Menu Close

Tag: hackers

No Escape from the Dreaded Content

When I started Exolymph, I thought about making it a links newsletter instead of a random-reflections newsletter. I decided not to do that for two reasons:

  1. There are also already tons of links newsletters, and far fewer newsletters that offer a five- or ten-minute shot of ideas. (Glitchet is an excellent links newsletter that also features weird net art.)
  2. As a person who subscribes to many links newsletters, I know that they can be stressful. There are more interesting articles than I have time to read.

However. I’ve come across so many incredible stories over the past forty-eight hours that I can’t narrow it down. (I did limit the Trump content.) Not all of these articles were published recently, but they’re all indicative of The State of the World, Cyber Edition.

Don’t click on anything that doesn’t truly grab you, just let the deluge of headlines keep flowing…

“Who is Anna-Senpai, the Mirai Worm Author?”

Brian Krebs, a respected cybersecurity journalist, investigated the botnet that knocked his site down with a massive DDoS attack last September. The result is a bizarre real-life whodunnit that takes place almost entirely online, replete with braggadocious shitposting on blackhat forums and the tumbling of shaky Minecraft empires. SO GOOD. (Also, buy his book!)

“Security Economics”

Spammers and hackers are just in it to get rich, or whatever the Eastern European equivalent is. (That stereotype exists for a reason. Again, buy Krebs’ book!) This is a quick overview of the players’ financial motives from an industry participant.

“Scammers Say They Got Uber to Pay Them With Fake Rides and Drivers”

The headline sums it up pretty well. Bonus: identity-theft slang!

“Doomsday Prep for the Super-Rich”

Both hilarious and depressing, my favorite combo. Silicon Valley billionaires and multimillionaires are buying up land in New Zealand, stockpiling weapons, and getting surgery to fix their eyesight. Their paranoia — or is it pragmatism? — is framed as a reaction to Trump’s election. Here’s a more explicitly political companion piece, if you want that.

“This Team Runs Mark Zuckerberg’s Facebook Page”

As the wise elders have counseled us, “He who leads Brand… must become Brand.” Zuck is taking that ancient adage seriously. The kicker: “There are more than a dozen Facebook employees writing Mark Zuckerberg’s posts or scouring the comments for spammers and trolls.” MORE THAN TWELVE HUMAN BEINGS.

“Advanced Samizdat Techniques: Scalping Millennials”

Warning: authored by a notorious neo-Nazi. Everything weev does is evil. But also brilliant. Here we have an example of both, which is funny if you’re able to momentarily suspend your sense of decency. (I didn’t cloak the link, because it leads to Storify rather than a Nazi-controlled website.)

“World’s main list of science ‘predators’ vanishes with no warning”

Either someone is suing the poor guy who compiled it, or… threatening his family? Let’s hope the situation isn’t that sinister.

“Dictators use the Media Differently than Narcissists and Bullies”

Guess which self-obsessed politician this is about? (Granted, all politicians are more self-obsessed than the average person. But the MAGNITUDE, my friends, the magnitude!)

“RAND’s Christopher Paul Discusses the Russian ‘Firehose of Falsehood'”

A counterpoint to the previous link.

“How Casinos Enable Gambling Addicts”

Modern slot machines are expertly engineered to trick players and engender addiction. (The writer strongly implies a regulatory solution, which I don’t endorse, but the gambling industry is definitely diabolical.)

Lastly — most crucially — Ted Cruz totally clobbered Deadspin on Twitter. Aaand that’s it. Enjoy your Wednesday.


Header artwork by Emre Aktuna.

Perils of the Connected Farm

Note from the editor: My friend Greg Shuflin posted the following story on Facebook. I asked if I could redistribute it here, and he said yes.


It was a pretty crazy day on the farm — the farm of the neocyberpunk 2040s that is, where cybernetically modified agrohackers wielded vast armies of AI-controlled smart tractors and fertilizer drones to eke their genejacked grain out of the dry soil of the post-Ogallala hellscape that was once a polity called “Kansas”.

