PC-Wahl Hack by the CCC

Mon, Jan 1, 2018

Last year, the Chaos Computer Club (CCC) hacked the software which was used in the German national elections. They made their findings public before the elections took place but the software, riddled with vulnerabilities, was still used. During the most recent Chaos Communication Congress the involved researchers gave a nice talk (German) (also available with English dubbed audio) on the subject which I can recommend as it is not only informative but entertaining as well. Also you do not have to be a hacker or programmer to understand this. While they do have some technical slides, on the whole this is very digestable even for non-professionals.

After all, this software (or something equally insecure) might be used in your country as well.

A team of security researchers has developed an algorithm with which they can fool neural network based image classifiers, such as Google’s Cloud Vision, with a remarkable success rate of > 95 %. They can actively change the classification result by generating an image which looks like A but gets classified as B. In their publication it is shown how they successfully fooled several neural network image classifiers to think that a picture showing a couple assault rifles actually shows a helicopter. A picture of a guy on a snowboard and a guy on skis is classified as a dog.

In a nutshell they take a reverse approach and start with an image that shows the adversarial (fake) object, for example a helicopter. This image of course gets classified as such. Then this image is modified over several iterations to look different, for example like a couple assault rifles, while still retaining its classification as a helicopter. In the end they show that they can pretty much make anything be labeled as something completely different with a success rate of more than 95 %. The combinations are staggeringly confusing:

  • a cat gets labeled as an airplane
  • an airplane gets labeled as a deer
  • a deer gets labeled as a truck
  • a lionfish gets labeled as eggnog (this could really hurt ^^)

One thing these images have in common is that they sort of lose their (fake) touch if they get transformed, for example rotated by more than 30 degrees. Also we are talking images so who cares about someone being able to fool a neural network into thinking a perfectly aligned 2D image of a rifle is a helicopter?

Well, they did not stop there as their newest publication deals with robust adversarial examples. In reality this culminates in them printing a 3D model of a turtle which is classified as a rifle regardless of background or rotational angle. Oh, and they made a baseball look to a neural network like an espresso. Check this screenshot of page 8 of the most recent paper:

adversarial thumb

Essentially they went the same route as before, modifying the texture to look like A but be classified as B. Albeit with more tweaks so it keeps up the sharade even when rotated.

I think this is remarkable, especially in light of neural network based image classifiers being used more and more not just in everyday life but also for security purposes. So if you can reliably make a security system think that an assault rifle is actually a helicopter, a teddy bear, or a cup of espresso, just by painting or printing a certain texture on it, you pretty much won the game there.

This also tells us it still pays off having a human brain, for now at least.

After the veto of the United States against the resolution concerning the recognition of Jerusalem as Israel’s capital in the United Nations security council, where they were the only country in opposition, they suffered an astounding defeat when the vote was repeated in the UN general assembly. Beforehand Trump and his UN ambassador Haley actually had the indecency to threaten countries who would vote in support for the resolution with financial repercussions. Democracy is only fun as long as people agree with you I guess.

Thankfully, if at all, those threats rather managed to foster the support for the resolution that suports the longstanding international consensus, as the Guardian calls it, that the status of Jerusalem can only be settled in the framework of a peace deal with both sides, Israel and Palestine, accepting the terms. As it makes sense, if two parties are fighting over something the only proper solution is to have them both in agreement on a deal that works for both sides, not one doing what he wants to because he thinks he is in the right. Guess what, the other side could think exactly the same, doesn’t help the peace really.

Either way, out of the 193 countries part of the United Nations general assembly 128 voted for the resolution, 35 abstained, 21 were absent, and 9 opposed. The 9 opposing countries consist of the USA, Israel, and the political powerhouses Togo, Micronesia, Nauru, Palau, Marshall Islands, Guatemala, as well as Honduras. With 128 for the resolution and 35 abstained this would not be too bad had the whole issue just been about Jerusalem. But, as the UN envoy to Palestine, Riyad Mansour, so eloquently put it

They made it about them. They did not make it about Jerusalem, so when you make it about them and to only be able to get nine votes to say ‘no’ to it, I think it was a complete failure for their campaign.

And he is right. The scare tactics as in “We will write down who votes against us!” defined a new all-time low for US international politics. Fucking up and then trying to scare others into keeping their mouth shut is plain old bullying and not worthy of an international stage such as this.

Just as well, accepting defeat and apologizing for extremely dishonorable behaviour would be too easy, as Haley was quick to pick up where she left off:

I must also say today: when we make generous contributions to the UN, we also have expectation that we will be respected. What’s more, we are being asked to pay for the dubious privileges of being disrespected.

