What is Up With Cyber Security?
“Hacker”
I’m a cyber security expert and find it a fascinating field.
Why?
I decided to make a partial list:
- Cyber security is an emergent property of computers and the internet. No one saw it coming. When I started in this field about ten years ago, it was nearly impossible to get the grand “deciders” to invest even the tiniest amount of security engineering into a product. Regrets abound today.
- The laws around cyber security make it easy to get around them. The internet is global, laws are regional. Hacking that is legal in one country is illegal in another. Hackers located in Ecuador can legally break into US systems.
- Cyber weapons are rapidly becoming the most important weapon in a nation-state’s arsenal, and it takes relatively little investment to develop them. It cost the US $26 billion to develop the first atomic bombs, how many hackers can you hire for that amount of money in China? The nearly complete reliance of the US economy and infrastructure on the internet makes our country the most vulnerable.
- Both hacking (attacking) and security (defending) are simple. Though you have to be technically adept, it does not take a genius to do either. The thing that makes hacking difficult is the tedious search for vulnerabilities, and the thing that makes security difficult is defending the many avenues of attacks that come from the complexity and interconnectivity of devices today. That aside, almost all cyber attacks rely on very simple methods and approaches used on systems with almost no built-in security measures.
- Lastly, it is interesting because you never know what will happen next!
Posted in Cyber Security by Mark with comments disabled.
The Fate of Harrison Fast
Speed Flying Can Be Dangerous
I was very peripherally involved in the search for Harrison Fast last spring. He was a young extreme sports enthusiast from Boulder who practiced the new sport of speed flying. This is when you get moving down a mountain slope on skis at a high rate of speed and then deploy a steerable parachute that lifts you up in the air to fly down the mountain. It looks to me to be extremely fun. And dangerous. Harrison disappeared near Jungfrau in Switzerland while speed flying with a group of companions.
After his companions lost sight of Harrison and he failed to contact them, they knew something needed to be done. However, they found themselves in a quandary: Harrison and his companions were doing something that is illegal in the park. This may have caused them to avoid reporting it to the authorities right away, although it is highly unlikely this made any difference in Harrison’s fate. Authorities in Switzerland were reluctant to search in what was turning into marginal weather conditions for a helicopter, the only practical means of finding him.
His family and the Boulder company he worked for organized an extensive effort headquarted in Colorado to search for him, utilizing hobby unmanned aerial vehicles (drones) to search. They were able to acquire the drones and the people to fly them, and got them to Switzerland. Their search effort was both innovative and resourceful, though in the end they had no more clues than when they started.
Soon they ran out of time and funds and accepted the inevitable. It was a very sad ending for someone who was so obviously loved by many.
Posted in Colorado 14er Disasters by Mark with comments disabled.
New Home!
Good Karma
And so this boat turned out to be just what we were looking for. We named her Good Karma. Shelly had suggested that name a while ago since it is easy to understand over the radio, where you always use your boat name as a designation. If you don’t know, there are a lot of really strange and silly boat names out there. It turns out that the previous owners live in Colorado and are very well regarded here at the marina where it has been for many years. Shelly’s boat name became fate when we talked to the marina customer service manager and he said to us, “…well if you buy the boat it will be good karma.” And so it is.
The boat is in fantastic shape, though it does need some maintenance (as all sailboats do) and there are a few things we want to change so we are here in this marina for a while as we get the work done and get familiar with sailing her on short trips.
I have to emphasize that it is highly unusual to find a boat that fits all the requirements and wants on your list in such short notice. We were lucky.
So we begin!
Posted in Sailing by Mark with 1 comment.
Escape!
All We Have, What Can Fit in a Honda Element
This post has nothing to do with sailing, but how we got started. This is how we changed our lives:
We quit our corporate jobs, gave away most of our possessions and sold our house. We packed our Honda Element with only the essentials and headed east. Destination: Annapolis, Maryland. Why Annapolis? Our goal was to buy a sailboat, live on it and sail to whatever destination we desired.
