Friday, July 17, 2015

Cyber...warfare?

Did you ever notice a politician will never say "war" when it's an actual war. They like "police action", "reconnaissance in force", "interdiction", etc. They use it all the time though for items they want you to rally behind like the War on Drugs, the War on Poverty, and the War on Obesity. Why are they so keen on calling that which is, anything but? However for that which isn't, they stop just short of naming it genocide? It's the same reason a car dealer uses "certified pre-owned" instead of "used". One conjures thoughts of an almost-new vehicle. The other is makes us feel like we are going to spend the next 6 months just getting the smell of farts out of there. I wish the government had as much zeal in naming laws and departments honestly as they do in food labeling.

This same nonsense is true with the term "cyber warfare". I am still trying to remember the last time someone was cyber'ed to death. Was there ever a time where we had to drape a flag over a Dell Optiplex and bury it at Arlington? Are we giving out Silver Stars to the guys pushing "Enter" in the Metasploit-console window? They are on the cyber-front, using cyber-arms. Should they be denied their due commendations and VA benefits? Surely not, if we are being at all consistent between our words and actions.

What we have here is a new dynamic in the field of salesmanship. We can gin up a scare with no casualties, and get millions of dollars in return. We can receive accolades and promotions with absolutely no risk of battlefield losses outside of the occasional ESX server running too hot. This is a win-win solution for the politically inclined and the cyber-salesman. One convinces the other more money is needed, they both get to reap the rewards sans a crying widow(er).

I am not saying we shouldn't take threats in the cyber domain seriously. I am also not saying it should be absent from an intelligence operation. I simply don't think we ought to treat it even remotely the same as we do a bomber or an AK-47. Ask a serviceman sometime if they ever lost someone close due to a malicious email attachment or PDF. And yes, there are different levels of service to your country. Being a linguist at Fort Meade your whole career is not the same as being an asset in-country. Piloting a drone is not the same thing as flying an F-16, but is something a 16-year old can probably do. (I don't allow comments, so whine to your Facebook or the Twitter-verse) Finally, being a "cyber warrior" is not the same as being front-line infantry; no matter how many air-conditioned Commander's Calls pats on the back there are. (Please see my previous comments on whining).

Let's leave the computer security field as what it is; an exercise in risk-mitigation and intelligence gathering. This way we can talk in a non-hyperbolic manner about the subject. We can discuss flaws and methods openly without fear of Wassenaar or other hastily put together Federal dictum. There's nothing wrong with a firm selling services that reduce their odds of revealing user information. It is a mutually beneficial transaction. We get money, they get some assurance their business isn't flying blind against potential theft. If we are terrible at our jobs, we lose them to a better competitor or have to compensate the client for negligence on our part. This is a business, not a war with winners and losers. Those who wish to label it so seek to increase profits on the back of a lie. Their time would be better spent on improving security products instead of practicing pomp and political posturing.

Monday, July 6, 2015

Yes, I did delete my LinkedIn Account and here is sort of why

Maybe one day I will entertain you all with the tale of the final profile deletion decision. Long story made somewhat shorter, though not as short as it could be considering the length of this run-on sentence, it was too much work for too little gain and ZERO enjoyment.

While we are on the subject of popularity and visibility on the web, let me share with you a story from a gaming convention I attended. It was a great time, with several speakers of some renown. There was one illustration of the ethereal nature of online fandom which stuck. It gave me pause for pondering upon the nature of social media. One of the individuals at the conference was a person who had a following so vast, the line was full an hour before the talk just to get in! Once we were inside, I could see why. The fellow had a gimmick. He had charisma. He surrounded himself with a team that made each of them more interesting. I had no regard for what they did; little desire to watch their show, but damn it all I respected the clear ability to pull an audience. I could see why the audience liked him immediately. One person asked for a hug, and another cried while telling the presenters how they had pulled her from a deep depression. These were devotees. They had a trust and admiration for these guys that warranted the million or so followers in their thrall. I said as a matter of study, "man, what are they doing right?". Was it polished public speaking which garnered this much enthusiasm? Does the very personable presence of this panel demand adulation and attention?

Whispers in the wind tell us of the ability Reagan had to draw folks into his sphere of thinking. Books have been written on the way Lombardi and Hank Stram inspired their teams to victory. Millions followed and cherished their leadership. Their faces were enshrined in buildings and on trophies. Here we had a man, who thousands watched day-in and day-out. Surely this man would be readily identified by his fans. THIS man would never know a moments peace from those he touched; no respite from the rooms he roamed with recurrence. His face was all over the Internet, a far greater expanse than the largest library, or stadium in any era.

Here we enter an event party, held off-site. The place was not terribly crowded. It held plenty of spots to spy even the smallest subject from across the space. I was in attendance along with my comrades smart enough to follow a Twitter link, when I saw something I could not believe. I found that beloved Internet sensation. I saw his face. I saw his attire. I knew it was him, yet at the same time I thought I may be mistaken. Alone. He was alone. Alone? Not possible. I double-checked my conclusion with a colleague who confirmed my eyes were not in conflict with my brain. Not only was this person solo, but he was CONSISTENTLY solo. Six or seven times that night I recall wanting to extend a hand or buy a drink. I simply couldn't do it. I felt odd. It felt wrong. This should not be. After all of that fanfare and all of the accolades...nothing. There was no effort at disguise, I only met the guy that afternoon and could ascertain that was indeed him with a glance. Surely a fan or two could be seen in tow?

There was not a soul, however. Neither groupie nor follower to be had. A social media masterpiece was right in front of us without so much as a munificent man with a mojito waiting? The line was out-the-door to even hear him speak only a few hours ago. A perfect opportunity had presented itself to probe his profundities. That is when the whole concept of second life started to form for me. The fame is more fleeting than ever. It is a contradiction. There is a much greater spread of viewership, but you are forgotten at thrice the speed. It's almost as if the virtual world, and all it encompasses, is just that. Virtual. The applause is abbreviate. No one cares once the show is over, even if it will resume the next day. You have to be there everyday, every minute, and on every screen. Anything less, is pointless. A single slip results in online oblivion.

Here I was, looking at my LinkedIn profile and its sub-par performance I hated having the account almost as much as my long-forgotten Facebook phase. I received nothing from the reams of data and insights I had supplied to the business beast regarding my profession. Insights, by the way, for which I have someone eagerly paying an hourly wage to supply. I was giving recruiters a one-stop-shop for similarly qualified persons without deriving any monetary benefit from the transaction. I was forced to acknowledge that the whole exercise was a benefit to everyone but those who matter most; myself along with those I wished to help with my advice. It was actually sort of an insult, to be frank. I was a piker in terms of visibility compared to the virtual-virtuoso I encountered at that party, yet I was spitting in the wind here. Why participate in this network if someone so celebrated in cyberdom could be forgotten in less than a couple blocks from the conference?

This blog is a recording of my thoughts and research which I wish to share with you all without feeling like it is a professional obligation. I have fun posting here...mostly because I can say "Fuck" ad infinitum just like I do at SAHA!. The preceding tale isn't one of sour grapes, only an acknowledgement of the necessity to live in reality. Do what you enjoy because you enjoy it. If you do it for an increase in views, why are you doing it? You will be virtually vacated, nothing but data dust in the end. Instead of that, switch it up. Be the fine fragments people will look upon fondly before discarding you in the digital dumpster.

Next blog post will be another feast for the sarcastic eye about our chosen field. The one after that will probably be a return to computer vision with a new-and-improved method I showed at SAHA!

XOXO
-vesh