Tag Archives: Robert Gates

The price of identity

We all have needs, we all have identities. It is important to us, as it is for many others. No one debates or disagrees with it. Yet what to do when identity hinders us? When we see the Washington Post (at https://www.washingtonpost.com/world/national-security/former-nsa-deputy-is-mattiss-leading-choice-to-head-the-spy-service-if-it-splits-from-cyber-command/2018/10/05/1be8d7a8-c73d-11e8-b2b5-79270f9cce17_story.html) giving us ‘Former NSA deputy is Mattis’s leading choice to head the spy service if it splits from Cyber Command‘, we need to consider the impact of identity, corporate identity, governmental identity, military identity, projected and presented identity. They are not the same and can vary to a much larger degree. When someone is part of what used to be referred to ‘No Such Agency‘. We will get the impact of identity; we all know that and many faced it too. Look at any friend or co-worker you have ever known and ask him/her about the impact of a merger and they will tell you, there are changes. Some are subtly, some are not noticed, yet others are, usually in infrastructure and the way things were done. Now the change tends to be for the good in the long run but that is not a given.

So what gives?

It is my personal observation and a highly speculative one at that. Yet I believe that the Washington Post giving us: “The current head of both organizations, Gen. Paul Nakasone, has urged Mattis to keep the NSA and U.S. Cyber Command under one leader on the grounds that the nine-year-old military organization is not ready to stand on its own, these people said. In recent weeks, Mattis was close to a decision to separate the leadership arrangement, but Nakasone’s counsel has caused him to reconsider, according to two U.S. officials. The officials spoke on the condition of anonymity to discuss sensitive internal deliberations“, is not entirely accurate. I believe that ‘military organization is not ready to stand on its own‘ is not the setting that matter. I believe that Stratfor who gives us ‘A New, More Aggressive U.S. Cybersecurity Policy Complements Traditional Methods‘ is very much at the heart of that. I believe that the general is not ready or perhaps unwilling to set the offensive and aggressive part in motion. Now, this is no bad reflection on the general, let that be a first. He is well decorated, he has seen the field in many ways and he has done a fair share of field events. He has earned his rank. I merely wonder that a man who has seemingly played a defence and protection game is the man for the offense. I think that this is a football moment, and as a non-football expert (and a 49ers fan) I would compare the General to DeMarcus Lawrence from the Dallas Cowboys against what the US seems to demand is a Derrick Henry (Tennessee Titans), or even a Tom Brady (New England Patriots), roles that are not really moveable. Even as a Quarterback might become a really good Derick Henry that Quarterback will never become a DeMarcus Lawrence. The defence and offense game is that far apart. This is where Chris Inglis comes in. He is an analyst (at heart), he is used to counter offensive strategies and introduce strategies of his own (effective one’s mind you). I believe that this is the game that is in the open at present and these two will need to find a way to make it work. Not merely because it is good for the needed strategy, but because the segregation of the two elements might hurt U.S. Cyber Command in a few ways, not merely funding, but the elements that U.S. Cyber Command currently have access to will partially fall away and getting two infrastructures like the NSA is unyielding, unaffordable and in the end will introduce flaws and dangers on both sides of the isle making the setting (as I personally see it) a non-option right of the bat. Stratfor gives us a few other items.

One of them is “A best-case scenario for a U.S. cyberattack would be disabling computer systems and networks being used against U.S. interests to prevent an attack from happening or to disrupt an attack that is in progress“. The problem there is that some of the opponents are getting to be really good at what they do and a few of them are not state driven, not by any state changing the dynamics of the solution. Even as I discussed the hop+1 strategy almost three years ago, settings like that require an expert layer one knowledge and the players cannot both have these experts changing the needs of the infrastructure overnight.

The second consideration is: “Perhaps the main challenge to U.S. engagement in tit-for-tat cyberattacks is that the United States is by far the biggest target for such attacks“. That might be true but that goes beyond mere true enemies, it includes a truckload of students wanting to finger the man (or is that giving them the bird)? Do they really want to waste resources to those people whilst the US has actual enemies in the world?

The larger issue is seen with: “Discussing the strategy, national security adviser John Bolton hinted that the administration had already taken steps to bolster offensive efforts in recent weeks, warning that the United States is no longer just playing defense when it comes to cybersecurity. But despite the Trump administration’s more hawkish tone regarding cybersecurity, it will continue mainly to rely on traditional measures such as the legal process, regulations and cooperation with the private sector when it comes to cybersecurity” It is here when we get the consideration of the resources required. The defence, offense and legal sides of it all becomes a real mess if the two split up giving the chance that targets and issues walk away on technicalities. How does that help?

