<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
So this should be the week of furious NK and Chinese backpedaling.
In general coming out with a cyber capability means that you make it
obvious to the IC who did it, while maintaining plausible
deniability to the public, and of course, not going so far that the
IC is force to act. NK miscalculated that last part. The IC doesn't
care about what you post on Twitter after the fact and is going to
use this to tie to the other cyber issues it feels go over the line
(aka the Chinese economic espionage program). <br>
<br>
<img alt="<picture of COIN in action>"
src="cid:part1.06060807.09000301@immunityinc.com" height="373"
width="500"><br>
<br>
<br>
But the continual "I still don't believe it's NK" news reports and
Twitter grumblings can be explained by looking at the extremely
confused IC strategy in terms of a failed Counter-Insurgency
operation. In other words, the IC's credibility is in the toilet.
The hearts and minds they lost in the information security community
when the head of the FBI was idiotically screaming to Congress that
Apple's new iPhone encryption is going to enable pedophiles and
terrorists, or blatantly misleading Congress about American
meta-data collection, or prosecuting people for incrementing numbers
in URLs, all matter. Until they realize they have to approach every
prosecutorial overreach on a teenage "hacker" with the same care
that a base commander in Pashtun territory would shake a child's
hand in Khandahar then the IC will fail to get the support of the
various tribal leaders in Infosec they maybe still don't understand
they need.<br>
<br>
-dave<br>
<br>
</body>
</html>