I wouldn’t trust them with my security. Why should you?

Posted by Pointman on October 20, 2016 · 16 Comments 

In June 1943 in the middle of WWII, US Congressman Andrew May visited Pear Harbour for a top-secret briefing on how the naval battle in the Pacific was progressing. Part of the briefing was the disclosure that US submarine losses were very light because the Japanese didn’t know how deep US subs could actually dive, so consequently set their depth charges to explode at too shallow a depth to be effective.

On his return to the states, May held a press conference stating among other things that America sub losses were particularly light because enemy depth charges were detonating too far above where the subs actually were. Silly Japs, tee hee. For reasons known only to themselves, the journalists present decided to include that snippet of information on the articles they wired for syndication across America, including papers in Honolulu. Obviously, Japanese intelligence monitored American press and radio.

Almost immediately losses of subs shot up because the Japanese were now setting the charges to go off at a greater depth. The commander of the US submarine feet in the Pacific at the time, Admiral Charles A. Lockwood, later estimated that May’s security breach had cost 800 lives and the loss of 10 submarines.

Congressman Andrew May was never again let near any military intelligence or any other state secrets either. He became the man who was always asked to leave the room when anything like that came up for discussion in a committee meeting. Not even FDR could have a Congressman shot for damaging his beloved navy, so he made damn sure to make a public example of him on any occasions he could, if only as a warning to the rest. He was subsequently tried and jailed for profiteering and corruption a number of years after the war.

Last week Vice President Joe Biden publicly accused Russia of trying to fix the presidential elections and that accusation came with a none too subtle threat of a cyber attack if they didn’t back off. This was a world-class stupid move for a whole raft of reasons.

First off, Russia has always interfered in American political matters, just as America has always fiddled with Russian politics. That interference went from relatively subtle things like Voice of America blasting propaganda into the USSR for half a century and the Soviets funding western ban the bomb movements, to more direct instances such as the proxy wars of colonial influence waged in Vietnam and Russian-occupied Afghanistan.

Putin goes to some trouble to project a macho man image to his people; someone who’s unafraid and strong enough to take on foreigners. There’s no way he can ignore a threat made so publicaly. He’s been kicking Obama from one side of the ring to the other for the last eight years, so someone like Biden wasn’t going to present any problems. He didn’t even break into a sweat.

Putin publicly announced that all Russian citizens should return home, as well as the families of diplomatic staff posted abroad. The message was clear, I’m battening down the hatches, because if you launch any attack, cyber or otherwise, I won’t hesitate to retaliate.

Putin has already fought two wars to stop states ceding from the Russian Federation, and in both cases a massive cyber attack paralysing the country’s military command and control systems preceded the tanks rolling in. It wouldn’t be their first rodeo.

There hasn’t been a peep from Biden or anyone else in the Obama administration about launching a cyber attack on Russia ever since.

From the populist Russian viewpoint, America had been faced down by their strongman Putin and had to slink away chastened with its tail between its legs. Once again, our brave little Vladimir has kicked America’s ass and humiliated them before the entire world.

I’ve no doubt that because of the smug knowing grin on Biden’s face when he delivered the threat, Putin has already ordered a security sweep on what would be termed Russia’s critical national infrastructure, to weed out whatever malware might be hiding in it.

A unique strength of cyber warfare is how hard it is to conclusively prove who is behind it. One man from any country in the world, sitting in a parked car outside a café in Rio de Janeiro which has free wireless internet access, can launch a crippling attack with just a few lines of computer code and drive away never to be seen again. Note, I said launch, not develop. It doesn’t need zillions of lines of computer code and a supercomputer to run a malicious attack. A laptop or even a smart phone can kick it off.

Given that opaqueness as to the source of a cyber attack, Biden’s ill-advised threat also laid the ground for some opportunist third party to launch an attack on the industrial infrastructure of Russia, just to get America and Russia at each other’s throats. There’s a low probability of that happening for a variety of reasons.

The mad-dog pariah states don’t have the necessary software expertise because their education consists of memorising the Koran, the ones who do have the capability are not interested in starting WWIII and anyway, it would tip their hand because of the way cyber warfare is conducted.

Cyber warfare is more akin to espionage than conventional warfare. The latter starts with artillery bombardments, a struggle for air superiority and finally tanks and soldiers pouring over the border into a country. Intrusion starts on day one of the war.

With cyber warfare, you’ve already penetrated their systems well in advance, secretly installing all the software in them you need to bring them down. It’s cocked and loaded long before the war even begins. All it needs is a simple activate command, a launch code if you will, after which all hell breaks loose. Your software sleeper agents already embedded in the country, wake up and get to work sabotaging all installations of any importance.

It might come as a surprise to some people, but nowadays most heavy industrial equipment comes with control systems, which is to say computer software, and that can be used to devastating effect against itself. Essentially, you can reprogram the machine to commit suicide. If you don’t think that’s possible, watch this video of some generating equipment tearing itself apart, with the cause being nothing more than malicious code inserted into its hardware control software. Turning it off and then back on again won’t fix that machine.

If you’ve watched that clip, you can understand why a lot of countries have come around to the view that covert cyber attacks on their industrial infrastructure is just as much an act of war as dropping bombs. From the hawkish military viewpoint, that was the message Putin was sending. Also, America is a much heavier user of industrial computer-controlled hardware systems than Russia. Military systems are hardened, but civilian installations are wide open.

