Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Grad Student's Work Reveals National Infrastructure

CmdrTaco posted more than 11 years ago | from the kick-me-here dept.

Privacy 662

CodeHog writes "The WP reports about a student working on a PhD and how it relates to national (US) security. Very interesting that he has been able to get all this information. It raises some very challenging questions, should some of this information be classified?"

cancel ×

662 comments

Sorry! There are no comments related to the filter you selected.

Could it be..... (-1, Troll)

cecil36 (104730) | more than 11 years ago | (#6391534)

That I score another lame First Post!!!

premier poste (-1, Troll)

Anonymous Coward | more than 11 years ago | (#6391538)

ce premier poste est dédié à Pierre Desproges !

VOUS L'ÉCHOUEZ! VOICI DU VOMI, À LA FRANÇAIS! (-1)

I VOMIT ON FAILURES! (652124) | more than 11 years ago | (#6391582)

Comment dites-vous l'"ÉCHEC" en français? Qui s'inquiète! VOUS L'ÉCHOUEZ!

Re:VOUS L'ÉCHOUEZ! VOICI DU VOMI, À LA FRANÇAIS! (-1)

Adolf Hitroll (562418) | more than 11 years ago | (#6391668)

No problem, he was dead, anyway :)
May I add you to my "redundant and boring trolls" list or do you prefer killing yourself ?

I'd prefer that you (-1, Troll)

Anonymous Coward | more than 11 years ago | (#6391716)

choke on my vomit, Sir. HAND.

HEY FRENCHMAN, TAKE YOUR FREEDOM POST (-1)

I POOP ON FAILURES! (685242) | more than 11 years ago | (#6391664)

and allow me to POOP on it

YOU FUCKING FAILED IT!

SURRENDER YOUR POST TO MY INCOMING LOAD!

Lameness filter encountered. Post aborted!
Reason: Don't use so many caps. It's like YELLING.

Re:HEY FRENCHMAN, TAKE YOUR FREEDOM POST (-1)

Adolf Hitroll (562418) | more than 11 years ago | (#6391710)

wouldn't you rather poop on hemp seed ?
I guess this could help you relieving yourself from such a stressing (and boring) life :)

You're Pants (-1, Offtopic)

goggy (144676) | more than 11 years ago | (#6391556)

Pants you are

TRANCE NATION REJOICE (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#6391561)



Dance. Dance.
Dance. Dance.

Well.. (5, Funny)

Gortbusters.org (637314) | more than 11 years ago | (#6391567)

In the background, he plays the Beastie Boys.

He's got the right to party!

Re:Well.. (1)

sporty (27564) | more than 11 years ago | (#6391594)

Nono.. it' explains why..

"He is most ill and he's rhymin' and stealin'.

m'thinks that is how he got his info /eggman

Text (-1, Redundant)

Pinguu (677142) | more than 11 years ago | (#6391574)

Dissertation Could Be Security Threat Student's Maps Illustrate Concerns About Public Information Sean Gorman's professor called his dissertation "tedious and unimportant." Gorman didn't talk about it when he went on dates because "it was so boring they'd start staring up at the ceiling." But since the Sept. 11, 2001, attacks, Gorman's work has become so compelling that companies want to seize it, government officials want to suppress it, and al Qaeda operatives -- if they could get their hands on it -- would find a terrorist treasure map. Tinkering on a laptop, wearing a rumpled T-shirt and a soul patch goatee, this George Mason University graduate student has mapped every business and industrial sector in the American economy, layering on top the fiber-optic network that connects them. He can click on a bank in Manhattan and see who has communication lines running into it and where. He can zoom in on Baltimore and find the choke point for trucking warehouses. He can drill into a cable trench between Kansas and Colorado and determine how to create the most havoc with a hedge clipper. Using mathematical formulas, he probes for critical links, trying to answer the question: "If I were Osama bin Laden, where would I want to attack?" In the background, he plays the Beastie Boys. For this, Gorman has become part of an expanding field of researchers whose work is coming under scrutiny for national security reasons. His story illustrates new ripples in the old tension between an open society and a secure society. "I'm this grad student," said Gorman, 29, amazed by his transformation from geek to cybercommando. "Never in my wildest dreams would I have imagined I'd be briefing government officials and private-sector CEOs." Invariably, he said, they suggest his work be classified. "Classify my dissertation? Crap. Does this mean I have to redo my PhD?" he said. "They're worried about national security. I'm worried about getting my degree." For academics, there always has been the imperative to publish or perish. In Gorman's case, there's a new concern: publish and perish. "He should turn it in to his professor, get his grade -- and then they both should burn it," said Richard Clarke, who until recently was the White House cyberterrorism chief. "The fiber-optic network is our country's nervous system." Every fiber, thin as a hair, carries the impulses responsible for Internet traffic, telephones, cell phones, military communications, bank transfers, air traffic control, signals to the power grids and water systems, among other things. "You don't want to give terrorists a road map to blow that up," he said. The Washington Post has agreed not to print the results of Gorman's research, at the insistence of GMU. Some argue that the critical targets should be publicized, because it would force the government and industry to protect them. "It's a tricky balance," said Michael Vatis, founder and first director of the National Infrastructure Protection Center. Vatis noted the dangerous time gap between exposing the weaknesses and patching them: "But I don't think security through obscurity is a winning strategy." Gorman compiled his mega-map using publicly available material he found on the Internet. None of it was classified. His interest in maps evolved from his childhood, he said, because he "grew up all over the place." Hunched in the back seat of the family car, he would puzzle over maps, trying to figure out where they should turn. Five years ago, he began work on a master's degree in geography. His original intention was to map the physical infrastructure of the Internet, to see who was connected, who was not, and to measure its economic impact. "We just had this research idea, and thought, 'Okay,' " said his research partner, Laurie Schintler, an assistant professor at GMU. "I wasn't even thinking about implications." The implications, however, in the post-Sept. 11 world, were enough to knock the wind out of John M. Derrick Jr., chairman of the board of Pepco Holdings Inc., which provides power to 1.8 million customers. When a reporter showed him sample pages of Gorman's findings, he exhaled sharply. "This is why CEOs of major power companies don't sleep well these days," Derrick said, flattening the pages with his fist. "Why in the world have we been so stupid as a country to have all this information in the public domain? Does that openness still make sense? It sure as hell doesn't to me." Recently, Derrick received an e-mail from an atlas company offering to sell him a color-coded map of the United States with all the electric power generation and transmission systems. He hit the reply button on his e-mail and typed: "With friends like you, we don't need any enemies in the world." Toward the other end of the free speech spectrum are such people as John Young, a New York architect who created a Web site with a friend, featuring aerial pictures of nuclear weapons storage areas, military bases, ports, dams and secret government bunkers, along with driving directions from Mapquest.com. He has been contacted by the FBI, he said, but the site is still up. "It gives us a great thrill," Young said. "If it's banned, it should be published. We like defying authority as a matter of principle." This is a time when people are rethinking the idea of innocent information. But it is hardly the first time a university has entangled itself in a war. John McCarthy, who oversees Gorman's project at GMU's National Center for Technology and Law, compared this period to World War II, when academics worked on code-breaking and atomic research. McCarthy introduced Gorman to some national security contacts. Gorman's critical infrastructure project, he said, has opened a dialogue among academia, the public sector and the private sector. The challenge? "Getting everyone to trust each other," McCarthy said. "It's a three-way tension that tugs and pulls." When Gorman and Schintler presented their findings to government officials, McCarthy recalled, "they said, 'Pssh, let's scarf this up and classify it.' " And when they presented them at a forum of chief information officers of the country's largest financial services companies -- clicking on a single cable running into a Manhattan office, for example, and revealing the names of 25 telecommunications providers -- the executives suggested that Gorman and Schintler not be allowed to leave the building with the laptop. Businesses are particularly sensitive about such data. They don't want to lose consumer confidence, don't want to be liable for security lapses and don't want competitors to know about their weaknesses. The CIOs for Wells Fargo and Mellon Financial Corp. attended the meeting. Neither would comment for this story. Catherine Allen, chief executive of BITS, the technology group for the financial services roundtable, said the attendees were "amazed" and "concerned" to see how interdependent their systems were. Following the presentation, she said, they decided to hold an exercise in an undisclosed Midwestern city this summer. They plan to simulate a cyber assault and a bomb attack jointly with the telecommunications industry and the National Communications System to measure the impact on financial services. McCarthy hopes that by identifying vulnerabilities, the GMU research will help solve a risk management problem: "We know we can't have a policeman at every bank and switching facility, so what things do you secure?" Terrorists, presumably, are exploring the question from the other end. In December 2001, bin Laden appeared in a videotape and urged the destruction of the U.S. economy. He smiled occasionally, leaned into the camera and said, "This economic hemorrhaging continues until today, but requires more blows. And the youth should try to find the joints of the American economy and hit the enemy in these joints, with God's permission." Every day, Gorman tries to identify those "joints," sitting in a gray cinderblock lab secured by an electronic lock, multiple sign-on codes and a paper shredder. No one other than Gorman, Schintler or their research instructor, Rajendra Kulkarni, is allowed inside; they even take out their own trash. When their computer crashed, they removed the hard drive, froze it, smashed it and rubbed magnets over the surface to erase the data. The university has imposed the security guidelines. It is trying to build a cooperative relationship with the Department of Homeland Security. Brenton Greene, director for infrastructure coordination at DHS, described the project as "a cookbook of how to exploit the vulnerabilities of our nation's infrastructure." He applauds Gorman's work, as long as he refrains from publishing details. "We would recommend this not be openly distributed," he said. Greene is trying to help the center get federal funding. ("The government uses research funding as a carrot to induce people to refrain from speech they would otherwise engage in," said Kathleen Sullivan, dean of Stanford Law School. "If it were a command, it would be unconstitutional.") All this is a bit heavy for Gorman, who is in many ways a typical student. His Christmas lights are still up in July; his living room couch came from a trash pile on the curb. Twice a day, Gorman rows on the Potomac. Out on the water, pulling the oars, he can stop thinking about how someone could bring down the New York Stock Exchange or cripple the Federal Reserve's ability to transfer money. On a recent afternoon, he drove his Jeep from the Fairfax campus toward the river. Along the way he talked about his dilemma: not wanting to hurt national security; not wanting to ruin his career as an academic. "Is this going to completely squash me?" he said, biting his fingernail. GMU has determined that he will publish only the most general aspects of his work. "Academics make their name as an expert in something. . . . If I can't talk about it, it's hard to get hired. It's hard to put 'classified' on your list of publications on your résumé." As he drove along Route 50, he pointed out a satellite tower and a Verizon installation. Somewhere in Arlington he took a wrong turn and stopped to ask for directions. It has always been that way with him. He's great at maps, but somehow he ends up lost.

