06.22.14
Posted in Cyberterrorism at 9:50 am by George Smith
Pointed out by Bill Blunden, author of Behold a Pale Farce, a much recommended here book on cyberwar and the national cybersecurity industrial complex, retired NSA director Keith Alexander is cashing in his chips. Most profitably, too, if his consulting price for a month of services at $1 million gets a lot of takers.
From Bloomberg:
As the four-star general in charge of U.S. digital defenses, Keith Alexander warned repeatedly that the financial industry was among the likely targets of a major attack. Now he’s selling the message directly to the banks.
Because that’s where the money is.
Continues Bloomberg:
Alexander, 62, said in the interview he was invited to give a talk to the Securities Industry and Financial Markets Association, known as Sifma, shortly after leaving the NSA and starting his firm, IronNet Cybersecurity Inc. He has met with other finance groups including the Consumer Bankers Association, the Financial Services Roundtable and The Clearing House.
The ex-NSA chief is leasing office space from Promontory Financial Group LLC, a Washington consultancy that focuses on the banking industry. Eugene Ludwig, Promontory’s founder and chief executive officer, joined Alexander at a meeting with Sifma, Wall Street’s largest lobby group.
Alexander offered to provide advice to Sifma for $1 million a month, according to two people briefed on the talks. The asking price later dropped to $600,000 …
“What I’m concerned about is we’re going to have a 9/11 in cyberspace,??? Alexander told Bloomberg.
Keith Alexander — from the archives.
Permalink
05.21.14
Posted in Culture of Lickspittle, Cyberterrorism at 9:56 am by George Smith
It’s no longer particularly eye-opening that the US government views almost every problem, domestic and global, as something that could be helped by more militarization.
However, it is dismaying that when much of the rest of the world wants much less militarized US national security presence on the global networks, the polar opposite moves smoothly ahead domestically.
More teams of “warriors” often seem to be the only answer to just about everything in cyberspace, down to defending some a police department in Albuquerque after hackers compromised its network with malicious phishing e-mails, a now common place and fairly trivial occurrence nationally and globally.
A reader informs that California has taken up an offer from the National Guard to scan its network computers for vulnerabilities and to conduct penetration testing.
Excerpts from a piece posted at National Guard dot mil explain the background, which is being ramped up nationally:
With cyber attacks occurring more frequently and becoming more complex, the National Guard is stepping up its efforts to defend critical infrastructure networks and develop the next generation of Cyber Warriors.
More than 300 Soldiers, Airmen and civilians from 35 states, Puerto Rico, Guam and the District of Columbia converged at the National Guard Professional Education Center for the 2014 Cyber Shield Exercise from April 22 to May 2. While the scenarios they encountered were simulated, the malicious attacks came fast and furious, representative of what network defenders face in the real world.
The Guard’s CNDTs not only protect the National Guard’s information highway but also are mandated with assisting federal and state governments to provide vulnerability assessments and help protect their networks. Just as they are available to governors to respond to natural disasters, each individual CNDT is prepared to answer the call. In March, the New Mexico Army National Guard responded to a cyberattack in Albuquerque.
“We act as advisors to the governor,??? said Col. Raphael Warren, G6 for the New Mexico Army National Guard and officer in charge for the 2014 Cyber Shield Assessment Team. “We had an incident where the activist group Anonymous attacked the Albuquerque Police Department and we [took] that opportunity to get some insight into how those attacks occurred.???
Unlike federal troops who are bound by the Posse Comitatus Act, Guard Cyber Warriors can assist local and state law enforcement.
There is always a money side, too.
The National Guard dot mil piece makes it quite clear the need for militarized cyber-defense is also about searching for justifications for expanded budgeting, including joint programs for continuing education of “cyber warriors” at local schools.
“[The National Guard Public Education Center] and the University of Arkansas at Little Rock (UALR) are exploring a partnership to provide improved course content development, internships, certificates and degrees for PEC instruction, reads the piece. “Coupled with UALR’s certified and accredited instruction, PEC will continue to be instrumental in providing skilled cyber warriors to support a wide range of federal and state cyber missions.”
“It’s a win-win that way and the money that we’re spending that is already been put on the table is a double benefit,??? one of the Guard’s cyber-soldiers added.
Permalink
05.19.14
Posted in Culture of Lickspittle, Cyberterrorism at 10:58 am by George Smith
PARIAH comes true! Send it to your friends!
US national computer security apparatchiks hit a new low
When you want to distract the media from Edward Snowden’s documents, restore the image of the NSA and relaunch cyberwar hype for the benefit of defense contractors, you do a show trial indictment of the Chinese.
You make sure it has no real weight and accuse five Chinese generals in a building in Shanghai of cyberspying and stealing corporate secrets from big US companies, and suggest they be handed over for a trial. Much for our amusement and greater merriment.
“The Justice Department said that the men were indicted on May 1 by a federal grand jury in Pennsylvania,” reads the New York Times.
Go Pennsylvania! Show the Chinese!
Now all us Americans who either have crap jobs or no jobs and are needing food stamps will know where to point the finger of blame: The Chinese army that is stealing our corporate secrets.
“[The government indictment and demands], however, were largely symbolic as the Chinese government, which said on Monday that the facts behind the charges were made up, is unlikely to turn them over,” continued the Times.
Later in the day, an analysis at the Times gets to the heart of the US dilemma (or hypocrisy, depending on your POV):
[The] Chinese have already rejected both the facts and the argument, and they used the revelations last year by the former National Security Agency contractor Edward J. Snowden to press their response that the distinction between spying for commerce and spying for national security is a tiny one, and distinctly American.
