It’s not ‘phone’ hacking…

On his Mobile Phone Security blog, David Rogers has written a really informative article about the whole News of the World scandal, and the real nature of the hacking that went on.

Below is a synopsis, although I highly recommend that you read the full post:

Voicemail hacking and the ‘phone hacking’ scandal – how it worked, questions to be asked and improvements to be made

In brief, there are three main mechanisms for illicitly accessing voicemail: firstly social engineering the call centre to reset or change the PIN for you as precursor to one of the following 1) call the remote voicemail number and access it using the default (or acquired PIN), 2) ringing the actual phone, going into the voicemail menu by pressing the * key or 3) using an advanced mechanism to fool the phone into opening up the voicemail. There are some loopholes still existing and as technology evolves new ones will emerge.

This is not ‘phone hacking’. It is illicit or illegal access to voicemail.

The mobile operators are coming under some pressure from the Home Affairs Select Committee, led by Keith Vaz. Both the Police and network operators will have responsibilities in terms of their actions over the affair, although the operators took the Police lead on what to do. It is unlikely that the full list of victims will ever emerge as the data has likely been deleted after all this time.

Is Security the next Killer App?

Given our location at Bletchley Park this year and it’s major role in the history of Cryptology, we’ll be developing a bit of a theme around modern-day security and encryption. It’s doubly a hot topic thanks to the implosion of the News of the World in light of the telephone-hacking scandal, and Dasient discoving that 800 of 10,00 Android Apps leak personal data.

To get the conversation started and perhaps inspire some problem-solving for this year’s Hack-a-thon, I’d like to share a recent  post from Mark Vanderbeeken on Experientia’s Putting People First blog:

1password Online security for regular people like you and me is a disaster. It’s a killer app waiting to be designed.When you have a smartphone with some apps and a computer, you easily have to manage 30 to 50 sites and apps that require passwords. And the experience of this is highly non-human-centered. It all protects the site/app owner but doesn’t help us, and – worst of all – doesn’t take into account how our memory and psychology work.6% of Italians suffer economic losses because of this, and some suffer a lot (from 1000 to 5000 euro). Italians, I think, are not in any way special in this. They are like most other people.

Security experts suggest to change passwords often, and to select complicated passwords (like “v37AEBRasdRqS”) that are not easy to guess (but also not easy to remember). Now imagine that you have to do this on multiple devices for over 50 sites and apps. It’s a nightmare and completely unsustainable.

Security experts should read a few books on cognitive psychology.

But they don’t. So in the end, we simply have to struggle with the many usernames and passwords, write them down, store them somewhere, and hope that all goes well. All doesn’t go well, of course. And risks multiply the more sites you frequent that require a password.

How can you protect yourself in a decent and easy-to-use way?

Well, the shocking thing in this multi-device world is that you can’t really. As a Mac only user, seeing the limitations of Mac Keychain, I tried the top of the line (1Password for Mac and 1Password for iPhone/iPad), only to discover that it only works with websites on computers and mobile devices. Forget apps – let alone password access to apps within apps (let’s say entering Instapaper passwords within Feeddler, so you can save an article for later reading).

And that’s just within the Apple ecosystem. Imagine if you have to deal with multiple brand devices.

Why is this such a disaster? Why is nobody confronting this? Please comment

4 Years of Hacking Competitions

photo credit Benjamin EllisOne of the key features of Over the Air is the in-event competition, which gives you a chance to show off the clever and fun ideas you’ve been coding and hacking away at over the course of the event. We’ve had some really great entries over the years, and hope to hear plenty of stories of how they were developed further after the event (in which case we’ll link to them for you).

There are some basic Terms & Conditions for entering the competition, which you can read here (and which you implicitly agree to when you submit an entry).

We’re making some small changes to how the competition works this year, in response to your feedback and our experience over the past years. If you have any suggetions do get in touch! We’ll be posting the details over the course of the summer.

Where are they now?

We’d love to feature our past hack-a-thon entries and where those ideas went… if you’ve got a video or a blog post about what you did, if you’ve launched the idea you worked on in ’09 or ’08 – please get in touch! We’d love to brag about you….

Also, if you have an footage of any of the past entries, please help us complete the links list below!

 

The 2010 Hack-a-thon Competition:

  1. Best in Show (judges selection) – an iPad from Alcatel-Lucent, and $1,000 worth of services from Mob4Hire The Ben Collins Appreciation Society for First Gear
  2. Audience Favourite (audience vote) – $1,000 worth of services from DeviceAnywhere – Light Blue for Lobster
  3. The Nokia Qt Challenge – a Nokia N8 – GeekYouUp for Hot UK Deals for Maemo
  4. The UnLtd Better Net Challenge – £2,500 – Intohand for Freecycle Mobile
  5. The Telefonica #Blue Challenge – a Playstation 3 – Jose Palazon for OTA #Blue Chess
  6. The PayPal X Challenge – an HTC Android Smartphone – The Bill Collins Appreciation Society for First Gear
  7. The Ericsson Labs Challenge – a Sony Ericsson Android X10 Mini Pro – Intohand for Freecycle Mobile
  8. The Orange Mobilise Challenge – an iPhone 4 – Alistair MacDonald for Hole Mapper
  9. Best User Experience – $500 of In-Network Ad Spend from InMobi – Melinda & Christiano for GeoHunt
  10. Best use of Open APIs and Open Data – a Motorola DEXT – Dale Lane for UK Traffic
  11. Best Android App – a Motorola Milestone – Paul Johnston for FindMyMates
  12. Best use of Mobile Web – a Sony Ericsson Android X10 Mini Pro – Me Myself & I for Light Blue
  13. Best Game – an Xbox from Microsoft – Feel the FP-ness for Dance Dance Evolution
  14. Best Use of other features (RFID, Camera Bluetooth, Light Sensors) – Monotype Imaging Poster – Adam Cohen-Rose for The Eyes Have It
  15. Best iPhone App – Monotype Imaging Poster – >2.5k for Vibe
  16. Best Visual Design – Monotype Imaging Poster – Feel the FP-ness for Dance Dance Evolution
  17. Best use of Widgets – Monotype Imaging Poster – Geek You Up for The Cleaner
  18. Best Hardware Hack- Monotype Imaging Poster – Adam Cohen-Rose for The Eyes Have It
  19. The Most Fun – Monotype Imaging Poster – Thom FP for Doodle Message
  20. The Most Useful – Monotype Imaging Poster – Sam Machin for BlueBabelTextFish
  21. The Most Cheeky – Monotype Imaging Poster – Light Blue for Lobster

The 2009 Hack-a-thon Competition:

  • OMTP – Best BONDI Widget = BONDI Password generator by Kai Hendry; Prize = a BONDI surf board
  • LiMo Foundation – Best user experience on BONDI widget = 0870 Widget by Simon Maddox; Prize = £100 book voucher
  • Lonely Planet – Best Lonely Planet Hack – Your choice from the Lonely Planet Library
  • BBC – Best Dr Who Hack = Mind the Dalekby Adam Cohen-Rose; Prize = Dr Who Magazine interview and other Dr Who goodies
  • Yahoo – Best use of Yahoo APIs = Something Around You by Alfredo Morresi, Stefano Zingarini, & Robert (Jamie) Munro; Prize = a Nespresso Machine
  • Most Fun Entry = Friend Hangman by Makoto Inoue; Prize = iPod Touch donated by Yiibu
  • Best User Experience = Bottle rock it by lastminute.com labs: Sam Dean, Russ Anderson, Richard Lewis Jones, & Mathias Dahlstrom; Prize = Nokia Ovi Launchpad Membership
  • Service Design = FollowMyContactCard by Owen Griffin; Prize = iPod Touch donated by Yiibu
  • Best Visual Design = Drinkr by Anže Cesar & Tomaž Štolfa; Prize = a Netbook donated by Vodafone
  • Best Use of WebApp / Widget technology = Widgbay by Andy Vizor; Prize = Nokia Ovi Beta & Support
  • Best Android App = Buzzword Bingo by Elliot Long; Prize = an HTC Hero donated by Orange
  • Best Location Aware App / Service = BatNav by Saqib Shaikh; Prize = Nokia Bluetooth Headset donated by Nokia
  • Best Use of Wireless, Bluetooth, or RFID = RFID Coffee Cup by Sam Machin; Prize = 100 hours of the Perfecto Mobile service
  • Best Hardware Hack = Mind the Dalek by Adam Cohen-Rose; Prize = 100 hours of the DeviceAnywhere service
  • Best of Show (Selected by the Judges Panel) = Project BlueBell by Future Platforms: James Hugman, Thom Hopper, Tom Hume; Prize = Nokia mobile phone donated by Nokia
  • Audience Favorite (Selected by all attendees) = RFID Coffee Cup by Sam Machin; Prize = A SonyEricsson Walkman phone donated by O2 Litmus

The 2008 Hack-a-thon Competition:

  • Overall Best Prototype – Mr. Tomm (Future Platforms)
  • Best Mobile Widget – Auto Widget Configurator (Owen)
  • Best Hardware hackPhone Fight (lastminute.com labs)
  • Best Use of Multimedia – 21st Century Fridge Door (Orange Pirate)
  • Best Use of Wireless, Bluetooth or RFID – Bluetooth FOAF (Owend)
  • Most elegant solution – Twitter Client for Windows (Dale Lane)
  • Most over engineered – Clever Social Tool (Alex squared)
  • Most practical / ready for market – SNOB
  • Best mobile web application – Browser SyncBest design / user experience prototype – Phone Fight (lastminute.com labs)
  • Best Location Aware Award – Capture the Flag (Location based games)
  • And the winners in our “unofficial categories” were:
    • Fun Award – Phone Fight (lastminute.com labs)
    • Most likely the succeed with the CIA – (Social Tracker)

 

A short history of Bletchley Park

Early History

Fifty miles (80km) north-west of London lies Bletchley Park. In 1883, it became home to the Leon family, whose patriach was a wealthy City of London financier. Herbert Samuel Leon bought over 300 acres of land beside the London and North-Western Railway line that passed through Bletchley, Buckinghamshire, developing sixty of those acres into his country estate. At the heart of the estate, he built a mansion in a curious mixture of architectural styles. One of Bletchley’s greatest benefactors, he was much loved by the local people. He was awarded a baronetcy in 1911.

Following the deaths of Sir Herbert and Lady Fanny Leon, the Park fell into the hands of property developer Captain Hubert Faulkner, who intended to demolish the buildings and sell the land as a housing site.

But the Government was about to intervene. It was 1938 and the threat of war loomed as Hitler invaded first Austria and then Czechoslovakia. The Government Code and Cypher School, then based in London, needed a safer home where its intelligence work could carry on unhindered by enemy air attacks. At a junction of major road, rail and teleprinter connections to all parts of the country, Bletchley Park was eminently suitable.

Commanded by Alastair Denniston, the Park was given the cover name Station X, being the tenth of a large number of sites acquired by MI6 for its wartime operations.

After meticulous preparation and a series of trial runs, the codebreakers arrived in earnest in August 1939. They masqueraded as ‘Captain Ridley’s Shooting Party’ to disguise their true identity. It was to be the first instalment in one of the most remarkable stories of the Second World War.

Bletchley Park in WWII

The Enigma cypher was the backbone of German military and intelligence communications. Invented in 1918, it was initially designed to secure banking communications, but achieved little success in that sphere. The German military, however, were quick to see its potential.

They thought it to be unbreakable, and not without good reason. Enigma’s complexity was bewildering. The odds against anyone who did not know the settings being able to break Enigma were a staggering 150 million million million to one.

The Poles had broken Enigma in 1932, when the encoding machine was undergoing trials with the German Army. They even managing to reconstruct a machine. At that time, the cypher altered only once every few months. With the advent of war, it changed at least once a day, effectively locking the Poles out. But in July 1939, they had passed on their knowledge to the British and the French. This enabled the codebreakers to make critical progress in working out the order in which the keys were attached to the electrical circuits, a task that had been impossible without an Enigma machine in front of them.

Armed with this knowledge, the codebreakers were then able to exploit a chink in Enigma’s armour. A fundamental design flaw meant that no letter could ever be encrypted as itself; an A in the original message, for example, could never appear as an A in the code. This gave the codebreakers a toehold. Errors in messages sent by tired, stressed or lazy German operators also gave clues. In January 1940 came the first break into Enigma.

It was in Huts 3,6,4 and 8 that the highly effective Enigma decrypt teams worked. The huts operated in pairs and, for security reasons, were known only by their numbers. The codebreakers concentrating on the Army and Air Force cyphers were based in Hut 6, supported by a team in the neighbouring Hut 3 who turned the decyphered messages into intelligence reports. Hut 8 decoded messages from the German Navy, with Hut 4 the associated naval intelligence hut. Their raw material came from the ‘Y’ Stations: a web of wireless intercept stations dotted around Britain and in a number of countries overseas. These stations listened in to the enemy’s radio messages and sent them to Bletchley Park to be decoded and analysed.

To speed up the codebreaking process, the brilliant mathematician Alan Turing developed an idea originally proposed by Polish cryptanalysts. The result was the Bombe: an electro-mechanical machine that greatly reduced the odds, and thereby the time required, to break the daily-changing Enigma keys.

Recent History

With the declaration of peace, the frenzy of codebreaking activity ceased.

On Churchill’s orders, every scrap of ‘incriminating’ evidence was destroyed. As the Second World War gave way to the Cold War, it was vital that Britain’s former ally, the USSR, should learn nothing of Bletchley Park’s wartime achievements.

The thousands who had worked there departed. Some continued to use their remarkable expertise to break other countries’ cyphers, working under a new name: the Government Communications Headquarters (GCHQ).

The site became home to a variety of training schools: for teachers, Post Office workers, air traffic control system engineers, and members of GCHQ. In 1987, after a fifty-year association with British Intelligence, Bletchley Park was finally decommissioned.

For decades, the codebreakers would remain silent about their achievements. It was not until the wartime information was declassified in the mid-1970s that the truth would begin to emerge. And the impact of those achievements on the outcome of the war and subsequent developments in communications still has not been recognised fully.

The Bletchley Park Trust

The Struggle to Save Bletchley Park for the Nation
Post-war Bletchley Park became home to a variety of organizations including the General Post Office (GPO), the Civil Aviation Authority and a Teacher Training College whose numerous collective employees knew nothing about the enormity of the wartime work that had gone on in the buildings they inhabited.

In 1974 FW Winterbotham, who had worked on Ultra at wartime Bletchley Park, published a book called ‘The Ultra Secret’; an extensive, although at times inaccurate, account of the work and accomplishments of the codebreaking hub. So the secret was out and the ban on talking about it was lifted although detail about ‘Britain’s Best Kept Secret’ emerged only gradually and sporadically over the years that followed.

In 1991, many of the organizations who had occupied post-war Bletchley Park had moved out and there were moves to demolish the whole site in favour of housing development and a supermarket.  In May of that year Bletchley Archaeological and Historical Society formed a small committee with the aim of tracing as many Bletchley Park Veterans as they could to invite them to a Farewell Party to mark the demise of the Bletchley Park site where they had helped shorten WW2 by two years.  On 21 October the Farewell Party was attended by over 400 veterans and the small committee of local enthusiasts was astonished and enchanted by the powerful stories these incredible people had to tell about their wartime codebeaking experiences.  At the end of the event the committee was unanimous in its conviction that this must not be a farewell.  That Bletchley Park must be saved in tribute to the work of these amazing people and as the place where their collective intellects changed the course of WW2 and the twentieth century; that the story must be kept alive for the education and enjoyment of future generations.  So the enormous battle that was to ensue for many years, to save Bletchley Park from demolition, was embarked upon.

On 10 February 1992, a young Milton Keynes Councillor, Sam Crooks had persuaded Milton Keynes Council to declare most of the remainder of the Park a conservation area by ensuring Tree Preservation Orders had been secured on the Park’s trees.  Three days later the Bletchley Park Trust was formed and embarked on complex and lengthy negotiations with the landowners PACE (Property Advisors to the Civil Estate), the government’s land agency, and British Telecom.

The small committee of local enthusiasts grew and recruited many more passionate supporters and volunteers until in 1994 the Bletchley Park Trust and its Chief Patron, HRH The Duke of Kent, opened the site to the public as a museum every other weekend.  Although the landowners had withdrawn all planning applications there was no protection from the hostile bids of property developers.  The future of the Park remained hanging in the balance for five years until 10 June 1999 when the Bletchley Park Trust, secured a pioneering deal with the landowners.  The Trust was awarded a 250 year leasehold of the core historic areas of the Park with an option to purchase it for a nominal sum 25 years later.  The battle was not over but this was a hugely significant step towards saving Bletchley Park for the nation.

By 2004, the Trust was opening the Park to the public every day as a museum.  In April 2006 Simon Greenish was appointed the new Director of the Bletchley Park Trust.  Against all odds through the sheer determination, passion and hard work of the Trust’s army of volunteers and supporters and its tiny team of staff, the Trust was surviving.  But only just.  In spite of all of its successes, Bletchley Park had reached a critical point.  Minimal maintenance had been undertaken on the site since the war and its buildings were in a desperate state of disrepair; with the codebreaking huts rotting and with the iconic mansion suffering major roof leaks endangering the very fabric of the building.

In the nick of time, in November 2008, English Heritage stepped in with investment of £330,000 to repair the mansion roof at the same time offering a further £100,000 per year for the following three years, subject to another body offering match funding, to deal with the huge backlog of maintenance and repairs.  Early in 2009, Milton Keynes Council went to the public vote as to whether they should provide this funding and responding residents voted overwhelmingly in favour.  A further landmark was reached in October 2009 when the Heritage Lottery Fund announced a first round pass for the Bletchley Park Trust application for museum development funding and awarded £460,000 to work up detailed plans.  These will be submitted early to mid 2011 in a bid to secure the £4.1 million needed to realize the plans and subject to the Trust raising the £1 million needed for match-funding the bid.  The Trust will then work on raising a further £4 million to complete the development.

Today the Trust has come a very long way from the early days of small committee meetings in the homes of the founding members.  Over the years, and against all odds, it has passionately fought and overcome the numerous and perilous threats to the very existence of Bletchley Park.  For the first time it can now balance its budgets but its finances still quiver on a knife-edge.  In addition to raising the £1 million needed to support its HLF bid it also needs short-term assistance of in the region of £250,000 per year to support its operational costs. The objective of the Trust now is to transform Bletchley Park into the world-class heritage and education centre it deserves to be, reflecting the profound significance of its impact on us all.  Its business plan shows that once the museum development has been completed, in the next three to five years, the Bletchley Park Trust will be self-supporting.

The journey of the Bletchley Park Trust continues.

The history of Bletchley Park is, to an extent, still shrouded in mystery. Whilst every effort has been made to ensure the accuracy of this information, Bletchley Park Trust is unable to accept liability for information contained on this site, or in any other publication. If you should uncover an error, please let us know so that we may set the record straight. Please see the Contact Us section of this site for details.

Over the Air 2011 – September 30th & October 1st

The 4th annual Over the Air was held on Friday the 30th of September and Saturday the 1st of October at Bletchley Park – for two days we were be based at Station X, hacking in the shadows of the WWII Enigma & Lorenz code-breakers, and hanging out at the home of Colossus the world’s first programmable computer….geek heaven!

Over the Air is a unique tech-agnostic event for and by the developer community,  featuring technical workshops where attendees can roll up their sleeves and tinker with new platforms, operating systems, APIs & SDKs; and tutorial sessions that feature real business cases, new insights and a healthy dollop of inspiration. Attendees are invited to stay overnight so that they can work on ideas, apps and hacks on the fly – to be entered into the various hack-athon competition categories and demo’ed on the second day. It’s a great vibe of bean bags, gadgets, knowledge sharing, hacking & lots of good geekery.

Stay on top of the latest plans by following us on Twitter: @overtheair

Friday night Ignite Bletchley Park talks:

In 2011 we introduced an exciting new element to the programme on Friday evening:

Ignite is a global event, organized by volunteers, where participants are given five minutes to speak about their ideas and personal or professional passions, accompanied by 20 slides. Each slide is displayed for 15 seconds, and slides are automatically advanced. The Ignite format is similar to Pecha Kucha, which features 20 slides displayed for 20 seconds each. The presentations are meant to “ignite” the audience on a subject, i.e. to generate awareness and to stimulate thought and action on the subjects- Wikipedia

The event-within-an-event was organised by Ignite Cardiff’s  very own Claire Scantlebury. The rule is – you can’t talk about yourself or your job (so no blatant self-promotion is allowed), but instead something you’re passionate about.

Venue – Bletchley Park

Bletchley Park

The Mansion, Bletchley Park, Milton Keynes, MK3 6EB

The venue at Bletchley Park is a stunning Victorian mansion with modern conferencing facilities. There are 7 main rooms within the mansion, a Marquis tent outside, and other buildings to spill out into if needed.

This year we asked all attendees to donate a small  £5  (or more if feeling generous!) towards the ongoing repair & upkeep of  Bletchley Park. This historic location has been sadly neglected over the years, and we can make a real difference to the salvage of a Hut or the repair of a roof….

Some stayed in hotels nearby on the Friday night , but many brought their tents to camp right on the grounds, or rolled out their sleeping bags in the Marquee tent.

At first glance, even second glance, Bletchley Park could easily be just another beautiful British building deserving of some loving care and attention. But for many years its walls guarded one of the best kept secrets of the 20th Century. During the Second World War it was the top secret home to the cryptanalysts, mathematicians and military personnel later credited with shortening the war by at least two years and saving millions of lives by breaking the secret ciphers used in Nazi communications. Read more on Gizmag

Check out the video that our very own Matthew Cashmore made in 2010 (when the event was at Imperial College London) explaining what Over the Air is all about:

Over the Air 2011 Session Proposals will soon close


Every year we invite mobile technologists & enthusiasts to propose workshop topics and help create the kind of hands-on technical sessions, treat inspirational talks, prescription and knowledge-sharing round-tables that they themselves are most interested in attending. Sponsors are offered the opportunity to run workshops as well, seek but this is by the community for the community – no price tag attached!
We opened up the workshop proposals form on July 5th for OTA11, and thanks to the fantastic response, we already have a fantastic draft schedule put together.  Workshops include sessions about the mobile Web, Apps of various stripes, hardware hacking, mobile development in emerging markets, design & user experience, open data & APIs, games, mobile film, and (of course, given our setting at Bletchley Park) security and cryptography.