We begin to play as children as a way of making sense of the world around us – of learning how it works. We use play as a means of interacting with others and building social awareness. As we become older and our systems of choice become more refined, our play becomes more subtle and complex. Our objectives change throughout our lives – we play to entertain ourselves, for the purpose of challenge and reward, to bring us closer to others, or to pit our skills against theirs.
Play is a type of essential social catalyst.
Playing by the rules
The nature of our play is defined by the game we choose, and the rules that form the boundaries within which specific actions can be performed. Take tennis, for example – as a player, your actions at any given time during a match are limited by the framework of the game and the circumstances of the moment, but the possibilities when two people face one another across the net are endless.
The internet has brought billions of people together to play, and many of the games we indulge in are built to enable community growth. These range from the casual yet record-breakingly popular Farmville, which uses a social network as a platform, to the far deeper, more intricately designed and consuming experiences offered by massively multiplayer online RPGs (MMOs).
These offer a social, co-operative (and often competitive) environment in which people meet, form lasting associations and play together.
Formalised groups of players – or guilds – aren't a new concept in MMOs. Guilds differ somewhat from the traditional clans of online gaming, in that the MMO itself contains tools specially designed to help players socialise and organise their activities.
In World of Warcraft there are currently 11.5 million players, making it the world's most heavily subscribed MMO. It's a vast, sprawling world of myriad challenges, and often the only way to conquer the game's content is to do so as a group.
We spoke with Greg Street, aka Ghostcrawler, lead systems designer on World of Warcraft, to find out Blizzard Entertainment's philosophy on the social aspects of World of Warcraft. Greg came to the company as a keen MMO gamer, and one who particularly enjoyed the social aspect:
"I remember my first experiences with WoW. I always wanted to check in to see what my friends were doing – it was like not wanting to miss the party. I didn't want to hear the next day about the awesome thing they'd done the night before!"
This was Greg's first taste of being in a guild. At its most basic level, a guild is a group of players who have banded together for a common cause. When a player creates a guild, he or she names it and has the option to create a guild tabard with a specific design embroidered onto it. As new members are recruited, they can purchase and don this tabard to outwardly display their allegiance to other players in the world.
The guild may be formed under a specific philosophy – as a social gathering, for example, where people's only objective is to have fun playing together, or as a more serious endeavour, where experienced players join arms to tackle the game's toughest and most demanding content.
The guild also gets its own chat channel for socialising, reinforcing relationships and organising activities, as well as an in-game bank account where money, armour, weapons, crafting materials and any other in-game items can be stored for the members' communal use.
Sharing skills
Likewise, guilds can be places to access the trade-skills of others, which you may not possess yourself. You may, for example, be a skilled alchemist or a dab-hand at making healing potions, but you've got your heart set on a specific piece of armour that can only be made by a master blacksmith. This kind of trade becomes much easier – and cheaper – when mates' rates are involved.
"WoW is ultimately a social game," continues Greg. "It can be played solo, but at the end of the day we created it as a social game, and we kind of intended for players to play with other players. We think the experience is a lot better when you do that. Someone might level-up alone to the top level and think, 'Well, I'm done,' but if they have the social network there, then they're liable to keep coming back and stick with it".
There are also certain activities in World of Warcraft that can only be completed by a team of players working together. For example, certain dungeons or instances can only be entered by a specific number of people. If you have fewer than, say, five, 10 or 25 people grouped together (such requirements being a general mark of the challenge's difficulty level) you'll be unable to enter the dungeon to fight the creatures inside and claim the rare weapons and armour they may relinquish. This makes guild-formation a natural step for players who want to tackle that unique content in search of a tangible reward.
Alongside the social aspect, a guild is therefore a place for players to share intelligence, talk tactics and plot attacks. Experienced players are always sought after, because their knowledge of these instances and their workings can mean the difference between success and failure when the swords clash and the spells fly.
As in any form of social gathering, people will be people and conflicts can occur. Cliques can form within guilds around differences of opinion and in some cases serious divisions can occur.
