IoT Botnet Attacks – Judge for Yourself

Yesterday’s mass-IoT-botnet attack on core Internet services (Twitter, Netflix, etc. via DNS provider Dyn) is drawing a lot of attention, mainly because for the public at large it is an eye-opening education in the hidden Internet of Things connections between their beloved electronic devices and online services.

Image of swarming networked DVRs and Webcams

You can read elsewhere the as-yet-understood details of the attack (e.g. “Hacked Cameras, DVRs Powered Today’s Massive Internet Outage” by Brian Krebs). And you’ll be reading more and more warnings of how this particular attack is just the beginning (e.g. from my friend Alan Silberberg, “Mirai Botnet DDoS Just the Beginning of IoT Cybersecurity Breaches“).

But today, in the wake of the attack, a DC friend known for peering around corners asked for my opinion about the ultimate meaning of this approach, and whether this attack means “the game has changed.” Here’s my response:

Last year I was asked by Georgetown Law School to give a private briefing to the Federal Judicial Center’s annual convocation of 65 federal judges from jurisdictions across the United States. The overall FJC session addressed “National Security, Surveillance Technology and the Law,” and in part was prompted by the Edward Snowden and WikiLeaks events. Here’s an article about the conference, and you can view the full agenda here. As you can see from the agenda, I joined noted security expert Bruce Schneier in presenting on “Computer Architectures and Remote Access.” That’s a fairly technical topic, and so I asked an organizer ahead of time what the judges wanted to learn and why, and was told “They’re encountering a tidal wave of cases that involve claims against government warrants for access, and conversely claims involving botnet attacks and liability.” I then asked what level of technical proficiency I should assume in preparing my remarks, and was told, “Based on their own self-assessments, you should assume they’re newbies encountering computers for the very first time.”

After a good laugh, that was the approach I took, and with patience Bruce and I were able both to educate and to spark a great back-and-forth conversation among the nation’s judges about the intricacies of applying slowly evolving legal doctrines to rapidly evolving technical capabilities.

The answer to today’s question is Yes, the game has changed. The tidal wave is well upon us and won’t be technically turned back in large part. We can (over time) introduce tighter security into some elements of IoT devices and networks, but that won’t be easy and would hamper the ease and invisibility of IoT operations. I think eventually we’ll come to realize that the notion of “Internet Security” is going to be like “Law & Order” – a good aspiration, which in everyday practice is observed in the breaking.

We’ll develop more robust judicial and insurance remedies, to provide better penalization and risk-valuation avenues, for what will be an inevitably continuing onslaught of law-breaking.

Yet in that onslaught crimes will be better defined, somewhat better policed, definitely better prosecuted (our Judges will be better educated!), and perhaps most importantly victims will be better insured and compensated, as we learn to manage and survive each new wave of technological risk.

By the way, if you’d like to plunge into the reading list which those federal judges had assigned as their homework on surveillance technologies and national security law, click here or the image below to download the 5-page syllabus for the session, courtesy of Georgetown Law, with links to the full set of Technology Readings and Legal Readings, across fields like Interception and Location Tracking, Digital Forensics, Metadata and Social Network Analytics, Cloud Computing and Global Communications…. It’s a very rich and rewarding collection, guaranteed to make you feel as smart as a federal judge🙂

readings-on-law-and-tech

RIP Justice Antonin Scalia

Supreme Court Justice Scalia passed away today. My wife Kathryn Ballentine Shepherd, a semi-retired attorney, has worked at the Supreme Court since 2003 (in the Curator’s KBS and Scalia.jpgOffice, giving Chambers tours and lectures on the  history of the Court and its Justices). Through her I’ve met and spent quite a bit of time with Justice Scalia over the years, and always enjoyed his writing and analyses, his humor and humanity. You see here a recent photo of Kathryn joking with him at the Supreme Court – he really seemed to love spending time with her, joshing with her in front of crowds (perhaps because she was a smart lawyer as well), and he always seemed to steer visiting friends to her for a “private” tour.

I was at Chief Justice Rehnquist’s funeral in 2005; he was deeply loved by the Supreme Court “family.” On today’s Court, the most-loved by them in my observation: Antonin Scalia.

One of the funnier moments in my recollection was at a 2006 Supreme Court Historical Society reenactment of the Aaron Burr treason trial held in the Court’s actual Chambers one evening, with Justice Scalia playing the role of the actual trial judge, Chief Justice John Marshall. Scalia peered down from the bench as the DC attorneys recruited for the event began to play out their own roles – among them Scalia’s own son Eugene, a powerhouse lawyer in his own right. “Chief Justice Marshall” (Justice Scalia) looked over his glasses and boomed out, “OK, who’s next – it says here your name is, um, Scall-ee-a, Scall-eye-a, what kind of name is that??” The audience roared with laughter. That was the common reaction to his ever-present, ever-witty humor.