Annapolis happens to be the sailing capitol of the USA. Whatever kind of boat you want, you are most likely to find it hear or nearby, and any fix-ups, modifications or accessories you may want can be found here. The boat experts and contractors are here. Even the Naval Academy.
We had seen a couple of boats we might be interested in but really had nothing definite. Our plan was to find a short term rental and keep looking for a boat for as long as it takes.
Our drive started about the third week of July. We headed across the midwest in the hottest weather of the year. Since neither of us can stand to drive more than about four hours a day, it took us quite a while to get to the coast. Here is what happened.
We drove across eastern Colorado and into Kansas. Colorado was surprisingly brown and desolate all the way to the Kansas border. Kansas was full of green cornfields and working farms. We stayed in Wakeeney the first night. It was windy and hot. The next morning we hiked around a nearby state park before driving to Kansas City. KC was hot. We visited the Steamboat Museum there, quite an interesting collection of pre-civil war artifacts.
We then drove to Herman, Missouri where we visited with our friend Jim Gallo. It was hot and humid. Next day, Martinsville, Indiana where we hiked in the Morgan-Monroe State Forest. It was, you guessed it, hot. The next night, Cambridge, OH, where we hiked Salt Fork State Park. Hot. The next day we had marathon car drive to Annapolis.
A few days later we were in the office of our boat broker, Forbes Horton. He was recommended as a broker who understood what a bluewater boat is, and he is highly knowledgable. We were looking at what was on the market and there it was, a Passport 43 in beautiful shape. “Passport” is the brand of the boat and it’s 43 feet long. Forbes was surprised to see that it was available, it had just been re-listed because the previous potential buyers could not close the deal.
The next day we went to look.
(to be continued…)
Posted in Sailing by Mark with 2 comments.
Colorado 14er Disasters – Second Edition (2016)
It’s been eight years since I originally wrote “Colorado 14er Disasters.” Last year I partnered with the CMC Press and Mountaineers Books to publish the second edition which should be available September 1 here! The second edition contains new stories and photos of accidents and mishaps on the 14ers, as well as updates to some of the original stories. Because the first edition stories were an excellent representation of archetypal mountaineering accidents, all of the original material is included in the second edition.
Read and stay safe!
Posted in Colorado 14er Disasters, Mountaineering by Mark with comments disabled.
Southern Hemisphere Expedition 2016!
Antarctica, South Georgia and New Zealand!
Blog posts HERE!
Posted in Journal by Mark with comments disabled.
How I Defeated the NSA!
IRATEMONK page from the NSA ANT catalog
Well, maybe “defeat” is too strong of a word, because as Gollum says of the Nazgul, “you cannot defeat them!” BUT, I have ample evidence that measures I put into place years ago made one of my companies products highly resistant to an attack by the NSA. I’ll explain below.
As many of you know, I work as a cyber security researcher and architect. I currently work at a large computer hardware company that I won’t name here, but it’s pretty easy to figure out which one. Back in 2009, I was working on solid state drive (SSD) data security. SSDs are used for local storage, performing the same function as a hard disk drive but using memory chips rather than a magnetic disk to store the data.
Back then, computer security was seen more as a necessary evil rather than an essential primary function of a computer. In other words, the general thought was that you only implement security features if absolutely necessary, it cost money and didn’t generate a visible return on investment. That meant I had the difficult job of trying to convince the “higher ups” that we really need to add security to our products.
I lobbied extensively for a particular security feature called “firmware signing.” This is a technique that uses cryptography to make it difficult to make unauthorized changes to the device firmware. Given that the firmware controls every aspect of a device, this seemed to be essential. Back in 2009, most if not all hard disk drives and SSDs did not use signing. This is a very bad thing!
Consider that if just anyone could update your firmware, they could simply wipe it out or erase all your data. Or they could plant some malicious code to spy on you. This could happen surreptitiously over the internet while you visit a website, for example.