Old Farmer Mauricio had programmed his cyberbrain to start nanofabbing caffeine molecules at 6am, and ever since then he’d been dealing with shit — some web bandits had exploited a quantum memory zero-day and broken into half of his private cloud’s namespace. Probably some fucking thirty-something LOMPs [low-marginal-product-of-labor proles on basic income] with nothing better to do than fuck with people, Mauricio thought to himself darkly.

Before the sun was finished rising, Mauricio had patched the vuln, killed as many of the malware AIs as he could find on his network, and had started to restore the water-recycler control AI from backup. He grabbed a quick breakfast of rice porridge and a Chinese doughnut, then woke up his lazy teenage nephew Chuck, who was staying with him during the growing season.

“Time to get up, Chucko,” he said, as the sleepy teen fumbled for his ocular implant on the pile of dirty laundry near his bed. “We’ve been hacked. I really need your help today.”

Chuck quickly brushed his teeth, threw on some work clothes, and went to the hovertractor in order to go do a hard reset on the network node out in field #3. But as he pulled the tractor out of the garage, he found that his way forward was blocked.

All of the AI-controlled wheel hoes that his uncle owned were spinning in circles and brandishing their spikes, in the most menacing fashion that their hardware allowed. Of course, the damn wheel hoes were behind the same firewall as everything else! So they had been infected and turned by the LOMPs’ fuckery too.

Mauricio let his nephew set out, with a word of warning: “Watch yourself, kid. These hoes ain’t loyal.”


You may be wondering, “Was that whole story really just build-up for a pun based on a Chris Brown song?” The answer is that yes, yes it was. Watch out for the LOMPs at work today, y’all.


Header photo by Michele Walfred.

Wanted: Rigorous Intuition

A significant part of San Francisco’s public transit system was hit by a cyberattack this weekend. It looks like ransomware, but the hackers haven’t actually asked for anything yet. SFMTA is currently just giving everybody free rides. Their email system was also impacted. Employees aren’t sure if payroll will go through properly.

lol who knows ¯\_(ツ)_/¯

I saw two different people tweet that this virtual hijacking is a sign: we live in a dystopian sci-fi novel after all! (What else is new…) Immediately, I thought of the essay that I linked in response to the election, “On Trying Not To Be Wrong”:

Like many people, I’ve thought 2016 was a surreal year; the Cubs won the World Series, the Secretary of State went on television to warn people about white-supremacist memes, Elon Musk has landed rockets on ocean platforms and started an organization to develop Friendly AI. Surreal, right?

No.

It’s real, not surreal. If reality looks weird, this means our stories about it are wrong. […] And being totally wrong about how the world works is a threat to survival.

Sarah Constantin is right. Reality marched on without those of us who misjudged it. Ironically, since I was so thoroughly deceived by 2016, “The Cyberpunk Sensibility” feels pretty damn correct right now. All those ’80s authors who pioneered computer-noir were more prescient than they probably realized.

Philip K. Dick reality quote. Image via ▓▒░ TORLEY ░▒▓. Quote purportedly from I Hope I Shall Arrive Soon.

Image via ▓▒░ TORLEY ░▒▓. Quote purportedly from I Hope I Shall Arrive Soon.

Venkatesh Rao wrote about engaging with uncomfortable realities in a particularly good episode of Breaking Smart:

23/ This means accepting that your mind will need to go into both distressing and flow regimes as required by the situation, and accepting whatever emotions result.

24/ Perhaps the most important emotion to manage is that of feeling powerless. This causes acute distress and strong retreat-to-prowess urges.

25/ But you’re rarely entirely powerless. You can usually cobble together some meaningful, if clumsy, response to a situation with the skills you have.

26/ On the frontier, where there are no experts, and everybody is a beginner, this is often the only possible response. Unexplored nature is the ultimate asymmetrically superior adversary.

