Last weekend as part of the build up to the Outside Lands music festival in San Francisco’s Golden Gate Park, they threw a Hackathon at Weebly’s playful office in the Financial District. The idea was to make something that would enhance the experience of artists and fans at Outside Lands. I love this idea – a festival that can improve, based on ideas and input from its patrons. Call it Radical Community Reliance.
This past weekend at the third annual Outside Hacks Hackathon, over 200 developers, designers, and technologists of all kinds gathered at the San Francisco headquarters web hosting company Weebly for the mission of “building something that enhances the experience for artists and/or fans at Outside Lands.”
For the uninitiated, a hackathon is an intense competition where teams of coders attempt to build an app, feature, or program in a limited amount of time (usually between 24 and 48 hours). Outside Hacks allotted its participants a total of 24 hours. One of the organizers of the hackathon Travis Laurendine says “Hackathons are like dance marathons, it’s like a sleepover party, except no one is sleeping.”
At the end of the long and hyper-intense 24 hours – which left many of the coders exhausted – the judges chose the app Dave Sent Me as the Grand Prize Winner. That includes a $5,000 cash prize, an Outside Lands VIP experience, and perhaps most importantly the integration of their app technology into the Outside Lands app.
Dave Sent Me is described as a “personalized Outside Lands schedule recommender.”
Outside Hacks Organizer and “Entre-pee-neur” Travis Laurendine
New Orleans Burner Travis Laurendine is one of the geniuses behind AirPnP.
According to Fest300, Burning Man was involved in Outside Hacks too, kicking off the event with an address by social alchemist Bear Kittay.
…the symbiotic relationship between technology was a running theme for the weekend and its presence was as noticeable as the sound of hundreds of fingers hitting keyboards and the smell of pizza fueling the coders.
In the opening remarks, artist and social alchemist for Burning Man Bear Kittay addressed the hackers by saying, “We’ve got to remember that the intersection here between entertainment and technology is a really relevant space. It’s been separated for a really long time, but it’s not often we get together with all these brilliant engineering minds to solve some big problems right at the precipice of music and technology. Think about what a really disruptive tool you could create can be, that could really help to transform the way music and technology worlds come together.”
Travis Laurendine from the InMotion Hosting review site, has witnessed the hackathon significantly grow since its inception in 2013, points out that, “Art is often enabled by technology. A lot of art is dependent on technology. Technology has led us to new art forms. A lot of these people who have the mind for art also have minds for tech, and vice versa. That’s why so many incredible developers are also musicians, because they have the mind for it.”
The incredibly diverse and youthful participants in the hackathon were all united by their passion for music and their drive to make music a better experience for listeners and artists alike. Greg Cerveny, a founder of music startup Groove and one-man team, created his app Dance Commander to facilitate dance parties at the festival by people holding up their phones open on his app displaying a dancing stick figure, thus inviting other festival goers to join in on the dance party. Cerveny says his goal was to give “someone a more awesome time or a really awesome experience because they engaged in a dance social circle.”
Burning Man has been involved with a hackathon before, a “Burner Hack” conference being held at [freespace] in 2013. It’s not clear if anything was produced from this to help Burners. The event was linked with hacking again this year, with news that at least 200 people pushed to the front of the ticket queue by “routing around” the Ticketfly/Burning Man custom system. In a recent Medium story “Burners Don’t Hack Uber, People Do”, they described a smartphone app called “Burner” that is being used to hack Uber to get free credits.
The intersection of music and technology is a really relevant space. So is Burning Man in that space? Are we really at the precipice – what does that even mean?
Outside Lands is coming up in a couple of weeks. The lineup includes Elton John and Billy Idol.
A major hacker group “Hacking Team” themselves got hacked. More than 500 GB of emails, financial and other data was leaked to the Internet. They revealed that the company had sold hacking tools to the FBI, DEA, and Department of Defense; as well as to the governments of Mexico, Australia, Russia, Saudi Arabia, Iraq, the UAE, Spain, and many others.