Anyway, I was able to convince, cajole and outright usurp my management at the time to put this security in place. I was successful, but viewed more as a pain-in-the-ass rather than a “savior,” simply because there was no short-term payback.
Fast forward to today. Malware and spyware is everywhere, it is a multi-billion dollar industry worldwide and involves everyone from mischievous teens to highly organized criminal enterprises to nation-states. The security posture of our computer network is pathetic, but getting better.
In May, I saw a report that mentioned The Equation Group and how they exploit firmware. The name “Equation Group” is made up by security researchers who found and classified the malware. To quote the report,
“The ‘Equation Group,’ named for its affinity for ultrasophisticated encryption schemes and associated malware, is now among the most sophisticated threats ever observed.”
Thus, because of it’s sophistication, it is associated with a nation-state attacker, meaning the government of a country. Other evidence, such as the page from the leaked NSA ANT catalog, an internal NSA catalog of spy instruments and software, indicates that this is probably the work of the National Security Agency. The particular product that attacks hard drive or SSD firmware is the IRATEMONK, shown at the top of this post.
So… What evidence do I have that I defeated the NSA? The list of drives known to have been infected by The Equation Group (probably NSA) come from companies such as Seagate, Maxtor, Western Digital, Samsung, IBM, Micron and Toshiba. My company is NOT on that list, and it is likely because of the firmware signing I pushed through way back 2009 when almost no one thought this possible.
Given the secretive nature of this business, that is probably as good of evidence you can get to prove you did your job well!
Posted in Cyber Security by Mark with comments disabled.
Playing for Real
Ok, so they tell me you’re supposed to “sell yourself.” I find that hard to do without feeling like I’m boasting, so I almost never talk about my books. But I found out today about something cool, so here it is.
A few months ago, Rocky Mountain Rescue received an award presented by Patricia Limerick. A video was made and is on Youtube here, she mentions Playing for Real at 3:45, and apparently she was impressed. This is excellent recognition, as Professor Limerick is, among other notable achievements, a recipient of the MacArthur Fellowship, also known as the Genius Grant. As a matter of fact, it’s hard to imagine a better compliment for my first book! Yes, I know all the RMR members sitting around her in the video, they are fantastic people. The video is interesting and talks about RMR, why people join and stay, and a bit more talk about Playing for Real (if you want to watch such a long video).
Posted in Journal by Mark with comments disabled.
Bioelectric Signal Project
Amplifier/Filter board
Last year I heard a radio interview on National Public Radio about a device that people were building to “enhance cognitive ability,” called a transcranial direct current stimulation, or TDCS device. The claim was that this device could enhance cognitive ability, such as increase memory retention, concentration levels, and problem solving ability, and even enhance your mood. It accomplished this by applying a low-level DC current across your head for up to 20 minutes at a time.
It turns out that this is not the flaky idea it appears to be. It has been studied for decades by psychologists, and even the US military performed a study in the 1960s with interesting results. So I decided to test this out myself. It turns out that you can build one of these devices with a few parts commonly found at electronics stores. So I built one.
My tDCS device: It works!
I tested it a few times and did notice something, though it is difficult to describe. It could have been a placebo effect, but it is easy to imagine that this current is causing some sort of reaction in the brain given one of the brain’s essential characteristics is easily measureable electrical activity.
So I thought as my next experiment, it would be interesting to measure these brain signals for myself. This is commonly done using an electroencephalography machine, or EEG. Basically, this is an instrument that measures the minute electrical signals detectable from the surface of the skull. EEG machines have been around for nearly a century, used almost exclusively for medical or research purposes. That usually means they are expensive. So the first thing a do-it-yourselfer (DIYer) does is check the open source community.