Depending on the nature of these disagreements – and, most importantly, if it's ruining the experience for people – Blizzard may step in to adjudicate, as Greg explains.
Dealing with disputes "The internal political squabbles that happen within guilds – that's the kind of thing we try not to get involved in. We try to stay out of it unless there's a clear request from both parties for us to take a specific action. Generally, there's just a disagreement about who said what, and if we can't find anything documented in the chat logs, we try to let the guild handle the dispute themselves."
And in more serious cases? "Where we're trying to be more active is in compromised accounts for example, or in situations where some evil villain has raided the guild bank – stuff like that. With certain guilds who have a lot of items and money stockpiled, they can be very juicy targets, so we're trying to step up things at our end with some more tools to handle that when it happens".
Guild activities can also provide essential feedback for the game's designers. While a great deal of testing goes on before new content is released, the way in which that content is implemented isn't set in stone until the player-base gets to grips with it. "We track guild activities quite a bit", says Greg.
"We like to see what's going on, because it helps us decide whether raid encounters are too challenging based on the frequency of kills, and how many people are doing it. And there are a lot of third-party sites that players use as scoreboards to see where they are in relation to other players. That's the sort of thing that we'd like to formalise on our side – to have some kind of leaderboard in the future."
Likewise, group experience contributes to the ongoing development of the game in a number of other ways. When you have up to 200 serious, raid-focused members in a tiered and structured group, it's a very different prospect to five pals knocking about for fun.
"In Cataclysm (the WoW expansion), we have a lot more guild-orientated content that's designed to give players more control. For starters, we'll have news boards, where players can log into the game, check the guild news and see what their guild has been up to."
Blizzard is adding benefits to the guild system that go beyond the ability to access areas of the game. Guild iconography will soon be applicable to different armour items and even mounts. There will also be benefits to being in a successful guild that go beyond visuals. "We're working on the concept of advancing guilds, so you can earn experience for your guild and unlock new content.
"There are two categories of rewards, the first of which we call perks. These are convenience features. We don't want to turn them into pure player power – things like increased gold generated from loot drops. Right at the top of the Christmas tree is Mass Resurrection, which you can use if everybody dies on a raid and carry on the fight from there. These are things that make you feel: 'I'm more powerful for playing with my friends'. The other category of rewards are items – heirlooms, trinkets, unique guild mounts and so forth."
Strength in numbers
All of which adds an extra layer of social glue to the game, and gives more reasons for those who play together to stay together. Which in turn creates stronger, longer-term relationships – and, ultimately, friendships.
It's fascinating to plot the feedback loop of development. In its first stages, the developer creates a social framework, well-equipped with the tools of communication, and a game-world with systems that encourage group activities. As players expand to fill the world and push its boundaries, new needs become apparent from their activities and opinions.
At this point, the developer starts reshaping the game around the players' needs and desires. The ecosystem evolves, and becomes a more social experience. In a sense, players are beginning to define the experience, or at least, how the experience works for them, in a very organic way.
 |  |
Read More ...
Tutorial: OS X networking explained
Networks can be complex. They're a lot better than they used to be, but they're still the most complicated part of your Mac. When you send a document to a networked printer, it's handed down from one protocol to another, broken into chunks, each with their own addressing scheme, until eventually it's transmitted as radio signals to represent those bits and bytes. As your print job flies through the air, it encounters interference and cross-talk from mobile phones, microwaves and power tools.
Your Wi-Fi access point plucks this signal from the air and reassembles the scrambled mess. Small errors are corrected, large errors are replaced with valid data, patiently re-sent. Your router reads the address on each packet and chooses the best way to pass it to its destination.
At the printer, the packets of data are placed in the correct order, the envelopes are opened and the wrappers discarded. As your document is finally translated from electricity to ink, the printer sends you a confirmation message that this miraculous endeavour has succeeded. And to get to you, that message makes the same incredible journey back through the protocol layers and across the airwaves to reach your Mac. At least, that's what you hope happens.
