Fiber-Optic Map: A Classified Dissertation?

An anonymous reader writes "So you spent all that time researching, compiling and formatting your dissertation ... now what if it became classified information? That's exactly what may end up happening to Sean Gorman's dissertation. He's compiled a detailed map of American companies and the networks that bind it all together, right down to the very last fibre connection. The government wants it classified in the interest of national security. Large financial institutions want it classified/destroyed in the interest of economic security. But terrorists would love for this to be published ... it would make their job so much easier." If Gorman can map the fiber network though, doesn't that mean someone else could do the same? Update: 07/09 13:06 GMT by T : Sorry, I blinked past the story as posted yesterday.

Re:Whoops

[garcia]

the on-duty editor should read the e-mail that subscribers send to him about duplicate stories.

Someone is sleeping.

A dupe, but so what ?

[Anonymous Coward]

Quick, everyone. Post as many redundant comments as possible about a story being a dupe. It makes for some great reading.

Morons.

That's why it must be classified.

[NetDanzr]

If Gorman can map the fiber network though, doesn't that mean someone else could do the same?

And this is exactly why his work must be classified or destroyed. Remember, kids, most recent laws are here not to prevent the bad guys from doing something (by deffinition, they are bad and thus expected to break those laws), but to prevent the average citizen from doing something.

He can publish AND not go to jail

[SleezyG]

Having just finished an advanced degree in Computer Engineering, I feel that I may have a little more experience than Mr. Gorman in the matter of PhD-worthy work. I'd like to point out that a computer program, whether in source or binary form, is not enough to earn a PhD. A dissertation, to earn one's PhD, is a written work that documents the research and describes the methodologies used to arrive at the final product (the fiber map program, in this case). Often, when the product is a computer program, the source is included as an appendix.

Considering that it's the data in the program that is sensitive and was time-consuming to compile, the algorithms themselves are pretty harmless. Why not call his dissertation "A Method for Mapping National-Scale Fiber Optic Networks," get his degree, feed the source to his dog, and get a job with the NSA?

Re:Does he have to keep anything secret?

[Chexum]

The weird thing is when some random guy compiles a lot of traditionally public domain data, he's almost threatened to not do it, but when a business compiles customer data, and can tell what is the last fart of mine composed of, every "patriot" is silent? I hate this country... Oh wait, I'm a dumb foreign guy, phew.. :)

Hopefully ...

[Onanismous Coward]

He's able to leverage the data so that he can see gains (I'm thinking an entire career) while the folks that have lots to lose (banks, utilities, transportation, US gov) pay for him to help show their achilies heels and bottlenecks. If 25 telcos happen to be sharing the same 'pipe' of fibre, it may not be a terrorist that breaks that connection... regardless of who severs that line, it ain't good for the telcos -- and the telcos should be using his data to reduce risks. Insurance companies and actuaries for corporations and governments love this kind of stuff, as do operations research people. Tell me how much it'll cost to reduce risk to this level, or: I have $10,000,000 -- how can I spend it to ensure that the worst case scenario isn't as bad. Hopefully the information doesn't become classified; hopefully, it's used over the next few years to sure up the bottlenecks and other weak points, making the infrastructure far more robust in the following years.

What About Australia?

[femto]

I would like to see a similar map for Australia. Unlike the US, it has about a dozen large cities with hardly anything in between (apologies to all those outback towns).

I reckon the continent is spanned by a couple of (a few if you're lucky) fibre optic cables. Chances are you don't even need a map to find them. Just follow the line of solar powered repeaters, one of the handful of roads or the single railway line. Alternatively, just look for the line of brightly coloured posts marking the cables, in an attempt to stop people accidentally digging them up!

Take your ditch digger into a remote area, carve a 100 metre ditch perpendicular to the road and bingo, one severed optical fibre cable.

Dupe? What's your point, people?

[Mikey-San]

The majority of Slashdotters, I imagine, are not subscribers, so I'm not directing this toward those of you who are. You guys are paying for duplicate stories (not that major papers don't do this, too, but still). That kinda sucks, and I can understand why you'd be upset.

