Tagcybersecurity

5th Generation Warfare for Dummies

Skilluminati describes this as 5th generation warfare reduced to marketing copy for contractors:

“America still hasn’t quite understood that we are opening Pandora’s box. Take drones. We feel we can use them anywhere, soon others will be using them against us. There are dozens of countries around the world developing their own drone technology or buying what is out on the market. The same is true for technologies like those associated with Stuxnet,” said the former senior diplomat who has worked closely throughout his career with the military and intelligence communities. Or as another journalist friend of mine put it who has been covering the issue closely, “The day after Stuxnet was like the day after Hiroshima. We had the technology and no one else did. But within a matter of a few years that had changed.” So had the nature of modern warfare…and by extension of modern diplomacy and that’s what is going to happen here.

Imagine wars that were conducted constantly, wars in which both sides might not be bent on destroying one another but would rather focus on capturing resources or slowing down economic performance or producing popular frustration or distributing misinformation or manipulating elections or markets. Shutting down power grids or stealing money from bank accounts or spilling pollutants into a river are old hat with current technologies. Imagine what the future might hold.

Foreign Policy: The Phantom War has begun

See also: Wired for War

Are we starting a full-out war on the Internet?

Inside the World of Wannabe Cyberspooks for Hire

Many of you have probably heard about the internal e-mails from the security firm HBGary. Ars Technica summarizes much of it in a length article, including HBGary’s aspirations to provide various PSYOPS services – such as cartoons and social media propaganda management – to federal agencies. Ars Technica details one proposal the firm sent to DARPA, which agency declined to fund:

So Barr and Hoglund drafted a plan to create something like a lie detector, except that it would look for signs of “paranoia” instead.

“Like a lie detector detects physical changes in the body based on sensitivities to specific questions, we believe there are physical changes in the body that are represented in observable behavioral changes when committing actions someone knows is wrong,” said the proposal. “Our solution is to develop a paranoia-meter to measure these observables.”

The idea was to take an HBGary rootkit like 12 Monkeys and install it on user machines in such a way that users could not remove it and might not even be aware of its presence. The rootkit would log user keystrokes, of course, but it would also take “as many behavioral measurements as possible” in order to look for suspicious activity that might indicate wrongdoing.

What sort of measurements? The rootkit would monitor “keystrokes, mouse movements, and visual cues through the system camera. We believe that during particularly risky activities we will see more erratic mouse movements and keystrokes as well as physical observations such as surveying surroundings, shifting more frequently, etc.”

But HBGary was also interested in applying its techniques for private clients as well:

But the e-mails also remind us how much of this work is carried out privately and beyond the control of government agencies. We found no evidence that HBGary sold malware to nongovernment entities intent on hacking, though the company did have plans to repurpose its DARPA rootkit idea for corporate surveillance work. (“HBGary plans to transition technology into commercial products,” it told DARPA.)

And another document, listing HBGary’s work over the last few years, included this entry: “HBGary had multiple contracts with a consumer software company to add stealth capability to their host agent.”

The actions of HBGary Federal’s Aaron Barr also serve as a good reminder that, when they’re searching for work, private security companies are more than happy to switch from military to corporate clients—and they bring some of the same tools to bear.

When asked to investigate pro-union websites and WikiLeaks, Barr turned immediately to his social media toolkit and was ready to deploy personas, Facebook scraping, link analysis, and fake websites; he also suggested computer attacks on WikiLeaks infrastructure and pressure be brought upon journalists like Glenn Greenwald.

His compatriots at Palantir and Berico showed, in their many e-mails, few if any qualms about turning their national security techniques upon private dissenting voices. Barr’s ideas showed up in Palantir-branded PowerPoints and Berico-branded “scope of work” documents. “Reconnaissance cells” were proposed, network attacks were acceptable, “target dossiers” on “adversaries” would be compiled, and “complex information campaigns” involving fake personas were on the table.

Ars Technica: Black ops: how HBGary wrote backdoors for the government

One of the more interesting proposals was for a “persona management” software for the Air Force. Raw Story has more details on this project. A mysterious company called Ntrepid eventually won that contract.

This isn’t the Air Force’s first foray into social media propaganda, it launched a blog commenting campaign in 2009.

© 2024 Technoccult

Theme by Anders NorénUp ↑