The open source movement always eliminates the cost barrier, so I searched for an open source EEG. Voila, up pops OpenEEG.org. They had published the design of a DIY EEG machine, but it was somewhat obsolete having been originally designed almost a decade ago. However, it did contain good information, especially about how to build the “front-end,” the electronics that detect and amplify the brainwave signal.
The OpenEEG design had one big disadvantage. It required the subject to be physically attached to a personal computer, something that limits its use to wherever you can set down and plug in a computer. You couldn’t, for example, measure the brainwaves of someone climbing a cliff face. That was the limit of DIY technology a decade ago.
Things have changed.
Today we can build a tiny EEG machine that could be worn in a headband, eyeglasses or some small, unobtrusive wearable item. And it need not be physically connected to a computer at all. A smartphone or tablet application could display data collected by the EEG device, either in real-time or downloaded after the fact. And it would not be that difficult to build given the low-cost prototyping tools and devices available today.
So I decided to build a prototype wearable EEG device, pulling together information from various open source sites including OpenEEG. After several months I had a working prototype that could display brain waves. And interestingly, it can detect and display other bioelectric signals. I can measure the waves produced by my heartbeat. I can see the signals that control muscles. As a matter of fact, when hooked up as an EEG, the device displays jaw muscle movement, and even the movement of my eyes.
What I built is a prototype of what could be a small, low-cost, wearable EEG. Imagine the possibilities if it became a popular product where the bio signals of tens of thousands, or even millions, of people could be analyzed. The signals produced by muscle activity are relatively well understood when compared to EEG signals. EEGs are used as medical devices but in extremely limited ways such as determining where seizure activity originates in the brain.
Though we can measure and categorize EEG signals, the fact is that medical research has provided scant information as to what those signals mean. Now imagine that medical research had access to tens of thousands of EEG signals of people doing a wide variety of activity.
What could be mined from such a database? The possibilities are amazing. Could it help individuals improve memory, thinking, or concentration? Enhance emotional well-being? Help with psychological abnormalities or mental illness? Improve early detection of brain abnormalities or tumors? Who knows what could be discovered.
So back to the prototype, the idea is this: Build a prototype wearable EEG device that can communicate wirelessly with a smartphone or tablet. An application on the smartphone or tablet would display the data in various forms, such as a real-time wave, or a processed signal that is easily interpreted by a user. This data could then be collected by the application, associated with an activity and other bio data and uploaded to the cloud. Anonymized data could be entered into a greater database.
What the prototype needs is a front-end circuit to get the signal. EEG signals are tiny, so the signal needs to be amplified and filtered to be of use. The signal then must be digitized and possibly stored. It then must be radio transmitted to a computer for further processing and display. If this computer is a smartphone or tablet computer, an application can be written that not only displays the data but also updates a cloud database.
This writeup will not go into every detail of the EEG machine I built, but I will discuss each of the major components for my prototype. They are:
An amplifier/filter front-end circuit
An Arduino Uno
A Bluetooth Low Energy (BLE) board
An Android tablet
Not mentioned in the list are the tools necessary to build and test the device. Also, it should be noted that this is a challenging project, especially if you build the amplifer/filter board from discrete components as I did.
Amplifier/Filter Front End: The bioelectric signals we want to detect are in the microvolt range, that is, one thousandth of a volt. Pretty weak. We need to amplify this to the single volt range to be usable. Also, these waves are very low frequency, basically 60 hertz and less. We don’t care about any signals greater than 60Hz.
One thing we have to consider is that all electronic circuits “pick up” electrical noise from the surrounding environment. This noise may be very small, but so is the signal we are trying to see. Therefore, we must take measures to shield our circuit to minimize spurious noise. Because shielding is not perfect, we will also need other measures to get ride of noise, namely an electronic filter. A big source of noise is power lines, all of which run at 60 hertz in the U.S. But remember, we only care about zero to 60 hertz, so we can design a simple filter that suppresses all signals greater than, and including, 60 hertz.