The strategy s even more profound when we consider “Clandestine, discreet attacks are certainly already key elements of U.S. cyber tactics. There have likely been more examples of U.S.-launched attacks that have not come to light, perhaps because they were never recognized as cyberattacks. While the less known about U.S. cyber capabilities, the more effective they will be when deployed, this by definition limits the deterrence value of U.S. cyber capabilities“, at this point is the setting of ‘discreet’ that comes into play. With the two separated they will get into each other’s fare waters and more important give accidental light to the discreet part of the operation, there will be no avoiding it, only the most delusional person would think that it does not get out when more than one player is involved, because that will always introduce a third item being the intermediary, the cold war taught many players that part of the equation. And that is even before we get to the statement: “recent cases like the September indictment of North Korean cyber operatives, which displayed heavy FBI reliance on private security firms such as Mandiant and Alphabet to collect technical evidence and carry out investigations“, now we see the folly as Mandiant and Alphabet are mentioned, the entire matter grows further as soon as Constellis becomes part of the equation. That is beside the point of realising (highly speculative on my side) that neither three Mandiant, Alphabet and Constellis have the required safe servers in place to prevent names, places and facts from going out into the open. I might not be able to get in, but there are dozens who will get in and that voids the security of the matter to a much larger degree. For arguments sake I will leave Booz Allan Hamilton out of that equation, they have been snowed on long enough.

And even as we see the instance of legal preference, the US must realise that any attack from state or non-state parties in China or Russia has close to 0% of being successful (outside of the exposure part), the entire matter in case of the OPCW in the Netherlands is one. An attack was thwarted, yet was it THE attack? The guardian article (at https://www.theguardian.com/world/2018/oct/04/visual-guide-how-dutch-intelligence-thwarted-a-russian-hacking-operation) reads nice, and we see all these facts and from my point of view, things do not add up. You see, I would have used the car that we see mentioned “In the boot of their car was uncovered an arsenal of specialist electronic Wi-Fi hacking equipment” as a fire and forget consumable, use it as an access point, segregating the hacker from the accessing unit. When you have (as they stated) “cash: €20,000 and $20,000” getting a second car far enough to access yet not be directly linked is seemingly easy enough. Then there is the setting of the photo at Amsterdam’s Schiphol airport. I am not debating the issue of the photo, it seems genuine enough. In this operation they did not fly to Germany and took the train, or take a car and cross at Oldenzaal, Emerich, or even via Belgium and enter via Antwerp, or Eindhoven. It almost read like they wanted to get noticed. They know that Amsterdam Airport is high tech and nothing escapes their camera eyes. To me (a paranoid me) it comes across as ‘Where did they not want us to look‘. A mere sleight of hand deception, and again the entire GRU mention. A phone outside of that building and they had the taxi receipt? No one merely driving them to the airport in Russia or even them taking a bus from any hotel in Moscow. No a taxi receipt of all things, is anyone buying that? So in this it is not the Dutch, it is the Russian side that makes no sense at all.

How did I get there?

This is the initial setting of offense and defence. The proper application of strategy in all this matters, because we seem to undervalue and underestimate the need of either in all this. Because we get to push a button anywhere and anytime we seem to underestimate on what is recorded, what is collected and what can we verify. That entire mistake is how any offensive strategy can optionally become folly from the moment the instigation of ‘press any key‘ to start gets us. Proper offensive is not about doing what needs to be done, it is about being able to prove who did what. Perhaps Sony remembers that part as they were given that it was North Korea did something, whilst their computers were not even close to PC gaming ready, the mere processor, which was about 25% (at best) of a 1994 Silicon Graphics Indigo system is not the system that gives you what you need to hack the night away. The tools are equally as important as the access and ability to negate identity. When you see that part, the entire hop+1 intrusion path makes a lot more sense.

This now gets us to the end of the Washington Post, where we were treated to: ““As the build of the cyber mission force wraps up, we’re quickly shifting gears from force generation to sustainable readiness,” Nakasone said in a statement in May. “We must ensure we have the platforms, capabilities and authorities ready and available” to carry out successful cyber-offensives. Some former senior intelligence and defense officials oppose separating the “dual-hat” leadership arrangement, including former NSA Director Keith Alexander, former Director of National Intelligence Mike McConnell and former Defense Secretary Robert Gates. This week, former CIA Director David Petraeus, a retired Army general, said during a Washington Post cyber summit that he’d keep the dual-hat arrangement “for the time being.”” It is not merely the ‘we have the platforms, capabilities and authorities ready and available‘, you see, when we get to capabilities we see the need of offensive players and even as Cyber command might be aces in their field, the offensive game differs to some degree and even as we see that they are way above the student levels, we get back to the Football equivalent you see the application of defence and offense. It is not DeMarcus Lawrence versus Derrick Henry, the question becomes can DeMarcus Lawrence be a Derrick Henry that is good enough, that is the battle within. The mere realisation that if you fail this when the offensive is broken into a train wreck that makes the limelight in every paper, that is the game that is the dilemma that Gen. Paul Nakasone faces as I personally see it.

