06.26.09
Posted in Cyberterrorism, War On Terror at 4:53 pm by George Smith
Today, a collection of items again having to do with the tradition of blaming China and its mighty but hard-to-see cyberwarriors.
For example, when you want to build a cyber-attack force, blame the Chinese for starting a cyber-arms race, hacking into US utility companies, cyber-spying and installing backdoors and hidden boobytrap software switches in everything.
Since it’s a practice that has been carried out so well and for so long, the Chinese media has finally started to wise up to it.
So, this year, for the first time, DD has begun to field questions from Chinese journalists, who are returning the favors long administered by their counterparts in the western English-speaking newsmedia. That is, instead of wanting to talk about how China is menacing US cyber-interests, they want to know about the US menacing the rest of the world’s cyber-interests.
From a Q&A — in e-mail — this week:
Chinese journalist: Will US wage cyber warfare against its enemies?
DD: I doubt there will be any significant happenings of this nature. Too much potential for an exposure resulting in great embarrassment and bad publicity if caught doing such a thing. It wouldn’t look good if the US military was caught installing a worldwide zombie botnet now, would it?
Chinese journalist: US cyber security may provoke the new world arms race on the new military frontier, do you think so?
DD: The rhetoric on the subject may inspire something like this. However, it will be offset by the limited nature of what such things can accomplish in the real world.
Chinese journalist: What do you think of the cyberattacks worldwide?
DD: It’s another day, just like many, for IT staffs.
Chinese journalist: Will the American aggressive approach to cyber-security pose a threat to privacy and civil liberties?
DD: There is already some concern about this. As to privacy, there have been agencies and parties in the US which have been involved in pushing back on encroachments and violations of privacy in cyberspace for many years. They’ve had some mixed successes and some big failures, so it’s an ongoing battle.
Next up, a partial transcript from the Ian Masters show,
a couple weeks ago. DD has edited it down to the most interesting points, and the common worked-to-death scripts re China and cyberwar.
Ian Masters, Pacifica radio host: There’s [now] an expectation hacker soldiers will be hired. The New York Times has a piece on Sunday on the frontpage, a rather skeptical piece, suggesting that this indeed may be another raid on the treasury by the military industrial complex.
DD (aka George Smith): Well, that’s been a constant. I mean, it’s not exclusive to the Obama administration. Cyberwarfare and cybersecurity have been used by the US government over the past fifteen years to, as you say, rattle the tin cup for a variety of reasons. I mean, it’s kind of like, what many people don’t realize is that the extremist views are in charge, OK? [Laughs] There really isn’t a voice of moderation. And there really never has been in the area.
IM: So, in other words, the sky’s always falling.
GS: That’s right.
IM: And the Russians are coming.
GS: Or the Chinese. The Chinese were coming ten years ago. And they’re coming again.
IM: And the terrorists are coming.
IM: In terms of cyberwarfare al Qaeda is not a player?
GS: No, they’re not a player.
IM: They do low-tech video releases. So who is the target of this new initiative by President Obama, is it Russia and China?
GS: Those are the common two. Ten years ago there were a large number of stories circulated insisting China, the dragon, was about to show its claws and fire, and it had developed a cyberwarfare capability, and in the most extreme cases could attack the United States’ oil refineries and cause explosions, war from remote, things like that. And with Barack Obama, on Friday, he includes in his speech a statement that cities in foreign countries have been blacked out by cyberattack, and that’s simply an urban legend. There’s nothing to back that up at all yet it finds its way into his cyber policy review report.
Now, why is that? [Laughs]
If you look at the footnotes of the report real carefully, this comes out of an old press release from a computer security company.
IM: So ginning up business?
GS: Well, specifically, this occured about a year ago. It was to gin up business for protection of remote control access systems. What better way to do it than to say the CIA had told [your expert business] that cities which cannot be named, in countries that cannot be named, had power companies attacked which cannot be named, causing blackouts in cities, the number of which cannot be named.
IM: Really?
GS: Yeah, well that’s it …
IM: Where is the beef then, as they once said in a political campaign? We’ve got a lot of sizzle — but there’s no steak here?
GS: Well, the real beef is that there isn’t any doubting that there are problems with cybersecurity. We’re now built on a system that’s fundamentally insecure … and when you choose to use the Internet … to build your networks upon [it], then you’re choosing to work with an insecure system and the daily problems that come with that are part of the overhead of doing business and conducting life like that. And that’s a complete separate set of issues which everyone must deal with on a daily basis.
Ah, have you had an experience with removing malware, viruses or spyware from your computer?
IM: Well now, at the risk of advertising for Apple, I have a Mac.
GS: [Laughs] Well, good for you!
IM: So everyone is attuned to these things and paying the price.
