Archive

Author Archive

Pack of Asses in Shangri-La

 

Yaacov Apelbaum - Asses in Shangri-La

A donkey pack in Shangri-La: The first dumb ass on left is the laziest, he slows down the pack because he is always looking for something to eat. The group of jackasses in the middle just stand there contemplating the concept that death is a cosmic opportunity. The big ass on the right is their enlightened guru. He imparts to the pack the consciousness that forms the foundation of their spirituality and growth.

In September 2011, while on photography assignment for a nature show called Frozen Planet to Wood Buffalo National Park in Alberta, Canada, Chadden Hunter and his team captured some imagery of a wolf pack hunting bison. Hunter provided the following description of the image:

Yaacov Apelbaum - Pack of Wolves 1

Chadden Hunter’s Original Wolf Pack Photograph

“A massive pack of 25 timberwolves hunting bison on the Arctic circle in northern Canada. In mid-winter in Wood Buffalo National Park temperatures hover around -40°C. The wolf pack, led by the alpha female, travel single-file through the deep snow to save energy. The size of the pack is a sign of how rich their prey base is during winter when the bison are more restricted by poor feeding and deep snow. The wolf packs in this National Park are the only wolves in the world that specialize in hunting bison ten times their size. They have grown to be the largest and most powerful wolves on earth.”

Now, forward the clock by 4 years to December 17, 2015, a user named Cesare Brai publishes a post on an Italian-language FB page. He uses Hunter’s original image but provides this alternate verbiage:

"Un pacco di lupi: i primi 3 sono i vecchi o gli ammalati, danno il passo all’intero pacco. Se fosse l’altro, essi sarebbero stati lasciati indietro, perdendo il contatto con il pacco. Essere sacrificati, poi vengono 5 forti, la prima linea, al centro sono i restanti membri del paccho, poi i 5 più forti seguendo: l’ultimo è solo, l’alfa, controlla tutto dal retro, in quella posizione può vedere tutto, decide la direzione, vede tutto il pacco, il paccho si muove secondo i tempi più anziani e si aiuta reciprocamente, si guardano a vicenda ".

Cesare Brai’s post is interesting, for the following reasons:

– From the post’s grammar it is clear that he is not a native Italian speaker
– Shortly after publication the post was taken down and Brai disables his FB account
– Cesare Brai has no internet presence beyond the wrong photo credit attribution

Three days later, on December 20, 2015, the Italian Facebook posting is translated into English and is posted again on FB by Barbara Hermel Bach. The translation appeared as follows:

"A wolf pack: the first 3 are the old or sick, they give the pace to the entire pack. If it was the other way round, they would be left behind, losing contact with the pack. In case of an ambush they would be sacrificed. Then come 5 strong ones, the front line. In the center are the rest of the pack members, then the 5 strongest following. Last is alone, the alpha. He controls everything from the rear. In that position he can see everything, decide the direction. He sees all of the pack. The pack moves according to the elders pace and help each other, watch each other."
Cesare Brai’s photo. — with Deb Barnes.

Ignoring for a moment the actual content of Bach’s posting, it is interesting to note that her verbiage is a reverse English translation of Cesare Bria’s Italian text which means that the text was most likely first written in English, then subsequently translated and posted in Italian under Brai’s name, and finally reposted in English under her name. 

In her post, she attributed the photo credits to the mysterious Cesare Brai. It is a noteworthy mistake because her collaborator on this post is one Deborah Barnes, a professional animal photographer who judging from her multiple website notices is very sensitive to issues of copyright infringements.

