ECM-Thesis-ITP

A few select images from the NNW at the [ ESC ] Hunter College Presentation in the fall of 2007.

A few select images from the NNW at the ITP Winter Show 07′.

Some documentation from the latest PSA that has been shot and is currently being edited into two PSA’s for the Home Network Awareness Program (HNAP).

And a picture of the Voice Over setup for the NNW ITP Winter Show 07 PSA.

Here’s some of the documentation of the tools and software used by the NNW’s NICDs and places where the NNW has collected network traffic from.

NICD Collection Kit

1) Laptop with Wireless Card or Optional Hi-Gain WiFi USB Dongle

2) TCPDUMP

3) Maps and Notes on Locations

Fall 07′ Collection Routes Map

Optional iPod Touch/iPhone as Network Spotter/Portable Collection Platform

iPod Touch’s Main UI

iPod Touch Wireless Access Point Logger for Scanning/ID/Logging of WiFi APs

TCPDUMP for collection on iPod Touch using Terminal

TCPDUMP running off of iPod Touch

TCPDUMP done

One sort of interesting idea came up during my presentation of the NNWKAA v3 which I began rewriting as a component of the thesis as well as my midterm and main project for Daniel Shiffman’s “Programming A to Z” class.  The idea was the potential of creating a stand alone app to analyze texts you write, like documents or emails and such to let you know if your document contains any flagged words and potentially make suggestions as well as an overall rating on the terror content of your email or doc.

I really kind of like this idea of a sanitizer for your emails and docs.  It not only can reveal the often times ridiculous things flagged in the Neighborhood Network Watch Keyword List (NNWKL) that is based off the ECHELON list.  It also could also be seen to be a training/socializing mechanism.

It would be really awesome if it could be built as a plugin form to be installed into a browser or email client to actively work and analyze in the background.

Another thought would be potentially an NNW Document Auto-Sanitizer app.  You feed in a text document and it makes all the changes needed to put it in compliance.

It seems like this could spiral into a collection of softwares the NNW could recommend to the general population as not to be accidently labeled as a terrorist.

For the midterm I continued to work on the Neighborhood Network Watch Keyword Analysis Application (NNWKAA). The current version of the NNWKAA (v3) is for all intents and purposes a complete rewrite of the previously used NNWKAA, that was built in the processing environment. I will now go through the major differences and changes with the program.

Previously the NNWKAA made use of strings and string arrays for the handling of all the incoming data from the cap files and the Neighborhood Network Watch Keyword List (NNWKL). The NNWKAA v3 now handles all data with hash tables and string buffers, making the application as a whole much more efficient with memory as well as speeding it up significantly. The analysis times have improved dramatically over the previous, I do not have timed results currently but at some point more than likely a time comparison will be made, but for now, it can be said that it is way faster than the older version.

The NNWKAA v3 has moved away from a long form single object app into a fully object oriented java app and has thus has helped with the handling and compartmentalizing of data. The NNWKL is the latest version that uses the ECHELON wordlist as its backbone and FBI / INTERPOL resources as well. There has been an addition of a dictionary cross check, that checks to see if words are actually valid words and if not ignoring them, since with network traffic dumps there is a significant amount of useless garbage. This has dramatically changed the results since it is now very effectively removing much of this garbage and gibberish along with the introduction of an HTML / CSS tag remover / stripper, for the removal of HTML and CSS tags. These have reduced the amount of extraneous formatting information so the exact contents of emails, IMs, and web sites can be checked more effectively for threats to national security and terrorist related items.

So, far with just the introduction of the dictionary cross checking and the HTML / CSS stripper we have seen a marked increase in the amount of flagged words, upwards of 16% in some test cases thus far. Multiple types of reports can be outputted including excel spreadsheets of the concordance of the incoming cap file, with the word counts, flagged status, and positions. Dictionary status could also be easily implemented. A final statistics report is generated with the name of the incoming file, the number of flagged words, the total amount of words, and the terror percentage. A reworking of the Network Threat Advisory System criteria will be necessary to address the exponential changes in the amounts of flagged words, therefore a suggested Network Threat Advisory Level is not being included in the reports that are generated.