GS: And everyone has to deal with it daily and take measures or suffer the consequences … Bad actors on the Internet are not known for restraint, OK? If there was an ability to turn the United States off like a switch, it would have been done already, I think. They wouldn’t show the qualms of, perhaps, a foreign country whose leaders would say: “Maybe we shouldn’t do this.”
Someone would just say: “No, we’re going to do it because I want to be famous and show the world how powerful I am.” Which is one of common motivations, among many, in people who do these kinds of things on the Internet, who are constantly knocking on your firewall door …
CNN’s Pentagon correspondent, Jamie McIntyre, was puzzled: “This term cyber warfare sounds kind of, you know — amorphous, kind of hard to get your hands around it…” (See here for the next excerpt’s original publication.)
Fifteen minutes later, Gordon Chang, author of an unintentionally hilariously entitled book called The Coming Collapse of China vaguely informed the news network, “Well, they say that two [instances] of those were really the Chinese caused blackouts in the United States, one in 2003 and the other…”
For Chang, “they” were a couple of chatterers from the press, more specifically, an article in the National Journal, a publication nobody but Congressional staffers and producers and editors of news organizations in Washington, DC, reads.
“We’ve always knows that our civilian networks, which are not protected as well as the defense ones, can be taken down, but we never really had a demonstration that it could, indeed, actually happen until a couple of years ago,” continued Chang.
The news story demonstrated one common feature of all stories on cyberwar. You can say anything you wish and not suffer a beatdown. The most remarkable, even ludicrous, things can be claimed. Once on paper, it’s fair to discuss such things as if they had the reality of a piece of granite.
Since the Chinese had been causing blackouts, Chang reasoned the US government ought to show some backbone and give them a talking to …
To spend too much time arguing details [over this] is to be drawn into the deranged world of the American way of threat description … What would the United States do [then] in retaliation? Start carpet-bombing? Carpet-bombing, in this case, means having a force of cybermen and their own vast military botnet to launch DDOS attacks.
In “Carpet-bombing in Cyberspace,” an article from the Armed Forces Journal, Col. Charles W. Williamson III writes “America needs the ability to carpet bomb in cyberspace to create the deterrent we lack.”
There is a carpet-bombing gap in cyberspace, it is said. “We are in [a new arms race] and we are losing,” asserts Williamson. China has the greatest capability for cyber carpet-bombing because “analysts think China has the world’s largest denial-of-service capability.”
The US can offset this by investing in its own military botnet, sort of like not allowing the Russkis to take the lead in mineshaft digging in Dr. Strangelove.
In slightly different form,
at SITREP.
Update: The daily dose of
cyberwar exaggeration. Cyberwar will throw everyone back to the Seventies. Except you won’t get to be young again.
Permalink
06.23.09
Posted in Cyberterrorism at 8:53 am by George Smith
“Military leaders now routinely warn that the Pentagon’s computer networks are attacked daily,” reported the Omaha World Herald newspaper a few days ago.
Omaha is home of Offutt AFB, home to StratCom, which has some skin in the game of military perimeter cyberdefense.
“The U.S. Strategic Command is awaiting a military review that eventually might diminish its role as the military’s go-to group for waging war in cyberspace,” fretted the newspaper.
Well, it won’t be that bad, DD told the reporter. Things will continue pretty much as usual, the US military using a hodgepodge of agencies, arms and resources to keep doing what it’s been doing in the area for the last fifteen years. Whether or not an organizational chart is rewritten and personnel and facilities switched around won’t really matter in the long run.
“Rival governments are suspected of being involved in cyber attacks and cyber espionage that not long ago would have been relegated to the science-fiction rack,” continued the article.
“A Chinese computer system dubbed GhostNet recently infiltrated at least 1,300 computers in the United States and more than 100 other countries, allegedly to steal information about the Dalai Lama.”
Ooh!
“Russians are suspected of attacking some of Georgia’s computer systems before the Russian military bombed that country last August.”
Aaaah! The Russians are coming! So are the Chinee!
“Most cyber defense isn’t sexy, [George Smith] said. It’s the day-to-day drudgery of protecting computer networks from things like data theft and computer viruses.
But the bigger threats from foreign governments scare military, industry and academic experts, said Mustaque Ahamad, director of Georgia Tech’s Information Security Center.
” ‘This is keeping a lot of people awake at night,’ he said.”
No, not if they’re sane.
But it’s worth noting the dire claim is just from the exact source one would expect, someone who’s livelihood is integrally entwined with getting others to believe the potential of cyberwar merits some fear, trembling and night sweats. Such claims have fallen like pigeon droppings in the city for the last fifteen years.
They’re common, unremarkable, numbing and well beyond stupid.
