Saturday, January 17, 2015

Blackhat, the CENTCOM Hack, and InfoSec Perception


I highly recommend these two articles from Wired's Threat Level blog, and you should read them in order.

  • Is Blackhat the Greatest Hacking Movie Ever? Hackers Think So
  • Why I Hope Congress Never Watches Blackhat

    I'm often critical of both policy-makers and, unfortunately, military leaders who are ignorant of strategy. Another topic most of our lawmakers are ignorant of is information security - "cyber security" to the uninitiated. The amount of blather that's been bandied about over the Sony hack has provided ample evidence of this.

    I can't count myself among "early Internet users", because the Internet was technically around before I was born, but I can say with some confidence that I was using the Internet before most people had even heard of it - around early 1994, when most households didn't start getting Internet access until around 1997. For years now, I've worried that by attempting to control the uncontrollable, or worse, to tax it to death, Congress would legislate the aspects of the Internet which make it so revolutionary completely out of existence.

    Meanwhile, President Obama's post-Sony initiative - discussed at some length in that second article from Wired - came at the same time as United States Central Command's Twitter and YouTube accounts were hacked. When I saw the news earlier this week, I thought to myself, "So?" As the Heritage Foundation's Peter Brookes notes in a recent op-ed:
    While CentCom wasn’t disabled by the attack, a misunderstanding of the gravity of the event might prove to be a significant public relations victory for the CyberCaliphate — whoever they are — and for the Islamic State.

    Perception is reality after all.
    The whole thing reminds me of an incident a few years ago, immortalized by the class xkcd comic titled "CIA" that's featured above. Even the BBC acknowledges that this is about public relations, not "cyberwar".

    I've mentioned Thomas Rid's book several times lately. I finished it last weekend, and I can't recommend it enough. With this recent series of high profile hacks, I can only imagine how Dr. Rid's media schedule must look at the moment. I suspect that Dr. Rid would identify the Sony hack as a combined act of sabotage and subversion, and mostly subversion in the case of the hack on USCENTCOM's social media feeds. I suspect that he'd agree with Peter Brookes: these hacks are more about manipulating public perception (or, in the case of Sony, probably extortion) than they are about some nebulous concept of "cyberwarfare". Given the complexity involved with information/"cyber" security, I suspect that the ability of hackers and hacktivists to "wag" the proverbial governmental and media "dogs" will remain constant for the foreseeable future. UPDATE: Blackhat has received another endorsement, this time from the BBC. (Technically, the BBC reports that hackers are praising the film.)
  • No comments:

    Post a Comment