Huffington Post

 I regularly contribute to The Huffington Post. Below you’ll find my most recent articles.

Bookmark and Share

China's Military: Here We Are!

10 May 2013, 4:12 pm
The U.S. Department of Defense (DoD/Pentagon) released their Annual Report to Congress titled "Military and Security Developments Involving the People's Republic of China 2013" recently and it should surprise no one as to how the PRC is effectively taking the technology of the U.S. and others, like the tough kid takes the meeker child's lunch. The PRC is chowing down on U.S. technology and advancing their own global agenda at the same time. They are utilizing all of their national intelligence resources to rapidly close the gap between western military capabilities and Chinese-desired capabilities. That whoosh sound we hear, every so often, is U.S. technology exiting the country.

The DoD report says, the PRC-sanctioned intrusions are focused on exfiltrating information. Specifically, "China is using its computer network exploitation (CNE) capability to support intelligence collection against the U.S. diplomatic, economic, and defense industrial base sectors that support US national defense programs." What I find somewhat strange is the apparent event amnesia which is taking place within the U.S. and specifically the Pentagon. This report concerning Chinese efforts which occurred in 2012, rings surprisingly similar to that which occurred in March 1986, the PRC embarked on their infamous 863 Program.

The purpose of this program? To acquire foreign technologies by any means so as to augment and advance Chinese technological acumen. At that time and through 2008, the seven most desired technologies were -- Information technology; Military technology; clean technologies, advanced materials, health care and pharmaceuticals; agricultural technology; and energy. Thus, the Chinese have been stealing our lunch for more than 25 years.

We now see the US F-35 fighter has a Chinese twin, the J-20 which conducted its first flight on Oct. 31, 2012. The DoD report continues to explain how the Chinese network of "government affiliated entities enables the PLA to access sensitive and dual-use technologies or knowledgeable experts under the guise of civilian research and development. The enterprises and institutes accomplish this through technology conferences and symposia,legitimate contracts and joint commercial ventures, partnerships with foreign firms, and joint development of specific technologies. In the case of key national security technologies, Controlled equipment, and other materials not readily obtainable through commercial means or academia, China has utilized its intelligence services and employed other illicit approaches that involve violations of U.S. laws and export controls."

One of the keys to putting a dent in this situation is to ensure that your personnel are up to speed on ITAR and EARS. Those who weren't, paid a pretty penny in fines. The report identifies United Technologies and two subsidiaries for transferring, illegally, technology to China which advanced Chinese capabilities in the helicopters; a Steve Liu (aka Sixing Liu) was convicted of stealing performance and design of guidance systems for missiles. Add to this noise, the recent Mandiant report attributing advanced persistent threat to one country, the PRC (though we collectively know there are other countries which have advanced cyber capabilities) the 800-pound gorilla has never been more evident -- it is standing in front of us.

So perhaps we pay attention to what the PRC is telling us by their actions. According to the DoD report, the PRC's military information operations (IO), cyber conflict, have five key features.

  1. IO Defense: the Computer Network Defense (CND) is the highest priority. The report goes on to say that the Chinese doctrine calls for "tactical counteroffensives," when the adversary's operations could not be countered.

  2. IO unconventional warfare: IO is an unconventional warfare weapon, to be used at the opening phase of conflict and continue throughout all phases of any war.

  3. IO: preemptive weapon to be used to achieve information dominance and controlling the electromagnetic spectrum

  4. IO information campaign: designed to fight and win information campaign, precluding need for conventional military action

  5. U.S. is information dependent: a strength and a vulnerability.


These five features are important to note. Why? Because the PLA is exercising! They have been conducting exercises demonstrative of their ability to integrate information technologies with information integration of its military. The PLA, during a conflict, according to the DoD report, will have its IO entities execute "[t]heir primary tasks... to protect the PLA's campaign information systems, collect intelligence from enemy information systems, destroy enemy information systems, and weaken the enemy's ability to acquire, transmit, process, and use information during war."