Re:Text (2, Funny)

BiteMeFanboy (680905) | more than 11 years ago | (#6391590)

Thanks shithead, Especially well before the article was /.'ed. Nice karma whoring attempt.

Re:Text (2, Funny)

kcornia (152859) | more than 11 years ago | (#6391640)

Extra points for somehow removing the carriage returns and making it into unreadable gobbledygook...

Re:Text (0)

Anonymous Coward | more than 11 years ago | (#6391661)

He didn't even bother to format with <p>.



Which makes me wonder, was that intentionally left unformatted so that we would miss critical information in that article?

Because the Washington Post is so going to be /.ed (0)

Anonymous Coward | more than 11 years ago | (#6391658)

Cockarse.

THIS is how you are supposed to karma-whore, byatc (0)

Anonymous Coward | more than 11 years ago | (#6391698)

Sean Gorman's professor called his dissertation "tedious and unimportant." Gorman didn't talk about it when he went on dates because "it was so boring they'd start staring up at the ceiling." But since the Sept. 11, 2001, attacks, Gorman's work has become so compelling that companies want to seize it, government officials want to suppress it, and al Qaeda operatives -- if they could get their hands on it -- would find a terrorist treasure map.

Tinkering on a laptop, wearing a rumpled T-shirt and a soul patch goatee, this George Mason University graduate student has mapped every business and industrial sector in the American economy, layering on top the fiber-optic network that connects them.

He can click on a bank in Manhattan and see who has communication lines running into it and where. He can zoom in on Baltimore and find the choke point for trucking warehouses. He can drill into a cable trench between Kansas and Colorado and determine how to create the most havoc with a hedge clipper. Using mathematical formulas, he probes for critical links, trying to answer the question: "If I were Osama bin Laden, where would I want to attack?" In the background, he plays the Beastie Boys.

For this, Gorman has become part of an expanding field of researchers whose work is coming under scrutiny for national security reasons. His story illustrates new ripples in the old tension between an open society and a secure society.

"I'm this grad student," said Gorman, 29, amazed by his transformation from geek to cybercommando. "Never in my wildest dreams would I have imagined I'd be briefing government officials and private-sector CEOs."

Invariably, he said, they suggest his work be classified. "Classify my dissertation? Crap. Does this mean I have to redo my PhD?" he said. "They're worried about national security. I'm worried about getting my degree." For academics, there always has been the imperative to publish or perish. In Gorman's case, there's a new concern: publish and perish.

"He should turn it in to his professor, get his grade -- and then they both should burn it," said Richard Clarke, who until recently was the White House cyberterrorism chief. "The fiber-optic network is our country's nervous system." Every fiber, thin as a hair, carries the impulses responsible for Internet traffic, telephones, cell phones, military communications, bank transfers, air traffic control, signals to the power grids and water systems, among other things.

"You don't want to give terrorists a road map to blow that up," he said.

The Washington Post has agreed not to print the results of Gorman's research, at the insistence of GMU. Some argue that the critical targets should be publicized, because it would force the government and industry to protect them. "It's a tricky balance," said Michael Vatis, founder and first director of the National Infrastructure Protection Center. Vatis noted the dangerous time gap between exposing the weaknesses and patching them: "But I don't think security through obscurity is a winning strategy."

Gorman compiled his mega-map using publicly available material he found on the Internet. None of it was classified. His interest in maps evolved from his childhood, he said, because he "grew up all over the place." Hunched in the back seat of the family car, he would puzzle over maps, trying to figure out where they should turn. Five years ago, he began work on a master's degree in geography. His original intention was to map the physical infrastructure of the Internet, to see who was connected, who was not, and to measure its economic impact.

"We just had this research idea, and thought, 'Okay,' " said his research partner, Laurie Schintler, an assistant professor at GMU. "I wasn't even thinking about implications."

The implications, however, in the post-Sept. 11 world, were enough to knock the wind out of John M. Derrick Jr., chairman of the board of Pepco Holdings Inc., which provides power to 1.8 million customers. When a reporter showed him sample pages of Gorman's findings, he exhaled sharply.

"This is why CEOs of major power companies don't sleep well these days," Derrick said, flattening the pages with his fist. "Why in the world have we been so stupid as a country to have all this information in the public domain? Does that openness still make sense? It sure as hell doesn't to me."

Recently, Derrick received an e-mail from an atlas company offering to sell him a color-coded map of the United States with all the electric power generation and transmission systems. He hit the reply button on his e-mail and typed: "With friends like you, we don't need any enemies in the world."

Toward the other end of the free speech spectrum are such people as John Young, a New York architect who created a Web site with a friend, featuring aerial pictures of nuclear weapons storage areas, military bases, ports, dams and secret government bunkers, along with driving directions from Mapquest.com. He has been contacted by the FBI, he said, but the site is still up.

"It gives us a great thrill," Young said. "If it's banned, it should be published. We like defying authority as a matter of principle."

This is a time when people are rethinking the idea of innocent information. But it is hardly the first time a university has entangled itself in a war. John McCarthy, who oversees Gorman's project at GMU's National Center for Technology and Law, compared this period to World War II, when academics worked on code-breaking and atomic research. McCarthy introduced Gorman to some national security contacts. Gorman's critical infrastructure project, he said, has opened a dialogue among academia, the public sector and the private sector. The challenge? "Getting everyone to trust each other," McCarthy said. "It's a three-way tension that tugs and pulls."