But to everyone else bitching to hell and back about duplicate posts (in redundant, duplicate posts to begin with), I say:

Big. Freaking. Deal.

If you don't like it sooooo much--if you have such a problem with the content of Slashdot--STOP READING SLASHDOT. You're not paying anything, you're not forced to read any of the sections, and no one here owes you anything.

I don't understand why people who are pissed off so much by typos and accidental duplicate story posts (it's not like it's done on purpose) would continue coming here just to bitch about it in the comment threads. Oh, wait, this is /Slashdot/ ...

Mapping the network

[jdhouse4]

Having been a graduate student in a previous life (earned a MS in aerospace engineer), it is possible for someone to replicate Gorman's work. However, unlike Gorman, that person will be operating in an environment where information will not flow so easially as it perhaps did to Gorman. Technically, everything about everything is on public record. Fishing it out is another matter. And by the time you're finished, the network has likely changed enough that a good part of your work is then invalidated. Gorman was doing this as his graduate research, meaning he probably spent most of his day working on this under his graduate research funding.

So, now anyone wanting to replicate Gorman's work will need to take the next 4-6 years off, have an advisor who will keep you from going down dead ends as Gorman's advisor probably did, get paid by someone (Mr. Bin Laden?) during that time, work in a newly, informational hostile environment, and keep updating your map even as you map new areas. Not a piece of cake.

Internet Durability?

[Jerk City Troll]

I have asked this question a number of times, but I am still confused.

The Internet was designed to be durable. It is built with many points of failure and it is supposed to function even with many of those points disabled.

Why is it then that a backhoe operator in California can knock out Internet access or at least cripple traffic for the entire country?

Is it simply that there is not enough redundancy to make this possible? If that is the case, forget about supressing research like Gorman's and increase the infrastructure.

Regrettably, I must agree that spilling this information out into the public domain is not the best. Computer security concerns should be publicized, but physical security issues should not. They differ insofar as the means of resolving security issues. If some operating system has a vulnerability, it is repaired once and the patch gets disseminated to all affected systems. You cannot simply build a stronger door and pass that door around to all affected sites.

Nevertheless, we should make efforts to nullify the vulnerability so that when this information becomes public, the point is moot and a few bombs destroying some fiber will do nothing.

PhD quality research?

[acorn]

The most puzzling aspect of this story is that the job of mapping the US internet is sufficient to earn a Ph.D. Of course, it is possible that there are aspects of the author's thesis that go beyond what is advertised above.

I admit that this author is not alone--in the CS department where I work, "experimental" Ph.D. theses featuring poorly designed experiments or no scientific work at all (which appears to be the case above) are a constant problem.

Perhaps this is an accident of the youth of the field.

Security Through Obscurity

[kmilani2134]

As other posters have pointed out, secrecy is not going to help with security especially since it would be just as easy for an adversary to use the same sources to reconstruct the work.

Instead, the work should be used to increase our knowledge of our infrastructure so that we can know our own weaknesses. If we are aware of our weaknesses, we can then do something to protect them.

There are probably many legitimate applications that can be built using this knowledge. For instance, my company is launching a Web service which may someday have millions of users worldwide. It would be very nice to be able to analyze our nation's infrastructure for the most secure and reliable places to co-lo our servers.

Re:not suprising

[Wyatt Earp]

Yea, just like how building the first atomic pile was simple. Why hand out Ph.Ds for that?

Stack a bunch of graphite, throw in some uranium and graphite rods with some controls to raise and lower then and vola! an atomic pile.

And the first antibiotics...bread mold in a dish...

Often a breakthrough simply comes from someone organizing what has been out there for years.

Since when..