With so many different steps, it's no wonder that things sometimes go wrong. Network problems can feel daunting, with intermittent faults and error messages. But we're going to put a stop to all that. With our guide, we'll show you how your network is put together and where the choke points are. We'll cover how to set up a new network and why some networks are more error-prone than others. We'll tell you what kit to buy and what to avoid.
Despite all this, your network may still sometimes break. Long after death and taxes have both been abolished, network problems will remain. Home networking is a rough neighbourhood and you're always going to get shot at. But armed with the next few pages, you'll be able to roll for cover and return fire.
Networking basics
When you get broadband, your internet service provider (ISP) normally supplies you with a broadband modem. This, plus your Mac, is the simplest network you can have, and for lots of people it's all the network they need.
If you have ADSL broadband – the most common kind – it's delivered to your house through the phone line. At the phone socket, you plug in a filter that splits the frequency range, so that the lower 4KHz is used by voice phone calls and the rest is sent to the modem. The modem takes the analogue electrical signal from the phone line and extracts the digital data stream encoded within it.
This data takes the form of network 'packets' that are wrapped up using an addressing protocol called TCP/IP. (This is a fairly meaningless acronym, so don't bother trying to remember what it stands for.) Each TCP/IP packet contains a small piece of a website, or a graphic, or a downloaded file, or whatever is being sent from the internet. And every packet has a number, called an IP address, which identifies which computer or device it's intended for.
Your broadband modem has an IP address assigned to it by your ISP and, if you have a modem that plugs into a USB port on your Mac, then this IP address is available exclusively for the use of that Mac.
But if you want to connect more than one computer through the same broadband connection, you need a router – if you're not sure where yours is, that's because most modern broadband modems have a router built-in. If your modem has sockets for Ethernet cables, then it is actually a modem/router.
Router vs modem
The router is like a telephone exchange; it assigns separate IP addresses to all the computers connected to it and acts as a single point of contact for the wider network beyond it. When an incoming TCP/IP packet arrives from the internet, the router opens it and re-addresses it using the local IP addresses of your home network. This process is called Network Address Translation, or NAT.
As well as enabling your broadband connection to be shared among many computers, NAT provides a measure of security from hackers, as the IP address of your Mac is never exposed to the wider internet. Only the router uses the external IP address provided by your ISP.
This anti-hacking function is called a firewall. By itself, NAT already does quite a good job, but almost all routers nowadays have much more sophisticated hardware firewalls that actively block probing attacks and make it hard for a hacker to tell that you're actually connected to the internet at all.
Going wireless
A broadband/router with a Mac connected via an Ethernet cable is the simplest configuration. But your phone socket doesn't generally come into the house right next to the Mac and most of us would rather not have to start tacking Ethernet cable around the skirting board. The solution is wireless networking, also called Wi-Fi or AirPort.
A Wi-Fi connection is provided using a wireless access point and, again, most broadband modems include this in the same device. Instead of converting the TCP/IP packet into an electrical signal to transmit it along an Ethernet cable, a wireless access point broadcasts it as a radio signal. This is received by the Wi-Fi antenna in your Mac.
There are several international standards for Wi-Fi devices. They are cryptically labelled as 802.11a, 802.11b and so on, but they are usually just referred to by the last letter – as 'wireless b', for example. The most widely used systems are b, g and n. The later letters are faster, or more reliable, or both, but they are backwards-compatible with earlier Wi-Fi standards.
Generally, the slowest point in your network is your broadband connection, so unless you do a lot of transfers between devices on your network (to and from a networked disk, for example) it's a non-issue.
If you want to print across your network, you can always connect the printer to one of your computers and share it from there. But this only works when that computer is running. Some printers are network-aware and can be connected to your router directly. Otherwise, you can use a print server.
Your printer is served
This device connects to your router with a wired or wireless connection and lets you plug in one or more printers. It keeps its own queue of print jobs and makes sure they go to the right printer.
Apple's own-brand network devices are the AirPort Extreme Base Station, the Airport Express and the Time Capsule. An AirPort Extreme is a router with a wireless access point built-in. This is the same as the Wi-Fi router/modem from your ISP, except that it doesn't have the modem part.
