Almost immediately after Allende won the election in 1970, the government of Chile sought to resolve the country’s economic problems by nationalising the major industries and putting more money in circulation. It successfully managed to increase wages and employment substantially and the economy grew. But as inflation increased, so did the list of companies the government nationalised, and these became harder to manage. Matters worsened after Allende sent ‘interventors’ to manage the nationally-owned factories and workplaces, as many interventors were incompetent, corrupt, and largely no different to the management they replaced. The government soon found a smarter way of stabilising and controlling the economy.
It was in 1971 Stafford Beer received a request for help from Fernando Flores, a general technical manager appointed by Allende, who was familiar with Beer’s development of a science he called ‘management cybernetics’. Beer and a circle of technicians selected by Flores, started designing a hardware implementation of Beer’s Viable Systems Model of organisation, which they called CyberSyn (Cybernetic Synergy). This would be a network consisting of a mainframe, analytics software, and roughly 500 telex terminals to manage the nationalised industries.
In the conceptual model there was a hierarchy, with the bottom three layers covering the normal operations of the workplaces, and a couple of layers at the top representing management and the government. Each workplace would operate ‘autonomously’ within defined parameters, which actually would have defined the level of autonomy allowed for each workplace.
If a workplace went beyond any of those, CyberSyn would notify each layer of management at specific periods until the problem was resolved. It’s questionable whether this concept fits with workers’ democracy, and there were arguments over this between those involved with the project, but it’s a system that would keep the country’s industry and the economy stable.
Beer thought any factor influencing production, even the political outlook of workers, could be quantified and processed in his cybernetic management network. A set of programs called Cyberstride would monitor all the relevant parameters in the workplaces and create predictive models for the industry. All this would be ultimately controlled by a handful of people, perhaps a workers’ committee, sitting in the control room. There, they could make decisions based on this information, such as whether to send an ‘interventor’ to a particular workplace, or whether to reduce production at a specific plant.
CyberSyn wasn’t just about sending information through a chain of command to a mainframe. The project’s engneers also wanted to install a telex network that facilitated messaging between all the nationalised workplaces by sending teletype signals through the phone lines.
The idea was certainly as revolutionary as Allende’s government. This was less than four years after the first ever network of computers was put together in the US. At the time, computers were little more than switching systems, limited even in their use as calculators. The technology was also the preserve of a few companies mainly in the financial sector, and creating the software to analyse and abstract a country’s economy in those days was a feat of engineering, one that Chile’s government had to outsource to programmers in the UK.
It was also a time when everyone relied on mathematicians and computer scientists to operate this kind of system. Instead, the engineers designing the operations room for CyberSyn worked on interfaces that added another layer (or two) of abstraction to the data, so it would be presented in ways politicians, workers and sociologists could interpret. In fact, the operations room was designed specifically for eventual use by a workers’ committee. Perhaps this was the first ever example of a ‘user-friendly’ interface.
In Designing Freedom, Regulating a Nation (2006), Eden Medina writes: ‘Beer recognised that his cybernetic toolbox could create a computer system capable of increasing capitalist wealth or enforcing fascist control, a moral dilemma that would later plague the project team. In Beerâ€™s opinion, cybernetics made Marxism more efficient through its ability to regulate social, political and economic structures.’
Although the CyberSyn project was never completed in its entirety, the telex network and the Cyberstride software proved invaluable, and it helped the government minimise the effects of a strike in October 1972. As Herman Schwember wrote to Beer, ‘The growth of our actual influence and power has exceeded our best imagination.’ A minister decided the wider political system should also be managed though CyberSyn.
What started out as a tool to stabilise the country’s economy became something ethically ambiguous. CyberSyn could be used to decentralise control, or to extend the power of a minority into every aspect of society, and the engineers putting it together were aware of this. The consequences of it falling into the hands of a dictatorship would have been horrific. That very nearly happened.
On 11th September 1973, the military, led by general Augusto Pinochet, and most likely with the help of the CIA, overthrew the democratically-elected government and replaced it with a brutal regime. Thankfully the CyberSyn engineers escaped with much of the technical documents and destroyed the rest, leaving the new dictator unable to use the still unfinished system.
Fernando Flores was one of many political prisoners under Pinochet’s dictatorship for the next two years, and later went on to set up several management and software firms. Most the others involved with the CyberSyn project now hold influential positions in research and development, applying CyberSyn’s concepts and technology to other industries.
Most articles on cyber crime tend to paint hackers and criminals with the same brush, and more than ever before it’s important to point out both are not the same thing. Although the media is largely incapable of making the distinction, the problem extends to those who really should know better. Even contributors to the British Computer Society’s literature often make that mistake.
