Category Archives: Technology

Rain-water harvesting: Green living on a Bangalore roof

Posted on by

From Rainwaterharvesting blog, run by a Bangalore couple who are active in the water-conservation and rain-harvesting movement in India:

“Almost all the rain on the building site falls on the roof. In Bangalore it can rain 970 mm in an average year. This meant that our house roof with an area of 100 square metres had 97,000 litres of pure rainwater falling on it. With the idea why allow it to go waste, we started to harvest it? This harvesting was done at many levels.

From the staircase rooftop which had an area of 10 square metres, we placed a Rain barrel and collected the water on the roof itself. A small platform was designed and the 500 litre Rain Barrel placed on it. On the staircase roof we placed a gutter to collect the rain. This came down into a vertical pipe with an end cap called the first rain separator. During the first rain and subsequently when we want to clean the roof or the rain gutter we open the cap and the dusty water flows out through the first rain separator. Then after a ‘Y trap’ rainwater flows in through a ‘dhoti filter’ into our rain barrel. We checked the rainwater quality using a H2S strip test and found the water potable. Sometimes when there is slight contamination we use a method called SODIS (Solar Disinfection) to treat the collected rainwater for drinking purpose. Here you fill a PET bottle with the rainwater and leave it in the sun for 5 hours. The water is now sterilized and can be brought into the house cooled and is ready for drinking. This is not a low cost solution for water treatment but a no-cost solution.  Our annual requirement of drinking cooking water comes from this rain barrel alone.

Rain Barrel

We also have an Ecosan toilet on the terrace. This pan in the toilet separates solids and liquids at source. We collect the urine in a barrel, dilute it and use it as a fertilizer for our terrace garden. The solids are covered with ash every time we use it. This is then transferred to some Blue drums we have kept on the terrace and again covered with earth or straw. We then plant trees in these drums. Trees such as Papaya, lemon, curry leaves, sapota are planted and they grow well. No waste from our toilet on the terrace leaves the roof.

The rainwater falling on the Ecosan toilet too is collected in a 200 litre rain barrel and used for ablution purpose.

We have a box type solar cooker to cook our lunch on the terrace. A solar water heater heats water for bath and for the kitchen. During cloudy days we use a ‘Gujarat boiler’ which uses bio-mass for the water heating. The Gujarat Boiler also generates ash for us to use in the Eco-san toilet. We have planted many trees in front of the house and the twigs and branches from the trees are used for the Gujarat Boiler.

Next we have placed a bathroom on the terrace itself. This also has a front loading washing machine which is one of the most water efficient ones in the market. We collect the water from the bath we have on the terrace bathroom as well as from the washing machine in a small ferro-cement tank placed just below the roof slab. We then pump it up to a planted reed filter to clean up the grey-water using a small pump. The reed filter is Cattails – reeds found in lakes- placed in 4 blue drums. In a fifth drum we have sand and gravel filter to clean up the grey-water further. This treated grey-water is then used for the terrace garden where we sometimes grow rice paddy.  Some extra grey-water is also used for flushing the toilet in the ground floor. No greywater is allowed to go waste.

The rice on the rooftop grows well on even a small area. We place 2 sheets of a pond lining material called Silpaulin with a brick edging. The sheet is then filled with a mix of compost, vermi-compost and red earth up-to a depth of 2 to 3 inches. Rice paddy is then planted in it. The water required for the paddy comes from grey-water alone. For the fertilizer the urine from the Eco-san toilet is used. Kitchen waste which is composted is also added to the soil. We have had productions of paddy to the tune of 1 kg per square meter. We have also found that we can grow 4 crops of rice in a year. Millets can also be grown instead of rice. Vegetables such as tomatoes, brinjals, lady-fingers, chilies all grow on the terrace though the monkeys who frequent this place can also be a nuisance at times.

A small wetland has also been created in a ferro-cement tank where different plants and fishes occupy and clean water.

Solar photo-voltaic panels on the roof provide enough power for us to store in batteries and use to light 11 bulbs in the house. The house incidentally has no fans let alone AC’s thanks to the cool terrace as well as thanks to the trees planted on the sides which enfold it in shade.

A well designed rooftop can provide all the water required for a house-hold, provide energy for cooking , lighting and water heating, provide food-grains and vegetables , enhance bio-diversity as well as absorb all the waste-stream from the house from the kitchen and bathroom / toilets and convert it to reuse .

Google’s “Hummingbird”: IP Theft & Mind-Control

Posted on by

Google’s new search algorithm Hummingbird adds to the company’s sinister reputation among privacy advocates.

Google’s creepy Google Glass didn’t help it either.

Now comes Hummingbird, the biggest algorithm change in the search engine in twelve years.

“Hummingbird should better focus on the meaning behind the words,” Sullivan reports. “It may better understand the actual location of your home, if you’ve shared that with Google. It might understand that ‘place’ means you want a brick-and-mortar store. It might get that ‘iPhone 5s’ is a particular type of electronic device carried by certain stores. Knowing all these meanings may help Google go beyond just finding pages with matching words.”

(Hummingbird is Google’s biggest algorithm change in 12 years,” WebProNews,  Sept. 28, 2013)

Simply put, Hummingbird is about Google trying to find the holistic meaning behind the individual words of a search-string (the query or series of words you input into the search function),  or, in the case of websites, the overall intent behind the key-words most used.

Bottom-line: Google is trying to figure out what’s going on in your mind when you type out certain words.

That is terribly similar to an area of research dear to the defense and spy agencies – predictive software and technology.

For instance,  DARPA (Defense Advanced Research Projects Agency) is very interested in developing the cognitive footprints of users for identification purposes.

The goal is to bypass the need for passwords, which tend to be cumbersome for users and vulnerable to password-cracking, phishing, social-engineering, memory failures, and hardware theft.

Software biometric modalities” are to be used to develop what it terms Active Authentication.

Anyone can see how useful the new Hummingbird algorithm would be to DARPA.