For seven years I’ve recycled an old Reagan-era joke (it was originally about Thurgood Marshall), updating it for the Obama Administration and asking, “Who’s the most important conservative in Washington DC? Justice Scalia’s doctor.” In today’s hyper-politicized era, we’re about to see why….

 

Burning Man, Artificial Intelligence, and Our Glorious Future

I’ve had several special opportunities in the last few weeks to think a bit more about Artificial Intelligence (AI) and its future import for us remaining humans. Below I’m using my old-fashioned neurons to draw some non-obvious links.

The cause for reflection is the unexpected parallel between two events I’ve been involved in recently: (1) an interview of Elon Musk which I conducted for a conference in DC; and (2) the grand opening in London of a special art exhibit at the British Library which my wife and I are co-sponsoring. They each have an AI angle and I believe their small lessons demonstrate something intriguingly hopeful about a future of machine superintelligence

Continue reading

Young Americans and the Intelligence Community

IC CAE conferenceA few days ago I travelled down to Orlando – just escaping the last days of the DC winter. I was invited to participate in a conference hosted by the Intelligence Community’s Center of Academic Excellence (IC CAE) at the University of Central Florida.  The title of my speech was “The Internet, 2015-2025: Business and Policy Challenges for the Private Sector.” But I actually learned as much as I taught, maybe more. Continue reading

Insider’s Guide to the New Holographic Computing

In my seven happy years at Microsoft before leaving a couple of months ago, I was never happier than when I was involved in a cool “secret project.”

Last year my team and I contributed for many months on a revolutionary secret project – Holographic Computing – which is being revealed today at Microsoft headquarters.  I’ve been blogging for years about a variety of research efforts which additively culminated in today’s announcements: HoloLens, HoloStudio for 3D holographic building, and a series of apps (e.g. HoloSkype, HoloMinecraft) for this new platform on Windows 10.

For my readers in government, or who care about the government they pay for, PAY CLOSE ATTENTION.

It’s real. I’ve worn it, used it, designed 3D models with it, explored the real surface of Mars, played and laughed and marveled with it. This isn’t Einstein’s “spooky action at a distance.” Everything in this video works today:

These new inventions represent a major new step-change in the technology industry. That’s not hyperbole. The approach offers the best benefit of any technology: empowering people simply through complexity, and by extension a way to deliver new & unexpected capabilities to meet government requirements.

Holographic computing, in all the forms it will take, is comparable to the Personal Computing revolution of the 1980s (which democratized computing), the Web revolution of the ’90s (which universalized computing), and the Mobility revolution of the past eight years, which is still uprooting the world from its foundation.

One important point I care deeply about: Government missed each of those three revolutions. By and large, government agencies at all levels were late or slow (or glacial) to recognize and adopt those revolutionary capabilities. That miss was understandable in the developing world and yet indefensible in the United States, particularly at the federal level.

I worked at the Pentagon in the summer of 1985, having left my own state-of-the-art PC at home at Stanford University, but my assigned “analytical tool” was a typewriter. In the early 2000s, I worked at an intelligence agency trying to fight a war against global terror networks when most analysts weren’t allowed to use the World Wide Web at work. Even today, government agencies are lagging well behind in deploying modern smartphones and tablets for their yearning-to-be-mobile workforce.

This laggard behavior must change. Government can’t afford (for the sake of the citizens it serves) to fall behind again, and  understanding how to adapt with the holographic revolution is a great place to start, for local, national, and transnational agencies.

Now some background… Continue reading

Bullshit Detector Prototype Goes Live

I like writing about cool applications of technology that are so pregnant with the promise of the future, that they have to be seen to be believed, and here’s another one that’s almost ready for prime time.

TruthTeller PrototypeThe Washington Post today launched an exciting new technology prototype invoking powerful new technologies for journalism and democratic accountability in politics and government. As you can see from the screenshot (left), it runs an automated fact-checking algorithm against the streaming video of politicians or other talking heads and displays in real time a “True” or “False” label as they’re speaking.

Called “Truth Teller,” the system uses technologies from Microsoft Research and Windows Azure cloud-computing services (I have included some of the technical details below).

But first, a digression on motivation. Back in the late 1970s I was living in Europe and was very taken with punk rock. Among my favorite bands were the UK’s anarcho-punk collective Crass, and in 1980 I bought their compilation LP “Bullshit Detector,” whose title certainly appealed to me because of my equally avid interest in politics🙂

Today, my driving interests are in the use of novel or increasingly powerful technologies for the public good, by government agencies or in the effort to improve the performance of government functions. Because of my Jeffersonian tendencies (I did after all take a degree in Government at Mr. Jefferson’s University of Virginia), I am even more interested in improving government accountability and popular control over the political process itself, and I’ve written or spoken often about the “Government 2.0” movement.