A marketing manager at Crypto AG wote in the company’s 2009 journal “The hackers of the 21st century have rudimentary training and focus mainly on illicitly acquiring sensitive information that promises a commercial gain of some kind. They are little more than modern thieves, to put it somewhat simply.”
I’m afraid the marketing manager was factually quite wrong.
The media’s profile of the average hacker as a Gary McKinnon-type miscreant is far from accurate. The majority I know personally have the attributes essential for success in the trade. They are very social, good at marketing, well paid, spend much of their time at meetups and conferences, and travel a lot as part of their day jobs.
Also ignored is the general pinciple among hackers that everyone has a right to privacy, security and freedom on the Internet, and the need to protect those rights. And contrary to what the Crypto AG marketing guy said, many are highly-trained and employed by security agencies, both government and commercial.
People being referred to in the media really fall into four categories:
Hackers: The true definition of a hacker is someone who analyses and experiments with a system, does the research, and gains an in-depth technical understanding over time. The best software developers and programmers are usually in this category. Examples of genuine hackers are Steve Jobs (in his early days), Richard Stallman and Bruce Schneier, and they some of the biggest and trusted names in the industry.
Crackers: These specialise in breaking into systems. Some crackers have impressive skills, but their motives are mainly financial these days. They are essentially just criminals rather than hackers contributing to society.
Script Kiddies: Known as ‘script kiddies’ because they use programs written by someone else, and follow the manuals with no real knowledge of how and why an exploit works. They’ll either lose interest, or begin to learn and eventually become mature professionals.
Social Engineering: Identity theft is common and the consequences far more serious for the individual. A lot of it’s down to social engineering. An easy way to steal account details is to phone people and impersonate a bank manager or systems administrator. There are numerous variations of this type of scam.
Cyber Armageddon Myths and the Press
The press, especially the tabloids, is the worst source of information on the subject. Security planning should never be based on a politician’s paranoid fantasy, but instead on an analysis of what could realistically happen. A bit of critical thinking will help determine whether a ‘hacker’ scare story has any basis:
1. Who is making the claims? The majority of politicians lack any real grounding in the subject area, as do most journalists, so their exaggerated claims of ‘cyber’ armageddon are unfounded. Often it’s a sales pitch for legislation often found in the next article of the news report.
2. How exactly was security compromised by the ‘hackers’ in question? If a journalist won’t/can’t reveal detailed specifics of how it was done, the story’s unverifiable, and therefore most likely bullshit.
3. What figures and statistics are given? What are their sources?
4. Most importantly, how much research was done by the journalist, what are the sources and what evidence is available? In the case of the Anonymous/Wikileaks story, it was easy to visit the chatroom, examine the LOIC source code and establish the facts.
A quote from USA Today is a typical example of how divorced from reality some journalists can become: â€œ[hackers] might send a worm to shut down the electric grid in Chicago and air-traffic-control operations in Atlanta, a logic bomb to open the floodgates of the Hoover Dam and a sniffer to gain access to the funds-transfer networks of the Federal Reserve.â€
As usual, there were no suggestions on how this might be acheived, and no evidence of means or intent. Very little of this features in proper ‘cyber war’ simulations because it’s an unrealistic scenario. The tech-heads running the Operation Cyber Storm simulation back in 2006 ignored the sensationalist crap and focused on a realistic threat – losing communications during a mass distributed denial of service attack. Of course there was STUXNET last year, which actually happened because Iran’s nuclear facilities were physically infiltrated and it was an advanced state-backed effort involving a range of specialists.
In fact, attacks on power grids, air traffic control and other infrastructures would belong to the area of electronic warfare. It would be carried out and countered by EW specialists with RF equipment, because using RF jamming to interfere with air traffic and the radio-controlled switching at power stations is a more effective way of disrupting those systems. But this is still theoretical, but still way more likely than a cyber attack.
To give a more recent example reported in the Wired blog, the Homeland Security and Governmental Affairs committee over in the US were claiming hackers can open the floodgates of the Hoover Dam. This claim has been made several times in the past, whenever legislation and funding needed justifying. â€œWe are very concerned about an electronic control system that could cause the floodgates to come open at the Hoover Dam and kill thousands of people in the process,â€ said Brandon Milhon, a director of the Senate Homeland Security.
But the people who actually operate the Dam’s control systems pointed out it can’t happen, they aren’t connected to the Internet, have to be controlled manually, and have multiple levels of security anyway. If sensational attacks really were possible, why hasn’t it been done yet? Just like the great Y2K virus scare stories, the hacker myth remains a load of hype.
UPDATE: Several recent articles and an OECD report agree that the threats of ‘cyberwar’ are exaggerated.
