on. I’m willing to bet that when I find a winner, it will be the plot that leverages the greatest number of those tendencies to the best possible advantage.
I also got a bunch of e-mails from people with ideas they thought too terrifying to post publicly. Some of them wouldn’t even tell them to me. I also received e-mails from people accusing me of helping the terrorists by giving them ideas.
But if there’s one thing this contest demonstrates, it’s that good terrorist ideas are a dime a dozen. Anyone can figure out how to cause terror. The hard part is execution.
Some of the submitted plots require minimal skill and equipment. Twenty guys with cars and guns—that sort of thing. Reading through them, you have to wonder why there have been no terrorist attacks in the U.S. since 9/11. I don’t believe the “flypaper theory,” that the terrorists are all in Iraq instead of in the U.S. And despite all the ineffectual security we’ve put in place since 9/11, I’m sure we have had some successes in intelligence and investigation—and have made it harder for terrorists to operate both in the U.S. and abroad.
But mostly, I think terrorist attacks are much harder than most of us think. It’s harder to find willing recruits than we think. It’s harder to coordinate plans. It’s harder to execute those plans. Terrorism is rare, and for all we’ve heard about 9/11 changing the world, it’s still rare.
The submission deadline is the end of this month, so there’s still time to submit your entry. And please read through some of the others and comment on them; I’m curious as to what other people think are the most interesting, compelling, realistic, or effective scenarios.
EDITED TO ADD (4/23): The contest made The New York Times.
Announcing: Movie-Plot Threat Contest
NOTE: If you have a blog, please spread the word.
For a while now, I have been writing about our penchant for “movie-plot threats“: terrorist fears based on very specific attack scenarios. Terrorists with crop dusters, terrorists exploding baby carriages in subways, terrorists filling school buses with explosives—these are all movie-plot threats. They’re good for scaring people, but it’s just silly to build national security policy around them.
But if we’re going to worry about unlikely attacks, why can’t they be exciting and innovative ones? If Americans are going to be scared, shouldn’t they be scared of things that are really scary? “Blowing up the Super Bowl” is a movie plot to be sure, but it’s not a very good movie. Let’s kick this up a notch.
It is in this spirit I announce the (possibly First) Movie-Plot Threat Contest. Entrants are invited to submit the most unlikely, yet still plausible, terrorist attack scenarios they can come up with.
Your goal: cause terror. Make the American people notice. Inflict lasting damage on the U.S. economy. Change the political landscape, or the culture. The more grandiose the goal, the better.
Assume an attacker profile on the order of 9/11: 20 to 30 unskilled people, and about $500,000 with which to buy skills, equipment, etc.
Post your movie plots here on this blog.
Judging will be by me, swayed by popular acclaim in the blog comments section. The prize will be an autographed copy of Beyond Fear. And if I can swing it, a phone call with a real live movie producer.
Entries close at the end of the month—April 30—so Crypto-Gram readers can also play.
This is not an April Fool’s joke, although it’s in the spirit of the season. The purpose of this contest is absurd humor, but I hope it also makes a point. Terrorism is a real threat, but we’re not any safer through security measures that require us to correctly guess what the terrorists are going to do next.
Good luck.
EDITED TO ADD (4/4): There are hundreds of ideas here.
EDITED TO ADD (4/22): Update here.
NIST Hash Workshop Liveblogging (5)
The afternoon started with three brand new hash functions: FORK-256, DHA-256, and VSH. VSH (Very Smooth Hash) was the interesting one; it’s based on factoring and the discrete logarithm problem, like public-key encryption, and not on bit-twiddling like symmetric encryption. I have no idea if it’s any good, but it’s cool to see something so different.
I think we need different. So many of our hash functions look pretty much the same: MD4, MD5, SHA-0, SHA-1, RIPE-MD, HAVAL, SHA-256, SHA-512. And everything is basically a block cipher in Davies-Meyer mode. I want some completely different designs. I want hash functions based on a stream ciphers. I want more functions based on number theory.
The final session was an open discussion about what to do next. There was much debate about how soon we need a new hash function, how long we should rely on SHA-1 or SHA-256, etc.
Hashing is hard. At the ultra-high-level hand-waving level, it takes a lot more clock cycles per message byte to hash than it does to encrypt. No one has any theory to account for this, but it seems like the lack of any secrets in a hash function makes it a harder problem. This may be an artifact of our lack of knowledge, but I think there’s a grain of fundamental truth buried here.
And hash functions are used everywhere. Hash functions are the workhorse of cryptography; they’re sprinkled all over security protocols. They’re used all the time, in all sorts of weird ways, for all sorts of weird purposes. We cryptographers think of them as good hygiene, kind of like condoms.
So we need a fast answer for immediate applications.
We also need “SHA2,” whatever that will look like. And a design competition is the best way to get a SHA2. (Niels Ferguson pointed out that the AES process was the best cryptographic invention of the past decade.)
Unfortunately, we’re in no position to have an AES-like competition to replace SHA right now. We simply don’t know enough about designing hash functions. What we need is research, random research all over the map. Designs beget analyses beget designs beget analyses…. Right now we need a bunch of mediocre hash function designs. We need a posse of hotshot graduate students breaking them and making names for themselves. We need new tricks and new tools. Hash functions are a hot area of research right now, but anything we can do to stoke that will pay off in the future.
NIST is thinking of hosting another hash workshop right after Crypto next year. That would be a good thing.
I need to get to work on a hash function based on Phelix.
Underhanded C Contest
As far as I know, this is the only security-related programming contest: the Underhanded C Contest. The object is to write clear, readable C code with hidden malicious behavior; in other words, to hide evil stuff in code that passes visual inspection of source by other programmers.
This year’s challenge: covert fingerprinting.
Sidebar photo of Bruce Schneier by Joe MacInnis.