Archive for January 2013
Signal To Noise and Garbage Men
XXXXXXXXXXXXXXXXXXXXXXXXXX
Signal To Noise
I opened my RSS feed today to a treasure trove of unbelievable bullshit coming from the media on NATSEC and INFOSEC. At first I thought same old same old and started to riff on all of the derp but then as I went along tweeting out my angst I began to feel rage. I know what you are all thinking “That’s nothing new Scot” and you would be right but it was at the moment where I was reaching a critical mass in my frontal lobes that I stopped and thought “What’s the point?” Why even bother? I mean sure, it can be pithy and ironic to tweet our snark at it all but really, other than release in a comedic or sardonic vein what good does it do for me or anyone to do so?
A friend of mine has been frustrated with life in INFOSUCK recently and in a conversation with me said he wanted to change things, he wanted to be signal and to cut out the noise. I thought about that for a bit and suggested that there will always be noise and that perhaps he was expecting way too much from the community as well as the universe at large outside of our particular little sector of echo chambery goodness. You see, as we know from the big bang, there is a lot of background radiation to any universe and ours in INFOSUCK is a particularly noisy one. In fact I’d dare say that there are vast swaths of the INFOSUCK universe that are not only filled with harmless background radiation but also with high levels of “DERPION” radiation so we all need to wear our lead suits for much of the safari.
While I appreciate the sentiment to the allusion that he has been trying to make I am too much a pragmatist to think anyone can be forceful enough to push that kind of signal to everyone nor do I think that the larger verse is able to even deduce what the signal is. Look at it like the idea of how we beam out welcoming signals to deep space in hopes of getting aliens to talk to us or placing gold discs with images and music on them from Earth. To date we have had no contact and I for one think that perhaps no one has reached out because they fear that we are all too primitive to even consider talking to. Coincidentally this is how I am feeling about our community and the issues around which we all worry and talk about. We are the aliens and the masses are the Earthlings. We have been trying to communicate to them all but they are too busy watching re-runs of Snooki’s impregnation on national TV to care about what we are trying to say.
Alternatively, are we really “signal” here? Look at this community of malcontents. Look at me for instance, I am a right bastard and really, were I a nice guy without being in the C level position of some company would I be paid attention to at all? It’s usually the loudest and the most vociferous that gets the attention and that usually really only means if you are being obnoxious that perhaps people will listen and remember what you had to say. We in this community spend a lot of time playing games of one upsmanship while the government and military types go to their secret squirrel lairs or offices of state where they make new and incredibly stupid laws or plans to cyberize the nation. I don’t think we can be the signal because the noise is coming from those who we need to get through to and they are the ones making the noise in the first place.
DERPCON 1
Speaking of all those squirrels and gov types, they are the ones along with the media that finally had me contemplate what I am writing of here. I am tired of being the squeeky wheel. I am tired of the onslaught every day of half baked media stories on cyberwar and of course now how the US is going “offensive” on the whole deal. I fear that the lunatics are truly running the asylum and there are more than a few charlatans in our community egging them on in hopes of making a buck. Offense,Offense,Offense, is the mantra that I fear in the end will only end poorly for us all. We are in perilous times, more so than before because the blind are leading the stupid who are in turn leading the country.
No matter what I say, no matter how mercilessly I mock, it will not make one whit of difference. I saw this in my attempt at publishing my rebuttal to Lieberman in the NY Times. They did not even allow it in the comments section and really, I worked hard at not being the bastard in that conversation. So it’s time to hunker down and crack a beer while sitting on the roof with some guns because the zombie apocalypse should at least be fun. Well that is til the beer or the ammo runs out. The same can be said for this whole issue over national security where we are now the “Nuclear Weapons of the 21st centruy” I still chafe at that descriptor but at least what the media failed to get across was that Kerry was talking about diplomacy and it’s use in this arena. So I guess I can kinda forgive him a little bit on the nuclear weapons comment…
A little.