The above analysis by the DOD on the PLA's IO role during conflict is not at all new. In fact, two senior PLA Air Force colonels Qiao Liang [STC: 0829 5328] of the PLA Air Force Political Department and Wang Xiangsui [STC: 3769 3276 4482] wrote Unrestricted Warfare in February 1999 -- which did not capture U.S. attention until the November 1999 U.S. Embassy Beijing telegram arrived in Washington, and presented the new PRC information warfare doctrine:

"Summary: Two senior PLA Air Force colonels wrote 'Unrestricted Warfare', presented here in summary translation, to explore how technology innovation is setting off a revolution in military tactics, strategy and organization. 'Unrestricted Warfare' discusses new types of warfare which may be conducted by civilians as well as by soldiers including computer hacker attacks, trade wars and finance wars. 'Unrestricted Warfare' provides insight into the thinking of some Chinese military theorists about the impact of science and technological change on China and other countries. Many Chinese books and magazines on military subjects have appeared this year. Overviews of three other recent books by a National Defense University Professor on innovations on the lessons of the Gulf and Kosovo wars along with his reflections on post-Kosovo U.S.-China relations are provided in the appendix to this first of four summaries of "Unrestricted Warfare". End summary."


Unrestricted Warfare makes clear the doctrine which the Pentagon presented in this week's report.

Do we listen to the DoD or to the PRC government and Senior Colonel Wang XinJun, a researcher at the Academy of Military Sciences in Beijing, who recently stated, "The Chinese government and armed forces have never sanctioned hacking activities"?

In sum, I think it prudent to allow the PRC's actions and stated doctrine which places the U.S. as the number one adversary as gospel. The PRC has and will continue to try and absorb the technological advances of the United States and other western nations in preparation for a seemingly inevitable conflict (as noted in the Pentagon's report). We really should listen as, tantum iterum vivere.

Additional reading:


What's a Data Breach?

22 April 2013, 7:52 pm
We read about it regularly, a company has a data breach and loses millions of client or patient records, because their server is hacked, a laptop lost, or a usb stick stolen. The list goes on and on. There are so many ways data goes missing which may constitute a breach. And that's the purpose of this piece - to provide food for thought on the different ways which your data can "go missing."

Lost Items: What do people lose? CD, DVD, USB, MemoryCard, Computer, Smartphone, Tape backup, Disk drives, Laptop, paper files are all items which contain data which can and do go missing. It has been reported that the Transportation Safety Administration (TSA) recovers between 900-1200 laptops left at checkpoints monthly. Add to that the ease at which a USB stick, MemoryCard or smartphone is misplaced and you can see how the number of items lost grows. It happens every day, as evidenced by the five memory sticks which are currently residing in San Diego's International Airport (SAN) lost and found - these five items were lost between Feb 10 and April 21, 2013 (SAN has a searchable database of lost items, in addition to the memory sticks, approximately 50 phones, 20 laptops, and even an individual's medical records were left behind a SAN.)

Stolen Items: If it has value, it may be a target for theft. Items such as, Computer, Laptop, Smartphone, Backup Tapes, Disk Drives, Documents, etc. We've all read of the individual who walks into a coffee house, puts their laptop on the table to go order a cup of coffee and when they return its gone. Or the individual who leaves a briefcase of documents and memory cards in their vehicle and the vehicle is stolen or the items are taken. Whether stolen for the data or the device value, both can constitute a breach if the data within is unprotected. Take the December 2012 instance when Crescent Healthcare (a Walgreen's company) had their billing office broken into and computer hardware and papers were stolen, all of which contained Patient Health Information (PHI) and Personal Identifying Information (PII) the loss of which necessitated a HIPAA Violation notification. (See: Crescent Healthcare Notifies Individuals of 2012 Data Breach)

Malware/Crimeware: The computer, smartphone, tablet or drive you are using becomes infected with malware or crimeware and your sensitive data is harvested. Happens with regularity. These malicious programs copy and transmit data found to the malevolent individuals. One of the most egregious such events happened to Global Payments when they lost more than 1.5 million account records to online criminals (See: Global Payments Data Breach). Another is the case of South Carolina's Department of Revenue and how their database of 3.8 million tax returns were compromised when an employee opened a malicious email containing malware. (See: NBC's report "One email exposes millions of people to data theft in South Carolina cyberattack" )