July 7:
The Intercept published documents about the Hacking Team corporation that was selling its secrets to 3rd world despots, as well as G20 countries and alphabet agencies. They revealed Zero-Day Exploits in Windows and Flash, which could be a major vulnerability across the entire Internet.
The zero-day vulnerability affects all major web browsers, including Microsoft’s Internet Explorer, Google’s Chrome, Mozilla’s Firefox as well as Apple’s Safari.
Chinese equities have lost more than $3.5 trillion of value in less than a month as traders liquidated leveraged bets at an unprecedented pace. Foreign investors extended a record three-day exodus on Wednesday…On the Shanghai exchange, 365 companies suspended trading, equivalent to 33 percent of all listings. A further 992 were halted in Shenzhen, or 56 percent of the total.
Time magazine publishes a story How Real Is The Threat Of a Cyber Attack, warning that a “black swan” cyber attack could really destabilize the world economy over the next, ummm, year – and the government has been consistently surprised by cyber attacks recently. This blames the Chinese as the most sophisticated group of cyber hackers.
Just before midnight, Anonymous tweets “I wonder if tomorrow will be bad for Wall Street”
Wonder if tomorrow is going to be bad for Wall Street…. we can only hope.
Amazing how they can diagnose that so quickly. Especially given that by definition, “hacking” is intruding into internal technical systems.
A trader on the floor described the situation as unprecedented:
In my time in the capital markets or working on the floor of the New York Stock Exchange, I have never seen a complete halt of the markets due to technology problems. Even 9/11 cannot be considered a halt because the markets never opened that day. This is extraordinary. There was no clue, or early indication that this would happen. The music just simply stopped playing. There is no panic on the part of the trading community and right now we are just ensuring that we are prepared when the market re-opens… Most of the volume in this market (and most markets, for that matter) happens in the first half hour and last half hour, so the NYSE is scrambling to get us back on line for a close of the market.
The computer problem in the airline’s reservation system caused the FAA to impose what is known as a ground stop at 8:26 a.m. ET, meaning United flights were not allowed to take off. It lifted the stop for feeder airlines that fly under the name United Express about 15 minutes later, but it took until just before 9:47 a.m. for the ground stop to be lifted for United flights.
The computer problem had forced United to hand write tickets for passengers at multiple airports. But Record said the lack of a reservation system meant that the airline was not able to check to confirm that passengers were not on a no-fly list or that everyone on the flight was supposed to be there.
“Because of the safeguards and the backups built into the reservation system, once that goes down, everything has to stop,” Record said.
Was this just a one off, or has it been brewing for a while? How do we know “Anonymous” is really behind this, and not a state actor?
Going back a little earlier in the year, we can see the build up to this “First Cyber War” being seeded in the media. In particular, software pioneer, cyber-security expert, and hacker of entire countries John McAfee has been sounding the alarm.
A couple of months ago, seemingly out of the blue he started writing a column about hacking – his stories are excellent and he’s quite a character, follow him on Facebook. His most recent columns seem to have been “priming the pump” for today’s events. Prescience? Inside track? Or just a series of lucky guesses?
The first big event of the year was the infamous Sony hack – which led to racist emails between senior Sony Execs circulating.
Then we had the “next level” Sony hack – the one blamed on North Korea, timed to come out at the same time as a comedy film about assassinating the leader of North Korea.
June 4
McAfee wrote about the most damaging hack in history: Adult Friend Finder, 15 million records. There were senators and governors and their staffers in the list, using their own names and official email addresses. There were also church leaders and celebrities.
June 8
McAfee’s next column Four Million Ways To Lose Your Secrets is about how the Office of Personnel Management got hacked, the intruders stole 4 million detailed records. This includes comprehensive and highly sensitive information that is collected as part of the application for Top Secret and other security clearances. This was blamed on the Chinese government.
June 25
McAfee said the OPM hack was smokescreen for a much bigger problem: 24 major hacks in the last 30 days. None of these appear to be linked to Anonymous.