There are still some reasons why you might want to add an AirPort Extreme though. It has a USB port that you can use to add an external hard disk or a printer (or both if you use a USB hub); these will then be accessible across the network, from your Mac.
The AirPort Express is a cut-down version of the Extreme. It only supports 10 simultaneous wireless devices instead of 50, and only one wired connection instead of three. The USB port on the Express can only be used to network a printer, not a hard disk, but it does include a stereo speaker jack that you can use to connect speakers or an amplifier and stream your music wirelessly from your iTunes library on your Mac.
Time Capsule is an AirPort Extreme with a hard disk actually built-in. You can use the disk for overflow storage or you can allocate it for use with Time Machine backups. You can also do this with a USB drive plugged into an Airport Extreme, but it's a setup that isn't officially supported by Apple, and using a Time Capsule is a little tidier.
When a network problem strikes, it isn't always immediately obvious. It's rare to get a clear message on the screen and it's easy to imagine that your Facebook app has simply crashed or a website is temporarily offline.
A good first check is to open a new window in Safari and try pointing at www.google.com. The web requires the least complicated protocols of any of the services that run over the internet, and Google has a nice fast web page that is always up.
The front page itself could be loading from Safari's internal cache, of course, so test your live connection to the internet by typing something random into the search box to force it to query the server. If you get a page of results, then you have an internet connection, at least.
If you get a progress bar that goes nowhere, followed by a 'Safari can't find the server' page, you've got problems.
If you have a wireless connection to your broadband router, cast a glance up at the menu bar on your Mac. The 'stripy slice of pie' icon on the right-hand side should be black. If it's greyed out, right-click it and see if you're connected to the right network.
Sometimes you'll see your Wi-Fi network listed in the 'available' section, but it won't have a tick against it to show that it's selected. This is because the network briefly disappeared from the radar and OS X hasn't automatically reconnected when it came back up. Just click it on the list to reconnect.
If your Wi-Fi link looks okay but you still have no internet connection, it's time to take a look at the router. Broadband modem/routers are little computers running an embedded operating system and they can crash just like any other computer.
If none of the lights on the front are flickering – either because they are all stuck on or they are all switched off – turn the modem off at the wall. Actually, do this even if your modem lights look normal – different modems use different light sequences to indicate problems and rebooting the modem is an easy and quick way to rule out a crash.
Light show
When your modem starts up it will begin with a power-on self-test, which is normally indicated by the power light flashing steadily. After about five seconds of this, the power light will change to steady. Next to light up will be the LAN lights for any wired Ethernet connections that are active, closely followed by the WLAN light, which should start blinking away.
After that there will be a pause as your modem logs in to your ISP and then the light labelled 'broadband', 'ADSL' or just 'DSL' will come on. After that, there should be another pause before the internet light comes on to indicate that the router has been allocated an external IP address from the ISP. If all the lights come on in more or less this sequence, then you can be confident that the broadband modem is working fine.
If any of the lights are yellow or red, or if the broadband or internet lights don't come on at all, then it could be that your modem is damaged. This can happen if the modem isn't ventilated and has overheated, or if the phone lines near your house are struck by lightning, sending a power surge to the modem. (This is why it's a good idea to disconnect the phone line from the modem if you have a big thunderstorm nearby.)
Alternatively, your ISP may be having technical problems at your exchange. Try calling their support hotline to check this.
Simplify, simplify
Assuming that the modem restarts correctly but your network problems remain, the next step is to take as much complexity out of your network as you can. This will help you identify which link in the chain is failing.
Does your iPod touch or iPad still connect through Wi-Fi? If so, it's a sign that the problem lies with your Mac. If none of them can connect, try a wired connection. There are lots of things that can cause Wi-Fi networks to suddenly break, but most of them boil down to either incompatibility with another network device or problems with wireless security.
If you have recently changed broadband provider your wireless security key will have changed, but the new modem/router might also be using a different wireless security protocol. Some older network devices and computers have problems with the newer WPA2 protocol. Try temporarily turning security off and see if that makes a difference.