Documents released by Mr. Snowden have revealed that the American government pried deep into the servers of Huawei, one of China’s most successful Internet and communications companies. The documents made clear that the N.S.A. was seeking to learn whether the company was a front for the People’s Liberation Army and whether it was interested in spying on American firms. But there was a second purpose: to get inside Huawei’s systems, and to use them as a conduit to spy on countries that buy its equipment around the world.
Huawei officials said they failed to understand how that differed in any meaningful way from what the United States has accused the Chinese of doing.
Naturally, US national security apparatchiks/very-important-people won’t have it.
However, when in their own company presumably some of the gang realize the problem they have created for themselves and that today’s action is unlikely to solve it in any meaningful way.
It also raises the prospect of tit-for-tat.
Indicting PLA generals on computer crimes puts pressure on other countries which may have agreements in place to detain foreign nationals accused of such crimes by the US when they pass through their territory.
These countries, and many others, may be partially or even entirely unenthusiastic about cooperating in such matters considering the damage done to the American reputation by the Snowden affair.
Knowing this, the Chinese, or any other country, might choose to indict an American general, such as the head of the NSA or the chief of Cyber Command, for actions revealed in the Snowden materials, for the development and dissemination of malware like Stuxnet, or any other intrusion it detects on the networks that its experts think or insist points to US operations.
In this way, the show trial held today could backfire in interesting ways in the next couple of years.
The US government has not come close to making a compelling case that Chinese stealing of American secrets has hurt the US economy. If the theft has, no economists of note have discerned it or even chosen to comment on the matter in their daily publishings on the state and progress of the national economy.
The statistics, or raw numbers of hacking intrusions and documents accessed in corporate America no matter how large, as reported by the media or selectively distributed for-special-eyes-only reports, do not make the case.
Paradoxically, it all comes down to matters of trust. How much trust is to be put into agencies which have worked to damage trusted networks?
Sherlock Holmes: Don’t you trust your own Secret Service?
Mycroft Holmes: Naturally not. They all spy on people for money.
— Sherlock, A Scandal in Belgravia
To keep things in perspective, from Krugman today:
By any normal standard, economic policy since the onset of the financial crisis has been a dismal failure.
Much of Mr. Geithner’s book is devoted to a defense of the U.S. financial bailout, which he sees as a huge success story — which it was, if financial confidence is viewed as an end in itself. Credit markets, which seized up after Lehman fell, mostly returned to normal during Mr. Geithner’s first year in office. Stock indexes rebounded, and have hit new records. Even subprime-backed securities — the infamous “toxic waste??? that was poisoning the financial system — eventually regained a significant part of their value … [Tim Geithner] was, if you like, all for bailing out banks but against bailing out families.
And refusing to help families in debt, it turns out, wasn’t just unfair; it was bad economics. Wall Street is back, but America isn’t, and the double standard is the main reason.
Permalink
05.05.14
Posted in Culture of Lickspittle, Cyberterrorism at 5:22 pm by George Smith
Even stuff you did more than 20 years ago isn’t safe from corporate theft. If there is a way to steal labor, it will be done. Here then for your enjoyment, from the Morning Call, a piece I did as a free-lancer in 1992. The Call, which belonged to Times-Mirror, now Tribune, never had a contract with any free-lance writers.
Digital distribution didn’t exist in any form for it. Free-lance articles were never copied to the wire service from Allentown.
But this piece has existed in the Call archives for 22 years. And while the newspaper has no digital rights to it, that hasn’t stopped it from putting it on the web.
I’m taking it back today.
It’s Not That Tricky To Use The PC For April Fool’s Revenge
Dear Mr. Computer Dude:
My PC plays Rossini’s “William Tell Overture” every time I turn it on. I can’t find anything about this in the manual. Is it an undocumented feature?
— Puzzled
Has this ever happened to someone you know? Like, maybe around April 1?
Time to get even! If you have a PC and a double sawbuck to spare, you’re all set to try your hand at some electronic practical jokes and maybe learn a little about computer security in the process.
The sweetest way to get started on this April Fool’s revenge project is to let someone else provide the stoop labor. Just right for that purpose is a mall bookstore paperback called “Stupid PC Tricks” by Bob Levitus and Ed Tittel (Addison-Wesley; $19.95; 137 pp.). The book itself isn’t very helpful. However, the two floppy disks that come with it are — they contain the makings of a number of clever, cheap and, most important, user friendly practical jokes.
To start, the disks contain a program known as TRIP (as in drugs, not cruise).
Now, what you want to do to embarrass that goldbricking co-worker who’s always playing a favorite computer game when the shift supervisor’s not looking is this:
1. Take a disk that TRIP is on and insert it into your colleague’s work station PC floppy drive. Type A:, then .
2. Now, type TRIP 5.
3. Then type CLS to clear the PC monitor so there’s no evidence of your fiddling.
TRIP is a deeply aggravating trick which installs itself into a computer’s memory and alters the color of all letters on the TV screen in a random fashion at a rate predetermined by the number typed after TRIP.
TRIP is not destructive, but it is quite impossible for anyone to work at a PC with text characters pulsing queasily in different colors. And TRIP is easy to dismiss (but don’t tell any of the victims). Simply restarting the PC flushes TRIP from the system.
More devious and experienced users, perhaps your teen-age kid, for instance, will greatly appreciate TRIP’s potential when tied into a PC’s autoexec file (computer-ese for the routine the PC runs on start-up before it hands over control to the operator.) Heh-heh.