No, you fucked up because you mistook investing in democracy with buying votes. The disrespect came when you started to threaten countries because you were affraid that simple bribery won’t do.

And of course Israel jumped on the blame train with their UN ambassador Danny Dannon inventing a new conspiracy theory

You are like puppets pulled by your Palestinian masters.

Yes, you hit the nail on the head there. 163 different countries, spread all over the world, are being manipulated by Palestine. This must be the single greatest con ever to see the light of day. Maybe this also explains why my own country Germany voted for the resolution as well - even the Guardian seemed to be mildly surprised. I am usually used to our chancellor Angela Merkel being the first to applaud whatever the current president of the US has set out to do. Especially when it comes to invading foreign nations. So who knows, maybe we are all being manipulated… or maybe Trump and his administration just make it blatantly easy for our politicians to grow a pair :)

Apparently there is another new buzzword (at least for me) you can write down for later use in your bullshit bingo sessions. Gender Pricing is the name of the game and I have just been alerted to this by reading about a recent gender study (German) by the Antidiskriminierungsstelle (federal anti-discrimination agency) that attempts to find cases of women being charged more for the same product or service than men.

Their posterchild is the visit at the hairdresser where women are usually charged more than men. Now this is probably already obvious to you if you have ever been to the hairdresser with your wife or girlfriend: A womans haircut can hardly be compared to a mens haircut unless the woman gets a quick neckshave with an electric razor and a little bit of scissor action on the top. Notice I am not even mentioning coloration, streaks, bleaching or whatever here (which takes the whole case even more ad absurdum) just the cut in general. This is also the main reasoning given by the hairdressers that were interviewed in the framework of this study as written in the aforementioned report on page 122:

Even though the argument of the businesses, that women haircuts require a significantly larger amount of work, can be confirmed by observations and questioning of female customers, there are only limited choices for women. For example a woman, who only wants a simple “mens haircut” will usually not dare to ask for or receive it.

So even though all evidence points to a significantly higher workload for womens haircuts than for mens, and this is confirmed in this study, the very few women that only want a quick electric razor shave do not get one and one of the reasons is that they do not ask for it. And this is supposed to be the fault of who exactly? In addition, even though I am sure they exist, I do not know a single woman who would be satisfied with one of these super simple mens haircuts. So now the hairdressers are sexist because they do not immediately cater to the insignificant number of razor-cut loving females that are too scared to ask for one themselves? But wait, there is more:

Questioned about the reasons for the increased workload when catering to womens hairdressing needs and regarding the amount of time scheduled for these appointments the businesses replied that the service for women is more time intensive. Reasons for this are many, for example the complexity of the haircut, the need for more consulting and discussion, the lower frequency of visits and therefore more work to be done at each visit, and that haircuts regarded as “short” by women are still significantly longer than those regarded as short by men. If the time spent on customers of different sexes is taken into account, the difference in price is negligible. Usually 30 minutes are reserved for men and 45 minutes for women. Even with all these reasons one still has to question the reasoning behind these differences in time and especially because of the difference in service the pricing could be done without taking the sex into account.

So after being given loads of valid reasons, which were confirmed by the female customers before, explaining in detail why a womans haircut is more time consuming, which then completely kills the difference in price, one should still argue against women being alotted more time than men. So apparently the hairdresser should just work faster when serving women? At least that would be the only way I can think of that would solve this weird request. And they finish by stating that especially because of all the different (and expensive) things you can pay for at your hairdresser the pricing should be the same for men and for women.

What kind of an idiotic request is this? I am pretty sure that if a man with a meter of hair books an appointment at a hairdresser in order to get streaks, some bleach, and a delicate haircut culminating in a complicated updo after that will not get this service for the same 20 EUR that some other guy paid for just getting a 10 minute razor haircut.

This study is actually contradicting itself on pretty much every page unless it finds that “there isn’t any observable difference after all”. And if the hairdressers story wasn’t embarrassing enough, on page 102 you can find pictures and prices of comparable sets of razor blades for mens and womens razors with a headline that reads

Example for non-equally priced personal hygiene products: razor products. Prices for the Aldi-razors (left) 4.49 EUR “for women”, 3.89 EUR “for men”.

The only problem is, the prices shown on the product pictures at the bottom of the page are 1.43 EUR for women, 1.59 EUR for men. I don’t know if you have to be a mathematician or physicist to recognize which sex pays less here for razor blades. Granted, this is the “discounted price” but even if you look at the non-discounted price it would be 4.79 EUR (women) and 4.99 EUR (men) which still favours the product marketed to women over the one marketed to men. In addition these are completely different numbers than the claimed 4.49 EUR and 3.89 EUR in the text. Who the hell proofread this pamphlet? (Here’s a screenshot in case they move the PDF or change it)

Of course the German media is all over this and I wish journalists would at least try to read and check a study before they take it for granted. The persistence with which the authors try to make a case against all facts, and the bluntness they employ while doing so up to openly admitting they have no case but wanting to complain anyway, is almost frightening.