It's possible you might need to fall back to the older WEP protocol. This is less secure than WPA or WPA2, but it's still better than nothing. Wireless security is only to protect yourself from hackers within physical wireless range of your network, so depending on your neighbours you might not really need more than WEP.
Every device on your network must have a unique IP address. These take the form 192.168.1.n, where n is a number between 0 and 255. When you install a device, you can either choose a number for it yourself or you can let the router allocate one automatically, using a service called DHCP.
Using DHCP for all devices is usually the easiest option, but some devices don't support it or behave oddly with it. If you assign static IP addresses to some of your network devices, make sure that you restrict the address range that the DHCP server on your router can use, and assign static IP addresses that do not lie in this range.
| |
Read More ...
In Depth: How to get secret service grade security
You could be forgiven for thinking that spying is all about midnight parachute drops, Aston Martins and vodka martinis – shaken, not stirred. However, when you strip away all the fiction, spying can be reduced to one word: information. Espionage is all about acquiring information, keeping it safe and transferring it securely. This makes spies and spying a valuable learning ground for anybody who takes PC and internet security seriously.
In this age of high-speed broadband and information overload, you might expect setting up a secure communications channel to be easy. You'd be wrong. Just look at the Russian agents – coyly dubbed 'illegals' by the FBI – who were unmasked in America this summer.
They all had rock-solid cover stories, wads of cash at their disposal and access to cutting-edge spy technology, yet they were unable to keep their messages safe from American counter-espionage teams. We can all become safer surfers by understanding the techniques and, more importantly, the errors made by real life spies.
Ciphers, for example, have been the mainstay of espionage for centuries. A cipher makes information useless unless you know how it works.
When in Rome
Julius Caesar is often cited as the first to use a mathematically-based system of obfuscation. His cipher system was simple: each letter in the alphabet was shifted forward a fixed number of places. A Caesar shift of three would turn 'A' into 'D' and 'PC Plus magazine' into 'SF SOXV PDJDCLQH'.
Even in Caesar's day, such a cipher probably wouldn't fox many people for long. Such shifts can now be solved in the blink of an eye, but that doesn't mean ciphers should be discounted. Indeed, modern ciphers have evolved to a point where they would take so long to solve that it's not practical to break them.
Practically speaking, we should all use ciphers to encrypt sensitive data. A good choice for field agents is the free, open source TrueCrypt for Windows and Linux machines. This package uses some of the strongest freely available encryption algorithms, such as AES-256, the 448-bit Blowfish, CAST5 and Triple DES.
To give you an idea of its resilience, hard drives protected by TrueCrypt and belonging to jailed Brazilian banker Daniel Dantas were handed to the FBI for decryption in 2009. After four months of subjecting the software to intense attacks, the FBI gave up and returned the drives.
TrueCrypt isn't just useful for creating a virtual encrypted disc on your computer; it can also protect portable drives. This makes it ideal for 'brush passes' – a way of quickly handing over information as one spy walks past another in a public place. The process used to involve microfilm, but now a high-capacity USB key is the preferred medium – possibly why the FBI also calls brush passes 'flash meetings'.
A TrueCrypt USB drive has several layers of security. When set up properly, a TrueCrypt partition appears to consist of random data. Even if someone forces you to reveal the password (damn Jack Bauer and his rusty pliers!), you can create a partition to include a further hidden volume, or even an entire hidden operating system, containing sensitive information.
Take care when encrypting your files though, warns Steven Bellovin, Professor of Computer Science at Columbia University in New York. "Commercial cryptography software is so difficult to use that even experts find it challenging," he says. "Even really sophisticated people can get some subtle things wrong, and newcomers are likely to get a lot more wrong." Such as leaving the password for your encryption system written on a piece of paper at home for the FBI to discover, as demonstrated by clumsy illegal Richard Murphy.
Wireless networks
Even brief physical interaction has risks. If either spy is under surveillance, they risk exposing more of their network. A 21st century twist on the brush pass, then, is the wireless flash meet.
