Monday, March 27, 2017

Ransomware Comes To the Heartland


Imagine the following scenario circa 1962.  From an aircraft carrier in international waters in the Gulf Coast near Houston, the USSR flies a team of helicopters that land in a parking lot outside a urology clinic in Baytown, Texas, on the Gulf Coast.  Soldiers with AK-47s surround the clinic and hold everyone in it hostage until all the files inside are loaded onto a helicopter.  Then the leader of the team informs the head of the clinic that they're holding the files for $5000 ransom.

Sounds pretty ridiculous, doesn't it?  For one thing, a Soviet aircraft carrier wouldn't have been allowed to get into the Gulf of Mexico during the Cold War.  And even if it had, U. S. Air Force planes would have shot down anything flying toward the Texas coastline.  And to mount an invasion force of that magnitude only to hold some clinic's files hostage would be like killing a flea with a nuclear weapon. 

But fast-forward to 2017, and the moral equivalent of that crazy scenario not only could happen—it did happen.  First, some background.

From 2007 to 2015, my father-in-law lived with us until he passed away, and one of the medical services he needed was provided by a coalition of formerly independent urologists called Urology Austin.  It is a medium-size group of about 20 physicians and associated service people, but is strictly a local concern, not affiliated with a national chain.  As I learned when I opened an envelope from them last week, on Jan. 22 of this year, the organization was the victim of a ransomware attack.

Ransomware secretly infects a victim's computer system by various means.  When it's triggered by the attacker, it encrypts the victim's data and demands payment for un-encrypting it.  We are as reliant on computer systems now as we are on electric light and communications systems, and in many cases, saying good-by to one's data is effectively saying good-by to one's business.  So unless victims have a robust and constantly updated physical backup system, they usually have no choice but to pay the ransom, which can be in the five- to six-figure range.  And even then, according to one report by Forbes, fewer than half of the victims actually get all of their data back.  Add to all this hassle the fact that in the case of medical records, a lot of confidential patient information has been compromised, and you have a small businesman's nightmare. 

The Forbes article says that in 2016 the number of ransomware attacks exploded, going from 3.8 million in 2015 to 638 million in 2016.  It's not clear whether that number counts only attempts, or successful attacks in which money was paid, but in either case, ransomware is posing a significant hazard not only to large corporations, but to small- and medium-size firms that can't afford huge staffs of IT people constantly on the alert for the latest type of ransomware attack.  Which is one reason the attackers go for them, of course. 

Historically, a dicey part of any ransom or shakedown crime in which the attacker wishes to remain anonymous is the payoff mechanism.  But cybercriminals have the convenience of bitcoin to thank for making that part easier too.  Bitcoin is a "blockchain" system that apparently furnishes virtually untraceable means of transferring large amounts of money.  While there are legitimate reasons for such a system, bitcoin seems to be implicated in a wider and wider range of dubious and illegal transactions, ranging from drug deals to ransom payoffs.

The radically international nature of the Internet is showing signs of making the historical idea of the sovereignty of a nation-state within its borders ineffectual, if not obsolete.  Back when the only means of communication were tangible objects such as letters, keeping a nation's borders secure meant that anyone wishing to steal or pillage inside that nation first had to invade the country, with all the paraphernalia of war that invasion involves.  Invasion was a big deal, and so not that many countries tried to invade other countries, and when they did, they had to pay the price of casualties and deaths.

But now, something close to the same effect of theft and pillage accompanying an invasion can be visited on a humble little urology clinic minding its own business in Central Texas, from an unknown invader who is probably halfway around the world.  As war has shown through history, human institutions always lag behind technological developments—sometimes catching up pretty fast, but sometimes falling behind for years or even decades. 

In a time when government is seen to be the problem as least as much as it is seen to be a solution, I hesitate to call on governments to attempt anything more than what they're doing already.  But just as the entire power of the military would have been called on to defend our shores against the imaginary USSR invasion of 1962 whose target was Baytown, because one urology clinic can't be expected to protect itself against a foreign power, it seems to me that when threats from outside the country start to cause significant losses to private interests that can't defend themselves adequately, it is one traditional role of government to intervene in order to protect those who can't protect themselves.

I leave the form this governmental protection would take up to those who know better about how to organize such things efficiently.  In general, the U. S. military seems to have preserved its integrity with regard to getting specific jobs done, better than most other parts of the federal government.  But there is a strong and well-justified tradition of limiting military action inside the borders of the United States—the danger being that if this limit wasn't in place, we would be in danger of becoming a police state.  Nevertheless, as the nature of foreign invasions changes, traditions may have to change too. 

