Authors: Thomas P. Keenan
Even if you aren't infected with malware, you automatically give out information every time you use the Internet. Ever notice how the people who “lost 40 pounds using this one weird trick” or “are waiting to meet you” magically seem to live in your hometown? That's because the ads are being customized to your physical location.
But how do they know where you live? The simple answer is that your Internet Protocol (IP) address is generally tied to the geographical location of your Internet Service Provider (ISP). For the Internet to work properly, your return address has to be sent out with each packet transmitted. IP localization services like
http://www.geobytes.com/iplocator.htm
not only give the country code for pretty much any IP address, they even return a latitude and longitude. If you work for a large enough company, it may be serving as your ISP, so your IPÂ address might effectively reveal your employer.
I gained an appreciation for just how far off from reality an IPÂ address can be when the Canadian Forces invited me to visit their operations in Afghanistan. We stopped enroute at Camp Mirage, a now-closed military airfield that we were told to describe as “somewhere in Southwest Asia.”
We had a pretty good idea what country we were in, but to check, I logged on from one of the courtesy Internet terminals and asked a tech savvy friend in Canada to attempt to geo-locate me. He came back with an address in Ottawa. This made sense since that's probably where our military Internet traffic was actually entering the public Internet. But in terms of actually locating me, the IP address location was off by over 10,000 km.
I've had similar experiences working on forensic investigations where the location of the address we're trying to trace often comes up as a facility of the Internet Service Provider.
Many Canadians complain that they have a more restrictive version of Netflix and no access to a lot of things that tech savvy Americans take for granted like Hulu Plus, Pandora, and Oyster. These services provide access to on-demand media (videos, music, and books respectively) but are geo-fenced to U.S. users only because of licensing restrictions.
Creative Canadians have devised and published methods for Âfaking a physical presence in the U.S. Often they involve using a Virtual Private Network (VPN) service to make your traffic appear to originate from the country of your choice. You can find out about all this and more at sites like
www.howtogetitincanada.com
.
Tweaking your position in cyberspace is an interesting and popular hack. But being deceived about your real-world location can have serious consequences. At a technical security seminar in 2007, researchers from an Italian information technology company gave a truly creepy demonstration called “How to freak out your Satellite Navigation.” Starting with a stock vehicle, they showed how to hack RDS-TMC (Radio Data System â Traffic Message Channel), the FMÂ Radio system that provides traffic data to car navigation systems.
269
Using “a PC and some cheap home made electronics,” they were able to inject messages into the Honda's navigation system ranging from “Traffic Queueing” to “Bomb Alert” to the ever-popular “Bull Fight.” More menacingly, if they marked a road, bridge, or tunnel as “Code 401âRoad Closed,” the system would silently plan and suggest another route. Being able to control, or at least seriously influence, somebody's driving behavior at a distance could be a terrorist's dream scenario.
Even if you're not a slave to online driving directions, you probably rely on other digital guides for directions. Even Siri, the trusted voice of Apple's personality assistant, can lead you astray, and she is certainly keeping track of you. According to Nicole Ozer of the American Civil Liberties Union of Northern California, Siri stores a trove of personal information including the people in your contact list, your music preferences, and even how you label your email.
270
Ozer notes that “This data can be really personal, like if you ask Siri, âwhere is the nearest abortion clinic?'.” She adds that Apple reserves the right to share your data with “Apple's partners who are providing related services to Apple.”
Not only can Siri spy on you, she might even misdirect you or hold back information. As the ACLU noted in 2011, Siri came up blank on “birth control information” and was instead directing people seeking abortions to pregnancy crisis centers that discourage abortions.
271
There may be a pretty straightforward, non-malicious explanation for this: abortion clinics rarely use the word “abortion” in their name or listings. And to be fair, artificial intelligence is definitely improving how personal digital assistants function. However, people should still be concerned about secrets being exchanged behind their backs by systems to which they do not have direct access.
Humans, of course, have their own secret signals. For years, New York City “meter maids,” now called “parking agents,” would put a bag of M&M's candy on their own dashboards, thereby fending off tickets from their fellow agents. It turns out that “secret handshakes” like this are all over the place, especially in electronic technology where they often rest undiscovered until somebody stumbles upon them. Their functionality is always there, but hidden in plain sight, available only to the initiated.
If you ever see somebody in a BMW doing this ritual:
1. Get in and close all doors.
2. Turn on the ignition and turn off quickly. (No more than 5 seconds) to start the process. Next action must take place within 30 seconds.
3. Remove the 1st key.
4. Hold the key up near your left shoulder (this is so it is closer to the remote receiver antenna.
5. Hold down the unlock button and press the lock button three times. Release the unlock button and the doors lock which confirms the operation.
272
They're probably not trying to steal the car. Instead, they are following a semi-secret procedure designed by the car's manufacturer to program an ignition “chip key.”
There are all sorts of codes lurking inside cars, especially luxury models. Some can even unlock a vehicle and start its engine. If you have a microscope, a supply of valid keys to cut apart, and a lot of patience, you can discover how this works through a technique called “chip slicing.”
However, revealing those secrets can get you into trouble. Flavio Garcia, a lecturer in computer science at the University of Birmingham, planned to present a paper called “Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobiliser” at an academic conference. He promised to divulge the secret codes of luxury automobiles “including Porsches, Audis, Bentleys and Lamborghinis.”
Instead, he discovered that the U.K. High Court doesn't take lightly to hacking the types of cars driven by the wealthy, such as judges and lawyers. Garcia was slapped with an injunction and prohibited from publishing his findings. However, the odds are very good that those very codes are out there on the Internet, if you know where to look.
