But these "shocking" revelations are just kids' stuff. Does the NSA record every phone call and log every email? Do they track your location via your cell phone, and record every Facebook post and tweet? Big deal. If that's the best they can do, they're a bunch of amateurs.
They can do better ... much better.
Most of our lives are too boring to warrant NSA scrutiny. The NSA doesn't care about the argument you had with your wife over your ex-wife's alimony, or the naughty pictures your teenage kids sext to their boyfriends and girlfriends. Dull stuff.
What the NSA wants is connections. They want the proverbial graph, the six degrees of Kevin Bacon ... for everyone in the world. They want to build an accurate, comprehensive social network of the world so that they can reject you as dull and uninteresting. They want to toss out 99.999% of us as boring, normal people. Because the 0.0001% left are the ones who matter. When they're identified, the real hacking begins.
And that, friends, is where my advice to the NSA begins. It's just advice – pure fiction. Or is it? You decide.
What was the best way to take out a medieval castle? You could pound away at it with slings and battering rams for a year ... or get someone on the inside to open a gate. How about robbing a bank? You can blast your way in with dynamite, or shoot your way in with guns ... or you can get an insider to let you in after hours and quietly unlock the vault.
Computers are the same: you can try "pounding on the walls" with attacks by computer viruses, trojan horses and malware, but it's much simpler and more effective to silently attack it from the inside.
There was a time when any serious hacker and even novice "script kiddies" could break into just about any PC on the planet. Many serious computer scientists considered Microsoft's security a badly implemented afterthought, a patch on top of an operating system that was a relic from the pre-internet era of single-user systems. MS Windows was designed when security didn't matter, and it turned out to be quite difficult to patch the security holes that were inherent in its architecture.
And there are still a bunch of those vulnerable computers out there. We read about massive "botnets" of a hundred thousand compromised computers carrying out DDOS attacks. You get weird emails from your mother claiming to be stuck in the Miami airport and please send a thousand dollars, but she's in the kitchen baking cookies; a Nigerian crime ring has hacked her PC and taken over her email account. These and a hundred other similar stories remind us daily that too many of us fail to keep our PCs updated and leave them virtually naked and defenseless.
But the NSA doesn't care about your mom. They want to get into terrorist networks and foreign governments. They want the computers that spin the centrifuges in the uranium-enrichment plants in Iran. They want the computers in Russia's governmental offices. They want to spy on the Chinese, Japanese, Israelis, Syrians, and even the Brazilians. They want information. And in some cases, like Iran's uranium enrichment centrifuges, the NSA and CIA want to actually control or disrupt the system.
That's not so easy as hacking your mother's computer. Modern operating systems have become hardened against attacks. They are actually quite secure when maintained properly.
High-value targets such as military organizations' computers and corporate data centers are usually maintained properly. Very properly. They are updated with the latest security patches and protected by sophisticated firewalls. Their networks are partitioned so that a single breach is contained to a small number of computers. They're kept up-to-date with antivirus software to spot and stop attacks that get through the firewall. And in case anything gets past all those defenses, they run network scanners to detect suspicious network traffic.
In other words, these high-value computers are like a castle or a bank: they're very hard to crack from the outside. But not from the inside.
The spying scandals revealed by Edward Snowden jogged the memories of several high-tech bloggers who wrote about a couple suspicious computer-security incidents. At the time, these incidents seemed innocent, but Snowden's revelations shed a whole new light on things.
(By the way, there are links to these blogs and many other topics at the end of this article.)
The first incident occurred in 2003 when a hacker tried to surreptitiously modify the Linux operating system to weaken its security. It would have created a "back door" that gave anyone who knew of the flaw the ability to become the "super user." If the attack hadn't been discovered, the hacker would have been able to take over many Linux-powered computers all over the world.
Most home computer users have never heard of Linux, but they've used it. Linux powers over sixty percent of web sites worldwide and probably handles your e-mail. These are the "big iron" computers of the world. Additionally, Linux runs most movie studios, stock trades, banks, and is inside of hundreds of thousands of "One Laptop per Child" computers used by youngsters in developing countries around the world. Linux is probably at the core of most government, military and corporate data centers around the world.
Sneaking a "back door" into Linux would be a really big deal.