Philosophical Garbage Men
So where does that leave me? Well, I guess I will continue on my way with this blog going back to the old school interesting things I used to write about. I am sure I will have the occasional mental break down and epithet riddled response to something incredibly stupid put out by the mass media. On the whole though, I think I just need to ease back and become a garbage man. Though not just a garbage man but a philosophical one to boot. Perhaps we are all garbage men and women in this business huh? I mean, really, we get the shitty job of trying to secure our environments and herd executive cats who collectively couldn’t hunt down a cheeseburger in a Wendy’s right?
Time to get that poop scooper and clean the INFOSUCK cat pan I guess…
Oh and to my friend who wants to be SIGNAL.. Sorry man but there is too much noise being created by the INFOSUCK universe and no matter how big your antenna or how you boost the gain on it you will never overcome the background radiation. So come on down, get your overalls on and start picking up the garbage. It’s great manual labor and you can just think and philosophize.
Peter Gibbons had it right man…
K.
I AM A NUCLEAR WEAPON MAN….
qsycniigfcfjdwjwhx
I AM A NUCLEAR WEAPON… A WEAPON OF AWESOME DERP
Welp, here I am again about to write yet another moron in the gubmnet speaking about computers and national security when they should just shut the fuck up. This time around it’s John Kerry, the new SECSTATE who opened his big stupid mouth in a confirmation hearing and uttered the following allusion to hackers today;
‘Foreign Hackers Are ’21st Century Nuclear Weapons’
*blink… twitch…rage*
John, buddy, I thought you were a bit of a bint when I knew you back in the Beacon Hill days but now you have really gone and done it. What the FUCK were you thinking? Were you thinking? Sometimes I just wish you people would take a step back and think about shit before you say it. You are wholly unqualified to make such a statement in the first place and here you are feeding that line of bullshit to the Senate committee who is confirming you? Tell me, did you also manage to completely control your gag reflex later on for the glory hole after the proceedings?
I heard this little bit of news on Twitter and thought; “Nah, they got that wrong.. No one would be THAT stupid as to say something like this” Sure enough I was wrong in thinking that. My bad I guess. You sir have taken the DERP award for the new year! It’s a nice award too because we have combined it with the “Jumping the Shark” award! It’s got this nice figure of Ira Winkler jumping a shark in a Fonzie pompadour while masturbating on the onlooking audience. I am sure it will go nicely in your new digs at State.
QUICK! CALL N.E.S.T.
So, now it’s out there, this phrase likening all “hacking and hackers” to an arsenal of weapons of mass destruction and all we can do is look on in abject horror as these morons believe this shit. Really, you are going to compare and contrast someone DDoS’ing a site, stealing corporate data, or defacing a page to a nuclear all out fucking bomb? WHAT THE FUCK ARE YOU SMOKING? ….And can I have some? It’s gotta be some damn strong shit for you to be believing the words coming out of your mouth.
Seriously though this is just par for the course given the “Cyber 9/11” going around the government today I guess. The problem is that the body politic has completely abdicated any full grasp of the realities here and instead have decided to just run with the scary words and ideas in an attempt to scare the masses into submission. This is a shameful state of being and it bodes ill for us all more and more every day. Grandpa it seems has gotten his first computer and is afraid to click delete because the world might fucking end and it’s time to take away grandpa’s license to “internet” I think.
Look, hacking and hackers, even if they hack into the power grid are noting in comparison to an ICBM aimed at a nation state where MILLIONS can die in the blink of an eye John and somewhere in that thick Heinz riddled skull you know this so cut it the fuck out. I know you won’t but I just had to say it before my head exploded from your stupidity. You have committed one of the larger of the deliberate misapprehensions about technology and hacking not to mention espionage that there ever has been.
.. And this derp’s for you.
DERPCON 1
So we have officially gone to DERPCON 1 now.. Nice… I give up. However, at the very least you have given me an idea for a T-shirt design. You will see me wearing the T-shirt above (sans pecs) at Shmoocon this year. So thanks John, at least I got this crappy T-shirt out of the deal I guess. Others seem to have latched on as well so maybe more will be seen around.
*hangs head… sigh*
I need a drink… MEDIC! BOURBON STAT!
K.
THE IRANIANS ARE KNOCKING! THE IRANIANS ARE KNOCKING!
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
There are known knowns; there are things we know we know.
We also know there are known unknowns; that is to say, we know there are some things we do not know.