Indeed, given Google’s prior collaboration with the CIA in the monitoring of social media, it wouldn’t be surprising if Hummingbird has also come out of a joint project with the government.

The defense agencies come up with the technology to figure out what random “bad guys” are up to. Google monetizes it and returns the favor by data-sharing with the government.

The consumer might have his every need…indeed wish…met, but web-users are now going to find that Google’s “free lunch:” is not only not free, it’s not remotely cheap.

And web users are the ones footing the bill.

Here’s how.

“Google Hummingbird: Where no search has gone before,” Jeremy Hull, iProspect, Wired, October 15, 2013

Google has updated its search algorithm many times over the past few years, but previous updates were focused on making Google better at gathering information — for example, indexing websites more often and identifying spammy content. Hummingbird is focused on the user. It’s about Google getting better at understanding what searchers really want and providing them with better answers.”

That’s Google’s stated objective, of course. But how about websites?

When you search Google for answers to questions, what website owners want is for you to go to their site to get the information.

This is not only because they might hope to sell you something and thereby earn a living.

It’s also because they hope that by giving you good information not available in the mainstream media,  they might attract you to their site and persuade you on other issues.

By offering free information, web writers hope you will find them reliable, credible, or interesting and become committed readers. That’s why millions of writers and websites, spend inordinate amounts of energy and time finding answers and giving them away to others for free.

Of course, ethics and decency demand that readers who benefit from that information cite the place they found it and give the author credit.

Not Hummingbird.

It harvests information from the net and puts it on Information cards that pop up in answer to searches.

Now, if the information is immediately given to the reader by Google, why will they visit the websites from which Google might have culled the answer?

They won’t.  That means that Google is not only stealing the private data of its users through Gmail, Google Earth, and a bunch of other programs, it’s also stealing from the websites it’s supposed to be helping.

But “Hummingbird” is not just unfriendly to websites offering information to the public, it acts to control what information is presented to you and how.

Hummingbird’s graphic is an easy way for Google to give you what Google (and very likely, the government) want you to know, rather than what you might learn if you delved into your search results yourself.

The new graphic could even give you downright misleading or inaccurate information. Just think about Snopes, the ostensibly myth-busting site that somehow manages to bust myths only in left-liberal ways.

So, Hummingbird is not only using your personal information for Google’s own commercial (and the government’s surveillance) purposes, it’s using information from blogs/websites, without their permission, for its own operations.

That’s two counts of IP theft.

Then, the whole business of trying to determine exactly what you’re thinking when you type certain things into the search function sounds awfully like mind-reading to me. In order to do that kind of mind-reading, all sorts of personal information from your web usage (even more than Google has been collecting so far) has to be collated and compared. Mapped, if you will.

That’s two counts of privacy invasion.

Finally, by manipulating access to the knowledge available on the Internet, under the guise of consumer satisfaction, by giving you pre-packaged answers before it gives you your search results, Google is actually  trying to control your thinking.

That’s one count of mind-control.

Is it any surprise that the new algorithm shares its name with DARPA’s nano flying robot/drone Hummingbird, which beats its wings like a bird?.

DARPA’s Hummingbird is a spy drone:

“The drone, built by AeroVironment with funding from DARPA, is able to fly forwards, backwards, and sideways, as well as rotate clockwise and counterclockwise. Not only does the ‘bot resemble its avian inspiration in size (it’s only slightly larger than a hummingbird, with a 6.5-inch wingspan and a weight of 19 grams), it also looks impressively like a hummingbird in flight.

But that’s not vanity — it’s key to the drone’s use as a spy device, as it can perch near its subject without alerting it.”

Google’s Hummingbird seems no less innocuous and no less insidious.

It’s more evil-doing from the Franken-SearchEngine that routinely spies for the NSA and CIA and systematically  commits Intellectual Property theft.

Read more at Entrepreneur .com

Ambani, Manmohan: CIA Spying On India Helps Poor

Posted on by

Aadhar (biometric ID) will help the Indian poor, say Nandan Nilekani (CEO of Infosys), Eric Schmidt (CEO of Google), Mukesh Ambani (CEO of Reliance), Manmohan Singh (PM of India); and George Tenet (CIA spymaster), although social science research and the experience of the US and UK with national identification schemes have overall been negative toward it.

Ambani and Co. all support the introduction of the ID via a company called MongoDB which is connected to the CIA-related firm, In-Q-Tel (the CIA’s venture capital arm):

From MoneyLife.in (March 12, 2013)

“Meanwhile, according to a report from Economic Timesand Navbharat Times, Max Schireson, CEO of MongoDB (formerly called 10gen), a technology company from US which is co-funded by Central Intelligence Agency (CIA), was in New Delhi two weeks back to enter into a contract with UIDAI.

This company is a Palo Alto and Manhattan-based database software provider in the $30 billion relational database market. Relational databases commenced in the 1970s when computers were moving away from punch cards (that facilitated holocaust in Germany using census data) to terminals. It is taking away customers from Oracle and IBM. This contract has not been disclosed so far. MongoDB will take data from UIDAI to undertake its analysis. UIDAI is tight-lipped about CIA’s role in it.”

10gen is the company behind MongoDB, a popular open-source, document-oriented database. It forms a part of a new generation of NoSQL — Not Only SQL — database products developed as an alternative to conventional relational databases from Oracle, IBM and Microsoft……

According to the report, one of the investors of MongoDB is In-Q-Tel (IQT), a not-for-profit organisation based in Virginia, USA created to bridge the gap between the technology needs of the US Intelligence Community and emerging commercial innovation. It identifies and invests in venture-backed startups developing technologies that provide “ready-soon innovation” (within 36 months) which is vital for the mission of the intelligence community. IQT was launched in 1999. Its core purpose is to keep CIA and other intelligence agencies equipped with the latest in information technology to support intelligence capability. Edward Snowden had revealed that US intelligence agencies are targeting communications in Asian countries. It was founded by Norman Ralph Augustine.

