han uxgb xa.
I HAVE BEEN IN THIS BUSINESS FOR OVER THIRTEEN YEARS….
It’s been a long strange trip from the early days of “Information Security” being a business. Over these many years I have seen quite a lot working for Big Blue and various other places but man it lately just feels like I have passed the event horizon on this black hole of derp. I look at the news and just cannot help but feel like I am being made into atom spaghetti by that black hole drawing us all into it’s depths. Of course the black hole here isn’t made of super compressed matter that breaks the bonds of the laws of physics. No, in this case the black hole is metaphoric and is made of what we on the internet call “derp”
Recently I have been taking stock of it all and I have come to some conclusions for myself that will affect the way I deal with.. Well.. Digital life. In looking at the big picture I have finally had the realization that we as a species will always be the reason we can’t have nice things. Whether it’s the malware writer, common criminal stealing money, the nation state seeking to fuck the other nation over in their own interests, or the pimple faced moron taking pictures of himself licking taco shells at Taco Bell, there’s no fighting against it. Everyone will have their agenda and their agenda’s both personally as well as collectively will win the day. It won’t be you or I dear INFOSEC reader. The tide as they say is too hard to fight against and I for one am just going to let the lungs fill with water and my body sink to the bottom of this ocean of stupid.
Sometimes I feel like the recent John Hurt version of Doctor Who. I have been in the wars a long time and I have fought the good fight until moment when I just say; “NO MORE” Well that time has come and there is no more I can do. I have been a bellicose person here online and the reality is that while I’ve gathered followers and friends I am just preaching to the INFOSEC choir and nothing more. The war that rages is the one outside of our own little vox populi cum echo chamber of Twitter and blogs. The war I speak of is fought every day on the internet and intranets… The Internet of things as they call it now but the reality is that the war is not digital. It’s about the people who operate the Internet of things. Too many people just focus on the technical and that is a big problem. You can’t solve everything with technical means. You know why? Because for every measure there is a counter measure that someone will create! The human animal is eminently creative and it is within their nature to want to break the system. Whether it is just for the thrill, for money, for power etc, people will always find a way. Think of it in the way that Ian Malcom makes the analogy about nature finding a way with chaos theory in Jurassic park, it’s the same idea. The war will always be waged as long as human beings have the technology and the will to subvert systems, steal money and secrets, or wage war. It’s really very simple.
The war will never end until such time as we have evolved past it…
So, given that the war will likely never end we are forced as practitioners of INFOSEC to fight never ending battles in the greater war of attrition. The battles are myriad and you all know your own because you live it every day. Do you out there feel that at the end of the day you have won the battle? Perhaps the war? I suspect not many do really because I hear a lot about burnout in this industry. Burn out seems to be endemic for us and I for one have felt it licking at my heels more than once in the past few years especially. So are the battles worth it at the end of the day when the overall war is lost? What do I mean by saying that the war is lost? Well, have you seen the news lately? We are the most surveilled we have every been to date and yet the people are quiescent on the whole about the invasions of privacy.
Surveillance and invasion of privacy seems to be just a single aspect of a larger problem though. Generally the masses are just not able to comprehend the problems surrounding the technology they hold within their hands. This makes the collectives of companies and governments just as clueless because they are comprised of those same individuals who are not clued in. Of course this is a gross generalization but really I think it is one that is appropriate. So to sum it up, until such time as the “norms” finally grok the issues around security the war will always be a loss as well as many of the battles that you or I fight on our own killing fields because of human nature.
And here I am again back to human nature. We have been evolving for a long time and yet we still fail at things like world peace, or ridding ourselves of poverty and hunger. How then do we look as a species where we have a new tool that was supposed to revolutionize our lives and the two things we primarily seem to be interest in now are porn and warfare online? No, really, look at it from the aggregate here. We have weaponized cyberspace for more porn profits. Ok well there is some facetiousness there but you get the idea right? We take the thing that is supposed to unite us in egality of knowledge and we fuck it in the ass with war and profit through malware and packaging everyone’s data for sale or state surveillance.
Human nature here wins the day so once again I say it’s not about technology. We MAKE the technology and we make OF IT what we will right? Hammond and the Anon’s used the technology to do what they felt was necessary to show misdeeds. Right or wrong they leveraged “human nature” to bypass security through low level vulns such as bad password habits. They leveraged our own human nature of laziness against us all. What I am getting at here is that we are our own worst enemy and god help us when we get into packs and make decisions. I know you all have been on con calls before so you know what I am saying here.
Until we can overcome our own human nature to be self destructive the war will continue as we have been seeing it play out before us of late. It will be one derpy war after another against every one of us and every one of us who gets pwn3d will only have ourselves to blame. Well, really the human nature thing.. But you can blame yourself… In fact you should really.
EVOLVE GOD DAMMIT!
A STRANGE GAME. THE ONLY WINNING MOVE IS NOT TO PLAY.
So here I sit today thinking about all these things as I have been recently on and off. I look at the greater picture and realize the futility of it all. I mean, what’s the point if I get one person per day NOT to click on a phish email when somewhere else a C-Level is making a bonehead decision that will effect the whole companies security posture? It’s fucking Sisyphus and the boulder every frigging day so why bother to care? So I have come to you with this manifesto of a sort that I here and now just really don’t give a crap anymore. I am not going to evangelize anything anymore. I am not going to try and teach anyone anything as well because what’s the point? You can’t win the war and I certainly don’t have a big red button ultimate weapon like the Doctor did in the Day of the Doctor. I cannot make the derp disappear in a pocket universe no matter how much I would love to.
Instead now I relinquish the derp and the angst to all of you willing to take on the mantle. Take it please. I would rather go investigate making cheese from human armpit sweat than have to deal with this constant barrage of lunacy that is the INFOSEC diaspora. I will leave all this behind like Frodo leaves the ring in Gollum’s mouth in the Crack of Doom for it is the only place where it can be destroyed… Which just happens to be here on the internet right? Where the derp was forged so shall it be destroyed….
Ok, yeah that was melodramatic eh?
Look, here’s the deal. I have had enough. Enough of the cons, enough of the jockeying online, enough of the anger and dismay as I see all the shit going on around me that I know nothing can be done to stop. I often joke about getting that 6’x6′ Uncle Ted cabin and making packages but that is just a joke… No really. My plan is to just move on and leave the tyranny of derp to the rest of you to deal with. I have other more interesting things to do that don’t require raising my blood pressure and having petite mal’s. I will of course write still when I feel moved to it about interesting things like the Bitcoin stuff or darknets but honestly I’ve had enough of the horse shit here.
And thusly my manifesto has been derp’d unto you…
Don’t forget to tuck and roll when that huge fucking boulder comes barrelling down at you later…