But there are also unknown unknowns – the ones we don’t know we don’t know.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
“Mankdrake, come over here, the Redcoats are coming!”
THE IRANIANS ARE DDOS’ing OUR BANKS! UNCLE FRED CAN’T SEE HIS BANK ACCOUNTS OH THE HUMANITY!
The hue and cry over the DDoS that has been taking place since the summer on certain banks has been increasing over the last week and of course the secret squirrels and the hangers on who want to sell their wares and stories have been rife on the mainstream media. Of course the likes of Droopy Dawg (former Senator Lieberman) have also been making the rounds at podiums near you droning their dire warnings that Iran is double secretly “out to get us with cyber attacks”
Several of my contemporaries have posted articles this week pointing out that emperors all, have have no clothes on and yet, only within this small verse known as the INFOSEC community am I seeing this fact being leveled at all. It’s sad really that we the community in the know should be so marginalized by the media because we do not take the party line. Thusly the truth of the matter never reaches the unwashed masses and they live on in mortal fear and loathing over the great Muslim Shaitan that is Iran.
For us in the know though, we can only continue to say “No, that’s not what’s happening” to those who will listen or yell it out as I am here once again on my screed… Uhh.. I mean blog. Sad but true as well as for me at least cathartic to at least yell in ALL CAPS for a while. I feel better usually after a good screed here…
But I digress…
“What difference does it make if it’s true? If it’s a story and it breaks, they’re gonna run with it.”
Truth is something that media outlets and the government tell you they are giving you but really are they? In the case of the DDoS attacks on the banks there is no solid evidence as to any kind of attribution of who is doing it. This however has not stopped “government sources” and certain secret squirrels within the INFOSEC community *cough VENDORS cough* who are more than willing to tell you that it’s GOTTA be Iran. Why? well… Because.. IRAN DAMMIT! That’s about the sum of it right there. It is so because they say it is, we don’t need no stinkin proof or anything do we?
Now, had any of these people made the caveat that there is no real proof of this but my gut say’s it’s Iran that’d be ok but then again really? Really? That’s going to be an answer? If there is no proof then you say that there isn’t any and that you CANNOT say who did it. It’s simple really but instead we get the Iran angle because that is the party line for the saber rattling du jour right? Who am I kidding though right? After all according to Karl “Turdblossom” Rove back in the Bush administration “we make the reality” right? So the reality is, since it’s on the news and the secret squirrels have told us on background, that Iran is HACKING OUR BANKS!
*chuckle*
Hacking.. Ugh, that’s another issue altogether. The nomenclature is completely ignored by the media and the masses just eat it up because it has the word “hack” in it and that is god damned scary! Never mind that the DDoS really isn’t that harmful to anyone. Honestly, DDoS of the banks does not mean that they are down for the count. Sure they will lose some revenues while the sites are down but this is no nuclear strike or massive hack on the banking system that siphons trillions of dollars to Swiss accounts ala Dr. No. It’s all really much ado about nothing yet it is being flogged for the masses in one assumes is a preparatory campaign against Iran and nothing more.
“Can’t have a war without an enemy…You could have one, but it would be a very dull war…”
So yeah Iran is a repressive authoritarian theocratic government that treats its people poorly and seeks to engender itself as powerful to the global scene. They do have some technological know how and they are fixin on getting them some revenge but is a DDoS really going to be their raison d’etre? Think about it isn’t it laughable as a serious attack? Sure Anonymous does it but that isn’t all they have been doing right? THEY have actually been HACKING!
Good lord! I mean c’mon people! If you are gonna frame up Iran for some cyber shit at least do it with some serious hacks against corporations or infrastructure!! Oh, wait, I know, if they were to really do that then there’d be some real reasons for action right? Then perhaps the people might ask if what they are being sold is the truth or not right? Ahh that must be it right there huh? Just some DDoS, pay no attention, it’s not the end of the world.. Oh and IRAN IRAN IRAN CYBER CYBER CYBER!