In his book ‘At The Center Of The Storm: My Years at the CIA”, former CIA director George Tenet says, “We (the CIA) decided to use our limited dollars to leverage technology developed elsewhere. In 1999 we chartered … In-Q-Tel. … While we pay the bills, In-Q-Tel is independent of CIA. CIA identifies pressing problems, and In-Q-Tel provides the technology to address them. The In-Q-Tel alliance has put the Agency back at the leading edge of technology … This … collaboration … enabled CIA to take advantage of the technology that Las Vegas uses to identify corrupt card players and apply it to link analysis for terrorists [cf. the parallel data-mining effort by the SOCOM-DIA operation Able Danger], and to adapt the technology that online booksellers use and convert it to scour millions of pages of documents looking for unexpected results.”

In-Q-Tel sold 5,636 shares of Google, worth over $2.2 million, on 15 November 2005. The stocks were a result of Google’s acquisition of Keyhole, the CIA funded satellite mapping software now known as Google Earth. On 15 August 2005, Washington Post reported that In-Q-Tel was funded with about $37 million a year from the CIA. “In my view the organisation has been far more successful than I dreamed it would be,” said Norman R Augustine, who was recruited in 1998 by Krongard and George J Tenet, who then was director of central intelligence (DCI) to CIA, to help set up In-Q-Tel. Augustine, former chief executive of defense giant Lockheed Martin, is an In-Q-Tel trustee.

Notably, former CIA chief, Tenet, was on the board of L-1 Identity Solutions, a major supplier of biometric identification software, which was a US company when UIDAI signed a contract agreement with it. A truncated copy of the contract agreement accessed through RTI is available with the author. This company has now been bought over by Safran group, a French defence company. The subsidiary of this French company in which French government has 30.5% shares, Sagem Morpho has also signed a contract agreement with UIDAI. In August 2011, Safran acquired L-1 Identity Solutions.

In the backdrop of these disclosures, how credible are the poor-centric claims of Mukesh Ambani, Nilekeni and Eric Schmidt who are taking Indian legislators, officials, citizens and the Indian intelligence community for a royal ride. Clearly, aadhaar creates a platform for social control and surveillance technologies to have a field day and undermines nations’ sovereignty, security and citizens’ democratic rights. Nilekeni wrote ‘Imagining India’, McKinsey & Company edited ‘Reimagining India,’ it is evident that their idea of India is contrary to idea of India that emerged from the freedom struggle since 1857 and the constitution of India.”

The End Of Chinese Manufacturing?

Posted on by

Vivek Wadhwa at Forbes:

The End of Chinese manufacturing?

“There is great concern about China’s real-estate and infrastructure bubbles.  But these are just short-term challenges that China may be able to spend its way out of. The real threat to China’s economy is bigger and longer term: its manufacturing bubble.

By offering subsidies, cheap labor, and lax regulations and rigging its currency, China was able to seduce American companies to relocate their manufacturing operations there. Millions of American jobs moved to China, and manufacturing became the underpinning of China’s growth and prosperity. But rising labor costs, concerns over government-sponsored I.P. theft, and production time lags are already causing companies such as Dow Chemicals, Caterpillar, GE, and Ford to start moving some manufacturing back to the U.S. from China. Google recently announced that its Nexus Q streaming media player would be made in the U.S., and this put pressure on Apple to start following suit.

But rising costs and political pressure aren’t what’s going to rapidly change the equation. The disruption will come from a set of technologies that are advancing at exponential rates and converging.

These technologies include robotics, artificial intelligence (AI), 3D printing, and nanotechnology. These have been moving slowly so far, but are now beginning to advance exponentially just as computing does.  Witness how computing has advanced to the point at which the smart phones we carry in our pockets have more processing power than the super computers of the ’60s—and how the Internet, which also has its origins in the ’60s, went on an exponential growth path about 15 years ago and rapidly changed the way we work, shop, and communicate.  That’s what lies ahead for these new technologies.

The robots of today aren’t the Androids or Cylons that we used to see in science-fiction movies, but specialized electro-mechanical devices that are controlled by software and remote controls. As computers become more powerful, so do the abilities of these devices. Robots are now capable of performing surgery, milking cows, doing military reconnaissance and combat, and flying fighter jets. And DIY’ers are lending a helping hand. There are dozens of startups, such as Willow Garage, iRobot, and 9th Sense, selling robot-development kits for university students and open-source communities. They are creating ever more-sophisticated robots and new applications for these. Watch this video of the autonomous flying robots that University of Pennsylvania professor Vijay Kumar created with his students, for example.

The factory assembly that the Chinese are performing is child’s play for the next generation of robots—which will soon become cheaper than human labor. Indeed, one of China’s largest manufacturers, Taiwan-based Foxconn Technology Group, announced last August that it plans to install one million robots within three years to do the work that its workers in China presently do. It found Chinese labor to be too expensive and demanding. The world’s most advanced car, the Tesla Model S, is also being manufactured in Silicon Valley, which is one of the most expensive places in the country. Tesla can afford this because it is using robots to do the assembly.

Then there is artificial intelligence (AI)—software that makes computers do things that, if humans did them, we would call intelligent. We left AI for dead after the hype it created in the ‘80s, but it is alive and kicking—and advancing rapidly. It is powering all sorts of technologies. This is the technology that IBM’s Deep Blue computer used in beating chess grandmaster Garry Kasparov in 1997and that enabled IBM’s Watson to beat TV-show Jeopardy champions in 2011. AI is making it possible to develop self-driving cars, voice-recognition systems such as Apple’s Siri, and the face-recognition software Facebook recently acquired. AI technologies are also finding their way into manufacturing and will allow us to design our own products at home with the aid of AI-powered design assistants.

How will we turn these designs into products? By “printing” them at home or at modern-day Kinko’s: shared public manufacturing facilities such as TechShop, a membership-based manufacturing workshop, using new manufacturing technologies that are now on the horizon.