In New York, Anna Chapman, one of the Russian illegals, would hang out at a cafe or book shop with a laptop and create an ad-hoc Wi-Fi network: a private hotspot that requires neither a router nor an internet connection. A Russian government official carrying a smartphone would then approach the vicinity, join the network and exchange data as zip files. The spy handler never entered the building, and once completed the meeting while driving past in a minivan.
Wireless networks have their own problems, though. All wireless devices have a unique registration number, or Media Access Control (MAC) address, which is broadcast during a Wi-Fi data transfer. In the case of Anna Chapman, US law enforcement agents were able to divine her laptop's MAC address. This enabled them draw up a charge sheet showing that she'd visited certain places and joined ad-hoc networks, and sniff packets sent from her laptop in busy public network areas such as coffee shops.
If you're paranoid, you could change your network adaptor's MAC address. The 12-digit hexadecimal code is sometimes stored in an EPROM, which can be altered. Poke around the internet and you'll also find programs that enable you to spoof MAC addresses.
What can we learn from all this? Never, under any circumstances, send anything of importance over a public network. There are too many points of failure: the passage of data between your laptop and the network's access point, the access point itself, and the traffic between the access point and the internet.
So Wi-Fi is iffy – what about the phone? Sadly, no self-respecting spy should consider it. In the UK, the Regulation of Investigatory Power Act (RIPA) and the Data Retention Directive force phone companies to keep records of calls and texts for a year, and give wire-tapping rights to dozens of government departments.
In the US, the Windows-based DCS-5000 system combines point-and-click monitoring of voice calls with location-tracking via mobile phone towers, plus DVR-like recording and playback. It can be set up to eavesdrop and track any landline or mobile phone in the country within seconds.
Don't think you can rely on new smartphone security apps, either. Philip Zimmermann is a computer security guru and the creator of PGP (Pretty Good Privacy), the world's most widely used email encryption algorithm. He says, "Mobile phone encryption only works up until the point where it hands over to the voice network. At some point, there's a gateway between the data and voice parts of the phone network, where a wiretap becomes possible."
Using voice over IP (VoIP) services may be more secure, but Stephen Bellovin says it depends on which service you use: "A lot of VoIP products don't encrypt, even though it's in the [widely used] SIP standard. However, Skype uses very strong cryptography and the best thing is that people don't have to worry about it – it just works."
Zimmermann is more sceptical. "Skype encrypts, but we don't know how, so it's hard to evaluate the quality of the encryption," he told PC Plus. "I don't hear a lot of complaints from governments about their citizens using Skype. The oppressive governments around the world seem fairly happy with it." Which is as good a reason as any for spies to avoid it.
Zimmerman has his own solution: an open source voice and video encryption protocol called Zfone that works with SIP VoIP systems such as Google Talk and Apple iChat. When Zfone is running on two computers, they negotiate a strong encryption key in a peer-to-peer fashion. This means there are no public keys, certificate authorities or trust models. When the call ends, the key is destroyed. A new version of the (free) Zfone software will be released shortly.
Digital forest
Secure phone calls can be handy for arranging to meet 'the swift hawk by the silent pond at midnight' (pre-arranged pass-phrases help confirm who you're talking to), but they're less useful for passing on gigabytes of data. And if you're venturing into the digital world, the smart spy knows that the best place to hide a tree is in a forest.
Every day, three billion email accounts send and receive over 300 billion messages. Surprisingly, email is fairly secure according to Philip Zimmermann. "Even if you don't encrypt your mail, your mail server might encrypt it when it sends it to another mail server. The two servers can have an SSL (secure socket layer) connection between them – the same protocol your bank uses to communicate with your web browser."
You'll want to bump up security, perhaps with Zimmermann's own PGP, although this can be tricky to use. Hushmail removes the hassle, enabling you to send private emails via SSL to other Hushmail users – or even to normal email addresses using a question and answer combination.
