The Tactics of the Defenseless

http://www.zerohedge.com/news/2015-08-01/cyber-wars-begin-obama-says-us-must-retaliate-against-china-historic-data-breach

That series of claims is complete nonsense, and should be understood.

First, the security services’ claim to be able to dissociate civilian criminal vs legitimate government targets of espionage is silly.  Their own stock portfolios are the result of mixing legitimate government spying and economic espionage. Their criminals are mixed with officialdom, just like ours are.

But note what they do not claim : they don’t claim to be able to detect attacks while they are in progress, nor afterwards.  In fact, neither they nor you may know that an attack has happened, the signs can be very subtle.  All they can do is issue general warnings and promise to go after the enemy.

NSA cannot keep America’s secrets secret.  That was proven by Snowden, the only person who told anyone outside of an intelligence agency, and proven again with every OMB-level database that is spirited away by someone, they are sure it is the Chinese.

NSA are among the groups who weaponized hacker’s tools so that ANY system is vulnerable  As there is free flow of information across that boundary, and the intelligence services buy zero day exploits from the same people as the cyber criminals, criminal exploits have increased in sophistication also.  Your tax dollars helped fund all that, I hope you feel safer.

The world of cyber defense is now definitely one of assuming intrusions and quickly detecting it and curtailing the process’s privileges while it is eliminated.  I haven’t kept up with this field, but I believe that only advanced ‘software-defined network’ technologies and fine-grained security permissions can keep intruders under control while being detected and ejected.  Those are not easy and tend to develop holes over time, they are a constant source of problems and updates and exceptions.  Exceptions are easy to ignore, once made.

So NSA is in the strategic position of a raider who, having perfected the new technology of horseback raiding, finds they cannot protect their own flocks and fields from those same tactics.  How clever to have finally noticed.  One could critique their so-indirect way of informing us of this state of affairs, their lamentable inability to protect American’s secrets.  Had we known, we might have decided that the payoff of secrets was too low, and taken a different path to a better civilization.

———

Added later : all the info I run across says that has been obvious to any security person forever.  NSA made a rational decision from a bureaucratic pov, it did what produced a bigger budget in the easiest way.  The only way it could have improved security of computer and network systems in the US would have been to advocate for a different OS.

Windows security could have been improved, but Microsoft would have had to put a full test on every .dll.  Testing of that sort is the same order of magnitude as writing the original code, tho it might not need the level of expertise.

I got rid of my Windows systems in 1999 because it was clear that Windows was an inferior system in every way, far too complex because MS had decided to move components of applications into the kernel.  That complexity is bugs.  Bugs is insecurity.

http://arstechnica.com/security/2015/08/newly-discovered-chinese-hacking-group-hacked-100-websites-to-use-as-watering-holes/

Advertisements

One thought on “The Tactics of the Defenseless

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s