[…]

49/ The world is full of people and groups terrified of wandering beyond situations they are confident about handling. Those who make overcoming that terror a habit have an advantage.

50/ When a group of such people, with better-than-the-rest levels of emotional self-regulation, band together, they can form an unstoppable force. That’s what it takes for groups and organizations to break smart.

We can do it. Well, some of us. Which of us remains to be seen. Honestly, I am frightened that I may not be able to manage this.

Unsolved Appearance of a Virus

Photo by Steve Jurvetson.

Photo by Steve Jurvetson.

In the beginning there was the Word, and the Word was mainly “database”. Okay, fine, “backup” came into play quite soon, but “database” was key from the start.

After the beginning, there were a lot of other words, but you wouldn’t understand them. Those words were transmitted to the computer in a language that you’re not familiar with, at least not yet. The meaning was understandable to the machine even though most of its administrators had forgotten its subtleties. They didn’t care, since the behemoth did what it was supposed to.

The admin team — five engineers and ten remote devs who supported them — was bound together by stress. Crunch time and emergency restorations smoothed over their differences (while simultaneously magnifying other differences). When you maintain a computer the size of a house, the project consumes all of you. Really, the computer was a house. All the onsite engineers lived there, in the bowels of the machine. Its metal and silicon body occupied the tall column of emptiness that had been retrofitted into the building’s structure.

Sam used to enjoy repeating that cliche: “The bowels of the machine!” It was a joke until he committed suicide. His corpse became part of the computer’s intestinal ecosystem. (No, no, management ordered that it be removed.)

The machine was not sentient. No one ever thought that — Silicon Valley had given up on true artificial intelligence decades ago. Rather, the provocation uploaded through Sam’s brainlink was sabotage. Someone had been monkeying around with the firmware, and then the layer on top of that, and then even the UI. It was silly to mess with the interface — who cared about that part, right? This was an enterprise API endeavor, not a goddam web app.

Of course there were UI designers, and they were pissed off, but they didn’t live with the machine and their concerns were not particularly compelling. Frank and his underlings complained intermittently about clients’ reactions to broken buttons and such, but none of the database folks worried. Frontend could sort it out. (And they did, though it was no small effort.)

The database team did worry about what had happened to Sam. In the kitchen, making tea, Flora said to Gene and Melanie, “The malware had to come from the inside, right? One of us. It could be you two! I don’t fucking know!” She was holding a mug of tea and biting her lip and staring at her fingers as they clenched around the ceramic handle. Flora had done the original forensic trace of Sam’s last actions and cried furiously when she couldn’t find enough information to explain anything.

Of course, despite Flora’s outburst, the culprit was not Gene or Melanie. And it wasn’t the computer either — as I said, this machine wasn’t sentient.


Followup dispatch here: “Whence Came the Intruder?”

Slow Down & Don’t Confiscate My Graphical User Interface

Exploratory bot. Photo by Takuya Oikawa.

Exploratory bot. Photo by Takuya Oikawa.

Here’s a fun headline from The Register: “‘Devastating’ bug pops secure doors at airports, hospitals”. I’m sure we’ve all read similar reports before! Enjoy this snippet of the story, for flavor…

“Criminals could waltz into secure zones in airports and government facilities by hacking and jamming open doors from remote computers over the Internet, DVLabs researcher Ricky Lawshae says. […] Lawshae says the attacks, which can open every door in a building, are possible because of a command injection vulnerability in a LED blinking lights service.”

Wait, what? Why is an “LED blinking lights service” hackable? Allow me to note, very unoriginally, that the Internet of Things is dumb. Not every tool or appliance needs to have wifi access jammed into its design specs. The much-mocked “smart juice” startup is the pinnacle of this awful trend.

can u not chloe

I have similar feelings about the bot services craze. People seem to be jumping on this technology without stopping to ponder how it might turn out. When your next venture capital round depends on glossing over potential problems, it’s easy to assume that the impact of your harebrained scheme will be beneficial.