Anyway, executing your master TRIP plan has also neatly demonstrated how easy it is indeed to insert a real rogue program, like a virus, into most PCs. About 10 seconds’ worth of work, all told. This is a point that shouldn’t be overlooked in lieu of the recent hoo-haw over the Michelangelo virus.
A similar program supplied by the Stupid PC Tricks disks is MUTANT. MUTANT installs effortlessly and quickly like TRIP, but instead slowly goads the PC into generating a string of frankly disconcerting clicks and buzzes, including one sound that mimics the screech of a trapped squirrel. MUTANT’s thoughtful delayed activation ensures time for escape, thereby lessening professional risk, too.
One also gets two programs called FOOL and ANNOY which double as apoplexy-inducing pranks or low-level security applications.
FOOL is a bit more complex than TRIP or MUTANT. It consists of two files: the FOOL program and an insult/security database which FOOL refers to. FOOL is activated by typing FOOL and a percentage, i.e., FOOL 25 percent. When this is done, FOOL installs in memory and issues a work-blocking insult on roughly 25 percent of all typed commands.
A typical insult might be: “NAZI SWINE! I’LL NEVER TALK!” while the PC refuses to continue.
It’s easy to see how this alone could get out of hand. However, FOOL has an added feature. By typing the names of any program, for example WP for a word processor, in FOOL’s insult/security file, FOOL aborts the execution of the program.
This is a noxious, intrusive property which has a lot of application in low-level PC security. For example, corporate stiffs, er, administrators, who wish to prevent employees from running certain programs during off hours could easily install FOOL to block access to popular applications like spreadsheets or income-tax preparers.
Certain anti-virus programs work in the same manner. Although slightly more sophisticated than FOOL, once installed in memory they can intercept pre-determined potentially destructive commands which simple viruses, novice computer vandals or disgruntled employees might issue.
ANNOY is not as powerful as FOOL, but far more sneaky. ANNOY installs memory resident, like the more pestiferous computer viruses, and poses as a password security feature for common commands on IBM-compatible PCs. For example, when the user types DIR — the most common command — ANNOY annoyingly pops up and asks for the password. In reality, there is no password. However, the user is unlikely to know this. In addition, ANNOY secretly logs the command to a secret usage file, for convenient snooping later.
All these programs are harmless. However, keep in mind that some people, by nature, are tense and humorless. In these cases, you should be ready to step in with a remedy and judicious application of diplomatic balm.
Next week: Irreversibly encrypting your boss’ payroll file.
“I don’t think people are interested in computers,” Mr. J. Kelly, Assistant Managing Editor, The Morning Call, 1992
Ah, the amusements of MS and PC DOS. If you know the editor of the blog, you’ll know what else was being set to be delivered in the old Crypt Newsletter. (Careful now, it can’t hurt you. But your anti-virus program might not like it.)
There was so much more that could have been written. But it was a newspaper, there were certain sensibilities that were inviolate, and as one person said, readers weren’t interested in personal computers.
Brilliant.
Permalink
04.28.14
Posted in Culture of Lickspittle, Cyberterrorism at 1:08 pm by George Smith
At GlobalSecurity.Org:
Memo to American cyberwarriors: You can’t rehab your lousy reputation by planting stories on how you saved banksters in big newspapers.
Illustrating that global cybersecurity policy and action in the US is purely for the benefit of the 1 percent, Ellen Nakashima of the Washington Post wrote a story on leaked details of a concerted Iranian attack on American banks in 2012 a couple weeks ago.
All of it.
Permalink
04.24.14
Posted in Culture of Lickspittle, Cyberterrorism at 2:32 pm by George Smith
Illustrating that global cybersecurity policy and action in the US is purely for the benefit of the 1 percent, Ellen Nakashima of the Washington Post wrote a story on leaked details of a concerted Iranian attack on American banks in 2012 a couple weeks ago.
Keep in mind while reading anything from the linked Post piece, the Iranian response, if it was that country’s clandestine effort, came after the US/Israeli launching of the 2010-2011 Stuxnet malware campaign into the networks and controlling machinery of its nuclear program.
From me, now semi-famously:
Nobody in the great mass that is not the 1 percent or in the service of the same cares about attacks on the American financial system. They do, on the other hand, wish our financial system would stop attacking them.
From the Washington Post:
In the spring of 2012, some of the largest banks in the United States were coming under attack, with hackers commandeering servers around the world to direct a barrage of Internet traffic toward the banks’ Web sites.
The assaults, believed to have been launched by Iran, were bringing the sites down for hours at a time and disrupting customer business — the first significant digital assault of its kind undertaken against American industry’s computers by a foreign adversary.
It “was a wake-up call,??? recalled an official from a large Internet service provider for the banks …
With regards to bad stuff alleged to have happened, or be happening, to the United States, in national security speak, it’s always “a wake-up call.” It works like this. You secretly and persistently kick your smaller, less resourceful and poorer enemy in the nuts and no one complains. When he strikes back by hurling a couple bags of dog excrement at you, it’s “a wake-up call.”
One supposes your position depends on where you stood, with regards to the bank assault.
The Post:
The attacks on the banks were launched shortly after the expansion of U.S. sanctions against Iran, and whoever was behind them was impressively skilled …
By September 2012, financial institutions including Wells Fargo, Bank of America and JPMorgan Chase were grappling with waves of electronic traffic that had crept up from 20 gigabits per second to 40, 80 and ultimately 120 gigabits per second. It was at least three times the volume of traffic that most large banks’ Web sites were initially equipped to handle.
