The Black Eyed Peas' Will.I.Am just finished performing his Emmy-Award-winning online hit "Yes We Can" at Invesco Field in Denver on the last evening of the 2008 Democratic National Convention.

The music video debuted on DipDive.com and YouTube on Super Tuesday in February, and it quickly went viral. As of Thursday, it's been viewed more than nine million times on YouTube.

The tune is set to the words of Barack Obama's concession speech after he lost the New Hampshire primary to Hillary Clinton. The Obama campaign has adopted the tune as a sort of a theme tune.

The audience at Invesco is expected to number up to 75,000 people when Obama makes his presidential nomination acceptance speech in a couple of hours. The stadium during the performance was crowded, but not full.

Will.I.Am's appearance at Invesco Field wasn't the only interesting connection to the internet this evening.

Straight after the pop star fired up the crowd, Obama Colorado state director Ray Rivera urged everyone to text message the campaign so that officials can sign them up to volunteer to get out the vote. A map with stars flashed behind him. The size of the star indicates the number of people from that area that had signed up to volunteer. As he urged the supporters to sign up, the stars throbbed and grew bigger on the screen.

Earlier Thursday, the New York Times reported that the campaign's event planners scrapped the idea of a giant collective phone bank by the crowd of 75,000 on Thursday night because they worried that it would crash cell phone networks.

The campaign instead sent out a text message reminding supporters to watch Obama's speech this evening, which is scheduled to take place 8 pm Mountain time. The message also urged its recipients to volunteer by sending the campaign their location information so that local party officials could get in touch with them.

As Democrats partied down and fought their way through the sweltering summer heat and crowds to get into the stadium, Republicans tried to tamp down the euphoria by mocking Obama online.

John McCain's campaign released an mock advisory Thursday recommending a dress code -- they suggested that Democrats attend the evening's speeches in togas -- to go with the white columns that have been set up to frame the podium. The McCain campaign's calling it "Barackopolis."

The McCain campaign also released a grim web video that continued to question Obama's credentials -- at the same time as it aired a television ad that features McCain congratulating Obama for winnning the nomination.

Now that the statute of limitations has lifted on many of his crimes -- as well as a seven-year court ban prohibiting him from writing about them (the ban ended midnight on January 28, 2007) -- former hacker Kevin Mitnick is telling his story in a book to be published next year.

Mitnick, the Mumia Abu-Jamal of the hacker world who inspired a "Free Kevin" movement, was imprisoned for four and a half years, beginning in February 1995, before he was finally sentenced to 46 months in 1999, with some credit for time already served. Part of that time he was held in solitary confinement and without bail because the government feared he had the ability to detonate a nuclear weapon simply by whistling a tone through a phone. He was released in 2000.

But don't look for Mitnick to whine in his book about the government's unfair treatment of him or his long-standing feud with New York Times scribe John Markoff, whom Mitnick accused of inflating his stories about Mitnick to get a book deal. Instead, he tells Forbes, he plans to set the record straight about his hacking spree.

Kevin Mitnick: It's pretty much my autobiography, the story of my years as a hacker and a fugitive told from my point of view--starting out from my younger years in telephone phreaking when I was 11-years-old, to my arrest, to my post-arrest career as a security professional. There's going to be a lot of information revealed about hacks I pulled off. The statute of limitations has lifted on a lot of that stuff, so now I can talk about it publicly.

Forbes: Can you give us a preview of the exploits you're going to recount in the book?

I'm trying to save that all for the book. What I can tell you is what won't be in the book--I won't be whining about my trial or my mistreatment by the government or [Mitnick-chronicling] John Markoff.

This book is going to be a kind of Catch Me if You Can in cyberspace. It's going to be what's real in my history and what isn't, what I did and how I did it and how I've since turned my life around.

Forbes: What are some of the myths about Kevin Mitnick that just aren't true?

I never wiretapped the FBI, though I did wiretap an informant who was working with the FBI and chasing me for the bureau. Some other myths: that I hacked into the National Security Agency, that I hacked into NORAD.

Forbes: And some things you did do?

Well, I compromised all the phone companies, essentially. Even when I was a kid I had the capability to disrupt the telephone systems for entire states.

I hacked into the systems of all the major software companies at the time: Digital Equipment, Sun Microsystems, IBM, Silicon Graphics. Also most of the companies that made cellular phones at the time, like Nokia, Motorola, Fujitsu.

Mitnick, whom the government had deemed "the most wanted computer criminal in United States history" was charged with 25 counts of wire and computer fraud and causing nearly $300 million in damages. He eventually pleaded guilty to 7 counts and was ordered to pay only about $4,000 in restitution after his release.

Photo: Neon Samurai

The California man arrested Wednesday for allegedly uploading pre-released Gun N' Roses songs to his blog has provided a "typed, signed confession" to the FBI, according to court records unveiled Thursday.

What's more, the investigation into to the Culver City man began last month after the Recording Industry Association of America tipped off the authorities, wrote Jensen Penalosa, an FBI agent in a filing in Los Angeles federal court made available Thursday.

Kevin Cogill, aka Skwerl, uploaded the nine songs on June 18, according to the affidavit, which was the basis for Cogill's arrest at his apartment. A day after the uploading, according to the affidavit, (.pdf) an RIAA investigator alerted the FBI, Penalosa said.

"Cogill provided a typed, signed confession which stated that he had posted the unreleased Guns N' Roses songs to the internet on his web site www.antiquiet.com," Penalosa wrote.

Cogill did not return e-mail or telephone messages seeking comment.

Cogill is charged with one count of violating Title 17, United States Code Section, 506 (a) (1) (C). The copyright infringement charge is related pre-released material, "distribution of a work being prepared for commercial distribution by making it available on a computer network accessible to members of the public."

The charge is a "felony punishable by imprisonment for not more than three years or, if the offense was committed for commercial advantage or private financial gain, for not more than five years."

According to court records, the antiquiet music-review site crashed because there were so many hits.The affidavit also says the nine recordings have been removed from the site, which does not appear to be operational at this time.