The Office of Personnel Management (OPM) hack has acted as a smokescreen to mask a far broader problem that has occurred in the past 30 days. Here’s the full story in headlines (those in italics are included for completeness only and are not counted in the 24 hacks.):
April 7th 2015 – Russians Hack White House Computers and Even Access President Obama’s Schedule – New York Post
May 22nd 2015 – Adult Friend Finder hack exposes millions of sex seekers – SiliconANGLE#GetMcAfee’d
May 26th 2015 – 104,000 records taken from IRS Website – CNN
May 29th 2015 – IRS Blames Russia For $50 Million Hack – Engadget
May 27th 2015 – Kentucky GOP Website Hacked – GovTech
June 1st 2015 – 1.25 Million records from Japan’s Pension System Hacked – Japan Times
June 4th 2015 – U.S. agency handling security clearances hacked – SiliconANGLE
June 5th 2015 – Records of 4 million Federal Employees Exposed in OPM Hack – NPR
June 15th 2015 – US Officials Now Say 14 Million Records Taken In OPM Hack – NPR
June 23rd 2015 – OPM Hack 4 Times Larger Than Reported – 18 Million Records Now Reported Taken – CNN
June 23rd 2015 – John McAfee predicts OPM number will reach 30 Million – SiliconANGLE
June 4th 2015 – Russia Hacks German Parliament – Business Insider
June 8th 2015 – US Army’s Website Hacked By Unknown Intruders – NBC News
June 22nd 2015 – U.S. National Archives Says It’s Data Was Hacked – NextGOV
June 22nd 2015 – The NSA Hacked Into Popular Antivirus Software To Track Users And Infiltrate Networks – TechTimes
June 22nd 2015 – Script.CC. Hacked, Large Number of Bitcoin Stolen – NewsBTC
June 23rd 2015 – Britain’s National Health Services Hacked – Mirror
What can we make of the above headlines?
The first thing that I noticed was the complete absence of the type of hacks that appeared in the news in the previous year. Nothing similar to the Target Corporation, Nordstrom Inc. and long string of other retail hacks; no mention of credit cards; no mention of individual financial loss. All the mentioned hacks had to do with Political and Government personnel, or with gaining access to the deeper layers of individual lives – going way beyond mere financial data which is in constant flux.
The data taken focused on the more permanent aspects people’s lives. For example, medical data was targeted in nearly 20 percent of the hacks (Japan’s Pension System, Indiana Healthcare Software, North Dakota Workers Comp, Britain’s National Health System). The OPM hack, by far the most devastating, focused on the intensely personal data collected during the process of vetting people for secret security clearances. This data included everything required to determine a person’s fundamental character.
Given the above, we can predict the following with a high degree of accuracy:
More hacks of medical data within multiple states (and countries) will soon be reported.
Reported hacks within the U.S. Government will spread to a number of other Government agencies.
As currently known hacks unfold, they will significantly worsen.
People may be astonished by the increasing frequency of the number of hacks
In a story this morning in IB Times, which doesn’t mention today’s attacks, McAfee said the leaks portends a grim future of global cyber war. One which we are already in.
Nothing to see here, sheeple, move along. As long as CNN tells you everything’s fine, it’s fine.
Burners have always been preparing for a post-apocalyptic, post-economic civilization – that time might be coming sooner than we think.
I don’t want to give a spoiler alert for the end of the new season of Orange is the New Black, but for anyone who’s seen it, I’m kind of imagining that…if the system shut down, and no bank accounts were working, that would probably seem fine for a moment. Eventually, reality would set in.
Wonder what is going to happen tomorrow: will the markets just shrug and move on? Will The Powers That Be continue to deny vehemently that it was a hacker attack, without even investigating?
[Update 7/9/15 5:41pm]
In today’s news, the OPM hack has now been increased to 22.1 million people’s records stolen, 1 in 15 Americans.
Officials have concluded that the larger breach, which targeted background investigation records kept by OPM, included Social Security numbers, information on family members and other contacts, as well as health and criminal records. The data haul also included an estimated 1.1 million fingerprint records.