I hope Urology Austin recovered from its ransomware attack without too much loss of cash, data, or goodwill.  But I also hope that those who are in a position to do something about it will start to reorganize our military efforts to acknowledge the fact that attacks from foreign powers no longer come only in the form of soldiers, ships, planes, and missiles, but also as weaponized bits.

Sources:  Besides the letters mailed to our address from Urology Austin, I referred to the Wikipedia article on ransomware and the article "2016 Saw An Insane Rise In The Number Of Ransomware Attacks" that appeared on the Forbes website on Feb. 7, 2017 at https://www.forbes.com/sites/leemathews/2017/02/07/2016-saw-an-insane-rise-in-the-number-of-ransomware-attacks/#5f4256c558dc. 

Monday, March 20, 2017

In Praise of Doppler Weather Radars


On Mar. 28, 1920, a series of more than 30 deadly tornadoes made widespread paths of destruction through the central and southern U. S. and caused deaths from Michigan all the way to LaGrange, Georgia.  Shortly before 6 P. M., that southern mill town was struck by a tornado with an estimated Fujita rating of F3, which means its winds probably ranged from 158 to 206 MPH.  After wrecking a cluster of worker's houses, the town's main mill and factory were both destroyed.  A total of twenty-seven people died in and around LaGrange as a result of this storm, which was the largest death toll caused by any tornado of the outbreak.

On Mar. 6, 2017, Oak Grove, Missouri was also hit by an F3 tornado, one of more than 30 tornadoes sighted that day which touched down during an outbreak that was similar in many respects to the one that happened 97 years earlier.  Although over 400 homes sustained moderate to severe damage ranging from partially or completely destroyed roofs to almost complete destruction, only twelve people in the town were injured and there were no deaths reported as a result of the tornado.

Why did 27 die in the LaGrange tornado and no one died in the Oak Grove tornado?  There are many reasons, but one I would like to focus on here is the existence and use of Doppler weather radars for tornado tracking and warning.

In The Tornado: Nature's Ultimate Windstorm, longtime weather researcher Thomas P. Grazulis describes the long process of discovery, research, technical advances, technology transfer from the research lab to National Weather Service and private users such as TV stations, and finally the incorporation of Doppler weather radar into the process of issuing official tornado warnings with their widespread dissemination through media outlets such as radio, TV, and now the Internet and mobile phones. 

Although standards of building construction have certainly improved from the 1920s to now, it is likely that most people in LaGrange in the 1920 storm had no clue that a tornado was coming, and most people in Oak Grove in the 2017 storm did.  Here in Texas, I grew up with the threat of tornadoes, and have memories of legendary weatherman Harold Taft of WBAP-TV in Fort Worth using one of the earliest weather radars installed at a TV station in the early 1960s to track dangerous storms. 

Conventional (non-Doppler) radars are somewhat useful in tracking tornadoes, because a characteristic hook shape sometimes develops on the radar screen when a tornado forms.  But it is by no means definitive, and if the storm is in a "cluttered" region such as a city, where radar returns from storms are masked by returns from tall buildings, you can lose the ability to track such a storm just where you need it most.  Then came Doppler radar.

The basic Doppler principle has been used in simple police radars since the 1950s.  The idea is that a moving object reflects radar waves at a slightly different frequency than the one that the transmitter emits.  The frequency shift is directly proportional to the speed of the reflecting object with respect to the transmitter, so valuable information about wind speed is contained in the radar return from wind-whipped rain and hail in a thunderstorm. 

Unfortunately, the technology of the 1950s was mostly too primitive to take advantage of the Doppler aspect of radar echoes, and early Doppler radars were so expensive that only the military could afford them (they were also good for detecting another class of dangerous moving objects, namely missiles).  But as both radar and computer technology advanced, first adventurous weather researchers, then government labs, and finally the National Weather Service and private interests such as TV stations could afford to buy commercial versions of Doppler radars. 

Grazulis describes how as early as 1958, experimental Doppler radars proved useful in measuring wind speeds associated with a Wichita, Kansas tornado.  But it took another thirty years of research and development before the WSR-88D series of weather radars were produced commercially and installed in dozens of National Weather Service facilities across the country.  With virtually every TV and cable TV outlet in "Tornado Alley now having its own Doppler weather radar, anyone with the slightest interest in what the weather is doing on a stormy day can tune in or look at a phone app to see extremely detailed maps of exactly where a suspected or verified tornado is headed, complete with extrapolations of likely travel directions and arrival times. 

