Feeds:
Posts
Comments

Posts Tagged ‘The Matrix’

A commenter over at the Small Wars Council thought my theory about the possible motive of the Iranian Metasploit hijinks would make for a good movie–but, I assume, not the most credible analysis.  First, typing commands in to msfconsole is a little hard to dramatize on screen. About the closest we’ve come to making the command line sexy was having Trinity from The Matrix run an nmap scan and a fictitious SSH exploit, and Trinity did it wearing a leather outfit (see article and YouTube clip*). The real perpetrator may be doing it unshaven and in a bathrobe. At least, that’s how I do my best work. Secondly, I am, like, so totally serious about my theory of someone more interested in disrupting intelligence agencies than Iran’s nuclear program.  Here’s why:

There are certainly credible reasons why a professional intelligence agency would bang away in Iranian networks with Metasploit. If the Iranians are shutting down key parts of their network (I don’t know how vital the automation bits mentioned in Mikko’s piece are) to do forensics to figure out how the attacker is getting in, maybe blasting “Thunderstruck” is the next best thing to some fancy exploit to ruin centrifuges. Or, perhaps, some group who wants to disrupt Iran’s nuclear program is flooding them with garbage attacks to overwhelm Iranians attempts to analyze their more ‘long-term,’ targeted malware. That analysis takes time and personnel who are in short supply even in the U.S. Think of it, to borrow a phrase from one of my brilliant friends, Federico Rosario, as “a DOS attack on skilled personnel.” Others have mentioned playing “Thunderstruck” as a kind of psychological warfare on trust in terms of Iranian infrastructure.

However, these types of attacks seem every bit as likely to disrupt professional intelligence agencies’ access as help them in some way. I also am unimpressed with the PSYOPS theory, because (1) this has already been accomplished via previous malware and (2) announcing one’s presence contradicts the IC’s modus operandi in terms of being able to discretely collect information and disrupt systems.  That’s why I think there is another motive at work here. The reported worm and Metasploit hijinks may even be two separate actors.

* – Funny enough, that little 1:09 clip dramatizes pretty much every policy maker’s fear of an infrastructure attack on the US

Advertisements

Read Full Post »

A few days ago, I got a chance to watch Inception and enjoyed it very much. To Christopher Nolan’s credit, the film held me in such an almost pained state of suspense that, if I had been reading a book, I would have skipped ahead to the ending. In spite of the fact that I expected Cobb (Leonardo DiCaprio) to shout “we are duly-appointed federal marshals,” Nolan’s dream world worked for me. Moreover, the premise of stealing (“extraction”) or implanting (“inception”) an idea deep within another’s mind was intriguing.

Yet, the film’s strongest feature was the masterful way he draws upon the cultural imaginaries of films like The Matrix and the James Bond franchise to create a world that is very likely the fiction of one or more characters’ minds. When you have a scene like the Alpine assault on the fortress deep within layers of dreams, the fun–above and beyond the fascinating visuals–is in wondering where, exactly, is the origin of the fantasy.

Amongst my friends and the mainstream press, I keep hearing you have to watch the film multiple times to “get it.” If anything, the film would have benefitted from being even more inscrutable. The whole plot (cover your eyes if you have yet to watch it) can be too easily dismissed as a figment of Cobb’s imagination as he is drowning in the disorientating wish-fulfillment of “limbo” as he is chased by his dead wife and shadowy corporations–both of which may or may not have ever existed. After all, if Arthur (Joseph Gordon-Levy), Ariadne (Ellen Page, who I would have bet money would have been an irritating reminder of Juno and those terrible Cisco commercials, but was not), and the other members of the team are mere “projections” of Cobb’s mind, can we trust anything we see in this environment? Perhaps, the audience are themselves positioned as dreamers observing a world we cannot trust.

Indeed, this idea of a world that we cannot trust has taken hold elsewhere in the popular press with the Washington Post’s “Top Secret America” expose. As I tweeted when the story broke, I continue to be underwhelmed by the revelations. If you are remotely shocked by a single one of these, you are not paying attention–and I say this from an English Department where I am the farthest place in the universe from being an “insider.” Indeed, the ‘scariest‘ among the so-called revelations is that there are installations across the United States where this “top secret” business takes place. They are not as inconspicuous as you might think. A building with hardened security fences, 360-degree camera coverage, and persistent security personnel above and beyond the occasional bored doorman tends to stand out. Moreover, a trip to the property appraiser’s website will tell you what shadowy organization owns it. In sum, these places are not exactly hidden within volcanos. It removes the romance/horror (depending on your politics), doesn’t it?

(If you represent an organization that actually operates out of a volcano lair, my resume is but a click away.)

