Tuesday, March 31, 2009

Collegiate Cyber Defense Competition Notes

As was expected, everyone was challenged and had a good time at the CCDC (Collegiate Cyber Defense Competition) event. Don McLane, who helps to organize and sponsor the event through coordination and support of the Institute students gave me some notes from last weekends experience.

The scenario was well balanced. Student teams did have enough time to harden their systems. The Red Team (attackers) soon figured out the systems and exploited any exposed flaws. Thank Brian Hay at the University of Alaska for a good design there.

There was an interesting dynamic on the floor. Although teams were really competing against each other, they felt like they were all against the Red Team. I noticed one occasion where someone overheard another team member describing a problem; he scooted over and whispered "our team figured that out, here's what to do ...".

Setting up the competition was an adventure. Thursday morning I drove to Microsoft with a truck full of routers and switches. We set up everything in record time. The next day, Brian Hay would fly down from Alaska with all the operating system images and we'd finish up.

Then I got the call: all flights from Alaska were canceled because of volcanic ash. I spent the entire night downloading 60 Gigabytes of data from Alaska.

Friday, even though we were constantly on the phone, there were more details than could be handled in the bandwidth of a phone call. We called a few volunteers. A couple people from Microsoft stopped by to see how it was going; they were immediately recruited to help troubleshoot. The team effort was incredible.

Luckily, the Alaska team did make it down the next day for the competition.

Don also provided some pictures from the event. The rest can be found here.

Wednesday, March 25, 2009

Students Participating in Cyber Defense Event

This weekend, students from the Institute of Technology will be participating in the 2nd Annual Pacific Rim Regional Collegiate Cyber Defense Competition on the Microsoft campus. Members of the student organization, the Grey Hat Group, will be presented with a pre-configured systems of a fictitious company that they are tasked to operate.

Then, as described by the competitions web site..

The evil red team, which sits next door, however, will attempt to vandalize and break into this network. The student teams need to defend against the attacks of this red team. In particular, the goals for each team are to:

• fulfill assigned business tasks (so-called injects)
• keep services operational
• prevent break-ins by the red team

Students are scored based on the goals above. The team with the most points of the two day event will be the winner of the Pacific Rim Regional Collegiate Cyber Defense Competition and will proceed to the National competition.

Justin Carton, the Grey Hat Group president, has been working the group through practice sessions to get them all prepared.

However, a former founder of the GHG and alumni to the program here at the Institute, Mary Jane Kelly, will be part of the "evil red team". She and another alumni John Hernandez, both from Casaba Security, will be tough to handle.

The Center for Information Assurance and Cybersecurity, the University of Washington and Microsoft are helping to put on the event.

You have undoubtedly heard of the last two but perhaps not the first.

The CIAC is...

a Pacific Northwest research, education, industry and government community that provides innovation and leadership in the protection of critical public and private information infrastructure, and provides well educated information assurance and cybersecurity at all professional levels.

Good luck to all.

How Do You Value an Online Friendship?

Part Three:

The rules and customs of these worlds are dictated not just through the sets of features available to the user, but through unintended consequences as well. For instance, in the online gaming world “Silk Road”, individuals build their identities through activities and earned experience in the game. It is a free market economy that Barry Schwartz of “The Costs of Living” would find numerous examples of how the pursuit of gain “erodes the best things in life”, even if that life consists of hunting down monsters for gold and gaining rank and stature through the process.

If you wish to change sex, grow your hair, buy clothing or possess special skills you can go on adventures and face creatures in the detailed landscapes of the land that the maker of the online game has created. Each task you complete, mostly slaying monsters, earns you gold or special items. You can spend the gold or sell the items in a marketplace. The longer you play, the more you earn and the greater your status in the community. You do not have to do this alone, as you can meet people and form hunting parties in order to achieve greater success. In any world, the key is to beware of game players who take advantage of you and believe the laws are there to be skirted for advantage.

At least that is what the makers of the game hoped would be the ethics and rules of that society. In a “tragedy of the commons”, free riding gamers figured out a way to automate their online activities and created software programs to take on the tasks and collect the gold, bypassing the required time an individual might need to invest. Others, recognizing that these “bots” were not real people would follow along and pick up what pieces of gold or items of value that the bots did not recognize. This devalued the online currency.

