Every new technology is disruptive and many of those in the past bear an uncanny resemblance in their effects to those of today. Each has been heralded as providing the means for everlasting peace. Moveable type democratized book production making reading almost a required skill yet contributed to religious upheaval. The telegraph and then the telephone made communication virtually instantaneous and while they brought people closer together provided the means for generals to control their troops from afar. Radio gave FDR the means to go around the newspapers who had pushed back against his third and fourth terms. His fireside chats reduced his message to just short bursts of ten-minute talks (tweets of the day, if you will) while Goebbels noted that the rise of Nazism would never have been possible without radio. Television forced politicians to change their habits and locked in the public to news as entertainment. It ended the Vietnam War by bringing battle scenes into living rooms. The Internet, still in its infancy really, is equally disruptive by changing the way we link to one another.
Twitter, live streaming, and blogging have become essential parts of the distribution of information, both real and fake. Virtually everyone has a smart-phone which even radically alters the battlefield. The Russians used the geo-location transmissions of Ukrainian soldiers cellphones to zero in their artillery on those troops during that brief war.
Cyber warfare includes more than just hacking a network. It's possible to cause damage by hacking information as well. Singer and Brooking cite the seesaw battle for Mosul in Iraq as just one example. ISIS used Twitter, Youtube, and Facebook to manipulate likes and the streams to promote their own POV. By manipulating images, followers, and hash-tags they were successful in winning converts and battles. The U.S. and Iraqi armies were totally unprepared for this propaganda warfare, but they learned fast, and the #freemosul tag soon appeared countering the ISIS streams with those more favorable to U.S. actions. Just as Amazon has disrupted commerce, so had social media disrupted warfare and politics.
Terrorists now show their work on-line. They use Twitter routinely. Russia tries to destabilize democracies by fomenting distrust of civil institutions with fake material. The result is that war, tech, and politics have blurred into a new kind of battleground that plays out on our smart-phones. Singer and Brooking, using a combination of stories and research, lay out the problems facing us with new ways of conducting warfare. But it works both ways. Those Russian soldiers who shot down MH17 were identified through painstaking crowd sourcing work on-line by tracking soldier's emails, tire treads, registration numbers, all sorts of clues that were found on-line. Their work for the Dutch Investigation team was hacked by Russian hackers attempting to hide the Russian involvement.
Propaganda can now go viral. Fake stories are re-tweeted by confederates whose followers often unwittingly re-tweet the false information and soon millions have received precisely the message intended by the original poster who may be a governmental entity seeking to destabilize an adversary. The audience is huge as is the volume. Around 3.4 billion people have access to the Internet -- about half the world's population. Roughly 500 million tweets are sent each day and nearly seven hours of footage is uploaded on YouTube every second in 76 languages.
"No matter how outlandish these theories sound, they served their purpose successfully. 'The disinformation campaign [around the flight] shows how initially successful propaganda can be. . . . Obviously the ...lies were eventually debunked, but by then their narrative had been fixed in many people's minds.' That is the overarching goal of information hackers: 'The more doubt you can sow in people's minds about all information, the more you will weaken their propensity to recognize the truth.'"
Trump was one of the first to recognize the power of Twitter. Following his massive bankruptcy and declining interest in the Apprentice TV show, Trump began to tweet thousands of messages, bombarding the twitter-sphere with provocative, false, and often incendiary tweets. Soon his financial peccadilloes were forgotten, obliterated by his Twitter-storm. His infamy rose, but he didn't care as he valued the attention more than anything. It's a lesson he has never forgotten. As Alexander Nix, CEO of Cambridge Analytica, said, "it matters less that what you say is true, only that it be believed."
The recent video of Nancy Pelosi appearing to be drunk and the Trump's attempt to doctor the CNN video showing that Acosta had inappropriately touched a white House intern are just a couple examples of internal use of social media to influence popular thought.
Lifewire.com, a technology website based in New York, defines an Internet troll as a modern version of the same mythical character. They hide behind their computer screens and go out of their way to cause trouble on the Internet. Like its mythical predecessor, an Internet troll is both angry and disruptive - often for no real reason. The effects can be completely out of proportion to their size.
The question remains what should governments do, if anything, to shut down trolls. In some cases they are freedom fighters trying to rally against a corrupt government. Would it be better to simply keep the Internet as open as possible? Satire, parody, misleading content, impostor content, fabricated content and manipulated content all need to be seen separately from each other and dealt with accordingly. How is that to be accomplished? Who will control it?
