Trending Topics:

Bridgegate 2.0: Israeli tech students manipulate traffic patterns

News
on 24 Comments

In Today’s Times, Nick Bilton has a piece on novel uses of “bots,” or computer code that impersonates humans and mimics their activities on-line, titled “Friends, and Influence for Sale Online.” Here are a few paragraphs near the end of the piece. (It’s in the Financial Review; that’s my link).

“This is all about power and control, the same thing it’s always been, but now it’s digital and you can do a lot more of it,” said Rick Wesson, chief executive of Support Intelligence, a computer security consulting firm based in San Francisco.

For now, these bots are simply deceptive, tricking people into thinking something is popular or pushing an agenda. But as bots become more sophisticated, Mr Wesson said, they could become nastier.

In March, two students at the Technion, the Israel Institute of Technology, created a swarm of bots that caused a phony traffic jam on Waze, the navigation software owned by Google.

The project, which was a class demonstration, was so sophisticated that the students were able to make bots that imitated Android mobile phones that accessed fake GPS signals and were operated by fake humans in fake cars. The Waze software, believing that the bots were on the road, started to redirect actual traffic down different streets, even though there was no traffic jam to avoid.

Chris Christie

Chris Christie

Where did the traffic diversion occur? Bilton doesn’t say.

FYI: Chris Christie might lose his job or aspirations, because of this kind of thing.

The Jerusalem Post also has a neutral reading of the story. The students have created a program that makes fake traffic jams. But it says this:

The students were able to simulate a traffic jam that lasted for hours on end causing motorists on Waze to deviate from their planned routes.

Philip Weiss

Philip Weiss is Founder and Co-Editor of Mondoweiss.net.

Other posts by .


Posted In:

24 Responses

  1. Diamond on April 22, 2014, 10:34 am

    My reading of this is that these students brought to light a potentially dangerous defect in these types of systems. It would have been preferable for them to not actually affect traffic on the ground, but i doubt they would have caught anyone’s attention without doing so.

    Their little stunt ought to spur Waze and other similar companies to fix these flaws before they get exploited by actual bad guys (eg. common criminals, terrorists, politicians, etc.).

    • Woody Tanaka on April 22, 2014, 11:07 am

      I disagree. If they found a defect, then the only proper response is to alert those companies who have those flaws and perhaps release a press release noting that they’ve made the company aware of the problem. By going beyond that, by hacking into systems without permission and affecting people’s lives, they’ve shown themselves to be criminals, nothing more.

      • puppies on April 22, 2014, 11:55 am

        Dunno, Woody. They didn’t hack into anyone’s systems if the tale is accurate; they just emitted signals that were misinterpreted by the proprietary software that was providing a flawed service for money. Where is the obligation to alert them? Is there an obligation for all to rely on Waze or any electronic stuff instead of your own eyes in going from A to B? Only such gullible people were affected.

      • Woody Tanaka on April 22, 2014, 12:31 pm

        “They didn’t hack into anyone’s systems if the tale is accurate; they just emitted signals that were misinterpreted by the proprietary software that was providing a flawed service for money.”

        If they specifically designed those signals to be picked up by that software and intended for them to be picked up, and intended to thereby affect other people, that’s hacking enough for me to punish them.

        “Where is the obligation to alert them?”

        I’m not saying that there is an obligation. I’m saying that if these people think up a way of defeating this system, then their valid, moral options are: do nothing, or alert the company and publicize that they did so. In my opinion, they have no right to exploit the weakness and then claim later that they did nothing wrong. If I figured a way to defeat your burglar alarm system, I don’t avoid prosecution for B&E by saying that I was just letting you know before “really” bad guys exploit it.

        “Is there an obligation for all to rely on Waze or any electronic stuff instead of your own eyes in going from A to B?”

        Services like Waze actually permit users to avoid trouble spots and plan alternate routes regarding traffic problems that the users can’t yet see with their own eyes. That’s kind of the point, to avoid the problem before you get stuck in it.

        “Only such gullible people were affected.”

        And so it’s right to take advantage of people because they are gullible???

        This smacks of the victim-blaming that ones sees a lot on the internet regarding computer crime, where they blame the victim because they weren’t vigilant enough against the criminal. This would never fly in real life (“You’re at fault for me breaking into your house because you didn’t buy a steel door sufficient to withstand my battering ram” or “You’re at fault for me stabbing you with a knife because you don’t walk around wearing a suit of armor”) and it shouldn’t fly with regard to computer crimes, either.