When Gorman and Schintler presented their findings to government officials, McCarthy recalled, "they said, 'Pssh, let's scarf this up and classify it.' "

And when they presented them at a forum of chief information officers of the country's largest financial services companies -- clicking on a single cable running into a Manhattan office, for example, and revealing the names of 25 telecommunications providers -- the executives suggested that Gorman and Schintler not be allowed to leave the building with the laptop.

Businesses are particularly sensitive about such data. They don't want to lose consumer confidence, don't want to be liable for security lapses and don't want competitors to know about their weaknesses. The CIOs for Wells Fargo and Mellon Financial Corp. attended the meeting. Neither would comment for this story.

Catherine Allen, chief executive of BITS, the technology group for the financial services roundtable, said the attendees were "amazed" and "concerned" to see how interdependent their systems were. Following the presentation, she said, they decided to hold an exercise in an undisclosed Midwestern city this summer. They plan to simulate a cyber assault and a bomb attack jointly with the telecommunications industry and the National Communications System to measure the impact on financial services.

McCarthy hopes that by identifying vulnerabilities, the GMU research will help solve a risk management problem: "We know we can't have a policeman at every bank and switching facility, so what things do you secure?"

Terrorists, presumably, are exploring the question from the other end. In December 2001, bin Laden appeared in a videotape and urged the destruction of the U.S. economy. He smiled occasionally, leaned into the camera and said, "This economic hemorrhaging continues until today, but requires more blows. And the youth should try to find the joints of the American economy and hit the enemy in these joints, with God's permission."

Every day, Gorman tries to identify those "joints," sitting in a gray cinderblock lab secured by an electronic lock, multiple sign-on codes and a paper shredder. No one other than Gorman, Schintler or their research instructor, Rajendra Kulkarni, is allowed inside; they even take out their own trash. When their computer crashed, they removed the hard drive, froze it, smashed it and rubbed magnets over the surface to erase the data.

The university has imposed the security guidelines. It is trying to build a cooperative relationship with the Department of Homeland Security, much like the sexual relationship between cmdrtaco and rob malda. Brenton Greene, director for infrastructure coordination at DHS, described the project as "a cookbook of how to exploit the vulnerabilities of our nation's infrastructure." He applauds Gorman's work, as long as he refrains from publishing details. "We would recommend this not be openly distributed," he said.

Greene is trying to help the center get federal funding. ("The government uses research funding as a carrot to induce people to refrain from speech they would otherwise engage in," said Kathleen Sullivan, dean of Stanford Law School. "If it were a command, it would be unconstitutional.")

All this is a bit heavy for Gorman, who is in many ways a typical student. His Christmas lights are still up in July; his living room couch came from a trash pile on the curb. Twice a day, Gorman rows on the Potomac. Out on the water, pulling the oars, he can stop thinking about how someone could bring down the New York Stock Exchange or cripple the Federal Reserve's ability to transfer money.

On a recent afternoon, he drove his Jeep from the Fairfax campus toward the river. Along the way he talked about his dilemma: not wanting to hurt national security; not wanting to ruin his career as an academic.

"Is this going to completely squash me?" he said, biting his fingernail. GMU has determined that he will publish only the most general aspects of his work. "Academics make their name as an expert in something. . . . If I can't talk about it, it's hard to get hired. It's hard to put 'classified' on your list of publications on your résumé."

As he drove along Route 50, he pointed out a satellite tower and a Verizon installation. Somewhere in Arlington he took a wrong turn and stopped to ask for directions. It has always been that way with him. He's great at maps, but somehow he ends up lost.

Link please! (4, Funny)

Jeremy Erwin (2054) | more than 11 years ago | (#6391577)

I can't figure out how to download his dissertation. I want to judge for myself whether "tedious and unimportant" is an apt description.

Re:No Link (0, Redundant)

DrWho520 (655973) | more than 11 years ago | (#6391767)

If you read the article, you would understand why you can't download his dissertation. It is a road map for terrorism throughout the United States. Everybody knows where major landmarks are, but these are major hubs in the IT infrastructure of this country. From the sound of it, power grids, information pipelines and all kinds of other electronic infrastructure is a whole lot more interconnected than I originally imagined.

The writer is concerned he will not be able to work if he cannot get published, since he will only be publishing the most general of ideas from the paper. I am sure Uncle Sam will make certain he is well taken care of. You have a future in government consulting. Lets just hope he does not get snatched one morning as he's rowing across the lake.

Re:No Link (4, Insightful)

elem (411711) | more than 11 years ago | (#6391868)

I think you failed to notice the joke....

Link to the story? (0, Redundant)

ufoo (635711) | more than 11 years ago | (#6391586)

Here's the story on the washington post [washingtonpost.com] . Parallels between the critical infrastructure question and computer security professionals. There's a certain point where information should be kept quiet.

Re:Link to the story? (1)

ufoo (635711) | more than 11 years ago | (#6391615)

Dumbass. Nice. Note to self: Next time read the story.

Re:Link to the story? (0)

rmiley (686756) | more than 11 years ago | (#6391657)

Why should it be kept quiet? The information is already available if you look hard enough. Do you really believe you can keep this quiet, and if so do you trust those that are keeping it quiet?

You all have to decide (4, Insightful)

Anonymous Coward | more than 11 years ago | (#6391589)

You're either "land of the free", or you are not. So either live up to the hype, or change the tagline. Can't have it both ways, with a closed society fueled on fear, claming to be "free".

[jole]

Re:You all have to decide (1)

jo42 (227475) | more than 11 years ago | (#6391747)

Classify! Classify!
Don't tell them nuthin'!
Don't learn'em nuthin'!

- Dumb Ignorant American in Land of The Free!!

Re:You all have to decide (2, Insightful)

GlassUser (190787) | more than 11 years ago | (#6391838)

Despite open source ramblings, security through obscurity can be one component of an effective security system. NEVER rely on it, but it's great for extra insurance.

Re:You all have to decide (5, Insightful)

rose_bud4201 (651146) | more than 11 years ago | (#6391806)

Frankly, I'm on your side...keeping some of the stuff he used to generate his maps classified would knock some information which is really very handy from the public use - things like the shipping/loading dock information that he mentioned (would a prospective company have to go through clearance procedures to find out whether shipping their goods through a given area is worthwhile??), like ISP bandwidth and routing information, and the depth of cable trenches (would telephone or paving companies also have to be cleared before putting in a new pole or rebuilding a road?) "It gives us a great thrill," Young said. "If it's banned, it should be published. We like defying authority as a matter of principle." That, I think, is a little extreme, but there are some things which can't be pulled from the public domain without wreaking havoc on the people dependant on them.

what national security infrastructure???? (1)

stonebeat.org (562495) | more than 11 years ago | (#6391592)

what national security infrastructure????
:)

This guy is stoked, no more degree necessary (5, Insightful)

kcornia (152859) | more than 11 years ago | (#6391596)

After this kind of publicity, he'll have some job offers coming in, I guarantee it.

I'd tell 'em to classify it all they want, just looks BETTER on the resume...

Finding information is not difficult... (5, Insightful)

bc90021 (43730) | more than 11 years ago | (#6391598)

For instance, this is not the first time Sean Gorman has been talked about:

Article in Science Daily [sciencedaily.com]

Plus, someone with the same email address has posts in rec.sports.rowing...

The bottom line is that if you know where to look, you can find out lots of stuff. Classifying this guy's dissertation isn't going to prevent someone else (from anywhere on the planet) using the same tools he did to do the same things he did.

We either have to control all information (hello, Mr. Orwell!) or accept that information can't be controlled and plan accordingly. It's been said many times before, but security through obsucrity just doesn't work.

Re:Finding information is not difficult... (4, Interesting)

TopShelf (92521) | more than 11 years ago | (#6391702)

At least what this has prompted is a panic attack amongst some CIO's out there, who now understand that 1) too much information has long been left in the public domain, and 2) critical infrastructure security has been neglected for far too long.