“No matter what happens with the cyber mission, StratCom’s future in Omaha still shines bright,” the Omaha Herald article finished. “The command expects to receive 600 more personnel in the next few years to complete its cyber mission …”
The standard example of weekly, sometimes daily, dishwater on cyberwar, piece furnished by Evgeny Morozov writing for
Newsweek.
Information is classified! But facts were “eye-opening” and “clear,” a cliche (or cliches) published when things are actually the opposite.
Among the targets were two of Estonia’s biggest banks, whose online systems were severely degraded for several hours. The scale of the economic damage is still classified as a state secret, but the fact that this happened in “E-stonia,” a proud digital society (Oh, puh-leeze!), where even parking meters take payment via text messages, was eye-opening. Although the decentralized nature of cyberattacks made it hard to know whether the Kremlin ordered the attacks, clues led Estonia to a Russian suspect, whom the Kremlin refused to extradite.
One thing is clear: Russia gained from what may be the first successful invasion in the new age of cyberwar. Hillar Aarelaid, a manager at Estonia’s computer emergency response team, who coordinated Estonia’s defenses during the assault, told me that the attack used a nasty weapon called a “distributed denial of service” or DDOS…
See
here, for comedy. Or
here and
here.
Here, too.
“It will be the acme of skill to defeat the prideful military of the Americans through the righteous uniting fists of stealthy digitized roaming mobile code.”
|
– People’s Liberation Army military theorist Fu Man Tzu in “Cyber-Wars Like Grains of Sand,” translated by China scholar, Hue Pflong Pu, Center for Strategic and International Studies.
|
Permalink
06.14.09
Posted in Bioterrorism, Cyberterrorism, War On Terror at 9:18 am by George Smith
An audio file of DD on the radio for Ian Masters’ Background Briefing show on FM radio is here.
There is also a stream and iPod broadcast here. Note, though, that the broadcast, which took place on May 31, is mislabeled as one with Colin Powell’s adjutant in the Bush administration, Lawrence Wilkerson, who was the primary guest a week earlier. This is coincidentally absurdly humorous, since Wilkerson is one of the high-ranking people responsible for so badly informing Powell about the ‘UK poison ring’ for his infamous UN Security Council address, a claim officially destroyed in 2005 by me.
But since Wilkerson is now a convenience to the left — someone from the Bush administration willing to regularly call Dick Cheney nuts — he was granted a get-out-of-jail-free card by the mainstream media.
I digress.
The show lasted an hour and I was on third, so if you want to skip the other hosts, advance in your player to around minute 40 and you’ll be in the general vicinity. However, the entire show is worth a listen.
Subject material was a discussion of Obama’s cybersecurity plan and other things readers of the blog will be familiar with.
Do people listen to these radio Pacifica stations? I have been told so by acquaintances. But often I have doubts.
Permalink
06.02.09
Posted in Cyberterrorism, War On Terror at 1:54 pm by George Smith
“Negative reactions are coming in to President Obama’s cybersecurity proposals,” writes a blog at PC Mag. “The reasons vary, but many are arguing that the proposals resemble earlier, less publicized efforts from the Bush administration, and that the proposed National Cybersecurity Coordinator will lack sufficient
authority.”
DD makes an appearance, again calling the story about unnamed cities in other countries being blacked out by cyberattack an urban legend. It was delivered by President Obama on Friday, and he presumably read it in the Cyberspace Policy Review, were it merits a footnote — citing a p.r. sheet issued by a computer security vendor.
The rule of thumb for such claims needs to be this, particulary when an ‘item’ is to be delivered by the President: Extraordinary claims require extraordinary and substantial evidence to back them up.
And the regular circular slogan during the days of WMD’s in Iraq: “Absence of proof does not mean proof of absence,” just doesn’t cut it.
A stake needs to be driven through this type of thing as it’s part-and-parcel of the regular slew of ghost stories which come with news about menaces from cyberspace. Its use functionally puts the Obama administration at a disadvantage, making it no better than previous administrations. Therefore, those who wrote the report, or insisted upon the item’s inclusion, need to be taken aside and put on a very short leash.
I’ve made this part of the discussion with reporters in the past week because these fact-free rumors get around only because the viewpoints of extremists have become the common currency in the national debate on cybersecurity.
When including such things in policy reports, by nature, they hinder careful and deliberative thought. And they distract from a discussion in which security is discussed in a sophisticated and nuanced matter, conflating it into one big grab-bag issue with the forbidding, even numbing, theme: The nation is at risk.
And “[where did Obama’s] $1 trillion dollar guesstimate come from?” asked Rob Rosenberger over the weekend.
“It’s been estimated that last year alone cyber criminals stole intellectual property from businesses worldwide worth up to $1 trillion,” said the president last Friday.