Banks were spending tens of millions of dollars to mitigate the problem.
In the Nakashima/Post piece there is not a single mention of the Stuxnet virus and its offspring, or any discussion by administration officials and sources in the real context of the time, that Iranian attacks on bank websites were seen as retaliation for an escalating American/Israeli malware campaign against that country.
That’s your standard garden-variety journalistic malfeasance, right there, partners.
Instead, an anonymous official describes the American response to Iran as “gentle and precise.” In contrast to Stuxnet, which was designed to wreck an Iranian uranium separation centrifuge operation.
This week, with review posts on Bill Blunden and Violet Cheung’s Behold a Pale Farce book on cyberwar and the malware industrial complex, the roots of the national security complex’s propaganda campaign in this area were outlined.
Nakashima’s Post story is another in kind, a piece to revive imaginary characteristics of reason and restraint on the part of US cyberwar/cyberdefense operations through the issue of a new load of fresh clean laundry.
Instead of striking into Iran’s networks directly in retaliation, because, as the story reads, our cyberwar capabilities are so much stronger than Iran’s, a response was concocted to be “gentle and precise.”
Thank you, former NSA director Keith Alexander. In one stroke, his image redeemed. That horrid Edward Snowden mess can be left behind.
American officials and workers in cybersecurity at a variety of agencies “reached out” to 120 foreign countries, allies, and enlisted their aid in squelching the Iranian assaults in a group effort that disarmed the botnet networks used in the distributed denial of service attacks against American banks.
Grand and stirring stuff! American mega-banking websites were saved! Victory was ours in the Battle of BofA!
You, national security dudes and Post editors, thought rigging publishing a story about how US megabanks were bailed out by the government (again), from website attacks, by little Iran is something to pat yourself on the back over? Seriously?
Oh me, oh my, “the banks were spending tens of millions of dollars to mitigate the problem.”
To repeat, your position on the Battle of BofA depended on where you stood.
I’m a big bank client. So are friends. I didn’t notice any problems with my bank’s website during the great cyber-assault.
However, I also didn’t notice any slow down or change in how quickly and efficiently my bank went into my account for the usual administrative and other miscellaneous fee collections during the same time period. That’s digital and software-mediated, too.
The vast majority of Americans didn’t know of, and wouldn’t have given a shit if they did, about the attacks on bank websites and how they were staunched by US and allied cyberdefense.
As a story, the Post’s is entirely in the genre of computer security for the 1 percent. A great story of doings of no benefit to anyone but those at the top of pyramid.
Almost seems a shame the newspaper won that Pulitzer for Edward Snowden’s material last week, doesn’t it?
Permalink
04.23.14
Posted in Crazy Weapons, Culture of Lickspittle, Cyberterrorism at 12:39 pm by George Smith
At GlobalSecurity.Org, rearranged and with all the push-buttons for “sharing” so others in the national security megaplex might know of a decent book:
Readers of this blog know the topic of cyberwar reasonably well. The national mythology on it has been deadening and invariant for virtually two decades. Festung America has always been threatened with devastation from cyberspace.
Clever hackers, then terrorists, then armies of cybersoldiers based in all countries wishing ill of the US have been claimed to have the power to stop the electricity, to destroy the US economy by striking Wall Street, to poison water and create horrific accidents through the remote manipulation of industrial control systems.
Today authors Bill Blunden and Violet Cheung have produced something of a first on the subject, a comprehensive book on it that isn’t like all previous works on the matter. The genre of cyberwar books can be explained in less than half a dozen words: Fictions passed off as non-fiction. Blunden and Cheung’s new book, Behold a Pale Farce (TrineDay, trade paperback), strength is reality. That makes it rather unique in the field.
All of it, tweezed for minor improvements, here.
Permalink
04.21.14
Posted in Crazy Weapons, Culture of Lickspittle, Cyberterrorism at 4:32 pm by George Smith
Authors Bill Blunden and Violet Cheung have produced something of a first, a comprehensive book on cyberwar that isn’t like the rest. Behold a Pale Farce’s (TrineDay, trade paperback) strength is reality, a feature that makes it entirely unique in its field.
Readers of this blog know the topic of cyberwar reasonably well. The national mythology on it has been deadening and invariant for virtually two decades. Festung America has always been threatened with devastation from cyberspace.
Clever hackers, then terrorists, then armies of cybersoldiers based in all the countries wishing ill of the US have been claimed to have the power to stop the electricity, to destroy the US economy by striking Wall Street, to poison water and create horrific accidents through the remote manipulation of industrial control systems.
Illustrative as fas back as 1998, this excerpt (which I had something to do with) from Steven Aftergood’s Secrecy Bulletin at the Federation of American Scientists:
[George Smith, author of the Crypt Newsletter] has written a useful corrective entitled “An Electronic Pearl Harbor? Not Likely” which appeared in the National Academy of Sciences journal Issues in Science and Technology (Fall 1998) …
Some of the best-informed observers are quick to acknowledge that Smith’s critique is on target.
“I certainly agree that the notion of an electronic Pearl Harbor specifically, and more generally of information warfare, has been hyped to the point of nausea,” said the vice president of one intelligence contractor that has multi- billion dollar annual revenues from its work in information technology. “This is but the latest of many fads in ‘the Community’,” he told S&GB, “and like most of its predecessors, [it] has just enough substance to require that serious attention be paid, but not nearly as much substance as the Cassandras of the Community would have us believe.”
About fifteen years and “digital Pearl Harbor,” “digital 9/11,” whatever the name for it was trending, never happened. Even though it has been declared, as this book chronicles, a number of times.
