The Wayback Machine - http://web.archive.org/web/20040410221300/http://signalplusnoise.com:80/

31 March 2004

Crescendo

My time has been stretched especially thin since early February — as might have been apparent from the number of posts like this one — and over the next two weeks, several high priority deadlines and trips will push it past the breaking point. These represent the endpoints of much of my work this semester, and as usual, I'll be cutting it close. As much as I hate to do it, it's come to the point that I have to take a brief blogging hiatus until about April 22, when the background rate of deadlines will re-establish itself and regularly scheduled programming will resume.

I very much hope you'll check back then. Thanks.

Posted by Chris at 12:08 AM | Comments (1) | TrackBack (0)

26 March 2004

Speed Trap at the Casino

Two men and a women visit the roulette table at a London casino on two nights and walk away with 1.3 million pounds. At those odds, that's odd. Scotland Yard calls the case “extremely complex”, but here's the explanation that's making rounds, so to speak:

It is thought the gang's success may have been based on a theory known as "sector targeting". The theory is relatively simple. A player determines the point at which the ball is released and the point it passes after one or two spins. He or she can use these figures to calculate the ball's "decaying orbit" and so anticipate the area of the wheel - or sector - the ball is likely to come to rest in.

The system cannot reliably predict the slot the ball is likely to fall in but by determining the sector greatly sways the odds in the favour of the punter. The problem is that it is almost impossible to do such a calculation using mental arithmetic.

In the early eighties a gambling expert, Scott Lang, published a book detailing how to use a digital stopwatch to calculate the sector the ball would finish in but casinos simply banned stopwatches.

For years there have been rumours that con artists have made sector targeting a practical method by using computers. The data relating to the two points is fed into a computer which has been programmed to calculate the "decaying orbit".

In laboratory conditions it has been done but managing it in a casino with hundreds of thousands of pounds - and the threat of being caught - makes it much more difficult.

It is thought that the gang which allegedly struck at the Ritz may have taken the theory a step further by using the laser scanner to calculate the speed of the ball with more precision.

Wouldn't it be really, really difficult to accurately target a moving roulette ball with a laser to measure its velocity, especially from a distance and with the need to be surreptitious? I suppose it's true that even if the targeting were only accurate — and the odds thus improved — intermittently, the expected gain per trial could be increased above zero, but it still strikes me as impressive accuracy. And the sector targeting idea itself seems challenging. Unless roulette wheels are always started at the same point by convention, which is possible but seems unlikely, the conspirators would have to discern where the wheel started and transmit that information to the computer to make the final sector prediction useful. Perhaps this explains the need for three conspirators, but it would also seem to more seriously constrain their timing. And if you've practiced so hard to perfect your technique, wouldn't you spread smaller winnings around multiple casinos? Winning 1.2 million pounds at roulette in one night is sure to get some unwanted attention. I'm guessing there's more to this story.

If the casinos think security is tough now, with stopwatches and lasers, just wait a while. Sign at the casino entrance: By state law, brain implants and nanotechnology devices are forbidden from this casino. Please submit to scanning upon entrance. Of course, by then, we'll all have other problems, and other diversions.

Thanks to a reader and Arts & Letters Daily for the pointer.

Posted by Chris at 01:46 PM | Comments (1) | TrackBack (0)

25 March 2004

Surfing With An ATM

“I wouldn't do that,” I said to the student as he was about to swipe his card through the ATM. He took an almost imperceptible step back and eyed me coolly. I understood; we've all been trained to be wary at the cash machine. So I explained.

“I wouldn't use that machine. Some kids were surfing the Internet on it a little while ago.” Now a skeptical look, with a little contempt mixed in, I think. “Seriously.” He swiped his card and paid me no mind.

But I was telling the truth. Earlier that morning, I did a double-take as I passed the ATM. Some kids were using the machine with a keyboard. There was Internet Explorer. Acrobat Reader. Some other software I didn't recognize. The machine was even playing music.

For a moment, I was baffled. Was this a new feature? What wacko at the bank came up with that idea? Who wants to wait around to get cash while the guy at the machine checks out the .... Oh. Security breach. Ohhh.

Not long after, the ATM interface was back up. I tried to alert people, but someone removed my note. The students I warned gave me that look, as though I were singing a Barry Manilow song out loud. Hey kids, get with the times.

Later, I talked to the technician as he worked on the machine. The good news: he had completely erased the computer's disk and installed a secure backup. The bad news: he had no idea how they had managed to compromise the machine or get it to do what they had done. I wondered out loud what would have happened if they had done their dirty work at 3am when the change would likely pass unnoticed. He grunted, not reassuringly.

A few months ago, I heard a news report in Boston about criminals who had installed their own card readers and cameras at ATM stalls to steal access information. Now there's no need for them to go to so much trouble. They can just get the bank's computer to do their work for them.

Hey, don't give me that look.


UPDATE: Michael Friedman takes issue with my description. As I comment on his blog, however, I am not the only one to witness or remark upon the activity on the ATM screen. No laptop was apparent, and it was the ATM screen showing the desktop. As to Internet connectivity, it is an obviously bad idea to connect ATMs to the Internet; I am making no claim that banks do this. In fact, it explains my surprise at seeing Internet Explorer at all. I had assumed that the infiltrators were using the wireless network available throughout the building (and on much of campus), which I presume would be sufficient. But it is true that I cannot confirm that they were really connected; I didn't check that what was displayed on Internet Explorer was a remote site. Finally, regarding the technician; I said he installed a secure backup. What he said more specifically was that he installed a "new disk image." From context, I took this to mean that he copied existing contents in toto onto the disk there (else why erase), but it is also consistent (given vaguaries of conversational language) with installing a new physical disk. Both also seem consistent with the security policy Michael mentions; I said nothing about installing software piecemeal.

I'm more than willing to alter my interpretation of these events based on new information, and I make no claims to expertise about these systems. Indeed, my claims here are limited. But I stand by my description of these events.

UPDATE 2: I spoke to a representative at the bank who deals with ATM incidents. As one might expect (and quite properly), she would not share any information about the incident. She did, however, confirm that it is possible to access and use the underlying computer, which does run a standard Windows desktop, without special equipment, though again naturally she didn't say how. But she told me that there are several physical safeguards that protect the financial information and transactions even if the computer itself were completely compromised and that no new software could be installed by one using the system.

A plausible reconstruction, consistent with what I observed, is that someone accessed the underlying computer, either intentionally or not. They or others then proceeded to use it for fun and even brought some extra hardware (e.g., headphones, keyboard, etc) to try to use it more fully, at which they were unsuccessful. They played with the installed software (music player, IE) which for some reason is kept on the machine. The technician was unsure of how access was gained and replaced the disk as per protocol. Financial transactions were in no danger.

Posted by Chris at 12:09 AM | Comments (3) | TrackBack (1)

24 March 2004

Blogosphere Developments

Proving that the group can be a unit of selection is The Panda's Thumb, a new blog by a team of biologists and others that is “dedicated to defending the integrity of science against all attempts to weaken it, distort it, or destroy it.“ The distortions of creationists (ID and otherwise) will, I suspect, get an especially thorough airing. Bravo.

Elsewhere, The Invisible Adjunct is retiring her wonderful blog to pursue other opportunities. Good luck, IA. We'll miss you.

Also, via Pharyngula, I came across Citizen Scientist, a blog by Christine Terry that highlights ideas for “bringing science into the classroom.” And into the home too, with cool projects like this. I'm looking forward to more.

Posted by Chris at 11:15 PM | Comments (0) | TrackBack (0)