Answer: It came from a McAfee Associates press release. Really.
Permalink
05.30.09
Posted in Cyberterrorism, War On Terror at 1:47 pm by George Smith
Your host will be a guest on Ian Masters’ ‘Background Briefing’ on KPFK, 90.7 FM in Los Angeles, tomorrow morning at 11:40 PST. Logically, it will be to discuss and place in historical context the Obama administration’s cybersecurity initiative.
You can stream it on the web here or pick it up as a download at ianmasters.org here.
And
here’s a piece, pre-Obama administration, again illustrating the point that any claim, no matter how extreme or unspupported, can take the stage in talks about cyberattacks on the US.
Permalink
05.29.09
Posted in Cyberterrorism, War On Terror at 10:52 am by George Smith
“President Obama announced a sweeping new initiative to beef up the nation’s defenses against attacks on the nation’s increasingly important computer networks, including a plan to put a cyber-security chief in the White House,” reported USA Today, along with many others.
“Cyber-space is real and so are the risks that come with it,” President Obama told the nation.
It was familiar.
Over the past decade, a great many US government officials have uttered similarly pleasing sounds. Obama administration officials and advisors are no different. For an earful and eyeful from the current line-up, view the Whitehouse’s entirely unremarkable video on the subject.
“The national dialogue on cybersecurity must begin today,” states the Obama administration’s recent cyberspace policy review.
“People cannot value security without first understanding how much is at risk. Therefore the Federal government should initiate a national public awareness and education campaign informed by previous successful campaigns.”
These are statements which sound good, but only superficially. Instead, they tend to really insult the intelligence of anyone who has followed US government campaigns to educate the public over risks from cyberspace in the past eight years.
Fundamentally, the US government’s ‘education’ on the issue has always boiled down to employing a small army of officials, as well as experts from the private sector, to convey dire messages: The country is so dependent on the networks, it can be turned off like a switch by a variety of enemies who choose to attack through cyberspace. The enemies can be nations we don’t like, teenagers, disgruntled insiders, organized crime, or just crazy people.
The famous meme on turning the country off like a floor lamp was originally called “electronic Pearl Harbor,” later modified to “digital Pearl Harbor.” An authoritative collection of government outreach educational statements on the threat from cyberspace in the press, collected from 1994-2000, can be read here.
A more recent sighting of government officials, often anonymously, educating the public on the dangers of not defending the nation’s infrastructure in cyberspace is here — on cyberspies from China said to be installing software boobytraps in important systems. And a critical summary of ten common red-herrings used to ‘educate’ the public on the issue over the past could years is here in “10 easy steps to writing the scariest cyberwarfare article ever.”
“I’ve written on computer security hysteria for twenty years and I can tell you this: the U.S. federal bureaucracy has never produced a good economic figure for computer security damages,” wrote one of this author’s colleagues, Rob Rosenberger on his Vmyths computer security and opinion site, in February. “It’s all about hype, not accuracy.”
Rosenberger was addressing the claims of various government officials on the scope of damage the country was thought to be suffering from cyberattacks. He was comparing the statements from Dennis Blair, the Director of National Intelligence, on the threat of cybercrime in 2009, with those from Richard Clarke, the country’s cybersecurity czar in 2002.
“Okay, so now along comes Barack Obama with his ‘open’ government,” continues Rosenberger. “[Dennis Blair] all but admits the entire U.S. intelligence community lacks data concerning one of the five most important threats America now faces … [it] can do nothing more than quote wild dollar values spouted by two companies — one of them not even involved in economic assessments.”
The problem is not that there hasn’t been a discussion with the American public on cybersecurity. There has. And it’s been entirely monochromatic, larded with scenarios, claims and frightful rumors meant to incite action, and allied with experts chosen from companies in the private sector who always stand to gain richly from further spending on cybersecurity. Danger, danger! We’re losing billions of dollars a year! China or someone other nation will turn off the water and power!
Empirically, this manner of nonsense — which has been shoveled for years — has been a turn-off, the exact opposite of what the Obama administration wants. Many people when confronted with stories about lurking cyber disasters, ignore them. They already have too much experience with removing, or getting someone else to remove, spyware and viruses from their home computer. And while they are probably aware that malicious knocks on the firewall running on their Internet-connected PCs occur every few minutes, they are somewhat less concerned about menaces said to be threatening the day-to-day economic health and safety of the nation.
So when Barack Obama reverts to citing figures on dollar losses due to cyberspace, these repeat a general practice of fudging. And when he stated today that in other countries, “cyberattacks have plunged entire cities into darkness,” he is repeating unconfirmed rumors.
It is not the best start.
At Sitrep.
Follow-up: News article at Popular Science.
Permalink
« Previous Page « Previous Page Next entries »