A type of manufacturing called “additive manufacturing” is making it possible to cost-effectively “print” products.  In conventional manufacturing, parts are produced by humans using power-driven machine tools, such as saws, lathes, milling machines, and drill presses, to physically remove material to obtain the shape desired. This is a cumbersome process that becomes more difficult and time-consuming with increasing complexity. In other words, the more complex the product you want to create, the more labor is required and the greater the effort.

In additive manufacturing, parts are produced by melting successive layers of materials based on 3D models—adding materials rather than subtracting them. The “3D printers” that produce these use powered metal, droplets of plastic, and other materials—much like the toner cartridges that go into laser printers.  This allows the creation of objects without any sort of tools or fixtures. The process doesn’t produce any waste material, and there is no additional cost for complexity. Just as, in using laser printers, a page filled with graphics doesn’t cost much more than one with text, in using a 3D printer, we can print sophisticated 3D structures for about the cost of a brick.

3D printers can already create physical mechanical devices, medical implants, jewelry, and even clothing. The cheapest 3D printers, which print rudimentary objects, currently sell for between $500 and $1000. Soon, we will have printers for this price that can print toys and household goods. By the end of this decade, we will see 3D printers doing the small-scale production of previously labor-intensive crafts and goods. It is entirely conceivable that in the next decade we start 3D-printing buildings and electronics.”

Ten Ways To Fight The Police State

Posted on by

Image: technologyjones.com

There are ways to fight the police-state, on your own, without joining any group or party and giving up your independence.  Protecting your privacy on the Internet is one of them.

Just don’t forget that a lot of privacy sites are really government projects. The idea is to steer you to privacy software put out by the government’s buddies. It’s the oldest trick in the book.

But given that, there are a few things you can do to protect yourself. Here are ten of them.

1. Get your name and address off of mailing lists, subscriber lists, forms, directories, and data centers. You may need to keep doing that every year, as long as you have a credit card with your home address on it.

2.  Use Google only if you need to. Otherwise, use private/anonymous search engines. There are a few. I won’t name them, because when people start selecting one or other engine, then the powers-that-be start paying more attention and screw things up for them.

3. Use a virtual private network, but use it with caution. There’s a Catch-22 here. The free ones probably make money by selling your information… or worse. The ones that aren’t free need you to sign up on the net with an account and a credit card. Which means another vulnerability.  Passwords can be hacked and licenses can be stolen. Plus, VPN’s with servers and HQ’s in America, Britain, Europe and many other places, cannot protect your privacy if you get caught up with the police or lawyers, even tangentially.  Your ISP and VPN provider will be forced to comply with subpoenas and laws that demand data-sharing.

Completely anonymous off-shore VPN’s on the other hand can arouse government suspicion, even if you’re as innocent as a baa lamb.

Also, what if someone hijacks your VPN to commit crimes? How would you prove it wasn’t you, if someone wanted  to incriminate you?

I  asked the  FBI this recently, and they tell me that they can figure it out. But do you really want to be in a position where only the FBI can clear your name? And what if it’s the FBI that wants to get you in trouble? I mean, it’s not unheard of.

4. Limit what you do on the Internet. If you can’t stop using the net altogether (which is really the best option), try to curtail what you do. Limit what you buy on the net. Stop sending sensitive emails, even encrypted ones, over the net.  If you have to sell on the Internet to make a living, stay on top of computer crime by following a good security forum. Wilders is one.

5. Share computers or use public computers.  Lots of times, the easiest way to be private is to use a  computer used by other people you can trust, so long as you don’t input sensitive information. That way what you do is mixed up with what lots of other people are doing and it’s harder to track.

6. Don’t tell anyone your privacy tricks. I used to suggest things on this blog before, like using Scroogle or Ixquick. I don’t any more. The more people start using one trick, the more the government…or the criminals on the net…starts focusing on that trick. I’m not about to research things so people can track and harass me using my own research against me.

Who would do such a scummy thing?  Short answer – scum.

On the net, the scum rises to the top.

7. Don’t put your ideas out on the net, unless you’re prepared for everyone to take them without credit. While many people try to be ethical, a substantial number think that the ease of digital crime is a justification for it.

Keep your thoughts to yourself for other reasons, as well.  Any opinion you voice publicly is going to be held against you.

Write what your conscience demands. Just be sure you can live with how people will use it, misuse it, and abuse it.

8.  Avoid social media, unless you have to connect with someone for a reason. I deleted my Facebook account, my Digg account, Technorati, and a bunch of other things I don’t want to mention. I keep my blog up for several reasons, but from the viewpoint of privacy, it’s a terrible thing. I sometimes wish I had never begun it.

9. Keep a low profile. Even if you do have to write/blog, try to keep it under the radar. Blogging about politics is always going to get attention. You can’t avoid that. But you can always avoid  confrontations. You can always make an effort to give both sides their due,  You can filter comments, avoid posting on forums/sites you don’t know personally, and side-step flame-wars with all the cretins and sociopaths out there.

The net is a highway.  You’re driving next to strangers. Honking your horn or waving a hand at them is OK. Getting into their cars and driving off to dinner with them is another.

10. Watch your IP (Internet Protocol). Your IP address is being harvested by someone all the time. Cookies collect it, forums and boards record it, email providers and search engines track it.  You can disguise it or change it, but determined people can always get hold of  an IP.

That means they can figure out where you are, physically. Which is pretty unnerving. I’ve had a few nasty experiences when enemies got hold of my IP.

So change your IP as much as you need to; change your computer and  ISP provider every year, or even every six months. It’s not so hard to change a computer if you buy it refurbished or second-hand. A good Dell laptop can be had for about $120.  You can always sell the old one and get back some of your money.

On the other hand, you might want to arrange for a few traps for any would-be spies. In that case, your approach might be a bit different…..Be creative.

As for ISP’s, there are always deals, if you look for them.  Quote a price and ask your ISP if they will match it.  In this economy, companies are willing to lower their rates to attract customers.