Yaacov Apelbaum - Deborah Barnes

Deborah Barnes’s About Webpage

Barbara Hermel Bach - Pack of Wolves

Barbara Hermel Bach Facebook Post

In terms of memetic engineering, the post was a hit! Within a few weeks, it went viral and has since garnered close to 486K views and over 237K shares. As you can see from just a few of the comments below, Bach’s new age wolf pack narrative clearly struck a chord with her audience:

Yaacov Apelbaum - Wolf Pack Comments

Content Adaptation by Management Consultants and Corporate Trainers 
By 2016, the wolf pack leadership concept in Bach’s FB post took the recruiters, management coaches, and efficiency consultants world by storm. Many of them embraced the idea and were thenceforth using the bogus narrative in their online publications.

Of special interest is the marking algorithm used by each of the republishes to re-brand the image and idea as theirs. As you can see from the few variations below, each one alters the original image by using a simple variation on color, geometric shape, and/or arrow orientation.

Yaacov Apelbaum - Pack of Wolves 2

Yaacov Apelbaum - Pack of Wolves 3

Yaacov Apelbaum - Pack of Wolves 4

Yaacov Apelbaum - Pack of Wolves 5

Yaacov Apelbaum - Pack of Wolves 6

Copycat variations on Bach’s Posting

So why all of the subterfuge, stratagems, and ruses? Why go through all of the trouble to hide Hunter’s name as the original photographer? Why alter the real location of the shot and go through all of the trouble of creating a sock puppet called Caesar Brai? And even now, why not just come out and either remove the original posting (which is a blatant copyright violation) or just state for the record that the narrative is false? After all, even Hunter, the photographer who took the original shot publically posted on his Twitter account that he was being ripped off by Bach:

Yaacov Apelbaum - Pack of Wolves 7

Hunter’s Image Piracy Tweet

It’s hard to answer these questions with certainty. We know from the posting that both Barnes and Bach contributed to it. Using writing style analysis (I’ve used (JStylo-Anonymouth) suggests that Bach wrote the verbiage. If that was the case then what was Barnes’ share? It is possible that as a professional animal photographer, she stumbled on Hunter’s original image and felt that she could repurpose it by attributing it to the fictitious Cesare Brai. As the “animal expert”, she could have also provided the “new age” insight into the wolf pack behavior.

By 2015, four years have passed since this image was originally seen on Frozen Planet and the chance that anyone would remember it would be slim. So the rational must have been that changing the name of the photographer and withholding the location of the shot would help add two additional layers of obscurity to the image.

What I find the most interesting about this and her other posts is that it required a significant amount of effort in terms of planning and execution and that her network produces large amounts of these type of materials on regular basis.

Considering that Bach is a liberal activist with an aggressive political agenda and a member of a large community of similar minded individuals who distribute such high grade social propaganda, it’s plausible that these publications are part of some kind of an organized political media production line.

Yaacov Apelbaum - Resistance   Yaacov Apelbaum - Resistance

Yaacov Apelbaum - Resistance   Yaacov Apelbaum - Resistance

Samples of Bach’s Social Action Content

Out of courtesy and to give Bach and Barnes the benefit of the doubt, I reached out to both of them to inquire about their sources of the image and verbiage. Alas, I have not received a response.

As far as the spiritual and uplifting content of Bach’s posting is concerned, there’s good news. Now you too can generate similar materials, and no, you don’t have to spend 7 lost years in Tibet on a soul searching journey. You can do so effortlessly with a few mouse clicks!

Just do as I did it with the “Pack of Asses in Shangri-La”. Pick a random animal pack image, go to the the inspirational BS Generator or Corporate BS Generator and in no time, you will be the leading ass who manages the pack from behind. Or as the BS generator would put it:

"You would be seamlessly innovating new backend leadership paradigms".

© Copyright 2017 Yaacov Apelbaum, All Rights Reserved.

The Mystery of US sUAS Airspace

Yaacov Apelbaum - sUAS FAA Regulations

If you feel like you are in thick fog and are struggling to decipher the mysteries of FAA Airspace regulations as they apply to sUAS operations, you are not alone.  

The following is a simplified poster version f the current FAA Airspace chart with some additional operational flight information and rules (click on image for full size).