Once you can shock the CEO's and CFO's into understanding that a genuine business risk exists out there, action can take place. I think far too many people assumed that the telco/networking companies had this all figured out...

Re:Finding information is not difficult... (1)

Azghoul (25786) | more than 11 years ago | (#6391754)

The difficulty is that hysteria about terrorism is all the rage down here in DC now. Trying to talk calmly about alternatives, not to mention all the industries that will be damaged if too much data is taken offline, is all those of us with contacts in the government can do.

If you're cynical you won't buy it, but it's true: The average government worker (above, say, GS12) actually does give a shit about his job, and wants to get it right. Fight the hysteria with reason and we'll be okay.

(and if you're cynical, please don't bother responding, I've heard it all before... :))

Re:Finding information is not difficult... (5, Insightful)

SirWhoopass (108232) | more than 11 years ago | (#6391843)

We either have to control all information (hello, Mr. Orwell!) or accept that information can't be controlled and plan accordingly. It's been said many times before, but security through obsucrity just doesn't work.

Security through obscurity alone doesn't work, but that doesn't mean that obscurity isn't important too. It's not like the fiber connections to the New York Stock Exchange run through a box on the street with an "off" lever. They're underground. But that doesn't mean the NYSE should put the exact location on their web site.

If you look at how the military handles classified information you'll note that in order to access information you need both the proper clearance and the "need to know". That means that just because you have a top secret clearance because you work on stealth fighters doesn't mean you get to see the top secret photos of North Korea's nuclear reactors. You have the proper clearance, but you don't have the need to know.

The main issue isn't (or shouldn't be) about classifying this guy's thesis. The issue is why all this imformation was so freely availble in the first place and whether power companies, telecoms, etc. should look at restricting access to certain types of data.

Re:It's not the information, but the presentaiton. (2, Interesting)

DrWho520 (655973) | more than 11 years ago | (#6391852)

True, it is not hard to find the information, but how difficult is it to pull it all together into one package as Gorman has done? Yes, classify it after the guy gets his sheep skin. Its one thing to have information out there to develop a bomb, its quite another thing to post schematics in a periodical.

P3N15 131RD (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#6391600)

For years now, the common American penis bird has been a staple of every American's daily diet. Whether it be penis bird sandwiches, fried penis bird, or perhaps penis bird under glass (for the rich), we all have penis bird at least once a day. Many Americans have no clue how the penis bird became so important in the pyramid of a balanced diet, so in this article I will attempt to explain its history and why it is so useful.

In the early 1870s, Francis Zefran became the first penis bird breeder in North America. He started his famous Penis Bird Ranch in Canton, OH. At the time, not much was known of the penis bird's nutritional value, but the Penis Bird Ranch changed all of that. Not only did Francis Zefran raise penis birds to sell their colorful plumes (a VERY lucrative business), he also set up the world's first research lab dedicated solely to the study of the penis bird.

The lab found many interesting things. First, it was discovered that thepenis bird was actually semi-sentient. Second, the scientists found that the meat of the penis bird was high in protein, vitamin A, vitamin B, and calcium, while low in fat, cholestorol, and sodium. Never before had such a nutritious meal been had without supplement or fortification. The scientists of the lab recommended immediately that the penis bird become a part of every American's daily diet.

When the news of the penis bird's usefulness reached president Rutherford B. Hayes, he was absolutely ecstatic. You see, President Hayes owed a number of favors to Francis Zefran because as I said earlier, the penis bird plume trade was an extremely lucrative business and Mr. Zefran was important in getting RBH elected through a number of monetary gifts. President Hayes immediately asked Congress to pass what we all know today as the Hayes/Zefran Penis Bird Consumption Act.

The act did a number of things to make the penis bird a daily meal, most important of which was the requirement that for every four people in a household, one penis bird must consumed every day. Another thing the act did was create an artificial monopoly for Francis Zefran's Penis Bird Industries. The act stated that the only supplier of penis bird meat in the US would be PBI. As one would imagine, this quickly made Francis Zefran into the richest man in the world. He was soon a multi-billionaire (quadrillionaire with today's inflation). Never before had a single man seen such wealth.

Many challenges were made to the Hayes/Zefran Penis Bird Consumption Act, and several even made it the Supreme Court. It was argued that the act was unconstitutional and went against liberty itself, but once the detractors tasted delicious penis bird meat for the first time, they immediately dropped their cases and followed the law to the letter. We all know today that penis bird is the most delicious meat man has ever known, but at that time, the only meats people ate were pork and beef.

In the early 1970s, though, challenges to the act began again. Many argued that the monopoly given to Penis Bird Industries by the act was in all ways unamerican. The Supreme Court finally agreed, and in 1974, Section II of the act was struck down. This in effect opened the market to competition for all.

Today, Penis Bird Industries is almost no more. Today we have the market leader Penis Bird Meat International facing against Penissoft, a recent startup. Where will the future lead the penis bird market? Only time will tell us, but one thing is certain: penis birds are here to stay! -klerck (Reproduced by AC)

How is this.. (0, Insightful)

jkrise (535370) | more than 11 years ago | (#6391601)

national infrastructure? I mean, if I knew Verizon and AOL were the main providers of services for a firm, how does that affect national security?

And incidentally, this could be a good thing for Linux. An entire country operating on a single flavor of Windows, is the perfect recipe for disaster.

RTFA (1, Informative)

Anonymous Coward | more than 11 years ago | (#6391648)

This has nothing to do with Windows or Linux. A terrorist with access to this information could simply look up points that have the biggest confluence of fiber optic cables and communication equipment and attack. They could similarly do the same with energy infrastructure.

Wires don't run Windows or Linux.

Re:RTFA (1)

jkrise (535370) | more than 11 years ago | (#6391705)

" This has nothing to do with Windows or Linux."

How come? If Corporate America decided to go Subscription Advantage, and National Security mandated that all users upgrade to the latest version of Windoze, then that could be suicidal. The only thing that currently runs on all flavors of Windows is... guess what? Viruses, and mostly without recoding ot recompiling.

Perfect recipe for national disaster, I repeat.

Re:How is this.. (2, Interesting)

elem (411711) | more than 11 years ago | (#6391786)

I don't think you really got the point here.

This has nothing to do with any operating systems or computers.

You can easily criple companys and national infrastructure just by knowing the few substations and fibre switchs that need to be brought down. No power, no phone, no net.... oh dear.

Reminds me of a job I did in London (5, Interesting)

tiled_rainbows (686195) | more than 11 years ago | (#6391609)

I work for Transport for London (Transport Authority in London, UK, duh), and, after 9/11 my boss asked me to print out a huge map of the city and put a little sticky label over every "potential terrorist target". Buckingham Palace, Houses of Parliament, the big wheel thing, ministry of defence, big office blocks, army barracks, more palaces....
After three hours I was running out of sticky labels and was very scared.

But hey, look on the bright side, maybe it'll never happen!!!

Re:Reminds me of a job I did in London (5, Funny)

Trigun (685027) | more than 11 years ago | (#6391653)

You'd look awful suspicious if it did happen, what with that giant map with all the targets labelled and all...

Re:Reminds me of a job I did in London (1)

tiled_rainbows (686195) | more than 11 years ago | (#6391729)

yeah, shit, I wonder where I left it...

Re:Reminds me of a job I did in London (1)

ceoyoyo (59147) | more than 11 years ago | (#6391834)

I've heard the government of Canada published a list of potential terrorist targets -- the CN tower, BC Place, the Calgary Stampede, after that it just got ridiculous.

Shave your fucking beard (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#6391611)


It doesn't look cool. [washingtonpost.com] Seriously.

Information wants to be free (4, Insightful)

albin (52375) | more than 11 years ago | (#6391613)

You cannot keep information like this secure forever, or even very long. Someone will always have this information. The question is, will we allow the US government to to deprive us of our liberties to the extent that the gov't really can keep this information for ourselves, and only let it out when it's in their interest for a building to get bombed, or do we fight to keep information free?

People who claim this information is a security risk are looking at things the wrong way round.