But that wasn't the only incident. In 2006, a flaw was discovered in one of the widely-used encryption systems that keeps our internet activities, such as banking, credit-card purchases and bill paying, hidden from prying eyes. An encryption researcher discovered that its "lock" was sort of stuck. It was comparable to a safe company manufacturing safes with three-number combinations, but the first two numbers were always "0". Instead of 1,000,000 possible combinations, a safe cracker would only have to try fifty numbers on average before the safe would open.
With this flaw in place, a hacker or the government could easily break your encryption in seconds or minutes rather than years. This is what we mean by "cracking a computer from the inside." Instead of "beating on the walls" with brute-force attacks, you sneak inside the teams that write the software and compromise it before it ever leaves the factory.
Were these incidents deliberate? The first one unquestionably was, but it was caught before it got out. The second one? It may have been just a programming error ... but it may have been deliberate. We'll never know. Either way, the flaw wasn't discovered for months, and during that time anyone who knew of it could have eavesdropped on millions of private communications.
Also by Craig A. James...
"Ingenious ... Craig James has cracked open the mystery of religion's tenacity ... puts the pieces together into a fascinating, coherent model that makes sense!"
We only know of these because they were discovered and corrected. Were there other incidents? Are there deliberate flaws in Linux? Your PC's software? Your phone or tablet?
And if so, who put them there?
"Jeremy" hated seventh-grade math. It was boring ... drudge work. Mrs. Costello droned on and on, repeating the same crap. Geeze, all you had to do was glance at the math book and get it. The rest of the kids were just dummies. Screw 'em. Hacking computers, now that was fun. Jeremy was an expert. He knew all the web sites where hackers hung out, and learned all the tricks. It was magical, a whole new universe to explore. D and F grades? Big deal. Jeremy had better things to do.
So Jeremy wasn't surprised when Mrs. Costello sent him to Principal Levine's office, where he found two glum, perplexed-looking parents. "Jeremy," said Mr. Levine, "sit down. We have a problem."
"Uh oh. Busted," thought Jeremy. But he was actually relieved when Mr. Levine continued.
"You failed math. I should hold you back. With any other student, that's exactly what I'd do." Mr. Levine sighed. "But ..."
"Jeremy," his Dad interrupted, "you got the highest score in the whole school on the math-placement test. Mr. Levine is telling us that you're a math whiz, a genius. What is wrong with you? You're going to have to repeat seventh grade!"
"Not so fast," said Mr. Levine. "I have a better idea. Jeremy, I could hold you back, but you'd probably fail again. I think you're just bored. So here's the deal. You're going into the advanced eighth-grade math class. Those kids are way ahead of you. You're going to have to work your tail off just to catch up. I'm throwing you in the deep end, and it's sink or swim. They're doing high-school level algebra already, and a couple of your buddies are even doing some geometry. So ... what do you say?"
Jeremy looked up from his shoes "I dunno. I guess so."
Nine years later, Jeremy was finishing his Bachelor's degree in Computer Science at the age of nineteen and had offers from the graduate departments at a half-dozen Ivy League universities ... and a very intriguing interview offer from the NSA. "Your nation needs you," it said.
He took the NSA job. But to Jeremy's surprise, he didn't end up working in some huge, super-secret government building with triple gates, armed guards and a basement full of supercomputers. Instead, they asked him to apply for jobs in the Northwest and Silicon Valley, just like any other hot young computer scientist. He had amazing academic and professional references (some real, some manufactured by the NSA) and a 4.0 GPA, so it was no surprise to Jeremy or to the NSA when he got a key position for a major software company.
And that's when our fictional hero Jeremy's real NSA work began.
If you can inject malicious code into the operating system itself, all bets are off. Anti-virus software, firewalls, system updates – none of it matters, because these are all designed to protect the operating system from outside attacks. There's nothing any software can do to foil an inside attack. Inside attacks are the cancer of computer systems: the computer's "immune system" (the anti-virus software) won't attack the rogue code because it is part of the operating system, the very thing the anti-virus software is designed to shield. Just as cancer fools your body because it is your body, malicious code that was deliberately added to the operating system at the "factory" is part of the operating system.
The operating system (OS), whether it is Microsoft Windows, Apple OSX, Linux, Android, iOS, or Windows Phone, is the maestro of your computer, tablet or smart phone. It sits at the center of things, doing your bidding. It controls your disks and opens files for you. It controls your network and makes all of your web, Skype, email, gaming and file-sharing connections. On smart phones, it makes the phone calls. The OS controls your display, keyboard, USB ports, bluetooth ... everything. It launches applications for you, and cleans up after them when you're done. It manages your computer's memory, ensuring that each application is isolated and can't see what the other applications are doing.