      • marc b. on April 22, 2014, 12:51 pm

        nothing was ‘misinterpreted’. the system worked as it should have. the problem was the introduction of fraudulent information. and this from the article:

        The Waze software, believing that the bots were on the road, started to redirect actual traffic down different streets, even though there was no traffic jam to avoid.

        so this wasn’t a closed simulation. it caused the redirection of real traffic, down real streets. brilliant. so, hypothetically, some poor schmuck driving his wife to the hospital to deliver a baby could have been rerouted around a fake bottleneck.

      • puppies on April 22, 2014, 3:12 pm

        @marc b. All that because signals were in fact *misinterpreted as genuine. Responsibility to the customer and any liabilities remain with the company that sold the service. Using that service is not compulsory for being on the road; traffic has no obligation to follow anyone’s say-so –only conform to orders and indications by official authorities. Anyone, none of that is relevant here.

      • ritzl on April 22, 2014, 3:15 pm

        @marc b.- And since they won’t release the where (probably for the very liability reason you point out), can we assume that this was done by Israelis in Israel TO the US?

        If that’s the case, shouldn’t they experiment on their own country? More to come on this, methinks.

      • marc b. on April 22, 2014, 4:20 pm

        and this definitely doesn’t pass ‘the shoe on the other foot’ test ritzl. imagine the reaction to Iranians/Russians doing this?

    • marc b. on April 22, 2014, 11:25 am

      don’t kid yourself: the ‘students’ are actual bad guys. and who knows if these design defects are flaws. backdoors are often built in at the behest of security services, which leaves them open to exploitation by ‘the bad guys’.

      (it never ceases to amaze me, the absolute amorality of people like this who operate under the superficial veneer of science-y objectivity while causing mayhem; dipshit geneticists creating superbugs, engineers building nuclear bombs. frightening people.)

      • CloakAndDagger on April 22, 2014, 2:00 pm

        @ marc b.

        don’t kid yourself: the ‘students’ are actual bad guys.

        Absolutely agree. There are many ways to demonstrate defects in software – I should know, but doing it by disrupting the lives of innocent people is not one of them. I am not interested in people demonstrating the weakness in the security of my home by breaking and entering it.

    • on April 22, 2014, 7:27 pm

      i wonder if cornell feels a certain sense of unease considering their recent partnership with technion

  2. Woody Tanaka on April 22, 2014, 10:34 am

    slightly OT, but the world’s legislatures really have to buckle down and start making the punishment for computer crimes serious. Hacking into computers or faking GPS or stealing people’s data or creating computer viruses should be punished by imprisonment measured in decades (with lifetime bans on using any computer thereafter), confiscation of property and harsh penalties for countries that fail to arrest and try computer criminals. /Rant.

    • LeaNder on April 22, 2014, 12:35 pm

      Woody Tanaka, from my limited experience with criminality on the web, as far as attempts are concerned, no really successful stuff yet on my side, they often work from national ground that is off limits to people in charge to protect me in this context. to the extend they can that is. In one case the attempts originated in Switzerland. I passed on some of these really vicious attempts to make money with the sheep out there to the authorities. Since I have some basic knowledge in German law, I wondered how often people over here who don’t, are tricked. The attempts were based on the suggestion you had clicked somewhere and maybe did not remember it. The sum wouldn’t have been too high, and this could be a trick too. Better pay then make the sum go up due to no payment.

      Now hacking into computers, seemingly was part of the problem I had recently again. And strictly this like earlier experiences could have been kids too, trying to make fun with me. …

      Fact is you can ramp up your security to your hearts or needs delight and there still is something that isn’t registered. By now I always start by checking the usual suspects of free software whose bugs are often the source (Adobe, Java). Obviously since one can assume they are on almost every system.

      But something I didn’t initially check, since assumed was safe, was the internal software of my router. Now I will watch if ads that kept popping up at the same time in a new browser-window, all adds by Israeli companies, will also disappear. Strictly they shouldn’t have popped up to start with. I am not assuming that this is also the origin of my problems by the way. Since I had this problem before, and the real origins was somewhere else. That I was offered them may have to do with my web-interests, like MW, strictly.

      But since I am a curious nitwit, it feels like I need better tools or software in this context. Secunia is a free tool, I strictly can recommend concerning problems due to not updated software which often seems to be the case. But apparently the router’s own internal software itself was off limits to it. Seemingly it checks only the software connecting router and laptop, but not the routers own internal software. …

      • Woody Tanaka on April 23, 2014, 10:22 am

        “they often work from national ground that is off limits to people in charge to protect me in this context. ”

        Well, I am an American. If my country is going to have an overblown, bloated millitary that invades other countries without their approval, then dammit they should nab the hackers while they’re there.