Re:Information wants to be free (2, Insightful)

sporty (27564) | more than 11 years ago | (#6391781)

If information wanted to be free, it'd have a will or method of making itself known.

Also, the gov't witholds certain information for our own safty. You don't want people panic'd and making situations worse. It doesn't justify keeping all information classified, but it does justify keeping some of it.

What I REALLY want to know... (4, Insightful)

Noryungi (70322) | more than 11 years ago | (#6391624)

Is what kind of database and what kind of software he has used to create the program that is the basis of his PhD.

On a more serious note, I think his work is great. While it certainly has serious security implications, it could also be used by ISPs, telcos, power companies, etc. to disseminate information on outages and/or find the root causes of problems.

Ah, well... I suppose we'll never see the results... but I do hope he gets his PhD.

Re:What I REALLY want to know... (3, Informative)

robslimo (587196) | more than 11 years ago | (#6391799)

I suspect he's using several tricks to discover correlate IP addresses to services providers, to businesses to physical locations and superimposing that data on a traditional map. The geographical info is available from many sources; the trick is tieing all that info together to form a coherent 'big picture'.

Some info on discovering the physical location of a IP address (or multiple IP's in order to form a physical route map) is available here [private.org.il]

Interesting that there is an extension to DNS as described in RFC 1876 that allows an owner to identify the location of their host.

Dark undertone (5, Interesting)

Gortbusters.org (637314) | more than 11 years ago | (#6391626)

Did anyone else think that this article had a dark undertone of government and corporerations looking to lock down information in the name of security. I mean, some of this information is important and may have benefits to the general public.

The scariest line is that they wanted to burn his research. Flash backs of 1984 flashed in my mind.

Re:Dark undertone (1)

vasqzr (619165) | more than 11 years ago | (#6391832)


Right. Either this type of information is free and available, or the government locks everything down and we end up like half the other countries who treat their citizens as 'Sims'

Not all evil (5, Interesting)

Azghoul (25786) | more than 11 years ago | (#6391627)

Some people might wonder why in the world you'd need to have maps of electrical grids and fibre lines...

I'm working on the periphery of the emergency response industry, and suffice it to say, any infrastructure data is vital as hell for responding to major natural disasters like quakes, hurricanes and tornadoes.

Tossing all this "scary" data into the classified domain will hammer on emergency responders' ability to effectively map this stuff.

It's vital, and I think the anti-"security through obscurity" comment in the article hits the nail on the head...

Re:Not all evil (1)

vasqzr (619165) | more than 11 years ago | (#6391748)


I work at a construction/engineering firm, and this kind of information goes in and out of here every day. Someone could come in, pose as a soil grading estimator, walk out with a set of plans to anywhere in the state, and do any kind of terrorist act he or she wanted after that.

Is the government going to decide who can see what, and what they can see?

Re:Not all evil (1)

ka9dgx (72702) | more than 11 years ago | (#6391755)

Yeah, we'll classify the whole lot, and force everyone who ever buried a cable to swear secrecy.

Once that's accomplished, we wait for a random backhoe to take something out, and civilization falls apart.

Only an idiot would classify maps.

--Mike--

i don't know about that... (1)

ed.han (444783) | more than 11 years ago | (#6391773)

i should think that emergency responders would be among the approved entities to have access to this data.

my big question: how current is this data? it's taken years to compile and in that time, natural disasters and the like would have changed some elements, rendering certain data inaccurate. that's why db records invariably have a "last updated" date/time stamp field in 'em. the only thing worse than no data is data whose accuracy is in question, IMX.

ed

Re:i don't know about that... (4, Interesting)

Azghoul (25786) | more than 11 years ago | (#6391862)

Well, that's just it: Classifying data is different from making it sensitive and just not handing it out to anyone. Plenty of data is already designated as "sensitive" (see HAZUS at FEMA for example).

Infrastructure data is often sensitive. First responders can certainly get it. However, if DoD and/or DHS go haywire and classify it, only those with Secret (or better) clearance level can get it.

And your average "first responder" fireman isn't going to possess a secret clearance...

As for currentness, you'd be surprised. Much of the interesting infrastructure (major emergency facilities, dams, etc) doesn't change very often.

Public + Public + Public = Classified (5, Funny)

fuzzeli (676881) | more than 11 years ago | (#6391633)

It's very interesting the way that an assemblage of publicly available information is suddenly a matter of national security. This must be based on the assumption that evildoers are never grad students.

To quote Ellie (0)

Anonymous Coward | more than 11 years ago | (#6391637)

(Jodie Foster) from the movie Contact, "What, you want to classify prime numbers now?"

Pff... I don't know why this is so interesting. (0, Troll)

Sheetrock (152993) | more than 11 years ago | (#6391643)

Similar things have been done already; MapQuest, for one, which allows (modest, year-old) satellite imaging as well. They made a nice attempt at turning it into shock value, but all sizzle no steak as they say.

I don't really know what he's driving at, anyway. This newest wave of technology is flashy, but we seem to have forgotten that recognizing and exploiting consumer attention is the key to unlocking the door of success in this cutthroat business -- not simply coming up with bigger and better, but maximizing the potential of what you've got.

Take the game industry for example; the earliest games functioned on single-sided single-density floppy disks, which didn't permit a great deal of graphics or fanciful algorithms. Games, as a standard, were terse and text-based until a programmer came up with a method of doubling the graphical storage -- and ended up making games that outperformed the standards of those on technically superior systems. Or go to the console wars, where the concept of making a dual-processor system (SNES) was outshone by the concept of vastly improving the storage space (Playstation) on a technically inferior CPU.

Same deal with this mapping stuff. Just show me how to get from Point A to the mall and I'm set -- I don't need to know the infrastructure along the way.

console systems and dual CPUs (1)

Unit3 (10444) | more than 11 years ago | (#6391692)

I'm not sure what you were talking about re: the SNES and dual CPUs. I believe you were thinking of the Turbo Graphics 16, which had dual CPUs, but was outshone by the SNES and its superior graphics chipset. Clearly, the Playstation was far superior hardware in every way to the SNES.

I just want to see it because... (1)

magores (208594) | more than 11 years ago | (#6391644)

It sounds kind of cool actually.

(ummm.. Does this mean I really AM a geek?)

Dude! (0)

Anonymous Coward | more than 11 years ago | (#6391645)

Dude, you're gettin' a cavity probe by Ashcroft!

For the record (0)

Bob Abooey (224634) | more than 11 years ago | (#6391646)

As much as it pains me to say this, I think we need to look at what John Ashcroft wants to do regarding our ability to get information a little closer.

No-one can deny that the Internet has opened a can of worms that the people who wrote the constitution could have never imagined would exist when they put it together. Our Bill of Rights and many other pieces of legislature were designed before the global information network became available to any 6th grade dropout with an AOL account and perhaps we need to look at updating it with this in mind.

I'm not suggesting we should become a police state or anything, just that perhaps we need to take the world as it stands today and re-write parts of the constitution with this in mind.

I can live with less "rights" provided I'm safe and secure.

Re:For the record (0, Flamebait)

fuzzeli (676881) | more than 11 years ago | (#6391813)

One of the most dangerous memes floating around out there (other than this one [christianitymeme.org] of course) is the idea that giving up rights can make us safe and secure.

What good would classifying this do? (5, Insightful)

bdhein (456277) | more than 11 years ago | (#6391647)

From the article, all of the data he compiled was obtained from public sources. If anybody else wanted to replicate the work, it would only take their time. I'd imagine that you could get all the information you need through public records for building permits and right of way use. I mean, squelching the person who took the time to compile it all isn't going to do much good unless you classify every public record the US has for infrastructure.

Just Like In The Movies (5, Funny)

Lagged2Death (31596) | more than 11 years ago | (#6391651)

"Tedious and boring?" He's got an application that can actually do some of the stuff Hollywood hackers have been doing for years. How could anyone think that's boring?

