by Jeevanjyoti Chakraborty
[box]”What are you talking about? The ‘time bomb’ is a person?” Jeevanjyoti takes us on a ride through the most sophisticated cyber crime ever. [/box]Ok, look Mr. Klaude, you are a respectable member of our community. Don’t you think what you are saying is … how do I put it … a little ridiculous? I am sorry… but we have more pressing matters to attend to… perhaps you are stressed out… and you need to…
Officer, I need you to understand that I am fully aware of what I am saying… did you seriously think that I didn’t churn it out in my head before coming down here …
We are the Department for the Prevention of Cyber Crimes (DPCC). We are not some wacky science fiction publishing house. We rely on cold, hard facts. Let’s say, for argument’s sake, I accept your statement that your father had built a breach mechanism to be activated by a “time bomb” that would – as you say – compromise all forms of online security systems. If that is so, what is the breach mechanism? And, more importantly, where is the time bomb? Mr. Klaude, can you give an answer to that? Where is it?!
Officer, not “it”. “He.”
What! You mean a person?! What are you talking about? The “time bomb” is a person? Who is he?
I am.
————————————————————————————————————————————–
Professor, let me see if I have got it right. You are saying the breach mechanism could be a slightly improved version of the most basic brute-force algorithm that novice crackers try out to break passwords. But, going up against the might of the strongest security systems using that would be laughable…
Exactly! Indeed, so overwhelmingly impracticable that it is … well, impossible.
I don’t understand…
Let me explain. This method used from a stand-alone system would be a novice’s daydream; deployed from two systems in parallel – not anything better. Deployed from a thousand, a hundred thousand systems, maybe marginally stronger… but not necessarily better. Now, add a simple machine learning component to the system, so that it learns from its mistakes and gains familiarity with the behaviour of its enemy. You have immediately got something really better. On top of this, allow this seed to gestate over twenty years, and you will have something that can go up against the best security system in the world.
Ok, that makes sense. But, I still do not understand that for such a method to be practicable, it would still need a large pool of systems to train it over these twenty years or so. We know that the behemoths of the cyber corporate world do have access to such gigantic pools. But for obvious reasons none of them would ever foster such a seed.
You are absolutely right. Those corporate houses will be the biggest losers in the event that the catastrophe predicted by our Mr. Klaude actually comes to pass. However, you are forgetting the sleeping hit of 21st century computing.
Do you mean “grid computing”, Professor?
Yes. That, together with the concept of CPU scavenging. That is the system where minute amounts of computing resources are “stolen” from a grid of otherwise ordinary computers, used by the common public, when they are idle. From what I have deduced after reading the official statements of Mr. Klaude, it seems to me that his father was one of the earliest architects of the constructs that enabled grid computing for various scientific laboratories.
Yes. We have verified records that our senior Klaude had worked extensively on the actual implementations of the constructs. Later, of course, as we all know, he went into the gaming industry and became a billionaire. You know, in that virtual world, his games are legendary.
There is one catch in this concept of grid computing though. No matter how many computers you employ, there has to be at least on master computer that actually “interacts” and does the scavenging.
Oh my God! Could it be that his gaming servers are the masters in our case?
Yes, theoretically, that is certainly possible. But, in practical implementation they would have been caught long ago. Long before Mr. Klaude senior died. And you would not be floundering around for answers.
In that case, I think I need to talk with Mr. Klaude himself. And Professor, I thank you on behalf of the DPCC.
————————————————————————————————————————————–
Mr. Klaude, it’s time we get the facts straight.
Yes, that is what I have been meaning to.
So, as you say, the attack will be through a grid of ordinary computers. Your dad’s breach mechanism is based on the grid computing concept, right?
Very roughly speaking, yes.
But, a grid, as I understand it, must have a master system. Assuming what you are saying is true, and that your dad was the one who created this breach mechanism, he would have to use a system that was directly under his control. Do you mean to say that the game servers of your dad’s company are that master system?
Yes and no. Yes, because the ancestors of our present game servers were the first masters. And, no because there are no masters per se at the current stage.
What do you mean? How is that possible? There has to be one master at least.
You are right. There has to be at least one master. But, nobody said that the master has to be statically confined to one physical system.
I don’t get you.
You see, a system is engaged to be a master only because a specific program is running. Apart from that it is not anything special. Now, if that program can be run on one system, it might as well be run on another, and then another.
Are you implying that the program is designed in such a way that it never sits one system in the grid?
Exactly, my point. There are no “masters” because they all are. True, at any given time there are probably only a handful of systems which act as the master systems. But, instead of a snap-shot picture of the whole grid, take a time exposure shot, and you will end up with a picture where the identity of the masters gets almost evenly smoothed out over the entire grid.
Then, from the viewpoint of this time exposure shot of yours, the whole breach mechanism would seem to be a sort of self-sustaining one.
You seem to have got the hang of it.
Far from it. I still don’t understand how the “machine learning” component works. What does it learn from?
There are two parts to the learning. The first is based on a really old concept that started way back in the last couple of years of the first decade of this century. Back then, there was this huge frenzy in the biotech world to delineate protein structures computationally. Long chains of proteins can have a mind-boggling number of combinations possible. They did have quite strong computers back then but these, even when run in parallel, were not very efficient. So, the guys running these simulations came up with a brilliant idea. You see, even ordinary human beings without any formal scientific training have an intrinsic aptitude to understand the feasibility of structures that the best computing work horses don’t. The idea was to exploit this intrinsic human ability. The problem of protein structures, specifically, protein folding, was moulded into the form of games that ordinary people could play. It was an unprecedented success. By 2010, the best “gamers” were far more efficient at delineating structures – albeit with no knowledge of what they were really doing – than even the supercomputers. My dad took inspiration from this and adapted the part of the learning which had to do with the feasibility of his breach codes into this.