Disposal: Every year we read about information being found along the street, thrown into dumpsters, or data recovered from a device's memory after being bought off e-Bay, Craig's List or the like. All avoidable, with a bit of forethought. The USA Today did a piece on sensitive data found on devices in 2012, their researcher "randomly purchased 30 used devices off Craigslist, and had them examined with simple forensics tools. Half the devices were thoroughly wiped clean, but 15 disgorged plenty of sensitive data, ranging from bank account and Social Security numbers to work documents and court records." (See: USA Today - Discarded digital devices can contain sensitive data)

Mail/Fax/Email: We've all done it. Sent an email to an individual and realized that isn't the intended party. When dealing with sensitive data, this may constitute a breach. Same when faxing information to the wrong party. A recent case involving retired North Carolina government employees, had 26,000 individual's Social Security numbers revealed through the envelope window due to a misalignment of the printed document (See: NC exposes SSN's )

Insider: The inadvertent (human error) and the malicious (criminal) exposure of data both involve the insider. And yes from time to time, individuals have been known to break trust with their employer or the clients and engage in malicious or illegal behavior. The insider has privileged access to the sensitive data, in other instances, they may go mining for the data, far exceeding their authorized remit. In either case, lack of checks and balances will make the loss easier to occur and harder to detect. Take the example of Florida Hospital who discovered in 2011 that they had an employee who had been accessing the records of 763,000 patients (from 2009-2011) and had sold the data on 12,000 car accident victims for attorney and chiropractor referral services. A HIPAA violation if there ever was one. See: (Former Florida Hospital Employee Pleads Guilty to Data Theft) or the instance when human error causes a potentially horrible disclosure which occurred with the Pembrokeshire County Council in Wales, when they apparently mailed 400 pages of psych records on 10 abused children to an individual who had requested their own file. See: (Hundreds of pages of confidential reports released after council blunder.)

Websites: Example - You provide data to a company or organization via their web registration site and they put it into a database which you can access to keep your data up-to-date, but they don't secure the website. Depending upon what data is provided, the breach can be minimal or very invasive. The Privacy Commissioner of Canada commissioned a study to look at website for data leakage. The commissioner went on to say, "the email, username and location were shared with marketing firms and analytics providers. Another example involved a well-known Canadian media site" that gave user data like usernames, emails, and postal codes to a "content delivery, marketing company, an advertising network, and a news content provider." All of which potentially violated Canada's data privacy laws. (See: Canadian Privacy Commissioner Reveals Websites Sharing User Data Inappropriately)

Now you have an idea of what may constitute a data breach. If you are entrusted with data, do take the time to understand the processes and procedures which are in place to protect the data. An easy rule of thumb, treat data as you would cash, you don't leave it laying about, and you don't give it to someone without knowing why, you keep it in a safe and protected locale.

Do What I Say, Not What I Do -- Children and Mobile Devices

1 March 2013, 10:00 pm
Rare is the teen that doesn't have access to a mobile device, be it a smartphone or tablet. Even more rare is the teen that has had a "training" session on how they will use such a device provided by their parent or guardian. If they did, then perhaps it is truly a case of "do what I say, and not what I do."

According to the folks over at McAfee, who with One Poll released the results of a mobile security study found that in the United States, the majority of users do not secure their devices properly.

We all know that we should secure our device with a pin number, right? If you are one of the 36% who don't have a pin, please fix that right now, but don't use your lucky number or birthday as your code and remember to use a different pin for each device. According to the study, 60% of those polled claim no one knows their mobile pin (You should always know your child's mobile device pin); and sadly, 16% use the same PIN code across all their mobile devices.

Do you share your device with your child or do they have their own? When we hand the mobile device to our youth, are we also giving them unencumbered access to iTunes or other application purchasing sites? If so, are you aware of the apps which are being purchased and how the app may expose the information on the device (your device)? According to the study, 50% of parents allow their child to access their mobile devices; with 18% of parents sharing their credit card info with their children to facilitate purchase of applications; and 15% giving their children the parent's passwords to iTunes or other app purchasing site. If you are this parent, please monitor your children.