In many ways this reflects the real world rules of commerce and the market, in that it is not uncommon to have individual spend time circumventing rules and law in order to obtain something that the rest of the community values. The more success the gamers have in circumventing the rules, the greater pressure from the society to adjust those rules. In the case of Silk Road, in true market economy form, they chose to lift the rule banning bots and started selling them to users.

Relationships can also begin to take on more complex status in online worlds. One popular online virtual world is Second Life, where “residents can explore, meet other residents, socialize, participate in individual and group activities, and create and trade virtual property and services with one another, or travel throughout the world, which residents refer to as the grid”.

In Second Life people have met, fallen in love, gotten married and had children together, all without their real world spouses knowing. This concept has evolved to a point where there are self help articles in large number for the express purpose of helping you build and maintain a healthy online relationship such as is available at WikiHow, a socially constructed how to manual.

Given the different values attributed to the concept of marriage in different cultures, it is not a stretch to view the virtual world as a step into another culture with its own distinct moral codes. As the traveler might find themselves confused by the culture of a country foreign to him, and need to step outside of his own world view to understand the people better, we might also find ourselves having to adjust our views to the worlds that are being built within the digital space.
Here are two real examples of how our concepts of marriages and lifelong relationships are being tested.

An Associated Press article from 2008 describes an incident where, in Japan, a 43 year old woman was arresting in the killing of her husband when he asked for a divorce. At least that is how the headlines read in the newspaper articles reporting on the crime. However the marriage only existed online in a world called Maple Story. Two workers in separate divisions of a company that existed in different parts of the country met online and started dating. They fell in love and their avatars, representing their online personas married each other in an online ceremony. After years of being married online, the male coworker told his female counterpart that he wanted an online divorce. The female coworker was so angry that she used his password, which he had previously given her, to enter into his account and deleted all files associated with his avatar. In effect, she killed him, destroying years of work building relationships, buying things, learning skills and earning a place in that society.

So how do you value the loss and categorize the crime. You can add up the hours spent that would never be returned. You can attempt to quantify it, but there is not only no basis by which to judge the value of a lost virtual life, there were no rules that applied online, as the crime actually occurred in the real world. The result was a charge of destruction of property and the value assigned was high enough that the woman was arrested and taken to a police station where she was charged booked, released and given a court date.

In the second example, a man and woman were married in real life with a small ceremony. As reported in a November 14th 2008 CNN Europe, this British couple had a much larger than life end to their relationship. Given their shared affinity for the online world of Second Life, they also held a much larger ceremony online with a very large number of guests who attended the event as their online counter parts. This was treated as news and several real world newspapers reported on the event.

The relationship worked online and in real life for a while but ended up in divorce. The split occurred when the wife discovered that her husband was cheating with her online. The divorce was carried out in the real world. The woman that the wife caught her husband cheating with was an online character that was driven solely by an expert system. In order words, he was frequenting a virtual prostitute, who was actually a software program.

The decision to add a friend online is a simple and absolute one. Yes or no. The investment in an online relationship takes time and is not driven by economics but by the want and human desire to connect with another person. It is not something that can be separated out as a single incident, but is part of an emerging online community and culture that is being built every day.

The value of those relationships is not absolute, nor do they take place in an atomistic setting. They are relative and communitarian, functioning at different degrees and on different levels. They are part of a continually expanding socially constructed reality that has sets of rules and cultural definitions with influence in multiple communities.


Thanks for indulging me for this very long three part post. For the full text as a paper see here. http://docs.google.com/Doc?id=dd4n2ddw_58xwgmxq8

Monday, March 23, 2009

How Do You Value an Online Friendship?

Part Two:

The advantage to having connections (friends) within online social networks includes getting to know some of their connections as well. In order to expand your circle of friends you often rely on introductions to others through those who are connected to you. In this way, you are able to not only meet new people who may have similar interests to your own, but also to connect to those with whom you have lost touch.

In a satirical article written in the February issue of Time titled “Why Facebook is for Fogeys”, Lev Grossman lists the number one reason as being “finding people you've lost track of”. His major point being that the schools, jobs and close relationships we’ve had all “came with a complete cast of characters, most of whom we have forgotten existed. But Facebook never forgets”. This suggests that friendship is something that can be collected over time like souvenirs, and now it can be easily mapped as well. We can visualize in the abstract how our locus of identity might look in two and three dimensions.