*subliminal fear images flash across the screen as Anderson Cooper looks sternly into the camera*
Derp derp derp… So yeah, the government needs an enemy and attribution is soooo hard! It’s Iran.. No doubt about it. No, really, it’s a really complex attack! I mean no ordinary group of hackers or security folks could do this kind of thing! Well, except for those guys who have bitcoins and go to the darknet and rent some botnets.. Wait.. SHHHH… It’s IRAN! It HAS TO BE IRAN! IT’S A NATION STATE DDoS!
*takes drag on cig and looks through wayfarers*
You people make my ass twitch…
No no no no no, fuck freedom.
So once again we are left with the media not taking the full measure of things and that even includes NPR which had a report this week that nearly gave me an aneurysm. Brian Krebs told me yesterday in fact that he declined an interview/comment on this because they were not really willing to hear the truth about this. By the way Brian KUDOS to you man. YOU are my new hero! I presume that others who lack a certain moral ethical compass will be blathering every chance they get and those people should be publicly taken to task for their perpetuation of this farce.
Of course others like Jeff Carr have been a voice of sanity on NPR and elsewhere in the past but you know what? Jeff’s logic and truth doesn’t make for bleeding headlines that will draw clicks for ad revenue will it? Marginalize those who tell the truth that is too dull to sell ad space is the way of it today. So on it goes, the media drumbeat will continue saying that Iran is at the heart of every little cyber hiccup that we have from now on. Iran is in good company with China now. Hey, at least China isn’t alone! Now China can just glibly point at Iran and Mahmoud saying “It was them!” and surely many in the government and the media will say AH HA!
My friends we are doomed. The truth no longer matters and I suppose it hasn’t for some time. I am a dinosaur I suppose to believe that there are truths out there that should be told. Could Iran be behind the attacks by using proxy orgs? Sure. Do we have definitive proof? No. That’s all that needs to be said. That is of course not what we are getting from the government and media today though.
Hmm how long til Glenn Beck or O’Rielly are “Cyber Experts” I wonder….
K.
No, You’re Not A Spook Just Because You Track Social Media and Do OSINT
rlutjiggsqi71pdmksnpocypnxoueuhfcvhbgcry?
I Know, I AM A Broken Record But…
Gah! The bile has finally risen to the point where I feel compelled to blog (aka rant) again. What has me discomfited this time? Well, glad you asked, it’s all of these numbnuts out there on the Internets saying they are spooks, or inferring they are spooks because they track social media and claim to be OSINT specialists. Increasingly I am seeing these people listing that they will be at con’s or they offer services or god forbid have it on their LinkedIN account next to “Uber secret special internet cyber security specialist commando imperator” or somesuch bullshit title that they came up with during a nocturnal cyber emission.
Lately the Internets have been thick with this loamy bullshit and my limit has been reached, and thus a screed is born. Look, unless you went to “The Farm” or somewhere else under the auspices of some “agency or service” you are not a “secret agent” no matter what you think you might be able to pull off online as a moniker. You are not a secret SOF officer or for fucks sake James Bond of the Internets ok? Let me tell you a little secret as well. There’s a great difference between an “analyst” and a “special operations officer”.. I guess you never read those books or taken a class have you?
DERP.
Look, just cut it out. You are much closer to being a Johnny English or a Maxwell Smart than you are to being George Smiley ok? *note all fictional!!* In the real world, and yes, your shit from the internet does effect the real world (meatspace to some) and when you do shit wrong or poorly, you can have repercussions that can range from “oh look how cute!” to “That’s it, jail time for you on the charge of douchery”
… And the douchery has been epic.
The Spook Shingle Is OUT!
Lately (ok over the last couple years really but I’ve finally had enough) there has been a deluge of self styled spook types out there with their digital shingles out. They range from mildly douchey to “OMFG You’re title is what?” It’s all a matter of degrees I suppose and some out there are just waving it all in the wind in hopes that someone will take them seriously and buy into their bullshit to get paid. Of course many in the community call bullshit on them but still, there lurks the odd C level who says “Oooh they look important because of their important titles with the spooky lingo” So in the end, some of these Cretans get paid for their dubious skills and that is dangerous in and of itself, I mean, this is how the Ligatt’s of the world make a living (i.e. douchery and gullibility)
Take a wander through LinkedIN sometime and you can see for yourself some of the epic titles out there that are followed by little to no experience on the profile. Still others make more shit up *freewheeling it* in hopes that the language and imagery will just bamboozle you into believing their dreck. It might amuse you for a while, you’ll giggle and then perhaps you will realize just how stupid it has all gotten and you will have an aneurysm. At the very least have a look though to understand the proportions of it and lament.