Most of these were in use in the 1940s and 1950s, and have been wonderfully reproduced by Dirk Rijmenants. Photos of the actual hardware can be seen in the Crypto Museum site. This page doesn’t reveal information about current cryptographic systems or key settings that might have been used in the past, and refers strictly to publicly-available information on machines that were used across many countries and have long been decommissioned.
Perhaps one of the main reasons they were largely declassified is they are all based on Enigma, the workings of which are well-known and outlined in any decent book on the subject. All these systems worked on the same principle – the main components were rotors with two sets of pins representing characters. Internal wiring inside each rotor substituted each character with another. Messages encrypted by post-Enigma machines are unlikely to ever be decrypted because of the unimaginable number of possible wheel and pin settings.
The following simulations were created by D. Rijmenants back in 2006 to run on Microsoft Windows XP, but they also run perfectly in WINE, if you’re installing them on Linux. Both simulations and the original machines themselves are works of genius, which is why I’ve devoted a post to these.
Little is known about this system, and there isn’t information readily available on it, except that it was used in the later years of the Cold War. Pocket-sized crypto devices were in circulation by the late 1980s, so ATOMIX was in service prior to that, perhaps as early as 1965.
As the simulation shows, the device was an electromechanical device with eight wheels, the settings of which formed the message key. There was most likely another mechanism, hidden under the casing to the right of the wheels, used to generate the cipher.
This is perhaps the best known of the cipher machines, which the history of Bletchley Park and the first ever digital computer, Colossus, was based around. Enigma was also the first cryptosystem of this kind, and the basis for future crypto devices in this article.
There were several models in use up to 1945. The common model had three wheels, and was used for general communications. Another version, used when a higher level of security was needed, had up to eight wheels.
Usually, a codebook was issued to all the units, and from this, a new key was selected each day. The codebook told the operators which rotors, ringsettings and plug connections to use.
Each wheel had two sets of 26 pins, to represent the characters of the aplhabet. The wiring inside the wheel itself matched each pin to another pin representing a different letter. On its own, this provided a substitution cipher system, which is easy to break, so wiring was changed on a plugboard to further scramble the signals.
To make the code harder to break, the first wheel moved one position each time a character occured more than once in a message. When the first wheel completed one revolution, the second wheel moved a position.
When a key was pressed, and electrical current passed through the wheels, and the wiring inside them, to a reflector. The return wire from the reflector passed the current through the plugboard to one of the lamps in the panel above the keypad. The illuminated letter on the panel was written down. The process repeated for each letter in the message.
The receivers, with identical wheel and plugboard settings on their Enigma machines, entered the coded message. As each letter was typed in, the deciphered letter lighted up on the panel.
Different sections of the German army also used their own characters to represent abbreviations and punctuation, making it harder for third-parties to analyse their messages. Codewords were used if more than one character was repeated sequentially.
Manufactured by Hagelin Cryptos, this device was the successor to the M-209 used for encrypting high-level messages from the early 1950s. Some of the M-209′s features were also found in the BC-52 and variations of this system. It was particularly secure when the key settings were very carefully chosen.
The user selects six pinwheels from a set of 12, each with 32 pins. Each wheel also had a different sequence of letters and numbers. The start position of these wheels forms the message key, which should only be used for that message.
The printer wheel offset could also be adjusted to further obscure the messages.
Based almost directly on Enigma, the KL-7 was compromised a number of times while it was in operation. Introduced by the NSA in 1952-1953, the KL-7 was loaned by the NSA to NATO until 1983, when it was discovered information about the device was passed on to the Soviets. The NSA immediately recalled the devices and related materials, and the KL-7 was decommissioned.
The wiring inside each rotor was kept secret and changed annually. After the machines were recalled, the wiring inside the rotors, and other parts of the machine, was removed altogether to prevent past messages being deciphered. Because of this, the exact workings are still unknown. Rijmenants’ KL-7 simulation is generally accepted as the most accurate model available.
Although it was intended to be vehicle-mounted field kit, the KL-7 was unreliable and suffered a number of mechanical problems.
Also used as field equipment by the US Army. The M-209 worked in roughly the same way as a typewriter, but to make the device as small and lightweight as possible, a wheel was used to select characters instead of a keypad. Each character, after being selected, was printed onto paper tape (stored under the casing) when the user pushed the large lever to the right of the device.
To set the device for encryption, the user switches the small tab on the left to ‘C’ and sets the message key by rotating the large wheels on the front of the device.
To enter a message, the user rotates a small wheel on the left to select the character, then uses the large tab on the right as a enter key. The encrypted text was printed onto the tape.
To decrypt a message, the small tab on the left was switched to ‘D’, sets the large wheels to match the encryption key, then enters the encrypted message. The plaintext was printed on the tape.
The M-209 was also expendable. If there was risk of capture, the key settings were reset and the machine destroyed.