War On India: Naval Command Info Hacked By Chinese IP’s

Posted on by

The Indian Express reports on July 1, 2012:

“Hackers have broken into sensitive naval computer systems in and around Visakhapatnam, the headquarters of the Eastern Naval Command, and planted bugs that relayed confidential data to IP addresses in China.

The Eastern Naval Command plans operations and deployments in the South China Sea — the theatre of recent muscle-flexing by Beijing — and beyond. India’s first nuclear missile submarine, INS Arihant, is currently undergoing trials at the Command.

The extent of the loss is still being ascertained, and officials said it was “premature at this stage” to comment on the sensitivity of the compromised data. But the Navy has completed a Board of Inquiry (BoI) which is believed to have indicted at least six mid-level officers for procedural lapses that led to the security breach.

The naval computers were found infected with a virus that secretly collected and transmitted confidential files and documents to Chinese IP addresses. Strict disciplinary action against the indicted officers is imminent.

Responding to a questionnaire sent by The Sunday Express on whether highly classified data had been sent to IP addresses in China due to the bug, the Navy said: “An inquiry has been convened and findings of the report are awaited. It needs to be mentioned that there is a constant threat in the cyber domain from inimical hackers worldwide.”

Sources, however, confirmed that classified data had been leaked, and the breach had possibly occurred because of the use of pen drives that are prohibited in naval offices. The virus was found hidden in the pen drives that were being used to transfer data from standalone computers to other systems, said a person familiar with the investigation.”

Stuxnet: A Chronology (Ongoing)

Posted on by

October 2, 2010

The NY Times now backtracks, claiming that Israeli cyber warfare experts are “too smart” to leave a clue behind. Thus..by inference…it must be a country that wants to implicate Israel, which..by inference…is Iran (surprise).  Too clever by half, these folks. Another reason I believe Israel or an Israeli-backed team is behind Stuxnet is the fact that Wikileaks apparently had a reference to a possible nuclear “accident” in Iran in July 2009. That is around the time when some researchers argue Stuxnet infections first began.

October 2, 2010

Jeffrey Carr backs off from the allegation that Israel is the culprit, claiming that Ralph Langner was the sole source of the allegation and was irresponsible in posting it on his blog as though it were the opinion of the intelligence community. Carr quotes an earlier piece of his, along with these words:

“Last week I wrote about how the Israel-Iran conspiracy theory around the Stuxnet worm was built entirely on one security engineer’s personal conjecture (Ralph Langner) with absolutely no weighing of alternative possibilities for attribution, nor any objective assessment of the evidence.”

However, if you click on the earlier piece he cites, he wrote nothing of the sort in it. Nowhere in that piece did Carr claim that Langner was the sole source of the allegation; he quotes the NY Times as noting several people who’d reached the same conclusion. Also, there is no hint in the piece that he considered Langner’s allegation speculative or poorly founded. He cited it instead as a likely possibility. This is clear back-pedaling, probably provoked by the fear that the story might lead to a crackdown on Iranian dissidents and foreigners. Well, of course it will. But that’s not the fault of journalists reporting on the story. Or of Ralph Langner, who clearly states on his blog that he is “speculating” (see previous link).

The fault lies with the unknown cybercriminal/s who came up with Stuxnet.

“Stuxnet Speculation Fuels Crackdown By Iranian Intelligence,” Jeffrey Carr, The Firewall, Forbes, October 2, 2010/

*October 1, 2010

[See “Clues Emerge About Genesis Of Stuxnet Worm,” CS Monitor, October 1, 2010]

*October 1, 2010

[“Israel: Smart Enough To Create Stuxnet; Stupid Enough To Use It” War In Context, Oct. 1, 2010]

*October 1, 2010

Cryptome is arguing that Israel would never have done anything so sloppy as what’s alleged. Could it be that some group is deliberately playing off one side against the other, that is, playing divide-and-conquer? Or is this more “plausible deniability”?

On looking back, I notice that one of the first people to launch the “Israel did it” allegation is one Richard Falkenrath, who works for the Chertoff Group (my emphasis).

That makes me wonder.

Here’s Cryptome:

“Really? Personally I’d be surprised if a crack team of Israeli software engineers were so sloppy that they relied on outdated rootkit technology (e.g. hooking the Nt*() calls used by Kernel32.LoadLibrary() and using UPX to pack code). Most of the Israeli developers I’ve met are pretty sharp. Just ask Erez Metula.

http://www.blackhat.com/presentations/bh-usa-09/METULA/BHUSA09-Metula-ManagedCodeRootkits-
PAPER.pdf

“It may be that the “myrtus” string from the recovered Stuxnet file path

“b:\myrtus\src\objfre_w2k_x86\i386\guava.pdb” stands for “My-RTUs”

as in Remote Terminal Unit. See the following white paper from Motorola, it examines RTUs and PICs in SCADA systems. Who knows? The guava-myrtus connection may actually hold water.

http://www.motorola.com/web/Business/Products/SCADA%20Products/_Documents/Static%20Files/SCADA_
Sys_Wht_Ppr-2a_New.pdf

As you can see, the media’s propaganda machine is alive and well.”

I am completely out of my depth in the technical part of this. But not in the propaganda part.

As an instance of the way group conflicts can be set off, think of how during the financial crisis there were an inordinate number of Indians being trotted out to do the explaining…and taking the brunt of the public’s anger, although last I looked, despite a respectable number of Indian billionaires, the head honchos of the major banks (with one exception) and the biggest and most important speculators, managers, and  international officials were not Indian, to phrase it as politely as possible.

Setting race and nation each against other is of course the modus operandi of the power elite, and both Kashmir and Israel have played that divisive role in the past….and continue to do so.

*October 1, 2010

A link to an Examiner piece is coming up right at the top of a Google search of Stuxnet and Israel. With all due respect to the author, who probably thinks he/she is on the side of the angels and simply preempting an outburst of anti-Semitism by this effort, the piece is quite misleading….and, apparently, deliberately so, as an examination of the other links listed here, from a variety of  sources in the West (see this NY Times pieces) will prove.