[shatfield]

Since when did we become a nation of wimps? If it were up to our current government, the biology of the human body would be suppressed, so that "terrorists" wouldn't know where to shoot us in order to kill us. Just like this case - if we can figure it out, so can they. This information is just like any other information -- it can be used for good or evil. Obviously there is information that is more pertinent than other information, the size of Jenna Bush's bra, for instance, would be considered by most to be unimportant. How that information was obtained; however, would be a little more important. In what way is our government censoring this information any different than what the Chinese government does? Perhaps he should release this onto Freenet [freenetproject.org]. It would finally validate what Ian Clarke has been saying for the last few years. Censorship must be eliminated if we are to have a democratic society.

Ministry of Truth, Rule #3

[Rogerborg]

IGNORANCE IS STRENGTH [online-literature.com]

My guess as to how he did it.

[Samir Gupta]

It's likely he used the traceroute utility, and correlated hostnames with domain name records, combined that with geolocation systems.

Not too novel or ingenious, just tedious. Will the US ban traceroute now?

Re:Dupe? What's your point, people?

[Dixie_Flatline]

For what it's worth, the description and headline on this posting were far better than yesterday's. I hardly glanced at yesterday's post (in fact, I couldn't remember it at all, and had to follow Timothy's 'apology' link), but this one really caught my eye.

Maybe instead of complaining that this one is a dupe, we should be complaining that yesterday's headline and description were lacklustre and ignorable.

What about the proliferation of knowledge?

[openbear]

This quote really disturbs me ...

"He should turn it in to his professor, get his grade -- and then they both should burn it," said Richard Clarke, who until recently was the White House cyberterrorism chief.

Knowledge should be used to empower. Knowledge should be passed along from generation to generation. It is our knowledge that makes this (or any country) worthy of defending.

How about finding ways to better secure our national infrastructure instead of "persecuting" researchers. What's next? The Bush administration will outlawing thinking?

Maybe I am just overreacting, but the above quote from this article reminds me of The Burning of the Library of Alexandria [ehistory.com].

easy killer - a bit ot but relevant..

[SubtleNuance]

But terrorists would love for this to be published ... it would make their job so much easier

yes, isnt their *just a little* paranoia in that statement? What is more likely, that A) the World-trade-center event was rather isolated and abhorent or B) There are vast numbers of Evil Terrorists(tm) plotting from within America just waiting -- literally foaming at the mouth in breathless anticipation -- of this kind of information in order to plot their Next Terrorist Attack(tm).

Really, you yanks need to get out more. The rest of the world deals with these kinds of criminals ALL THE TIME(!) and you dont see them in a paranoid funk do you? Your wife/mother/daughter is more likely to be raped and killed by your husband/father/son than they are to die bc of the Next Terrorist Attack(tm). You gonna lock up anyone who looks cross-eyed?

I understand the world trade center was a very tragic and emotional event, but really -- CALM THE HELL down and start to think rationally again. Your government/military has your nation whipped in such a lather that *YOU* are *really* a greater threat to World Peace than any Evil Terrorist(tm).
It was not OK for the US to invade Afghanistan because they cant/wont extradite osama binladen*. It was not OK for the US to invade Iraq because they didnt like sadam hussein*. It will not be OK the next time the US decides to invade %somewhere%.

*setting up these straw-men, and demonizing them was a propaganda tactic meant to shift the public's views of these events... instead of understanding the events as Germany->Poland style invasions, justifying them as "go after this Real Evil Dude(tm)" is pretty straight-forward propaganda... the fictional rationale is irrelvant really. The bottom line is that the USA just invaded/occupied two nations in the last few years. These subtleties may be lost on the domestic audience, but the rest of the world A) doesnt buy it and B) sees the USA as a rogue nation... but I digress.

PS to the Brits amoungst us; please toss Blair out of office for this misdead - but dont elect the god-darn conservatives in his place, they will only be worse.

Re:He can publish AND not go to jail

[Dun Malg]

Want to locate fiber optics? Follow the rail system, the high tension power lines, and the highways.

Yep. And for any other location, dial up the number on the "call before you dig" sign and you can sometimes even get a telco to send you a fairly detailed map.

Re:not suprising

[Wyatt Earp]

Alot of academic research isn't revolutionary or unprecedented. I see that every time I walk past the Geology department and glance at some of the research projects on the wall.