Photo dave1968's photostream

See Also:

• FBI Arrests Alleged California Music Pirate
• Judge: Copyright Owners Must Consider 'Fair Use' Before Sending ...
• Google, EFF Applaud Veoh DMCA Ruling
• RIAA, MPAA Converging on Political Conventions
• MPAA Says No Proof Needed in P2P Copyright Infringement Lawsuits
• Cablevision Scores Copyright Victory Against Hollywood
• Universities Baffled By Massive Surge In RIAA Copyright Notices
• MPAA Waffling on Piracy Costs; RIAA Says Illicit CDs Worth $13.74 Each

Linux guru Hans Reiser had his day in court and was convicted in April of murdering his estranged wife. Now Friday likely marks his very last day in court, when the developer of the ReiserFS file system is scheduled to be sentenced and is likely to say in open court how he killed Nina Reiser.

If all goes according to script, Reiser will be handed a 15-to-life prison term as part of a deal with prosecutors. In July, the 44-year-old led authorities to his wife's unmarked grave in Oakland, California after he was convicted of first-degree murder, which carries a 25-to-life sentence.

A key part of the deal requires Reiser to waive his state and federal appellate rights -- and to do so publicly, in open court. If he goes through with it, that would close the final chapter in his criminal case.

In a six-month-long jury trial, Reiser and his attorneys claimed Nina Reiser was alive, and had abandoned the divorcing couple's two young children after he accused her of bilking his Oakland software company, Namesys.

For 11 days on the stand, Hans Reiser told Alameda County jurors to discount any guilty behavior he exhibited in the aftermath of his wife's disappearance. After all, he said, he was a scientist, a misunderstood computer geek who stared at a computer screen for so long he hadn't a clue of societal cues.

But any doubts about whether justice was served were dispelled on July 7, three months after the jury's verdict. Reiser, wearing his jail jumpsuit and handcuffed to his attorney William DuBois, brought authorities to a dirt road about a half-mile from his house and showed them where he buried the mother of his two children. From the stand, however, he had decried the case against him as "silly."

Reiser married his bride a decade ago. The once happy couple met in Russia, when Hans Reiser was overseas hiring Russian programmers to help develop the ReiserFS file system.

Prosecutor Paul Hora told jurors the defendant had "motive coming out of his ears" for killing Nina, including hefty child support payments. She had an affair with Hans Reiser's best friend and she allegedly faked illnesses for their eldest child, a boy now 8.

But he had more motive to give up his ruse, and the body, after being convicted of premeditated murder: a reduced term in a deal crafted by prosecutors and Hans Reiser's defense team. If Superior Court Judge Larry Goodman approves the reduced sentence on Friday, Reiser is eligible for parole in 15 years instead of 25.

Underscoring how much the defendant thought he could pull one over on the jury, it's since emerged that the defendant initially rejected a three-year prison offer in exchange for producing Nina's body, and opted instead for trial.

The deal for the body was done to bring closure to family and friends, to allow them, not the defendant, to chose her burial site. She is now buried in her hometown of St. Petersburg, Russia.

In California, both of Hans Reiser's potential sentences are known as "indeterminate terms". That means it's up to state parole officials to grant his release. And California's governor has almost carte blanche authority to override a parole board decision.

(File sketch: Norman Quebedeau/Wired.com)

See Also:

• Hans Reiser Leads Police to Nina's Body
• Hans Reiser Guilty of First Degree Murder
• Judge Says Reiser Rejected 3-Year Plea Offer, Remains Skeptical of ...
• Reiser Prosecutor to Jurors: 'You Know He Killed Her'
• Prosecutor: Linux Engineer Reiser Coaxed Son to Cover up Mom's ...
• Reiser Prosecution Wobbles Under Police Forensics Gaffe -- Update
• Scientist Questioning Blood Evidence In Reiser Case
• Hans Reiser in the Sierra Nevada Mountains 21 Days After Wife ...
• Hans Reiser Murder Trial: The Vilification Defense Begins -- UPDATE II

Online video sharing service Veoh scored a major victor in a copyright case when a federal judge dismissed a lawsuit brought by a gay porn distributor claiming the upstart's site facilitated the infringement of its copyrighted works.

The case, brought by IO Group, is similar to lawsuits by other rights holders against YouTube, MySpace, MP3tunes and others. The allegations are basically the same: they claim the sites facilitate wanton copyright infringement.

But this is the first lawsuit to be concluded at the trial-court level, and the outcome favored the file sharing site.

In dismissing the case Wednesday, U.S. Magistrate Howard Lloyd of San Jose ruled (.pdf) that San Diego-based Veoh -- financially backed by Time Warner and Michael Eisner – complied with the 1998 Digital Millennium Copyright Act's so-called safe harbor provisions.

While the first-of-its-kind decision is not binding on other courts, YouTube chief counsel, Zahavah Levine, said "it is great to see the court confirm that the DMCA protects services like Youtube that follow the law and respect copyrights."

The court ruled that Veoh promptly responds to takedown notices, terminates repeat infringers and informs its users of its copyright policies. Veoh, the judge ruled, "has a strong DMCA policy, takes active steps to limit incidents of infringement on its web site and works diligently to keep unauthorized works off its site."

In the YouTube case, pending in New York district court last year, the social-networking site, like Veoh, is accused (.pdf) of not having "authorization, permission or consent to use the registered copyrighted works owned by plaintiffs that have appeared and continue to appear on the YouTube site." Viacom is seeking $1 billion in damages from YouTube, which is owned by Google and has implemented a content-filtering program on the site.

(It should be noted that the Veoh decision is not binding on the YouTube or other similar cases. But the ruling is likely to become legal fodder.)

Here is our sister blog, Epicenter's Take I on the story and Take II.

Fred von Lohmann, an Electronic Frontier Foundation attorney, said the ruling "specifically rejects the argument that 'transcoding' content to facilitate access disqualifies a service provider from the safe harbor." Veoh transcodes user-generated videos into Flash.