Do remember the all-important password. Set those passwords and use different passwords for different applications or accounts. In this manner, if there is a glitch in one, all the others aren't put at risk. While you're at it, take some tips from the study. Don't be a part of the 30% who hide their passwords in their "notes" application, or the 21% who use your mother's maiden name as the password reset.

We need to teach our youth the appropriate way to lock down their devices, but we also need to do so ourselves. This McAfee study shows us our children may need to do as we say, not what we do.

An interesting infographic from McAfee's study is available here: McAfee's All your Sensitive Data: Unlocked and Unprotected

Double-Dog Dares and Sexting: Kids Do It, Do yours?

26 February 2013, 3:29 pm
Reflecting on the evolution of youthful mischief and behavior over the last 60 years, one item which has seems to have survived the test of time has been the double-dog dare.

We've all read of the teens who have sent their "special someone" a picture of themselves, oftentimes sans clothing. To some, this is nothing more than the youthful exploration in the difference in anatomy between the male and female body via technology. The same type of activity may have taken place face-to-face in the past, but in the past, the consequences only occurred if your parents found out and didn't (normally) involve a camera. Today, in the age where we are totally connected 24/7, a camera is omnipresent, and not only may your parents find out, but there exists a tremendous probability that others who had no part in the initial share will be recipients of the results of the share in a time and place without context.

Have you taken a moment and asked your technology-enabled child if they are sharing photos of themselves with others via email, video chats, text messages or the like? -- No?
Is having this conversation an invasion into your child's privacy? -- Could it be construed as such?
Have you armed your child with age-appropriate guidance? -- Yes, of course.
Are they able to make decisions which utilize your wisdom acquired over a lifetime of experience? - Umm, No.

If your answers fall into the realm of the above, you still need to get engaged. In the United States, when a nude picture of a child under the age of 18 is shared from one person to another, it is construed as sharing an "illegal image" and in many states, like my own Washington State, it is a crime.

According to an MTV/AP study on "digital abuse," three in ten youths have been involved in some form of nude sexting. MTV went on to create "A Thin Line," which provides excellent advice and content for both parents and youth to engage in discussions surrounding sexting.

It's important that we educate our youth, as underage sexting is a crime. In Washington State, for example, the law designed to protect our youth can actually be applied to the very same child when they are involved in sexting. The law further states a minor involved in consensual sexting with a person his or her age faces felony charges, up to five years in prison and mandatory sex offender registration.

So do take a moment and watch this film, Exposed, produced by the UK's Child Exploitation and Online Protection Centre and targets children age 14-18. And though prepared for a UK audience, it is absolutely suitable for use by parents to share with their teens, high schools with their students and churches with their youth.

The film hits on the following educational points:
  • the reasons why young people are taking and forwarding these images

  • the issue of trust in relationships

  • how photos can end up out of the hands of the intended recipient and be circulated much more widely

  • the speed at which images can be spread on the Internet

  • the online and offline bullying which may occur as a result

  • the idea of digital footprint and online reputation

  • the legal implications of self-generated indent images

  • the process of removing content online, and where to seek further help and advice

  • Why they should not take and send these images.


So parents, don't let a double-dog-dare evolve into a life time of issues.

Safer Internet Day 2013 -- It's Not Espionage to Know How Your Children Are Accessing the Internet

6 February 2013, 9:52 pm
Yesterday was Safer Internet Day 2013, and I find myself asking folks again and again, "Do you know how your children are accessing the Internet?" It matters not if they are under or over 13; don't you think it would behoove you to know where and how they are accessing the Internet? It's not like we have an option as to whether or not your child will be online; more and more, we are becoming reliant on the Internet for goods and services related to all age groups.
2013-02-06-SID2013logoannived.jpg
The U.S. government continues to evolve the Children's Online Privacy Protection Act (COPPA), and I admit it has some rough spots in it which are the subject of much discussion. COPPA is designed to put forward a standard level of disclosure and data protection. If the child is under 13 years of age and visiting sites designed for their participation, then the COPPA is germane. If they are visiting sites which have a reasonable expectation of a child under 13 visiting, COPPA still applies. What if they are visiting sites which explicitly state in their terms of service that visitors must be over 13 to participate (Facebook andTwitter come to mind)? They are exempt from the COPPA rules. Let's be realistic, how many among have encountered a "tween" who has found their way onto either social network? And that is where the chaffing of my seat occurs.