The United States further isolated themselves on the political world stage today by blocking a United Nations resolution brought forward by Egypt regarding the US’ recognition of Jerusalem as the capital of Israel earlier last week.

Of course, the United Nations’ resolutions usually don’t change anything anway, as can be whitnessed for a while now with North Korea and Israel ignoring the ones directed at them. So while it doesn’t really matter whether todays resolution was passed or not, the very fact that all the remaining 14 council members voted in favour of the resolution, speaks volumes by itself. I was always under the impression that the veto rights of the five permanent members of the UN were a weird thing to begin with, seeing how important resolutions get stalled again and again by whatever country feels the need to play the role of the sulking kid at that time. However, I think I am actually starting to like this. Being overruled is one thing, people take short notice and that would usually be the end of it. Completely embarassing yourself, because after everyone told you what an ass you made of yourself the only thing that you can think of is throwing a I don’t want to play this game anymore hissy fit, is a totally different ballgame. This way the whole vote carries a lot of political weight and as with the Paris climate agreement the US once again sabotage their ability to have an impact on future politics. Especially as they are now unable to play any meaningful role in the peace negotiation process in the middle east. Whoever takes sides in a conflict (no matter whos side that is) can no longer act as the neutral mediator.

The German SWAT unit in Saxony is receiving two Survivor R armored vehicles. The most distinguishing feature is the availability of the so called “undercover mode” which is enabled by flipping the sign that says “POLICE” on the side of the vehicle so that the text is no longer visible (See the link above or the following screenshot).

undercover survivor r

In order to use the Survivor R in an “undercover scenario”, the exterior police labels can be clapped shut

Surely, without the POLICE writing on the side this just looks like your everyday SUV. This is also mentioned in the small paragraph below the picture:

Even though [the vehicle is] offering excellent protection, the outside appearance was deliberately chosen to be civilian and de-escalating in nature.

For more pictures of the soothing exterior check the link above or check out Rheinmetall Defence, the manufacturer of this symbol of love and peace. There you can also relish the numerous innovations that characterize this vehicle, like

Moreover, the Survivor R CBRN can operate on the move.

Leave it to us Germans to make the impossible possible…

It’s official, the FCC has voted to repeal the net neutrality law in the United States. It will probably not be the last say in the matter though, different parties might sue the FCC. In my oppinion splitting the Internet into first and second class traffic is going to kill smaller alternatives to provider-owned services. As soon as a small startup does something new or better than the established big provider companies, instead of having to improve their products themselves, the big boys can now just throttle the traffic connected to the annoying new kid on the block. This is not the road to innovation and investment as the supporters of the repeal always recite, this is going to lead to stagnation and the creation of monopolies or oligopolies which split the pie among themselves.

Big companies that are traded on the stock market are ruled by the shareholders which want to see bang for their buck. Why pour money into a new technology and do it properly if you can just block the competition? Imagine a new music streaming service that is only going to be allowed 40 kBit/s of bandwidth for each connection. Either you stop the song every couple seconds to buffer the next few or you have to lower the quality to the equivalent of an old transistor radio. Imagine a good and secure new e-mail service, but your provider takes care of throttling the connection to a point where sending a mail takes five minutes. Noone will use these services anymore, provider wins, you miss out.

Thankfully (at least for now) the net neutrality rules in the EU are still intact, so internet providers still have to stay neutral over here. Will be interesting to see how long that will last.

What really amazes me is that with every “terrorist attack”, even when essentially not much happened in terms of casualties (no deaths, 4 lightly injured plus a moderately injured “terrorist”), people and media (german) are sent into a doomsday frenzy of “The terrorists! They are going to kill us all!”. The usual suspects chime in about how immigration is the root of the problem and that we need more laws, more surveillance and then there is this pesky internet:

Anyone can go on the internet and download garbage and vileness on how to put together an amateur-level explosive device – Andrew Cuomo, Gov. of NY

Since I like logic, reasoning, and most of all facts, let’s have a look at how threatened we are by terrorism in the western world, in comparison to other dangers around us. According to the National Vital Statistics Report of the CDC, in 2014 (latest data with this level of detail) we can look up the mortality rates for that year in a lot of different categories. Let us not count suicides and natural causes and then just pick a few not too exotic ones.