See Also:

• Judge: Copyright Owners Must Consider 'Fair Use' Before Sending ...
• RIAA, MPAA Converging on Political Conventions
• MPAA Says No Proof Needed in P2P Copyright Infringement Lawsuits
• Cablevision Scores Copyright Victory Against Hollywood
• Universities Baffled By Massive Surge In RIAA Copyright Notices
• MPAA Waffling on Piracy Costs; RIAA Says Illicit CDs Worth $13.74 Each
• McCain Campaign Yanks 'Obama Love' Web Video

Admitted Pentagon hacker Gary McKinnon lost his appeal to the European Court of Human Rights on Thursday, and is expected to be on a plane to Virginia within three weeks. But -- surprise! -- he's now been diagnosed at 42 with Asperger's syndrome, and his lawyers are asking Home Secretary Jacqui Smith to keep him in London for medical reasons.

McKinnon is accused of breaching over 90 unclassified Pentagon and NASA systems in 2001 and 2002, and crashing some of them, causing $900,000 in damage. In interviews, McKinnon has admitted the hacking spree (though not the damage) which he says was a search for evidence of a military UFO cover-up. As part of his quest he left this message on an Army computer in 2002: "U.S. foreign policy is akin to government-sponsored terrorism these days.... It was not a mistake that there was a huge security stand down on September 11 last year ... I am SOLO. I will continue to disrupt at the highest levels."

In 2003 McKinnon rejected a written plea offer that would have given him six months to a year in a U.S. low security prison, followed by a transfer back to the UK for parole six months later. He then fought extradition while claiming that America wanted to ship him off to Guantanamo Bay. He lost his extradition appeal before the House of Lords in July, and turned to the human rights court in a last ditch effort to avoid standing trial in the country he hacked.

He faces anywhere from six months to six-and-a-half years in prison under federal sentencing guidelines, depending on how much damage he caused, if any, and whether or not he accepts responsibility. Through a quirk of the metric system, this becomes 60 years, 70 years and a life sentence in the British press.

See Also:

• British UFO Hacker Gary McKinnon Is Coming to America
• British Hacker Gary McKinnon Cries Guantánamo Too Much
• Press Frees McKinnon From Guantonimo, Puts Him in a Virginia Supermax

Modern political speeches are highly-crafted affairs, with much test marketing to see how themes, images and keywords poll among voters. And apart from congressional hearings and FCC open meetings, there's probably nothing more scripted and kabuki-like than the speeches made at the 2008 Democratic National Convention.

Nevertheless, President Bill Clinton's speech on foreign policy Wednesday night was perhaps just as highly-anticipated as his wife Hillary's: He's had a relatively rocky relationship with both the media and Barack Obama and his campaign during this election cycle. So people wanted to know what he would have to say -- and how he would say it.

Clinton delivered on expectations. Settling the public narrative that had built up about his remaining grudges against the Obama campaign, he began his speech by stating that he was "honored" to be there to support Obama.

Then he made sure that he drove home the point about Obama being ready to lead the most powerful nation on the planet.

"Barack Obama is ready to lead America and restore American leadership in the world," he said. "Ready to preserve, protect, and defend the Constitution of the United States. Barack Obama is ready to be president of the United States."

Those words directly counter the Clinton campaign's own assertions during the primaries -- as well as the Republicans', who earlier this week launched a publicity blitz dubbed "Not Ready '08."

How many times did Clinton use the word "ready," when he endorsed Obama, and how prominently did it feature in his effort to brand Obama in the field of foreign policy?

You can use this online text analysis tool from IBM's Visual Communication Lab called "Many Eyes," to find out by just mousing over the word, or by performing a search. It's actually a really fun tool to muck around with, and it gives you another perspective and way to parse Clinton's 1,636-word speech.

The lab has created several different tools: Someone else on Wednesday night created this elegant-looking word tree out of Delaware Senator Joe Biden's acceptance speech.

It's almost as fun as monkeying around with "Barack Obama Is Your New Bicycle," and probably as meaningful.

There's been a lot of debate on Threat Level recently about what's a federal crime and what is not when it comes to file sharing copyrighted music on the internet.

A 27-year-old California man, Kevin Cogill, of Culver City, learned the hard way Wednesday. While he certainly isn't the first, he was arrested at his house near Los Angeles by the FBI on accusations of uploading nine unreleased Guns N' Roses songs.

If convicted, he faces a maximum three years imprisonment under the Family Entertainment and Copyright Act of 2005.

The songs were released on Antiquiet, a music blog Cogill is said to operate. It is not known where he got the recordings.

Hat tip: Los Angeles Times

Photo: dave1968/Flickr

See Also:

• Nonprofit Distributes File Sharing Propaganda to 50000 U.S. Students
• Do RIAA Snoops Need P.I. Licenses?
• Analysis: FCC Comcast Order Is Open Invitation to Internet Filtering
• File Sharer Settles with RIAA for a Whopping $756 a Song
• Comcast Ordered to Allow Free Flow of File Sharing Traffic
• Internet Mysteries: How Much File Sharing Traffic Travels the Net ...
• RIAA, MPAA Converging on Political Conventions
• New RIAA Lawsuit Defense Tactic: Admit Liability, Challenge the Law

The Democrats have just ended their pro-forma roll call vote at the 2008 national convention to nominate Barack Obama as their presidential candidate.

Some credentialed state bloggers who sat on the floor of the Pepsi Center in Denver along with their delegations made the otherwise routine process a little more interesting by filing their chatter with state officials.

For example, Calitics blogger David Dayen filed constant updates throughout the process, and it helped to explain what was going on.

California, for example, passed on its roll call vote. Dayen blogged that decision with a an explanation from California Democratic Party Chairman Art Torres.

"A lot of the superdelegates never checked in with their vote with him ahead of time. He's legally required to go to their delegated proxies for a vote, and a lot of them didn't know about the voting either, so he would have had to announce significantly less votes than the 441 California is granted. Anyway, that's what he told me," writes Dayen.