And when we see Stratfor with the one little gem we did not consider, the mere proposed fact that North Korea has a mere 9,000 IP Addresses, do you really think that they could have done this all, or are we in a setting where someone had the ability to act on BGP hijacking and was able to mask it to the level it needed to be masked at, because that was the offensive play that needed to be considered and there was no way that the evidence had been uncovered to that degree with a backdoor could be removed with a simple reset of routers.

#FourtyNinersRule

 

Advertisements

Leave a comment

Filed under IT, Law, Media, Military, Politics, Science

A leaky Cauldron is a just sif!

Well, as we are moving into the final days of President Obama, we get to see one more rodeo of entertainment, amusement and comedy. You see the headline ‘Barack Obama delivers stinging critique of FBI: ‘We don’t operate on leaks’‘, we can argue that they actually do, or we can howl with laughter, because for the most, the Obama administration created leaks, it did close to nothing to do something about it that would actually work. For one, here is a quote from thinkprogress.org. It is from August 7th 2015: “Congress’s Cybersecurity Plan Has Some Major Flaws“, this is in his second presidency and we see Congress not being even close to resolving essential issues that should have been addressed well before 2008. This level of inaccuracy (read: incompetence) is shown in “Civil liberties groups including the Electronic Freedom Foundation (EFF), New America, and American Civil Liberties Union (ACLU) urged the public to call their senators to persuade them to vote against, what even the Department of Homeland Security has deemed, a flawed bill with more than 20 proposed amendments“. So an issue where the ACLU and the DHS are on the same page, even when taking decent amounts of LSD, the world would still seem more logical, when ACLU and DHS are on the same page, the matter is a lot more critical than some make it out to be.

When we look back to 2013, when Robert Gates, the former Defence Secretary, reveals in his book ““reveals the depth of Mr. Obama’s concerns over leaks of classified information to news outlets, noting that within his first month in office, the new president said he wanted a criminal investigation into disclosures on Iran policy published by The New York Times.”“, we see that President Obama, knows all about leaks, they were at the centre of his core for two terms, so when we see again and again that the ball was dropped, what does that state about the president and his administration that keeps on twisting their ‘cyber’ thumbs?

Yet in all this, it was the Guardian who gave us (at https://www.theguardian.com/us-news/2016/nov/03/fbi-leaks-hillary-clinton-james-comey-donald-trump) an essential issue “Even some congressional Republicans, no friends to Clinton, have expressed discomfort with Comey’s last-minute insertion of the bureau into the election“, apart from what I discussed in my blog ‘As messages pass by‘ two days ago, there is one other part that must be mentioned in all fairness, because this is about the situation, not about anti-Clinton rants. The quotes are “As The Post’s Sari Horwitz reported on Saturday, “a largely conservative investigative corps” in the bureau was “complaining privately that Comey should have tried harder to make a case” against Clinton“, as well as “Rep. Jason Chaffetz (R-Utah), chair of the Oversight Committee, quickly tweeted news of Comey’s letter Friday and stated: “Case reopened.” This is not what Comey said (and technically the Clinton case was never closed). But many in the media bought Chaffetz’s hype, especially in early accounts. That’s what happens when an FBI director hands an explosive but muddled letter to a Republican-led Congress. In fact, Chaffetz had already made clear that if Clinton wins, the GOP’s top priority will be to keep the Clinton investigative machine rolling“, which came from https://www.washingtonpost.com/opinions/comey-gives-in-to-shameful-partisanship/2016/10/30/c31c714a-9ed8-11e6-8d63-3e0a660f1f04_story.html and this clearly shows two elements. One is that the republicans via Congressman Jason Chaffetz, Republican from Utah pushed. For those who think that this doesn’t matter, consider the following which we get from the FBI Website (at https://www.fbi.gov/about/faqs ). “Who monitors or oversees the FBI? The FBI’s activities are closely and regularly scrutinized by a variety of entities. Congress—through several oversight committees in the Senate and House—reviews the FBI’s budget appropriations, programs, and selected investigations. The results of FBI investigations are often reviewed by the judicial system during court proceedings…“, so when Congress pushes the FBI, it has bearing and impact (although ‘bearing’ would be allegedly). So whilst the media is going all out against Director James B. Comey, can we agree that Congress was pushing and in addition, the fact remains that Hillary Clinton could still up ending to be regarded as criminally negligent.