Would you know? According to the Family Online Safety Institute (FOSI) only one in four parents utilize a technological means to monitor their children's online activity. Well folks, that is well and good, but if you aren't talking to your child, the odds are they are making adult online decisions without the benefit of your experience. So for the 75% who aren't watching what your children are doing, please ensure you are having the internet safety discussion.

Over at FOSI there is a video on the Facts & Figures of Online Safety that is absolutely worthy of viewing.

And here is a nice infographic from the good folks over at Common Sense Media to help you understand COPPA Rule a bit more comprehensively. Doing so will remove the misconception that Twitter, Pintrest, Facebook, Google+ or any other social network site that is not specifically designated for children (unlike the child-specific Yoursphere, Disney and Sesame Street), then the odds are the child doesn't belong in the environment.

In sum, it isn't espionage to know how your children are accessing the Internet.

Data Privacy Day - Version 2013

28 January 2013, 8:53 pm
As we arrive at the conclusion of another Data Privacy Month, and turn to celebrate Data Privacy Day, Jan. 28, I can say with a great deal of certainty, we should not be celebrating. Our privacy was collectively hosed in 2012.

The past year has seen medical establishments one after the other compromise their patient's personal health information (PHI); we witnessed our states losing their constituent's data right and left; and lastly we just give our information away to the plethora of social network sites and online retailers. Does the phrase, "need to know" or "do not track" resonate with you?

And while our fire hose of data is our life's blood connection to the internet, we seem to forget that sharing that vast body of information is an all-in and no-return proposition. We now have advanced such that the internet is no longer a luxury, it is and will be the avenue of connectivity which we have come to rely upon. Is there one amongst us who hasn't been compelled by a vendor, governmental entity or friend/family to get online. Make no mistake in order to make purchases, extract benefits and to remain competitive -- and do we have a clue on how to protect our personal data.

Then, as we learned via recent testimony before Congress from Google, the U.S. government entities are regularly requesting access to individual subscriber's Google accounts. Google's Director of Law Enforcement and Information Security Richard Salgado said that "our view is that the statute [the Electronic Communications Privacy Actor ECPA] is out of compliance with the Fourth Amendment because the government can call for the production of your data without a search warrant."

Google released their Transparency Report for the period from July through December 2012 and it says,
• 68 percent of the requests Google received from government entities in the U.S. were through subpoenas. These are requests for user-identifying information, issued under the Electronic Communications Privacy Act ("ECPA"), and are the easiest to get because they typically don't involve judges.
• 22 percent were through ECPA search warrants. These are, generally speaking, orders issued by judges under ECPA, based on a demonstration of "probable cause" to believe that certain information related to a crime is presently in the place to be searched.
• The remaining 10 percent were mostly court orders issued under ECPA by judges or other processes that are difficult to categorize.


This is important as Google-plus (G+) is now the second most popular social network in the world with 343 million active users. Facebook retains its preeminent position that of the most populated social network, with ~902 million active users.

And Facebook, the most popular social network, is about to open up Facebook Graph Search, which has the potential to be one of the most invasive tools to their subscribers' privacy. Facebook creates the ability to set your privacy settings (seemingly an ever present moving target) and the user (that would be you and I) are responsible for adjusting them appropriately. So don't delay, do it.