Because we have labeled a connection a “friend” and a connection to them a “friend of a friend”, we are now able to create models that can visualize those relationships. With names like Entourage (Facebook) and Friends at a Glance (MySpace) you can assemble thumbnail images of all of the people in your network and see them at once. Like a company picnic, a reunion or a family gathering, you can line up their faces (or icons) row after row, and do so at your command.

For more complex relationships, Friend Wheel (Facebook) will cross link and show the more complex embedded relationships. These are not representations of the traditional view of what friends, family and relationships mean, but rather an organization of data that representations other stored data associated with people that you know. And yet, we give this data importance as how we see ourselves in relation to those who define us and the variety of social structures, organizations and cultures to which we belong.

When it comes to ending the relationship, the technically driven management of your personal connection offers a simple solution. Instead of avoiding the person or not accepting or returning their phone calls, you can simply “de-friend” them. You delete their status as friend and no more status reports, photo posts or commentaries are allowed to be directed toward you by the former friend. They are treated in absolute terms; in ones and zeros, in x’s and o’s, (or “exes” and o’s if you prefer). They were your friend and now they are not, at least by the web sites definition of that term. There are no awkward phone calls or conversations. They simply stop hearing from you. Just like in the real world, this does not stop them from asking you to be their friend again, but once again you control the acceptance of the invitation.

These examples related to friendships come from web sites that encourage you to post videos, rate and rank music likes and dislikes and throw virtual sheep at each other through game applications. The prominent instrumental value is measured in fun and socializing, staying connected through trivial asides and posting photos.

Other network sites concentrate more on the idea of business connections and the as their basic instrumental value. These sites emphasize what these business acquaintances/relationships can do for us and what we can do for them. LinkedIn and Konnects are two examples of these business related SNA’s. Evolving more from the concept of a Rolodex than a yearbook, profiles contain job titles, skill sets, company affiliation and project needs as published definitions of who we are in relation to others.

Konnects is targeted at business professionals who are looking to be a part of a larger community of interconnected groups, launched as a means to mimic conventional business networking. Linked In expressly states that it helps you create a network of trusted contacts that will give you a business advantage and accelerate your business success. This aligns more closely with the often quoted clichĂ© that “it’s nothing personal, it’s just business.” Each network allows for you to list your accomplishments, resumes and professional portfolios.

These sites do not try to redefine friendship so much as treat our relationships as business opportunities. An instrumental value to belonging to this type is more easily measured by business success, but does not have the wide reach that complex human relationships provide.

One common function these differing types of SNA’s share is the ability to follow someone around through their accomplishments, comments, postings and portfolios. Though in a business network this may be keeping current for business opportunities, in the more socially informal networks this can be exaggerated to a form of stalking. Privacy controls are put into place to limit how much information can be attained without an invitation into your social structure.

Beyond business and friendship, and as eluded to earlier, many individuals leave the real world and turn to the online world in search of a partner. Online relationships have stepped beyond friendship into life partnership, sometimes as the result of chance and often through a deliberate pursuit of a match. We have given ourselves over to the idea that finding someone who you can love and who will love you back can be accomplished by collecting data and comparing it to other pieces of volunteered information. And in many ways it has worked successfully in allowing bodies with similarly organized data to find each other.

In sites like Match.com, potential mates are screened and profiled and then matched based on religious background, economic goals and personal likes and dislikes. Even sites like Classmates.com, which was ostensibly set up to keep in touch with old school friends found its success based on people whose curiosity in regards to old flames drove them to join. Dating sites such as Match.com and eHarmony.com present opportunities to meet and engage in conversation with others, usually resulting in more personal encounters that include face to face meetings and real world dating opportunities.

However, other online matches are not made through systematic selection arranged by a back end database, but rather by online communications through email, text, chat and SNA’s. These are all available to users who are members of virtual communities. These complex social systems not only have relationship building features but come complete with manufactured environments with which to roam around, engage in business and create partnerships of various sizes.