A more subtle example of software being used to damage hardware was the military-grade Stuxnet virus, jointly developed by America and Israel to sabotage the Iranian nuclear program. Among other things, it took control of the banks of centrifuges being used to separate out fissionable material. Once it had control of a centrifuge, it recorded 24 hours of normal operation before it got to work slowly destroying the machine.

For 18 months, machine after machine broke down irreparably, while the systems that monitored their health were all the time being replayed the good data recorded in Stuxnet’s first 24 hours of operation.

As I said, it takes little or no effort to launch a cyber attack on a country, but developing and building the software does. The more sophisticated, versatile and targeted it is, the bigger the team required to produce it. There’s something called a zero day exploit, which is a security vulnerability in an operating system such as Windows, or an application program such Internet Explorer.

If it hasn’t been already discovered by anybody else, it’s called a zero day exploit, simply because on the first day it strikes and becomes visible, the anti-virus scanners don’t know its signature yet. Some people make a living spending months picking software apart looking for a single zero day vulnerability. For a good find, they’re looking for a five-figure payout from the software supplier.

Stuxnet contained at least four definite zero day vulnerabilities that we’re sure of, and it’s still being dissected by anti-virus firms to find out what else it does.

Given how fundamentally stupid Biden’s threat was, the question as always is why did he do it?

The first and obvious reason is he’s pretty thick. Don’t be too surprised at that; a lot of politicians present well to camera and electorates but haven’t got two brain cells to rub together. By all accounts and by any stretch of the imagination, he’s not the sharpest knife in the cutlery drawer. He’s the sort of weak man a weak president can appoint as a second in command, and not feel in any way threatened by him.

Biden’s reputation is one of bumbling mediocrity, but as long as he’s well chaperoned, only allowed to do soft interviews, never allowed to talk off the cuff and dutifully reads the scripts he’s handed by his speech writer, he’s manageable. His other claim to fame is his penchant for mauling, pawing and whispering in the ears of women and little girls, while little boys seem free of his attentions. You can see from their faces why the nickname of Creepy Joe suits him so well.

Perhaps on this occasion, he simply escaped from his carers.

Another motivation I’ve heard is that it’s George Soros getting back at Vladimir Putin. That’s not actually an excessively tin foil hat conspiracy theory, since Russia, meaning Putin, recently issued an arrest warrant for him while at the same time throwing out of Russia all the NGOs he was behind in whole or part. As a theory, it has some credence, since Soros contributes big bucks to the Democrat party and of course the Clinton Foundation. Soros is also a mean and vindictive man and it’s many years since he got his ass kicked like Putin just did, so I wouldn’t put it past him to try and strike back.

Perhaps it’s just cashing in a marker with the Obama administration, but Obama, knowing Putin wouldn’t cave, gave the task to squawk to Biden who wouldn’t be politically acute enough to realise he was going to be taking a bullet for Obama. In his early years, Putin ate a steady diet of fabulously rich asset strippers called oligarchs while at the same time taking every penny they had. Soros is shaping up to be Putin’s next snack.

What lends a little bit more credence to the Soros theory, is the UK’s NatWest bank announcing out of the blue that it was closing all the banking facilities it provided to RT, formerly Russia Today, and the decision was final. RT acts as the Russian government’s mouthpiece. In response, Putin let it be quietly known in screaming headlines in the Russian media that he’d be closing the banking facilities of the BBC and every other British journalist organisations in the Russian Federation.

Within 24 hours, NatWest’s “final” decision had been unfinalised, much to the chagrin of Soros who no doubt owns a nice big lump of it through various investment vehicles. Vladdi wins again.

Another theory is the WikiLeaks material is really hurting them, and they suspect for some reason that the Russians are supplying Assange with the dirt to shovel all over them. A teensy weensy little bit of credence leant to this idea is the Ecuadoran embassy in London that Assange has been hiding in, cutting off his internet until after the American election. I doubt if the material is actually with Assange, so I can’t see how cutting him off will magically stop the flow of damaging revelations.

I wrote this article on Sunday, and expected to do nothing more to it other than tune up the prose in the week. Lo and behold, in the third presidential debate between Clinton and Trump, she mentions in passing the exact number of minutes between the president giving the launch order and the first missile being launched. This is a massive breach of security, since it gives the window of time an enemy has to break the message chain and kill the limited number of people with the launch codes. If they’re gone, nothing can be launched.

That flagrant disregard with respect to classified material is the reason such a fuss is being made about her unsecured mail server at home. Every foreign intelligence service worth its salt is guaranteed to be trying to penetrate the electronic communications of members of a government, especially the American Secretary of State, who’s in charge of enacting foreign policy. You can bet the house they all read every top-secret email that ever landed on that server.

That might go some way towards explaining the foreign policy disasters that occurred during her tenure as Secretary of State.

After all the furore about her open email server, you’d think she’d know better than to make an even bigger security gaffe about a critical detail of America’s nuclear strike capacity in front of millions of people on TV. Congressman May only managed to kill 800 American submariners, Clinton’s security lapses in the nuclear age could result in deaths of millions.

We live in a dangerous world and the last thing it needs is senior but inept politicians to destabilise it further, just because they fail to think before opening their mouths and giving away state secrets. When people ignore basic security procedures, and seem incapable from learning from their mistakes, you simply have to remove their security clearance and access to classified material.

©Pointman

Related articles by Pointman:

The Anatomy of a Hack or Why Climategate was not a Computer Hack.

Russia 2, Greenpeace 1.

Russia 3, Greenpeace 2.

Click for a list of other articles.

Filed under Article · Tagged with Biden, Clinton, Hacking, Security