That’s odd

I’ve frequently read that important discoveries and inventions more often start with “That’s odd.” than with “Eureka!”

And so it was with a discovery of mine a week ago today.

I write software tools for the cyber security team at a major corporation. The culture is somewhat freewheeling. In the first couple of days when I started work my boss told me something to the effect of “People create their own positions here.” After the first couple of months I would talk to him no more than once a month. Sometimes it would be far longer than that. I did, pretty much, whatever I wanted. At review time I would be told, “We really like what you are doing and keep it up.” My model was look at what people around me were doing and write tools to make their job easier, faster, and enable better results.

I sometimes would joke that my goal was to eliminate the jobs of the people around me by writing the software to replace them. In reality what I did just meant people could be far more productive. Cyber security is never ending and I don’t see an end in sight for a job in this field as long as we have computer networks and human nature is what it is.

Nearly everything I did was little web application which would do things like check IP addresses for being on black lists and geolocate them, pull data and reformat from sensors, and graph data on “dashboards” for management to look at. My background task was working on something much bigger. I would see patterns in some of the data I was pulling from sensors and would try to get someone to investigate what I thought was suspicious activity.

The investigators would look at it for a few seconds and tell me something to the effect of, “I can see anything here. I need to see A, B, and C as well in order to know if this is anything.” So, a week or two later, I would show them similar data with A, B, and C added to the set. Again they would look at it for a few seconds, not see what I was seeing, and tell me they needed X, Y, and Z as well.

This went on for some time. I was somewhat frustrated and annoyed but I was learning how they did their jobs and what data they needed from multiple sources to evaluate a potential threat. But tens of thousands of rows in a spreadsheet with dozens of columns still didn’t allow people to quickly see the patterns I believed I was seeing. About two years ago I had kind of an eureka moment and I came up with a much better way of viewing the data (patent idea submitted to our attorneys was made late last year).

I started writing the software and explained it to anyone who expressed the slightest bit of interest in what I was doing. I gave the software the name “Bird Dog”. It essence it’s hunting through the grass and brush searching for specific things of interest to the (cyber security threat) hunter. It then points them out and then, when given the command, flushes them into the “air” such that only the the blind could not see them.

Everyone that sees it thinks it’s awesome but as much as I try I’m the only one that uses it. Everyone likes the data it produces but they don’t use it themselves. I think I need to make it easier to use but that’s a different story.

Last weekend I was putting in extra hours working on Bird Dog because I had gone through a major rewrite and it was to the point where things were working again as features were reenabled and new features were showing up. It’s very exciting to see what things will show up in the data with the proper visualization.

One of the things I had occasionally done in the past was to run a set of our externally facing IP addresses against the lists of “high risk” IPs. I didn’t have a complete set of our IP addresses but I had gathered some from public sources and had somewhat automated the process. I still had to copy and paste the list into a web app, click a button, and download the .CSV file into Excel. It didn’t take long but I never found anything and didn’t do it very often.

After the rewrite Bird Dog had a new data source. The new data source included more of our externally facing IP addresses. Bird Dog would now have not just my hand crafted list of IPs but IPs from the firewalls and other sources that might not be on any easily available list. And Bird Dog automatically added the risk scores to every public IP it saw, not just the IP addresses which were not ours (a previous limitation).

Last week during my testing of the new Bird Dog code one of our IPs was given a risk score indicating it was considered “Malicious”. That’s odd. I have been doing those sort of checks for years and I had never seen that before. But, it was one of the new features of Bird Dog and I knew it was possible.

I pointed it out to my boss. He and I spent a few minutes on it. We tried to find out why it was considered high risk but the supplier of the risk score for that IP had a 404 error on the web page for that one IP.

Another investigator was assigned and we looked some more. We didn’t make much progress and could create a story matching all the data that it was a false positive and we didn’t need to worry about it. We were about to close the case and move and when the vendor who had supplied the risk score showed up for a meeting.

One of the guys (who plans to attend Boomershoot this year, BTW) stopped by my desk and asked how things were going. We chatted about Boomershoot some and then I told him I was a little frustrated about the missing risk score “evidence” for the one IP address. They get their information from various sources and had provided a link to the original source which where I was getting the 404 error from. He pointed out his company had cached the web page and we could just click on a different link. It wasn’t obvious to either I or the other investigator and we both missed it.

Together the vendor and I looked at the cached web page. We quickly determined that as far as our network security was concerned it was certainly a false positive. But the data was something we couldn’t ignore.

When my boss, a former police officer, came back to the office I showed it to him and asked if it should be forwarded to the police for investigation. He asked me to write it up and forward it to him and he would forward it to Corporate Investigations who handles all interaction with law enforcement.

Within a couple hours the referral had been made. Later that day my boss wrote an email to our director (some details redacted, indicated by XXX, for various reasons):

Joe was working on his Bird Dog code and identified a XXX IP address labeled “High Risk” by XXX.  After additional analysis, Joe and Mike found the IP address was listed in a cached webpage where someone posted XXX links to suspected child pornography

This was immediately handed off to XXX and the appropriate LE referral was made to the National Center for Missing and Exploited Children.

Great work by the entire team to keep digging and hopefully contribute to protecting a vulnerable child!

Neither I nor anyone I know clicked on the links. We all know better than to do that. You never want to go there.

This is probably the best, for certain measures of best, find so far by Bird Dog. And it was totally inadvertent. Sometimes it’s the odd things that are the most important to follow up on.

Quote of the day—Brad Smith

The pressure to put data centers in more countries is giving rise to what is rapidly becoming one of the world’s most important human rights issues. With everyone’s personal information stored in the cloud, an authoritarian regime bent on broad surveillances can unleash draconian demands to monitor not only what people are communicating, but even what they are reading and watching online. And armed with this knowledge, governments can prosecute, persecute, or even execute those individuals they consider threats.

This is a fundamental fact of life that everyone in works in the tech sector needs to remember every day.

Brad Smith
President and chief legal officer of Microsoft
September 2019
Page 45 in Tools and Weapons: The Promise and the Peril of the Digital Age


[One of Barb’s brother-in-laws recommended this book to me a few days ago as we were having a discussion about privacy and security.

I’m only about 20% of the way through the book but I’m really enjoying it. What I’m hearing matches the general tone of the culture when I worked at Microsoft. They take customer privacy seriously.

They have a team of about 50 people that work full time to respond to government requests and push back if the request is out of line with the law. They have promised to go to court rather than comply with requests that don’t have the warrants and documentation all in order. And they have gone to court numerous times. Smith claims they win in court 90% of the time.

I don’t know the details of the level of cooperation my current employer and the government have but I know that on the security side of things we take things very seriously. I also know that, IIRC, we have about 100 full time people who deal with government requests for information. I’ve talked with some of them and they too seem to believe it’s critical to keep the government on the straight and narrow.

I only see the criminal side of things but if we know or suspect customer personal information has been compromised, by either insider or outsiders, we put a stop to it as quickly as possible. And in the past year or two I’ve been seeing names of the people we chased end up in the news as being arrested, prosecuted, and convicted. None of them have been government officials, but that’s probably a little too much to expect.—Joe]

I don’t think so

I have listened to, read about, and commented on Fascitelli for almost 10 years*. I know enough about him that I think he’s probably a nice guy. I don’t think he is stupid either. He has changed his stance toward gun control and gotten a lot smarter about things (read the links below* and see how his attitude has changed over the years). But this indicates he has some other problem:

They’ve been working on Philadelphia-based Lodestar for a couple of years now. The duo recruited Ginger Chandler, a former Remington executive, to design the product, which, Fascitelli says, will be a gun accompanied by an RFID tag (some argue for fingerprint technology). Smart guns reached a turning point this summer, when New Jersey Gov. Phil Murphy reformed that state’s law to allow more research and development of smart guns.

Lodestar, which raised $250,000, is now looking for an additional $3 million to finish its prototype. Its three-person payroll is about $10,000 a month while the team waits for the shift in the political landscape to catch funders’ interest. They estimate potential sales at $1 billion, or about 40% of the 7-million-unit handgun market.

I’ve pointed out the probably unsurmountable problems with his proposed product and company before. But this is another layer of frosting on that cake.

Can he possibly believe their product has a realistic chance at 40% of the handgun market? I don’t think so. Perhaps the author of the article twisted his words, I could believe that. I’ve been misquoted enough that I can give him the benefit of the doubt here. Otherwise one has to conclude he is lying and/or delusional. In the past there have been a number of hints this was true but in recent years he seems to have gotten that pretty much under control.


* Here is a partial list of my posts quoting or referring to him:

Early research for the T-1000

Skynet smiles:

For the first time, scientists have created a permanently magnetic liquid. These liquid droplets can morph into various shapes and be externally manipulated to move around, according to a new study.