In an interview with GovFresh several years ago, I was asked: “What’s the killer app that will make Gov 2.0 the norm instead of the exception?”

My answer then looked to systems that might “maintain the representative aspect (the elected official, exercising his or her judgment) while incorporating real-time, structured, unfiltered but managed visualizations of popular opinion and advice… I’m also a big proponent of semantic computing – called Web 3.0 by some – and that should lead the worlds of crowdsourcing, prediction markets, and open government data movements to unfold in dramatic, previously unexpected ways. We’re working on cool stuff like that.”

The Truth Teller prototype is an attempt to construct a rudimentary automated “Political Bullshit Detector, and addresses each of those factors I mentioned in GovFresh – recognizing the importance of political leadership and its public communication, incorporating iterative aspects of public opinion and crowd wisdom, all while imbuing automated systems with semantic sense-making technology to operate at the speed of today’s real world.

Real-time politics? Real-time truth detection.  Or at least that’s the goal; this is just a budding prototype, built in three months.

Cory Haik, who is the Post’s Executive Producer for Digital News, says it “aims to fact-check speeches in as close to real time as possible” in speeches, TV ads, or interviews. Here’s how it works:

The Truth Teller prototype was built and runs with a combination of several technologies — some new, some very familiar. We’ve combined video and audio extraction with a speech-to-text technology to search a database of facts and fact checks. We are effectively taking in video, converting the audio to text (the rough transcript below the video), matching that text to our database, and then displaying, in real time, what’s true and what’s false.

We are transcribing videos using Microsoft Audio Video indexing service (MAVIS) technology. MAVIS is a Windows Azure application which uses State of the Art of Deep Neural Net (DNN) based speech recognition technology to convert audio signals into words. Using this service, we are extracting audio from videos and saving the information in our Lucene search index as a transcript. We are then looking for the facts in the transcription. Finding distinct phrases to match is difficult. That’s why we are focusing on patterns instead.

We are using approximate string matching or a fuzzy string searching algorithm. We are implementing a modified version Rabin-Karp using Levenshtein distance algorithm as our first implementation. This will be modified to recognize paraphrasing, negative connotations in the future.

What you see in the prototype is actual live fact checking — each time the video is played the fact checking starts anew.

 – Washington Post, “Debuting Truth Teller

The prototype was built with funding from a Knight Foundation’s Prototype Fund grant, and you can read more about the motivation and future plans over on the Knight Blog, and you can read TechCrunch discussing some of the political ramifications of the prototype based on the fact-checking movement in recent campaigns.

Even better, you can actually give Truth Teller a try here, in its infancy.

What other uses could be made of semantic “truth detection” or fact-checking, in other aspects of the relationship between the government and the governed?

Could the justice system use something like Truth Teller, or will human judges and  juries always have a preeminent role in determining the veracity of testimony? Will police officers and detectives be able to use cloud-based mobile services like Truth Teller in real time during criminal investigations as they’re evaluating witness accounts? Should the Intelligence Community be running intercepts of foreign terrorist suspects’ communications through a massive look-up system like Truth Teller?

Perhaps, and time will tell how valuable – or error-prone – these systems can be. But in the next couple of years we will be developing (and be able to assess the adoption of) increasingly powerful semantic systems against big-data collections, using faster and faster cloud-based computing architectures.

In the meantime, watch for further refinements and innovation from The Washington Post’s prototyping efforts; after all, we just had a big national U.S.  election but congressional elections in 2014 and the presidential race in 2016 are just around the corner. Like my fellow citizens, I will be grateful for any help in keeping candidates accountable to something resembling “the truth.”

Petraeus as Ozymandias

I only met David Petraeus once before he came to CIA, in 2006 at U.S. Central Command while he was winding up his tour as commander of the Multi-National Security Transition Command Iraq (acronymically pronounced “minsticky”), and before he took command of MNF-I or CENTCOM, or the war in Afghanistan for that matter. I briefed him on something topical going on (I was still working at DIA at the time) and we certainly didn’t talk long. In fact I came away with only one impression: not so much about him, but about his already-well-commented-on entourage of “Petraeus guys.” He had a reputation as a fast-moving reformer, but it was an outsized group of admirers, I thought, who showed not respect for him, but devotion – even awe.

They weren’t alone; the man’s been compared as a military leader to “Ulysses S. Grant, John J. Pershing, George Marshall and Dwight D. Eisenhower” – and that was by his own boss! (That’s the comparison made by Chairman of the Joint Chiefs of Staff Adm. Mike Mullen last year when Petraeus retired from the military to join CIA.)

