goodbye horses

[Bas Alberts <bas.alberts () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The year is almost over, and I feel like wasting my yearly DailyDave
quota on a rant about this, and I hate the use the term
non-ironically, NK "Cyber War" malarkey. Note I don't have time to be
cohesive so this is mind vomit at best.

So on one side we have the camp that my dear friend and illustrious
supreme leader Dave Aitel is in. It posits that Sony getting owned up
the ass by a potentially state-sponsored team represents an "Act of
War"(tm) in that it is a supposed case of a foreign military attacking
US infrastructure on US e-soil resulting in considerable economic
damages (and with it all the hype/fear/boohoo that comes with that).

When he first said it, I was like "Dave, you so kwazy, how in the holy
hell is that even remotely an Act of War?". Or at least that's what I
would have said if he had let me peer review his media blitz before
sending it out. But alas, I was asleep in the hotel room next to his
as he was feverishly warmongering away at his Surface Pro in the early AM.

Then everyone had a shitfit on the Interwebs, and not long after that
came the announcement that the US government was moving forward with
some sort of official attribution towards North Korea for this whole
mess. So for the sake of argument, let's assume the attribution is
right and thus conveniently skip over the trickiest part of the debate
(psyche!).

Although in all actuality I don't think the attribution problem is
that hard to solve really. If "Guardians of Peace" eventually drop the
torrent of the movie with a "LOL J/K", it's not state sponsored. If
they don't, it is. Only state sponsored hackers lack a sense of humor.

Buuuut, anyways, assuming the attribution is correct.

Ok, so? Now what? We're not going to war right? North Korea is already
dirt poor, you can't really sanction them more than they've already
been sanctioned, and noone has the nerve to point any real fingers at
the underlying training and resource sharing infrastructure provided
by the Chinese and the Russians.

Alright so, really it boils down to this "event" (legit or not)
becoming a policy vehicle or catalyst. This is not so much about Sony,
or North Korea, or even whether or not the attribution is correct. It
is much more a dry run for a near future filled with the real thing.
The right hack at the right time, if you will. You knew it was coming,
right?

All hype aside, Dave's narrative has always been the same for this
kind of thing, and you can trace it back over many years and many of
his presentations. He has always claimed that a big part of "cyber" is
not so much the "I will turn off your lights in the middle of winter"
of Hollywood lore (heh) and much more a game of economic pressure to
coerce and otherwise influence policy and strategy. He thinks that a
lot of these "events" are more about establishing a recognized
baseline of capability than they are about anything else. The message
is becoming "anything, anytime, just so you know". Clearly that's a
message the US established a long time ago, and in a sense the Snowden
leaks only solidified its position in a "that was only the tip of the
capability iceberg LOL" kind of way.

It doesn't matter if it's amateurish, insider jobs, sloppy code,
whatever. What matters is "was there a net effect? did that net effect
get the message accross?". Not "you didn't even have a LUA engine in
there! AMATEURS!". Noone cares about that, except maybe us, maaaaybe.

Couple of weeks ago maybe a handful of people had an active
understanding of what Unit 121 was or did. Now they're hot shit all
over the world, sorta, kinda, even if it wasn't them. Just like NSA's
TAO became hot shit all over the world. Just like China's PLA Unit
61398 is hot shit all over the world.

Wait you haven't had a coming out party for your "elite of the elite
cyber warriors" yet? What's taking you so long bro. Get with it.

So the most real/current practical example of actual impact on the US
economy - and surely I'm muddling the lines of CNE/CNA/CNO and
whatever other acronyms team "I've never written an exploit" came up
with for policy on this stuff - is China's insistent economic
espionage effort against the West. Noone is arguing that the Chinese
haven't siphoned millions (billions?) of dollars worth of IP out of
"our" networks over the past decade or more. That is generally
accepted as fact, and it's hard not to when you see components
designed in your classified research facility paraded on national
Chinese television I guess.

A big part of the counter argument vs Dave's Act of War rhetoric, when
you remove all the name calling, sarcasm, and hysteria, is that if
China has been impacting the US economy with factually attributed
hacking efforts on such a large scale, then how does NK impacting a
single US company's net worth even stack up to that? It's not like
they killed anyone right? And even when they actually did kill US
citizens in the past, it wasn't an Act of War.

Beats me.

But I suppose the more nuanced point Dave is trying to make, is not so
much that this is an Act of War, or even that it should be. But more
that this Sony thing is not about Sony, it's about the US necessarily
having to prepare for a future where it will have to politically and
publicly address and respond to a game that up until very recently,
was only played in the shadows. This is about redrawing lines in sand
that turned to glass a long time ago.

Of course, truth be told, I wouldn't be surprised if I'm watching The
Interview from the comfort of my Interwebs before the week's end, either.

*shrug*

Love,
Bas

PS: You should come to INFILTRATE 2015, probably.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlSTUngACgkQLpdA2Ju9tfcIywCfWMbYXsrn128uGg+F7bZih/Rn
ieoAmgOd/ex7hpjfkN7QECQBIsEwuBdq
=5lg7
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave