Climate Camp to London police: We won’t tell you where the next camp is because you keep beating us up

August 25, 2009

Vodpod videos no longer available.

Climate Camp organisers demonstrate a cracking expertise with web media and the power of decentralised decision-making.

Having trouble with the authorities ruining your social activities?  Getting beat up frequently by the police?

Leverage the web to humiliate your opponent and gain the upper hand in a smashing example of modern, technology enabled social activism.


Is Huawei behind GhostNet?

July 8, 2009

huawei_logo_001

Huawei is the state run Chinese telecom infrastructure provider, who’s aggressive pricing and high quality devices have made them the favourite of many national IT backbones (including Britain).  Are they involved with GhostNet and could they be used for further international espionage?

IT security threats and web wars are an integral component of today’s security and humanitarian landscape.  Much has been made about Twitter’s role in the recent Iranian social unrest, for example.  A recent Reuters report suggests that Isreal is turning to cyberwarfare for increasingly sophisticated jamming attacks and offensives.

“Asked to speculate about how Israel might target Iran, Borg said malware — a commonly used abbreviation for “malicious software” — could be inserted to corrupt, commandeer or crash the controls of sensitive sites like uranium enrichment plants.

Such attacks could be immediate, he said. Or they might be latent, with the malware loitering unseen and awaiting an external trigger, or pre-set to strike automatically when the infected facility reaches a more critical level of activity.”

Organised and swarm-based attacks on central state infrastructure has become so common as to barely warrant news mention.  A North Korean bot net is currently attacked dozens of US government websites in Seoul (“North Korea Launches Massive Cyberattack on Seoul“)  From Slashdot:

“A botnet composed of about 50,000 infected computers has been waging a war against US government Web sites and causing headaches for businesses in the US and South Korea. The attack started Saturday, and security experts have credited it with knocking the Federal Trade Commission’s (FTC’s) web site offline for parts of Monday and Tuesday. Several other government Web sites have also been targeted, including the Department of Transportation.”

GhostNet

Although these attacks are from North Korea, many others originate in China.  A recent study from by the InfoWar Monitor uncovered a “massive Chinese espionage network,” called GhostNet.  The Guardian reports:

“GhostNet appears to target embassies, media groups, NGOs, international organisations, government foreign ministries and the offices of the Dalai Lama.

After 10 months of study, the researchers concluded that GhostNet had invaded 1,295 computers in 103 countries, but it appeared to be most focused on countries in south Asia and south-east Asia, as well as the Dalai Lama’s offices in India, Brussels, London and New York. The network continues to infiltrate dozens of new computers each week.

There was a similar article in the New York Times, Vast Spy System Loots Computers in 103 Countries“.

The Huawei Connection

No definite proof has been found linking the Chinese state to these actions.  Yet many are worried that the Chinese government may play a role in such attacks.  A recent white paper from the University of Cambridge, entitled “The Snooping Dragon“, claims to have documented concrete evidence of state officials using malware to infiltrate pro-Tibet activist computers.

The link to China’s state communications company, Huawai, appears particularly suspect.  Huawei technology is at the core of BT’s new 10 billion communications upgrade.  A NetworkedWorld article discusses the close connections between Huawei and the Chinese military.  It reports,

Huawei maintains deep ties with the Chinese military, which serves a multi-faceted role as an important customer, as well as Huawei’s political patron and research and development partner.

Both the government and the military tout Huawei as a national champion, and the company is currently China’s largest, fastest-growing, and most impressive telecommunications equipment manufacturer.

In a related report entitled “Spy Chiefs Fear Chinese Security Threat”, The Times Online reports,

INTELLIGENCE chiefs have warned that China may have gained the capability to shut down Britain by crippling its telecoms and utilities.
According to the sources, the ministerial committee on national security was told at the January meeting that Huawei components that form key parts of BT’s new network might already contain malicious elements waiting to be activated by China.
Working through Huawei, China was already equipped to make “covert modifications” or to “compromise equipment in ways that are very hard to detect” and that might later “remotely disrupt or even permanently disable the network”, the meeting was told.
This would be likely to have a “significant impact on critical services” such as power and water supplies, food distribution, the financial system and transport, which were dependent on computers to operate.

INTELLIGENCE chiefs have warned that China may have gained the capability to shut down Britain by crippling its telecoms and utilities.

According to the sources, the ministerial committee on national security was told at the January meeting that Huawei components that form key parts of BT’s new network might already contain malicious elements waiting to be activated by China.

Working through Huawei, China was already equipped to make “covert modifications” or to “compromise equipment in ways that are very hard to detect” and that might later “remotely disrupt or even permanently disable the network”, the meeting was told.

This would be likely to have a “significant impact on critical services” such as power and water supplies, food distribution, the financial system and transport, which were dependent on computers to operate.