US sUAS Airspace Chart

As for the operational part, here are my top 10 pointers:

1. Don’t fly over people (§ 107.39)
2. Stay below 400’
3. Maintain a visual line of sight to the aircraft (§ 107.31), unless you have a BVLOS waiver 
4. Don’t fly after sunset (§ 107.29) unless you have an night waiver
6. Don’t fly in inclement weather
6. Be mindful of privacy and the invasive nature of sUAS based photography
7. Get permission before flying over public, private, or commercial spaces
8. Obey the “8 hours bottle to throttle” law
9. Consult and study your area sectional chart before flying
10. Always perform a site survey and physical risk assessment before taking to the air

Safe flying!

© Copyright 2017 Yaacov Apelbaum, All Rights Reserved.

Poor Little Bobby Tables

Yaacov Apelbaum - Little Bobby Tables Crying

We are in the midst of a security review for one of our platforms and have been discussing data input sanitation, so I’ve used the “Little Bobby Tables” cartoon to liven up the text in the SQL Injection chapter. I love this illustration because it is so poignant but when I read it this time, I realized that it was missing something. 

Bobby Tables

The problem is that Mrs. Roberts only tells the school representative about the data sanitation issue. The far bigger problem here is that the school DBA only seems to back up their DB once a year!

© Copyright 2017 Yaacov Apelbaum, All Rights Reserved.

Good day to you!

Khoroshiy den' dlya tebya!

The other day, I got this cryptic email. It read:

 

From: Wayne Millbrand <waynem@icon.co.za>
Date: 03/27/2017 2:23 PM (GMT-05:00)
To: ***
Subject: ***

Good day to you!

I have a rather delicate issue, which touches directly to you. Don’t be surprised how do I learned about you! The fact is that I have got already a second letter from the person, I do not know which asserts that you are fraud involved. He insists, that you forced him transfer funds on your PayPal account under fictional reason. However,with this information he pointed out your private data up to address:

First Last Name
Street Address
Town
State (with capitalization error)
Zip Code

Now he is collecting information and planing to contact the police. I advise you to view the information that he sent to me. I have attached Fine.doc with a copy of all of his messages.

Document was password-protected – 4299

Please explain to me what’s happening.  I hope that all of this is a silly misunderstanding.

Best regards,

Wayne Millbrand

Based on the fake email address and the tell-tale Anguished English, I concluded that this was just another phish. 

I usually delete these emails promptly, but this one had an interesting component to it: it came with a password protected MS Word document. This is somewhat unusual because they typically expect you to just launch the attachment and activate the payload immediately. 

So it appears that the attack strategy was to:

  • Send a threatening email
  • Add some publicly available information about the recipient to make it look genuine
  • Encrypt the document in order to hide the payload from an anti-virus scanner
  • Provide the password in the email to allow the user to open and decrypt the file
  • Activate the payload in the MS Word document and infect the user’s machine

Inside the encrypted Word document, I found the following API declarations, variable names, and this code:

Shell32.dll   ShellExecuteA
Kernel32     GetTempPathA
Kernel32     GetTempFileNameA
URLMon"     URLDownloadToFileA

Dim wyqud As String
Dim zdwie As Long
Dim rufhd As Long
Dim bldos As Integer
Dim mufid () As Byte
Dim kmvbf As Long
Dim dfety As Long
Dim bvjwi As Long
Dim wbdys As Long
Dim dvywi (256) As Byte
Dim wdals As Long
Dim dwiqh As Long

API Declarations and Variables
Yaacov Apelbaum-Document OpenYaacov Apelbaum-Functions

This seems to be a variation on an old theme where as soon as the user opens the file, the routine executes a URL file download from one of these two backup sources: 

h t t p://adenzia.ch/_vti_cnf/bug.gif
h t t p://kingofstreets.de/class/meq.gif

The macro is quite sophisticated, it can even prompt the user to disable their firewall if the download fails. Both GIFs—despite having an appropriate header block and some image content bytes—actually carry the encoded malware.

