[ISN] Interview: Elonka Dunin
InfoSec News
isn at c4i.org
Wed Mar 15 03:21:55 EST 2006
http://www.whitedust.net/article/51/Interview:_Elonka_Dunin/
By Mark Hinge & Peter Prickett
14 Mar 2006
WD> So, tell us, how did you first get into the world of computing?
Oh, I got involved with computers at a very young age, in the 1960s.
My father was an early computer programmer, teaching mathematics and
engineering at UCLA, and then later worked on a NASA project, on the
team that launched the very first geosynchronous communications
satellite, Syncom. Sometimes when he worked weekends, he'd take me in
to his office with him, and as a kid I'd literally play with the big
mainframe computers, like an IBM 360. It started off with him
programming it to play simple number games with me, and then as I got
older, I started doing some programming myself. My first language was
Fortran. In my junior high school, one of my math teachers also gave
an extra credit programming class, but it was kind of difficult since
we didn't have any computers! What the school did was to give us paper
punchcards, and we'd use #2 pencils to fill in the dots where the
holes were supposed to be punched, then the cards would be shipped
downtown to where the holes would be punched and the cards were
processed, and our programs would be run. The output would be printed
out, and they'd ship that back to us at the school so we could debug.
It took days for a single roundtrip, so talk about lagged compile
time!
In high school (early 1970s), things were a tiny bit better, since the
school had a teletype with real-time (ooh!) communication, even though
it was all on hardcopy, and the thing was incredibly loud. If you've
ever seen the movie 'Andromeda Strain' and remember the teletype
machine in that one, that's what our system looked like. Then as I got
older, I ran into the other early systems: A co-worker of mine in the
USAF got a TRS-80, and then I had my own Osborne 1, and then I got a
Mac Classic, and steadily upgraded to faster systems as computers
became more and more powerful. I played pretty much every computer
game that I could get my hands on, and in the 1980s I started getting
involved with BBSes, logging on to systems in Colorado and California
where I was working. In 1989, I started getting involved with online
multiplayer games, like on the GEnie service, and a new career
followed shortly thereafter.
WD> Simutronics was founded in 1987. Where does the name come from?
The company was founded by David Whatley, a teenager working out of
his bedroom in his parents' home (he continues to be President and CEO
today), and Tom & Susan Zelinski, a husband & wife team. David had
earlier written some BBS software under a different company name, and
when it came time to form a company with the Zelinskis, he just chose
the name 'Simutronics' because he liked it.
WD> How has the company evolved since 1987?
I started getting involved with the company as a customer in 1989, and
then moved to St. Louis in 1990 which is when I started working for
Simutronics. We moved the base of operations out of the David's
bedroom into an apartment loft in another part of town, and managed
the games from there. We had the top products on the GEnie online
service, like our text games GemStone III and DragonRealms. Then in
1993 our 3D graphical game CyberStrike won the very first 'Online Game
of the Year' award from 'Computer Gaming World' magazine (they created
the category so they could give us the award, the game was so ahead of
its time), and the award started getting us more attention and more
contracts. We moved into our own office, and opened up portals to our
games from Prodigy, America Online, and CompuServe. In 1997, we
launched our own website, play.net. Games that we've created over the
years have included Orb Wars, GemStone II-IV, DragonRealms, Modus
Operandi, and Alliance of Heroes (originally Hercules & Xena: Alliance
of Heroes). Our next big game is going to be Hero's Journey, a
graphical MMORPG. We showed a preliminary version at E-3 in 2005 and
got a lot of attention -- for example, mmorpg.com listed us as 'Best
of Show'. Our office right now is a 10,000 sq. foot location in St.
Charles (a suburb of St. Louis), and we have another office in
Maryland.
WD> Like many of the people we have interviewed you worked in the
military before computing. Why do you think that is?
I can't speak for other people, but for me, being in the military
definitely changed my work habits and made me much more disciplined in
terms of complex projects. It also gave me a lot more confidence in my
own abilities. Those factors may be an edge which helps entrepreneurs
to marshal the focus and drive that's necessary to become personally
successful, whereas some other people may have ideas that are just as
good, but not be able to pull together the discipline, confidence, and
persistence to make their ideas happen.
WD> How long did you work for the US Air Force? Why did you leave?
I first enlisted for 4 years in 1977, but without making a clear
choice on which career I wanted. So they kind of put me where they
needed me, and I ended up doing avionics repair, troubleshooting
aircraft instrumentation on cargo and reconnaissance aircraft. I did
okay at it, but I wasn't really stellar -- what I really wanted to do
was something with computers. But every time I applied to cross-train,
I was told that my job, 'Instrumentation,' was a 'shortage' career
field, meaning that they didn't have enough people to fill it, and so
I wasn't allowed to cross-train out unless it was into something that
had even more of a shortage, like air traffic controller. I extended
my enlistment for two years to try and push the paperwork through, but
kept getting rejected, so when my final enlistment was up, I 'got
out'. Oh well, their loss!
WD> In what capacity where you involved with the SR-71 and U-2
reconaissance aircraft?
Instrumentation repair. Testing, troubleshooting, and replacing the
sensors that detected the altitude, engine pressure, fuel status, and
other thises and thatses that the pilot needs to know about.
Basically, picture all the dials that a pilot looks at when he (or
she) is sitting in the cockpit. I maintained those instruments, the
transmitters that sent signals to them, and the wiring in between.
WD> What drew you into cryptography?
I'd been interested in puzzles for as long as I could remember. My
mother used to talk about when I was a toddler, she'd just put me down
on the doorstep with a puzzle, and I'd be happy for hours. Then when I
was a little older, a neighborhood boy was studying codes for some
project (I think a Boy Scout merit badge or something), and I was
constantly over at his house asking questions. He finally just gave me
all of his books and notes on the subject. Most of my early
involvement with cryptography was just as a hobbyist though. I didn't
start getting involved with the public scene until I ran into the
PhreakNIC v3.0 Code, while I was giving a talk on gaming at Dragon*Con
in 2000.
WD> You were the first person to crack the infamous PhreakNIC Code.
Could you explain what said code is, and how you cracked it (without
giving away the ending)? What was the prize you won for beating the
code?
It was a challenge created by JonnyX, the organizer of the PhreakNIC
hacker convention in Nashville in 1999. He'd also done an easier code
for PhreakNIC v2.0 in 1998, but he made something a lot harder for the
next version. It was intended to be solved by the attendees at the
conference, but no one could figure it out! He kept handing out flyers
about it though, and used it to promote the upcoming 2001 convention.
He said that the first person to figure it out, would get an all
expenses paid trip to the con. I picked the code up with a bunch of
other flyers at Dragon*Con 2000. Then, one weekend a bit after the
convention, I was stuck at home, sick with the flu or something, and
bummed out that I couldn't go to Def Con because I had a scheduling
conflict (I'm friends with the lead singer of Blue Oyster Cult, who
was playing in St. Louis that same weekend). So I channeled my
energies into the Code, playing around with it to see what I could
learn, and reading everything in the year's worth of discussion
archives about it. I got pretty obsessed with it, and completely
anti-social for awhile. Any of my friends who tried to talk to me, all
I wanted to talk about was that Code. And, well, it paid off, because
I cracked it! I had to completely come up to speed from scratch on
several cryptographic techniques, but I learned them all and got to
the center, and made the cryptic announcement that it requested (I had
to post a certain kind of haiku message to a hacker mailing list), and
I won the prize. Then I wrote a tutorial to the mailing list about how
I'd cracked it, and included a bunch of cyberpunk humor and in-jokes.
That tutorial is now on my website, if anyone wants to read it. It's a
fun read, and teaches a lot about cryptography, from simple binary all
the way up to some state-of-the-art stuff.
WD> What other public recognition have you received for cryptography?
Aside from the PhreakNIC Code, the next biggest event was probably the
cracking of the Cyrillic Projector cipher. It was a 10-year-old
challenge that was on a sculpture in the middle of the University of
North Carolina at Charlotte, and it turned out to be extracts from
classified KGB documents! I definitely didn't do that one alone -- it
was a team effort that involved several different people, some of whom
knew each other, and others who didn't. I've also gotten some
recognition for a new method I came up with for solving Part 3 of
Kryptos, as well as just the websites that I have, on both Kryptos and
other of the world's most famous unsolved codes. It's a topic that
people are fascinated with, and the webcounter just keeps climbing.
This month it rolled over to more than 1.5 million page views, with
several hundred thousand unique visitors. I've been invited to speak
at several major universities on the subject of cryptography, and in
mid-2005, a British book publisher, Constable & Robinson, contacted me
and asked if I would write a book about codes.
WD> What is your involvement with the CIA's Kryptos sculpture? How is
it that you were able to see it in person?
I first heard about Kryptos while I was working on the PhreakNIC v3.0
Code, since JonnyX had built some dead-ends into it, and one of them
led to Kryptos. But I didn't really give Kryptos much thought at the
time other than reading a few articles about it. Then in 2001 I was
visiting my cousin in Washington DC (he'd had a really close call on
September 11th), and after we visited the memorial at the Pentagon, he
asked me if there was anything else that I wanted to see in town. I
decided on Kryptos, but we couldn't figure out a way in to CIA (we
were turned away by large men with guns, who kept saying, 'Official
Business Only'). But then a few months later I was giving talks on
steganography, and one of those talks got me an invitation to speak at
CIA, so I was able to examine the sculpture up close. I also made some
rubbings, and when I got back to St. Louis, I made a single webpage to
post scans of the rubbings online -- little did I know that that
webpage was going to change my life!
WD> The Kryptos Group is working on the sculpture in the CIA
headquarters courtyard in Langley, Virgina, attempting to decode the
remaining characters. However, according to Time Magazine in May 1991,
former CIA Director William Webster knows what the phrase is. Is the
goal to actually crack the code or to develop further code breaking
methodologies?
The goal is to decrypt those last 97 or 98 characters at the bottom of
the sculpture. We know what the top three sections say, but not that
last fourth part yet. As for Webster, he was given a sealed enveloped
by sculptor Sanborn at the sculpture's dedication in 1990, which
supposedly contained the answers. But in a Wired interview in January
2005, Sanborn said that he didn't give Webster the full story.
WD> You have also been working in conjunction with the FBI on Al Qaeda
codes, and they requested you give a talk on steganography. What did
you advise within that talk and to whom?
The original request was that I put together a talk on steganography
for the local St. Louis task force. We knew that there were agents in
the main DC office who understood about steganography, but in the St.
Louis field offices, they had a different mission and weren't crypto
experts. So they were agreeing to let people from the private sector
come in and help them get up to speed. I put together a 70-slide
PowerPoint presentation that explained what steganography was, how it
was used, and what the current rumors were about whether or not Al
Qaeda had been using steganography to play the September 11th attack.
I don't believe that they were, and I went into the detailed reasons
why not. There was no proof anywhere that they were using
steganography -- instead, they tended to use very simplistic codes,
like if they were talking on a cellphone and needed to say 'FBI', they
might instead say 'Food & Beverage Industry'. Or if they were
referring to gas cutters, they were supposed to instead say 'gas
stations.' And there was an extensive scan of images done by a team
from the University of Michigan, looking through millions of internet
locations, and then clustering computers together and running password
dictionary attacks on anything that looked suspicious, but they never
found a single thing.
WD> Did the CIA pay you for this? You say that you will give your talk
for free if we see you 'passing by with laptop in hand'?
Yes, I made a bit of money from the CIA (even though I insisted I
didn't want to be paid!). My main goal was just to get onsite so that
I could see Kryptos. As for other locations, if they're nearby, I'll
give the talk for free, but if they want me to fly to a different
location, I normally ask for something nominal to cover expenses.
WD> What do you consider your greatest code-cracking achievement?
That's hard to answer. For emotional satisfaction, it has been helping
out with the war on terrorism, and educating government agents about
steganography and what types of codes that Al Qaeda might (or might
not) be using. It gave me a deep sense of contributing my skills to a
greater good, and helping to squash some of the rumors out there.
Other things I'm particularly proud of would be my Kryptos website --
all the research I've done, people I've tracked down to interview, and
the networking I've engaged in, in order to pull together so many
disparate bits of information into one place. In terms of sheer
personal code-cracking, the whole Cyrillic Projector project was a lot
of fun, plus of course there's the PhreakNIC v3.0 Code that started
the whole thing - I also enjoyed writing the tutorial for that one, as
well as cracking some of the other hacker-con codes, like the
Atlantacon ones. Plus it was quite an honor when a British publishing
house asked me to write a book!
WD> Which is more important to you, cryptography or Simutronics?
Simutronics, definitely. It's my day job, and what pays the bills.
I've poured my heart and soul into the company over the years, and I
am very dedicated to our customers. But cryptography is definitely a
hobby of mine that's taken on a life of its own!
WD> What other projects are you working on right now?
At Simutronics, we're working on a new 3D graphical MMORPG, Hero's
Journey, which we'll be demoing at E-3 in May. We also have a related
product called HeroEngine: It's a new way that we've come up with
which would allow other people to license our technology and utilities
and engine to have everything they need to create their own MMORPG,
and we'll be demoing that one at the Game Developers Conference in
March. Parallel with all of that, I've been spending some time on
various MediaWiki databases, such as Wikipedia, and a new wiki we set
up this year for the IGDA. I'm also still doing a lot of public
speaking, with my next crypto talk being at NOTACON in Cleveland in
April. And of course I have a book coming out soon! It's 'The Mammoth
Book of Codes and Cryptograms' (in the U.S.), and 'The Mammoth Book of
Secret Code Puzzles' in the UK. I've never written a book before, so
it's been an interesting learning experience, navigating the world of
publishers and bookstores and 'mainstream' marketing. The book has a
very impressive list of contributors, as puzzles were submitted from
cryptographers all over the world -- of most interest to your own
audience, there's even a section by Scott Kim which presents a pencil
and paper method of doing asymmetric key encryption.
WD> Finally, which of your games do you play the most?
Now *that* is a closely-guarded secret. When I'm playing a multiplayer
game, I just want to play, and not let anyone know who I am -- I try
to stay as incognito as possible!
All Right Reserved, Copyright 2005 Whitedust.net
More information about the ISN
mailing list