In an even more bizarre application, imagine a mini liquid person — a smaller-scale version of the liquid T-1000 from the second “Terminator” movie — Russell said. Now imagine that parts of this mini liquid man are magnetized and parts aren’t. An external magnetic field could then force the little person to move its limbs like a marionette.

Quote of the day—Bruce Schneier

As computers continue to permeate every aspect of our lives, society, and critical infrastructure, it is much more important to ensure that they are secure from everybody — even at the cost of law-enforcement access — than it is to allow access at the cost of security. Barr is wrong, it kind of is like these systems are protecting nuclear launch codes.

Bruce Schneier
July 24, 2019
Attorney General William Barr on Encryption Policy
[Creating, or even allowing, a process by which the government can get access to all your communication and personal documents fails The Jews in the Attic Test.

“Nuclear launch codes” indeed!—Joe]

The Singularity Is Near

One might say The Singularity Is Near:

AI Pores Over Old Scientific Papers, Makes Discoveries Overlooked By Humans

Researchers from Lawrence Berkeley National Laboratory trained an AI called Word2Vec on scientific papers to see if there was any “latent knowledge” that humans weren’t able to grock on first pass.

The study, published in Nature on July 3, reveals that the algorithm found predictions for potential thermoelectric materials which can convert heat into energy for various heating and cooling applications.

“It can read any paper on material science, so can make connections that no scientists could,” said researcher Anubhav Jain. “Sometimes it does what a researcher would do; other times it makes these cross-discipline associations.

The algorithm was designed to assess the language in 3.3 million abstracts from material sciences, and was able to build a vocabulary of around half-a-million words. Word2Vec used machine learning to analyze relationships between words.

“The way that this Word2vec algorithm works is that you train a neural network model to remove each word and predict what the words next to it will be,” said Jain, adding that “by training a neural network on a word, you get representations of words that can actually confer knowledge.

As one example, researchers fed publications from before 2009 into the algorithm and were able to predict one of the most effective modern-day thermoelectric materials four years before it was actually discovered in 2012.

The technology isn’t restricted to materials science either – as it can be trained on a wide variety of disciplines by retraining it on literature from whichever subject for which one wants to provide a deeper analysis.

“This algorithm is unsupervised and it builds its own connections,” said the study’s lead author, Vahe Tshitoyan, adding “You could use this for things like medical research or drug discovery. The information is out there. We just haven’t made these connections yet because you can’t read every article.”

One could also say, with a similar amount of justification, Skynet smiles.

Defeating the Fourth Amendment

This is rather scary stuff:

Liberty Defense is developing Hexwave, a new disruptive technology that was exclusively licensed from the Massachusetts Institute of Technology (MIT) uses 3D radar imaging and artificial intelligence to detect concealed weapons in urban settings.

Hexwave could be the next technology that replaces X-ray machines, such as for scanning bags in airports or other venues, and it also provides 3D scans of a person’s exterior as where X-ray can only provide 2D scans.

“Hexwave provides 3D imaging at a rate that is in real time — it can assess for threats while the person is still walking, which means it is well suited for higher, faster throughput,” Riker told VentureBeat.

The urban security market by 2020 to 2025 in North America is set to increase by 33%. The new 3D detection machine can revolutionize security at indoor high traffic crowded areas, like schools, malls, hotels, and places of worship, and protect outdoor high traffic areas, like airports, sports venues, government buildings, and bus/subway stations.

Will this sneak by the Fourth Amendment? If used in a common access public place, does this constitute an unwarranted search? The courts danced around the Fourth Amendment issues when doing searches at airports by saying, in essence, “You can still drive, ride a bus, and walk without being searched hence you are consenting to these searches.”

Also of great concern is the often used phrase “concealed means concealed” will no longer be true. Statists will use this technology to claim you don’t need to have a gun to protect yourself because they have the ability to prevent bad guys (everyone except agents of the state) from having a gun. While individual and groups of criminals are of obvious concern and a reasonable justification for private ownership and carry of self-defense firearms that isn’t the primary reason we have the Second Amendment. The primary reason is defense against the state. This technology could tip the balance in favor of dependency of the state for personal protection. This leading to inability to justify in the public eye the private carry and eventual ownership of firearms. This, of course, puts people at great risk of wholesale slaughter when our government goes completely rogue:

Quote of the day—Jen Gennai

Elizabeth Warren is saying we should break up Google. And like, I love her but she’s very misguided, like that will not make it better it will make it worse, because all these smaller companies who don’t have the same resources that we do will be charged with preventing the next Trump situation, it’s like a small company cannot do that.

