Cyber warfare is a crippling threat to our economy and security. It has to be – everybody says so! Our government is trying its darnedest to do something about it – whether it be to pawn it off on DHS (and now the National Economic Council, since they apparently don’t have enough to do, but that’s another rant) or to create and staff the Air Force Cyber Command. Or go spin up the country on a new “cyber challenge“, (having the side effect of populating CIA/FBI/DHS watch-lists with the names of the participants, I’m sure). And everybody knows there are cyber-spies in our electric grid!
And now it has been deemed that it’s more devestating than a nuclear bomb, according to the vice chairman of the Senate Select Committee on Intelligence. That’s quite a statement, and by a group of big swingers to boot. How often do you hear public officials clamoring to a microphone to blurt out the best way to defeat their country? Were Achilles’ last words “Betcha can’t hit me in the heel, Paris”? Did Samson ask Delilah for a little of the sides and top? Did the Nazi’s say, here’s the Enigma machine and codebook, knock yourselves out?
Duh. No, they didn’t. Double duh. You don’t go publicizing your weakest link. But you certainly can pretend to - Disinformation is quite a useful tactic in war. Operation Fortitude spread false information during WWII misdirecting German forces prior to the landing at Normandy. Same with Operation Mincemeat, where British intelligence allowed a dead body carrying fake invasion plans to be recovered by the Germans.
Another angle on disinformation involves “dilution”. I have a friend I’ll call Tom (short for Tomato Farmer) who has the “perfect coverup” to a murder. Not that he’s committed one, or done this (to my knowledge), but it goes something like this: Tom says to root through the dumpsters of a barbershop, nail salon, hospital, and butcher shop and collect as much miscellaneous human byproducts and waste as you can – nail clippings, hair, meat and blood. Go commit your gruesome crime without regards to neatness. Then go get your sealed up container of “dna”, bring it to your crime scene, and dump it everywhere. Your own dna will simply be lost in the shuffle, as they try to find the hairy hemophiliac pig with a french manicure that was the apparent perpetrator.
So if you’re one of our nation’s enemies, and you’re reading this, please, please don’t launch a cyber attack on us. Please don’t, it’d be simply dreadful. Oh dear…
Sure. Unless we really are just that vulnerable and incredibly stupid, to boot.
So which is it: Social Reverse Engineering or Reverse Social Engineering?
Loading ...
August 22nd, 2009 on 1:01 pm
Does this mean that an exploit is a weapon of mass destruction? Will it mean that in the near future?
Disseminating exploit software and knowledge is a grey area legally. Disseminating WMDs is a whole different matter.
Will we be allowed to talk about the things that we know? Will it be legal to know them?
August 23rd, 2009 on 9:05 am
Thoughtcrime? Thought Police? Bit of a spooky Orwellian slant. The Germans seem to have tried to regulate this recently, and it hasn’t been working out too well for them: http://www.theregister.co.uk/2009/06/07/germany_hacker_tool_law/