So, basically, you mean to say that as the protein folding “gamers” play, they inadvertently help the breach mechanism to learn about feasible lines of attack?
Right.
I know about this early protein folding games. My uncle used to be a huge follower. And we still have alternative versions of that. I am not too sure. But I think I heard something about this citizen computing concept in the delineation of the grafted fullerene structures.
Yes. You are right. That early concept of citizen computing has been successfully adapted in many areas.
And how many of those gaming systems have been “engaged” by your dad?[d1]
I am afraid – most of them.
Hmph! So, what is the second component of the learning mechanism?
The second component is related to the training of the attack modes of the breach mechanism. My dad used actual online games to do that.
How does that work?
The idea is pretty simple actually. Suppose you are new to a game. After learning the rules, you can of course start playing yourself. But, you can’t move ahead really unless you pick up some tricks. And what would be the best way to learn the tricks of the game?
Watch the best players play?
Exactly! The breach mechanism just sits and watches those online games. Like a real spectator it takes sides – the side of the favourites, the big guns. For example, in a multiplayer, individual shooting game it takes the sides of the highest scorer. In such scenarios, lower ranked players team up against the big gun to try and outman him. This situation is not quite unlike what you have in a security system breach using parallel systems running in sync against the might of one ultra-strong cyber vault.
So, the breach mechanism learns about the attack strategies of the mob and at the same time the defence strategies of the big gun… is that what you are saying?
Yes, dead on.
And this training has been going on for the last twenty years, you say?!
Right.
It has started to make a lot of sense. But, I still don’t get one thing.
What is that?
How do you into the picture? From what it seems your father had already done what he had to do about twenty years ago only for the unsuspecting individuals to play out his scheme. If I am not wrong you first introduced yourself in my Department as the time bomb that would activate this breach mechanism…
Ah, that! I have been, for the most part, the highest ranked player in all of dad’s games.
What?! But, that would mean you were the main player the breach mechanism learnt all about the defence breaking. Still, I don’t understand what you meant by your being the “time bomb”?
I had been an inadvertent player in this scheme of dad’s over all these years. What I mean by a time bomb is that the breach mechanism needs to go over a certain threshold limit of its learning curve to actually go into real attack mode.
Like it is ready to attack when it “thinks” it has learnt enough? Is that it?
Yes. That limit of its learning curve is dictated by a weighted criterion on the individual performance of the highest ranked players. When the mob of lower ranked players gets a hit in on a higher ranked player, the breach mechanism learns that as an effective attack mode. Take enough of those hits and you have a rough idea of the limit when the attack mode of the breach mechanism begins.
Are you saying that you have taken a lot of hits recently?
Unfortunately, yes. I am afraid that the limit is near. I am not sure if I might have already tipped it over into attack mode.
Just hold on, alright! You have been telling us all this… but if you are really an inadvertent participant in all this, how do you know of all this?
I didn’t. At least not until now. My dad had the foresight to know that I would be one of the biggest game players, and he sneaked in personal messages for me at every level. Most of them were innocuous all these years. I almost felt like Superman talking with his father Jor-El in the ice castle. Until recently that is. After I had hit the highest echelon in one of the toughest games only to lose a week later to a bunch of apparent pretenders, there came this message that I should check out some old diary of his in our farm house.
You found all that there? But, if he really wanted to compromise the security why wouldn’t he let it play out?
He says in his diary that he never had any interest in making any personal gain out of this. He just wanted to see if it could be done…
So, what now?
I really can’t let this play out just to satisfy a morbid curiosity[VV2] [d3] .
You also can’t stop all this gaming for the sheer fear of letting the cat out of the bag. That is, if there is a cat at all. Even if we could charge you with something we could arrest you – but that won’t help. You are the only one who knows about this.
Yes, about the charges. You can’t really charge me with anything. Nor can you charge any of those hundreds of thousands of owners of the grid. First of all, they have been inadvertent participants. Second, you cannot single out any one. It really is a distributed culpability.
You are right. But I am not too worried about that. What I am worried about is if what you have said until now is true, and hoping that you have not yet tripped the breach mechanism into attack mode, how can we prevent it from ever tipping over?
Well. I could try and keep winning. To fool the breach mechanism into “thinking” that it has something left to learn.
Can you do that?
As I said, I could try. I am sure I can reverse the recent trend. But, then again, I am not too sure how long I can keep that up.
At least it will buy us some time to think out a proper strategy. So game! Game like you have never gamed before! Win. Win to keep the world economy from crashing.
Huh!
————————————————————————————————————————————–
Papa, tell me the poem that Grandpa used to tell you.
Oh sweety! You promised that was the last story…
Please, Papa…
I don’t like that poem very much.
I like it very much… I promise I’ll go to sleep after that…
Alright then, but a promise is a promise… here it goes…
Twinkle, twinkle all they stare,
Thinking always how to dare.
Off into the lion’s lair –
Sitting duck, now ain’t that rare?
To beat them all, let ‘em near.
Make it easy, give a scare!
………………………………………….
Papa, what happened? Why did you stop? Is anything wrong?
No honey! Nothing is wrong. Everything is right. Every thing!
Give the fool his empty share
In love and war, all is fair!
————————————————————————————————————————————–
I know what I have to do. You DPCC people would never have figured it out. It’s easier than winning every game. My father had been telling me the solution all along. I just hadn’t listened to it. But now I know what is to be done. Poetic justice from the prankster genius!
I hope, Mr. Klaude, for all our sake, you know what you mean.
[facebook]share[/facebook] [retweet]tweet[/retweet]