“Conversational commerce” isn’t quite as problematic as the Internet of Things, because it doesn’t pose a security threat (at least not off the top of my head). But people are still building things without considering whether their chosen medium fits the stated purpose of the tool. The last thing I want from an app is a replica of the phone call, this time rendered in text.

I demand clickable buttons! Give me a GUI or give me death! On the other hand, maybe I’m a dirty Luddite. Perhaps I should resign myself to relearning how to interact with computers every couple of years. I’m not against experimentation — what futurist could be? — but my mood is decidedly curmudgeonly tonight. Also, fuck Snapchat.

Excrement Online: The Perilous Connected Home

Mike Dank (Famicoman) wrote an article for Node about the Internet of Things. Here are few interesting tidbits:

“We have these devices that we never consider to be a potential threat to us, but they are just as vulnerable as any other entity on the web. […] Can you imagine a drone flying around, delivering malware to other drones? Maybe the future of botnets is an actual network of infected flying robots. […] Is it only a matter of time before we see modifications and hacks that can cause these machine to feel? Will our computers hallucinate and spout junk? Maybe my coffee maker will only brew half a pot before it decides to no longer be subservient in my morning ritual.”

I think we’re a long way from coffeemakers with emergent minds, and my guess is that machine intelligence will be induced before it starts appearing randomly. But I like the idea of a mischievous hacker giving “life” to someone’s household appliances. Of course, connected devices can wreak havoc unintentionally, like when people’s Nest thermostats glitched (the incident written up in The New York Times wasn’t the only one). The clever Twitter account Internet of Shit provides a helpful stream of additional examples.

Artwork by Tumitu Design.

Artwork by Tumitu Design.

I’m not worried about someone cracking my doorknob’s software or meddling with my refrigerator settings, because I’m insignificant and there’s no reason why a hacker would target me. (Not saying that it couldn’t happen, just that it’s not likely enough to fret about. Especially since I don’t actually have any connected thingamajigs… yet.) Most regular folks are like me. However, I think keeping the Internet of Things secure is crucial, for a couple of reasons:

  1. Physical safety is absolutely key. Data-based privacy invasions can jeopardize your employment, but they’re unlikely to outright kill you or your family. Someone who is immunocompromised or frail (think people who are very sick, very old, or very young) can be seriously harmed by unexpected low temperatures or spoiled meat from a faulty fridge.
  2. In order to feel safe, people need to be able to reliably control their environment. When we go out into the world, events are unpredictable and we can’t be at ease. Home is supposed to be the opposite — it’s your own domain, and you feel comfortable because everything is how you like it. I know that I’d feel uneasy if the Roomba suddenly barged into my bedroom and tried to eat my feet.

Cybersecurity Tradeoffs & Risks

Kevin Roose hired a couple of high-end hackers to penetration-test his personal cybersecurity setup. It did not go well, unless you count “realizing that you’re incredibly vulnerable” as “well”. In his write-up of the exercise, Roose mused:

“The scariest thing about social engineering is that it can happen to literally anyone, no matter how cautious or secure they are. After all, I hadn’t messed up — my phone company had. But the interconnected nature of digital security means that all of us are vulnerable, if the companies that safeguard our data fall down on the job. It doesn’t matter how strong your passwords are if your cable provider or your utility company is willing to give your information out over the phone to a stranger.”

There is a genuine tradeoff between safety and convenience when it comes to customer service. Big companies typically err on the side of convenience. That’s why Amazon got in trouble back in January. Most support requests are legitimate, so companies practice lax security and let the malicious needles in the haystack slip through their fingers (to mix metaphors egregiously). If a business like Amazon enacts rigorous security protocols and makes employees stick to them, the average user with a real question is annoyed. Millions of average users’ mild discomfort outweighs a handful of catastrophes.

Artwork by Michael Mandiberg.

Artwork by Michael Mandiberg.