But in the same period the Cassandras won almost total victory. The mainstream news collapsed as an agency capable of even mildly critical examinations of the subject. The only people with any say, the only people published where large numbers of eyeballs would see them, were those who hyped always coming Cyber-Armageddon.
As a consequence, books on the broad subject of cyberwar have been, universally, crap. And the reason is simple: Publishers would not stomach critical examinations.
Blunden writes about this as it impacted the publication of Behold a Pale Farce:
While I’ve read about many of the filtering mechanisms of the propaganda model and witnessed its operation from afar, I never thought that I’d encounter them directly. This changed in late 2011 when out of the blue, I received an e-mail from a senior editor at a well-known technical publisher … Having viewed my slides on cyberwar from SFSU’s National Cybersecurity Awareness Event the editor wanted to know if I was interested in authoring a book on the topic. Shortly after … I signed a contract and feverishly began the process of putting material together.
Four or five months later the editor ominously summoned your author and co-author to his office for a meeting. He announced that both he and the founder of the publishing house were very concerned about the tone of the book. The editor complained at length about the potential hazards of push back, particularly with regard to the coverage of former Director of National Intelligence Mike McConnell. I was sending a message that would directly challenge the narrative being spread by powerful interests … He also protested rather loudly that there were some things he couldn’t sell.
This is true. How do I know?
Full disclosure: Blunden and Cheung used me as a reference to their publisher. And I was subsequently contacted by them for my opinion on the potential for it.
I told the publisher exactly what I’ve said many times previously. To reiterate, cyberwar books have, generally but fairly speaking, all been rubbish, exercises in threat inflation and hyperbole for the sake of titillation, reputation and the pushing of the accepted national security narrative. Another way of putting it: They’re p.r. servanting for the benefit of those on the receiving end of always increasing spending on cyberwar offense, cyberspying and aggressive militarized surveillance of the internet.
At one point I was informed via company e-mail about how one publisher wished to send an early copy of the book off to an employee of Science Applications International Corporation.
This was laughable, no way to do a book of any kind.
Science Applications (or SAIC, for short) is a very large and very secretive Pentagon contractor. Everywhere you find the US military or American spying agencies, you find SAIC.
However, one thing SAIC is not known for is book writing and editing. In fact, suggesting SAIC as an arbiter of a book such as Pale Farce was a smoke signal that a publisher wished it buried in a deep hole.
Now let’s return again to 2010 and the character, Mike McConnell, former Director of National Intelligence and VP at Booz Allen Hamilton.
Why do I call him a character? Because that’s what he was and is, a kind of slippery fellow who was central to shaping public and policy-maker views on cyberwar. I’ll get to him a bit more further in.
Between 2009 and 2010 I tabulated the names of people and company hyping cyberwar in the mainstream press as well as the number of times they appeared.
Here’s the table:
1. Alan Paller, SANS — 84
2. McAfee — 80
3. James Lewis, CSIS — 47
4. Booz Allen Hamilton — 38
5. Symantec — 31
6. Mike McConnell, Booz Allen — 25
7. Paul Kurtz, Good Harbor — 11
8. Richard Clarke, Good Harbor 4
In terms of security vendor businesses, the list condenses to a small number of players controlling the debate all through 2009: SANS, McAfee, and Booz Allen Hamilton, the latter which jumps to number three on the list with 63 hits in major stories if you add McConnell’s total.
In 2010, McConnell was not only on 60 Minutes selling the nation’s near catastrophic vulnerability to cyberwar, but also in the opinion pages of The Washington Post.
Here’s McConnell’s now infamous lead-in paragraph:
The United States is fighting a cyber-war today, and we are losing. It’s that simple. As the most wired nation on Earth, we offer the most targets of significance, yet our cyber-defenses are woefully lacking.
By June of that year McConnell, along with Jonathan Zittrain of Harvard, had been invited to a well-publicized debate over whether or not the threat of cyberwar had been exaggerated. Marc Rotenberg and Bruce Schneier were on the opposite, or affirmative side, that it was.
The debate was an (ahem) farce. McConnell and Zittrain were declared the winners by a substantial margin of audience vote. The threat of cyberwar was not exaggerated. It was a triumph for obeisance to argument from authority.
Here’s a bit from the transcript, a part in which Schneier mentions
McConnell’s Post piece (he’s being a bit sarcastic):
So we’re here today to debate the motion that the threat of cyberwar is grossly exaggerated. And … in preparing, read a book full of articles and have some choice quotes. Mike McConnell said in an op-ed in the Washington Post in February of this year that the United States is fighting a cyberwar today and we’re losing. So, cyberwar is going on right now in our country.
The McConnell quote was accurate and the audience laughed.
But here’s Mike McConnell, cyberwar exaggerator but very important person in the national security megaplex, a few minutes later:
When Bruce spoke at the beginning he said, “Mike McConnell said the US is fighting a cyberwar today, and we are losing.” That’s not in fact exactly what I said. Wat I said is if we were in a cyberwar, we would lose. And I was making that statement somewhat metaphorically.
McConnell’s lead paragraph in the Post, published just a few months earlier, again as a matter of fact was not a metaphor. It was quite succinct.
But you can’t win a debate where one of the parties simply denies an accurate quote and gets audience points by insisting he said quite some other thing.
And that was state of the narrative in cyberwar. The press died on the subject. Michael McConnell’s threat exaggeration was what always carried the day.
What’s changed? What makes Blunden and Cheung’s Behold a Pale Farce the right book at just the right time?
