[Dailydave] What's next?

Konrads Smelkovs konrads.smelkovs at gmail.com
Fri Mar 9 19:57:05 UTC 2018


I believe that much of apparent lack of capability at western intelligence
organisations is rather a lack of action which is because the goals have
not  been set at policy level and enemy was not defined. In Western public
space it wouldn’t be appropriate / possible for heads of state to publicly
declare assassination as a means of diplomacy (the famous phrase of “if
necessary, we’ll whack them in the loo” as an example). When Iran was
declared an enemy, Stuxnet happened. When Osama was an issue and declared
and enemy, US had no problems violating a sovereign state’s integrity and
shoot some people. If US/UK would suddenly want to influence election in
some other country and would at policy level have no issues with being
identified, next day there would be WPP and DDB and half of what was K
street pitching for the gig with slogans such as “bring new Stalin back,
Putin is too weak”.

In Russia Western values and  influence are publicly an enemy and so the
government departments duly execute operations and policy actions at
countering it, including taking fight to the enemy.

In short, it’s not that there couldn’t be a troll factory in Alabama, it’s
that it isn’t politically acceptable.

On Wed, 7 Mar 2018 at 17:34, the grugq <thegrugq at gmail.com> wrote:

> I like personal IO... that is a good angle.
>
> Thing is, people need to chill the fuck out on IO as cyber. Stuxnet still
> happened. NotPetya happened. There are cyber operations which have physical
> effects, and so it takes understanding that cyber is bigger than just one
> style of operation. There are dimensions, aspects, facets, all of which are
> cyber... anything that processes data (people, organisations, systems) is
> vulnerable to cyber because thats how cyber works.
>
> It was naive to lose all US IO capability except for military PSYOPS,
> basically the equivalent of ditching the entire IC except for the DIA. The
> level of IO that the British conducted against the Germans in both World
> Wars was far and away more sophisticated and clever than what the IRA LLC
> does (and did in 2016). The Russians have a deep understanding of IO,
> culturally, institutionally and with long history of effective operations.
> But they aren't the only masters of this game, and they aren't even the
> best. Just the best all got down sized. It was a huge mistake in the 90s to
> declare the cold war over and then allow budget turf wars to define the US
> information environment security posture.
>
> NSA ended up owning CNO because they convinced ppl that CNO was about
> "SIGINT at rest" and therefore it fell under their authority. What does NSA
> do? They passively monitor. As a result, the cultural forces directing CNO
> was centered around "SIGINT at rest" -- passive collection. If the CIA
> owned it maybe they would have had the creativity to look at IO as a cyber
> capability (who knows?), but they didn't. They got "stealing documents and
> talking to people"... and later "with computer enabled capabilities as
> necessary." But still it was collection, not active.
>
> Unit 8200 did innovative operations with data modification to target the
> cognitive side of Fatah, but it was not (apparently) a doctrine. Just an
> operation, a means to an end. The understanding of cyber as a domain of
> conflict is immature, as with all conflict the technology comes first and
> the exploitation comes later. The Russians realised that new media
> companies could be gamed and used for IO. Genius. Its like figuring out
> that radio can be used for propaganda purposes in the 1920s.
>
> Innovation will come from places where there is open dialogue and
> information sharing between threat actors who are risk tolerant and have
> freedom to fail. Where they can compete and develop novel capabilities.
> This is does not describe the US. They are risk averse, stovepiped, no
> private sector innovation is possible (due to absence of "freedom to fail")
> and so I fully expect that the US will continue to dominate in terms of
> technological innovation, but fail at exploiting it for cyber. The
> structure of the institutions and culture is either too narrow (NSA),
> missing (wither USIA?), or misguided (e.g. malwaretechblog).
>
> They should just rename the whole cyber strategy center -- if they even
> had one -- the Navel Observatory.
>
>
> --gq
>
>
> On Wed, Mar 7, 2018 at 10:19 PM, David Aitel <dave at immunityinc.com> wrote:
>
>> So right now I'm listening to a livestream from BAH
>> <http://www.defenseone.com/feature/genius-machines-livestream/#register-now>
>> on AI's usage in the military. It's good to get beyond the straight up
>> Terminator-esque fear that is all the rage in policy circles right now. I
>> mean, today you saw an article where people were upset that Google was
>> using TensorFlow and related technologies to recognize objects in drone
>> data. But that same technology is going to make radiologists completely
>> obsolete, and change how biology is done forever.
>>
>> And of course a few recent meetings have been almost entirely about
>> focusing on cyber as it is used in Russian Information Operations. Facebook
>> is funding Belfer to try to build automated techniques in theory which
>> defeat IO.
>>
>> My new analogy for the policy world to help them understand cyber is that
>> it's the post-Columbian effect on food, when chili peppers conquered the
>> world (except for France). Like, yes, IO and Sichuan food existed before
>> cyber, but when you add the Cyber ops and Chilli peppers to them
>> respectively, they become completely different things.
>>
>> But what you hear now is everyone saying "Hey, we focused so much on CNA
>> we forgot about mass-scale IO!" and you have to remind them that there's
>> going to be something next.
>>
>> If it was me, I'd look at personal-scale IO. I want an AI that
>> automatically finds and recruits Iranian scientists, while minimizing our
>> risk and financial costs. It's just a chatbot with a skype wallet and a
>> securedrop site, right?
>>
>> Let's have an AI send upsetting and believable DeepFake videos to Russian
>> soldiers in Syria at opportune moments, based on our intercept traffic and
>> their vkontakte.ru profiles.
>>
>> The next stage is probably not about mass advertising on social media -
>> it's might be about changing just one mind. Going deeper instead of
>> broader. Whatever it is, it's going to be like any cuisine with Chili's,
>> where all of a sudden the very identity of it changed forever and we can't
>> even remember what the original was like.
>>
>> Who knows? I mean, this is the kind of thing I want to talk about over
>> dinner at INFILTRATE with the P0 people, or with people I've literally
>> never met, who work for a company I've never heard of which probably
>> doesn't exist, in an accent I can't quite place. We should have made this
>> year's motto "The conference for people who are not afraid of the future."
>> or something.
>>
>> Also this year we are innovating by having real coffee carts, so you can
>> order a latte or a cuban coffee, which is what every conference should
>> always have had since half of us are super jetlagged/hungover. :)
>>
>> -dave
>>
>>
>>
>>
>> _______________________________________________
>> Dailydave mailing list
>> Dailydave at lists.immunityinc.com
>> https://lists.immunityinc.com/mailman/listinfo/dailydave
>>
>>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>
-- 
--
Konrads Smelkovs
Applied IT sorcery.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/dailydave/attachments/20180309/0e9f60a5/attachment.html>


More information about the Dailydave mailing list