Futurismic

Ars Technica points us to a BBC report that claims botnets are increasingly being deployed by ideological and political activist groups as well as the more traditional spammers ‘n’ scammers. There’s undoubtedly a kernel of truth here, but given that the data that informs this conclusion comes from Prolexic, a company whose profits depend on selling computer security solutions to businesses and governments, I find myself wanting to poke holes in the story. It’s easily done, too.

First of all, Anonymous are described as an “anti-Scientology group”, which is a massive oversimplification. If they can be said to be anything at all, Anonymous is an amorphous and capricious cloud of nihilistic pranksters, but framing them as a single-interest group makes them more understandable to the corporate mind-set, as well as portraying them as “something that could happen to you“.

Next item – look at this excerpt:

In one attack both large and small perfume firms were hit in an apparent attempt, said Mr Sop, by green activists to express their disquiet with the way the companies made and tested their products.

[...]

These techniques are far removed from those favoured by organised criminals. Some targeted databases behind a website in a bid to swamp that with bogus login attempts or lengthy search requests that would knock out the server and take out the website too.

Note the use of “apparent”, and the lack of any defined enemy. They have no idea who did it, in other words; the “green activists” thing is likely a guess, one that plays into current fears about ideological activism by companies whose business practices might put them in line for such. Isn’t it at least equally likely that the botnet was hired by another perfume business in order to throw some caltrops in the path of its competitors? Is it so implausible that “organised criminals” could have upped their technological game in recent months? It’s not an area in which I have great experience (or, indeed, any experience at all), but I’d imagine that staying on top in the world of international gangsterism involves making sure you’re using the best tools available… because if you’re not, your competition surely will be.

Furthermore, how many “green” activist groups with a special interest in perfumery have the spare money to waste on this sort of warfare? A big part of activist psychology is the desire to be seen to be doing something; this sort of clandestine skulduggery doesn’t sound like the work of placard-waving protesters to me, and I doubt they’d have the money or contacts to call down the botnet fist-of-god on their enemies. There’s nothing to say it couldn’t be, of course, but I’d want better proof – especially from a source who stands to benefit from setting up straw-man opponents which it can then offer protection from.

A few more bits from the bottom:

Mr Sop said Prolexic suspected that some of the attacks it had seen in recent months were being mounted by governments or their proxies in the hacking community as a way to demonstrate their cyber capabilities.

*cough* *wink* China *nudge* *cough* The Red Peril! The Other! The monsters under Western capitalism’s bed! They’re coming for you!

The resources being put into the attacks, some of which targeted very expensive pieces of net hardware, ruled out the involvement of organised crime, he said.

Really? Why would organised criminal syndicates not be interested in attacking “expensive net hardware” when political or ideological activists would be? And this hardware – what is so different about it that makes it expensive by comparison to “not-so-expensive” net hardware, exactly? Are the victim servers plated with gold, perhaps?

OK, so I’m going a bit overboard here, but everything about the report from these Prolexic people stinks of under-the-radar button-pushing infomercial. Ideologically-targetted botnets are certainly a real issue, and probably more so than they were a year ago… but I suspect this shift in PR focus by security firms to be born of the realisation that defined threats enable sales better than amorphous ones. Which is the more tangible risk, as perceived by a CEO – “scammers might hijack your server because it’s essentially a box that can do anything if instructed properly” or “people who object to your ideology or business practices could treat your network infrastructure as a weak point”? The former is a statistical long-shot; the latter plays on the fear of competition that is key to any successful business.

Getting back to the core point, though, the rise of ideological deployments of botnets is hardly surprising. The people who run botnets are mercenaries of the old school, renting out their services by the day (or maybe even by the hour) to anyone who can meet the price… and for those groups who can’t meet the price (or don’t like dealing with middle-men), it’s depressingly easy to build one yourself, if you’ve the time and motivation. But that’s the key – time and motivation, and the afore-mentioned visibility. Single-issue activist groups want their protests to be seen and attributed to them, because otherwise they’re wasting their time; the stealthy anonymous attacks are logically far more likely to originate from corporations (legitimate or criminal) and nation-states.

So, yes, ideological cyberwarfare is a real and rising threat… but I’m not convinced it’s as grass-roots a threat as it’s being portrayed. After all, if you want to sell your product to corporations and governments, you can’t go demonising your potential customers in your ad copy.