In total, hackers are thought to have netted records on 19.7 million people who applied for background check investigations with the federal government, and another 1.8 million people including spouses who did not apply for a background check but whose information was included in the forms. Anyone who applied for a background check from 2000 on is likely to have had their information compromised…
Among the forms used in federal background checks is the Standard Form 86, an 127-page document that delves into intimate questions about prior brushes with the law, drug use, psychiatric health, and info on friends and family members. It requires the applicant to put his or her Social Security number on nearly every page of the document.
China was named as “the leading suspect” in the breach last month by Director of National Intelligence James Clapper…Officials did confirm on the call that both attacks were the work of “the same actor” who gained access to the OPM system probably starting in May or June of 2014 with a contractor’s stolen username and password.
It sure seems like a lot of hacker related stuff was launched yesterday. In the Washington Post, DARPA announced a “Cyber Grand Challenge”, noting that we’re losing the cybersecurity war.
Image: DARPA/Facebook
DARPA initially started with more than 100 teams when it began the program a year ago, but the field was quickly whittled down. On Wednesday, it announced the seven finalists chosen to compete in the competition next year. They are an eclectic band of cyberwarriors, ranging from academics representing major university computer science programs to well-known hackers and defense industry heavyweights.
The White House and the FBI might be saying “no cyber attack”, but John McAfee thinks it was. I’m more inclined to go with the billionaire domain expert on this one, rather than the hasty diagnosis by political mouthpieces.
At around the same time that the NYSE went down, the Wall Street Journal’s website went offline, as did that of popular financial blog Zero Hedge. United Airlines also experienced a “network connectivity issue” which impacted almost 5,000 flights worldwide.
Given the criticality of technology to United Airlines, let’s assume for a moment it has a daily reliability rate of 99.9%, meaning it has a system failure once every 1,000 days – which equates to once every three years. Now, let’s assume the NYSE and the Wall Street Journal also have a daily reliability rate of 99.9%.
If these events were truly random and independent, then the frequency of all three of these events happening on the same day is once in a billion days (or if you prefer to count in years, almost 2.8 million years).
Coincidental failure is possible, sure, but it does seem highly unlikely. If you add Zero Hedge to the mix, then the probability of all four events happening on the same day rapidly approaches zero.
If we throw in the near simultaneity of the NYSE and the Wall Street Journal issues (happening within minutes of each other), then it is more likely that your car, using quantum probability effects, would leak out of your garage and show up instantly in my driveway an ocean away.
It is certainly possible, but no one in their right mind would bet on it.
The Financial Times commented on the attacks, and was rather dismissive of the official denials. They call for a new Agency to manage cyber defense, or just take it out of the hands of the USAF and give it to Homeland Security. That way, the same TSA goons groping you at the airport, can be looking up all your personal records in the Cyber databases too.
On paper, there is no shortage of resources; earlier this year, for example, President Barack Obama earmarked $14bn for the cyber fight. But the key problem now is not so much a lack of cash — but co-ordination: as fear spreads, a bewildering alphabet soup of different agencies and task forces is leaping into cyber battle, often with little collaboration. The institution that is supposed to be in charge of security threats is the Department of Homeland Security. But its skills are viewed with scepticism by military officials. The Pentagon has its own cyber warriors, as do America’s intelligence agencies.
The White House has tried to force these bodies to work together. Separately, civilian agencies such as Nuclear Regulatory Commission started holding discreet meetings with each other last autumn on cyber issues too. But collaboration across sectors is patchy. “The level of readiness in different agencies varies enormously,” admits a senior Washington figure at the centre of these efforts. Add in private sector bodies and the picture is even worse: not only is the Pentagon wary of sharing data with, say, the Chamber of Commerce, but companies are often terrified of revealing attacks to each other.
Is there a solution? One sensible response might be to create a new agency to provide a central focus for the cyber fight. There is precedent for that; most Washington regulators emerged in response to a new threat. The Securities and Exchange Commission, for example, was created after the 1929 stock market crash; the Food and Drug Administration appeared after scandals over dangerous medicines. A second option might be to relaunch the DHS to focus on the cyber fight. It could, for example, be named the Department of Cyber and Homeland Security.