But then there were other tid-bits that provided a small window of color:

Continue reading "State Bloggers Bring Color To Scripted Nomination Process In Denver" »

A customer of the British bank Lloyds TSB discovered the bank had changed his account password because someone on staff apparently couldn't take a joke.

Steve Jetley had created the password "Lloyds is pants" after he had a dispute with the bank over free travel insurance that was supposed to come with the account.

But when he tried to access his account over the phone, a call center representative told him the password didn't match what was in his file. The password had been changed to "no it's not."

When Jetley asked to have his password changed back to the original, the bank refused, saying the password was inappropriate.

"I asked if it was 'pants' they didn't like, and would 'Lloyds is rubbish' do? But they didn't think so," Jetley told the BBC.

"So I tried 'Barclays is better' and that didn't go down too well either," he said.

The bank also didn't like "censorship."

The bank has since apologized, saying that Jetley can choose any password he likes and that the worker who told him otherwise was wrong. The employee who changed the password has been relieved of his employment.

Photo: Sean Whitton

Hillary Clinton received a standing ovation Tuesday night not only from the 20,000-strong crowd at the Pepsi Center in Denver, but also from the online crowd, who for the most part praised her rousing performance and strong endorsement of Barack Obama.

"Hillary Clinton crushed tonight. Performed the pants off Mark Warner and Bob Casey and Deval Patrick and even the bolo-tied Brian Schweitzer -- who almost stole the show by mere virtue of the fact that unlike most of tonight's speakers, he didn't appear to be battery operated," noted Slate's blogger and legal writer Dahlia Lithwick. "The fact that she ran circles around the men tonight reminded me why the glass ceiling with the 18 million cracks in it really is poised to shatter. I can’t recall a woman rocking a convention like that, ever.

"Hillary not only did what she needed to do last night, she did it to the power and honor of the 18 million cracks in that commander-in-chief glass ceiling she shattered," enthused Taylor Marsh, a Democratic political analyst and blogger who's been a big Hillary-booster throughout this campaign cycle.

"It had been hyped like crazy, predicted, wondered about, and in some corners, feared, but tonight Hillary outdid even herself, saying what needed to be said to unify this fired up but fractured party," wrote Julie Lythcott-Haims, a California blogger and a diehard Barack Obama supporter on the Momocrats blog, a Silicon Valley women's group blog.

"Hillary hit a grand slam by any measure," reported Greg Sargeant at the lefty Talking Points Memo political blog. "It can't be overstated how badly Democrats, at this juncture in the campaign, needed an adrenaline boost like the one Hillary provided tonight. Her full-throated and unequivocal endorsement of Obama sets the stage for an equally powerful, or perhaps even more powerful, speech from Obama on Thursday that closes the unity circle among Dems and makes the compact complete."

"I was never a big Hillary fan," writes "Gorelab," at the lefty activist blog MyDD.com. "It wasn't really a personal thing, but I've never liked the DLC and considered her too beholden to it. But even though I was a strong, early supporter of Barack Obama, after tonight's speech, I think we all should do what we can to retire her debt."

Gorelab urged readers to create a moneybomb to Clinton's campaign to retire her campaign debt.

"In her speech tonight, she far exceeded my greatest hopes and aspirations in heralding everything we stand for as Democrats," says "DocJess," a blogger at DemConWatch, a blog dedicated to coverage of the 2008 Democratic National Convention.

"Last night, Hillary Clinton delivered the speech of her career, unified her party and kicked off the general election campaign in one fell swoop," agreed Michael Bouldin, a political technology consultant form Clinton's home state of New York at The Daily Gotham blog.

Even some bloggers at The Daily Kos, a notoriously anti-Clinton group blog, reacted positively.

Continue reading "Clinton Speech Impresses Bloggers" »

The secret-spilling site Wikileaks announced this week that it's acquired thousands of e-mails belonging to a top aide to Venezuelan president Hugo Chavez. But don't look for them online. In a departure from its full-disclosure past, Wikileaks is auctioning off the cache to the highest bidder.

Wikileaks began soliciting bids from media organizations on Tuesday, for what it describes as thousands of e-mails and attachments from 2005 to 2008 that provide insight into Chavez's management, CIA activities in Venezuela and the Bolivarian revolution.

The winner gets exclusivity and embargoed access to the documents, though Wikileaks will publish all of them eventually.

The auction contrasts sharply with Wikileaks' original goal of recruiting legions of netizens to publicly analyze formerly secret corporate and government documents.

The site says the money it earns in the auction will going to its source defense fund.

University of Minnesota media ethics professor Jane Kirtley laughed when told of the scheme.

"Ethically speaking, why don't they just publish it?" Kirtly asked. "They pride themselves on being a new breed of news delivery."

Launched nearly two years ago, Wikileaks made its mark publishing sensitive Guantanamo Bay documents and fending off a lawsuit from Swiss banking company Julius Baer that attempted to wipe the site off the net, but only ended up rallying support for the site.

But Wikileaks' most public figure -- Julian Assange, a former hacker and journalist -- told Wired.com earlier this year that the wiki model had failed and that the site would be experimenting with new economic models, though he did not mention plans to ask media organizations to bid on leaked documents.

The auction is just an experiment, and carries too much overhead to be employed for every leak, Assange said by e-mail Tuesday.

When asked whether he expects news organizations such as The Washington Post to bid on documents, Assange argued that media outlets already pay for news.

"Media organizations pay hundreds of thousands to millions for photos and video footage," he said. "People magazine notoriously paid over $10 [million] for Brad Pitt and Angelina Jolie's baby photos."

Stephen Aftergood, who runs a complementary and competing site called Secrecy News that focuses on U.S. government documents, called the e-mail trove a "coup" for Wikileaks. But Aftergood also doubts the auction model will attract quality media outlets.

"It looks like Wikileaks is still looking for the optimal method to distribute its materials," Aftergood said. "I think it will automatically rule out publications like The New York Times and others that might devote significant attention to an in-depth look at such internal e-mails but would not pay for them."