Edward Snowden came along. Paradoxically, Snowden was employed by Mike McConnell and Booz Allen as a contractor for the National Security Agency during the big expansion of the American cyberwar machine that took place during the years of cyberwar hype.
Since Snowden, Mike McConnell has gone silent.
Behold a Pale Farce is a book not just of computer security vulnerabilities, misdeeds and astonishing exploits, but one also of the strategic national security industry environment in which they transpired.
It is a study in the US government’s and arms contractors’ employment of propaganda on the alleged threat of cyberwar until there was no longer a debate on the subject. The press became willing stenographers to power. And the power resided in the agencies and private sector businesses that built the American cybermilitary and cyberspying infrastructure, what Blunden and Cheung call “the Deep State.” The result: Total escape from oversight. Until Edward Snowden. Sort of.
Last week, two Pulitzers were handed out, one to the Washington Post and one to The Guardian, in the United Kingdom, for journalism deemed to be a great public service, a consequence of the Snowden papers liberated from the National Security Agency.
I say the Snowden affair and the steady release of NSA documents brought real change. But only “sort of” for Americans domestically.
Internationally, Snowden’s materials utterly demolished the US national security propaganda campaign on China’s much publicized cyber-stealing of the America’s economic future.
A week or so ago, for the New York Times, an Obama administration official, anonymously, was compelled to admit we no longer had any moral standing to argue from the high ground about it.
Michael McConnell is gone from newspapers. At some point he was probably made to squirm while answering now classified questions about his firm’s hiring and screening process for Edward Snowden.
Internationally, the electronic Pearl Harbor meme has been made absurd. You can’t scream someone is planning to cyber- sneak attack the country when you’re caught sneaking into everyone else’s networks for spying (this was always obvious, of course, we’re going to spy, everyone else does it!) and the writing and dissemination of software boobytraps.
Domestically, it’s been another story. Despite disturbed noises in Congress and from the White House, there’s been no change. There has been only theater, purely for public consumption.
Up until his retirement you could still find National Security Agency director Keith Alexander publicly dissembling and complaining that something needed to be done about Edward Snowden. Didn’t you know, as 60 Minutes told us, that the NSA was saving us from the Somali pirates with people who could solve Rubik’s cube puzzles in under a minute?
The authors of Pale Farce frame the span of manipulations well, using Edward Herman and Noam Chomsky’s 1988 analysis, Manufacturing Consent: The Political Economy of the Mass Media as a guidepost. Orwell, on the perversion of language, comes in for a few mentions, too.
The authors point out, correctly, there’s nothing new in what’s happened. The power of money, political access and propaganda were used as they always have been, to subvert reasoned control and democratic values.
What’s one of the more alarming results? The sad realization that the US has helped create and accelerate a cyber-arms race, a lucrative global and national market where our arms manufacturers are now happily engaged in producing software to destroy the privacy and civil liberties of ordinary citizens.
In addition, Farce provides a nicely detailed and richly footnoted chronology of most of the globally and nationally significant computer security failures and scandals of the past decade. These are woven into broad tapestries, discussions on global computer crime and the constant and inherent vulnerability and error — via people, software and hardware — in the networked world.
Summing up, if you’re interested in a book on cyberwar, Blunden and Cheung’s is the one to read. And it is perfectly timed.
Unlike the rest of our so-called “books” on cyberwar (take this best-selling example), Behold a Pale Farce: Cyberwar, Threat Inflation & the Malware Industrial Complex, won’t badly date if another Edward Snowden comes along. It is a true chronicle, a slice, of our technological history.
There’s also one last reason to get it. Another full disclosure [1]: I’m in it. Some of my best lines, too.
[1]. Example:
“Nobody in the great mass that is not the 1 percent or in the service of the same cares about attacks on the American financial system. They do, on the other hand, wish our financial system would stop attacking them.” — GS, page 224
Permalink
04.12.14
Posted in Culture of Lickspittle, Cyberterrorism at 12:55 pm by George Smith
Ex-NSA chief Keith Alexander, a man in the mold of E. Howard Hunt.
From Politifact, via this blog, a week or so ago:
During his 2008 presidential campaign, Barack Obama promised to “ensure that his administration develops a Cyber Security Strategy that ensures that we have the ability to identify our attackers and a plan for how to respond that will be measured but effective.???
In the year since our last ruling, the attention devoted to cybersecurity has only increased, partly due to well-publicized breaches of customer data but especially from revelations about National Security Agency surveillance of electronic and telephone traffic.
On Feb. 12, 2013, Obama signed an executive order on “Improving Critical Infrastructure Cybersecurity,??? which called for the implementation of a cybersecurity framework launched one year later …
“On one hand, we had the Obama administration working for development of increased cybersecurity through its ‘framework’ initiative,??? said George Smith, a senior fellow at GlobalSecurity.org. On the other hand, Smith said, the administration was “allowing the NSA to aggressively pursue initiatives that destroy the security and trust in global as well as domestic networks.???
In building the biggest cyberwar machine in the world under the leadership of NSA chief Keith Alexander, the United States government put itself squarely in an untenable and amoral position when it comes to computer security on the global networks.
While outwardly working the media on the need to strengthen national and private sector computer security, using the language of dire predictions and apocalyptic scenarios, behind the scenes its offensive cyberwar and spying operations were actively working to make networks untrustworthy.
The Edward Snowden affair exposed the hypocrisy in all its embarrassing detail.
Prior to Snowden, one could find Keith Alexander making speeches on computer security on how his agency wanted to protect the country by forming an active layer of defense between the national cyber-infrastructure and all putative threats.
