Category Archives: Uncategorized

Wikileaks to release emails from Stratfor hack

In December, members of the Antisec wing of the collective Anonymous claimed to have downloaded the email spools of the private intelligence firm Stratfor.  Today, Wikileaks held a press conference in which they announced that over 20 media organizations had been secretly analyzing the 5 million+ emails, and they would now begin releasing the emails.  A few stories in mainstream western media have now appeared (e.g., Forbes, Wired).  I’ve followed this hack a bit, and I played the video of the Wikileaks press conference in the background this morning.  Here are a few things that interested me about the press conference that I haven’t seen in media reports.

Most striking to me was how differently reporters assessed the accuracy of Stratfor’s intel, depending on geography.  Apparently, Stratfor investigated PETA on behalf of Coca-Cola, and investigated Bhopal activists on behalf of Dow Chemical.  While some might find this concerning, I didn’t hear any indication that the information obtained by those efforts was false.  In contrast, two reporters from the Al Akhbar newspaper in Lebanon stated that much of the information gathered about the situation in Beiruit was false.

The Al Akhbar reporters said this situation was a particular problem, because the CIA was recently forced to shut down its intelligence operations in Lebanon.  This increased US reliance on a private firm like Stratfor.  Apparently, though, Stratfor, to maximize profits, provided a lot of intel on Lebanon by using Google Translate to read open source material written in Arabic, literally losing the meaning in translation, instead of hiring analysts fluent in the language.  Further, their evaluation of sources was, according to one reporter, “racist” in the sense that if an ideologically extreme Arab made a statement and an ideologically extreme Israeli made a different statement, Stratfor analysts would discount the Arab and take the Israeli seriously.

I’ve read only a few of the emails myself, and I can’t speak to the accuracy of any claim.  However, it does seem clear that the notion of Stratfor just being a service that reads and analyzes open-source material is incorrect.  Unless the released emails are heavily fabricated, Stratfor initiated intelligence gathering operations on the ground, bribed confidential informants around the world, and encouraged their employees to control sources by “psychological” or “sexual” means.

Finally, no matter your personal political persuasion, Stratfor’s internal glossary of intelligence terms is hilarious.  I will close with some definitions from it.

Backgrounder: General analysis that gives the customer better situational awareness. The customer never actually reads the Backgrounder. Its primary use is as cover when the customer screws something up. Backgrounders are the basic intelligence tool for shifting blame to the customer.

or

He Won the Cold War: Egomaniacal Bullshitter

and

He Won the Vietnam War: Deranged Egomaniacal Bulshitter

and, in conclusion, a definition made more intriguing by (and perhaps at odds with) the claims of the Al Akhbar reporters:

Duplicitous Little Bastards: Israeli intelligence

A few Tweets

I joined Twitter at the end of December 2011 because I realized that I was using my computer less and less, and my smart phone more and more, relatively speaking — and I was using my phone to find and read content that intrigued me.  I plan to use my Twitter account almost as a note-taking service — I will tweet news articles, etc., that intrigue me and that I might want to come back to later.

My account is @aaron_sterling, and you can see it in the rightmost column of this blog.  Here are three items that are good examples of things I found interesting, but which, after today, I won’t be “elevating” to the status of a blog entry.

  1. The computer security company McAfee has produced a document titled 2012 Threat Predictions (pdf file).  I skipped over some of it, but the parts I read were fascinating.  For example, they see BitCoin as an extremely insecure currency, they believe illegal spam will diminish and be replaced by “legal spam” (equally annoying), and they think far more attackers will target hardware exploits instead of the traditional software exploits.  Worth a look.
  2. Enrique Zabala has produced a Flash animation that explains Rijndael/AES visually.  It is beautiful.
  3. Rajarshi Guha and co-authors are designing a type-ahead chemical substructure search engine.  This addresses a longstanding open problem in cheminformatics, which is: searching for chemicals in a database is slow (in worst case probably exponential because the Subgraph Isomorphism Problem is NP-complete), but can it be made faster?  At least for important special cases, this tool seems to be competitive in speed with Google’s type-ahead search engine for other content: it provides the chemist suggestions, given the prefix of the input available, before the chemist even hits the enter key.

Watermarking molecules

This post was chosen as an Editor's Selection for ResearchBlogging.orgI’ve posted twice about Anonymous hacking into Stratfor — and, more generally, their hacktivism has been making bigger and bigger waves.  CNN recently ran a fairly positive story on the support hacktivists are providing the Occupy movement.  Many of these hacktivists are quite active on Twitter and elsewhere.  However, from the perspective of both international and corporate espionage, the “quiet” hacks are the worst: someone makes off with information and the victim never knows.  As security expert Kevin Mandia told the New York Times:

The hacks that do the most damage don’t have Twitter feeds.

Another security expert, Jeremy Falkenrath, in an interview on Bloomberg News (at about 7:00 into the video), discussed, quite matter-of-factly, the hacker-for-hire market that companies in the chemical industry deploy against one another to learn trade secrets.  With this as the backdrop, I’d like to discuss one of the main open questions of cheminformatics: Is secure encryption of molecules possible?  For example, it would be nice if a company could encrypt a molecule, but then allow some third party to run in silico tests with it, having access to the molecule’s properties but not the structure itself.