Discussion

Many wonder how Huawei might accomplish these security breaches.  WTWU at SpyBlog suggests that it would be silly for Huawei to do so.  They write,

It would be incredibly risky for the Chinese Government to attempt to insert such trojan horse “backdoors” into Huawei manufactured equipment, especially into the hardware, where the evidence cannot be deleted after a Denial of Service attack etc.

The cost of using such a capability, if it even exists, would be to immediately destroy the multi billion pound Huawei company commercially.

Yet in a recent confidential interview, an ex-Huawei employee suggested that the speed of sales and the level of complexity of such systems has little to no quality control checking or safety assurance of the components.

It would therefore be close to impossible to monitor the security of the commercial services sold by Huawei, given the tremendous volume of such sales.

Worse than hardware might be a software backdoor, which is easily modifiable and less risky than hardware breaches.

Although there is no evidence that Huawei is related to the kinds of cyberattacks and web espionage efforts such as GhostNet, there does appear to be a plausible connection.

The impact of such a link, and its relationship to development and humanitarian aid, may be worthy of monitoring and consideration.


Reviewing the American Red Cross Social Media Strategy Handbook

July 6, 2009

Wendy Harman at the American Red Cross just posted a draft of their proposed Social Media Strategy Handbook.   We think it is great.

Note, this is only a screenshot.  Unfortunately WordPress doesn't let you embed Google presentations yet.

One of the core tenants of HFP is that humanitarian aid organisations must become more savvy with social network technologies (and tactics).  This collaborative document, built on top of the shared policies of many other organisations, is an excellent example of this is practice.

The document is remarkable in at least three ways:

  1. It was produced collaboratively, built upon the shared policies of other organisations.
  2. It is being shared over the web, in full and in an easily shared format, for comment and discussion
  3. It is very clever, practice relevant, and a great example of practising what you preach

The entire strategy can be found here as a text version.  The Google Docs slideshow is excellent as well.  Well done Wendy!


Internet “not so hot” at motivating action

May 18, 2009

nader

Social activist Ralph Nader suggests that the Internet “doesn’t do a very good job of motivating action” in a recent speech.

In a great review of a recent Ralph Nader speech over at, Ars Technica, long time social activist Ralph Nader suggests that, while excellent for gathering information, use of the web as a social activism tool may be limited.

The Internet has become more of an extension of market life than civic culture, he warned, the latter dwarfed by the shopping mall. Nader asked the students to indicate by a show of hands how many had ever been to a city council meeting or a court trial as an observer. Then, he queried, how many had been to Wal-Mart or McDonalds? The audience was understandably reluctant to cooperate with this rhetorical set-up, but everybody got the point.

“In fact, it’s worse now than ever,” he scolded the students. “You spend six times longer listening to music than we did when we were your age. And last I knew there were only 24 hours in the day. And you’re always on the [at this point Nader mimicked a cell phone] ‘Where are you? Two blocks away?’ Massive trivialization of communications.”

Sure, Nader conceded, there’s moveon.org. “They generate a lot of e-mails. But then it goes down fast after that, in terms of anything else.” And then there was the Obama online victory. But “they’re wondering why their 13 million e-mail list isn’t translating into a power force on Congress, to get his agenda through.”

The problem, Nader warned, is that whatever benefits the Internet offers, “it’s a huge consumption of trivial time. That’s the real negative. You can just lose yourself.”

He challenged the young crowd to project themselves years into the future, talking to their grandchildren. “What are you going to say to them?” he rhetorically asked.

“You know. The world is melting down. They’re nine years old. They’re sitting on your lap. They’ve just become aware of things that are wrong in the world: starvation, poverty, whatever. And they ask you, what were you doing when all this was happening: Grandma? Grandpa? That you were too busy updating your profile on Facebook?””

“Are big corporations afraid of the public use of the Internet? Does Congress fear the civic use of the Internet? Does the Pentagon fear the civic use of the Internet? Those are the questions you want to ask,” Ralph Nader told an auditorium of college students in Washington, DC on Monday. “My tentative conclusion,” he continued, “is that the Internet doesn’t do a very good job of motivating action.”

Commentary

This is an interesting counter trend to the “Twitter is Salvation” crowd, which I’ve found echoed in many places recently.

For example, at a recent futures workshop for consultancy outsights, Vinay Gupta suggested that the web was useful for organising people around some kinds of problems, some of the time.  It was suggested that problems requiring extensive, drawn-out collaboration between large groups tended not to work on the Internet, where problems requiring short, quick intervention do.  See the recent success of flashmobs or crowd sourced fundraising for some examples of successful mass collaborations empowered by the web.

But are these really collaborations?  What about the really difficult, contentious things?  Research has found that the web actually tends to fragment political dialogue more than unite it.