Outside of the tabloid press, U.S. media generally refuses to pay sources as a matter of professional ethics. The fear is that such payment would provide an economic incentive for sources to fabricate documents and stories.

Kirtley, who led the Reporters' Committee for the Freedom of the Press for 14 years, shares Aftergood's practical objections, noting that many outlets have strict policies against paying sources.

"Whether [U.S. media outlets] are cheap or have ethics, I don't know," Kirtly said."From an entrepreneurial standpoint, I think Wikileaks will be disappointed."

Assange, though, argues that any news worth reading is worth paying for.

"The degree to which news organizations refuse to pay for 'the' news is proportional to the degree to which they are able to bilk the public with unworthy alternatives," he writes.

"Indeed for anyone who has been in the news business for a while knows, manufacture of news is so arbitrary the result must be described primarily as mere entertainment."

For his part, Aftergood is skeptical of the auction, but he's not opposed to it.

"But maybe I'm wrong," he said. "It's worth a try."

UPDATE: This story was modified to note that the emails would be made public after a period of time when only the winning bidder has access. Professor Jane Kirtley's name was also misspelled.

Assange writes in with thoughts on scarcity and the perceived value of documents freely available on the web.

The big issue for Wikileaks is first rate source material going to waste because we make supply unlimited, so news organizations, wrongly or rightly, refuse to "invest" in analysis without additional incentives.

The economics are counter-intuitive -- temporarily restrict supply to increase uptake. This is not what we wanted to find, but it has been our solid experience over two years and is a known paradox in economics.

Given that Wikileaks needs to restrict supply for a period to increase perceived value to the point that journalists will invest time to produce quality stories, the question arises as to which method should be employed to apportion material to those who are most likely to invest in it.

See Also:

• Immune to Critics, Secret-Spilling Wikileaks Plans to Save Journalism ... and the World
• Judge Allows WikiLeaks to Resume U.S. Operations
• Cayman Islands Bank Gets Wikileaks Taken Offline in United States

"America has never been afraid of the future, and we shouldn't start now," said former Virginia Governor Mark Warner during his keynote speech during the second night of the 2008 Democratic National Convention. Warner supports net neutrality, and he's running to be a Virginia senator.
Image: Wordle.net

It didn't ignite the crowd at the Pepsi Center in Denver Tuesday night in the same way as Hillary Clinton's speech did, but the 2008 Democratic National Convention keynote by former Virginia Governor Mark Warner lit up the micro-blogging service Twitter as its geek community celebrated a throwaway line in Warner's speech.

Warner, a former Capitol Hill staffer for senator Chris Dodd (D-Connecticut) and telecommunications entrepreneur, focused his speech on creating an environment that keeps America competitive in the global economy.

In a one-liner, he quipped: "Just think about this: In four months, we will have an administration that actually believes in science!"

It was as if Warner were acknowledging a constituency that feels as if the Bush administration had thrown a Harry Potter invisible cloak over it for the past eight years. Many members of that online constituency poked their heads out from under the cloak on Twitter.

"In four months, we'll have an administration that actually believes in science. lol, but YEAH!" tweeted kmcg.

"My fav from 2nite: 'Just think about this: in six months we will have an administration that actually believes in science'-Mark Warner; YES!" agreed tujaded.

Continue reading "Former Virginia Governor's Comment On Science At Convention Lights Up Twitter" »

"Whether you voted for me, or voted for Barack, the time is now to unite as a single party with a single purpose. We are on the same team, and none of us can sit on the sidelines," said Hillary Clinton Tuesday night at the 2008 Democratic National Convention in Denver.
Picture: Wordle.net

Hillary Clinton exhorted the members of her party to unite and rally behind former Democratic presidential nominee Barack Obama on Tuesday, saying that the nation can't afford to elect another Republican to the White House.

In an apparent effort to reach out to the disappointed supporters who saw her candidacy as a breakthrough moment for women, she continued to engage in the rhetoric of a fierce woman warrior. Clinton made her remarks during a highly-anticipated speech at the 2008 Democratic National Convention in Denver.

The intensity of Clinton's oratory and emotions were amplified in a high-definition broadcast online with Microsoft's Silverlight media platform
Picture: Democratic National Convention Committee

"I am here today as a proud mother, as a proud Democrat, as a proud senator from New York, a proud American, and a proud supporter of Barack Obama," she announced in her opening remarks to a roaring crowd.

"I haven't spent the past 35 years in the trenches advocating for children, campaigning for universal health care, helping parents balance work and family, fighting for women's rights at home and around the world to see another Republican in the White House squander the promise of our country and the hopes of our people," she said. "And you haven't worked so hard over the last 18 months, or endured the last eight years, to suffer through more failed leadership."

"No way. No how. No McCain," she said, after several days of the McCain campaign running advertisements both on television and online that used her own words against Obama.

Clinton characterized her presidential campaign as a personal fight for specific issues -- competence, a need to establish a competitive workforce in a global economy, fiscal responsibility and reasonable health care for all, among other issues.

She expressed confidence in Obama's leadership on those issues, and implied that supporting the Democratic Party's approach to them translates into support for her.

Yet there was an odd subtext to the delivery.

For example, the soundtrack to the introductory profile video included Lenny Kravitz's "Are You Going to Go My Way?" a tune that asserts that the singer is the chosen one, that he has "come to save the day," and that he won't "stop until I'm done."

That theme dovetailed with Clinton's later segue and fierce soliloquy about the women who in 1848 fought to secure their right to vote. That right eventually became the 19th Amendment in the constitution and Tuesday is the anniversary of its enactment.

With her blue eyes blazing and a stern, and at times angry-looking expression that was all the more vivid in high-definition online, Clinton urged the enormous audience in the Pepsi Center in Denver and those watching the television and online broadcasts not to give up the hard push to win in November.

"Don't ever stop. Keep going," she said.

"But remember, before we can keep going, we have to get going by electing Barack Obama president," she said.