cause of death count
cancer 591,700
diabetes 76,488
influenza/pneumonia 55,227
drugs 49,714
traffic 37,267
falling 32,024
alcohol 30,722
firearms 12,208
suffocation 7,239
malnutrition 3,933
peptic ulcer 3,037
drowning 3,034
cutting/piercing 1,860
pregnancy/childbirth 1,123
Number of deaths by cause in 2014 in the United States

Looking at this data, if I were an american citizen, I would most of all be concerned with death by cancer, food or sugar, getting a cold, drugs, or drinking. Now if you excercise regularly, eat a good diet and have a healthy immune system, don’t do drugs and don’t drink, you should at the very least be affraid of driving, walking or otherwise taking part in traffic. Not to mention falling on your face and of course being shot by your fellow countrymen, …‘MERICA! (sorry, couldn’t resist ^^). More than 3000 deaths by malnutrition is also something that I think is crazy in todays time in a western country but back to the topic at hand.

How many people would you guess died due to terrorism in the United States in 2014? Look at the table for a second and try to guess where the terrorism row is supposed to go. According to a report by Miller and Jensen from the START consortium in 2014 the number of deaths due to terrorism amounted to 19. Yes, that’s right, nineteen! If you count the last 10 years in the report we end up at 186. By the way, this includes all deaths attributed to terrorism in the United States in general. That means this not just includes the islamic terror but also deaths due to other terror “organisations” like white supremacist groups, etc.

“But Alex!”, I hear you say, “What about 9/11?” And of course you are correct. If we count all deaths due to terrorism from 1995 to 2016, which is the whole range of the START report and which naturally includes 9/11, we end up at a gross total of 3393 deaths, 3003 of which due to 9/11, within 21 years. On a yearly basis that would be 162 deaths per year putting it at the very bottom of the cause of death table. You are 11 times more likely to die by cutting yourself than to die in a terror attack. If you are female, you are almost 7 times more likely to die during pregnancy or childbirth.

Out of the 2.6 million people dying each year in the United States about 200,000 people die due to accidents and violence, that is non-natural causes excluding illnesses like cancer. Out of these, 162 a year are killed due to terrorism, which makes for a terrorism death ratio of 0.081 %.

How do things look in my own country of Germany? Our media is babbling on about the danger of terror attacks and our politicians are calling for more surveilance and mandatory backdoors in encryption software. Surely the number-crazy Germans have their statistics right and don’t just give in to the spread of hysteria? Well, according to the GENESIS database and the Cause of Death ICD-10 statistics of the Federal Statistical Office (Statistisches Bundesamt) Germany we can get the data for the same categories as for the US. In addition, since both data are categorized according to the international ICD-10 standard released by the World Health Organization (WHO) they are absolutely comparable.

cause of death count
cancer 226,337
diabetes 24,401
influenza/pneumonia 20,874
alcohol 13,889
falling 12,867
traffic 3,688
peptic ulcer 2,436
drugs 1,558
suffocation 1,400
drowning 444
cutting/piercing 193
firearms 112
malnutrition 86
pregnancy/childbirth 24
Number of deaths by cause in 2015 in Germany

And how many deaths related to terrorism in the same 21 year period? Exactly 51 according to the same source (START) as above. Granted, more than half of that (27) happened in 2016 but in this year, which is almost over, we had 1 (one!) death due to a terrorist attack. Same as in 2015 by the way. Still, lets count everything since 1995 as we did above and we end up at almost 2 deaths per year!

In Germany, around 900,000 people die each year of which about 36,000 do so due to accidents, injuries, and violence. The same non-natural causes as I mentioned above. Out of these 2 people die due to terrorist attacks. This results in a terrorism death ratio of 0.006 %!

To put both countries into perspective, while the risk of dying due to a terror attack is 15 times higher if you live in the United States instead of Germany, you are also 20 times more likely to be shot by your neighbour. ;-) Germans however are 2.5 times more likely to suffer death by alcohol but then again, drinking beer is basically required by law over here!

Now, things are for sure a lot different if you do not live in the western world but instead in a country where the numbers in the tables are a bit different. If I were to live in Afghanistan I would definately be concerned about terrorism but the only cure that really helps against pretty much everything is education! Educated people are the antidote to extremism, regardless of which kind, and power hungry politicians alike. And while they are at it, they can also fix all of the things above that are way more likely to harm you.

As a closing thought, since, according to the data above, you are a lot more at risk of dying due to a stomach ulcer than being blown to smitherenes by some guy with a half-assed pipebomb down his pants, there is one thing I can recommend which is known to help: less stress, more chill, take it easy, and don’t get too excited about imaginary dangers! If you want to be concerned, be concerned about what your politicians do under the guise of the threat of terror.

And don’t go about fixing my beer… I like it just the way it is.