  3. pabelmont on April 22, 2014, 11:01 am

    Isn’t technology endlessly fascinating, powerful, subject to such benevolent intelligence, and so admired (by those who admire such benevolently applied intelligence) that the readily observable ill-effects, if any came to editorial notice, of a particular application are ignored in favor of celebration of intellectual genius at work! Gosh what fun. Little boys pulling wings off flies! Wonderful! Budding entomologists, fer shure.

    Drones and guns aimed by robots (or by human beings suppressing all human qualities in their efforts to pretend to be robots). New robots pretending to be evil human beings. Evil human beings programming evil robots which pretend to be evil human beings. “No Cause for Alarm!” Cause for celebration. Or cerebration.

    Wonderful. Thank you, Israel, 8200, USA’s Flame-Stuxnet-command, et al. And can china or USSR (sorry, Russian Fed.) be far behind? Brave new world. Oh Joy, Oh! Rapture!

    And just in time to distract those who are distractible from the one BIG problem we all face, climate change.

    • marc b. on April 22, 2014, 11:29 am

      “Little boys pulling wings off flies! ”

      that’s a crude but accurate summation of the psychology. I seem to remember something about fear of an uncontrolled nuclear reaction during the development of the first A-bomb.

  4. wondering jew on April 22, 2014, 11:52 am

    Computer students fuck with an app! Call the FBI! To show the vulnerability of an app is comparable to closing traffic lanes because a mayor did not endorse you? Too much rhetoric and nowhere to go.

  5. seanmcbride on April 22, 2014, 12:01 pm

    Phil,

    Great post — you are locking on to an issue of the highest strategic importance — cyberwarfare — which comprehends a wide range of activities, including Big Data mining.

    This little hack is just the tip of an immense iceberg, most of it invisible to the public. And the public can’t even begin to wrap its mind around the details and significance of the Snowden/Greenwald data dump — it’s just a mysterious blur of strange acronyms.

    Israel, and Unit 8200, may well be the world’s most innovative leader in developing these technologies.

    How many Mondoweiss commenters realize that the most minute and intimate details of their lives are an open book for several intel agencies that are monitoring Mondoweiss? Do they understand what can be done with that data?

  6. eljay on April 22, 2014, 12:18 pm

    >> From jpost.com:

    Following Yadid and Ben Sinai’s success in implementing the system, the advisers notified Waze of the “cyber-attack” and explained to the company the manner in which the students were able to hack the application.

    Sounds like the right steps were taken.

  7. JeffB on April 22, 2014, 3:25 pm

    @Ritzl

    And since they won’t release the where (probably for the very liability reason you point out), can we assume that this was done by Israelis in Israel TO the US?

    If that’s the case, shouldn’t they experiment on their own country? More to come on this, methinks.

    Wow always assuming the worst:
    “I told Eran that if we would cause Waze, before we started driving, to report that there was a huge traffic jam on the coastal road [Route 2], the application would divert all drivers to Route 4 and we could drive to Tel Aviv on the coastal road without any traffic,” Partush said in a statement released by the Technion.

    Does that sound like the USA to you? Maybe you should consider why you feel it necessary to always assume the worst?

    And for all the people talking about criminal behavior this was done with their advisor. Following Yadid and Ben Sinai’s success in implementing the system, the advisers notified Waze of the “cyber-attack” and explained to the company the manner in which the students were able to hack the application.

    And people wonder why MW gets accused of anti-Semitism just assuming this was criminal, in the USA….

    • CloakAndDagger on April 22, 2014, 10:22 pm

      @ JeffB

      Maybe you should consider why you feel it necessary to always assume the worst?

      Because Israel has shown us over and over again that their actions can sink below what any of us could imagine in doing harm to others. Ritzl is completely justified in his/her assumptions.

    • Woody Tanaka on April 23, 2014, 10:25 am

      And for all the people talking about criminal behavior this was done with their advisor. Following Yadid and Ben Sinai’s success in implementing the system, the advisers notified Waze of the “cyber-attack” and explained to the company the manner in which the students were able to hack the application.

      So what? They notified the company after they committed the crime that they, in fact, committed the crime. The “advisors” should be behind bars, too.

      And people wonder why MW gets accused of anti-Semitism

      No, we don’t wonder. It’s because those who are making the accusation are committing a slander, because they are mentally and emotionally unable to cope with the evil that is done by that state and that people and live in a fantasy world. No one wonders at all. People have been tossing around these false claims of “antisemitism” when they don’t like valid criticism, since time immemorial.

  8. hophmi on April 22, 2014, 11:07 pm

    Lol. Scraping the bottom of the barrel again, I see. Because, as we all know, hackers exist in Israel only.

    • talknic on April 23, 2014, 8:38 pm

      @ hophmi “Scraping the bottom of the barrel again, I see” based on the premise that ” Because, as we all know, hackers exist in Israel only”

      If you say so hophmi

Leave a Reply