For instance, the Examiner piece doesn’t cite the reports from many western security companies and research teams (see links below) that have extensively researched the issue, nor does it acknowledge that it was these sites that first advanced the claim that Israel/Israeli hackers were likely responsible. Instead, it cites a Times of India piece that republishes the claims.

The attempt, apparently, is to mislead the public into thinking that the allegation of Israeli involvement is one mainly advanced by untrustworthy foreigners with axes to grind (note the description “Iran’s friend, India”).

“Another of Iran’s friends, India, is pushing the notion that Israel did it. According to an http://timesofindia.indiatimes.com on Friday, “A Biblical reference has been detected in the code of the computer virus that points to Israel as the origin of the cyber attack.” It’s further explained that the word “myrtus” is in the code, and that this is a “reference to the myrtle tree”

In point of fact, it was western security companies and western researchers who came to that conclusion.  Moreover, the targets of the worm fit very well with Anglo-Zionist imperial objectives – covering as they do the largest Muslim populations in Asia.

[See “German Firm Employee May Have Created Stuxnet; Israel Blames.” Examiner.com, October 1, 2010

*September 30, 2010

Quote:

“Buried in Stuxnet’s code is a marker with the digits “19790509” that the researchers believe is a “do-not infect” indicator. If the marker equals that value, Stuxnet stops in its tracks, and does not infect the targeted PC. The researchers — Nicolas Falliere, Liam O Murchu and Eric Chen — speculated that the marker represents a date: May 9, 1979. While on May 9, 1979, a variety of historical events occurred, according to WikipediaHabib Elghanian was executed by a firing squad in Tehran sending shock waves through the closely knit Iranian Jewish community,” the researchers wrote. Elghanian, a prominent Jewish-Iranian businessman, was charged with spying for Israel by the then-new revolutionary government of Iran, and executed May 9, 1979.”

Quote:

“Last weekend, Iranian officials confirmed that tens of thousands of PCs in their country had been infected by Stuxnet, including some used at a nuclear power plant in southwestern Iran that’s planned to go online next month. The Symantec researchers also revealed a host of other Stuxnet details in their paper, including a “kill date” of June 24, 2012, after which the worm will refuse to execute.”

[See “Stuxnet Code Hints At Possible Israeli Origin, Researchers Say,” by Gregg Keizer, Symantec, Sept. 30, 2010]

*September 30, 2010

Symantec puts out a dossier of information on Stuxnet that includes the following:- attack scenario and timeline, infection statistics, malware architecture, description of all the exported routines, injection techniques and anti-AV, the RPC component, propagation methods, command and control feature, and the PLC infector.

Eric Chien summarizes findings about the worm:

“Only more recently did the general public realize Stuxnet’s ultimate goal was to sabotage an industrial control system.

Analyzing Stuxnet has been one of the most challenging issues we have worked on. The code is sophisticated, incredibly large, required numerous experts in different fields, and mostly bug-free, which is rare for your average piece of malware. Stuxnet is clearly not average. We estimate the core team was five to ten people and they developed Stuxnet over six months. The development was in all likelihood highly organized and thus this estimate doesn’t include the quality assurance and management resources needed to organize the development as well as a probable host of other resources required, such as people to setup test systems to mirror the target environment and maintain the command and control server.”

[See W32.Stuxnet Dossier, Eric Chien, Sept. 30, 2010]

*September 25, 2010

Quote:

The director of the Information Technology Council of the Industries and Mines Ministry has announced that the IP addresses of 30,000 industrial computer systems infected by this malware have been detected, the Mehr New Agency reported on Saturday. An electronic war has been launched against Iran,” Mahmoud Liaii added.“This computer worm is designed to transfer data about production lines from our industrial plants to (locations) outside of the country,” he said.

[See “Iran Successfully Battling Cyber Attack,” Mehr News, Sept. 25, 2010]

*September 24, 2010

A piece in the Guardian suggests that a government agency is most likely behind the worm but warns against leaping to conclusions. It notes that many hackers/criminals might have become sophisticated enough to create a worm of this type. The piece notes that attacks against Iran have increased and that the identification of the worm was originally made by a Belarus security firm for an Iranian client and that Iran had been experiencing problems with their nuclear facility at Bushehr for months. It notes that the worm uses a stolen cryptographic key from the Taiwanese semiconductor manufacturer Realtek.

[See “Stuxnet Worm Is The Work Of A National Government Agency,” Josh Halliday, Guardian, Sept. 24, 2010]

“Stuxnet: The Trinity Test Of Cyberwarfare,” War In Context, Sept. 23, 2010

*September 16, 2010

Symantec researchers say that Stuxnet had to be created by a state, because it was the most devious and sophisticated malware they’d come across.

Quote:

“I don’t think it was a private group,” said O Murchu. “They weren’t just after information, so a competitor is out. They wanted to reprogram the PLCs and operate the machinery in a way unintended by the real operators. That points to something more than industrial espionage.”

The necessary resources, and the money to finance the attack, puts it out the realm of a private hacking team, O Murchu said.

“This threat was specifically targeting Iran,” he continued. “It’s unique in that it was able to control machinery in the real world.”

“All the different circumstances, from the multiple zero-days to stolen certificates to its distribution, the most plausible scenario is a nation-state-backed group,” said Schouwenberg, who acknowledged that some people might think he was wearing a tin foil hat when he says such things. But the fact that Iran was the No. 1 target is telling.”

[See “Is Stuxnet the Best Malware Ever?” Gregg Keizer, Symantec Security Response, Sept. 16, 2010]

*September 13, 2010

German computer security research Ralph Langner speculates that Stuxnet is part of cyberwar:

Ralph’s theory — completely speculative from here

“It is hard to ignore the fact that the highest number of infections seems to be in Iran. Can we think of any reasonable target that would match the scenario? Yes, we can. Look at the Iranian nuclear program. Strange — they are presently having some technical difficulties down there in Bushehr. There also seem to be indications that the people in Bushehr don’t seem to be overly concerned about cyber security. When I saw this screenshot last year (http://www.upi.com/News_Photos/Features/The-Nuclear-Issue-in-Iran/1581/2/) I thought, these guys seem to be begging to be attacked. If the picture is authentic, which I have no means of verifying, it suggests that approximately one and a half year before scheduled going operational of a nuke plant they’re playing around with software that is not properly licensed and configured. I have never seen anything like that even in the smallest cookie plant. The pure fact that the relevant authorities did not seem to make efforts to get this off the web suggests to me that they don’t understand (and therefore don’t worry about) the deeper message that this tells.

