[Dailydave] Late Friday thoughts on the Kevin Mandia RSAC keynote.

Kyle Maxwell krmaxwell at gmail.com
Tue Mar 25 15:03:41 EDT 2014 

In my mind, the question is less "does the Chinese government sponsor or
affiliate itself with or carry out cyber attacks?" and more "is this
*particular* group associated with this *particular* designation and this
*particular* incident?"

Yes, of course the Chinese carry out CNA/CNE operations (as does the US).
And drawing a circle around a set of incidents and saying "we believe that
a single adversary carried out these attacks" can be validated with
relative ease, at least in theory, assuming access to relevant data and
indicators. But then connecting that adversary label to a human or a
defined organization requires further analysis and, because it's more
complicated, will inevitably run up against appropriate analytic
questioning to avoid falling prey to things like confirmation bias and
whatnot.

The issue of trust comes up here as well, because things changed sometime
after the APT1 report release. Many of us in this community have even more
trouble than we might have had before in accepting assertions based solely
on "NSA" and "DoD" and "US government" labels, to the extend we ever *did*
accept them.

The idea of reproducibility is a key part of inquiry, whether in science or
intel analysis or anything else where critical thinking matters. We're not
shamans. In the 21st century, we should expect to have our conclusions and
methodology challenged (as I do every day). In any case, if one's response
to criticism is to withdraw from the discussion, onlookers will not draw
good conclusions. The audience is listening, as I believe I've heard once
or twice.


On Tue, Mar 25, 2014 at 10:39 AM, xgermx <xgermx at gmail.com> wrote:

> From Saturday's NYT article on the NSA owning Huawei:
>
> "The N.S.A., for example, is tracking more than 20 Chinese hacking groups
> -- more than half of them Chinese Army and Navy units -- as they break into
> the networks of the United States government, companies including Google,
> and drone and nuclear-weapon part makers, according to a half-dozen current
> and former American officials."
>
> http://www.nytimes.com/2014/03/23/world/asia/nsa-breached-chinese-servers-seen-as-spy-peril.html?_r=0
>
>
> Is anyone on this list really shocked by this? If we can so readily accept
> this, why is so hard to accept the APT1 attribution? Being younger, I'm not
> nearly as experienced in all of these domains, but it seems to a be salient
> question. In my eyes, APT1 is just that, one out of MANY. And yes, lets not
> forget it works both ways, as evidenced by the NSA's sheer ownage of the
> Chinese non-mil/gov targets.
>
>
>
-- 
Kyle Maxwell [krmaxwell at gmail.com]
Twitter: @kylemaxwell
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20140325/81efac91/attachment.html>

More information about the Dailydave mailing list