Jen Gennai
Head of Responsible Innovation, Google
May 2019
Insider Blows Whistle & Exec Reveals Google Plan to Prevent “Trump situation” in 2020 on Hidden Cam
[Via a comment by Chet.

Watch the video. Genai explicitly says they are implementing “fairness” and that their definition of fairness is completely different from the definition of fairness used by the people who voted for Donald Trump. She says everyone got screwed over with the election of Trump and they can’t let that happen again in 2020.

Read her response to the video here.

Click to enlarge the images of the internal documents and read them. They are incredibly damning.

One of my first thoughts was, “It’s a good thing I’m not allowed to own a few tactical nukes at an affordable price. Otherwise Google would own radioactive craters instead office buildings and data centers.” I have since decided there are other, legal and moral, remedies available.—Joe]

Overheard at work

I work in computer security. I write software to search for “interesting” data in billions of connections between millions of computers. Many times the “interesting” stuff I find turns out to be not quite as “interesting” as I initially thought. I always run it by others to do a “reality check” before investing too much time investigating or raising an alarm of some sort.

I showed my boss some “interesting” data recently:

Chris (my boss): Do you every feel like that guy in a movie sitting in front of radar screen saying, “I don’t think that is a flock of birds!”?

Me: All the time.

Chris: Yeah, well, I don’t think this is a flock of birds.

Cure for cancer?

This looks promising.

A cure for cancer? Israeli scientists say they think they found one

A small team of Israeli scientists think they might have found the first complete cure for cancer.

“We believe we will offer in a year’s time a complete cure for cancer,” said Dan Aridor, of a new treatment being developed by his company, Accelerated Evolution Biotechnologies Ltd. (AEBi), which was founded in 2000 in the ITEK incubator in the Weizmann Science Park. AEBi developed the SoAP platform, which provides functional leads to very difficult targets.

“Our cancer cure will be effective from day one, will last a duration of a few weeks and will have no or minimal side-effects at a much lower cost than most other treatments on the market,” Aridor said. “Our solution will be both generic and personal.”

From reading the entire article I can’t imagine it will be available to the general public within a year. Maybe five or ten years. But still… very, very, cool if it works out.

Quote of the day—John Robb

In the past, winning meant having the largest army. That isn’t true anymore. Now, with new forms of warfare, any small group can successfully wage war. With simpler and more appealing goals almost any cause can raise an army. And they will.

John Robb
2007
Brave New War—The next stage of terrorism and the end of globalization, page 63
[What he says is possible hasn’t always become reality (see for example this description of how we might have fallen into civil war after the November 2016 election). But I have spent enough time in the security field and that I listen closely when he has something to say and I don’t think I have ever considered his ideas crazy or implausible.

In this book he tells how a society dependent upon vulnerable infrastructure can be brought to it knees with relatively few people and resources. The leverage exerted can be enormous. How much does the Molotov Cocktail cost versus the government vehicle it destroys? What is the cost to deliver it versus the cost to defend against it? What is the cost of a power outage versus the cost of a cutting torch to bring down a few transmission line towers? What does it cost to topple the towers versus the cost to defend them?

Go through the list of critical items in our world. Food, water, power, sanitation, communication, roads, bridges, etc. The list of leverage points is almost endless in a high tech society.—Joe]

Risks posed by social media and cell phones

Via email from Chet.

Suicide prediction technology is revolutionary. It badly needs oversight:

Facebook is the largest and most visible company engaged in suicide prediction. After it introduced a live-streaming service in early 2016, dozens of users broadcast suicide attempts in real time on the platform. In response, on Feb. 16, 2017, CEO Mark Zuckerberg announced that Facebook was experimenting with AI-based suicide prediction. Its software analyzes user-generated posts for signs of suicidal intent — the word “Goodbye” paired with responses like “Are you OK?,” for example, or “Please don’t do this” in response to a live stream — and assigns them risk scores. Cases with high scores are forwarded to Facebook’s community operations team, which reviews them and notifies police of severe cases. Facebook also helps pinpoint users’ locations so first responders can find them. In the past 12 months, the company initiated 3,500 of these “wellness checks,” contacting police about 10 times per day, Antigone Davis, Facebook’s head of global safety, said in a recent interview with NPR.

Chet comments:

Are there no limit? They have other avenues to explore to save lives. They could also use it to report crime. Anything that would potentially save lives. And why stop with saving live? Society has plenty of bad actors.