In semi-related commentary, Linux security developer Matthew Garrett said on Twitter (regarding the Apple-versus-FBI tussle):

“The assumption must always be that if it’s technically possible for a company to be compelled to betray you, it’ll happen. No matter how trustworthy the company [seems] at present. No matter how good their PR. If the law ever changes, they’ll leak your secrets. It’s important that we fight for laws that respect privacy, and it’s important that we design hardware on the assumption we won’t always win”

Although Garrett is commenting on a different issue within a different context, I think these two events are linked. The basic idea is that when you trust third parties to protect your privacy (including medical data and financial access), you should resign yourself to being pwned eventually. Perhaps with the sanction of your government.

The Surveillance Paradigm

According to her website, “Addie Wagenknecht is an American artist based in Austria, whose work explores the tension between expression and technology. She seeks to blend conceptual work with traditional forms of hacking and sculpture.” She succeeds in this endeavor. I asked Addie some questions about her artistic philosophy.

Artwork by Addie Wagenknecht.

Artwork by Addie Wagenknecht.

Exolymph: Much of your body of work deals with surveillance, but I would go farther and say that you deal with the power differentials highlighted by acts of witnessing. Do you agree with that, or is it pseudo-intellectual bullshit? Either way, how do you feel about being watched?

Wagenknecht: Yes, I agree with that statement entirely.

Regarding being seen, being watched, there is a trauma to not being seen, as much as one exists for those being watched. Who is allowed in to the public sphere? Who is allowed to be visible? I have been reading a lot of research and papers on the implications of race/sex/religion within the canon of surveillance, as these factors serve as both a discursive and material practice of sociopolitical norms. Crypto is an inherently elitist technology; it is simply not available to people who are not highly fluent in their hardware and software bases. The more people outside of the hacker scene I teach these tools to, the more I believe how insanely secretive and elitist these so-called open protocols are.

Here is the thing: “public” has a reliance on the notion of a binary between private and public, visible and invisible space. This implies that we have spaces which are not part of this surveillance paradigm, but with the nature of smartphones being on everyone, everywhere, I am no longer convinced that this binary exists. “The personal is political” can also be read as saying, “The private is political.” Because everything we do in private is political: who we have sex with, what we eat, who does the cleaning, and so on…

Exolymph: How do you see your work evolving over time? What new themes interest you now?

Wagenknecht: I’d like to do more collaborative longer-term projects. I’ve started working with Peter Sunde on some small works which I hope we can release in the coming months, and also Quayola on interpretation of code as a visual entity.

My research in the last two months has been primarily about living in entirely man-made environments and the Internet of Things. The genesis of matter, the history of the earth, and how they are being reinterpreted as a form of speculated geology by the human race and the machines which we version-control that control us. I am also researching mineral composites, which would otherwise not be found in nature, to challenge definitions of “real”. I’m looking at how to play homage to the Western valuation of hyper-optimization by maximizing the believed properties of various specimens.

Exolymph: In general, what draws you to conceptual art? Why sculpture in particular? It’s interesting that you address digital realities in corporeal forms.

Wagenknecht: As artists, our role is to take complex ideas and encapsulate them in a way that society can parse. I want to subvert systems and objects in ways which people can hopefully better understand and reflect on why we need them at all.

Exolymph: What are you interested in building that you haven’t had a chance to do yet? What if you had unlimited resources?

Wagenknecht: I’d do more physical works that rely on fabricating with robotics and robotic arms, large-scale pieces, in materials like stone and metals. I also have some large-scale installations that I’ve been wanting to do forever and I’d get that list of works complete.

Exolymph: What have you downloaded that did get you in trouble? [I was referencing a piece that involves the sentence “I will not download things that get me in trouble” scrawled repeatedly across a wall.]

Wagenknecht: Ha! I’d prefer not to answer that.


Ways to get in touch with Addie Wagenknecht, as well as more examples of her artwork, are listed on her website.

© 2017 Exolymph. All rights reserved.

Theme by Anders Norén.