"Tank, find a structural drawing of this building. Find it fast."

in case it gets slashdotted... (0, Redundant)

vierja (632250) | more than 11 years ago | (#6391654)

Dissertation Could Be Security Threat
Student's Maps Illustrate Concerns About Public Information

By Laura Blumenfeld
Washington Post Staff Writer
Tuesday, July 8, 2003; Page A01

Sean Gorman's professor called his dissertation "tedious and unimportant." Gorman didn't talk about it when he went on dates because "it was so boring they'd start staring up at the ceiling." But since the Sept. 11, 2001, attacks, Gorman's work has become so compelling that companies want to seize it, government officials want to suppress it, and al Qaeda operatives -- if they could get their hands on it -- would find a terrorist treasure map.

Tinkering on a laptop, wearing a rumpled T-shirt and a soul patch goatee, this George Mason University graduate student has mapped every business and industrial sector in the American economy, layering on top the fiber-optic network that connects them.

He can click on a bank in Manhattan and see who has communication lines running into it and where. He can zoom in on Baltimore and find the choke point for trucking warehouses. He can drill into a cable trench between Kansas and Colorado and determine how to create the most havoc with a hedge clipper. Using mathematical formulas, he probes for critical links, trying to answer the question: "If I were Osama bin Laden, where would I want to attack?" In the background, he plays the Beastie Boys.

For this, Gorman has become part of an expanding field of researchers whose work is coming under scrutiny for national security reasons. His story illustrates new ripples in the old tension between an open society and a secure society.

"I'm this grad student," said Gorman, 29, amazed by his transformation from geek to cybercommando. "Never in my wildest dreams would I have imagined I'd be briefing government officials and private-sector CEOs."

Invariably, he said, they suggest his work be classified. "Classify my dissertation? Crap. Does this mean I have to redo my PhD?" he said. "They're worried about national security. I'm worried about getting my degree." For academics, there always has been the imperative to publish or perish. In Gorman's case, there's a new concern: publish and perish.

"He should turn it in to his professor, get his grade -- and then they both should burn it," said Richard Clarke, who until recently was the White House cyberterrorism chief. "The fiber-optic network is our country's nervous system." Every fiber, thin as a hair, carries the impulses responsible for Internet traffic, telephones, cell phones, military communications, bank transfers, air traffic control, signals to the power grids and water systems, among other things.

"You don't want to give terrorists a road map to blow that up," he said.

The Washington Post has agreed not to print the results of Gorman's research, at the insistence of GMU. Some argue that the critical targets should be publicized, because it would force the government and industry to protect them. "It's a tricky balance," said Michael Vatis, founder and first director of the National Infrastructure Protection Center. Vatis noted the dangerous time gap between exposing the weaknesses and patching them: "But I don't think security through obscurity is a winning strategy."

Gorman compiled his mega-map using publicly available material he found on the Internet. None of it was classified. His interest in maps evolved from his childhood, he said, because he "grew up all over the place." Hunched in the back seat of the family car, he would puzzle over maps, trying to figure out where they should turn. Five years ago, he began work on a master's degree in geography. His original intention was to map the physical infrastructure of the Internet, to see who was connected, who was not, and to measure its economic impact.

"We just had this research idea, and thought, 'Okay,' " said his research partner, Laurie Schintler, an assistant professor at GMU. "I wasn't even thinking about implications."

The implications, however, in the post-Sept. 11 world, were enough to knock the wind out of John M. Derrick Jr., chairman of the board of Pepco Holdings Inc., which provides power to 1.8 million customers. When a reporter showed him sample pages of Gorman's findings, he exhaled sharply.

"This is why CEOs of major power companies don't sleep well these days," Derrick said, flattening the pages with his fist. "Why in the world have we been so stupid as a country to have all this information in the public domain? Does that openness still make sense? It sure as hell doesn't to me."

Recently, Derrick received an e-mail from an atlas company offering to sell him a color-coded map of the United States with all the electric power generation and transmission systems. He hit the reply button on his e-mail and typed: "With friends like you, we don't need any enemies in the world."

Toward the other end of the free speech spectrum are such people as John Young, a New York architect who created a Web site with a friend, featuring aerial pictures of nuclear weapons storage areas, military bases, ports, dams and secret government bunkers, along with driving directions from Mapquest.com. He has been contacted by the FBI, he said, but the site is still up.

"It gives us a great thrill," Young said. "If it's banned, it should be published. We like defying authority as a matter of principle."

This is a time when people are rethinking the idea of innocent information. But it is hardly the first time a university has entangled itself in a war. John McCarthy, who oversees Gorman's project at GMU's National Center for Technology and Law, compared this period to World War II, when academics worked on code-breaking and atomic research. McCarthy introduced Gorman to some national security contacts. Gorman's critical infrastructure project, he said, has opened a dialogue among academia, the public sector and the private sector. The challenge? "Getting everyone to trust each other," McCarthy said. "It's a three-way tension that tugs and pulls."

When Gorman and Schintler presented their findings to government officials, McCarthy recalled, "they said, 'Pssh, let's scarf this up and classify it.' "

And when they presented them at a forum of chief information officers of the country's largest financial services companies -- clicking on a single cable running into a Manhattan office, for example, and revealing the names of 25 telecommunications providers -- the executives suggested that Gorman and Schintler not be allowed to leave the building with the laptop.

Businesses are particularly sensitive about such data. They don't want to lose consumer confidence, don't want to be liable for security lapses and don't want competitors to know about their weaknesses. The CIOs for Wells Fargo and Mellon Financial Corp. attended the meeting. Neither would comment for this story.

Catherine Allen, chief executive of BITS, the technology group for the financial services roundtable, said the attendees were "amazed" and "concerned" to see how interdependent their systems were. Following the presentation, she said, they decided to hold an exercise in an undisclosed Midwestern city this summer. They plan to simulate a cyber assault and a bomb attack jointly with the telecommunications industry and the National Communications System to measure the impact on financial services.

McCarthy hopes that by identifying vulnerabilities, the GMU research will help solve a risk management problem: "We know we can't have a policeman at every bank and switching facility, so what things do you secure?"

Terrorists, presumably, are exploring the question from the other end. In December 2001, bin Laden appeared in a videotape and urged the destruction of the U.S. economy. He smiled occasionally, leaned into the camera and said, "This economic hemorrhaging continues until today, but requires more blows. And the youth should try to find the joints of the American economy and hit the enemy in these joints, with God's permission."

Every day, Gorman tries to identify those "joints," sitting in a gray cinderblock lab secured by an electronic lock, multiple sign-on codes and a paper shredder. No one other than Gorman, Schintler or their research instructor, Rajendra Kulkarni, is allowed inside; they even take out their own trash. When their computer crashed, they removed the hard drive, froze it, smashed it and rubbed magnets over the surface to erase the data.

The university has imposed the security guidelines. It is trying to build a cooperative relationship with the Department of Homeland Security. Brenton Greene, director for infrastructure coordination at DHS, described the project as "a cookbook of how to exploit the vulnerabilities of our nation's infrastructure." He applauds Gorman's work, as long as he refrains from publishing details. "We would recommend this not be openly distributed," he said.

Greene is trying to help the center get federal funding. ("The government uses research funding as a carrot to induce people to refrain from speech they would otherwise engage in," said Kathleen Sullivan, dean of Stanford Law School. "If it were a command, it would be unconstitutional.")

All this is a bit heavy for Gorman, who is in many ways a typical student. His Christmas lights are still up in July; his living room couch came from a trash pile on the curb. Twice a day, Gorman rows on the Potomac. Out on the water, pulling the oars, he can stop thinking about how someone could bring down the New York Stock Exchange or cripple the Federal Reserve's ability to transfer money.

On a recent afternoon, he drove his Jeep from the Fairfax campus toward the river. Along the way he talked about his dilemma: not wanting to hurt national security; not wanting to ruin his career as an academic.

"Is this going to completely squash me?" he said, biting his fingernail. GMU has determined that he will publish only the most general aspects of his work. "Academics make their name as an expert in something. . . . If I can't talk about it, it's hard to get hired. It's hard to put 'classified' on your list of publications on your résumé."