Does the web actually promote collective social action around difficult, collaboration, negotiation intensive problems?  Or does it just facilitate the quick and easy wins, leading to ever greater political and social fragmentation?


GPS accuracy could start to drop in 2010

May 17, 2009

gps

A new US GAO report has found that organisational factors in the US Air Force’s contracting and budget management process may result in decreased accuracy or even failure of the global GPS system, starting in 2010.

From the report:

The Global Positioning System (GPS), which provides positioning, navigation, and timing data to users worldwide, has become essential to U.S. national security and a key tool in an expanding array of public service and commercial applications at home and abroad. The United States provides GPS data free of charge. The Air Force, which is responsible for GPS acquisition, is in the process of modernizing GPS. In light of the importance of GPS, the modernization effort, and international efforts to develop new systems, GAO was asked to undertake a broad review of GPS.

The report reviewed the Air Force’s replacement programme for the ageing GPS satellites and that,

“If the Air Force does not meet its schedule goals for development of GPS IIIA satellites, there will be an increased likelihood that in 2010, as old satellites begin to fail, the overall GPS constellation will fall below the number of satellites required to provide the level of GPS service that the U.S. government commits to. Such a gap in capability could have wide-ranging impacts on all GPS users, though there are measures the Air Force and others can take to plan for and minimize these impacts.”

It concludes, “it is uncertain whether the Air Force will be able to acquire new satellites in time to maintain current GPS service without interruption. If not, some military operations and some civilian users could be adversely affected.”

Commentary

We have become so dependent on GPS in many ways over the last 5 to 10 years.  Crowd sourced crisis mapping, rapid disaster response, and large force co-ordination all depend on GPS and location awareness abilities.

I would love to see a scenario play out whereby aid, development and military organisations invest increasing resource on such advanced location aware technologies, only to have them fail or decay.  What would such a scenario look like?

Obviously the US military won’t let the system fail.  A commentary on TidBITS writes that, “even if the satellite constellation drops below 24 satellites, that doesn’t mean that GPS service will fail altogether. It does mean that the level of accuracy that both military and civilian users have become accustomed to – which is actually higher than promised – may degrade significantly.”

Alternative systems also may come online in the coming years.  The EU is developing a civilian GPS system called Galileo, scheduled to come online in 2013, and the Russian GLONOSS system may be repaired as well (the system was developed in 1995, but fell into disrepair due to lack of funds.  It has been promised to come back online by 2010, but there are doubts about this).

It is likely that the US Air Force will fix the system before disruptions become critical.  It is also likely, however given the history of bureaucracy and budgetary inflation at the Pentagon (see the F-111, B-1, or F-15 debacles for case studies), that these repairs won’t be done in a timely or efficient manner, but only at great expense and with great fanfare and inefficiency after the fact.


A battle over open-source in Africa

May 16, 2009
Image source: XCID

Image source: XCID

The BBC had a nice article this week summarising the battle over open-source software in African markets.

Microsoft has been pursuing an aggressive policy of market expansion in Africa, even selling stripped down (some say “crippled“; i.e., less functional) versions of Windows XP at reduced rates (called Windows 7 Starter, the application is rumoured to allow users to only run three programs at a time).

The piece quotes Microsoft’s Africa chairman, Dr. Cheikh Modibo Diarra, who suggests that open source costs you more money over time.  “You buy Microsoft software, and you buy it once and for all, the cost that we tell you is the total cost for ownership.”

Ken Banks from Kiwanja.net (who we have discussed previously), argues that this is a false critique, that a top-down corporate model is not what Africa needs, and that there are already many existing, bottom up solutions to products that Microsoft is trying to gain market share with.

Banks is quoted as saying, “today we’re seeing growing open-source programmer, developer communities in South Africa, Ghana, Kenya, Nigeria and other African countries. Clearly, if you have this informal programming sector coming up, access to source code is almost critical if they are going to be able to take advantage of these new tools that are emerging.”

The battle is still being fought, and if the experience of the fight between the OLPC project and Microsoft is any example, it won’t be dying down anytime soon.


Hans Rosling Video Gapcast: Swine Flu News versus Death Ratio

May 11, 2009

Hans Rosling, of Gapminder fame, recently posted a humorous and perspective-inducing video comparing the number of deaths from swine flu to those from tuberculosis.

Vodpod videos no longer available.

The famous Swedish statistician compares the amount of media coverage for swine flu to that of tuberculosis, normalised by the number of deaths caused by each in a two week period.

Obviously swine flu has pandemic potential and could still make a break for the big time, in substance if not in coverage alone.  But this is nonetheless a lovely measure of calm in the midst of an otherwise pandemic-crazy,  catastrophe prone outlook.

Many thanks to Infosthetics for the tip.