Some are game like and are constructed with a set of conforming rules and regulations that must be followed in order to achieve a goal are atomistic in nature and do not allow for much agreed upon socially driven creations. Others are free-form worlds that provide a platform on which societies can build themselves, including structures, legislative bodies and overlapping organizations. These tend to be more communitarian and allow for deeper relationships to grow....

Friday, March 20, 2009

How Do You Value an Online Friendship?

Part One:

In the mid nineteen nineties my wife and I were surprised by some neighborhood news. A couple who lived just down the street from us were divorcing. Not uncommon, but what made it surprising to my wife and I was that it was the second marriage in one year where an online affair led to a divorce. We could not understand the idea that someone would find, meet, date and then leave their marriage for someone who they knew through a network of computers and keystrokes.

Today, online relationships, including friendships, dating and even marriages exist online in large numbers. Have we come as a society or as individuals to value them the same as traditional relationships or do they have their own unique qualities? The idea of friendship is one that we have often measured the value of, frequently on a relational scale. “Close friend”,” best friend”, “circle of friends” and “a valued friendship” are all designations and phrases which have peppered conversation when discussing our relationships. Romantically we move from “just friends” to “casually dating” to girlfriend/boyfriend to fiancĂ©e in a socially agreed upon relationship intensity scale. Marriage is considered the pinnacle of a relationship between two people. Has the concept been devalued by allowing for allowing relationships such as online marriages to exist beyond the boundaries of the “real world”?

Having friends and relationships can be argued as a universal concept, but it is a thin one. As described by Kwame Appiah, “Thin concepts are something like placeholders” (Cosmopolitinism, p46), when at work in relationships they are thickly enmeshed in societal complexity. Once we dig down into what constitutes friendship and what escalates to a life mate, the concept thickens and is dependent on the context of the society within which those individuals live. With the advent of online social networks and virtual worlds, we are looking at a literal condition of a socially constructed reality. Given those worlds are constructed from defined rules and computational laws at their launch, this can allow for more visibly how friendship is defined and measured.

It dulls the value aspect of those relationships and reduces them to numbers and connections in a positivist fashion, separating data and value statements.

Technologies have sold us the concept of quantifying a relationship. In cell phone services from ATT Wireless, Altel and Verizon, you are given the choice of a “Circle of Friends” rate plan. In a humorous look at relationship ranking written into the 1997 episode of Seinfeld, “Millennium”, Jerry gets involved in a war over speed dial rankings between his girlfriend, Valerie and her stepmother, with each viewing the higher ranking a measure of their place in Valerie’s life.

MySpace, a social networking website launched in August of 2003 has a similar quantifying feature in its top eight friends page. It is considered a sign of how close you are to an individual if you make it on to their top eight page. Facebook, another social network website, was founded in February of 2004 and organized itself through city, workplace, school, and regional designations in order to connect and interact with other people. To add someone to your network In the Facebook world, you are prompted by question and function button on a web page, which asks if you would like to add the individual as a friend.

Therefore in Facebook’s world view, friendship is defined as someone who you allow into your network of relationships. You might choose to do this whether you like them or now. This simplistic idea of friendship is an absolutist’s view, with no regard for subtleties and distinctions. However it is also a very young socially constructed reality which will develop complexities over time.

When we allow technology to define the idea of friendship, interesting consequences can occur. Popularity take on a quantifiable meaning to the literally minded as the number of “friends” you have is a number listed on your profile page. Andrew has 109 friends and Steven has 354 friends. Does that mean that Stephen is more popular? Interestingly, it has been argued that the more friends you have the more you have devalued your individual friendships as if it were a thing to be parsed up and divided equally.

Social Network Architectures (SNA’s) reify (make ideas into things) the concept of friendship, changing a value statement into a thing that can be measured. It can now also be collected, rank ordered, contrasted and discarded. The first order of complexity beyond the single designation of friend being the only descriptor of a relationship is evolving through new labels and classifications. In order for these networks to combat the negatively skewed concept of a dilution of friendship through increased number, additional features have been added in order to rank categorize those relationships.

Certainly you can remain a friend on Facebook, and maybe make it into the top eight page on MySpace, but now you can assign someone to the ranks of Top Friend as well. This designation is visible to your whole network, so they now can measure where they stand....

