95 Theses of Cyber

This is worth reading:

  1. Imperfect human beings are incapable of creating perfectly-secure computers.
  2. Corrupt human beings will create security flaws on purpose in order to gain power over others.
  3. Flawed computer security is a political and economic problem, not a technical problem.
  4. The human race no longer lives 'in the real world.' we now live online, in the cyber domain.
  5. Two columns of power dominate the cyber domain: mass surveillance and targeted hacking.
  6. Given a large enough set of people and a long enough span of time, power always corrupts
  7. ...

As I wrote to Nation magazine back in July of 2014: "The United States is now a surveillance state where corporate and government spies collaborate to monitor citizens. If academic researchers like Emmanuel Saez and Thomas Piketty are correct in their groundbreaking analysis of growing economic inequality, the end game for society will be pretty grim. As our social fabric disintegrates and the climate becomes less hospitable, the immiseration of the average person will lead to widespread mobilization. The US elite are well aware of what happened to French aristocrats in the eighteenth century. To save themselves from a similar fate, they will switch the cogs of the surveillance state into high gear, and the United States will witness the sort of oppression that is the hallmark of a police state." -BB(2017-07-16)

Hersh: There's a Wild Hare in the Oval Office

Back-to-back reports from Seymour Hersh in Die Welt indicate that the recent cruise missile strike in Syria was based on the false premise of a nerve gas attack by Assad's forces. President Trump, thinking with his gut, ordered the attack despite explicit warnings from advisors and open source analysis. As one insider put it:

"He doesn't read anything and has no real historical knowledge. He wants verbal briefings and photographs. He's a risk-taker. He can accept the consequences of a bad decision in the business world; he will just lose money. But in our world, lives will be lost and there will be long-term damage to our national security if he guesses wrong. He was told we did not have evidence of Syrian involvement and yet Trump says: 'Do it.'"

Hersh also provides a series of conversations between an American soldier and a security advisor. The security advisor explains Trump's willful ignorance:

"There has been a hidden agenda all along. This is about trying to ultimately go after Iran."

The American soldier in turn makes a truly astute comment:

"I guess it really didn't matter whether we elected Clinton or Trump."

One thing is certain: throughout all of this Russian leaders come across as the adults in the room. Remaining calm and seeking to de-escalate. On the other side the American Deep State relies on fabrications to justify military action and pursue full spectrum dominance. -BB(2017-06-25)

Update: The White House warns Syria about making "another mass murder attack using chemical weapons." The mainstream press dutifully sticks to its narrative without a hint of journalistic skepticism.

The CIA Uses Cyber Anti-Forensics (Vault 7: Marble)

Posted today by WikiLeaks:

"Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA. Marble does this by hiding ('obfuscating') text fragments used in CIA malware from visual inspection. This is the digital equivallent of a specalized CIA tool to place covers over the english language text on U.S. produced weapons systems before giving them to insurgents secretly backed by the CIA."

Deception is a vital part of offensive cyber operations, efforts that consume the vast majority of all federal cyber spending:

"Across the federal government, about 90 percent of all spending on cyber programs is dedicated to offensive efforts, including penetrating the computer systems of adversaries, listening to communications and developing the means to disable or degrade infrastructure, senior intelligence officials told Reuters."

This is why attribution is a lost cause despite the assurances of security vendors and government spies. Operational signatures can be mimicked, attacks staged, and forensic artifacts forged. Welcome to the wilderness of mirrors. -BB(2017-03-31)

Vault 7 and The Specter of Vendor Collusion

A WikiLeaks press release describes the CIA's efforts to develop firmware-level rootkits:

"Included in this release is the manual for the CIA's 'NightSkies 1.2' a 'beacon/loader/implant tool' for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.

"While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise."

The notion that all of Silicon Valley's secret deals somehow ended in 2013 is delusional. In a recent interview Julian Assange calls out the usual suspects:

"Other companies affected by the CIA's hacking tools, such as Google, Microsoft and Apple, in contrast, simply forwarded WikiLeaks' offer to provide further information to their legal departments. Assange claims that this was done because these companies work with US intelligence agencies. It is also the reason that so many employees at such companies have US government security clearance, especially those who work in cybersecurity departments."

The bitter pill is this: you cannot have your cake and eat it too regardless of how much money the C-suites in the Bay Area throw at public relations and overt gestures of defiance. -BB(2017-03-23)

WikiLeaks Releases CIA Hacking Documents (Vault 7)

Years ago Cryptome warned that the CIA's role in mass surveillance was being overlooked. Today this claim is shown to be 100% spot on. WikiLeaks reveals that the CIA is neck deep in hacking.

"By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other "weaponized" malware. Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its "own NSA" with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified."

Cryptome has a history of being correct about spies and their ops. And so I'll repeat a prescient observation from John Young:

"The last thing CIA and its supporters want is a revelation of its manipulation of civilian leaders institutionalized by the 1947 National Security Act (also opposed by the military)."

Note the mention of anti-forensic techniques. Does this raise a few questions about allegations of Russian hacking? There's a reason why President Truman regretted the cloak and dagger authorization he granted the CIA. -BB(2017-03-07)

Update: The CIA has responded with an official statement. Which is essentially a pack of lies. The CIA's job is to implement policy which is mandated primarily by economic elites and organized groups representing business interests. It exists to assist in opening up markets and providing access to resources on behalf of oligarchic factions. Executive Order 12333 enables CIA operations within our borders. As Dennis Kucinich correctly notes "we are sliding down the slippery slope toward totalitarianism."

Several weeks ago, an exec at Microsoft called for a "Digital Geneva Convention." This may be interpreted as a public relations gesture by a documented NSA partner. Arms control in the cyber realm is nothing more than pleasant fiction.

Opening Pages from Years Past

Opening Page 2016

Opening Page 2015

Opening Page 2014

Opening Page 2013

Opening Page 2012

Opening Page 2011

Opening Page 2010

Opening Page 2009