I Track Social Media and It’s OSINTSAUCE!
Meanwhile, many today are claiming to be performing “OSINT” (Open Source Intelligence) and featuring the angle that they are specialists in “Social Media” Each time I see or hear this I have a petite mal seizure and pray it will be the “big one” that will my own little ceremony of the cremation of care. Unfortunately I keep waking up and there they are, still sat there making prognostications over twitter and facebook feeds. The big problem I have is are they just looking at these feeds or are they interacting? How are they analyzing what’s being said and with what kind of rigor before generating some report for whomever? Just what exactly are they doing? Is it really “OSINT” or is it just loose reporting of the diatribes of Anon’s 140 characters at a time?
Looking back, I see the same thing with Aaron Barr and the HB Gary affair, he said he had nailed down the leaders of LulzSec via OSINT/SOCMED but when the time came, and the data was laid bare to the masses he had nothing right. Is this OSINT? One word.. “No” However, it does make a real point that many seem to not get.. OSINT is “INT” meaning Intelligence. Intelligence is not a game of “Slam Dunks” unfortunately now VERY clear to George Tenet in hindsight. You are dealing with information that usually comes from sources that could be outright wrong, or misleading you on purpose. It is the job of the analyst to correlate the data, fact check as much as possible, and then report on what he/she has discovered. Unfortunately, many of the people out there today claiming the mantle of OSINT specialist don’t have the benefit of that knowledge, nor have the background to do so, but they do anyway. Of course this also covers those not doing it as a job but instead for fun online or with some grudge to work too.
A DOX Here A DOX There.. DERP, DERP, DERP
Then there’s the “D0xing” as made popular by Anonymous. Frankly I have been amused by some of the lulz here but schadenfreude aside, what’s the point? I have harped on this before in posts about Anon exhorting them to do better if they were going to be “moralfags” (their term for it) to enact change. If it’s for the lulz well, that’s all it is whether the dox are right or wrong. However, if you are trying to effect change for the better, your dox better be right. A recent posting over the rape charges in Ohio on LocalLeaks is a case in point. The site is touting the release of the email spool for a “fan” of the local football team who may or may not be close with its players.
The dox drop of the mail spool is accompanied with innuendo about photos within that “may be” of an underage person (see post on site) While the rear end in question is certainly not of a 90 year old, neither can it be said that it is at all anyone underage either. Upon looking at the other “evidence” that Anon has dropped, nothing else shows much as to their being any untoward activity by Mr. Parks. This is the problem with bad intelligence gathering and analysis, you are not doing anyone a service when you only have some information and then you decide to make the rest up to fit your story (ya know, like the WHIG before Iraqi Freedom right?)
The same goes for those within the security community that speciously claim intelligence wins with data from social media etc because in the end, nothing in the intelligence game is a “slam dunk” it’s all just meant to inform your clients as to what seems to be going on. Unfortunately all too many people are going about this with the misperception that their product is correct in the first place and that they know what they are doing in the second.
Internets Is SERIOUS Business
In the end I just wanted to take the time to call bullshit on a lot of what’s out there today.We have many a charlatan running amok as well as more than a few pathetic individuals living out their super secret agent lives online in hopes that someday they will wake up and it will be real. The real spooks (other than the ones being arrested for leaking and given 10 year sentences) are usually pretty quiet. Others, well they are often making big claims about being all spooky and in the know.. I guess the axiom should be that the quiet ones are the real guys and the shameless self promoters are.. Well, not.
That especially means you zan.pklvnxwiin.fxh
For the most part though, I have to give credit to the 4chan’ers for starting the meme of “Internet is serious business” because it really is the case for the most part. Sure there are always larger, more impactful things that come from it, but generally, the internet is all about the lulz. Anyone who deludes themselves that it is in reality really really important should be mocked mercilessly.
Just my two drachma….
Krypt3ia 