Tuesday, March 17, 2009

eCrime Researchers Coming to Tacoma

I had lunch with Chris Richardson, Director of External Affairs for Internet Identity, and Foy Shiver, Deputy Secretary-General of the Anti Phishing Working Group, on Thursday to talk about an upcoming conference in Tacoma.

The Anti-Phishing Working Group (APWG) is a well connected, industry sponsored association which focuses on eliminating identity theft and fraud which results from phishing and email spoofing. Their full charter expands to combating other forms of eCrime.

In conjunction with this effort and the 2009 General Meeting, they have plans to hold the third APWG eCrime Researchers Summit here in October of this year. It looks to be sometime in later October, around the third week, with dates to be confirmed soon. They had originally hoped to hold it earlier in October but there were not enough hotel rooms available to accommodate the conference. With tourism in Tacoma picking up and the growing success of the convention center, that will not be the last time we hear of that problem.

The conference itself is described by the organization as such:

eCrime '09 will bring together academic researchers, security practitioners, and law enforcement to discuss all aspects of electronic crime and ways to combat it, including:

* Phishing, pharming, click-fraud, crimeware, extortion and emerging attacks.

* Technical, legal, political, social and psychological aspects of fraud and fraud prevention.

* Techniques to assess the risks and yields of attacks and the success rates of countermeasures.

* Best practices related to digital forensics tools and techniques, investigative procedures, and evidence acquisition, handling and preservation.

... and more.

They will be issuing a call for papers soon, and hope to get folks like the "grey hat" student organization and faculty involved as well.

Events like this happen here because of efforts and encouragement from folks like Chris at Internet Identity. Given that Internet Identity, is a growing company with roots in Tacoma, it is more evidence of the strength we have in an information assurance and data integrity cluster here. "Internet Identity is focused on helping financial services, e-commerce and internet services companies protect their users against phishing and other forms of online fraud."

It was great meeting Foy and am looking forward to an international conference being held here later in the year.


PS: Here is scholarship information in regards to the conference.

APWG eCrime-Fighter Scholarship Program

The APWG eCrime-Fighter Scholarship program will promote counter-ecrime research by encouraging participation in the APWG eCrime Researcher Summit. Participants submitting papers and posters to the 2009 Summit are automatically entered into the program. This program will consist of both cash and travel awards based on the results of the blind paper and poster review process.

* One cash award of $1000 for the overall best paper
* A limited number of cash travel awards for student authors of papers and posters

Cash Awards will be announced during the October 2009 Event. Travel Awards will be announced at the end of the submission review process.

Wednesday, March 4, 2009

Emerging Terms in the Web World?

Mark Briggs of Journalism 2.0 twittered yesterday about a new term he had read.

Ok, I haven't heard this term before: "composting" to mean community posting (UGC). It's fertile, but may be crap to you.

On the other hand you might suggest that a bunch of garbage is being thrown in together, but when combined and tilled is valuable. Or maybe it just stinks.

I love new terms and thought of some other terms that may be on the forefront.

If you have ever visited TwitterFall, you see what happens when a great number of microblog posts are aggregated and fed near real time. Outside of the Twitter brand you might consider a flow of microblog posts or in active periods a flood of blogs.

This should be known as "Flogging". If it is part of an open community site it should be known as a Public Flogging. If you would like to flog yourself then you would submit to a site that encourages public flogging.

We already have Podcasting which has been around for a while. If you write something that is then sent out to many people at once, that could be called "Type Casting". If you have ever done live chatting, you probably have experienced the anticipation of information to come when the "typing" symbol lets you know that the other person is writing something out to submit to the chat. For those who wish to chat to many people at once, perhaps in a written open mic poetry slam of sorts, then they are participating in Type Casting.

Using bookmarks has enabled me to keep track of a number of sites that hold my interest. It would be nice if I could find a bot of sorts that could analyze my entire collection of bookmarks and suggest other sites based on what is currently in my collection. This would be my Booking Agent.

On a good day, my booking agent might find me a type casting site that could set me up for a public flogging. The results might be worth some composting.

Up next.. "the Pedantic Web"

Hopefully you have seen the press release from the EDB about Infoblox renewing its lease in Tacoma for another six years. Growing from sixty...