In sum, 2012 was abysmal from a privacy perspective, and 2013 is off to a raucous start. At no time has it been clearer, you the user need to study the privacy settings on every online environment you are active and adjust them to your personal threshold for sharing. Pay attention to the minutia and details. Good luck at keeping what you wish private, private in 2013

Sensitive Data on Parade: A Look at the Macy's Thanksgiving Parade

3 December 2012, 6:29 pm
We've all read about the presence of sensitive data which originated from within the Nassau County Police Department and found its way into the confetti at the Macy's Thanksgiving Day parade. We have subsequently learned it was not the parade organizer, Macy's, who included the Nassau County PD's confetti of sensitive documents in the parade confetti, but an employee of the PD. Why? The Nassau County PD employee took the confetti shred from the police department to have their own confetti so as to join in the parade's festivities -- why not, it's a party!

While the policies of the Nassau County PD's data destruction and disposal methodologies are undergoing review at this time, and there will no doubt be an admonishment not to share police department shred. One must ask, if this is the type of shred created by the current shredders being used in Nassau County PD, then they need to go back to the day the shredder was purchased and review their entire pipeline from shredder to disposal, as this type of "exposure" of data occurred in ever shred batch using this low-security "confetti" shredder.

Many may not be aware that shredders have various security levels with the lowest level shredders rated as providing a high probability of ability of reconstructing data with the higher levels (Level 5 and Level 6) creating minute bits of paper shred, that would be appropriate for handling the most sensitive personal or business documents. Keep in mind reconstruction isn't a matter of snapping one's fingers.

2012-12-02-Shred.jpg


The most famous case of document reconstruction occurred during the 1979 Iran Hostage Crisis -- the U.S. Embassy Tehran used strip shredders -- the Iranians were able to bring literally an army of students to bear on the task and successfully reconstructed and published as "Documents from the U.S. Espionage Den."

So what to do?

The shred which appears in the photos on the news, are very similar to the shred I took a picture of and shared above. This shred was taken following opening a "shred bin" that I had arranged access. As you can see the document has readable content. In my opinion, this type of shredder is fine for home and small/medium office use, providing that shred is appropriately discarded; in my house, we use a shredder which produces slightly smaller shred (Level 4) and I use the shred as "fire starter" for the fireplace or include it in the compost from the horse's manure -- in the former the shred is gone in seconds, in the latter, in a few days (horse manure composts hot). This level of shredder will run you from $150-500, depending on capacity and manufacturer. The level shredder you wish to obtain for truly sensitive data, such as those maintained by law enforcement or governmental entities is a Level-6 shredder, which run approximately $4,000-5,000. You may also wish to consider a disintegrator, which are very pricey, but turn paper into dust and does not allow for reconstruction.

The important take-away -- use the shredder that is most appropriate for your needs, understanding that reconstruction is possible (you work out the probability) for the low end.


Here is the WPIX exclusive coverage on the incident:


For additional reading:

BBC: "Who, What, Why: How do you reassemble shredded documents?"
WPIX: "PIX11 EXCLUSIVE: Nassau County POLICE EMPLOYEE Brought Classified Confetti to Thanksgiving Parade"
WPIX: "PIX EXCLUSIVE: Confidential Police Docs Found in Macy's Parade Confetti Spark Investigation"

*Image is author's own.

120 World War II Characters Forever Encrypted

27 November 2012, 5:53 pm
The mystery of the encrypted message found in the chimney some 70 years after it had been dispatched is intriguing many, including this writer. The 27 five-letter group message comprises a message less than the size of one Twitter tweet (see below for content sizing). And as we are all becoming educated, One-Time-Pad (OTP) encrypted messages are designed, by their very nature, to be unbreakable. The security of the encryption lays with there being only two sets of OTP keypads, one for the originator (a transmit pad) and one for the recipient (an identical pad identified as the corresponding receive pad), separate OTP keypads would have been used for return send/receive transmissions so as to avoid the fatal reuse of key text.

According to an article in The Telegraph by Hannah Furness, "Wanted for one last mission: Bletchley Park codebreakers to crack the D-Day pigeon cipher"

"...it is believed to have been dispatched by British forces during the D-Day invasion to relay secret messages back across the Channel, after a radio blackout left them reliant on homing pigeons.
The Royal Pigeon Racing Association believe the bird probably either got lost, disorientated in bad weather, or was simply exhausted after its trip across the Channel.
Due to Winston Churchill's radio blackout, homing pigeons were taken on the D-Day invasion and released by Allied Forces to inform military Generals back on English soil how the operation was going.
Speaking earlier this month, Mr Martin said: "It's a real mystery and I cannot wait for the secret message to be decoded. It really is unbelieveable."
It is thought that the bird was destined for the top secret Bletchley Park, which was just 80 miles from Mr Martin's home.
The message was sent to XO2 at 16:45. The destination X02 was believed to be Bomber Command, while the sender's signature at the bottom of the message read Serjeant W Stot."