A earthquake danger chart for the Portland OR metro area is just a map and other data but it's a research project. Low temprature rock formations of Eastern Oregon aren't that revolutionary or unprecedented.

From the articles I've read on this guy and this subject he is the first one to put it all togeather in one place, sounds unprecedented to me.

Re:This part

[DavittJPotter]

What's more frightening is that this man is so adamant about taking information away from his customers and shareholders. This information has been public domain for several years - long enough for Mr. Gorman to do his research. If some so-called terrorist wanted to do some damage, the information is there. I doubt your ShadowyFigure(TM) will say, "Damn! Now that this is all correlated, I have the perfect spot to plan my attack!" Right. From the terrorist angle, hitting the World Trade Center was a high-profile, symoblic target. It also helped our current situation by inciting mass hysteria, civil liberties problems, and to help our slide into recession, since we're all afraid of going anywhere or spending money because the Terrorists may be hiding somewhere. Nobody knows for sure, mind you, but they're 'out there...'

The public should have every right to know what is in their neighborhoods. "Does all that openness still make sense?" Yup, sure does - as soon as you start hiding facts from the public, you start weakening the country. Our government supposedly couldn't stop the attacks in New York with advance information - now you expect them to police every supposed 'weak point' in the country, while classifying that information?

The less we know, the more hysteria and crap we can be fed.

Re:not suprising

[fubar1971]

They have taken this information and made maps of it. WOW! Whoopee!

So apparently you missed the part in the Washington Post that states...

Using mathematical formulas, he probes for critical links, trying to answer the question "If I were Osama bin Laden, where would I want to attack?"

What he has done is to probe and test the layers of infrastructure for weakness and try to determine the econominc impact if those weaknesses were to be exploited. Any boob can use GIS software to layer all of the different infrastructures on a pretty map. To analyze all of the layers and then tie them together so as to come up with the mathmatical formulas to determine what would happen if.... Now that sounds like it would take some smarts.

Re:Internet Durability?

[Detritus]

Fast, Cheap, Reliable. Pick two.

It takes time, money and engineering to build a reliable network. Back in the days of the Bell System, a great deal of effort was expended in improving the reliability of the hardware and the network. There were redundant paths, load balancing and excess capacity built into the network. Huge amounts of money were spent on making electronic switching systems, and the associated software, extremely reliable.

The Bell monopoly is gone. So are the economic conditions that made it possible to spend all that money on reliability. Today, the emphasis is on fast, cheap and disposable. Telephones are no longer designed to last decades. Single points of failure are acceptable if they result in consolidation and costs savings. Experienced workers have been downsized and replaced with cheap contractors.

Many of the people who design IP networks have no interest in reliability beyond "it works most of the time". Single points of failure abound in their networks, which are usually built from mediocre hardware running software that is in perpetual beta test.

Look at the popularity of VOIP and PC based switches. People are eager, even if they don't think about it, to trade reliability for cash. Why spend big bucks on a purpose-built PBX when we can do it on a PC running Windows with some add-ons? Why spend money on backup power, redundancy and failure tolerance?

Reliability costs money and there are damn few people who are willing to pay the price. That is reflected in the marketplace for hardware, software and communications services.

Re:not suprising

[cluckshot]

I really think that this security stuff is getting out of hand. Suppose a man with a backhoe just digs by accident. Its a daily occurance. Nobody except the liablity issues for the digger has any fit over it because there are so many redundant channels for data.

This is classic foolishness to classify such a map. The Internet was invented out of US DOD efforts to make communications web linked to make destruction of single or many routes irrelevant.

Terrorists attacking key nodes at the 50 top sites at the same time would probably not even slow stuff down much. Americans really need to be looking at the real reasons for such classification. The reasons probably are more terristic than the terrorists intentions.

Re:Internet Durability?

[Jerk City Troll]

And we're using it for critical, national infrastructure. Nice.

