Evidence of the Unreasonable Effectiveness of Malware
I read “The Fortnite Trial Is Exposing Details About the Biggest iPhone Hack on Record.” I am less interested in the dust up between two giant commercial enterprises than the attempt Apple has made and seems to be making to cope with malware. The write up states:
Apple released emails that show that 128 million users, of which 18 million were in the U.S., downloaded apps containing malware known as XCodeGhost from the App Store.
The data are stale, dating from 2015. Perhaps more current information will emerge. Maybe there will be a chart or two, showing Apple’s progress in fighting malware. There were 4,000 malware delivering or malware infused apps. I don’t know. Details are scarce.
Kurzweil posits that we will eventually move beyond devices that simply allow us to look at the world through a keyhole. Instead, he forecasts that people will be online all the time. He projects that devices post-Glass will ultimately be the size of blood cells able to be sent inside the brain and connect to the cloud around the mid-2030’s.
The article tells us more:
“In Kurzweil’s vision, these advances don’t simply bring computers closer to our biological systems. Machines become more like us. ‘Your personality, your skills are contained in information in your neocortex, and it is information,’ Kurzweil says. ‘These technologies will be a million times more powerful in 20 years and we will be able to manipulate the information inside your brain.’ As that data locked up inside our brain becomes searchable, inimitable human qualities suddenly become easier to emulate. Kurzweil denies that the searching and backup up of the brain itself is a bloodless pursuit, depleted of human emotion.”
Artificial intelligence and the melding of biology and machine is increasingly discussed in the media in reference to Google Glass. Will Glass evolve to Google impants? The bigger question is touched upon in this particular article: is it altruistic intentions or advertising that is driving this kind of technology?
The posting of Jim Bamford’s Politico article on today’s Public Intelligence Blog or rather the accompanying comment on it by Robert Steele [Jim Bamford: How 9/11 Fearmongering Grew NSA Into a Very Expensive Domestic Surveillance Monster] identifies the principal problem with the outrageously expensive NSA. His comment is directly related to earlier comments he made on a Wall Street Journal article written by General Jim Clapper (USAF ret.) the Director of National Intelligence (DNI) [David Isenberg: Jim Clapper Claims Transformation — Robert Steele Comments on Each Misrepresentation] Steele did a brilliant job of refuting the claims that General Clapper advanced in this article about how much the U.S. Intelligence Community (IC) has improved since 9/11. Yet the article really wasn’t serious to begin with because it obviously was written with the purpose of telling the American people what the General wanted them to know. I am sure it was vetted carefully by his staff and possibly CIA as well.
In the interests of clearing the air a bit I would like to add a couple of comments of my own to supplement those that Steele has made.
In the wake of 9/11 people, who did not know what they were talking about, had a good deal to say concerning the “lack of sharing” within the IC. In point of fact NSA and its technical counterpart the National Geo-spatial [Intelligence] Agency (NGA) are required by law to make their products available to analysts holding the proper clearances in entire IC as well as the President and his National Security Staff. The real lack of sharing was and is between the FBI and CIA. The FBI is unwilling to share because its agents fear damaging ongoing investigations while CIA is unwilling to share because its intelligence officers fear compromising sensitive sources. Had this issue been approached with integrity and directly between the two agencies it could have been resolved years ago.
General Clapper argued that the changed “culture” within the intelligence community had made its members much more efficient at dealing transnational terrorist and criminal organizations. Neither CIA nor NSA has a clue on how to deal with widely dispersed networked type of organizations. Indeed CIA has yet to build a realistic model of the organizational structure or personnel staffing of al Qaeda. CIA’s current methodology of using ‘targeters’ to find and track individual al Qaeda members is simply doing what the original CIA Counter Terrorism Center (CTC) was doing in the 1990s. Indeed their analytic approach is the same as used during the Cold War with “Soviet Type Armed Forces” (the actual name of a class that many of us attended).
Finally there are Bamford’s article and Steele’s comments on it. Steele in his comments went right to the heart of the matter by noting that NSA was incapable of processing more than a small percentage of the material it collects on a 24/7 basis. This goes directly to an issue that General Clapper clearly did not wish to discuss in his article: for all the money being poured into NSA specifically and the IC more broadly, how much return in enhanced security are we really getting? It would not seem to make much sense to continue to spend even more money for collection systems to collect ever more traffic if what is being gathered now can’t be adequately processed.