2012-11-26-PigeonCipher.jpg

I did a little research on the timeline of D-Day. It stands to reason the good Serjeant W Stot was using GMT as the time of record, as was protocol then and now for government transmissions. The date is believed to be June 6, 1944. The message was created at 1522 GMT and transmitted via pigeon at 1525 GMT. Locale time would have been one hour later.

This time and date correspond very closely to the time of the German army's counterattack which occurred at 1620 (4:20PM CET). Three German Panzer groups engaged the allies just north of the city of Caen, coming up against the forces of the British Shropshire Light Infantry. The British and Canadian forces had not been able to link up between landing beaches Sword and Juno beaches; in fact, one Panzer group exploited this gap and drove right down to the coast. Perhaps this brief 27 five-letter group message pertained to this German counterattack.

But what if...

But what if this message holds a more cryptic and exotic message? Perhaps this Serjeant W. Stot was assigned to a one of the many Jedburgh teams which had parachuted in behind enemy lines on the eve of D-Day in support of Operation Overload? These teams were supported by another group carrying the identification of X2 -- that which supported the Office of Strategic Service's counterintelligence efforts. During World War II the headquarters of the OSS X2 was located in the Grosvenor Square area of London. If so, perhaps it was confirmation of a "certain item" having been captured, perhaps the Enigma encryption machine being used by the German Army? We'll probably never know for sure, as OTP by its very nature is unbreakable. But who knows? So let's take a look at the message itself:

AOAKN HVPKD FNFJW YIDDC
RQXSR DJHFP GOVFN MIAPX
PABUZ WYYNP CMPNW HJRZH
NLXKG MEMKK ONOIB AKEEQ
WAOTA RBQRH DJOFM TPZEH
LKXGH RGGHT JRZCQ FNKTQ
KLDTS FQIRW AOAKN 27 1525/6

The first and last groups are the pad control group -- AOAKN designates which OTP is being used for encoding the message, while the second group of the message HVPKD is the key control group, i.e. where the recipient should begin to decrypt the message (just in case the message arrives out of sequence -- doubt they expected a 70-year delay). The message itself begins with the third group and ends with the 26th group, 24 groups in all comprise the text. All in all, the message content is 120 characters in length, less than a modern day Tweet.

2012-11-26-VignereTable.jpg


The five-letter groups were encrypted using the Vignere Table or chart, which shows how any combination of two letters results in a third, encrypted letter. Without the all important key pad, the message held in these 120 characters will be kept a secret. Which is precisely why, a well executed key distribution and management system ensures the One-Time-Pad is the most secure of all encryption systems.

Enjoy this piece of historical mission. If they find the keypad AOAKN in the historic archives or locate the good Serjeant W Stot, then the odds are increased considerably, absent such, this message will forever be kept, as it was designed -- SECRET.

Election 2012: Obama Smoked Romney in Social Networks

8 November 2012, 6:26 pm
I've written previously on the tracking of the various social network feeds of the two presidential candidates (See: "Less than 30 days to Election 2012" -- as they related to utilizing the xPatterns big data analytic platform to reveal the appropriate social media items from the candidate's or their party's social network feeds. What I did not reveal was the velocity, variety and volume of information being generated by each camp.

The breakdown -

Twitter: President Barack Obama and his Democratic Party social media machine smoked the Republican Party and Mitt Romney's efforts on Twitter. The raw numbers showed the three accounts used by the Obama campaign to have accounted for ~66% of the tweets, while the Romney campaign generated ~34% of the tweets.