Wherever there’s a fast buck to be made, there you’ll find phishing scams and internet fraudsters. Some enterprising souls evidently decided that phishing for the credit card details of ordinary people was insufficiently ambitious, so they turned their attention to the nascent carbon credits market:

The hackers launched a targeted phishing attack against employees of numerous companies in Europe, New Zealand and Japan, which appeared to come from the German Emissions Trading Authority. The workers were told that their companies needed to re-register their accounts with the Authority, where carbon credits and transactions are recorded.

When workers entered their credentials into a bogus web page linked in the e-mail, the hackers were able to hi-jack the credentials to access the companies’ Trading Authority accounts and transfer their carbon credits to two other accounts controlled by the hackers.

[...]According to the BBC, it’s estimated the hackers stole 250,000 carbon credit permits from six companies worth more than $4 million. At least seven out of 2,000 German firms that were targeted in the phishing scam fell for it. One of these unidentified firms reportedly lost $2.1 million in credits in the fraud.

Now, in no way do I condone this sort of criminal activity… but I can’t help but feel that any organisation dealing with big-money transactions that doesn’t train its employees in decent email security procedures in this day and age is only getting what it deserves. Phishing is essentially a mediated version of the social engineering hack, and that’s an old enough phenomenon that you’d think any organisation with a lot to lose would take a little more care over it… I wonder if we’ll ever learn, or if we’re hardwired to fall for confidence tricks and bluff deceptions in perpetuity? [image by foto43]

While we’re on the subject of garage industries, here’s a piece at pop-transhumanist organ H+ Magazine on the expanding field of garage biotech [via GlobalGuerrillas; image by mknowles]. We’ve covered DIY biohackers and ribofunkers here before, but the H+ writer has a cautious optimism about the scene’s potential once the dabblers have fallen by the wayside:

It‘s not just enhancement technology that can benefit from DIYbiology. As the popular distrust of doctors grows, people will want to understand and monitor their own body. Likewise, as personalized medicine becomes a reality, we will probably see a rise in the number of hobbyists who treat their own bodies as machines to be worked on — like a radio or a car — branching out from personalized genomics to things like DIY stem cell extraction and manipulation, DIY prosthetics, DIY neural prosthetics and sensory enhancements (infrared vision, anyone?), immune system testing, and general tweaking of whatever system strikes the hobbyist‘s fancy. This hacker‘s paradise has not yet come to pass, but it is, perhaps, our exciting future.

[Given that most distrust of doctors that I'm aware of is based in religious beliefs, I'm not sure the demographics are going to overlap quite that much... though the idea of the First Church Of Jesus Christ Geneticist is an appealing story hook.]

The road to true DIYbiology will not be easy. It‘s not a magic bullet. It will probably not produce the next Bill Gates, at least not for a long time. Biology is hard, messy, and failure is more common than success. The knowledge required takes time and effort to acquire, and even then, so-called textbook knowledge is being revised almost daily. Many are attracted by the glamour of it all. They‘re drawn to the romance of being a wetware hacker — the existential thrill of tweaking life itself. They tend to become quickly disappointed by the slow, tedious, difficult path they face.

I’m struck again by the similarity between DIY biotech and Chris Anderson’s recently-mooted maker-manufacturer revolution; the latter is much closer to reaching some sort of real economic escape velocity, granted, but the essential concepts and culture behind both movements are very alike.

Personally, I’m all for the ability to mess with my meat-machine, but I think I’ll wait until the field is a little more mature before getting my wetware tweaked. After all, if a hack-mod of my computer or car goes wrong, I can always switch off and try again, or – if the worst comes to the worst – replace the broken device; to the best of my knowledge, that facility doesn’t yet exist for the human body.

However, that’s not going to stop people more desperate than myself from turning to black clinics in the hope of fixing problems that the medical establishment won’t mess with. Hell, people already fly to Eastern Europe for cheap no-questions-asked cosmetic surgery… so when some back-street lock-up in Chiba City starts promising a fix for a congenital illness, a failed organ, a missing limb or just the ravages of ageing itself, the customers will come.

Back in the final gasps of last year, I mentioned that I fully expected to see the new breed of digital billboards become a target for hackers and adbusters, much as they are in Lauren Beukes’ gritty Cape Town post-cyberpunk novel Moxyland.