Our circuit is a three-stage amplifier that can amplify up to 10,000 times and filters signals greater than 59 hertz. It also biases the signal positive for digital conversion. I adapted this circuit from OpenEEG.org (which adapted it from a scientific research paper), along with a screen cap of an unfinished board layout made with Eagle CAD (computer aided design) software.
Schematic and board layout (unfinished) using Eagle
I built this circuit from discrete components on a prototype board, shown at the top of this blog post. This is not recommended unless you have advanced circuit debugging skills and tools, or know someone who does. The reason is because there are more than 50 individual components with more than 100 connections between them. It is essentially impossible to build this circuit by hand without making a mistake, and likely several, that will render it inoperable and turn this into an exercise in extreme frustration.
To shield this circuit, I put it in a metal project box. The input to this box is a fully shielded, two-channel audio cable that can be plugged into the probes. The output of the box is an analog signal that is fed into an Arduino, see below.
Arduino Uno Board: This board was chosen to provide and quick and dirty prototyping platform to digitize the analog signal and parse it for transmission, pictured below.
Arduino Uno with Bluetooth daughterboard (red board on top).
Note that the board is mounted outside the front-end shield. This is intentional. First, the Arduino is not nearly as sensitive to noise and does not need shielding. Second, digital electronics actually generates lots of noise and would interfere with the front-end board, so it needs to be outside the shield. Third, it is convenient.
Basically, we feed the analog wave signal into one of the Arduino’s analog-to-digital converters. An A/D converter, as it is called, takes the amplitude of a signal and converts it to a number. For instance, 0 volts will translate to the number 0, and 5 volts will translate to 255. A level of 2 volts would translate to 102. This translation happens in a fraction of a second, a “sample” is saved and another translation is done. This time interval is called a “sample rate.” If the sample rate is fast enough, we can get a good representation of a rapidly changing input signal as a series of numbers.
We then package these numbers and push them out to our radio transmitter, see below.
The Bluetooth Low Energy Board: This is a Bluetooth transceiver prototype board that conveniently plugs into an Ardunio prototype shield board. This is a little radio that allows us to connect to and transmit data to another device like a tablet computer. This board contains its own processor and firmware and automatically handles the Bluetooth protocol on the device side. We send data packets from the Arduino to the Bluetooth board, which then packages and transmits the data wirelessly to our tablet, described below.
Android Tablet Computer: I used a Samsung Galaxy S5 mini-tablet computer because I had one available. I developed a prototype Arduino application that connects to my front-end device using the Bluetooth protocol available in the device. I can display the bioelectric wave, the power of frequency bands and a chart showing trends in the power, more about that below in the Android App section.
Android App Notes: As with the hardware, this is a prototype application and not a full working version as you might expect with a commercial product.
What it does: Connects to and captures data packets from the front-end via Bluetooth, and displays this data in both wave and power form.
What it doesn’t do: There is no support for recording or uploading to a cloud server in this version.
The power display is used mainly for when EEG signals are being detected as these signals have been classified into various frequency bands Delta, Theta, Alpha, Beta and Gamma. The power display can be interpreted as how much of each of these bands is measured so the change in power is visible.
The power display is exactly like a sound equalizer display except that it is tuned to bioelectric signal frequencies rather than audio frequencies. This is accomplished by processing the wave data through an algorithm called a Fast Fourier Transform, or FFT.
Results: One of the more difficult aspects of this project was coming up with a low-cost design for the electrodes you attach to the skin to pick up the biosignals. I ended up making simple electrodes made of small steel washers. These worked quite well if you also use Ten20 conductive gel (quite cheap) and hold the electrodes in place on the skin with athletic tape.
I could easily detect heart and muscle activity. Detecting brainwaves was tricky, but I concluded this was due to the quality of the electrodes and not the electronics per se.