Her remarks and repeated use of the words "keep going," seemed to have a peculiar personal resonance to the nature of her own presidential campaign, which carried on even when it became clear that Obama had won the primaries. For a few fleeting moments, it sounded as if she were talking about a private battle.

There was a lot of additional information I wanted to include in my article about intercepting internet traffic through the Border Gateway Protocol (BGP), but there wasn't space to include it. So I'll put it in this separate post.

First of all, you can read how Anton Kapela and Alex Pilosov conducted their interception of the DefCon network traffic in the slides from their talk (.ppt). Their DefCon presentation, by the way, was an unscheduled, last-minute talk that occurred at the end of the last day of the DefCon conference, so it hadn't appeared on the conference schedule. I asked Kapela to read any comments that readers post to these two BGP posts so he can respond to any questions readers may have about how he and Pilosov conducted their attack.

As I mention in my article, BGP hijacking isn't new. It happens frequently, though generally the hijack is unintentional and it results in a denial-of-service attack or outage, as was the case earlier this year when Pakistan Telecom inadvertently hijacked YouTube traffic.

The telecom intended to block only Pakistanis from accessing YouTube in order to prevent them from viewing content the Pakistan government deemed objectionable. Instead, the company and its upstream provider mistakenly advertised to routers that it was the best route through which to send YouTube traffic. For nearly two hours browsers attempting to reach YouTube fell into a black hole in Pakistan.

RIPE, the regional internet registry for Europe, put together a great timeline tracking the Pakistan event as well as an animation showing how quickly the IP hijack propagated around the internet and caused traffic headed to YouTube to divert to Pakistan instead. The animation will give you an idea of how quickly an eavesdropping interception can occur. The animation tracks the event over a two-hour period, but people began to experience YouTube outages almost as soon as Pakistan Telecom sent out its advertisement.

Continue reading "More on BGP Attacks -- Updated" »

By now, we all know how the Recording Industry Association of America nabs alleged file sharers, more than 20,000 lawsuits and counting: Hired snoops from MediaSentry -- aka SafeNet -- log onto Kazaa, Limewire or other file sharing programs, peer into open share folders, take screenshots, download a few files and obtain the offending IP addresses.

But in a few states -- Michigan, Texas, Florida, New York, Massachusetts, Oregon and Arizona -- the RIAA's investigators have come under attack by state governments or RIAA defendants. Reason: They are not licensed private investigators in their respective states. Michigan recently told MediaSentry it needed a license (.pdf) to continue practicing.

But demanding a private investigator's license doesn't make such sense for computer forensic work, according to the American Bar Association. In a recent report, the country's largest legal lobbying group urges the states to jettison the idea of, or licensing requirement for computer forensic specialists, especially since most state licensing boards don't demand education in such work.

While it does not carry any legal muscle, the ABA, in a recent report, urges the states to refrain from requiring private investigator licenses for persons engaged in, among other things: "computer or digital forensic services or in the acquisition, review or analysis of digital or computer-based information, whether for purposes of obtaining or furnishing information for evidentiary or other purposes, or for providing expert testimony before a court...."

Texas, for example, is demanding the licensure of Geek Squad employees (.pdf) at Best Buy who provide forensic services. The report, however, said judges are the best judges of experts' credentials.

Among other things, the ABA report and recommendation (.pdf) says "investigation and expert testimony in computer forensics and network testing should be based upon the current state of science and technology, best practices in the industry and knowledge, skills and education of the expert."

The report adds: "The public and courts will be negatively impacted if e-discovery, forensic investigations, network testing and other computer services can be performed only by licensed private investigators because not all licensed private investigators are qualified to perform computer forensic services and many qualified computer forensic professionals would be excluded because they are not licensed."

The report broaches on interesting question on legal jurisdiction in the internet age.

"Computer forensic assignments often require handling data in multiple jurisdictions. For example, data may need to (be) imaged from hard drives in New York, Texas and Michigan," the report notes. "Does the person performing that work need to have licenses in all three states?"

Food for thought.

Illlustration: Modernhumorist.com

See Also:

• RIAA, MPAA Converging on Political Conventions
• MPAA Waffling on Piracy Costs; RIAA Says Illicit CDs Worth $13.74 Each
• File Sharer Settles With RIAA for a Whopping $756 a Song
• Judge Hints at Mistrial in RIAA v. Jammie Thomas
• RIAA's Lawsuit Strategy in the Balance at Jammie Thomas Hearing Monday
• Nonprofit Distributes File Sharing Propaganda to 50000 US Students
• RIAA Critic Beckerman Scores Judiciary's Ear

Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency.

The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination.

The demonstration is only the latest attack to highlight fundamental security weaknesses in some of the internet's core protocols. Those protocols were largely developed in the 1970s with the assumption that every node on the then-nascent network would be trustworthy. The world was reminded of the quaintness of that assumption in July, when researcher Dan Kaminsky disclosed a serious vulnerability in the DNS system. Experts say the new demonstration targets a potentially larger weakness.

"It's a huge issue. It's at least as big an issue as the DNS issue, if not bigger," said Peiter "Mudge" Zatko, noted computer security expert and former member of the L0pht hacking group, who testified to Congress in 1998 that he could bring down the internet in 30 minutes using a similar BGP attack, and disclosed privately to government agents how BGP could also be exploited to eavesdrop. "I went around screaming my head about this about ten or twelve years ago.... We described this to intelligence agencies and to the National Security Council, in detail."

The man-in-the-middle attack exploits BGP to fool routers into re-directing data to an eavesdropper's network.

Anyone with a BGP router (ISPs, large corporations or anyone with space at a carrier hotel) could intercept data headed to a target IP address or group of addresses. The attack intercepts only traffic headed to target addresses, not from them, and it can't always vacuum in traffic within a network -- say, from one AT&T customer to another.

The method conceivably could be used for corporate espionage, nation-state spying or even by intelligence agencies looking to mine internet data without needing the cooperation of ISPs.