The macro uses a subroutine to extract the executable binary from the downloaded GIF. It stores the binary in a temp file, appends an “exe” extension to it, and then using the Explorer function ShellExecuteA, executes it in order to install additional malware. In this case, it was ransomware that encrypted the Documents folder. 

Yaacov Apelbaum-Ransomware e

The installed ransomware in action

Interestingly, the first compromised URL used by the malware was website that belongs to Adenzia.ch, a Swiss accounting and corporate services firm that ironically advertises itself as providing “Privacy and secure Data storage” and:

  Accounting services

  Secure financial services

  Data entry from paper to digital

  Scanning paper data to digital

  Archiving data anonymously

Adenzia.ch 2

Adenzia

The before and after the breach Adenzia.ch websites

 

Mafia Scripts

The Kingofstreets.de website

Another noteworthy strategy is that both, the repurposed Swiss Adenzia.ch financial site as well as the second German kingofstreets.de gaming site required a login. This provides an additional layer of security by preventing internet security scanners from tracking down the payload by trying to follow a link to the malware.

From the variable naming convention and the language of the email itself, it seems that the writer is non native English speaker. The metadata from the Word document further supports this and suggest a strong link to a Russian origin. First, the author’s name was preserved as виньда (Vinda) and the company name came up as: SPecialiST RePack. 

SPecialiST RePack Metadata

SPecialiST RePack is a Russian digital publisher that is used for repackaging software.  According to Emsisoft malware database, they are a source of a large number of infected files and products.

SPecialiST RePack

SPecialiST RePack infected content

As far as the unfortunate Adenzia.ch site, it seems that it was breached in the past few months as the Wayback Machine still shows them operational on October 4, 2016.

I’ve tried to contact Adenzia and give them heads up that they need to have a look at their network. As of this date, I haven’t heard back from them. This could be an indication that either the site was a front for malware distribution from the get go or else it is no longer in business and has been abandoned.   

 

© Copyright 2017 Yaacov Apelbaum, All Rights Reserved.

Coincidence or Not?

Coincidence or not

You may have seen this motivational masterpiece. It’s a favorite among performance consultants. 

It goes as follows:

IF

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26

THEN:

K N O W L E D G E
11 14 15 23 12 5 4 7 5 96%

AND:

H A R D W O R K
8 1 18 4 23 15 18 11 98%

Both are important, but fall just short of 100%

BUT…

A T T I T U D E
1 20 20 9 20 21 4 5 100%

So the moral of the story is that if you have the right attitude, you will achieve 100 percent of your potential. 

It sure looks great on paper. To test the mystical value of this proposition, I’ve written a short script to first create words that are between 2-12 character long that add up to the value of 100 and then find which of these is found in a dictionary. 

As might be expected, the script generated hundreds of valid words (see the short sample below just for the letter A). It turns out that many of them are not very motivational.

A N E U R I S M
1 20 20 9 20 21 4 5 100%
B O Y C O T T  
1 20 20 9 20 21 4   100%

The problem with all of these leadership gimmicks is that they fail to understand the fundamentals of human performance, chiefly that nothing in nature functions at 100% efficiency. In actuality, anything that’s operational at the 70 percentile range is outstanding. 

Anyone with doubts should consult Frederick Brooks’ Mythical Man-Month.