There is a demo Youtube video of the hardware being turned on but not actually connected to electrodes here. What you are seeing is a sequence of starting up the Android app, turning on the front-end electronics and then a display of various forms of the data being received. This demo does not have the electrodes connected so what you are seeing on the display is noise and the electronics settling. The top display is a representation of the wave (in this case noise) being sent from the Arduino via Bluetooth. The next display down shows the power spectrum from 0 to 60 hz. The third display down from the top is specific for an EEG setup: These are the power levels of the types of EEG signals Delta, Theta, Alpha, Beta and Gamma waves. The final display is a long-term trend graph of the power of the EEG signals.
The most impressive working demo is detecting a heartbeat as shown here. Muscle contractions associated with moving my fingers are demonstrated here, and an actual EEG signal (measuring my brainwaves) is shown here. For each of these demos, I simply changed the location of the electrodes on my skin.
Though the front-end box is quite large for something intended to be wearable, keep in mind this is a prototype to prove the concept. An actual product would be much smaller, just a few square inches in size.
There is great potential in turning this into a product, but my main interest was to put these various technologies together and having fun building both hardware and software to make a new device.
Posted in Electronics and Radios by Mark with comments disabled.
Colorado Publisher Disaster
“Publishing can be evil!”
And I was a “victim of the game,” at least until last Monday. That is when I finally got a settlement from the publisher of my book Colorado 14er Disasters: Victims of the Game, because they committed flagrant fraud (in my opinion). I won’t mention them by name in this posting but they are a Boulder publishing company and their Big, Earthy name is easy to find simply by googling my book title.
What happened? Well, by contract they were supposed to pay me royalties every 6 months, something that they never did in the 6 years they had control of my work. They did pay me once in a while, but never on schedule. That was maddening enough, but what follows is worse.
The paperback version of my book was first printed in 2009, before ebook delivery systems like Kindle became popular. But ebooks were quickly becoming very popular. My contract with the crooked publishing company anticipated ebook sales and granted me a much larger royalty for ebooks, 40% vs 12% for the paperback. This makes sense though, it costs the publisher virtually nothing to “publish” an ebook. There are no materials to manage and no distribution to worry about.
I noticed a Kindle version of my book being sold on Amazon in 2010. I visited my publisher, sat in a chair directly across the desk from her and asked about the Kindle version. She looked me in the eye and said, “I don’t know anything about it.” I thus assumed that Amazon just converted existing books to ebook form and sold them on their own initiative, and that they would pay the publisher as they sold.
This was a bad assumption on my part. Amazon told me they never do that nor have they ever automatically published books on Kindle. The publisher had to take direct action to create a Kindle book.
My few and far between royalty statements never indicated ebooks being sold at all over the next couple years. I asked the publisher how much they were making on Kindle books and she told me, “I haven’t seen any money from Amazon.“
By 2012, I asked that my statement include ebook sales as they could no longer deny they were being sold. I have a statement from November, 2012 that shows two categories, paperback and ebook sales. Paperback sales were relatively good, ebook sales showed zero books sold. ZERO!
For the next two years I asked to be paid and was essentially told “the check’s in the mail,” even though it wasn’t. Finally, at the beginning of 2015 we decided we’d put the hammer down and end this nonsense.
For three months, Shelly leaned on them, even going as far as showing up at their office and demanding statements. She got a bit of money and a statement, but not the full amount.
The statement showed they had been selling ebooks for more than five years!
I then filed a lawsuit demanding my back royalties (in the thousands of dollars range), interest and fees, and demanded that our contract be nullified. In mediation they thought about this for about one minute and agreed.
This publisher is still in business but they no longer are allowed to sell my book. There are still new paperback copies out there in the pipeline, and I’m sure used copies will be sold for a while.
I did republish on Kindle under my name and so the book is available there indefinitely. It’s an improved version with color pictures rather than the black-and-white copies from the paperback format.
And because I own the title now, I’m thinking of publishing a new volume with follow-ups to the original stories and new material: Colorado 14er Disasters Redux!
Posted in Colorado 14er Disasters by Mark with comments disabled.