If you can add malicious code to the core of a major operating system, you own every computer it's on. Your enemies are in your hands. Your friends are in your hands.
A PC with your code in the OS is like an open book. You can access every file, read every email, and listen to every VOIP call. You can eavesdrop on the network, too ... and not just that one PC, but often all network traffic on a network segment.
Even encryption is useless against code in the OS core because the OS owns your keyboard. The moment the user of a hacked OS types the encryption key, you own the encrypted data.
So how would our hero Jeremy get such malicious code into the OS?
Getting malicious code into an operating system isn't easy if you're a lone secret agent inside of a software company. At major companies like Microsoft and Apple, as well as open-source projects like Linux, all changes to the operating system's code are carefully scrutinized by multiple eyes and thoroughly tested. Getting malicious code past this Q/A process would be quite difficult. But not impossible, especially to a genius like our hypothetical friend Jeremy.
The first trick that Jeremy might employ is a technique called "underhanded coding" – writing programs that look like they're doing one thing when they're actually doing another. There are even contests to see who can write the most underhanded program, a program that even when carefully inspected appears to do one thing but in fact does another. The cleverness of the hackers who participate in these contests is both astonishing and frightening.
In fact, normal computer programmers spend enormous amounts of time devising habits that help avoid these same techniques, because the results are normally called "bugs."
Computer programmers hate bugs, but they're part of life. Some are simple – a mistyped variable name, an off-by-one index to an array, an uninitialized pointer. These are nuisances but are usually easy to fix. The really hard bugs are the unexpected or unforeseen interactions between widely distant parts of a program. Memory is allocated here, used there, expanded somewhere else, and released back to the OS somewhere else, and somewhere along the way someone does it wrong. These bugs can evade tests and lurk for days, months or years until just the right conditions come along, then bang! Your computer's memory is corrupt and it crashes – if you're lucky. Or worse, a Ukrainian or Nigerian hacker knows about the bug, deliberately triggers it, and uses the memory-corruption event to inject a virus into your computer and take control.
Responsible programmers hate these types of bugs, but underhanded programers love them. The very nature of these bugs makes them very hard to find and fix, and it also means they're very hard to detect. A good underhanded trick is nearly impossible to discover with normal Q/A procedures. You can test and test and test and still miss it. And if such a bug is deliberately crafted by a genius like Jeremy, he can ensure that the underhanded behavior is only triggered under very specific circumstances. That is, Jeremy can ensure that the Q/A department will never catch it. His "bug" will sit there, waiting for a trigger that only the NSA knows.
Underhanded programming is hard, but Jeremy is smart. Really smart. With proper study and training, a task like this would be challenging but doable (not to mention fun). But remember, our fictional Jeremy isn't working alone. He actually has a small army of NSA computer scientists backing him up. Jeremy can send his problems to colleagues working in the bowels of that super-secret NSA building, and they will help craft all sorts of underhanded "back doors" to inject into the operating system.
No quality-assurance program in the world could detect and eliminate every "bug" that an insider like Jeremy could inject into the operating system.
But if the NSA can get one "mole" into a software company, why not two? Why not more? What if the NSA managed to get a half dozen of its agents employed at a major software company? What if they had several agents in R&D, a couple in the Q/A Department, and most importantly, one mid-level manager who could assign staff to certain projects?
It would be perfect. The manager could assign the R&D agents to work together on a key part of the operating system, and then (even though the R&D work was underhanded and subtle) ensure that it was reviewed and inspected by the NSA's agents in the Q/A department.
The world would be an open book.
Getting agents into a major software company isn't the only way to attack the operating system. The "smaller fish" software companies are much more vulnerable.
Every I/O device on your system, whether it's the USB port, DVD player, display, keyboard or disk drive, needs a device driver. A "driver" is a (relatively) small chunk of code that knows how to handle the bits and bytes and control the physical hardware of the device. For a disk, the driver knows about tracks, sectors, platters, disk heads and the SATA protocol; when you click "Save" the driver knows how to actually get the data onto the disk. Your display's device driver knows how to talk to your GPU card (the Graphics Processing Unit, a highly specialized CPU that makes modern 3D graphics possible) to make pictures, text and videos. The USB driver knows how to power up the USB and "mount" it so that it looks like a disk drive. And so forth ... there are thousands of device drivers out there, and every computer, phone and tablet has a dozen or two actually installed.