Word

Letter Values

Sum

Abrogative

1 + 2 + 18 + 15 + 7 + 1 + 20 + 9 + 22 + 5

100

Acromegaly

1 + 3 + 18 + 15 + 13 + 5 + 7 + 1 + 12 + 25

100

Affectation

1 + 6 + 6 + 5 + 3 + 20 + 1 + 20 + 9 + 15 + 14

100

Alienation

1 + 12 + 9 + 14 + 5 + 1 + 20 + 9 + 15 + 14

100

Anchoritic

1 + 14 + 3 + 8 + 15 + 18 + 9 + 20 + 9 + 3

100

Anglophobia

1 + 14 + 7 + 12 + 15 + 16 + 8 + 15 + 2 + 9 + 1

100

Anorchism

1 + 14 + 15 + 18 + 3 + 8 + 9 + 19 + 13

100

Aryanism

1 + 18 + 25 + 1 + 14 + 9 + 19 + 13

100

Asbestos

1 + 19 + 2 + 5 + 19 + 20 + 15 + 19

100

 

© Copyright 2017 Yaacov Apelbaum, All Rights Reserved.

Only a Math Genius can Solve this Puzzle–Not Really!

 

Yaacov Apelbaum Sumerian mathematic tablet

 

One of the most popular math equation puzzles on social media is interesting because it doesn’t have one correct answer and it illustrates the nature of a solution divergence.

Here is an example.  The following two problems can be solved correctly regardless if we use sum of the digits in the product or product of the sum of digits methods:

11×11=4
22×22=16

But when it comes to the next set of 33×33=? each solution diverges and will yield two different results (see result table bellow for method 1 and 2).

For method 1 (sum of the digits in the product) it is: 33×33=18

33×33=1089 or 1+0+8+9= 18

For method 2 (product of the sum of digits) it is: 33×33=36

(3+3)x(3+3) = (6)x(6)=36

 

Here is a graphic solution for method 2

Yaacov Apelbaum If X and Y than Z

Here are the solution for the first 40 sets for each method.

Method 1

Method 2
11 11 121 4 11 11 4
22 22 484 16 22 22 16
33 33 1089 18 33 33 36
44 44 1936 19 44 44 64
55 55 3025 10 55 55 100
66 66 4356 18 66 66 144
77 77 5929 25 77 77 196
88 88 7744 22 88 88 256
99 99 9801 18 99 99 324
110 110 12100 4 110 110 400
121 121 14641 16 121 121 484
132 132 17424 18 132 132 576
143 143 20449 19 143 143 676
154 154 23716 19 154 154 784
165 165 27225 18 165 165 900
176 176 30976 25 176 176 1024
187 187 34969 31 187 187 1156
198 198 39204 18 198 198 1296
209 209 43681 22 209 209 1444
220 220 48400 16 220 220 1600
231 231 53361 18 231 231 1764
242 242 58564 28 242 242 1936
253 253 64009 19 253 253 2116
264 264 69696 36 264 264 2304
275 275 75625 25 275 275 2500
286 286 81796 31 286 286 2704
297 297 88209 27 297 297 2916
308 308 94864 31 308 308 3136
319 319 101761 16 319 319 3364
330 330 108900 18 330 330 3600
341 341 116281 19 341 341 3844
352 352 123904 19 352 352 4096
363 363 131769 27 363 363 4356
374 374 139876 34 374 374 4624
385 385 148225 22 385 385 4900
396 396 156816 27 396 396 5184
407 407 165649 31 407 407 5476
418 418 174724 25 418 418 5776
429 429 184041 18 429 429 6084
440 440 193600 19 440 440 6400

image

imageimage

It is interesting to note the series growth patterns for each method.  Where in method 1, the values tend to cluster around a range of several values (see pattern for 30K solutions), in method 2 the growth is polynomial.

 

© Copyright 2017 Yaacov Apelbaum, All Rights Reserved.

How many four-sided figures appear in the diagram?

There are a number of these geometric combinometrics problems around.  Here is a complete graphic solution to the one of the more common ones.

Question: How many four-sided figures appear in the diagram below?

  • 10
  • 16
  • 22
  • 25
  • 28

Answer: 25

Yaacov Apelbaum - How many four sided figures

 

© Copyright 2017 Yaacov Apelbaum, All Rights Reserved.

Categories: Algorithm Tags: