John Timmer reports on studies from the journal Science which suggest that ineurotransmitter levels influence perceived fairness:

Exploring the neurochemistry of fairness

First, consider the notion of innate fairness. People who participated in a experimental transaction called the Ultimatum Game (a simple 2-party example of game theory) tended to reject offers they perceive as ‘unfair’ even though doing so results in them receiving less. This reinforces a recurring theme in current economic theory that participants often act fundamentally irrationally (e.g. Dan Ariely’s Predictably Irrational and other efforts in behavioral economics). One hypothesis drawn from the Ultimatum Game is an underlying evolutionary selection of a shared ‘golden rule,’ given the comparative advantage of group cohesion this might reinforce.

Second, the implications of the neurochemistry itself are more sobering. Even basic negotiation is often based on latent manipulation through psychological leverage; more advanced techniques sometimes exploit physiological factors such as room temperature or sleep deprivation to affect pliability. The casino industry has invested heavily in psychological profiling both in developing comp systems and interior design to lower inhibitions and increase the desire to stay on the gaming floor (high ceilings, rounded walls, indirect lighting, running water)—some examples are given in a short featurette on the DVD for Ocean’s Thirteen. Pushed a little further, you can see some of the same techniques deployed in the fields of law enforcement and the military as interrogation aids, as well as within specialized training such as SERE. In each case, the environment and physical comfort of the targeted participant are manipulated to lower their resistance, gain their trust, or ultimately obtain some concession.

Moving from science to science fiction, you can find ready parallels to controlling serotonin and oxytocin with the Pax used to curb aggression on the Outer Rim planet Miranda in Joss Whedon’s Serenity; the drug Prozium in Equilibrium and Soma in Brave New World; and more obscurely, the hormones produced by alien Powers that activate the ‘god module’ (aka neurotheology) in humans from Walter Jon Williams’ Voice of the Whirlwind. In each, the population is effectively controlled through their own neurochemistry by instilling languor, reducing aggression, suppressing emotion, etc.

Apropos for the previous post (on Darwinian adaptation among malware), the article itself attracted one of those keyword-matching comments from an apparent spamblog (somewhat different from straightforward splogs). I had not previously heard of these before operating this blog in other than stealth mode, so here’s how I infer they function just by observation:

1. A new post is scanned, either via its feed or one of the aggregator services like Technorati, looking for certain keywords.
2. A corresponding post is created on the spamblog with a generic blurb like “[author] had an interesting post about [keyword]” and a short 1- or 2-line excerpt centering on the keyword match.
3. A comment is submitted to the originating blog, linking back to the spamblog.
4. The spamblog post is then able to attract traffic either through clickthroughs from the comments thread, or from increased PageRank from Google since their blog gradually increases its network of keyword-linked sites.

The ultimate purpose is still simply to gain visitors which in turn trigger ad revenue through a combination of Google text ads, banner ads, and other pay-to-host content. The spamblog itself is often a default template, e.g. the Kubrick WordPress theme, consisting only of these short linked posts. For blogs that either don’t moderate comments or who don’t scrutinize excerpting sites individually, growth is mostly automatic. The adaptation is that they propagate links without the prior telltale markers of comment spam like overt sales messages included in the actual comment text.

So far I’ve seen these keyword comments triggered by an unusual set of terms: ‘elevator operator,’ ‘turquoise jewelry,’ a ’sequel to 5 People You Meet in Heaven,’ ‘Apple,’ ‘zebrafish,’ and ‘plumbing license.’ As an exercise for the reader, I leave it to you to guess which original posts generated each of those matches (hint: keywords don’t have to be sequential). I’m also curious whether having listed those now all together, I will get a repeat entry of all prior spam comment attempts.

This brings to mind what I am sure has already been codified into the equivalent of Sturgeon’s Law, which would go something like: “Any sufficiently popular mainstream communications system will generate spam” or perhaps the more prescriptive, “A communication system can be considered mainstream once it attracts spam.” Spam is generally considered to have originated with electronic systems like e-mail and Usenet forums, but extending the definition backwards, one could potentially designate parallels like telemarketing and robocalls for telephones and junk mail for postal service as examples. Did telegraph operators ever suffer from unsolicited commercial Morse Code transmissions? Certainly spam has gained tremendous genetic diversity in jumping to every emerging communication form—chat spam (first IRC then IM), forum spam (first newsgroups then web), mobile phone spam via SMS, online games, search engines (aka spamdexing), blog spam, and even video-sharing sites like YouTube. Twitter? Check.

Part of the original blame can be placed on the idealism of academic groups like the IETF who established standards for communication protocols like SMTP and NNTP without incorporating more robust authentication and authorization to deter spoofing and other common tactics. Except, of course, that those standards were created long before the very notion of a commercial Internet had been considered, and the online community was small enough to police itself by etiquette alone. Certainly we could assert that newer protocols should learn the lessons of the past and instill greater protection against potential abuses, right? Except, instead, the rapid evolution of spam in response to antispam efforts has created ’superbugs’ and an extensive evolutionary toolbox of techniques that can thwart most any systemic precaution. Just like our immune system and pharmacology have developed to deal with ever more sophisticated organic threats, inspiring ever stronger virii and bacteria, so the race continues between platform developers and those who would distribute spam over them. It is effectively now almost impossible to create a communications system that is actually usable, capable of reaching mainstream acceptance, and totally immune to spam-like behavior. Instead, like the common cold, we now aim instead to reach a détente where we can take steps to prevent infection and minimize symptoms, but no longer envision a ‘cure for spam.’

A fascinating microcosm of technical Darwinism is the ceaseless escalation of sophistication between malware authors and anti-virus vendors. Formerly solo practitioners acting out of bravado or malcontent, malware developers are increasingly dedicated professionals bankrolled by organized crime syndicates or even governments in areas like Eastern Europe and Asia. With the huge financial incentive in identity fraud, online theft, and electronic blackmail, black hat hackers aim to exploit the twin vectors of technical vulnerability and human laziness. Anti-virus firms meanwhile have developed a huge market base by playing a largely defensive game against new attack types, constantly scouring the underground community for new examples of attack vectors and building massive databases of ’signatures’ or ‘fingerprints’ of specific variants. Yet just like organic mutation, each new form of defense is the inspiration for a variety of alternatives that seek to bypass the Maginot lines of AV software.

Botnet agent plays lost sheep to avoid detection | The Register

The Register reports on one such development in the ongoing mutation of the strain ‘Kraken’ (AKA Bobax) bot. Earlier botnets were susceptible to interruption by attacking not the zombie clients but, in military parlance, going after their C&C (command and control) elements that issue the bot its orders—attack a certain host via distributed denial-of-service (DDOS), for example. These were often IRC servers that allowed pseudonymous communication via protected messages. Yet IRC is, with the advent of IM and Web-based chat, now itself something of an anomaly that an AV program could view as suspicious.

The Kraken adaptation adopts dynamic DNS through generated domain names, passing encrypted commands through HTTP further obfuscated with bogus headers to fool SPI-capable firewalls. In this fashion, the bot homes in on the current location of its control server without having any hardcoded lists that can be used to target them for shutdown. The Australian firm PC Tools that analyzed the new code compared the process to the way a lost sheep tries to locate its shepherd (hence the article’s title). Similarly, new variations of P2P software have attempted to replace the fragile centralized tracker with distributed databases and multi-hop obfuscation through efforts like TOR and I2P.

Kraken also employs a random word generator to vary its infection host filenames, which spread through IM networks like MSN Messenger. This is a tactic previously adopted by spammers, who in turn were responding to naive Bayesian filtering built into antispam engines like SpamAssassin.

A parallel story at The Register notes a new kind of SQL injection attacks that targets DATE and NUMBER fields. Previously SQL injections exploited unchecked parameters or syntactic tricks to pass SQL code, often limited to text-based fields like VARCHAR. The recent nihaorr* mass attack on older ASP-based sites, for example, used a combination of techniques: the injection was appended as a POST in place of a standard GET query, overloading the request with a 4000-character hex string set within a CAST function. Decoding the hex to text revealed a procedural cursor that trawled the sysobjects DB for any char-based columns, to which it then proceeded to append rogue JS code via UPDATEs. Since most remedies for SQL injection have centered around validating text-based input, this variation bypasses such defenses by manipulating date and number data routines in Oracle’s PL/SQL.

Not content to be left on the defensive, particularly with suspicions that certain governments could be building up their own stockpiles of zombie PCs to act as a botnet in the effect of a (sigh) cyberwar, the US Air Force Cyber Command (AFCYBER) has recently published their consideration of mustering a military botnet. Ars Technica reviews the salient points of Col. Charles Williamson’s proposal, including the need for offensive capability (essentially to attack the attacker) in light of the indefensibility of our present infrastructure, and the potential political fallout were we to, say, pingflood France due to a DDOS mounted from a botnet there controlled by a rogue group elsewhere. The implications for this are somewhat provocative—even if AFCYBER were to build a managed botnet out of decommissioned military PCs, would some other branch like the NSA or CIA also receive a secret mandate to develop ‘offsite assets’ by infecting civilian PCs in other countries? Will some portion of future conflicts consist of shadowy agents provocateur wielding heavily anonymized zombie PC armies trying to provoke retaliation against the enemy’s allies by launching DDOS attacks from within their civilian networks?