So does the hacking of Sony signify a new era in cyberwarfare?

December 18th, 2014 [link]

Some people think that it does

Most cyberattacks to date—by China, Russia, Iran, Syria, North Korea, Israel, the United States, and a dozen or so other nations, as well as scads of gangsters and simple mischief-makers—have been mounted in order to steal money, patents, credit card numbers, or national-security secrets. Whoever hacked Sony (probably a North Korean agency or contractor) did so to put pressure on free speech—in effect, to alter American popular culture and suppress constitutional rights.

Matt Devost, president and CEO of FusionX LLC, one of the leading computer-security firms dotting the Washington suburbs, told me in an email this morning, “This is the dawn of a new age. No longer do you have to worry just about the theft of money or intellectual property, but also about attacks that are designed to be as destructive as possible—and to influence your behavior.”

Bob Gourley, co-founder and partner of Cognito, another such firm, agrees. “I have tracked cyber threats since December 1998 and have never seen anything like this. It might have roots in the early Web-defacements for propaganda”—usually by anti-war or animal-rights groups—“but they were child’s play, done really for bragging rights. A new line has been crossed here.”

And the attack has had effects. Sony has canceled the film’s scheduled release due to terrorist threats against theaters (even though no evidence links the source of the threats to the source of the hacking). While a Seth Rogen comedy is an unlikely cause for a protest of principle, a case can be made that Sony’s submission to political pressure—especially pressure from a foreign source, especially if that source is Kim Jong-un—should be protested.

Well, it might be seen as an attack on American popular culture, I suppose.

Apparently some (off-the-record-natch) US sources think that Kim Jong Un and his chaps are responsible. In which case it’s an instance of cyberwarfare, not just an anti-corporate stunt.

And, as @dangillmor asks, “Are these the same US govt people who determined that Iraq had weapons of mass destruction?”

Kim Zetter has a good, sceptical piece in Wired.

What it all adds up to is that the big difference between “cyberwar” and the kinetic version is that it’s very hard to be sure who has just attacked you.

And, as usual, Dave Winer has an original take on it:

Back in 2000 when Napster was raging, I kept writing blog posts asking this basic question. Isn’t there some way the music industry can make billions of dollars off the new excitement in music?#

Turns out there was. Ask all the streaming music services that have been born since the huge war that the music industry had with the Internet. Was it necessary? Would they have done better if they had embraced the inevitable change instead of trying to hold it back? The answer is always, yes, it seems.#

Well, now it seems Sony is doing it again, on behalf of the movie industry. Going to war with the Internet. Only now in 2014, the Internet is no longer a novel plaything, it’s the underpinning of our civilization, and that includes the entertainment industry. But all they see is the evil side of the net. They don’t get the idea that all their customers are now on the net. Yeah there might be a few holdouts here and there, but not many. #

What if instead of going to war, they tried to work with the good that’s on the Internet? It has shown over and over it responds. People basically want a way to feel good about themselves. To do good. To make the world better. To not feel powerless. It’s perverted perhaps to think that Hollywood which is so averse to change, could try to use this goodwill to make money, but I think they could, if they appealed to our imaginations instead of fear.#

Hacking, by Royal Command?

December 16th, 2014 [link]

The Intercept has just published an intriguing PowerPoint deck from the Snowden trove. It gives some details of the hacking of the Belgian mobile phone operator, Belgacom, (probably using Regin).

Slide 5 shows two distinguished visitors being given a briefing, presumably on this operation (otherwise why is the picture in this deck?)


Slide 9 makes it clear what this is all about:


So my question is this: Did Prince Charles know about the hacking of Belgacom?

Q: Who let this happen? A: We did.

December 14th, 2014 [link]

This morning’s Observer column.

The relevant extract from the [FISA] court transcript reads:

Justice Arnold: “Well, if this order is enforced, and it’s secret, how can you be hurt? The people don’t know that – that they’re being monitored in some way. How can you be harmed by it? I mean, what’s… what’s your… what’s the damage to your consumer?”

Ponder that for a moment. It’s extraordinarily revealing because it captures the essence of the mindset of the people who now rule our democracies. It’s a variant on the “if you have nothing to hide then you have nothing to fear” mantra. And it begs the question: who gave these people the right to think and act like this?

The long answer goes back a long way – to Thomas Hobbes, John Locke and maybe Rousseau. The short answer is that we did. We elected these holders of high office – the home and foreign secretaries who ostensibly control MI5, MI6 and GCHQ, the MPs who cluelessly voted through laws such as Ripa (Regulation of Investigatory Powers Act), Drip (Data Retention and Investigatory Powers) and will do likewise for whatever loose statutes will be proposed after the next terrorist/paedophilia/cyber crime panic arrives…

Read on

GCHQ launches new code-making app

December 13th, 2014 [link]

Well, well. This from the new, cuddly GCHQ.

Cryptoy is a fun, free, educational app about cryptography, designed by GCHQ for use by secondary school students and their teachers.

The app enables users to understand basic encryption techniques, learn about their history and then have a go at creating their own encoded messages. These can then be shared with friends via social media or more traditional means and the recipients can use the app to try to decipher the messages.

Cryptoy is mainly directed at Key Stage 4 students but can be used by anyone with an interest in learning about or teaching cryptography.

The app was designed by students on an industrial year placement at GCHQ. It was created as part of a project to demonstrate encryption techniques at the Cheltenham Science Festival, and has since been used at several other outreach events. The app was a hit, and GCHQ received interest from teachers who wanted to use it as a teaching aid. Therefore it was decided to make it publicly available.

GCHQ is committed to helping to increase the uptake of STEM (Science, Technology, Engineering and Maths) subjects at schools through its outreach programme and its work with industry and academia. It is also critical that the UK builds a knowledge base of cyber security skills. Learning about encryption and the associated academic disciplines are key parts of both of these.

Android only (for now anyway). Presumably not available to Belgians and officials of the European Commission.

A Thieves’ Thanksgiving

December 13th, 2014 [link]


This is a great time to be a crook. Not a small-time crook of course — for example, a cat-burglar or a pickpocket, or someone who fiddles his expenses: these knaves invariably get caught and spend time in the slammer. I’m talking about bankers, ‘defence’ contractors, executives of ‘security’ companies (the kind that charge the taxpayer for electronic tagging of people who are deceased or in prison, for example), and the like. They are not only doing just fine, but are apparently untouchable. As Charles Simic explains in a lovely NYRB blog post:

What makes a career in white-collar crime so attractive is that there are so few risks anymore. Everyone knows about Wall Street bankers having their losses from various scams they concocted over the years covered by taxpayers. But now, even when bankers lose billions for their bank by making bad or reckless deals, or have to pay regulatory penalties, as Jamie Dimon, the current chairman, president, and chief executive officer of JPMorgan Chase did earlier this year, they are more likely to get a 74 percent raise, as he did, than to lose their jobs. As for the federal agencies that are supposed to watch over them and the Justice Department that is supposed to haul these hucksters into court, if they so much as bestir themselves to confront the banks, they simply ask them to pay fines, thereby avoiding a judge or a jury and making sure that the details of their swindles can remain secret from the public.

As dishonest as Wall Street is, it doesn’t compare to the kind of thievery that went on in Iraq and Afghanistan. Once upon a time, war profiteers were looked at as the lowest of the low and condemned by presidents. “Worse than traitors in arms are the men who pretend loyalty to the flag, feast and fatten on the misfortunes of the Nation while patriotic blood is crimsoning the plains of the South and their countrymen mouldering in the dust,” warned Abraham Lincoln during the Civil War. “I don’t want to see a single war millionaire created in the United States as a result of this world disaster,” declared Franklin Roosevelt as the United States entered World War II.

Yet today, according to the Commission on Wartime Contracting, an independent, bipartisan legislative commission established to study wartime contracting, somewhere between $31 billion and $60 billion of US government money has been lost through contract waste and fraud in Iraq and Afghanistan. It is now common knowledge that contractors were paid millions of dollars for projects that were never built, that the Defense Department gave more than $400 billion to companies that had previously been sanctioned in cases involving fraud, and that the beneficiaries of such past largesse have not only gotten fabulously wealthy, but continue to be invited to pursue lucrative business opportunities in the new homeland security–industrial complex.

Uber and second-order disruption

December 13th, 2014 [link]


Interesting insight from Jason Calcanis.

The Torture Report

December 13th, 2014 [link]

Very good roundup on Quartz by Gideon Lichfield.

From outside the US, the Senate intelligence committee’s 528-page report on CIA torture techniques—merely the abridged, non-secret version of the 6,700-page original—seems like America at its best. Harshly critical of an agency that did evil things to produce dubious intelligence while lying to its overlords, it seems to embody the country’s best traditions of transparency and honest self-examination.

But inside the US, the report is a sullied, discredited thing. This was no grave, bipartisan effort like the report of the 9/11 Commission, but—as critics would have it, and not entirely wrongly—a labor of ass-covering spite, produced solely by the committee’s majority Democrats and crafted to shield their own complicity. Republicans have attacked it; former CIA chiefs have risen up (paywall) to defend themselves. And Democrats are worrying about what will happen when, a few years hence, their rivals expose the current administration’s enthusiastic use of drone strikes to the same merciless sunlight.

That is a shame, for the report, though flawed, is truly damning. But, one might shrug, so what? If partisan politics is what it takes to have a national debate about the ethics of warfare, so be it; democracy is messy, and it should take what transparency it can get.

However, this national debate is not like those about race, guns, or the banking system. There, the winners and losers from a policy all have votes or campaign funds with which to sway the outcome. In warfare, the losers—the tortured suspects, the people with relatives blown to bits by drones—are foreigners, with no say. However indignantly liberals may protest the bad things done in their name, when the call comes to “keep America safe,” how many of them will dare challenge it?

For neoliberalism, poverty and inequality are features, not bugs

December 12th, 2014 [link]

The thing about neoliberalism is that the poverty and inequality that it produces are not regrettable side-effects of a basically sound engine, but the whole purpose of the exercise. In programming terms, they are features, not bugs. This point is nicely made by Benjamin Selwyn in a blog post in Le Monde diplomatique – English edition.

In his film Inequality for All, Robert Reich, who was Bill Clinton’s labour secretary between 1993 and 1997, documents the collapse of US wages over the last four decades. In the late 1970s the typical male US worker was earning $48,000 a year (inflation adjusted). By 2010, the average wage had fallen to $33,000 a year. Over the same period the average annual income of someone in the top 1% of US society rose from $390,000 to $1,100,000.
Neoliberal policies aim to reduce wages to the bare minimum and to maximize the returns to capital and management. They also aim to demobilise workers’ organisations and reduce workers to carriers of labour power — a commodity to be bought and sold on the market for its lowest price. Neoliberalism is about re-shaping society so that there is no input by workers’ organisations into democratic or economic decision-making. Crises and austerity may not be intentionally sought by most state leaders and central bank governors, but they do contribute significantly towards pursuing such ends. Consequently, these politicians and leaders of the economy do not strive to put in place new structures or policies that will reduce the recurrence of crisis.

HT to Julia Powles for spotting it.

US Congress quietly bolsters NSA surveillance

December 12th, 2014 [link]

No changes there, then.

December 11, 2014 Congress this week quietly passed a bill that may give unprecedented legal authority to the government’s warrantless surveillance powers, despite a last-minute effort by Rep. Justin Amash to kill the bill.

Amash staged an aggressive eleventh-hour rally Wednesday night to block passage of the Intelligence Authorization Act, which will fund intelligence agencies for the next fiscal year. The Michigan Republican sounded alarms over recently amended language in the package that he said will for the first time give congressional backing to a controversial Reagan-era decree granting broad surveillance authority to the president.

The 47-page intelligence bill was headed toward a voice vote when Amash rose to the House floor to ask for a roll call. Despite his efforts—which included a “Dear Colleague” letter sent to all members of the House urging a no vote—the bill passed 325-100, with 55 Democrats and 45 Republicans opposing.

The provision in question is “one of the most egregious sections of law I’ve encountered during my time as a representative,” Amash wrote on his Facebook page. The tea-party libertarian, who teamed up with Rep. John Conyers in an almost-successful bid to defund the National Security Agency in the wake of the Snowden revelations, warned that the provision “grants the executive branch virtually unlimited access to the communications of every American.”


So it was smartphones that killed the art of conversation?

December 12th, 2014 [link]


Nice pic, which makes a good point for those who complain about everyone looking at phones on contemporary trains). Provenance unknown. (via @webtechman on Twitter)