Encryption of molecules

Part of the reason for the traditional closed-data policies of pharmaceutical companies is the total absence of any way to encrypt chemical structural information.  This has been recognized as an open problem for many years, the American Chemical Society held a special meeting in 2005 about it, a summary of which appeared in Nature.  While there were presenters at that meeting who felt molecular encryption was possible, and others who felt it was impossible, the practical reality as we enter 2012 is that, so far, the voices in favor of “impossible” have been correct.  Almost no new theoretical literature has been produced since 2005, and the industry appears no nearer a practical solution than it was in, say, 1975.

I recently had an idea to expand upon a proposal by Eggers et al. in 2001, to watermark in silico representations of molecules.  My idea, however, is going nowhere — just like all other attempts so far to implement chemical watermarking.  At least I can get a blog entry out of my failure though!  I hope readers of this page find my little attempt entertaining or informative.

Acknowledgement: The material in this post is based on conversations I have had with cheminformaticians Rajarshi Guha and Jörg Kurt Wegner.

Continue reading

Ian Stewart’s Mathematics of Life

This post is based on a book review I recently wrote on The Mathematics of Life, by Ian Stewart. A final version of the review will appear in a future issue of SIGACT News.  Please feel free to download a pdf version of the full preprint, or just read an abbreviated version of it here, in blog format.

Introduction

Ian Stewart is one of the premier popularizers of mathematics.  He has written over twenty books about math for lay audiences.  He has also co-authored science fiction, and books on the science of science fiction (three books on “the science of discworld”).  In his newest effort, The Mathematics of Life, Stewart focuses his talents on the mathematics of biology, and the result is superb.  In an easy, flowing read, with dozens of diagrams and scholarly footnotes — but without a single formula — he introduces the reader to a wide range of interactions between mathematicians and biologists.  I heartily recommend this book.
Continue reading

My own information was just compromised in the Zappos hack

In an unfortunate coincidence, as a thematic followup to my previous post on hacking, a “throwaway” email I use, and partial credit card information of mine, has just been compromised in the recent hack of Zappos.com.  Infosec Island has a good blog post about this data breach,  and I was one of 24 million Zappos customers who received the email quoted in that blog post.

I’ve deleted my credit card information from Zappos, and from one other online retailer I use.  To be honest, I’m not sure who else might have my sensitive information — and I bet I’m not alone in that.  I’m not sure what precautions I will take in the future when shopping online, but I plan never to save my credit card information again.

Stay safe, everyone.

Password analysis from the Stratfor hack

I will return to blogging about theoretical computer science and algorithm-related mathematics next week, but I wanted to take a few minutes today to mention a rare research opportunity that has arisen as a result of the hack of the private global intelligence company Stratfor.  This opportunity is the list of 860,000 (MD5 hashed) passwords to accounts of people in journalism, government contracting, the military, etc. — in short, people who “should” know how to create and maintain strong passwords.  Most of the MD5 hashes have now been cracked, and preliminary analysis indicates that even people who “know what they are doing” use weak passwords.

Stratfor, by the way, finally has their website back online, with a Hacking News section, in which they tell their side of the story.  (They verify that they stored credit card information in cleartext, as Anonymous had claimed, and they state that they were working with the FBI on an investigation into a hack of their systems before the hack went public on Christmas Eve.)  About a week ago, the hackers released a zine which includes a press release about the Stratfor hack and two others, and a log of the hacks themselves.

Continue reading

Polygon rectangulation wrap up

Tying up loose ends from my three posts in December about rectangulation of orthogonal polygons.

  1. Derrick Stolee requested in a comment a resolution of the computational complexity of the 3D version of the problem of decomposing a shape into the minimum number of rectangles.  I found a reference that proves the problem is NP-complete, by directly reducing the problem to a variant of 3SAT.  The diagrams of the gadgets used are pretty cool — the gadgets look like children’s toys used to build 3D structures.  Rectangular partition is polynomial in two dimensions but NP-complete in three, by Victor J. Dielissen and Anne Kaldewaij, Information Processing Letters, April 1991.
  2. The survey Polygon Decomposition by J. Mark Keil (1996) has much more information on exact algorithms for rectangulation, triangulation, and problems I did not mention at all, like covering.
  3. There is an extensive literature on approximation algorithms for finding a minimum-length rectangulation of an orthogonal polygon with holes.  (The problem is NP-complete even for the case where the polygon is a rectangle and its interior holes are points.)  I can recommend the survey Minimum Edge-Length Rectangular Partitions, by Gonzalez and Zheng (in Handbook of Approximation Algorithms and Metaheuristics, 2007).

Victor J. Dielissen, & Anne Kaldewaij (1991). Rectangular partition is polynomial in two dimensions but NP-complete in three Information Processing Letters, 38 (1), 1-6 : 10.1016/0020-0190(91)90207-X