BGP eavesdropping has long been a theoretical weakness, but no one is known to have publicly demonstrated it until Anton "Tony" Kapela, data center and network director at 5Nines Data, and Alex Pilosov, CEO of Pilosoft, showed their technique at the recent DefCon hacker conference. The pair successfully intercepted traffic bound for the conference network and redirected it to a system they controlled in New York before routing it back to DefCon in Las Vegas.

The technique, devised by Pilosov, doesn't exploit a bug or flaw in BGP. It simply exploits the natural way BGP works.

"We're not doing anything out of the ordinary," Kapela told Wired.com. "There's no vulnerabilities, no protocol errors, there are no software problems. The problem arises (from) the level of interconnectivity that's needed to maintain this mess, to keep it all working."

The issue exists because BGP's architecture is based on trust. To make it easy, say, for e-mail from Sprint customers in California to reach Telefonica customers in Spain, networks for these companies and others communicate through BGP routers to indicate when they're the quickest, most efficient route for the data to reach its destination. But BGP assumes that when a router says it's the best path, it's telling the truth. That gullibility makes it easy for eavesdroppers to fool routers into sending them traffic.

Here's how it works. When a user types a website name into his browser or clicks "send" to launch an e-mail, a Domain Name System server produces an IP address for the destination. A router belonging to the user's ISP then consults a BGP table for the best route. That table is built from announcements, or "advertisements," issued by ISPs and other networks -- also known as Autonomous Systems, or ASes -- declaring the range of IP addresses, or IP prefixes, to which they'll deliver traffic.

The routing table searches for the destination IP address among those prefixes. If two ASes deliver to the address, the one with the more specific prefix "wins" the traffic. For example, one AS may advertise that it delivers to a group of 90,000 IP addresses, while another delivers to a subset of 24,000 of those addresses. If the destination IP address falls within both announcements, BGP will send data to the narrower, more specific one.

To intercept data, an eavesdropper would advertise a range of IP addresses he wished to target that was narrower than the chunk advertised by other networks. The advertisement would take just minutes to propagate worldwide, before data headed to those addresses would begin arriving to his network.

The attack is called an IP hijack and, on its face, isn't new.

But in the past, known IP hijacks have created outages, which, because they were so obvious, were quickly noticed and fixed. That's what occurred earlier this year when Pakistan Telecom inadvertently hijacked YouTube traffic from around the world. The traffic hit a dead-end in Pakistan, so it was apparent to everyone trying to visit YouTube that something was amiss.

Pilosov's innovation is to forward the intercepted data silently to the actual destination, so that no outage occurs.

Ordinarily, this shouldn't work -- the data would boomerang back to the eavesdropper. But Pilosov and Kapela use a method called AS path prepending that causes a select number of BGP routers to reject their deceptive advertisement. They then use these ASes to forward the stolen data to its rightful recipients.

"Everyone ... has assumed until now that you have to break something for a hijack to be useful," Kapela said. "But what we showed here is that you don't have to break anything. And if nothing breaks, who notices?"

Stephen Kent, chief scientist for information security at BBN Technologies, who has been working on solutions to fix the issue, said he demonstrated a similar BGP interception privately for the Departments of Defense and Homeland Security a few years ago.

Kapela said network engineers might notice an interception if they knew how to read BGP routing tables, but it would take expertise to interpret the data.

A handful of academic groups collect BGP routing information from cooperating ASes to monitor BGP updates that change traffic's path. But without context, it can be difficult to distinguish a legitimate change from a malicious hijacking. There are reasons traffic that ordinarily travels one path could suddenly switch to another -- say, if companies with separate ASes merged, or if a natural disaster put one network out of commission and another AS adopted its traffic. On good days, routing paths can remain fairly static. But "when the internet has a bad hair day," Kent said, "the rate of (BGP path) updates goes up by a factor of 200 to 400."

Kapela said eavesdropping could be thwarted if ISPs aggressively filtered to allow only authorized peers to draw traffic from their routers, and only for specific IP prefixes. But filtering is labor intensive, and if just one ISP declines to participate, it "breaks it for the rest of us," he said.

"Providers can prevent our attack absolutely 100 percent," Kapela said. "They simply don't because it takes work, and to do sufficient filtering to prevent these kinds of attacks on a global scale is cost prohibitive."

Filtering also requires ISPs to disclose the address space for all their customers, which is not information they want to hand competitors.

Filtering isn't the only solution, though. Kent and others are devising processes to authenticate ownership of IP blocks, and validate the advertisements that ASes send to routers so they don't just send traffic to whoever requests it.

Under the scheme, the five regional internet address registries would issue signed certificates to ISPs attesting to their address space and AS numbers. The ASes would then sign an authorization to initiate routes for their address space, which would be stored with the certificates in a repository accessible to all ISPs. If an AS advertised a new route for an IP prefix, it would be easy to verify if it had the right to do so.

The solution would authenticate only the first hop in a route to prevent unintentional hijacks, like Pakistan Telecom's, but wouldn't stop an eavesdropper from hijacking the second or third hop.

For this, Kent and BBN colleagues developed Secure BGP (SBGP), which would require BGP routers to digitally sign with a private key any prefix advertisement they propagated. An ISP would give peer routers certificates authorizing them to route its traffic; each peer on a route would sign a route advertisement and forward it to the next authorized hop.

"That means that nobody could put themselves into the chain, into the path, unless they had been authorized to do so by the preceding AS router in the path," Kent said.

The drawback to this solution is that current routers lack the memory and processing power to generate and validate signatures. And router vendors have resisted upgrading them because their clients, ISPs, haven't demanded it, due to the cost and man hours involved in swapping out routers.

Douglas Maughan, cybersecurity research program manager for the DHS's Science and Technology Directorate, has helped fund research at BBN and elsewhere to resolve the BGP issue. But he's had little luck convincing ISPs and router vendors to take steps to secure BGP.

"We haven't seen the attacks, and so a lot of times people don't start working on things and trying to fix them until they get attacked," Maughan said. "(But) the YouTube (case) is the perfect example of an attack where somebody could have done much worse than what they did."

