2013/11/14

The Armistice Centenary, War, and who we are.

I recently read that David Cameron said that he wanted to see a 100th Armistice commemoration "that, like the Diamond Jubilee celebrations, says something about who we are as a people".

Armistice was signed on Nov 11 1918, but the British blockade of German ports was only lifted in March 1919. The blockade killed some 800,000 Germans, mostly in the end phase, and the majority civilians. The blockade was used to impose the 'war guilt' reparations of the Versailles treaty which arguably led to WW2.
"The hundreds of thousands of noncombatants who have perished since November 11 because of the blockade were destroyed coolly and deliberately, after our opponents had won a certain and assured victory. Think of that, when you speak of guilt and atonement."

 - a senior German delegate at Versailles.
One of the reasons that the blockade took so long to stop was that the British civil service thought it was an elegant system:
"The Blockade had become by that time a very perfect instrument. It had taken four years to create and was Whitehall's finest achievement; it had evoked the qualities of the English at their subtlest. Its authors had grown to love it for its own sake; it included some recent improvements, which would be wasted if it came to and end; it was very complicated, and a vast organisation had established a vested interest."

 - John M. Keynes, "Two Memoirs"

"I have watched fighters in El Salvador, Nicaragua, Guatemala, the Sudan, the Punjab, Iraq, Bosnia and Kosova enter villages, tense, exhausted, wary of ambushes, with the fear and tension that comes from combat, and begin to shoot at random. Flames soon lick up from the houses. Discipline, if there was any, disintegrates. Items are looted, civilians are battered with rifle butts, units fall apart, and the violence directed at unarmed men, women and children grows as it feeds upon itself. The eyes if the soldiers who carry this orgy of death are crazed...

"As long as we think abstractly, as long as we find in patriotism and the exuberance of war our fulfillment, we will never understand those who do battle against us, or how we are perceived by them, or finally those who do battle for us and how we should respond to it all. We will never discover who we are. We will fail to confront the capacity we all have for violence. And we will court our own extermination. By accepting the facile cliché that the battle underway against terrorism is a battle against evil, by easily branding those who fight us as the barbarians, we, like them, refuse to acknowledge our own culpability. We ignore real injustices that have led many of those arrayed  against us to their rage and despair."

 - "War is a force that gives us meaning" by Chris Hedges
"Aim ... to defend the Enlightenment hope of a world that is more peaceful and more human, the hope that by understanding more about ourselves we can do something to create a world with less misery. I have qualified optimism that this hope is well founded. There are more things, darker things to understand about ourselves ... We need to look hard and clearly at some monsters inside us. But this is part of the project of caging and taming them."

 - "Humanity" by Jonathan Glover (also the source of the blockade info)
If the 100th anniversary of Armistice next year is to mean anything, it should be this. Say something about who we are as a people, by all means, but please, be honest.

2013/10/16

Bitcoin as a law enforcement/natsec honeypot: what is the evidence?

Paranoia appears to be the order of the day, given what we know about the NSA and GCHQ thanks to Edward Snowden. Absent from the stories so far is any mention of Bitcoin. I find this odd - Bitcoin is the most cypherpunky of all crypto technologies, after all.

I want to make the case, without necessarily endorsing it, that we should be much more suspicious of Bitcoin than we are at present.

1) Bitcoin was almost certainly a team effort. The design has been peer-reviewed and is found to be remarkably secure, complete and well-rounded[1]. I argue that this suggests that a peer-review or quality control process has already been applied. If one individual cryptographer had written Bitcoin, it would contain far more idiosyncracies than it does, not just in the cryptosystem design but also in the C++ code itself. The core protocol itself, which uses a Turing-incomplete programming language, has had only one major vulnerability found in its design and execution.

For comparison, the Amazon AWS API is also a huge team effort that was also (I assume) designed with the help of competent Internet protocol and cryptography experts, and also has suffered from only one major vulnerability, which was found by a certified genius, Colin Percival. Likewise Colin's own one-person-product, the highly secure backup facility Tarsnap has also had only one serious vulnerability to date.

Bitcoin is at least one order of magnitude more complex than Tarsnap, or the crypto used in v1 of the Amazon AWS API. We should have seen far more bugs of varying severities if it was a one man band.

2) The author(s) created, maintained and then apparently retired a pseudonym (Satoshi Nakamoto) while staying completely anonymous on the Internet.


As an achievement this is almost as impressive as Bitcoin itself, albeit of a different nature.

Using the Internet anonymously is much harder than one would think. Things like Tor are vital of course, but beyond that there is the practice of operational security to a very high standard. One slip-up is enough to junk the whole identity, e.g. logging on to a pseudononymous account from an insecure location, or even sending a cookie obtained via Tor 'in the clear', is enough.

As a real-world example, the assassination of Rafic Hariri in Lebanon was pinned on Hezbollah because one of their agents made a single phone call to his girlfriend with his dedicated operational phone instead of his personal mobile.

3) Bitcoin is, by design, highly vulnerable to network analysis. Network analysis can be used to comb through large graphs looking for patterns or suspicious behaviour. Because the entire transaction graph of Bitcoin is public, anyone can perform network analysis on the whole Bitcoin network. This is not so significant by itself, but becomes vitally important when combined with the next point.

4) In the absence of good network analysis, the Bitcoin network is not legally attackable at the point where hard currency is converted. Network analysis backed up with law enforcement or hacking, however, could be extremely effective, and this fits the MO for some large three letter agencies: as we have seen with the recent disclosures of NSA attacks against SSL and Tor, the most successful attacks are multi-pronged: they combine, for example, legal strong-arming with technical know-how and hacking.

Obtaining the transaction logs of a currency exchange would give a starting points from which the rest of the transaction graph can be de-anonymised.

5) One single party controls more than 25% of all BTCs in circulation.[2] Someone, somewhere has the ability to destabilise the BTC currency exchange market at will. If you think of BTCs as a commodity instead of a currency, it is obvious that anyone holding large reserves can wreak havoc by dumping their holdings on the market. They could also bankrupt or bleed the exchanges dry of working capital by converting large sums of BTC over a period of time.

6) Whoever wrote Bitcoin must have known that it would attract criminals and wingnuts like flies to a honeypot. After all, look at the history of cyptocash and you can't help but notice Jim Bell's 'assassination politics', or realise the potential for mischief within the combination of hidden servers and cryptocash. Once Bitcoin was established and hidden servers were possible via Tor, Silk Road was inevitable. Even with the demise of Silk Road, Bitcoin is still used for money laundering, paying for skimmed credit card numbers and for 0-day exploits - in this last case, maybe even by the NSA itself.

7) 'Satoshi Nakamoto' is an anagram of 'Ma, I took NSA oath!' :-) But seriously:


To summarise, Bitcoin was apparently designed by good cryptographers and peer-reviewed before it was released. It was almost certainly written by a team of good coders.[1] The entity that did this practiced impeccable operational security. Bitcoin was designed to be difficult to attack by non-state actors, but was also designed to be inherently vulnerable to network analysis, especially so when combined with legal and covert access techniques. A single entity retains the ability to severely disrupt the BTC market through its control of large reserves, and only the most unaware or blinkered recluse could have failed to realise its potential target market mainly consisted of rogues and blackguards.

Whether or not this points to a law enforcement or national security agency as I've suggested, I think it's evident that we cannot assume that the creation of Bitcoin was motivated by altruism, or even by the strain of libertarian cypherpunk ideology that gave Bitcoin such fertile soil in which to grow.

Dan Kaminsky was quoted by Matthew Green as saying "authorship is a better predictor of quality than openness", and likewise, motive is a better predictor of the true purpose of a tool than its quality. The motive of the creators of Bitcoin remains completely unknown.

***

Corrections and footnotes

[1] As per the HN discussion, apparently the first BitCoin client was quite buggy in the beginning. Only one exploit was used on the network, but see the Bitcoin CVE list here for a more realistic list of the software bugs encountered in Bitcoin. Worth noting is that this is a separate issue to bugs in the design of the cryptosystem. Thanks to nwh on HN for the pointer.

[2] I previously stated that "...and has tried to hide that fact" but this is based on a misreading of the paper. Thanks to mcphilip on HN for pointing that out.

There's an interesting discussion over at Hacker News where some good counterpoints are made.

2013/02/15

Spring 3.1+ Environment properties not being resolved when using dollar-notation placeholders in bean properties? Read this :-)

So after spelunking through the Spring source, I found out that it was my fault, of course. Why:
  1. I needed a in my spring XML, even with nothing else, just to tell Spring to look for ${...}.
  2. My spring schema version was on 2.5, which of course doesn't have the global Environment stuff and assumes you don't want it.
This lesson brought to you by many tram rides and a sleeping toddler.