As he drove along Route 50, he pointed out a satellite tower and a Verizon installation. Somewhere in Arlington he took a wrong turn and stopped to ask for directions. It has always been that way with him. He's great at maps, but somehow he ends up lost.

should some of this information be classified? (4, Insightful)

hndrcks (39873) | more than 11 years ago | (#6391666)

In a word, No.

Those who would exploit it for ill already have the data, or can easily obtain it. Classsifying the data now would only hide it from those with reasonable use; and would allow for mistakes or security lapses to be covered up.

If you don't think authorities - whomever they might be - won't abuse the privlege of 'classifying' data, then you have some big surprises in store...

Re:should some of this information be classified? (0)

Anonymous Coward | more than 11 years ago | (#6391771)

Equally, having unclassified data that has to be pieced together to become a threat also gives you a great deal of clues and intel on the person who collected it before anything destructive takes place.

You start removing information from the public eye, you run the risk of creating an information subculture.

Maybe... (5, Funny)

vasqzr (619165) | more than 11 years ago | (#6391679)


With all this information, maybe he can tell me when they're going install my damn DSL line...

that's classified information (3, Funny)

boomerny (670029) | more than 11 years ago | (#6391751)

we could tell you but then we'd have to kill you - Verizon

Not the first or last time (2, Interesting)

Anonymous Coward | more than 11 years ago | (#6391680)

A close relative of mine applied for a job at the State Dept. while finishing up his doctoral dissertation on Cuba (back when Cuba was highly volatile). They asked to see a draft and he consented. Having read it, they said he could have the job provided he NEVER, EVER publish the dissertation.

He said okay and now he's ABD but pretty high up in the CIA/NSA (yeah, they work together now).

Dates? (2, Funny)

Biomechanoid (515993) | more than 11 years ago | (#6391687)

Gorman didn't talk about it when he went on dates because "it was so boring they'd start staring up at the ceiling."

What is this going on 'dates' thing? I guess stuff for nerds, as in stuff that matters to nerds. Guess im not a nerd then.

Publish or Perish (4, Interesting)

Foochar (129133) | more than 11 years ago | (#6391689)

The other interesting thing this brings up is the student's right to earn a living and do what he enjoys vs. the national security implications of this. Like he says, putting classified down on a resume doesn't get you very far, especially outside the Military/Intelligence arena.

The other thing is that, yes, he did put all of the together, but according to the article the raw data he used is all available on the internet. Who's to day that Al Qadea hasn't hasn't already done the research to create their own version of his map. In that case this work could very well prove to be a map of what to defend.

Yes but... (5, Insightful)

Anonymous Coward | more than 11 years ago | (#6391691)

Correlating information is what gives you the bigger picture. Sure, it might be a secuirty threat as a whole, but it's been made up of snippets of information gleaned individually that probably aren't much use on their own.

Same as a bomb really, component parts are pretty common; chemicals, circuitry. It's about knowing how to connect stuff together to make it a bomb. 9/11 was flying lessons, plane timetables, GPS and box cutters. Each on their own is pretty harmless until you join the dots...

Same with information, connected together in the right way, it's just as dangerous. Ask the CIA or any intelligence agency...

Tom Clancy's work (5, Interesting)

boomerny (670029) | more than 11 years ago | (#6391701)

the same questions have been asked about some of Tom Clancy's work. I remember reading that he was paid a visit by the FBI asking where he got his classified information, only it turned out everything he used was publicly available. My thought is that suppressing information will not prevent terrorism, only when would-be terrorists change the way they think of the free world will it stop. /rant

Biz opp! (0)

Anonymous Coward | more than 11 years ago | (#6391709)

Imagine what a great company you could start just by optimizing the grid layouts of the different companies for them. Spotting particularly bad locations for lines for planning and helping the firms reroute them. yay!

Similar website? (3, Interesting)

diegoq (149586) | more than 11 years ago | (#6391717)


The article mentions an interesting website:
Toward the other end of the free speech spectrum are such people as John Young, a New York architect who created a Web site with a friend, featuring aerial pictures of nuclear weapons storage areas, military bases, ports, dams and secret government bunkers, along with driving directions from Mapquest.com. He has been contacted by the FBI, he said, but the site is still up.
But even with the wonderous google I am unable to find the website that they are talking about.
Anyone know of it?

Internet design (1, Interesting)

Anonymous Coward | more than 11 years ago | (#6391718)

I thought the whole point was to create a massively redundant network that could bypass any damaged links. Now this student's work says this isn't true?

Whats needed (1)

Timesprout (579035) | more than 11 years ago | (#6391728)

should some of this information be classified?

whats really needed is a campus along the lines of Camp X-Ray to deal with this sort of thing. This way the Govt can controll what the studenets research and who can distribute this information to. The new open wire cage format for the dorms will have the added avantage they it will be easy to immediately identify students sharing files illegally thus saving the RIAA money to track them down

Sigh. (4, Insightful)

Billy Bo Bob (87919) | more than 11 years ago | (#6391739)

Is everyone forgetting that a part of the price of freedom is safety? An open society is a vulnerable society in some ways. The same vulnerability keeps society safe from itself and its own excesses.

Of course if we classified everything like this no one would have a road map to destruction. But they could still poison the water supply, blow up buildings and cause untold grief. They could still locate some of the bottlenecks themselves and exploit them.

Like so many things the government/corporations seek to classify, the real people they don't want to know are the ordinary people. It puts me in mind of the many "the area bombed last night is classified...we don't want to give the enemy important information" remarks we see. Like the enemy doesn't know they were bombed...

Classified Military info and Novels (4, Interesting)

tigersha (151319) | more than 11 years ago | (#6391756)

When Tom Clancy published the Hunt for Red October the US Navy wanted to nail him because they thought he stole some confidential info about their submarine ops.

It turned out that he got all his info from public domain sources. And they could not do much about it. He just knew where to search.

Use it, don't fear it (5, Insightful)

ab762 (138582) | more than 11 years ago | (#6391760)

As a long-time reader of comp.risks (archive here [ncl.ac.uk] ) I remember a lot of problems caused by "redundant" connections that were all routed over the same fiber. I believe that this showed up in the 1999 Hinsdale fire [ncl.ac.uk] amoungst others.

Gorman's work and the access he used is vital - if I'm paying for two links that should be separate, I need to know that I can really check that we have separated physical facilities.

There are a lot more backhoe operators than terrorists - and historically, the chances of a backhoe impact on infrastructure are pretty high.

Where's the NIPC? (1)

Alan_Peery (621338) | more than 11 years ago | (#6391763)

The NIPC (www.nipc.gov) should be addressing these sorts of issues, and working with the individual telecoms companies and customers to make sure their networks are resilient. I don't think Sean Gorman's future should be in any doubt now. Any graduate school that refused to recognize the end result of his work (evidently a very useful atlas) would have difficultly justifying their stance.

Guarantees of security (5, Insightful)

amorico (40859) | more than 11 years ago | (#6391766)

I do not understand why the information would be classified. Our national highways are critical infrastructure, without which we would all be brought to a standstill, yet maps of them are readily available online or at any bookstore.

Could you imagine if the locations of communications infrastructure were classified? Would you need clearance to set up a node? Would you need to pay to have every line technicican get a full background check? This reminds me of the reaction of "security" people when they see WHOIS entries for their companies for the first time. Their foreheads are usually bruised for weeks because of the knee jerking. The first thing they want to do is take it down. They forget that a certain level of openness is neccesary for a system that benefits everyone.

The whole point of a privatised distributed communications infrastructure is that a terrorist or enemy state cannot cripple the entire thing. Now if the people at banks and government insititutions have not done a good job of ensuring redundancy and disaster recovery then it's their own fault. The solution is to fix it, not suppress information about it.

Obviously, no one recommends mailing al-qaeda a copy of the telecom/data infrastructure, but this exposes a major flaw with what's going on and we would be foolish to ignore it or suppress it.

Come on, someone please... (1, Funny)

Anonymous Coward | more than 11 years ago | (#6391769)

Hack into that guy's box, steal that goddamn map and publish it on the net so we could have some REAL fun? :) This article is like a review of some really cool movie you're never going to see. Come, bring it to Kazaa so everyone could grab it and see it :)

A PhD in Geography (1)

Entropy248 (588290) | more than 11 years ago | (#6391780)

I always wondered what someone would do with that...