ISPs, he said, have been holding their breath, "hoping that people don’t discover (this) and exploit it."

"The only thing that can force them (to fix BGP) is if their customers ... start to demand security solutions," Maughan said.

---

(Image: Alex Pilosov (left) and Anton "Tony" Kapela demonstrate their technique for eavesdropping on internet traffic during the DefCon hacker conference in Las Vegas earlier this month. (Wired.com/Dave Bullock)

See Also:

• More on BGP Attacks (Including Slides from DefCon Talk)
• Black Hat: DNS Flaw Much Worse Than Previously Reported
• Details of DNS Flaw Leaked; Exploit Expected by End of Today
• Kaminsky on How He Discovered DNS Flaw and More
• DNS Exploit in the Wild -- Update: 2nd More Serious Exploit Released
• Experts Accuse Bush administration of Foot-Dragging on DNS Security Hole
• OpenDNS Wildly Popular After Kaminsky Flaw Disclosure

When the Recording Industry Association of America and the Motion Picture Association of America aren't suing individuals and websites for copyright infringement, they're lobbying.

The two groups are making the rounds in Denver at the Democratic National Convention, where they're likely pushing proposed legislation that would create a cabinet-level copyright czar. Officials from the RIAA and MPAA plan on hitting the Republican convention next week in Minnesota, where they would likely be pushing proposed legislation that would create a copyright czar.

In the age of political correctness, the groups prefer not to use the derogatory term -- "lobbying."

Cara Duckworth, a spokeswoman for the RIAA, said RIAA president Cary Sherman and others from the recording industry are in Denver "to be relevant to the political process. We'll be in Minnesota next week."

Angela Martinez, a spokeswoman for the MPAA, was equally cryptic. Dan Glickman, the association's chairman and former congressman, is there "reconnecting with old friends," she said.

"Obviously," Martinez added, "he's there as a representative of the motion picture industry."

The RIAA, MPAA and others are hosting a fundraiser party at the convention on Wednesday for the One Campaign to fight world poverty.

Here's a news tip: As part of the love fest where change is being promised, the Democrats will nominate Illinois Sen. Barack Obama as the party's presidential candidate. You read it here first.

See Also:

• Happy Anniversary Pirates: 20000 Copyright Lawsuits and Counting
• MPAA Waffling on Piracy Costs; RIAA Says Illicit CDs Worth $13.74 Each
• Judge Hints at Mistrial in RIAA v. Jammie Thomas
• Nonprofit Distributes File Sharing Propaganda to 50000 US Students
• MPAA Helped Cops Nab Hundreds of Movie Pirates
• Inside the Motion Picture Industry's Cuddliest Anti-Piracy ...
• MPAA Says No Proof Needed in P2P Copyright Infringement Lawsuits
• TorrentSpy Won't Pay $111 Million Court Order, Lawyer Says
• MPAA Seeks Internet Removal of Two 'Infringing' Sites

House Speaker and Democratic National Convention Chair Nancy Pelosi will answer questions from Digg and CNN's online communities Wednesday night.
Photo: Associated Press/Stephan Savoia

Perhaps taking inspiration from our reddit widget experiment in May when we solicited reader questions for John McCain surrogate Carly Fiorina, Digg (a competitor to Wired.com's reddit) is partnering with CNN to solicit its community's questions for House Speaker Nancy Pelosi.

Digg CEO Jay Adelson will pose the top-ranked questions, as voted on by members of its community, to Pelosi Wednesday evening for about an hour at the Democratic National Convention in Denver. Pelosi chairs the convention. CNN will will stream the interview at CNN Live online between 6.30 pm and 7.30 pm Mountain time.

Unsurprisingly, Digg participants' top concern is Net Neutrality (we already have the answer to that at Threat Level.) The second-ranked question, as of Tuesday morning West Coast time, was whether the Democrats will "repeal anti-freedom measures such as the Patriot Act, ban warrantless wiretapping, and make sure that all prisoners held by the US enjoy the same civil rights (including habeas corpus)" if Barack Obama wins the election in November.

Apart from that, Pelosi faces a host of other tough questions from the Digg community.

Continue reading "Pelosi To Face Tough Questions On Leadership From Online Crowd" »

Viruses intended to steal passwords and send them to a remote server infected laptops in the International Space Station in July, NASA confirmed Tuesday.

And according to NASA, this wasn't the first infection.

"This is not the first time we have had a worm or a virus," NASA spokesman Kelly Humphries said. "It's not a frequent occurrence, but this isn't the first time."

That suggests that even in the future where space travel becomes an experience to complain about, rather than get dressed up for, computer viruses will still be tagging along uninvited.

NASA downplayed the news, calling the virus mainly a "nuisance" that was on non-critical space station laptops used for things like e-mail and nutritional experiments.

NASA and its partners in the space station are now trying to figure out how the virus made it onboard and how to prevent that in the future, according to Humphries.

NASA declined to name the virus, but SpaceRef.com, which broke the story, reported that the worm was W32.Gammima.AG worm -- a worm first detected in August 2007 that installs software that steals credentials for online games.

The virus did make it onto more than one laptop -- suggesting that it spread via some sort of intranet on the space station or via a thumb drive.

Humphries did not know when the laptops entered the space station or what country bought them, though he did indicate that the hardened equipment on the space station was typically purchased by Russia or the United States.

The International Space Station has no direct internet access, but astronauts can send and receive mail though a KU band data link also used for data and video transfer, according to Humphries.

That means the space station laptops are not connected to the net, according to Humphries.

"Everything is scanned before it goes up, so it's an indirect connection," Humphries said.

As for whether mission critical systems are connected to the same network as these kinds of laptops?

"I don't know and even if I did, I wouldn't be able to tell you for IT security reasons," Humphries said.

Photo: NASA/ Laptops on the International Space Station

See Also:

• How to Hack Your Way Into Space
• Hacker Challenge: Defeat Anti-Virus Programs
• Will the Bionic Man Have Virus Protection?