Hoaxes and deception are everywhere on the Internet, along with the tools to perpetrate them. Even Google is not immune. Although the company has started taking itself much more seriously, Google still stages an annual April Fool's Day hoax and allows its staff to plant hidden features called “Easter Eggs” in some of its software.
As explained on the
mental_floss
blogsite, there are various hidden Easter Eggs, jokes, and timewasters in almost every Google service, product, or new device.”
273
Here is one you can try:
1. Go to YouTube
2. Start watching a video
3. Click outside the search bar
4. Type “1980”
“This will launch a playable game of Missile Command above the video. Beware! The aliens are trying to destroy the video you're watching.”
Hoaxes are fun, but deception can be both effective and lucrative.
The news site reddit has acknowledged that, in that site's early days, they spawned a fleet of fake accounts, often creating a new user every time they made an entry.
As Derek Mead wrote on
Motherboard.com
, “by populating the site with accounts whose strings they pulled, the reddit crew could shape the discourse and sharing of the site in the direction they wanted, and as the real user base grew, those standards held, allowing the fake accounts to fade away.”
274
Online scammers have impersonated charities, victims of diseases, and even the FBI. Many of the scammers are in African countries, and the phenomenon is collectively referred to as a “419 fraud” in honor of a section of the Nigerian Criminal Code which seems to be rather laxly enforced.
While not a recommended hobby, some people do engage in conversations with the scammers, telling them wild stories, leading them on, and even asking for photographs of their passports.
275
Still, it's best to simply delete those “too good to be true” emails, not open attachments, and spurn unsolicited online proposals no matter how attractive. Just walk away, so to speak.
Of course, that's difficult if someone is pointing a gun at you.
Handguns have been around since the 16th century, and their core technology hasn't really changed much. There has been some recent progress in building “smart guns” which use biometrics to respond only to the registered owner's voice or body. Perhaps the day is coming when guns can be fired by mere mental commands. All this enhanced security may be moot if an eight-year-old with a 3D printer and some plastic can run off a working handgun and take it to school.
Texas law student Cody Wilson and his non-profit corporation Defense Distributed caused a furor in 2013 when they “released the files for the Liberator pistolâthe culmination of the Wiki Weapon Project.”
276
Lawmakers at all levels launched into action trying to ban them. In November 2013, Philadelphia had the distinction of becoming the first city to outlaw the manufacturing of guns by 3D printers.
277
Critics quickly pointed out loopholes in that legislation. For example, it only bans the manufacture of 3D firearms in that city. Nothing in it makes it illegal to possess, say, a 3D printed gun created in neighboring Trenton, New Jersey Further laws will close this loophole; then others will surely appear.
3D printed plastic guns are a high profile example of a new category of things called “Physibles.” The Pirate Bay, which houses a repository of physibles, defines them as “data objects that are able (and feasible) to become physical.”
278
 3D guns are perfect crime weapons. At around $25 for some plastic plus the use of a printer, they are disposable like “burner cell phones.” Anyone who watches TV crime shows knows that police do their ballistic analysis of weapons by matching up the marks left on bullets. A gun that is used once and then discarded is fundamentally immune to that kind of forensics.
Most 3D printed guns have no serial numbers or identification marks and are made of plastic except for the firing pin, which in the case of The Liberator is an ordinary nail that you can buy on the Defense Distributed website for $5 with free shipping. So they are likely to pass through metal detectors, at least if you remove the nail, which Americans should not do because of a law called the Undetectable Firearms Act, which the U.S. Congress has extended until 2023.
Trying to engineer 3D printers to disallow the printing of guns is ultimately futile. It would simply lead to more innovative 3D guns that look like shower rings or action figures, two of the things commonly run off on 3D printers.
The attempt to control 3D printed guns demonstrates the emerging complexity of trying to separate the virtual and physical worlds. The CAD instruction files that allow the creation of the gun are clearly virtual. They have all the characteristics of digital information, such as instant accessibility all over the world, infinite replicability, and the inability to destroy them once they are distributed. Once they have been used to make a gun, they are transformed into a physical object with all its normal properties. The platform technology (3D printers) to make this happen is widely available, useful for many other functions, and almost impossible to control.
Lest you look at a plastic 3D gun and decide it would probably explode in your hand, please know that the 3D printing of metal is becoming a reality, through a process called direct metal laser sintering. Scanners are also getting better and cheaper. What comes out of 3D printers now will look like toys in a few years.
If 3D guns have law enforcement worried, other uses of 3D printing have some manufacturers terrified. The crime they have in mind is not murder, but the theft of intellectual property. A group at Michigan Technical University (MTU) went to the Thingiverse open source repository of 3D instruction files and selected, from over 100,000 items available, twenty that might be useful around the house and that could be bought commercially. Toys, watchbands, iPhone Âholders, pierogi makers, an orthotic insole, and the ever-popular shower curtain rings. Those are often the poster child for 3D printing because if you break one, you can scan one of its mates, 3D print it, and save yourself from buying a whole new set. As 3D printers get faster, it may even be quicker to run off a new garlic press than to rummage around looking for your old one.
The people who analyzed the 100,000 3D designs found that “even making the extremely conservative assumption that the household would only use the printer to make the selected twenty products a year, the avoided purchase cost savings would range from about $300 to $2000/year.”
279
That means the printer could pay for itself in anywhere from four months to two years, even counting materials costs. They used a printer called the RepRap, about half of whose parts can themselves be 3DÂ printed in an eerie kind of self-replicating robot printer universe.