The "Like" phenomenon is an important part of the campaign. The more "likes" a piece of news or comment gets on a news or social site, the more likely it is to be believed. People are more likely to believe a headline if they have seen a similar one before. “It didn't even matter if the story was preceded by a warning that it might be fake,” the authors write. “What counted most was familiarity. The more often you hear a claim, the less likely you are to assess it critically.” That's what irritates me about the media's obsession with Trump's Tweets. By repeating them incessantly and parsing them repeatedly, they are validated. That, to some extent, was the genius of the Russian interference in the last election. You don't need sophisticated hackers to implement it either, just a bunch of people promoting a certain meme or thought until it becomes a tsunami overwhelming any other rational discussion; it becomes "the truth." Slick videos, click bait, and viral mimes become the new weapons in undermining democracy effectively grounding billion dollar fighter jets which then become obsolete as the war has already been lost.
As an aside, I remember listening to a commentator who suggested that the Phil Donahue show started the descent into irrationality. He was the first to invite callers on the show live to express their opinion. Soon all the shows were doing it. Callers became the experts and soon everyone was his own expert bypassing the value of people who had actually studied an issue. A bit simplistic perhaps, but there may be a grain of truth there.
Fascinating book.
Sunday, August 25, 2019
Sunday, August 11, 2019
Review: Cult of the Dead Cow by Joseph Menn
Cult of the Dead Cow is the facetious name of an early group of hackers (white hat) that began as a computer bulletin board (BBS). Consisting originally of bored but talented teenagers who enjoyed reverse engineering phone systems and early computer software, they evolved into "hactivists" (hackers with a mission), many of whom went on the become influential and and important members of the establishment.
Menn follows the individual careers of cDc members who initially focused on security flaws in Windows. They were completely apolitical but then morphed into " human rights activists and internet freedom advocates, eventually becoming security advisers for powerful institutions.
The hackers all started out delighting in discovering security holes in early Windows software but were dismayed by the reaction of the software giant when these holes were pointed out to them. The reaction was a large ho-hum. suggesting that and if you wanted to have a secure system, "go buy Windows NT. That's an irony since no one "buys" software, you buy a license which immunizes the software developer from accountability and permits them to see access to a product that's defective.
Their dismay is illustrated by this anecdote. The cDc had created a program that revealed the flaws in Windows but it was also a tool that could be used for less than savory purposes. They released it free to everyone as open source so others could revise and manipulate it. The establishment wasn't sure what to make of it. The FBI, while trying to discourage its release decided it didn't violate any existing laws. The anti-virus business was not pleased as it also showed how weak their software was, but many security professionals decided it was a necessary evil if for no other reason than to force Microsoft to fix their security holes. “Microsoft is evil because they sell crap.” One of the cDc members took a copy of the program on a CD to a Microsoft higher-up. He said thanks and was about to insert it into his CD-ROM drive when she, horror-stricken, asked if his computer was networked. It was. She then asked if it was sand-boxed (programs loaded were quarantined until proven safe.) No, was the response, to which she, shocked, pointed out to him that he was just about to load a program from someone he didn't know, a self-identified hacker, into a computer that was not sand-boxed and connected to his entire network and therefore completely vulnerable. That was their state of mind.
Eventually, major businesses realized how important these hackers were and many moved on to become security professionals. As their prominence grew so did the counterculture environment of the early movement begin to fade and they became more political especially after the Chinese student movement was squashed. They began to create software intended for use by dissidents and other cultural reformers, anyone anti-authoritarian.
Under Obama, through Hillary Clinton’s State Department, the hacktivism championed by Brown and the cDc to help with dissident subversion of foreign governments would become American foreign policy, part of a program informally known as “internet in a box.” While generally laudatory, Menn doesn't like all of them. Julian Assange and Jake Applebaum of Wikileaks and the TOR project are not portrayed sympathetically, "draping themselves in morality while serving other causes.” Assange was known for his sexual straying and his current behavior certainly distracts from the more positive aspects of Wikileaks.
Menn is also not afraid to criticism the industry proposing that cybersecurity problems today are at least partly the result of terrible business and engineering decisions made decades ago. These decisions caused problems that still exist. Whether the movement of the hacktivists into the world of corporate and individual greed will be able to remedy some of those structural problems without becoming part of the problem themselves remains to be seen.
To some extent it's the old story: countercultural anti-authoritarian types find success and join the corporate elites. How many Vietnam's most vocal protesters went on to become a prominent part of the culture they had so despised? Beto O'Rourke, one of the early cDc members is now running for President and another is security chief for Facebook! How well did that go...
Great read.
Cult of the Dead Cow is the facetious name of an early group of hackers (white hat) that began as a computer bulletin board (BBS). Consisting originally of bored but talented teenagers who enjoyed reverse engineering phone systems and early computer software, they evolved into "hactivists" (hackers with a mission), many of whom went on the become influential and and important members of the establishment.
Menn follows the individual careers of cDc members who initially focused on security flaws in Windows. They were completely apolitical but then morphed into " human rights activists and internet freedom advocates, eventually becoming security advisers for powerful institutions.