Here's the beauty of device drivers: when you install one, it becomes part of the operating system. And along with that comes super-powers over your computer. Device drivers typically have permission to do anything. Some were installed at the factory; another is added each time you buy a new printer, scanner or external device and have to insert an installer CD or USB stick.
From a hacker's point of view, or in this case the NSA's, device drivers are a like a kid's bag of candy just waiting to be looted.
Best of all, device drivers are often written at small companies or by consultants. The manufacturer's heart and soul are hardware, not software. Sure, they have Q/A teams and do lots of testing. But unlike a major software company like Microsoft or Apple, a hardware company might have just a handful of programmers and comparatively simple Q/A procedures.
It would take just one NSA agent on the programming staff of a popular hardware company, or hired as a consultant, to infect a huge fraction of the computers in the world.
The operating system and its device drivers are the holy grail for hackers, but they aren't the only target worth attacking. Application programs are pretty tempting too.
An application or "app" is the popular term for the programs you use every day to get stuff done, such as your browser, word processor, spreadsheet, photo and video editing programs, games, address books and so forth. The operating system is the overlord of your computer, but the apps are the workers that actually get stuff done.
If our friend Jeremy managed to infect an application with his malicious code, it wouldn't have the super powers of an operating-system or device-driver hack. But it would still be a very valuable asset to the NSA. Malicious code in your browser can track all of your web activity; if you use a web-based email program like GMail or Yahoo, a hacked browser could read all of your email and send email on your behalf. Malicious code in an app like Skype could listen in on your conversations and watch you through your webcam.
On top of that, sometimes a hacked application gives you the opportunity to break into the operating system. Once an application is installed, it's inside your router/firewall and past the anti-virus software, which are your computer's first and second lines of defense. It's like getting across the castle's moat and over the castle's outer wall – all that's left is to break down the last few doors to get to the king. There are typically dozens, possibly hundreds, of unknown or unpatched operating-system bugs at any given time that allow an "escalation of privilege" attack. An application that normally runs without "super user" powers (also called "administrator" powers) can trigger a known OS bug to give itself more permission than it's supposed to have. And once the app has super-user powers, it can infect the operating system itself.
So while apps aren't the number one target for Jeremy and friends, they're still a valuable target. And most programmers who write apps aren't nearly as careful about security as operating-system programmers. App writers are all about the best word processor, game, video player, music system or porn finder. They don't study security, and their Q/A procedures aren't focused on finding security threats. App companies are an easy place for a young, hot programmer like Jeremy to get a job.
A long time ago, you'd browse the web to find a song or video, download the file to your own computer, and play it using your favorite music or video player. It was a nuisance, a multi-step bunch of clicks and "File-->Opens" just to listen to a song. Now, presto! Your browser plays videos and songs right in the web page thanks to "plug-ins." The people who designed your browser realized it was much cooler to have multimedia files embedded directly in a web page, and plug-ins make that happen.
A plug-in is a chunk of computer program that can be added to an already-running browser. When Firefox, Chrome or Internet Explorer are delivered to you, they know how to display text and pictures. A bunch of plug-ins are added that vastly extend the browser's capabilities. Google Earth can fly you around the globe and zoom in to see your own back yard or the house where you grew up. Shockwave Flash, Microsoft Silverlight, and Apple Quicktime can show you high-quality movies. A host of music player plug-ins are available to play music from the internet.
And it's not just multimedia. You can get privacy enhancers, language translators that will show you an English translation of a Russian web site, magnifiers for visually-impaired users ... the list goes on and on. Anything you might possibly want to do with your browser, and a few that you never imagined, are probably available as a plug-in.
Each plug-in is a potential vulnerability. It would be a cake walk for our friend Jeremy and his NSA cohorts to use their "underhanded programming" skills to install spyware into a browser plug-in. Most plug-ins are written by very small teams – often by a single programmer. There is no corporate oversight, rigorous Q/A, or code inspection. The only real security is that the "plug-in store" that distributes it will try it out and look briefly for "suspicious activity." It's child's play for a hacker like Jeremy to fool this type of Q/A.