I suspect that if you have the Facebook application running on your cellphone it tracks your location. Furthermore, since you have given your permission for it to do so that data is now theirs to do with what they want. For the police, and others, to obtain that data is probably easier than getting it from your cellphone provider.

Now imagine you live in a relatively free state like, say, Idaho. And your social media posts have been tagged as you are almost certainly an owner of an evil “assault weapon” and you travel on vacation to a tyrannical state like California, New Jersey, or New York. Wouldn’t it be “the right thing to do” for Facebook, et. al. to notify the police? And might not the police and some judges view that as probable cause to search you and your vehicle?

And it need not be just gun ownership and the police involved. Recreational drug users, homosexuals, transsexuals, Jews, Christians, or the targeted group du jour. And they could be reported to employers, family, and spouses. Do you want your visits to a gay bar, strip club, abortion clinic, pot shop, gun store, women’s shelter, divorce lawyer, or Christian/Jewish/Islamic book store be for sale to companies or private investigators who pay for the service?

I’m not sure I want the government writing laws to prohibit such “services”. If you claim the government has the power to prohibit such activity you are also saying the government has the power to mandate that activity.

But I’m not comfortable with my activities being recorded. It violates my Jews In The Attic Test no matter who has the data.

Winter view from the shooting line

Long timers around here and people that explore the sidebar already know that I have a weather station and webcam at the Boomershoot shooting line. I visit it frequently and sometimes see interesting things. And sometimes the view is just very cool. Just a few minutes ago was one of those times:

P19010611571110

Click on the image for the full effect.

You knew it was coming

Technology is advancing extremely rapidly. More and more jobs can be done by automation. This should come as no surprise:

Male sex robots with unstoppable bionic penises are coming this year

David Levy, author of Love and Sex With Robots, says, ‘I’m sure women will find robots equally appealing as men. ‘If women are that interested in getting satisfaction from a vibrator, imagine how the same women will feel having a robot they can put their arms round them and having the robot squeeze them.’

The date of that article was a year ago. The male sex robots are now available.

Of course, this same company has been making female sex robots for quite some time now.

I wonder how realistic it will be when one of the male robots is with one of the female robots. Will it be against the law if someone put them in a public park and let them do their thing?

We live in interesting times.

Quote of the day—Joshua Browder

These processes are so bureaucratic that if you have no resources at all, it really is impossible to get the help you need.

Joshua Browder
September 20, 2018
Meet the Robot Lawyer Fighting Fines, Fees, and Red Tape
DoNotPay is launching a “denial of service attack on the legal system to make it better.”
[I could see this being useful in places like New York City where gun ownership is, technically, legal but is out of the reach of anyone except those who have the money for a lawyer.

Of course I could also see government entities getting their own “robot lawyers” and you end up in a proxy war with the outcome out of human hands.

Interesting times…—Joe]

Quote of the day—Bruce Schneier

Companies like Facebook are the largest surveillance organizations on the planet, and they need to be recognized as such.

Bruce Schneier
October 24, 2017
An interview with Bruce Schneier on the Internet of Things, global surveillance, and cybersecurity
[I could tell you a lot more. There is stuff that will make your skin crawl. Ask me in person sometime.—Joe]

Wireless devices for home protection

As an electrical engineer specializing in communications I have a certain bias when I hear the word “wireless”. The “Internet of Things” and the involvement of those sort of things in home security is a big thing these days. Because of the surprise of context switch with this image I received from Rolf a while back I thought it was very funny:

HighSpeedWireless

Friends don’t let friends use Serpa holsters

If you have a Serpa holster please throw it away. Tell others to throw theirs away. Don’t go shooting with people who use Serpa holsters.

If I know you well enough I’ll tell you the story as to how I came to this very firm conclusion via an email request. Otherwise ask me at match or other shooting event. I won’t be blogging about it.

I was not injured.


Update: Apparently some people aren’t familiar with Serpa holsters:

SerpaHolster

The gun is locked into the holster until you depress the unlocking lever with your index finger. You must keep it depressed until the gun is withdrawn maybe an eighth of an inch. What ends up happening is that the index finger keeps on pressing as the gun is completely removed from the holster. There have been many cases of there being an accidental discharge during the draw because the index finger ends up on the trigger and putting sufficient pressure on it to fire the gun before the gun is pointed away from the shooter.

In the report I have in hand what is believed to have happened was the shooter was moving the gun in and out of the holster practicing the release of the lock. When his finger entered the trigger guard on the partial draw and he then pushed the gun back into the holster catastrophe happened. The shooter survived and probably will make an, essentially, full recovery.