Robert Steele: Emphasis added above. Richard Wright (Retired Reader at Amazon) focuses on the longest largest divide in the US intelligence community itself, as well as the complete abject failure of analysis as a whole and analysis in relation to crime and terrorism, but it bears mention that other divides are equally unattended to by the current leadership:
1) The secret world ignores 90% of the full-spectrum threat to obsess on counter-terrorism (badly).
2) The secret world ignores 90% of the Whole of Government customer base, while badly serving the President and a few senior national security officials. It is worthless on strategy, acquisition, campaign planning, and tactical real-time actionable intelligence in 183 languages.
3) The secret world ignores 90% of the relevant sources (in 183 languages) and methods (modern human and machine processing that is commonplace within major insurance and financial companies).
On a scale of 100%, ten years after 9/11, the US secret intelligence world earns a grade of 10% (not just failing, but a dishonorable discharge and shame for all eternity). The Senate Select Committee on Intelligence (SSCI) and the House Permanent Select Committee on Intelligence (HPSCI) are been impotent since their inception, and appear content to continue in that fashion.
Great article, reads like a thriller. The bottom line:
“In the end, Stuxnet’s creators invested years and perhaps hundreds of thousands of dollars in an attack that was derailed by a single rebooting PC, a trio of naive researchers who knew nothing about centrifuges, and a brash-talking German who didn’t even have an internet connection at home.”
“Israel has two principal targets in Iran’s cyberspace,” said a defense source with close knowledge of the cyber war preparations. “The first is its military nuclear program and its military establishment. The second is Iran’s civil infrastructure. Attacking both, we hope, will cripple the entire country’s cyberspace.”
Phi Beta Iota: What Israel is saying, particularly with regard to its second target spread, is that it is waging undeclared unjust war against Iran and the people of Iran. To blithely announce that the civil infrastructure of another country is “fair game” should call into question the sanity and legitimacy of the perpetrators.
Speaking at the 2011 Personal Democracy Forum, Doc talks about how power relationships work in markets vs how they should and could work. Markets are conversations, and they should be symmetrical conversations. Note his bit about how the language of marketing parallels the language of slavery….and the part where all their cookies end up giving them 50% completely wrong information.
Is it just me, or does it appear that we’re okay with selling our cyber-soul to China (and Russia), as long as we can also blow tens of billions on US firms pretending to do cyber-security?
Report: Despite status as U.S. security threat, China’s Huawei partnering with Symantec
East-Asia-Intel.com, April 27, 2011
The Chinese telecom giant Huawei Technologies, which has been linked to the Chinese military, is working with the U.S. software security giant Symantec, which is engaged in securing hundreds of thousands of U.S. computer systems against outside intrusions, according to a report last week in the Diplomat newsletter.
The report said “China and Russia are leveraging U.S. multinational corporations’ economic requirements to accomplish strategic goals that could quite plausibly include covert technology transfer of intellectual property, access to source code for use in malware creation and backdoor access to critical infrastructure.”
Huawei was blocked from buying the U.S. telecom 3Leaf last year by the Committee on Foreign Investment in the United States (CFIUS) and also was blocked in 2008 from buying 3Com over security concerns. The U.S. National Security Agency also stepped in to dissuade AT&T from buying Huawei telephone equipment.
Despite those actions, Huawei formed a joint venture with Symantec in 2007 called Huawei Symantec Technologies Co. Ltd. (HS), the report said. Huawei is the majority partner with 51 percent ownership, with the entity being headquartered in Chengdu, China.
The report said a 2008 report identified HS as developing “China’s first laboratory of attack and defense for networks and applications.”
The result is that Symantec is assisting China’s cyber development of computer warfare capability.
Phi Beta Iota: The US Government compounds its lack of a strategic analytic model and the requisite integrity to actually pay attention to whatever findings might emerge, with an abysmal inattention to the most basic aspects of counter-intelligence, not just within government, but across the private sector, which does not actually take counter-intelligence seriously either. Creating a Smart and Safe Nation is not difficult–it requires only a uniform commitment to intelligence and integrity across all boundaries.