And the public is gullible and trusting. People download plug-ins because they want the cool features offered. They pay little attention to the reputation of the plug-in's author. Once a compromised plug-in is installed on your computer, it has the same power as the browser app itself, with all the dangers that go with it.
Also by Craig A. James...
"Surprising wisdom ... The blog about Alan Turing makes the purchase of this book an absolute no brainer! ... This is an entertaining, irreverent book ... [Craig James] does a very good job of defending his main premise that Christianity is Dying. Don't hesitate to get it! Five stars!"
If all of that isn't enough to make you wear a tinfoil hat, there's more. It takes hardware to run all of that software, and it turns out the hardware can be hacked too.
Most modern peripheral devices are actually small, special-purpose computers in their own right. Your printer, disk drives, USB ports, video card, and photo scanner all contain microcomputers ranging from simple to quite sophisticated. In fact, the most powerful computing hardware in your computer isn't the main CPU; it's the "GPU chip" (graphics processing unit) that runs your video display. The network controller has a sophisticated little CPU of its own to handle its network traffic. Even the battery in your laptop has a tiny computer that monitors the battery's charge and tells the computer how long it will last. In other words, there is a small army of special-purpose microprocessors inside and around your computer.
In a brilliant example of failing to appreciate how clever hackers are, many of these hardware devices can be reprogrammed while running. In one famous example, researchers were able to reprogram (add a virus to) a network card. They then wiped the computer's disk completely clean and started over, reinstalling all the software from scratch. That should have completely eliminated all viruses, right? Wrong. When they rebooted, voila! The network card reinjected the virus into the operating system. Even the best anti-virus software can't clean a computer infected this way. The entire computer has to be discarded.
Imagine that Jeremy and his friends manage to hack a computer that controls uranium processing in some deep, dark cavern in Iraq. They know that the Iraqis are pretty careful, and sooner or later might discover that the computer has been compromised. Heck, for good measure, the Iraqi IT department might wipe every computer's disk clean once a month and reinstall everything from known "clean" software.
But if Jeremy and friends manage to compromise the computer in the first place, they can reprogram one of the hardware devices with malicious software that will reinfect a perfectly clean, isolated system. The only guaranteed way the Iraqis can be sure their computers are clean is to discard them every few weeks and buy new ones!
And it gets even worse: the hardware itself can be corrupted. You rely on your computer to do what it's asked, and to do it very precisely. For example, when you connect with your bank on a secure, encrypted website (one that starts with "https://" rather than "http://"), your computer goes to work encrypting the web site and your data. That encryption process sometimes runs on special-purpose encryption chips that carry out the time-consuming encryption calculations.
What if that encryption chip was manufactured with a deliberate defect that allows the NSA to decode your messages easily? To do this, the NSA might recruit a hot young electrical engineer, one like Jeremy but who specializes in digital circuit design. Like Jeremy, he'd secretly work for the NSA but apply for a job for one of the major Silicon Valley chip manufacturers. Once in place, he could alter the designs of certain critical pieces of encryption hardware to the NSA's specifications.
These chips are made by the millions and distributed around the world. The "defective" chip might find its way to computers installed in government offices, terrorist caves, and the executive suites of the world's largest banks. Anything encrypted by one of these computers would be an open book to the NSA.
Remember the days when you had to plug your new printer into your computer and install a bunch of printer software? Then to share it, you had to click through a bunch of baffling control-panel buttons, and as often as not it didn't work anyway. But no more! Now your printer comes with built-in wireless networking capabilities. Just turn it on and it's on your network!
It seems natural that your printer will just, well, print. And the same with your network-enabled scanner – it just scans. And the FAX machine just faxes, your network disk drives just store files, and so forth. Right? Wrong.
Each of these devices is powered by a fairly capable microcomputer. And it has full access to the internet. When you send a file to your networked printer, what's to keep it from forwarding that file to some other place on the internet? When you scan a document, how do you know it's just being stored on your own computer? When you back up your files to your network backup disk, how do you know it's not forwarding your files to someone else?
The biggest prize is your router, that device that sits under a desk somewhere and sends its wireless signal to all of your computers. It has two jobs: to keep the bad guys out of your private network (it's a firewall), and to handle all of your network traffic. Every bit and byte that goes into, out of and around your computers, printers, faxes, scanners and network drives goes through your router. If the router itself were hacked, it would give the hacker the ability to connect directly to every device in your home, to monitor everything you do, and even to attack all of the other devices in your house to infect them with spyware.