With the news of the Heartbleed vulnerability this week, and a Bloomberg story which asserted the NSA knew of the bug for two years, the country is shown just precisely how untrustworthy and predatory the agency was under Keith Alexander.
From Bloomberg, yesterday:
The NSA has faced nine months of withering criticism for the breadth of its spying, documented in a rolling series of leaks from Snowden, who was a former agency contractor.
The revelations have created a clearer picture of the two roles, sometimes contradictory, played by the U.S.’s largest spy agency…
Ordinary Internet users are ill-served by the arrangement because serious flaws are not fixed, exposing their data to domestic and international spy organizations and criminals, said John Pescatore, director of emerging security trends at the SANS Institute …
“It flies in the face of the agency’s comments that defense comes first,??? said Jason Healey, a former Air Force cyber officer told Bloomberg. “They are going to be completely shredded by the computer security community for this.???
Unfortunately, this isn’t new. Computer security experts not connected to the US government warned that in creating a global black market in which the agency bought analyses of network and computer vulnerabilities for use in its offensive cyberwar and spying operations, America was conducting operations that could in no way be reconciled with its oft-stated public position of being for strengthening computer security.
In this, the US has made itself the exceptional nation. And not in any good way.
To illustrate, from the New York Times, a couple weeks ago:
In the months before Defense Secretary Chuck Hagel’s arrival in Beijing on Monday, the Obama administration quietly held an extraordinary briefing for the Chinese military leadership on a subject officials have rarely discussed in public: the Pentagon’s emerging doctrine for defending against cyberattacks against the United States — and for using its cybertechnology against adversaries, including the Chinese.
The idea was to allay Chinese concerns about plans to more than triple the number of American cyberwarriors to 6,000 by the end of 2016 …
But the hope was to prompt the Chinese to give Washington a similar briefing about the many People’s Liberation Army units that are believed to be behind the escalating attacks on American corporations and government networks.
So far, the Chinese have not reciprocated …
The Pentagon plans to spend $26 billion on cybertechnology over the next five years — much of it for defense of the military’s networks, but billions for developing offensive weapons …
Moreover, disclosures about America’s own focus on cyberweaponry — including American-led attacks on Iran’s nuclear infrastructure and National Security Agency documents revealed in the trove taken by Edward J. Snowden, the former agency contractor — detail the degree to which the United States has engaged in what the intelligence world calls “cyberexploitation??? of targets in China …
“We clearly don’t occupy the moral high ground that we once thought we did,??? said one senior administration official.
Which is something of an understatement.
What, then, is Keith Alexander’s legacy?
Nothing good. I thought about it for a bit and one name that comes to mind is E. Howard Hunt, a career CIA officer and, later — more famously, one of the Nixon White House “plumbers” who ran the Watergate burglary and other clandestine operations for that administration.
Hunt strongly thought he was always serving his country. Before he was put away for almost three years for crimes connected to Watergate he stood before the Senate in 1973, wounded and distraught:
“I am crushed by the failure of my government to protect me and my family as in the past it has always done for its clandestine agents. I cannot escape feeling that the country I have served for my entire life and which directed me to carry out the Watergate entry is punishing me for doing the very things it trained and directed me to do.”
New York Times journalist Tim Weiner described Hunt with a proper degree of superciliousness in a review of his biography, AMERICAN SPY: My Secret History in the CIA, Watergate, and Beyond, published posthumously:
Hunt wanted to believe he fit the popular image of the C.I.A.’s founders — the American aristocrats, the tough young veterans of the last good war, the daring amateurs who set out to save the world.
Hunt, it turned out, was among the worst of them. He was a liar, a thief and a con man — all admirable qualities for C.I.A. officers who served overseas during the cold war, aspiring to the British definition of a diplomat: a gentleman who lies for his country abroad. Fine when Hunt was station chief in Uruguay. Dangerous when put to work in Washington.
Hunt closes by arguing that “the C.I.A. needs to clandestinely produce television programs, movies and electronic games??? to recruit talented young Americans, citing Fox’s “24??? as a model. Great idea — get me Rupert Murdoch! He wants “the PlayStation generation??? to revive “the principals [sic] and ideals??? — sigh — of the C.I.A.’s founding fathers, to go “back to the heart and souls of the ‘daring amateurs.’ ???
This comes from the man who helped bungle both the Bay of Pigs and the Watergate break-in. It is not sound counsel.
‘[Hunt] drew no distinction between orchestrating a black-bag job at a foreign embassy in Mexico City and wiretapping the Democratic National Committee’s headquarters at the Watergate complex,” wrote Weiner in his obituary for the New York Times.
Does anything sound familiar?
Keith Alexander is not E. Howard Hunt. He did not botch the Bay of Pigs operation or help overthrow a foreign government, as Hunt did to Jacobo Arbenz, the elected president of Guatemala in 1954.
Today, however, Alexander is more powerful. Alexander also never has to worry about suffering the fate of E. Howard Hunt.
There won’t be any serious Senate investigations and no chance at criminal exposure. Mostly, because that’s not how our country works anymore.
“I think it’s wrong that — that newspaper reporters have all these documents, 50,000 or whatever they have and are selling them and giving them out as if these — you know, it just doesn’t make sense. We ought to come up with a way of stopping it. I don’t know how to do that. That’s more of the courts and the policy-makers. But from my perspective, it’s wrong, and to allow this to go on is wrong.” — Keith Alexander, 2013
The above quote is taken from Bill Blunden and Violet Cheung’s Behold a Pale Farce: Cyberwar, Threat Inflation & the Malware Industrial Complex.