Since Gorman created this map with only publicly available information, it should not be classified because it's already too late. Once the existance of such a map became known, it was too late. In fact, once it became known that it was possible to create such a map with only publicly available information it was too late. Now, any government/terrorist/whacko (is there a difference b/w the last 2?) can start creating a similar map with the confidence that they can get enough accuracy to scare the hell out of top executives at power companies. Who the f*** at Homeland Security let this article run??

Duh. (4, Insightful)

NoData (9132) | more than 11 years ago | (#6391785)

From the article:

"This is why CEOs of major power companies don't sleep well these days," [CEO of power co. Pepco Holdings] Derrick said, flattening the pages with his fist. "Why in the world have we been so stupid as a country to have all this information in the public domain? Does that openness still make sense? It sure as hell doesn't to me."

Because security through obscurity is just as brainless an alternative for the physical infrastructure as it is for virtual infrastructure.

Hiding things doesn't make them safe. It makes them safe until found. With the added bonus of fostering the kind of clandestine, repressive, bitter societal climate that our govnt seems bent on pursuing these days.

You want to protect something? 1) Make it less desirable as a target (i.e. take away people's reasons for attacking in the first place). 2) Build in redundancies to dilute vulnerability. 3) Monitor, patrol, survey in an open and visible manner

I dont care (0)

Anonymous Coward | more than 11 years ago | (#6391794)

Did you know, not all of your readers are from the US.. maybe someday, you should run a poll to see how many are from a "other country"

Re:I dont care (1)

tibike77 (611880) | more than 11 years ago | (#6391867)

Well, neither am I... I'm from Romania!
That doesn't change the facts, only the perspective (i.e., I HOPE a bit "more free" of subjectivism).

Business opportunity (1)

chiph (523845) | more than 11 years ago | (#6391801)

Sounds like he could make a mint in the data security business, consulting with large firms to identify the weak points in their networks.

When laying out large redundant networks, one of the primary goals is to ensure that your primary and backup circuits don't end up in the same trench along a railroad track, or going through the same manhole access vault. I recall reading in Wired about how a Pacific sub-sea fiber optic cable operator was concerned about having both loops on the same island, much less coming ashore at the same beach.

Same applies to goverment organizations, of course. I'd like to see the Federal Reserve purchase his info, as I have an interest in making sure I get paid each month. Couldn't care less about the rest of them (INS, IRS, DHS, etc), but I'd like to see FedWire stay up.

The Cukoo's Egg.. (4, Interesting)

bigattichouse (527527) | more than 11 years ago | (#6391807)

Cliff S. in "The Cukoos Egg" tails down a spy selling secrets to the russians. Most of the info he steals is *NOT* classified, but by having *ALL* the info, he can piece together something he doesn't know:

1. New fighter being developed
2. Contract awarded to company X
3. Rifle through purchase orders for titanium and other strategic parts.
4. Get shipping info on said parts
5. now you know the facility where it will be built.
6. find airline reservations from company in question
7. look for engineers and test personell.
8. find nearest test base from point of arrival.
9. Fighter X will be built in location A and tested at location B, between arrival date and departure date.


Needless to say, this is why more things have become classified since the early 80's

I don't know what is going to happen to his map... (1)

Mondoz (672060) | more than 11 years ago | (#6391809)

But I want his monitor!!

Then why not classify maps, GPS and meteo data? (2, Insightful)

tibike77 (611880) | more than 11 years ago | (#6391817)

Hey, there IS a certain treshold where "national security" ends and "public domain" starts. Agreed, this is not a clear line, but a rather (thick) grey band between...
Problem is in the "human rights" department... everybody with a brain can use it [information] to do good or to wreak havoc.

Any democracy is far more exposed to terrorist acts than any totalitarian regime, and there's a cause-and-effect link between them.
YES, you could sacrifice all possible "public information" to the altar of "national security", but then where's the all-so-praised democracy and freedom of information ???
So we end up again and again to the same dillema: what is the treshold between democracy and a police state?
That "kid" was just exposing weaknesses. IF you were to classify something, you should classify the INFORMATION that he gathered to reach a result in his research, not clasify his research's result! This is as stupid as classifying (for instance) the formula of gunpowder and leaving all other informations about chemical reactions available to everybody!

That being said, would you rather live in a "safe and steril" or in a "free but slightly dangerous" environment ?

paranoia (5, Insightful)

Kludge (13653) | more than 11 years ago | (#6391818)

People are _SO_ freaking paranoid these days. Having access to a database like this could be enormously helpful to a great range of people. But all people think about is, "What will al Queda do with it?"

Since 2000 about 3,000 people have died in terrorist attacks. About 175,000 have died in car accidents. About what should we be worried?

Funny uhuhu,uhuhu...... yea yea..... (1)

botzi (673768) | more than 11 years ago | (#6391839)

He hit the reply button on his e-mail and typed: "With friends like you, we don't need any enemies in the world."

This guy is funny... uhuhu...uhuhu.....
Sooooooo... what's the point??? Yes, he made it easier to acces the information(one click!!! Yupiiiiii!!!), but that still doesn't change the fact that almost anyone who want(and don't give a fuck about his dissertation may have it....).All he did was sort information avalable in the public domain and offer it with a nicer interface.... God.... A freaking genius......
Then again should the acces to this info be limited??? 'Course not!!!

Open vs. Closed (1)

teeheehee (12647) | more than 11 years ago | (#6391841)



Where to begin?

I'm opposed to a closed society where information is kept for those who are allowed to view it. It creates fractures in society, where people who have access to information dictates are better off than others and not for reasons like they're smarter or work harder. How are people supposed to raise themselves out of a lower position in society if they don't have the same privileges as those in the higher places have?

Next train of thought...

The executives that wanted to keep him in the confines of their building, along with his laptop, make me want to gag! How proposterous are these people to think of a suggestion like that?! And they run big companies... They definitely don't have the average person in mind in their decision making process.

I do see the drawbacks of an open society, especially one where the nerves of an entire global economy can be shocked with a few choice blows, but the idea of this information is to also protect against this kind of thing from happening. If we don't know where we're vulnerable then we have no chance in protecting ourselves.

In an analogy, sports teams review footage of other teams to see where their weaknesses are, and suredly watch videos of themselves for the same purpose. They use this knowledge to both prepare offensive strategies, and defensive ones. It's a technique that works, and needs to be done! Remember, we're the home team, we're talking defense here.

Last train of thought...

Who knows, maybe this information is exactly the thing needed to kick-start the IT sector. With knowledge that our infrastructure is brittle and not properly prepared for attack, we'd be sure to see companies invest in redundancy and that means more jobs, better structured systems, and more peace of mind! Isn't this exactly what we need?!?

wow (1)

jpr1nd (678149) | more than 11 years ago | (#6391861)

"When their computer crashed, they removed the hard drive, froze it, smashed it and rubbed magnets over the surface to erase the data."

They seem to be pretty angry people. When (If) my computer crashes I just restart.

Infrastructure is made of people (4, Insightful)

tuffy (10202) | more than 11 years ago | (#6391864)

I really don't see how this pile of data is going to help a terrorist. Simply cutting off one or more bits of modern conveniences isn't going to bring society to its knees. If a bridge is destroyed, people will use another 'til it's rebuilt. If phone lines are cut, people will use the post office 'til it's fixed. If the power goes out, people will catch up on some sleep. If the water is contaminated, people will switch to bottled 'til it's safe again.

Killing people causes terror, because nobody wants to get killed. Cutting off infrastructure causes annoyance, because it happens regularly already. And when it happens, people will get by like they always have.

Designed for this? (4, Interesting)

Trurl (3494) | more than 11 years ago | (#6391870)

I thought the whole point of the Internet, being a packet-switched network, was that it could survive damage... like from nuclear war.

So now we're worried that a terrorist with a scissors is gonna bring it down?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>