The hackers all started out delighting in discovering security holes in early Windows software but were dismayed by the reaction of the software giant when these holes were pointed out to them. The reaction was a large ho-hum. suggesting that and if you wanted to have a secure system, "go buy Windows NT. That's an irony since no one "buys" software, you buy a license which immunizes the software developer from accountability and permits them to see access to a product that's defective.
Their dismay is illustrated by this anecdote. The cDc had created a program that revealed the flaws in Windows but it was also a tool that could be used for less than savory purposes. They released it free to everyone as open source so others could revise and manipulate it. The establishment wasn't sure what to make of it. The FBI, while trying to discourage its release decided it didn't violate any existing laws. The anti-virus business was not pleased as it also showed how weak their software was, but many security professionals decided it was a necessary evil if for no other reason than to force Microsoft to fix their security holes. “Microsoft is evil because they sell crap.” One of the cDc members took a copy of the program on a CD to a Microsoft higher-up. He said thanks and was about to insert it into his CD-ROM drive when she, horror-stricken, asked if his computer was networked. It was. She then asked if it was sand-boxed (programs loaded were quarantined until proven safe.) No, was the response, to which she, shocked, pointed out to him that he was just about to load a program from someone he didn't know, a self-identified hacker, into a computer that was not sand-boxed and connected to his entire network and therefore completely vulnerable. That was their state of mind.
Eventually, major businesses realized how important these hackers were and many moved on to become security professionals. As their prominence grew so did the counterculture environment of the early movement begin to fade and they became more political especially after the Chinese student movement was squashed. They began to create software intended for use by dissidents and other cultural reformers, anyone anti-authoritarian.
Under Obama, through Hillary Clinton’s State Department, the hacktivism championed by Brown and the cDc to help with dissident subversion of foreign governments would become American foreign policy, part of a program informally known as “internet in a box.” While generally laudatory, Menn doesn't like all of them. Julian Assange and Jake Applebaum of Wikileaks and the TOR project are not portrayed sympathetically, "draping themselves in morality while serving other causes.” Assange was known for his sexual straying and his current behavior certainly distracts from the more positive aspects of Wikileaks.
Menn is also not afraid to criticism the industry proposing that cybersecurity problems today are at least partly the result of terrible business and engineering decisions made decades ago. These decisions caused problems that still exist. Whether the movement of the hacktivists into the world of corporate and individual greed will be able to remedy some of those structural problems without becoming part of the problem themselves remains to be seen.
To some extent it's the old story: countercultural anti-authoritarian types find success and join the corporate elites. How many Vietnam's most vocal protesters went on to become a prominent part of the culture they had so despised? Beto O'Rourke, one of the early cDc members is now running for President and another is security chief for Facebook! How well did that go...
Great read.
Tuesday, August 06, 2019
Time for a new deity?
Isn't it funny how many people fall back on the "thoughts and prayers" mantra after a tragedy. You'd think they would have learned by now that it's a meaningless gesture. Unless they are praying for more senseless violence, the prayers are definitely not working. Or, perhaps their God isn't listening, could care less, is evil, or isn't there. Perhaps it's time to switch gods. I understand Zeus and Apollo are soliciting new worshippers and they have a better track record.
https://safearound.com/Americas/United-States-of-America/
Given the catastrophic number of mass shootings in this country, one might not be too surprised if other countries might consider us a risky place to visit. Good thing we are ranked 51st out of 162 in safety and 114th in crime rate (out of 218).
I'm reassured for sure. Yikes.
I'm reassured for sure. Yikes.
Standing with the 2nd Amendment
I really don't understand those who want to suppress my right to have a weapon holding 200+ bullets. When going after a rabbit or squirrel it's terribly important to pre-masticate and tenderize the sucker and a volley of 50+ bullets is the only way. And look you shoot a deer with one bullet it might charge you and being a nervous nut, I need to stop that sucker in his tracks by turning it into a strainer.
Thursday, August 01, 2019
Review: Cybersecurity and Cyberwar: What Everyone Needs to Know by P.W. Singer and Allan Friedman
Singer and Friedman argue that cyber knowledge needs to be a requirement in schools. All the kids are now in cyberspace yet there is little formal education about the insecurity of simple passwords, the importance of OS updates, and problems inherent in social networking as a mechanism to reveal personal information. Most common password="password" and the 2nd most common is "123456". Common words are easily hack-able. One high level executive told his IT people he only wanted a one letter password, that he was too busy to be bothered to type in a long one. By the end of the day he had labelled himself to everyone in the corporation as a really stupid person and one who didn't care about security.