However, I didn’t expect to see it quite so soon as this; the Independent reports briefly on a downtown Moscow billboard that was tweaked to display two minutes of hardcore pornography to an audience of late-night commuters. Remember, people: Everything Can and Will Be Hacked.

Suddenly, touchscreen devices seem to be everywhere, changing the ways in which we interact with our phones, computers and tablet devices. But the next user interface revolution is already waiting in the wings – gestural interfaces will complete the user-interface paradigm shift that touchscreens have started. So says Stowe Boyd:

Gestural UI, or ‘hand jive’ as I call it, once deployed as a built in aspect of future computers, like touchpads and mouses are today, will set the stage for a rethink about user experience.

First we will see hand jive as a way to manipulate the gears of now-tradition windowed UIs: pulling down a menu in an app, moving windows around, dragging a file to the trash.

In the future, we’ll have real Minority Report stuff, without the enormous touch screens: we’ll also see the emergence of augmented reality goggles — Terminator goggles — where we can toggle back and forth between 100% computer screen sorts of display to 100% augmented reality. And the goggles — as an integrated part of the computing device — will be watching our hands for commands, and watching the world for reality to augment.

The combination of these trends will make computing primarily mobile: we’ll have an iPhone sized device we carry all the time, which will be a phone and a PC. We will be free of LCD screens — in general — courtesy of our goggles, and free of keyboards, courtesy of hand jive. A keyboard can be imaged on any flat surface by the goggles, and we can type without a physical keyboard because the gestural system is watching our fingers in 3D. And of course, a lot of things could be done without typing, especially once kids start using sign language and voice to communicate with computers. (I say kids because that’s who start first.)

While we’re waiting for that revolution to arrive, the inclusion of accelerometers in mobile hardware offers some avenues for interfacing with your phone without mashing the keypad or fingering the screen. Anyone who’s ever found themselves with a pocket full of unsolicited novelty ring-tone in a crowded cinema will probably appreciate the opportunity to silence their phone with a few well-timed slaps of the hand through their clothes:

With the right software installed, it may one day be possible to cut a call by “whacking” the phone in a particular pattern while it’s still in your pocket.

[...]

The team developed a simple vocabulary of “whack gestures” designed to rapidly communicate simple commands such as silencing the phone. To help the device distinguish the gestures from background bumps, each begins and ends with a firm “whack”.

The biggest roadblock for gestural UI will probably be the software houses, however. Keith Stuart of the Guardian Games Blog wonders whether anyone will actually bother using Microsoft’s Project Natal motion sensor device for truly new gaming experiences, or whether they’ll all play it safe with re-runs of what has gone before:

For a start, publishers are massively, obsessively risk averse. If there’s any way of leveraging market pre-awareness into a new product they’ll leap at it. So even if these companies are developing titles that work only on Natal – not just new games with vaguely specified Natal-support – it’s unlikely that they’ll do this without recourse to familiar brands and gameplay experiences. In other words, we may get a dedicated Natal version of, say, Mass Effect 3, but it’ll still be Mass Effect, it’s just that you’ll act out those in-depth personal relationships with aliens rather than just talking and watching the cut-scenes.

A little pessimistic, perhaps, but given the enduring tightness of the global economy, playing it safe is likely to be the order of the day for those with the most to lose. But we shouldn’t discount the independent hardware hackers, who the Electronic Frontier Foundation suggests will be a growing cultural force in the year to come. Every day my RSS feeds are full of ordinary geeks doing amazing things with off-the-shelf devices and a handful of cheap parts, and despite the best efforts of easily-riled device manufacturers and their copyright lawyers, it’s getting harder and harder to keep the details of mods, hacks and retrofits a secret.

Cory Doctorow’s latest novel Makers (which I still haven’t had the time to sit down and read beyond the tenth instalment or so) posits a near-future economy where the agile and frugal make-do mind-set of hackers and makers changes the way the world does business for ever. With 3D printing showing every sign of maturing to the affordable “prosumer” level in the next year or so, and landfills across the planet still inhaling mountains of obsolete consumer electronics and tcotchkes, it’s far from being the most implausible future I’ve read about lately. [image by See-ming Lee]

What do you think – will our recent economic woes push us toward reuse and repurposing, or will we wander slowly but surely back to corporate-capitalist business-as-usual?