Here is the source code for the nnwkaa main, the cap file loader, the generic file loaders, and the modified word class. Here are also some example results, B-Cup Café Results & Excel File (very large 25mb) and a result doc from the previous version of the NNWKAA, NYU’s Stern on the Move network, and 2 networks that are in my apartment building or in neighboring buildings, Hot Air Balloon Results & Excel, and Netgear Results & Excel.

So, the third version of the NNWKAA has been completed as of today.  I’ll be posting up documentation of its operation soon.  Just a few updates on it.  It is able to remove a lot more of the garbage that is useless from the TCPDUMP files (caps).  It runs a lot faster with the lookups being way faster, due to the utilization of hash tables instead of standard strings.  Also, with the dictionary cross checker for valid words, it has now further removed non-words and hence further refines down to the contents the apps is looking within.  The yields for the amount of terror have changed dramatically with up to 10-15% increases in the amount of flagged words aka more terror.  It would seem the app is now faster, more efficient, and more “accurate.”  More to come soon.

Here’s an update on the current software development on the Neighborhood Network Watch Keyword Analysis Application (NNWKAA). You can find it on my other blog for the programming A to Z class here.

In today’s technologically mediated world that relies on network infrastructure, the inherent questions of security and the power relations that are embedded within networks and technology are too often overlooked. Living within the United States’, post September 11th, with terrorism and national security being used to substantiate any actions on behalf of the government it is of no real surprise that in all likelihood the data that we transmit over these networks is being watched and analyzed. What is there to prevent the various government agencies from appropriating this data and molding it to produce whatever results and to substantiate any claims it wishes? Therefore where is the criticality that should be being leveled at authority, information, and technology in this current socio-political climate?

The Neighborhood Network Watch (NNW) aims to address the lack of criticality being leveled at these areas, along with raising public awareness about the security issues with public networks, and revealing the malleable nature of information and data. It aims to do this by taking on the role of a government sanctioned community organization that is a hyperreal manifestation composited from current government agencies and potential future agencies. The group will carry out domestic eavesdropping operations on public networks, with the data being collected used to assess the amount of terrorist related or national security related traffic that is being transmitted over these profiled networks, via its proprietary network traffic keyword analysis software. This information will be made public through multiple mediums that include: literatures, maps, reports, presentation performances, public service announcements, and a web presence.

The Neighborhood Network Watch will operate as if it were an actual government backed entity along with actually carrying out collections of real data and doing actual analysis on this data to create statistical results. Profiling networks that are in the communities in or around where presentation performances occur will allow a context that an audience can directly relate and engage with. It will be able to illustrate the gravity of the topics that are being presented as well as directly incite dialogue between them and myself as the public face of the NNW. This will also provide a point for education on network security and contemporary issues surrounding networks and the government. As well as a means to demonstrate the ease with which virtually anyone could carry out something similar.

The NNW will have an extensive history that is intertwined with other government agencies, primarily the Department of Homeland Security (DHS). This will help legitimize the group but will also offer an entry point for critique of the manipulation of information to fabricate the real. Since the NNW operates as if it were a government agency it will bring to the forefront the methods and tactics used by these bodies to disseminate fear and exercise social control. In conjunction the grossly illegal and unconstitutional methods employed by the NNW that embody an ideal model of the intelligence gathering community and post September 11th United States’ policy, will allow the public to quickly critique and begin to question these agencies and U.S. policy. The NNW is meant to act as a hyperbolic vision of the DHS that is simultaneously feasible and hence walking a fine line that separates the real and unreal. It is meant to be an object of harsh critique and thus provide an entry point for discussing the various issues that are raised with it.

Ultimately the goal of the NNW is to generate dialogue about these issues, whether this dialogue is directly with me as the face of the NNW, or through email responses and comments, questions, or even speaking to other friends and family about the NNW. I will be documenting the presentation performances as well as the reactions by those present, with photographs and video. I will attempt to gather the various responses to the group that may also be posted or written about on other sites. There is the possibility of canvassing those who have joined the Neighborhood Network Watch’s email list as well.

The primary goals for the NNW are to inform and educate people about the security issues inherent with the usage of public networks, the ease with which networks are monitored and data is manipulated to substantiate the motives of those who engage in these practices, and to critically engage people with these topics along with probing the operations, methods and tactics employed by the government that maybe violating their constitutional rights.

Here will be the site to catalog and document my thesis, “The Neighborhood Network Watch,” and its developments.