So, yes, news that the Director of the CIA had resigned because of an extramarital affair hit DC like a thunderclap yesterday.  Check out the volume of this twitter search for the prevailing phrase people uttered when they heard the news: “Holy shit.” It was almost comic that the news broke the same day that the new James Bond film opened in DC. Its plot features an intelligence agency director under personal assault and its title mirrors the mood of many in Langley today: “Skyfall.”

I’m not surprised by the fact that a powerful man was having an affair – heck, I did marry a divorce lawyer after all.  The news won’t affect intelligence operations immediately; the professionals at CIA and the intelligence community are still going about their business and tend to look forward to the horizon, not backward. Meanwhile journalists are already delving into the particulars of this peculiar turn of events. Pundits (and the Congressional intelligence oversight committees) will be exploring any linkages or ramifications of this scandal for the Benghazi investigations, and the candidates for Petraeus’s replacement are already making their direct or whisper campaigns known, in emails already bcc’ing around the Beltway. More on that in due time.

I only have two observations now, one larger in scope and one quite small, at human scale. The first is the question of what the scandal says about the intelligence security practices in our modern national security state. Petraeus held the highest security clearances. He earned the confidence of the President, the trust of his silent warrior employees, the endorsement of the U.S. Senate (94-0!) and the faith of a nation that had cheered his battlefield successes in the Iraq surge and in Afghanistan. Yet the CIA’s confidence in its director was undergirded not only by the Petraeus resume, but by our national security infrastructure of clearances, polygraphs, and professional investigators. Forget the question of one man’s integrity – he was living a lie, big-time, and we missed it. Completely. There will be many questions asked about what that means for other high government clearance-holders, but for now there’s a feeling prevalent in DC akin to what happens when a law-enforcement crime lab discovers shoddy mistakes: all previous convictions are under suspicion and, sometimes, verdicts are reversed. Something to ponder about CIA institutional analytic or operational judgment over the past year….

Secondly, I’m struck by the ironies in the personal side of this affair. David Petraeus grew up as a literature-loving son of a New England village librarian. I know this because I read his biography – yes, the hagiographic book All In: The Education of David Petraeus written by the woman at the center of the affair. Now I may be one of the few in DC who actually read the whole book when it came out – as in, I didn’t just flip through the index looking for the “good parts.”

The book has the literature-loving Petraeus actually quoting poetry at a pivotal point in his life. At his change-of-command ceremony, giving up his praetorian position in Afghanistan, Petraeus gave a thoughtful set of remarks and then chose to quote several lines from an obscure poem by young British soldier John Bailey, serving in Afghanistan in 2008. I say “obscure,” because until today the poem itself appears in only one spot on the Internet: a small U.K. site devoted to British war poetry.  Did poetry-lover Petraeus find the poem there himself, or was it simply good staff/speechwriter work? These are the words Petraeus used, in his “emotional” farewell to the wars he had led, and to his chosen career as a military leader:

And what is asked for the service we give?

No high praise or riches if we should live,

Just silence from friends, our name on a wall,

If this time around, it is I that fall.

– from “The Volunteer” by John Bailey

When Petraeus read out that poem, he was standing like Caesar astride a narrow world, a four-star general having “won” two wars in distant ancient lands and commanded USCENTCOM, whose mission area sprawls across Africa, the Middle East and Central Asia.

Perhaps this poetry lover knows Percy Bysshe Shelley well; perhaps like me in school Petraeus read Shelley’s Ozymandias, based on the ironic life of Ramesses II, mighty Egyptian pharaoh. One account writes, “Ramesses could have filled an ancient edition of the Guinness Book of Records all by himself: he built more temples, obelisks and monuments; took more wives (eight, not counting concubines) and claimed to have sired more children (as many as 162, by some accounts) than any other pharaoh in history. And he presided over an empire that stretched from present-day Libya to Iraq in the east, as far north as Turkey and southward into the Sudan.”

Yet Ramesses is mostly forgotten now, and Shelley’s poem about him captures the fall of great men in a short, powerful sonnet. When I first heard the news about Petraeus from my wife, this is the poem I thought of, and I believe its irony pairs with the lines Petraeus quoted quite sadly.

I met a traveller from an antique land

Who said: “Two vast and trunkless legs of stone

Stand in the desert. Near them on the sand,

Half sunk, a shattered visage lies, whose frown

And wrinkled lip and sneer of cold command

Tell that its sculptor well those passions read

Which yet survive, stamped on these lifeless things,

The hand that mocked them and the heart that fed.

And on the pedestal these words appear:

`My name is Ozymandias, King of Kings:

Look on my works, ye mighty, and despair!’

Nothing beside remains. Round the decay

Of that colossal wreck, boundless and bare,

The lone and level sands stretch far away”.

%d bloggers like this: