A wave of stupidity is flooding through the USA mediawaves. Here's an example:
A cyberattack disabled US cell phone networks, slowed Internet traffic to a crawl and crippled America's power grid Tuesday -- all in the interest of beefing up US security. Dubbed "Cyber ShockWave" and organized by the Bipartisan Policy Center (BPC), the event was held at a Washington hotel room transformed for the day into the White House Situation Room, where the president and his advisers typically meet to address national emergencies.
In the simulation, former top US officials debated how to respond as the power grid in the eastern United States was virtually shut down by a stealth cyberattack and a pair of bombings, cutting electricity to tens of millions of homes.
This is an "exercise" conducted by something called the Bipartisan Policy Group. The confusion between officialdom and lobbying could be forgiven, because it was intentional. Consider this list of Washington DC rock stars:
Then we have the amazing spectacle of Google complaining about being attacked by China!? Is there -- can there be -- any credence to this story? To me, it doesn't pass the laugh test, it is clearly a propaganda story with a hidden message. A little clicking and we find this:
Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.
Oh. 2 activists... that's two, the number between one and three ... gmail accounts of alleged activists. Not hacked but probed. This is below underwhelming, this is quintessence of underwhelming, the very quantum of underwhelming!
One glance and it's gone. If you read more, the contradictions just keep rolling in. Apparently it is related to copyright theft, or, no it's not. Related to a concerted attack on 30 big companies, or not. It's caused by a horrifying new technique called "man-in-the-mailbox" or it's caused by phishing, or a virus, not. It's China, or it's Taiwan! It's a school, or it's the Red Army?
What's going on? What is curious is why a group so historically sensible and focussed as Google fell to such a stupidity as announcing this in a blather of hype. Well, read a bit further:
These attacks and the surveillance they have uncovered--combined with the attempts over the past year to further limit free speech on the web--have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.
Ah. So, google are under pressure from the Chinese government. This is *nothing* to do with cyber-hacks, activist, freedom of speech, intellectual property, APTs, and everything to do with the access to the Chinese market. On terms appropriate to Google. They needed a casus belli to convince someone (shareholders? own employees?) of the need to rattle sabres, and a hack is a great catch-all. But, in the process of feeding the media craving for new heights in gullibility, google might have drunk a little too deeply of the kool-aid, because they then negotiated with the NSA to cut a secret deal; if there is ever a sign that it's all over for independence, that's the one!
Google approached the NSA shortly after the attacks, sources said, but the deal is taking weeks to hammer out, reflecting the sensitivity of the partnership. Any agreement would mark the first time that Google has entered a formal information-sharing relationship with the NSA, sources said. In 2008, the firm stated that it had not cooperated with the NSA in its Terrorist Surveillance Program.
Sources familiar with the new initiative said the focus is not figuring out who was behind the recent cyberattacks -- doing so is a nearly impossible task after the fact -- but building a better defense of Google's networks, or what its technicians call "information assurance."
Getting out of China, to maintain independence, then signing up with the NSA, doesn't present a consistent message. I love the quote about how they don't want to break any laws on spying on Americans...
Back to China. The rhetoric has spread further than expected. Over in Mozilla's groups, the anti-China faction has stirred up another little hate campaign over a Chinese CA called CNNIC.
With this background in mind, let's unpack the Mozilla debate. What set off the debate was the addition of the China Internet Network Information Center (CNNIC) as a trusted CA in Firefox. CNNIC is not part of the Chinese government but many people assert that it would be willing to act in concert with the Chinese government.
To see why this is worrisome, let's suppose, just for the sake of argument, that CNNIC were a puppet of the Chinese government. Then CNNIC's status as a trusted CA would give it the technical power to let the Chinese government spy on its citizens' "secure" web connections. If a Chinese citizen tried to make a secure connection to Gmail, their connection could be directed to an impostor Gmail site run by the Chinese government, and CNNIC could give the impostor a cert saying that the government impostor was the real Gmail site. The Chinese citizen would be fooled by the fake Gmail site (having no reason to suspect anything was wrong) and would happily enter his Gmail password into the impostor site, giving the Chinese government free run of the citizen's email archive.
Which offends them mightily, because CNNIC is likely to follow the Chinese government's rules on ... well, everything, as did a veritable stampede of popular western companies (Microsoft, Sun, Cisco, Skype spring to mind, and don't forget google who did, and don't and won't and might stop and want to take their bat and ball and go home). The problem for Mozilla is, CNNIC seems to offend them in more or less legal ways, in more or less policy ways, and in more or less the ways of every other view we can objectively apply.
The crime, after all the evidence is assembled (not a single credible fact that I have seen), is pretty thin, and as thin as the accusations levelled against every other CA from time to time.
But, this matters not at all if the real objective is popular manipulation (propaganda, by some). Note the clear linkage above from google to gmail to Mozilla... What might be called governance and protection of 250 million users in Mozilla technical circles might also politely be called nationalism by others.
But. Silly as it is, the message meshes in nicely with the current global geopolitical aspirations of some in Washington, at top. Back to the silk-dress appeal for pork-barrel funds by the "BPG":
An operation dubbed "Cyber ShockWave" has spanked the U.S.'s cyberdefenses -- hypothetically. Under the scenario organizers dreamed up, virus-infected smartphones spread malware to their owners' PCs. From there, the attackers DDoSed telecommunications networks into submission, brought down electrical grids and bombed a gas pipeline. The verdict: America's cyberdefenses are wanting.
What's the connection between the Mozilla skirmish, the Google retreat, and the unaffiliated-affiliated NGO above?
These are all the same war, the war on China. And, the battleground isn't anywhere near China (indeed they are probably as bemused as anyone else), it's happening in the American media. Although Mozilla do not think they are political and although Google would like not to be political, both of these agents are being dragged into an anti-China rhetoric by a much more media-savvy player, anciently called the military-industrial complex, at times called "the hawks," more recently called the Neocons, and now wielding the pathetic title of Bipartisan Policy Group:
"You're going to see planes being grounded now. You're going to see trains not moving," said Fran Townsend, former president George W. Bush's one-time Homeland Security advisor, who was promoted to Homeland Security secretary for the simulation.
The "cabinet members" debated how to respond to the situation and what advice to give the president, with suggestions ranging from calling out the National Guard, nationalizing the power companies and retaliating once the attackers' identities were known.
"If this is an attack on the United States the president, as commander-in-chief, has the authority to use the full powers at his disposal," said former deputy attorney general Jamie Gorelick, playing the role of the US attorney general.
"We're in good shape from a command and control standpoint," said "Secretary of Defense" Charles Wald, a retired general and the former deputy commander of US European Command. "We can take action offensively if we know where to go," Wald said. "Problematically, we don't know where that is."
That crowd doesn't know the difference between a bit and a bomb, but they don't need to because the warfront is the media front, and they certainly know a thing or two about using the media to prepare you for their next big adventure. You might thing this is a small thing, but the propaganda just keeps on rolling. The British version of the NSA, called GCHQ, is also infected:
"A successful cyber attack against public services would have a catastrophic impact on public confidence in the government, even if the actual damage caused by the attack were minimal," [Cheltenham spy agency's new Cyber Security Operations Centre (CSOC) says].
The warning forms part of a preliminary "horizon scanning" report produced by the new unit, which is scheduled to begin operations next month. Its job will be to continually monitor internet security, producing intelligence on botnets, denial of service attacks and other digital threats to national security.
Such a level of FUD has rarely been seen outside the information security industry and wartime. This is awful news for just about everyone. What most of these players want is to shake China down. Google wants "in" on comfortable USA competition rules, where it gets the preferential treatment that allows its business model to shine. No bad thing for the Google shareholder, but the Chinese government wants to reserve that market for a local player (for obvious & easy reasons):
In the last two decades, China's economic reform programs and its citizens' entrepreneurial flair have lifted hundreds of millions of Chinese people out of poverty. Indeed, this great nation is at the heart of much economic progress and development in the world today.
Google wants a piece of that action, plain and simple. Mozilla wants "in" on far more vague grounds that can't really be tied down, but they probably feel an interest in preserving the ability of activists in China to browse securely. Given my crypto history, it should be no surprise that I'm sympathetic to that argument as are many readers, but China isn't. If we think of it in legal terms, this puts Mozilla squarely against the current anti-democratic, anti-freedom-of-speech laws of one quarter of the planet. As google said:
We have taken the unusual step of sharing information about these attacks with a broad audience not just because of the security and human rights implications of what we have unearthed, but also because this information goes to the heart of a much bigger global debate about freedom of speech.
Meanwhile, the last-war-generals in Washington DC want "in" to China on a geophysical control basis, whereas the Chinese government wants to reserve the supply of commodities to itself. That is, China has a long term strategic mission of securing the supply of commodities to its industries. Washington DC disagrees. Hence, we find a lot of strange bedfellows all agreeing on the same objective, but for wildly different reasons.
At this point, most readers will think I'm short a few marbles. All can I say in my defence is this: the rise of China in the thought-processes of the Washington DC set is pretty easy to see, if you look. It's been there for at least a decade to my knowledge; it pops up in any serious scandal from Middle East, looking eastwards to some watery point well west of Japan. You'll have to take it on faith that when you're in a tussle with China, suddenly you'll find an 800lb gorilla in the room as your ally. Slashdot knows it, from many examples here's just one:
While I don't disagree that we could do more in the area of computer security, one needs to look closely at the affiliations of the people running this "exercise."
They're both loyal Neocon insiders. John Negroponte [wikipedia.org] is the former Bush Director of National Intelligence. Michael Chertoff [wikipedia.org] is the former Director of Homeland Security, and co-author of the Patriot Act. And both of these positions were just the last in a string of appointments by Bush/Cheney.
And as career neoconservatives, they've been at the forefront of fearmongering and prevarication in order to lead the US to war and erode civil liberties. These are not opinions, these are well-documented facts [google.com].
The neocons are a one trick circus; this is just their newest pony. If you've been paying attention the past nine years, how can you possibly doubt that this is anything else?
A gorilla you really don't want in your living room, because the cost of the alliance is probably a house re-build. The danger lurking within is this: the hawks' theory is that China will take over the USA militarily sometime in the next few decades. Whatever you think about geopolitics (last 20 years of small proxy wars, etc) this has led a not-insignificant group within the Beltway into wanting a war of some form with China. Their theory is that they have to do it now or soon, or else it will be too late.
And this may explain the flush of rhetoric out of Washington DC: the hawks are scared they are running out of time for a war, and for that, the next step is simple: they have to swing the American public behind them, into a bellicose, anti-China mood (recall how they did this with Iraq 2).
Which brings us back to the cyber-war nonsense. This is the perfect cassus belli because there is no embarrassing evidence to show they are lying; indeed we can't even get it right or clear or agreed in the open market because the electrons won't sit still after the attack. As cassus bellis go, it's got more mileage than historical ones such as Iraqi nukes or Saddam's mate Osama or the North Vietnamese torpedoe boats in the Gulf of Tonkin, because in the end, the physical evidence spoke up.
From now on in, cyber-war will be a central plank of the war on China. The only problem is, it's a lie, a casus belli, and it's more or less unprovably false and unprovably true and very very scary, all at the same time. The American Public are being set up, again. Same as it ever was, but this time the entire Internet, security, communications and interactions world is being dragged in.
That effects every one of us. This time it's personal.
(As an aside, the hawks' strategy is doomed to failure. It worked in Iraq 1 & 2 because of many factors that were easily predictable. Arguably, it failed or worked in Talibans 1, 2. It failed in Iran, but there's still hope. Unlike Iraq & Iran, who supply lots of *commodity* oil, and Afghanistan which supplies commodity opium, China supplies manufactured goods to USA. If oil or drugs slow down, the price goes up, and the market adjusts. The traders love that, it's called volatility.
On the other hand, if Walmart is emptied, we've got bigger problems, nobody benefits from that. But this easily predictable failure of strategy won't stop the hawks, possibly because their experience in economics is limited to slopping at the pork-barrel trough. As far as policy goes, this is the same stupid crowd that chose to hollow out its nearest and dearest southern neighbour in the so-called _war on drugs_. The stupidity virus has gone deep.)Posted by iang at February 22, 2010 04:59 PM | TrackBack