Showing posts with label cyber warfare. Show all posts
Showing posts with label cyber warfare. Show all posts

18 August 2016

Cyberspace, Cyberpunks, Cyberwar


Leigh Lundin has, for some time now, been scaring the pants off of us with regard to all the hazards of cyberspace, like RansomWare - (Thanks, big guy!  And tell Velda to pour me another drink...)  And God knows that cybercriminals and hackers are out there, doing all kinds of nasty things.  (Go, right now, and change all your passwords to something elaborate and unbreakable, preferably in Mongolian.)
NOTE:  A big shout-out to our local university, Dakota State University (http://dsu.edu/), which trains people in "ethical hacking", cybersecurity, cyber operations, etc.  Training the good guys (I hope) to tackle future cybercriminals around the world!
But there's another problem with cyberspace, and that is that it's an open platform for anyone at any time.

Look, we are having our hearts broken, over and over again, by terrorist acts.  Bastille Day saw the terrorist act in Nice, France, a beautiful city that I remember with especial fondness because it was the highlight of my last European trip.

Nice, France - Michaelphillipr, Wikimedia
Anyway, a true rat bastard got into a rented refrigerator truck, plowed into a crowd on Bastille Day, killing 84 people and injuring at least 50 others.  He died in a gunfight with the police.  While he had a history of petty theft, "he is completely unknown by intelligence services, both at the national and local levels,” Paris Prosecutor Molins said. “He has never been in any database or been flagged for radicalization.”  Now here's the nub of it:  "Although neither the Islamic State or Al Qaeda asserted any role, online accounts associated with the groups welcomed the massacre."  Source:  (NYT)


Vladimir Putin,
the day after the attack
I'll bet they did.  Why not?  Made them feel important, like they'd nabbed another one for their cause, whether they did or not, and it helped add to the general sense of terror and frustration.  And every time ISIS or Al Qaeda claim credit for something, politicians worldwide scream for action, action, action, NOW!

But what kind of action?  Do something violent to take out ISIS and the threat of radical Islamic terrorism - like pave Syria?  Ban all Muslims from here or there or anywhere?  Patrol Muslim neighborhoods at home and abroad?  Etc.  Now we could do all these things.  And more.  But it won't stop the problem.

Because the real problem is that jihad (like every other kind of extremism) is now on the internet. From Facebook to Twitter to the Dark Web, there are all sorts of slick, persuasive sites proselytizing (among other things) jihad.  And these sites are telling people - mostly young men - all across the globe that they can make a difference, that they can save the world, that they can make everyone honor and respect them and kiss their feet and fannies.  And they can have revenge upon a world that has never given them the respect or money or women or lifestyle they think they deserve.  All they need is a gun, a truck, a car, a bomb, a lot of guns, some cohorts, any combination - just go out there and kill a lot of people for the cause.  And, if they die in the process, they go to heaven and the 72 virgins while, back on earth, their deeds and their names will be splashed all across the international news media, and everyone will be terrified and horror struck and wounded by what they did, because they are so powerful and important.  At last.

That's what we're really up against.  Not some 40,000 "fighters" trying to hang on to their caliphate of bloody sand in Syria.  If that was all there was to it, the solution would be relatively simple.  But we're up against an idea, metastasizing across the internet, and gobbling up people's minds and lives in cyberspace.  And what do you do about that?

NOTE:  The average person now spends 8 hours and 41 minutes per day online.  (See here.) 

Visualization of Internet routing paths
Visualization of Internet Routing Paths
by the Opte Project, Wikipedia
Let's face facts, the internet is the current Tower of Babel - we have created a virtual world that allows constant extremist views to be spread and taught worldwide, without any central supervision, rules, or policing.  From jihad to neo-Nazis and everything in between and beyond, there are sites for it, multiple sites, that are all free of charge and available 24/7 to any lonely person who doesn't have anything better to do.  Nobody's in charge of the internet.  Nobody's policing the internet - or not enough.  There are no rules on the internet. You can say anything on the internet and get away with it.  (Everyone who's been flamed, raise your hand!  Don't worry, they can't see you - which is the exact logic of the flamer...) You can show anything on the internet and get away with it.  You can promote anything - from suicide to to bullying to treason to beheading - on the internet and get away with it.  And everyone is so locked away in their own virtual world of sites, friends and likes that they don't have any idea that there are all these other sites, spreading and spewing all these other views, and people are just as dedicated to "theirs" as "we" are to "ours."

NOTE:  The average person now spends 8 hours and 41 minutes per day online.  (See here.) 

The most harmless one
I could find for an example
- by Dimboukas, Wikipedia
Consider the sites you use.  The ones you go to because what they say "makes sense", or "they tell the truth".  Who's writing them?  Who's making all the memes that we are all trading around on-line?  Do you have any idea?  Is there any way to find out?  Do you care, as long as they're telling you what you want to hear?  Not to mention the implication that, by sharing their meme, YOU'RE an American Thinker, a FreeThinker, a TruthTeller, an Everlasting GOP Stopper, an American Voice of Reason, etc.  Except, when all we do is share the content someone else provides, we're just copycats, not thinking at all.  Clicking like, endlessly.  Agreeing, endlessly...

So what are we to do with all the sites - and the people behind them - who are using the internet to brainwash the world?  Ourselves included?  Who are fomenting hatred and bigotry, jihad and racism, murder and violence, death and war, war, war, all in the name of truth, whether religious or political? How do we stop this?  how do we change this? Because the war is in cyberspace, not on the ground. We want to stop "soft" terrorism?  Lone wolves, brothers, friends - influenced, radicalized, persuaded, perhaps even instructed in the privacy of their own bedrooms?

We're going to have to tackle cyberspace. BECAUSE THAT'S WHERE THE TERRORISTS (of all kinds) ARE BEING CREATED.
NOTE:  Don't even start about how parents need to keep an eye on what their kids are doing.  Remember your own childhood, even if it was cyber-free.  Parents have always been trying to keep an eye on their kids and failing miserably, because teenagers will not be led, driven, watched, or followed, and will do anything under the sun to keep their parents having any idea of what is going on in their locked world.  
(Re the Nice perpetrator, he is apparently no longer a "lone wolf", according to prosecutor Molins, who recently arrested 2 men for giving the perpetrator "logistical support", and said that the perpetrator had plotted the attack for months with "support and accomplices".  BUT, so far, all that support was done on line - via cell phones, computers, etc.)

The cyberworld is addictive and consuming enough even when it's harmless.  People can't get their eyes off their smartphone, even while "supervising" their children at the playground.  They fall off cliffs playing Pokemon Go.  They stay on Facebook even in their sleep.  They sleep with their smartphones.  And, in the process, they create their own cyberworlds.  And if you live in a cyberworld of hate and fear and menace, it really doesn't matter what the real life around you is.  You believe.  What's before your screen-stuck eyes.  And you act accordingly.

NOTE:  The average person now spends 8 hours and 41 minutes per day online.  (See here.) 

08 July 2015

Scattered Castles


There's been a lot of smoke and mirrors lately about the Chinese hacking into computer networks all over the place, and of course it isn't just the Chinese. Cyberattacks have become a lot more common. Anybody remember STUXNET, the virus that targeted the Iranian nuke R&D? Nobody's copped to it, but we can imagine it was probably a joint effort by the U.S. and the Israelis.
My own website was hacked by some Russian trolls. I don't know what the object was. Bank fraud, or Meet Hot Slavs?  It wouldn't be to use any of the actual information from my site, but to compromise the server pathways. FatCow, the server, hosts a buttload of websites, and once in the back door, you could cherry-pick all the caramels, and leave the liquid centers behind.

The point of the Chinese hacks is that they're not amateur or random, by and large, but directed by the Ministry of Defense, against specific hard targets. The big one, most recently (or at least most recently discovered), is the security breach of the Office of Personnel Management. I know this doesn't sound all that glamorous or hot-ticket - OPM is basically the U.S. government's Human Resources department, the central clearinghouse - but in fact it's a big deal. Best guess to date is that 18 million files have been penetrated, and that's a lowball figure. 

Here's what makes it important. OPM is responsible for security clearances, access to classified material. Back in the day, this was the FBI's job, but it's presently estimated that 5 million people, including both government employees and contractors, hold clearances, and the FBI's current staffing is 35,000. You do the math. The numbers are overwhelming. OPM, in turn, farms this out to FIS, the Federal Investigative Services, and the private sector.

But wait, there's more. The intelligence agencies, CIA, NSA, the National Reconnaissance Office (the spy satellite guys), have their own firewalled system, know as Scattered Castles. For whatever reason, budgetary constraints, too much backlog, or pressure from the Director of National Intelligence, the spook shops were instructed to merge their data with OPM's. So was the Defense Department. A certain amount of foot-dragging ensued, not just territory, either, but concerns about OPM's safeguards. In the end, they caved. Not to oversimplify, because the databases are in theory separate, but it created an information chain.

Suppose, and it's a big suppose, that Scattered Castles is accessible through the OPM gatekeeper. Nobody in the intelligence community, or OPM, or the FBI (which is the lead investigator of the OPM break), will go on the record one way or the other. Understandably, because they'd be giving whoever hacked OPM a further opportunity to exploit, if they haven't already. This is a case of locking the barn door after the horse is gone. The worst-case scenario is that active-duty covert agents could be exposed. And bear in mind, that when you're investigated for a security clearance, you give up a lot of sensitive personal data - divorce, bankruptcy, past drug use, your sexual preference - the list goes on. Which opens you up to blackmail, or pressure on your family. This is an enormous can of worms, the consequences yet to be addressed.

OPM uses a Web-based platform called eQip to submit background information. You might in all seriousness ask whether it's any more secure than Facebook. The issue here, long-run, isn't simply the hack, but the collective reactive posture. These guys are playing defense, not offense. The way to address this is to uncover your weaknesses before the other guy does, and identify the threat, not wait for it to happen. Take the fight to them. Otherwise we're sitting ducks.  

It's amazing to me that these people left us open to this, quite honestly. They don't go to the movies, their kids don't play video games, they're totally out to lunch? It ain't science fiction. It's the real world. Cyber warfare is in the here and now.

Heads are gonna roll, no question. OPM's director is for the high jump, and her senior management is probably going to walk the plank, too. This doesn't fix it. What needs fixing is the mindset. We're looking at inertia, plain and simple, a body at rest. We need to own some momentum. 


http://www.DavidEdgerleyGates.com/