Now that last accusation needs explaining, and funnily enough, for the most, we all have that evidence. Those who have a job, ask yourself how many bosses allow you to do company business using your private emails? There are plenty of companies that such an action, seen as a transgression that could result in immediate dismissal and that isn’t even high dangerous secretive information. Now consider that as Secretary of State, Hillary Clinton submitted over 20 top secret issues via private email, in addition, the emails went to the laptop of a previous employee, basically giving classified information to a non-authorized person. The fact that she ends up not being prosecuted is a little weird to say the least. Yet, I discussed that in an earlier blog, the link remains because the issues are linked.

What is important now is that the media at large had access to more information that I had (or so they think), and they kept you, the reader in the dark. The bias against Donald Trump is THAT intense. Now, personally, I think that Donald Trump is as dangerous as a baboon on XTC, which is an issue as this primate is merely dangerous and lethal in the most docile of times. Its teeth rip through your flesh and bones in one bite. I’ll be honest, Baboons scare me, not because of what they do (they are equipped to protect, not to hunt people), they are highly intelligent, yet when cornered they can be the most dangerous animal you will face in a lifetime. Making my correlation with Donald Trump a lot more accurate than even I bargained for. His latest actions known as ‘Donald Trump’s Impeachment Threat‘ (at http://www.nytimes.com/2016/11/04/opinion/donald-trumps-impeachment-threat.html), when we see “they may well seek to impeach Hillary Clinton if she wins, or, short of that, tie her up with endless investigations and other delaying tactics“, the Democratic Party is seeing the result of President Obama’s bad presidency. The result and fallout of Benghazi, the mail issues with the Clintons and a few other matter. As stated, Congress gets to push the FBI and it is a republican congress. There is a little too much realism in the quote “Mrs. Clinton won’t be able to govern, because we won’t let her. So don’t waste your vote on her. Vote for us“, because her promise to do something about the economy will fall flat for at least 2 years. In addition, there are other matters that play, matters that involve the non-committal towards Common Cyber Sense and with the alleged Cyber-attacks from Russia (I am calling them alleged, because no clear evidence is in existence, yet clear reliable speculative data that pushes towards Russian involvement cannot be denied, not even by me), we see that Russia is instigating another cold war, one that America is unlikely to win makes the Democratic position even more weak. Even if we all admit that it is too unlikely for Russia to win this, it will work as an anchor on the US economy, so the next president has that to worry about too.

So as we are confronted with the Cyber issues at hand, in light of the extreme negligence that Hillary Clinton has shown to have, we see certain markers that weigh down on the positivity of her campaign. This might be the first election where the third party had a decent shot of winning, isn’t it a shame that Reverend Jesse Jackson wasn’t running? I reckon that unlike 1984 and 1988, he actually would have had a chance this time around, when we are brooding on which of the two is the lesser of two evils, the third player o gets be an actual contender #ThatsJustMe, wasn’t it funny that he of all people that showed up in Detroit yesterday after which he praised Donald Trump for his commitment of Diversity. Although from the news we have seen, I have to wonder if ‘diversity’ was about the sizes and shapes of breasts. I just had to get that of my chest, #Pardonemoi.

In all this, the media themselves are also a worry as they are pushing the people with outdated information. An example is the Business Insider only 2 hours ago. The article (at http://www.businessinsider.com.au/hillary-clinton-new-emails-found-fbi-2016-11), gives us “The FBI says it found new emails related to Hillary Clinton’s time as secretary of state, CBS News reported on Thursday. It is not known whether the emails are relevant to a case involving Clinton’s private email server, the network said, but the messages do not appear to be duplicates of emails the agency has already reviewed, according to an unnamed US official cited by CBS News“, the article was given the date and identity ‘Bryan Logan Nov 4th, 2016, 11:12 AM‘, yet when we look at the CBS article “In a letter to Congress last Friday, FBI Director James Comey indicated that the agency was taking steps to review newly discovered emails relating to Clinton’s private email server. Those emails came from the laptop of Weiner, a former New York congressman“, which was what I reported on 5 days ago, which came from CNBC on October 29th. So, as the Business Insider is intentionally misinforming the people. So, can we agree that the Media could now be regarded as ‘tempering’ with elections by misinforming the public? Even as we see these events evolve, we need to take heed that Donald Trump is the kind of man that large media corporations do not mind to be indebted to. Because his next crazy idea that pays off, these people will be knocking for exclusives, so when you think that you are getting informed, think again! The article never ‘lies’, it just trivialises older news and gives only part of the complete timestamp on other sides, leaving us with the message that Hillary Clinton has more eventful issues, instead of us getting the correct information that Business Insider is just rehashing old news, to get a few more cycles out of it. How is that not tempering with the view of the voters?

 

Leave a comment

Filed under Media, Politics