While we can't say we're not informed about tornadoes, there are still those who either can't receive such messages, or don't care.  So public education is still an important aspect in the fact that although the U. S. population has increased from 1900 to 2000 by a factor of 3.5 or more, the annual death rate from tornadoes declined in that time from about 180 per year to less than 60 per year.  That is still too many, but the combination of better-constructed housing, a better-educated populace, and vastly improved information networks that convey Doppler weather radar information virtually instantaneously to thousands of potentially endangered individuals no doubt helped to limit the casualties that resulted from the Oak Grove tornado earlier this month.

Still, Grazulis says there is much more to be done.  The formation and life cycle of a tornado is one of the most physically complex weather events known.  Although computer models can simulate many aspects of tornado formation, we still do not have either enough raw data or the computing power to predict exactly when and where tornadoes will form, or what they will do once they form.  So we can presently track and describe tornadoes remotely once they show up.  But it would be nice to be able to say on a minute-by-minute basis exactly which storm will produce a deadly tornado, and which will make only rain, hail, or strong straight-line winds. 

Nevertheless, we can be grateful to the largely nameless teams of researchers, engineers, and administrators who together have provided the excellent warning system we have today.  All we in Tornado Alley have to do now this tornado season, is to heed the warnings.

Sources:  The Tornado:  Nature's Ultimate Windstorm by Thomas P. Grazulis was published in Norman, Oklahoma by the  Univ. of Oklahoma Press in 2001.  For details of the Oak Grove tornado I used an Associated Press story carried on the U. S. News and World Report website at https://www.usnews.com/news/best-states/missouri/articles/2017-03-07/homes-damaged-as-severe-storms-tornadoes-hit-midwest.  I also referred to the Wikipedia articles on LaGrange, Georgia and the 1920 Palm Sunday tornado outbreak. 

Monday, March 13, 2017

Game of Chance: The Grade-Crossing Accident in Biloxi


One of the first safety issues faced by the early railroad engineers (meaning the designers, as well as the guys who drove the trains) was how to handle grade crossings:  the place where a railroad line intersects a surface road.  The only foolproof way to handle such an intersection is to build a bridge so the foot or wheel traffic never obstructs the rail line.  Bridges are expensive, though, so in the twentieth century in the U. S. most grade crossings were simply equipped with warning signs and signals, and the railroads and local road authorities hoped for the best.  As the accident on Mar. 7 in Biloxi, Mississippi proved, the best is sometimes pretty bad.

Biloxi and the surrounding area is a magnet for retirees who like to spice up their lives with games of chance, and so tour buses transporting seniors from as far away as Texas and other states are a common sight in town.  A CSX railroad line runs east-west through town, at a level of a few feet above the surrounding flat coastal land, and crosses Main Street at a grade crossing.  When the crossing was built, probably in the early 1900s, the longest wheeled vehicle likely to cross it was no more than about twenty feet long, and the slight rise of the rail-line level from the street on either side of the tracks presented no problem.  But with the development of trailers and buses later in the century that were fifty feet long or more, these raised grade crossings presented a hazard, because vehicles with a long wheelbase can scrape the rails and lose traction, getting stuck on the tracks.  And at the intersection in question, there have been numerous accidents caused by just such a problem since the 1970s, both fatal and non-fatal.

On Tuesday, March 7, the driver of a tour bus transporting vacationers from the Bastrop, Texas Senior Center was apparently deviating from his bus company's prescribed route when he approached the CSX crossing on Main Street.  And just as many other drivers of long vehicles discovered, his bus wasn't going to make it.  According to reports, the bus was stuck for about five minutes before a three-locomotive freight train hit it, carrying the bus about 200 feet down the tracks.  Although riders had begun to flee the bus before the collision, many were still trapped inside when the train struck.  Four people were killed, including a couple from Lockhart, not far from where I live.  Thirty-five people were injured, several critically.

Most people know that trains can't stop on a dime, or even a quarter-mile row of dollar bills.  The laws of physics make it almost impossible to safely dissipate the huge amount of energy represented by a loaded train moving, say, 25 miles per hour (as the CSX freight was before the engineer saw the bus stuck on the tracks) without taking many seconds and hundreds of feet to do it in.  So realistically, it's up to drivers to stay out of the way of trains on grade-crossing tracks.

Railroad companies have tried all kinds of things to prevent people from getting stuck on tracks:  bells, gates, signs warning that long vehicles can get stuck (there were such signs posted at the Main Street crossing), even heavy-handed color movies displaying in grim detail the consequences of taking chances with trains.  (I watched one of those movies on a rainy day in elementary school when the teacher was desperate to keep us distracted during recess, and it gave me nightmares.)  But if drivers ignore warning signs and, once a bus is stuck, fail to evacuate it promptly, the inevitable is going to happen sooner or later, as it did last week in Biloxi.

As an article in the Austin American-Statesman pointed out, not even the new and costly Positive Train Control (PTC) system now being installed by railroads across the U. S. would have prevented this accident.  PTC is a semi-automated system that will prevent head-on train-train collisions and will regulate speeds if the human operator gets careless.  This will make passenger trains safer and reduce the number of freight-train accidents.  But even PTC can't keep people from getting stuck on the tracks at grade crossings. 

The overall incidence of fatal accidents involving U. S. railroads has decreased since the 1990s, but until grade crossings with humps such as the one in Biloxi are eliminated, there is always the chance of a careless truck or bus driver coming along and getting stuck on the tracks.  Towns that can afford the space and expense are replacing grade crossings with overpasses that both improve traffic flow and eliminate the safety hazard, but as the American Society of Civil Engineers has been fond of pointing out for decades, America is way behind in infrastructure improvements such as these. 

Right here in San Marcos, we have two frequently-used rail lines that used to cut the town in two at the three major intersections of east-west roadways and railroad lines.  And on rare occasions, a long train or trains would simply stop at these crossings, making it difficult or impossible for emergency vehicles to get from the west side of town to the hospital on the east side.  About eight years ago, the city built an overpass at the grade crossing nearest the hospital, and currently another bridge is being built over the second of the three major crossings.  But this will still leave an old-fashioned humped grade crossing near the middle of town, which fortunately is not situated on a major traffic artery.  Still, there is always a chance that a wayward truck or bus will get stuck there, although such an incident hasn't happened in the seventeen years we've lived here.

Perhaps this whole issue of grade-crossing hazards will fade into the past as autonomous passsenger vehicles come into general use.  One hopes that the programmers of those vehicles will build in a fail-safe way to keep them away from railroad tracks where the vehicle is likely to get stuck, and to obey crossing warnings.  But unless the passenger is completely unable to influence the car's motion in any way, there will still be people who will override the safety features and try to cross against warning signs and signals—and they will be taking a chance they shouldn't try to take.

Sources:  I referred to articles on the accident published on the site heavy.com at http://heavy.com/news/2017/03/biloxi-bus-train-crash-accident-deaths-toll-injuries-derailed-killed-mississippi-update-how/ and ABC-TV News, New York at http://abc7ny.com/news/history-of-deadly-mississippi-train-crash-site-a-focus-of-investigation/1790941/, as well as a print report "Biloxi bus crash highlights limits of high-tech safety measures for trains," by Ben Wear carried in the Mar. 12, 2017 edition of the Austin American-Statesman, pp. A1 and A6.  The gripping drama "The Last Clear Chance" (produced by the Union Pacific Railroad in 1959) can be viewed at the Prelinger Archive of ephemeral films at https://archive.org/details/0845_Last_Clear_Chance_The_08_29_26_00. 

Monday, March 06, 2017

Telephone Museum, Anyone?


The spirit of modern science and technology is forward-looking, always reaching out for the next new discovery or invention and neglecting that which went before.  The creative destruction of the global technological economy means that every new technology is on a moving conveyor belt taking it to the dustbin of history, where its physical component parts are destroyed or recycled and knowledge of it largely vanishes. 

But there is still value in understanding where we came from, what life was like for previous generations, and what mistakes were made back then that we could possibly avoid in the future, if we only knew what they were.  So it is especially notable when a person engaged in the very anti-historical pursuit of communications engineering spends a lifetime preserving the technology that he himself helped to make obsolete.  And it would be something close to tragic if the fruit of his efforts ends up falling off the end of the conveyor belt anyway into scrap heaps and obscurity.

Around 1962, a young Texas farm boy named Don Capehart got a job with Western Electric, which was then the manufacturing, engineering, and design arm of the monolithic Bell System.  Capehart's job led him to the secretive innards of the giant electromechanical machine that was the telephone network back then.  About that time, Western Electric engineers were installing the equipment that enabled direct long-distance dialing by customers, who then no longer had to call the operator to set up a long-distance call.  For the next twenty years he installed and maintained Bell System equipment throughout Texas and neighboring states, and gained an intimate familiarity with it that few others enjoyed.

Then came 1982 and the breakup of the Bell System.  No longer would Bell equipment be manufactured, used, recycled, and rebuilt entirely within a single corporate structure.  As the individual operating companies started to buy non-Western-Electric equipment, huge piles of old telephone gear showed up on surplus, or headed for the scrap heap.  Something in Don rebelled against the idea that an entire way of life, telephone-wise, was to vanish from the earth.  So he bought a disused soft-drink bottling plant in his home town of Corsicana and began collecting old telephone equipment in it, and he kept it up once he became an independent telecommunications consultant who was often called in to replace antiquated gear with modern stuff.

Today, the Capehart Communications Museum houses everything from 1880s switchboards, to a Western-Electric-built Vitaphone phonograph system linked to a 1927 movie projector for the first sound films, to civil-defense supplies stored in nuclear-strike-hardened telephone exchanges of the 1960s, to an entire portable telephone office used during the Vietnam War, and much, much more in about 10,000 square feet of space.  Would you like to see the racks of equipment that it took to form the microwave-link network that made transcontinental network television possible in the U. S. in the 1950s?  It's there.  Would you like to see switchboards that have starred in movies?  They're out there. 

As fascinating as the hardware is, listening to Don himself as he gives a guided tour is even better.  In 2011 he was featured on the TV show "American Pickers," and that episode proved to be one of the most popular ever screened.  On that show he might have told the following story that he experienced during his days of laying some of the first fiber-cable runs to be buried in West Texas, when one day they started digging on some ranch property.

A day after his crew started, they got up and headed back to where their equipment was, and found it surrounded by a new barbed-wire fence and four guys with shotguns.  Don knew better than to try to talk to anybody with a shotgun, so he sent to town for a cop and waited.  When the cop arrived, Don explained the situation to him, and the cop went over and said to the rancher, "Juan, get your men to put those guns away, we gotta talk."
           
"All right, but my family's owned this land since the 1880s and damned if I'm gonna let these guys onto my land."
           
Don said, "Sir, see over there, that notch cut between the hills?"
           
"Yep, what about it?"
           
"That's a railroad cut.  A railroad used to go through here, and a telegraph line.  The railroad's been pulled up, but AT&T still owns the right-of-way to put a line through here."
           
"Like hell you do.  My family's owned—" and so on.  Finally Don called AT&T headquarters and he and his workers cooled their heels in a motel for three days.  Then Don and his crew got word from headquarters that everything was straightened out.  They went back out to the ranch, where owner Juan came up to them and said, "All right, you can put your damned cable through.  But lemme tell you one thing—I hate Philadelphia lawyers."  

Don now has a problem.  He and his wife are retired and getting up in years, and his museum has never been a success financially.  Also, Corsicana is not exactly a major metropolitan area, which it would take to support an institution such as his museum.  So he has concluded to put the establishment up for sale.  Obviously, it is a quixotic hope that someone will come along and pay his asking price—a million dollars—and ship the entire collection off to a new home where youngsters will be awed by the tremendous trouble and expense it used to take to do something as simple as making a phone call.  But if he can't sell it intact, he's afraid that when he's gone, his heirs will just leave the door open one day and let technological vultures pick the place to pieces.

This would be wrong, a shame, and a bad reflection on the entire discipline of communications engineering to let such a treasure be lost to history.  On the other hand, if Don hadn't been quite so enthusiastic over the years, the collection might be more manageable.  At any rate, perhaps my effort here to bring the perils of the Capehart Communications Museum to the attention of a slightly wider public will bear some fruit.  If it doesn't, and if you have the slightest interest in seeing this unique collection while it is still intact, hie yourself to South Ninth Street in Corsicana, ask Don for a tour, and be generous with a donation at the end.  It's the least you can do.

Sources:  My wife and I had some extra time during an overnight stay in Corsicana last December, and happened upon a brochure for the Capehart Communications Museum.  Don was gracious enough to give us a tour, and told us several stories and of his hopes to preserve it.  The museum's official website is http://telemuseum.info, through which you can communicate with Don Capehart.