Re:not suprising

[fubar1971]

Bin Laden wants to KILL PEOPLE

Bin Laden does not want to kill people, what he wants is to destroy any threat to Islamic beliefs that he may perceive. Since he sees the USA (and other nations)as a threat to Islam, he has declared jihad against this country. The Islamic faith is against killing just like any other religion, but also like any other religion, killing can/is rationalized for the perceived greater good of the religous community and beliefs. So when you make an assinine statement like Bin Laden wants to KILL PEOPLE, you just make yourself sound like an idiot. As for the "hacker terroist", where does the Washington post article say anything about hacking? I do recall another section of the Washington post article that states:

He can drill into a cable trench between Kansas and Colorado and determine how to create the most havoc with a hedge clipper.

Gee I need to dump all of my electronic equipment and go out and get me one of those new hi-tech hedge clippers. Boy can I do some seriuos hacking then. I'll be the envy of all the l33t haX0rs everywhere. His disertation has nothing to do with hacking and anyone who reads that into it, needs to get out of their mommy and daddy's basement a little more often. It is all about finding weak points in the various infrastructures, and what the economic impacts would be if they were to be exploited. The reasons people are concerned are also stated in the article. Even your reply hinted at it:

he real motives are hinted at in the news story -- executives want the fragility of their systems kept secret because it's embarrassing.

Not only is it embarassing, but imagine how much it will cost to fix, or even how much it will cost if somebody (like a terrorist or even a competitor) were to take advantage of that vulnerablity. Now multiply that by every single organization that utilizes all of the different infrastructures. Now you might begin to understand the chaos it may create. That is in all probability why the Feds want to classify it. If Terrorist or religous zealots were to be able to have access to all of this data in a nice neat package then they would have a hell of a war plan. One of the most important rules of warfare is to attack economic centers. To oversimplify it, No money = No threat. So in response to your statement:

He doesn't care about interrupting your porn download, or even bank transactions

In actuality Bin Laden does care. The Pr0n industry is a multi-billion dollar industry that feeds many other industries, especially in the banking and Credit Card transaction areas. Any business, bank, or finacial organization that process Pr0n transactions would be effected if Bin Laden was to knock out any portion of that industry (or any multi-billion dollar industry that requires electronic banking and CC transactions). It's called a domino effect. So now if Bin Laden can knock down other industries on top of the Pr0n industry, then the dominos will fall faster. The faster you can take the money away, the faster you will win the war. Why do you think the Federal government has been working deligently to shutdown the "money" network of Al-Quada? Don't get me wrong, I do not believe the disertation should be classified. I mean if it was all built from legally obtained public information, then there is nothing stopping someone else (Especially well funded religous zealots that know how to take better advantage of the government beuarcracies than most Americans do) from doing the same. That would then lead to the next question, what other information should be classified? Should we classify everything? Where do you draw the line? I hope he gets to publish, and make a boat load of cash going to companies and the government to point out their weak spots so they can be fixed. If this doesn't scare the sh*t out of the companies and government to fix the problems, then nothing will ever convince them to corret them.

So no

Re:not suprising

[Anonymous Coward]

A couple points are in order here. First "killing people" is bin Laden's method, not what he wants. He is a religious fundamentalist and what he wants is for the US to leave what he regards as the muslim lands of the Middle East. Most terrorists have a goal or motive that articulates their actions. They aren't irrational; they're vicious. Second, the repeated strikes at the WTO were strikes at economy. The WTO was a nexus for an enormous fraction of the global economic activity - remember WTO -> World Trade Center. The human casualties were probably an "extra," adding terror to the action that simply clobbering infrastructure would not offer. Third, creating an uproar over security issues and identifying them is the stupidest thing the administration could do. It specifies potentials, identifies specific targets, and identifies just exactly what terrorists should strike at as far as the administration is concerned. Every time "der Fuehrer" of Homeland Security, Rumsfeld, Ashcroft, Bush, or any of that bunch open their mouths as they please, they are telling bin Laden,or Hamas, or ..., "kick me here. It will really, really hurt." They are painting day-glo bulls eyes on civilians for political purposes.