Now you may ask, what about the many other infections in India, Indonesia, Pakistan etc. Strange for such a directed attack. Than, on the other hand, probably not. Check who comissions the Bushehr plant. It’s a Russian integrator that also has business in some of the countries where we see high infection rates. What we also see is that this company too doesn’t seem to be overly concerned about IT security. As I am writing this, they’re having a compromised web site (http://www.atomstroyexport.com/index-e.htm) that tries to download stuff from a malware site that had been shut down more than two years ago (www.bubamubaches.info). So we’re talking about a company in nukes that seems to be running a compromised web presence for over two years? Strange.
I could give some other hints that have a smell for me but I think other researchers may be able to do a much better job on checking the validity of all this completely non-technical stuff. The one last bit of information that makes some sense for me is the clue that the attackers left in the code, as the fellows from Symantec pointed out — use your own imagination because you will think I’m completely nuts when I tell you my idea.

Welcome to cyberwar.”

[See “Stuxnet is a directed attack: hack of the century,” Ralph Langner]

*September 8, 2010

German computer security expert Ralph Langner writes to a friend:

Historical document: Ralph informs Joe Weiss what Stuxnet is. Note the date of the email.

*July 22, 2010

Symantec analyzed W32.Stuxnet as a worm that uses a  hitherto unknown Windows bug to attack and then searches the target for SCADA systems and design documents. SCADA is a network used to control utilities, transportation and other critical infrastructure. The worm then contacted Command &Control servers that control the infected machines and retrieved the stolen information. The servers were located in Malaysia and Symantec redirected traffic away from them to prevent the take-over of the information.

Within a 72 hours period Symantec identified close to 14,000 IP addresses infected with W32.Stuxnet trying to contact the C&C server. 58.85 % came from Iran, with the rest coming from Indonesia (18.22%), India (8.31%), with the Azerbaijan, US, and Pakistan making up the other affected countries, with under 2% each (this information is also provided at the Microsoft website).

[See Symantec Security Response,W32.Stuxnet – Network Information, Vikram Thakur, July 22, 2010]

*July 21, 2010

Quote:

“The zero-day vulnerability, rootkit, main binaries, stolen digital certificates, and in-depth knowledge of SCADA software are all high-quality attack assets. The combination of these factors makes this threat extremely rare, if not completely novel.

Quote:

The complexity and quality of the attack assets lead some to believe only a state would have the resources to conduct such an attack. However, the usage of the second digital certificate is a bit odd. One could make the case that once the first attack succeeded, a state would take cover and not waste the second digital certificate. Instead, by signing a very similar binary, security companies were immediately able to detect the second stolen certificate, making it useless in further compromises…..

Quote:

.. Hackers bound by a common cause may target another country, organization, or company that they feel are their enemies. Such hacking groups often have the patience and expertise to gather such attack assets. Further, their goals of continued attack may lead them to continue to refine their attack as they are thwarted or discovered, such as resigning their driver files with a newly stolen digital certificate, modifying their binaries to avoid security product detection, and moving their command-and-control hosts as they are decommissioned…..

Quote:

…..This scenario [terrorism] is like something out of movie and, while for most attacks we’d immediately dismiss this as a possibility, given the amount and quality of the attack assets, terrorism even seems within the realms of possibility in this case.

[See “The Hackers Behind Stuxnet” by Patrick Fitzgerald, Symantec Security Response,  July 21, 2010]

*July 17, 2010

Researchers find that Stuxnet targets industrial control systems of the kind that control manufacturing and utility companies. It targets Siemens management software called Simatic WinCC, which runs on the Windows operating system.

The systems that run the Siemens software, called SCADA (supervisory control and data acquisition) systems, aren’t usually connected to the Internet, but the virus spreads when an infected USB stick is inserted. If it detects the Siemens software, the virus logs in using a default password.

[See “New Virus Targets Industrial Secrets,” Robert McMillan, Computer World, July 17, 2010]

*July 16, 2010

Symantec starts a blog series on the Stuxnet infection that continues through the summer and into September

[See also Microsoft Security Advisory, July 16, 2010 and Krebson Security, July 16, 2010]

*July 7, 2010

Stuxnet could well have caused the glitch in the solar panels of India’s Insat-4B satellite on July 7, 2010. That led to the shutting down of 12 out of 24 of the transponders and 70% of the customers dependent on Direct to Home (DTH) including those using Doordarshan (Indian TV), Sun TV and Tata’s VSNL. The customers were redirected to point to the Chinese satellite  ASIASAT-5, owned and operated by Asia Satellite Telecommunications Co., Ltd (AsiaSat) whose two main shareholders are General Electric (GE) and China International Trust and Investment Co. (CITIC), a state-owned company

[See “Did The Stuxnet Worm Kill India’s INSAT-4B Satellite?” by Jeffrey Carr, The Firewall, Forbes.com, Sept. 29, 2010]

*June 16, 2010

Symantec Security Response Team begins its investigation into the Stuxnet worm. The first sample dates from June 2010, but the team believes the worm dates back a year, or maybe even earlier.

*June 2010

The malware is first identified by a Belarus security company, Virusblokada, for its Iranian client.

[See Symantec Security Response, webpage, Sept 30, 2010]

*January 2010

Stuxnet infection begins, according to Symantec

*July 2009

Stuxnet infection begins, according to to Kasperksy

India Begins First Biometric Census

Posted on by

India launches the first biometric census today, reports the BBC.