The story’s “legs” is its evocation of an impenetrable hidden world that may or may not be watching us. I quite literally laughed out loud when the Flash video proclaimed a “fourth branch of government–Top Secret America.” If only it were that sexy. The shear number of people that have security clearance should indicate how mundane this world really is. (I recall a segment of The Daily Show where, instead of ‘if I told you, I would have to kill you,’ John Stuart says, “If I told you, you would never have sex with me.”) Many of the number advertised are folks like DEA agents who are subjected to a clearance process in the interest of protecting the names of undercover agents, confidential informants, etc. The risk is not you, reading my blog in your cat-themed night dress, but a cartel trying to gain access to that information. “Top Secret” is more a measure of scrutiny applied to employees rather than actual access to information–much less nefariousness of purpose. Others are folks like Foreign Service Officers who have access to information that may be valuable to actors ranging from foreign companies to intelligence services.

That is not to say domestic surveillance does not creep me out. It does. From my dating misadventures to my politics, I value every shred of my privacy–something, it is worth noting, that those who have Secret or Top Secret clearance have sacrificed in the name of public service. However, having argued better security practices to friends and clients over the years as an IT guy, I guarantee you those who are worried about the NSA spying on your porn habits are far more at risk from disclosing confidential or otherwise damaging information on Facebook, in unencrypted IMs or web browsing, or via just plain bad security practices to criminal organizations than they are anyone in the Intelligence Community.

Moreover, I am 100% confident in the ability of truly nefarious organizations to evade billion dollar systems steeped in bureaucracy whether it be syphoning credit card numbers or planning terror attacks. Just as malware authors continue to defeat signature-based detection regimes like antivirus programs, others will defeat monitoring programs like the NSA’s creepily-named “Perfect Citizen.” Even if there is someone who can perfect an automated surveillance system that could flag real threats (they won’t), bad guys can resort to passing notes between their cousins and brothers-in-law–a medium a lot more trustworthy than the Internet or telephone. Hell, I am reasonably confident in MY ability to evade surveillance and my budget is a grad student’s stipend and my ‘tradecraft’ I picked up via podcasts, websites, and Amazon.com. In other words, I am hardly a Bond villain–golden gun and third nipple, notwithstanding.

What scares me does scare me is two-fold: (1) the over-confidence in high-tech surveillance for reasons I have already stated, and (2) the judges and lawyers making the legal determinations based upon this over-confidence or outright ignorance. At a talk at University of Florida, former FBI senior executive Randall Murch recalled the approval process for an early post-9/11 electronic surveillance measure. The judge, who needed his grandson to turn on his computer, only asked, “Would this technology have prevented 9/11?” Murch answered, “Yes.” I have a great deal of respect for Murch, but the answer was at best “maybe” and belied the fact that security (whether maintaining it or undermining it) is a software issue–specifically, the kind of software between your ears–rather than a hardware one. Unfortunately, human beings prove the weak link whether it is computer security or National Security. Just look at all the leaks to emerge from this so-called Top Secret America.

Yet, the illusion of an omniscient, omnipotent intelligence community is a persistent figure in American culture that resonates in films like Eagle Eye or Enemy of the State. If anything, it speaks to a perverse longing in our culture to be surveilled evident everywhere from Facebook to the boogie man CIA constructed in films like those mentioned above. Certainly, Inception taps into this fear given the assumption that our collective subconscious has become the new battleground. After all, DARPA would trip over its collective self to create a machine that could peer into people’s minds rather than the notoriously unreliable polygraph, which is more of interrogation prop than tool, for all those many thousands of clearance investigations in Top Secret America. However, “extraction” and “inception” prove every bit as fleeting.

This is what makes Inception different (and so much more interesting) than those before it. Nolan shows how this this imaginary technology is every bit as unreliable as its real-life counterparts. Authenticity proves impossible to prove when humans become involved. This is more than the tired “wilderness of mirrors” Espionage trope. For all we know, Cobb is not a spy but some accountant trying to escape his mundane life in one of those opium den-like dream beds we see early in the film.

Whether it is the general public or the Intelligence Community itself, we can no more trust our fantasies about this so-called ‘Top Secret America’ as those in Inception. This film taps into our own perverse desire to have shadowy companies, terror groups, and faceless agencies persecute us even as we (that is, American society) become ever more willing to have our privacy invaded–thousands of times more often for advertising purposes such as with Gmail and the exhibitionism of Facebook than by any act of the Intelligence Community. If there is a truth to be had from the Washington Post piece and Inception, it is that we live in a truly inauthentic age where what we call ‘reality’ is scripted and humans are–in spite of all everything disclose to our therapists or on Twitter–as unknowable as ever.

Read Full Post »