7 hackers from L0pht raised the alarm about this to Congress in 1998, saying that any one of them could take down the entire Internet in about 30 minutes. [Source: Washington Post]
So, to summarize, the NYSE has a disaster recovery center which… they choose not to use because it is an inconvenience to clients who would rather be unable to trade!
Maybe there was a different angle altogether: with China crashing and halting 70% of the market, the US had just one response:
China: We'll halt 70% of our stocks
US: Oh yeah, we'll halt the world's largest stock exchange
The Chinese stock market surged again today, after the government threatened short sellers with arrest. This may merely be a “dead cat bounce”, a reflexive response from the market when technical indicators show it as massively oversold.
It raises the prospect that the motivation of the hackers may not have been to destroy, but in fact to profit from wild swings in the stock market. The use of derivative instruments like Put and Call options can create massive profits from swings of only a few percentage points. Certainly, Anonymous would have been in a position to take out such trading positions before making their threat – and, it looks like, executing their plan.
It’s amazing how this narrative is so quickly being spun by BMOrg’s PR machine to “Silicon Valley techies hacked Burning Man and stole tickets from everyone else”, and away from “the ticketing system was not First In First Out and all you had to do to buy tickets was go through Ticketfly’s web site and ignore the queue”. Once again, the Burners get the blame – just for exercising Radical Self Reliance. And BMOrg, rather than accepting responsibility for the unique system they’ve designed and the problems it caused for tens of thousands of their most loyal customers, gets to play the innocent victim.
Despite the story going global, BMOrg haven’t even looked at the report from Ticketfly yet. From SFGate:
While Burning Man organizers confirmed they had been hacked — and that the suspected parties would be stripped of their tickets — they said they needed to see the report from Ticketfly to get into the details. Whether actual hackers posted their exploits on social media was unclear.
“We may have more information later, but Ticketfly is taking the lead on figuring out what happened,” Burning Man spokesman Jim Graham said Monday. “We don’t want to say anything that is incorrect.”
BMOrg confirmed they had been hacked? Not Ticketfly? Hmmm….
I was in at 12:00:56 and didn’t get tickets. Some were there at 12:00:02 and didn’t get them. Others logged in at 12:10 and later and bought tickets. THAT is the biggest problem, and is nothing to do with hackers.
Let’s take a condensed look at the ticket problems, as reported by Burners:
People wrote scripts to connect to the link at exactly 12:00:00
People looked at the source code of BMOrg’s web page and found what the URL would be for the link to the waiting room; entering this URL in their browser meant they didn’t have to wait until the button turned green to get in the queue
Bots were for sale for $750 that automatically bought tickets from Ticketfly
People logged in after the “Pause” and got straight through
People logged directly into Ticketfly, chose Burning Man, and entered their code
People on mobile devices on Verizon got straight through
[if you’re aware of any others, please share]
According to BMOrg, echoed through the world’s media:
200 Burners used sophisticated software hacking techniques to place themselves at the front of the queue
The comments to the WIRED article (and at Burners.Me) have been quite dismissive of the use of the word “hacking” in this story.
None of the numbered examples I listed require any hacking, or any code to be written, although #1 and #2 do require some very basic technical knowledge. So do all these methods get a pass, and there was another hack that we don’t know about? Or is BMOrg trumping up #2 as the scapegoat for all their ticket woes – before they’ve even received the report from Ticketfly? Is this whole story they’re telling simply based on speculation on Reddit? “We found these 200 people in the queue before 12:00:00, they must all be hackers”.
Even if there were more techniques used to circumvent the system, including hacking directly into the servers involved…it does not change the appalling delay between the last ticket being sold, and the 60,000 unlucky Burners in the queue being notified that they were only waiting to make a donation. For that one, they can’t blame hackers.
Meanwhile, tickets are now being offered for $1 million each on Stubhub. No word how many Mistresses of Merriment come with a million dollar ticket…