"The best public scientific knowledge suggests that it would be impossible to decrypt our emails with current technology," explains Ben Cutler, CEO of Hush Communications. "However, it's likely that Hushmail messages have been intercepted by other means. For example, a customer doing human rights work in Eastern Europe reported certificate warnings when accessing our website. We determined that someone was trying to eavesdrop on the connection between his computer and Hushmail by proxying his computer's network traffic. Fortunately, he heeded the warning and avoided the attempt."
Of equal concern to secret agents should be Hushmail's willingness to deal with law enforcement. Hushmail has been forced on several occasions to hand over plain-text copies of emails, including those of US National Security Agency (NSA) whistleblower Thomas Drake. Ironically, Drake was intending to show reporters details of two failed NSA programmes, code-named Trail Blazer and Thin Thread, designed to check billions of phone calls, emails and chats for potential espionage and terrorist threats.
Another problem with encrypted emails is that they stick out like sore thumbs amid the sea of spam, automated messages and Facebook updates that comprise most email traffic. Professor Bellovin sums it up:
"If the FBI or MI6 see encrypted messages going from the US or the UK to known addresses in Moscow, they'll get suspicious and start investigating."
Hiding in plain sight
What a shy spy needs is a way of communicating with handlers without it even looking as though a message is being sent. And here's where things get really interesting, because the Russian illegals in America were all supplied with custom steganography software.
Steganography is the art of hiding not just the content of a message, but the existence of a message itself. The Russian software enabled the agents to insert a hidden file into an innocuous-looking image, such as a photo of Anna Chapman in a bikini. That image could then be attached to a normal, unencrypted email or even posted on a website for the world to see. Only its intended recipient would be able to extract and decrypt its payload.
However, image steganography has its limitations. Steganographic communication only works as long as no one suspects its existence, and sending a large batch of stolen documents could mean a conspicuous series of photos flying back and forth to Moscow.
Forward-thinking spies should consider network steganography, where secret data is concealed in the ebb and flow of data online.
Elzbieta Zielinska is a researcher in the Network Security Group at the Warsaw University of Technology. Her team has succeeded in using VoIP services to hide a stream of steganographic secrets. "We've tested it and proved it to work," says Zielinska. "You can modify the delays between packets so that certain packets are dropped at the receiver. This might escape the attention of the people talking, but those dropped packets can carry just about anything."
The Warsaw researchers have found ways to inject steganographic information into everyday web traffic, potentially turning Flickr and Facebook into ultra-secure data channels. They even have a system called HICCUPs (Hidden Communication System for Corrupted Networks) that can embed concealed files in Wi-Fi networks by modifying wireless packets' check sum data.
Underground video
Surely tinkering with individual packets results in glacially slow bit-rates? Not so, says Zielinska. "We came up with the idea of using steganography at the physical layer of an Ethernet network, where packets are often padded out with zeroes," she says. "Introducing network steganography here gives data rates sufficient for a decent quality MPEG-4 video stream. There are no limitations." If only that were true.
The truth is that all 'secure' communications systems have one major limitation: you and your fellow secret agents. Any encryption technology is only ever as strong as its weakest user.
As Steven Bellovin says, "You don't go through strong cryptography – you go around it. If I want to read someone's email, I'm not going to try to break strong cryptography, I'm going to hack into their desktop and wait until they decrypt it."
Cutler admits that Hushmail users are rarely as reliable as his algorithms. "We've had people getting their passphrases stolen by Trojan horse programs, installed by users who are unaware of what they are or by computer viruses," he says.
Philip Zimmerman agrees. "Once a computer is compromised, all bets are off," he says. "Spyware can capture keystrokes while you type your pass-phrase or decrypt your key and send it to the mother ship. As long as you're using general purpose computers that can be used to download games, open attachments and visit porn sites, you're going to have this problem."
There's only one thing for it. Spies like us – and the hapless Russian illegals – are just going to have to disconnect from the grid, unplug our computers, break out the invisible ink and start studying cipher books. The condor will see you at the queen's castle.
| |
Read More ...
No comments:
Post a Comment