“India is launching a new census in which every person aged over 15 will be photographed and fingerprinted to create a biometric national database. The government will then use the information to issue identity cards.

Officials will spend a year classifying India’s population of around 1.2 billion people according to gender, religion, occupation and education. The exercise, conducted every 10 years, faces big challenges, not least India’s vast area and diversity of cultures.

Census officials must also contend with high levels of illiteracy and millions of homeless people – as well as insurgencies by Maoists and other rebels which have left large parts of the country unsafe.
President Pratibha Patil was the first person to be listed, and appealed to fellow Indians to follow her example “for the good of the nation”. “Everyone must participate and make it successful,” she said in Delhi.

‘Unstoppable’
This is India’s 15th census and the first time a biometric element has been included.”

If only it were an April Fool’s prank. Unfortunately, it’s the real thing.

The master mind behind it is Nandan Nilekani, the co-founder of IT outsourcing giant Infosys, hero of the Gideon’s Bible of globalization, Thomas Friedman’s “The World Is Flat” (a book I confess I’ve given a small thrashing to), and the man who coined the irritating meme in the first place.

As this Times article points out, less than 7% of the Indian population of over a billion (that is, around 75 million) pays income taxes. There’s also rampant corruption, a thriving black market, endless bureaucracy, and documentation requirements that make cross-state travel a time-consuming burden.

The ID is supposed to end all that. What it will begin, we can only guess.

As we blogged a while back, even the UK, the Anglophone world’s police-state petri dish, crammed to the gills with CCTV and traffic cameras, managed to squash this frightening initiative when it was introduced there.

Unfortunately, Europe has taken to it, with Germany, France, Belgium, Greece, Luxembourg, Portugal, and Spain among the 100 countries that use compulsory national identity cards.

But India, it need hardly be said, is not Europe. Besides the civil liberties dangers, the costs are heavy. In the UK, they were estimated to have been between 10-20 billion pounds. In India, they are said to be around 3 billion pounds (other figures I’ve seen are $6.6 billion and 300 billion rupees), an enormous burden on the public treasury. And the number is only an estimate, which, like all government estimates of future costs, is almost 100% certain to be over optimistic.

The other major mandate that Nilekani claims is that the new ID will help bring services and subsidies to the poor and prevent their theft or loss. This would be more reassuring if Nilekani didn’t count among former clients of Infosys such experts at combining doing good with doing well as Goldman Sachs.

The Times article describes the card thus:

“A computer chip in each card will contain personal data and proof of identity, such as fingerprint or iris scans. Criminal records and credit histories may also be included.

Mr Nilekani, who left Infosys, the outsourcing giant that he co-founded, to take up his new job, wants the cards to be linked to a “ubiquitous online database” accessible from anywhere.”

Nilekani is head of the newly-created Unique Identification Database Authority of India (IDAI) and he has received 19 bids for its first project from vendors including Tata Consultancy Services, Wipro, HCL, IBM, and his own company, Infosys.

For every rupee of IT spending on the project, industry experts estimate, around 60 per cent of this will go to hardware vendors (see Biometrics4You)

Update:

Biometrics4You lists other aspects of the initiative:

The Reserve Bank of India (RBI – the central bank of India) has announced plans to roll out new guidelines to help financial institutions use biometrics at ATMs in rural areas without access to banking. The Orwellian term for this is un-banked or under banked...as though there were some optimal level of banking every square foot of the earth should have.

Facebook Charged With Violating Federal Laws

Posted on by

As I blogged earlier, Facebook’s policies and settings are themselves a problem, misleading users and indeed, abusers. It’s now being charged with violating federal privacy laws:

“Ten privacy organizations filed a complaint against Facebook Inc. to the Federal Trade Commission Thursday, arguing that recent changes to the social-networking company’s privacy policies and settings violate federal laws.

The complaint, spearheaded by the Electronic Privacy Information Center, or EPIC, was triggered by changes Facebook made in November and December. Those changes included recommending people set more of their information to be public rather than visible only to friends and treating new information, like a person’s gender and lists of friends, as “publicly available information” that Facebook may share with software developers who build services for Facebook users.

The complaint asks the FTC to investigate the practices and to require Facebook to restore previous privacy settings that allowed people to choose whether to disclose personal information.

A Facebook spokesman saidit “discussed the privacy program with many regulators, including the FTC, prior to launch and expect to continue to work with them in the future.”

The complaint is the latest sign of how privacy—or at least consumers’ perceptions about it—remains a problem for Facebook.”

Libertarian Living: The Nano Car

Posted on by

“The mini-car is the brainchild of one of India’s top industrialists, Ratan Tata, who had a dream to move millions of Indian families off their two-wheelers and into a safer, all-weather alternative. Many auto experts here have likened the Nano to the Henry Ford Model T that revolutionized American life a century ago. The down payment for a Nano is about $70. I made a promise and I kept that promise,” the soft-spoken 71-year-old Tata said at a glitzy launch party Monday. “I dedicate this car to the youth of India who designed it and will use it to transport their families. It shows that nothing is really impossible if you set your mind to it.”

The global economic downturn has only made the car more desirable, and not only in developing nations, Tata said. The company is planning to launch a version of the Nano in Europe in 2011, and after that a souped-up Nano for the U.S. market…..”

More at the Washington Post.

Comment

Hmm. Hate to sound like some desi nationalist preening. But really.  Jack Welch comes out with a begging bowl (he was one of the business men selling the bail out and now he was one of the loudest voices asking for calm on the AIG bonuses)…..

And Tata gives us a car for the masses (I mean the American masses too). No more hideous gas-guzzling SUVs.  A downsized car for a downsized economy….

This was my feel-good story for the month.  Business and technology supplying a market need and solving problems,  in spite of what anti-business propaganda might say.  Of course, I don’t consider the rent- seeking parasites who cozy up to government to be anything more than a criminal class, the kind free-loading inevitably produces, whether at the bottom of society, or more perilously, at the top….