With complexity comes vulnerability. BMW had designed a high tech car and when authorities in Paris couldn't figure out why only a certain new model of BMW was being stolen they reviewed CCTV cameras and discovered how the thieves could hack into the car's software, unlock the doors, reprogram a blank key and just drive off, all in the pace of five minutes. Terrorists use social networking to get their word out and often with the unwilling connivance of the West. One terrorist cell was using a web hosting company located in Texas to promote their campaign. The hosting company had sixteen million web pages, had not seen the offending pages, and did nothing until someone happened to point out to them what they were doing.
Humans are often the weak link in the chain. In a famous "candy drop" attack, malevolent actors left flash drives around a military base. Sure enough, a soldier picked one up and inserted it in his machine to see what was on it. It took the Army 14 months to clean up the damage to all its machines. People will often just give out their passwords to official sounding individuals who may or may not be really who they say they are. In another example, some soldiers in Iraq took pictures inside their helicopters and posted them to a picture website. There was nothing classified in the pictures but each picture contained locational information in the meta-data and terrorist were able to destroy the helicopters in a mortar attack by knowing their exact location. Emails, pictures, virtually everything that moves on the Internet has meta-data attached to it and just a routine search of social sites can reveal all sorts of information about people they would rather not have known
Just defining what is or is not an attack can be problematic. The authors identify several types. What the response should be may depend on the severity or the result. Often even experts can't agree on what constitutes an attack. How about denial of service attacks. If it simply interferes with gamers ability to finish a game it's not as serious as preventing banks from interacting with their customers or delivering a utility. Is stealing someone's identity in a confidentiality attack just as serious as stealing the plans of a new fighter jet? In one war game sponsored by the U.S. the opposition team changed the shipping labels on shipments intended for troops and they received toilet paper instead of ammunition and MREs.
NSA surveillance practices have caused tension throughout the world. In one instance, the Dutch, were about to refuse any access to cloud services in the Netherlands to U.S. companies. Some foreign countries have now begun to institutionalize the Internet as a basic human right. Authoritarian regimes, on the other hand, see internet freedom as a threat to their governments. Censorship is seen as a tool for stability. In Thailand it's against the law to defame the monarch; in Britain it's a hobby. Cultural differences abound. Internet governance is still up for grabs.
A really interesting book, aimed at the informed layperson. The problem with books of such currency is that they really lack timelessness because of the speed with which the technology changes so the reader has to assume the possibilities have advanced far beyond what the author has explained.
With complexity comes vulnerability. BMW had designed a high tech car and when authorities in Paris couldn't figure out why only a certain new model of BMW was being stolen they reviewed CCTV cameras and discovered how the thieves could hack into the car's software, unlock the doors, reprogram a blank key and just drive off, all in the pace of five minutes. Terrorists use social networking to get their word out and often with the unwilling connivance of the West. One terrorist cell was using a web hosting company located in Texas to promote their campaign. The hosting company had sixteen million web pages, had not seen the offending pages, and did nothing until someone happened to point out to them what they were doing.
Humans are often the weak link in the chain. In a famous "candy drop" attack, malevolent actors left flash drives around a military base. Sure enough, a soldier picked one up and inserted it in his machine to see what was on it. It took the Army 14 months to clean up the damage to all its machines. People will often just give out their passwords to official sounding individuals who may or may not be really who they say they are. In another example, some soldiers in Iraq took pictures inside their helicopters and posted them to a picture website. There was nothing classified in the pictures but each picture contained locational information in the meta-data and terrorist were able to destroy the helicopters in a mortar attack by knowing their exact location. Emails, pictures, virtually everything that moves on the Internet has meta-data attached to it and just a routine search of social sites can reveal all sorts of information about people they would rather not have known
Just defining what is or is not an attack can be problematic. The authors identify several types. What the response should be may depend on the severity or the result. Often even experts can't agree on what constitutes an attack. How about denial of service attacks. If it simply interferes with gamers ability to finish a game it's not as serious as preventing banks from interacting with their customers or delivering a utility. Is stealing someone's identity in a confidentiality attack just as serious as stealing the plans of a new fighter jet? In one war game sponsored by the U.S. the opposition team changed the shipping labels on shipments intended for troops and they received toilet paper instead of ammunition and MREs.
NSA surveillance practices have caused tension throughout the world. In one instance, the Dutch, were about to refuse any access to cloud services in the Netherlands to U.S. companies. Some foreign countries have now begun to institutionalize the Internet as a basic human right. Authoritarian regimes, on the other hand, see internet freedom as a threat to their governments. Censorship is seen as a tool for stability. In Thailand it's against the law to defame the monarch; in Britain it's a hobby. Cultural differences abound. Internet governance is still up for grabs.
A really interesting book, aimed at the informed layperson. The problem with books of such currency is that they really lack timelessness because of the speed with which the technology changes so the reader has to assume the possibilities have advanced far beyond what the author has explained.
Subscribe to:
Posts (Atom)