It is the first book on the subject of cyberwar that I will be able to highly recommend. And that spans around fifteen years of them.
The reason for this, the short one, anyway, is that all books published in America on cyberwar have been total crap, works of mostly mislabeled fiction.
This is quite easy to see, today, doubly so in light of the past year.
Behold a Pale Farce is not crap. It is a carefully researched reality-based examination of the subject and a review of it will post tomorrow or Monday.
Permalink
03.29.14
Posted in Culture of Lickspittle, Cyberterrorism at 12:50 pm by George Smith
This kind of motivation was a far cry from the old hacker pseudo-ethic, “Information wants to be free.” It was true that contemporary hackers tended to repeat this slogan over and over in their underground manuals. But in practice, it was little more than a convenient euphemism, eyewash that obscured the underlying bedrock of hacker belief, which was: “Your information is mine for free. But everything I can grab is secret unless you have something I want which can’t be free-loaded, stolen or found somewhere else.” — The Virus Creation Labs, 1994
Yesterday I was interviewed by a television producer/journalist in the process of making a documentary on the old computer underground of computer virus writing and spreading. It’s going to be for television content made for showing on Xboxes.
At the beginning she mentioned she’d read my book, The Virus Creation Labs, many years ago. She added she’d found an on-line copy, pirated in its entirety to the web and sent the link.
Sure enough, The Virus Creation Labs, now on its 20-year anniversary, is on the web, and obviously not in my domain.
I mentioned the lead box-quote and added I didn’t think much had changed.
In fact, although not as explicitly put, that quote is one of the central tenets of our Culture of Lickspittle. In fact, it’s now practiced in a more corporate, predatory and all-encompassing manner.
The ideology is one of the foundations of disruptive innovation and the so-called sharing economy, one in which the holders of the internet gateways and services get all the share and everyone else gets shit.
In 1994 there was very little money to be made writing malware and selling computer viruses. Today there’s good money to be had, through organized and spot crime and, better still, in the secret warrens of Uncle Sam’s offensive cyberwar operations.
I told the lady I believed you would find the same mentality in America’s professional computer virus-writers and malware bushwhackers as you found in the teenagers, twenty and thirty somethings of the virus underground in 1994.
Back then, they thought they were collectively hot stuff as I’m sure they do at the National Security Agency today.
Not really.
Consider them at length and what they do and after some thought you arrive at the conclusion they must be a professionally mute and unimaginative bunch willing to be anonymously rapacious for a steady job, not even unique. The novelty was gone a decade or more ago.
Write malware for fix or six figures a year. Get a check from the government or the defense contractor providing employees for the operation. Perhaps some of the new malware men and women are so deluded they even think they’re defending freedom with the sharp cutting edges of technology and brain power.
Which is an even worse, as far as warped thinking goes, than the “information wants to be free” thing from decades ago.
I laughed when I told the producer that malware programmers had gone from being part of the shunned computer underground to people recruited by the likes of Keith Alexander of the NSA at hacker conventions.
So they could get a straight job being corporate stooges in the national security megaplex creating untrustworthy networks for, wait for it, freedom and the American way!
After two decades the technology is a light year away from 1994. But not a lot else has changed.
Looking at the big picture, many things have repeated themselves, only globally and in tidal wave volumes. At the root of it, though, the people, the wetware, are much the same. And not nearly as smart as their press would lead one to believe.
My old publisher, Mark Ludwig, as written previously, is dead. He ran off to Central America, specifically Belize, before 2000, convinced the country was eventually going to collapse.
Even in Central America he wasn’t satisfied, apparently switching allegiances between Belize, Nicaragua and back. This post, from nine years ago in Nicaragua, does not paint a particularly flattering picture. (Page down for the pertinent section.)
If my memory remains good, the last royalty check/statement from The Virus Creation Labs came in 1998.
On the web, The Virus Creation Labs is now alleged to be “owned” by something called Geodesies Publishing. My ass.
The tv producer told me how much she liked the book and that someone ought to be interested in a redo.
I laughed again. Mark Ludwig and American Eagle weren’t the right place for it, something that’s now more a matter of amusement than regret.
The audience for American Eagle’s books weren’t readers, at least not in the sense of a reader who would like what I do.
No one bought Ludwig’s books of computer viruses for some quality as a good read or because they liked them. Much of American Eagle’s “readership” was professionally captive, companies and individuals in the computer virus industry and PC security work who felt they had to have them, if only to be able to analyze the malware for countermeasures, if necessary.
From the old post on the black books of computer viruses:
You need a sense of humor to get what I did. Publishing black books on computer viruses was mostly for a totally humorless audience.
You also needed to be more human.
For me, having
The Virus Creation Labs pirated is like someone stealing the private small stone or pebble memorial to a long gone but once-loved pet out of your back garden, something that meant something to you but not much, if anything at all, to anyone else. Just because it was possible, rationalized as providing a public service, the furnishing of an educational resource on the original computer underground. (You remember the hogwash from the early days of Napster and music freetardism: The creators would benefit from gaining exposure to a new and appreciative audience they didn’t have and their boats would be lifted thereby.)
You also notice when such things are done, as it is done to many others, too, while someone always goes to the trouble of getting all the details to the last jot and tittle correctly rendered to the web, the liberated-by-technology digital goodies never include backlinks to their creators.
Thank you, innovation. Thank you, progress. Thank you, internet.
Permalink
« Previous Page — « Previous entries « Previous Page · Next Page » Next entries » — Next Page »