A few months back, Samsung had a brilliant idea for a new feature to put them ahead of their rivals: hand gestures to control your TV! Forget the remote. All you have to do is wave your hands around and you're in control. Twist your hand in the air this way and you control the volume. Wave that way and the channel changes.
Of course, this required Samsung to build a little video camera into the TV so that it can see what you're doing. And guess what? Researchers quickly hacked through the TV's security barriers and were able to turn on the camera – in your living room or bedroom – and watch you.
This insecure Samsung design was probably the result of a poor appreciation of security theory or poor Q/A procedures. Samsung quickly updated the TV's software. But the cat was out of the bag. Think what a great target this would be for Jeremy's talents: TVs are in the homes of virtually everyone in the West, including politicians, corporate executives and criminals. Television ownership is expanding rapidly in the less-developed parts of the world. Wouldn't it be great if the NSA could look into anyone's bedroom?
Our fictional hacker Jeremy was cast in the role of an NSA employee as though the NSA is the only agency in the world that might be interested in these tricks. But it's not. Every major government in the world has the same motivation as the NSA to infiltrate the world's computers, if not the ability.
In the United States, our spy agencies have some oversight. They get away with a lot and operate with a cloak of secrecy, but our spy agencies are highly constrained compared to the spy agencies in countries like China and Russia. The American ideals of openness and accountability, to which at least some homage is paid, are simply not present in these and many other corrupt, dictatorial or technocratic governments. Spy agencies in countries like China have no constraints on their activities. Additionally, many politicians, security analysts and technical analysts believe the Chinese government encourages and employs hackers to develop and deploy spy software.
The story of computer-chip manufacturing in other countries is similar. It would be very easy for the Chinese government to arrange for engineers to corrupt the design of an encryption chip, networking card or printer without anyone noticing. They don't have to bother with recruiting a genius like Jeremy and then sneaking him in disguised as a regular employee. Instead, they can simply go to the software companies and chip manufacturers and install their own employees, and instruct the companies to cooperate.
A number of governments are considering banning purchases of computers made in China. The United States has already banned certain Chinese-made computers from its intelligence agencies. Other governments are extremely nervous about Chinese chip manufacturers and software companies. You should be too.
We've painted a rather gloomy picture. It seems that every computer, phone and tablet in the world is potentially vulnerable, a veritable open book. Even innocuous devices like your printer are suspect. On top of that, your television could be spying on you, right in your own living room or bedroom!
So is this real, or just the rantings of a paranoid, left-wing computer scientist?
I have no evidence whatsoever that any of the tricks I've discussed are being carried out by any government. This is all just tongue-in-cheek "advice" to the NSA from a concerned citizen about "how to do its job better."
I should point out that most of the dirty tricks discussed in this article are probably illegal (but I am not a lawyer). I'm told that it's illegal for the United States government to spy on its own citizens without a warrant. I have no evidence whatsoever that our government agencies are breaking the laws. This is just thought-provoking fiction – at least I believe it's fiction – about what could happen if we don't honor the spirit and letter of our Constitution.
I'd love to hear your thoughts, but be careful. Someone may be watching.
About the Author
Craig A. James considered writing this article under a pseudonym to hide his identity from spy agencies, but realized it was futile. So you get to know what the NSA already knows: James is a writer and computer scientist. He holds a Master's degree in Computer Science from Stanford University and a Bachelor's degree in Electrical Engineering from the University of California, Davis. He is author of an amazon.com bestselling book about how religion's peculiar history is demystified using memes and memetics, The Religion Virus: Why We Believe in God, as well as a collection of his most popular essays, Is Christianity Dying?
His day job is Chief Technology Officer of a successful internet company, where he plies his trade as a computer scientist.
This is hardly a comprehensive list, but here are a few links to pique your interest in the many topics covered above.
Copyright © 2013, Craig A. James
This document is licensed under the Creative Commons Deed, "Attribution - Non Commercial 2.0".
You are free:
under the following conditions:
For any reuse or distribution, you must make clear to others the license terms of this work. Any of these conditions can be waived if you get permission from the copyright holder. Your fair use and other rights are in no way affected by the above.