Slide 1: Twitter:
 Obama 2012 - 3704 tweets (18% of the corpus)
 Barack Obama - 5078 tweets (25% of the corpus)
 The Democrats - 4788 tweets (23% of the corpus)
 Mitt Romney - 1342 tweets (7% of the corpus)
 GOP - 5483 tweets (27% of the corpus)

Facebook: The numbers within Facebook fell differently, with little variance between the two camps, with the GOP squeaking out a ~51% to The Democrats ~49%.

Slide 2: Facebook:
 GOP - 486 postings (23% of the corpus)
 Mitt Romney - 614 (28% of the corpus)
 The Democrats - 500 (23% of the corpus)
 Barack Obama - 551 (26% of the corpus)

RSS feeds:
RSS feeds drawn from the candidate and the party's websites, showed a marked difference with The Democrats again evolving more content at greater velocity than the GOP. The Democrats produced almost twice the content, ~66%, as compared to the GOP, ~34%.

Slide 3: RSS Feeds:
 The Democrats and Barack Obama - 1382 (66% of the corpus)
 The GOP and Mitt Romney - 651 (34% of the corpus)
The demographics showed that Barack Obama carried the voters in the 18-34 age range, the reason may lay within the strategy employed utilizing social networks. President Obama, as he did in 2008, brought the message to where the electorate was having the conversations -- Twitter and RSS feeds. The GOP was plagued with RSS feed problems in July, with days passing and no content being generated; their volume being dwarfed in both the RSS and Twitter categories.

In sum, the Democratic Party machine showed their adroitness and leveraged social networks in 2012 as they did in 2008. In my opinion, both candidates and parties mirrored one and other within the Facebook terrain. They had many tools available to them within Facebook which they chose not to use, such as personal messaging those who had "liked" their pages; enlisting their legions to do the same. That is not to say that there wasn't an over-abundance of original campaign pictures, diagrams, and infographics being created and disseminated. If your stream was anything like mine on Facebook, it was a battle-royal, worthy of 500 BC when opposing parties used surrogates to evolve their messages in no-holds-barred mayhem. While over on Twitter, the Obama camp fired up their machine the last week of the campaign, when they began generating DM's (Direct Messages) to Twitter followers imploring the follower to get the vote out, don't forget to vote and sharing 'celebrity' commentaries. Both sides use the broadcast tweet with hopes that their legions would RT (Re-Tweet) the messages; the GOP didn't seem to know about the more surgical DM. And finally, content generation -- the DNC showed their ability to generate content and ensure it was enabled for the RSS syndication capability; the RNC lagged and as previously mentioned had a blackout period. While both entities generated topical content, the DNC outpaced the RNC by a significant margin.

Slideshow showing the differentiation:

Less Than 30 Days to Election 2012

8 October 2012, 5:05 pm
"If you can't vote my way, vote anyway, but VOTE!", these are the famous words heard from Okefenokee Swamp resident and three-time presidential candidate, Pogo.

Do you plan to vote? Have the "debates" and the subsequent spin turned you off or does it get your blood boiling? As both parties and their PACs share their perspectives on the issues and the spin continues, it is time we get an agnostic look at the issues.

In the Romney/Obama debate of last week, The Economy; Education; Domestic Policy; Health Care and PBS took center stage. But is there a way to review the issues without the spin? My colleagues at Atigeo and I created a way to bring big data analysis of the social media feeds of the candidates and their respective party's content to the electorate. No spin and no sales - simply the issues and the most relevant contact on the issue - be they yours or those identified by the parties.

For the Democrats: www.blue2012red.com
For the Republicans: www.red2012blue.com

As the accompanying slide presentation shows, the topic of Health Care in the US tops all other issues with respect to content generation by the two camps. And it should come as no surprise to learn that the Obama campaign is producing content at twice the velocity of the Romney campaign across all of the social networks. What is of interest is that content on all the issues have been shared by both, even if the number of posts and tweets are not even-up, all issues are being covered.

Use it to educate yourself on the issues important to you and please do remember, as we wind down this election season, please make sure you vote, and if you need to register - you can find your state/territory registration page here: Voter Registration

Sorry, the comment form is closed at this time.