May 29, 2013

Apologies to DARPA and an Illuminating Point Regarding the Media

Yesterday I posted a short piece about DARPA's Plan X project which was covered in an article over at Wired. It sounds on the face of it like a very problematic plan to spend a lot of money, and I pointed out a few of those issues briefly. However, shortly after posting the article I was looking for some background on the author, Noah Shachtman, because I honestly cannot understand why he would not include some alternate viewpoints in the piece aimed at pointing out some of the basic flaws I pointed out. What I found is that he's not actually a technology or information security expert. Apparently they don't use journalists who have some background in technology over at Wired.

The Kaspersky Supposition

The other thing I found is this blog post by Eugene Kaspersky in response to a Noah Shachtman article in Wired. After reading both the article and the blog post, it appears that Mr. Shachtman has: a) barely a basic understanding of computer networks and technology; and b) an active imagination. It is a shame that Wired gives him press credentials because what he does cannot be classified as journalism. The piece on Kaspersky is a hack job. Kaspersky himself has replied to most of the points already, but I wanted to touch on two additional points.First, Shachtman mentions Kaspersky's start as a KGB officer as a menacing implication that he's a spy bent on knowing everyone's secrets and using strong-arm tactics for the furtherance of his mission. I don't know Kaspersky as a person any more than I know the guy next to me on a bus, but from the following two pieces of information I can probably paint a more accurate picture of the man than Shacthman did in his piece: he studied at the Institute of Cryptography, Telecommunications, and Computer Science; and he started an anti-malware firm based on his interest in early virii (which became somewhat of an obssession), doing a significant portion of research himself early on. Kaspersky seems to be a classic geek. He was probably good at math which is why he studied at the Institute of Cryptography, Telecommunications, and Computer Science. He obviously carried that talent and interest forward to a wildly successful career, but he's probably more Dennis Ritchie than Vladimir Putin.Second, Shachtman makes a lot of hay out of Kaspersky's comments regarding online passports. He either states or implies throughout that Kaspersky, being a hardened KGB spy, wants to know everything that everyone is doing at all times. To this end, he is pushing an agenda of online passports which will be necessary for people to access the Internet and which can be used to track everything they do at all times. What Shachtman's lack of expertise in information security or technology in general fails to bring to light is that some entity already knows everything you do at all times. The social networking sites which Kaspersky seems to have a real issue with are a dumping ground and massive catalog of every possible piece of personal information available. They store your name tied to an email account; phone and address if you volunteer it (sometimes without you realizing it if you install the mobile app); the food you ate along with Instagram pictures of it; and then whether the food gave you an upset stomach. In addition, Google is tracking every search you make, and linking it to your IP address. If you visit a web page that has a Facebook "Like" button on it, then Facebook knows you were there. (No, the ads you saw on Facebook right afterwards were not a coincidence.)In addition, there are examples of even hackers who are trying to maintain their anonymity being tracked down on the Internet after a momentary slip-up in opsec. It's not just corporations that know everything about us, but the government too. Given that Shachtman fails to understand that online anonymity is a myth, it makes his claim that Kaspersky wants to destroy something that doesn't exist seem a bit ridiculous. Like I said, I'll leave the rest of the rebuttal of that awful piece on Kaspersky to Kaspersky himself.

The Plan X Reality

So, if Shachtman is a hack, then how accurate is his piece on Plan X? Turns out, I probably did not give DARPA enough credit. Looking back through some info on the DARPA site and Fed Biz Opps, it appears that the objective for Plan X is probably actually very reasonable and somewhat boring. Plan X appears to be more akin to cyber cartography- allowing generals to decide where to build cyber bridges, walls, and outposts than it is to World of Warcraft or Angry Birds. It will allow them to deploy their Cyber Seal Team 6 more effectively based on operational realities, not replace them with an app that dumbs cyber attacks down to finger-swipes and pinch-to-zoom. This is a more reasonable goal for the project, and a lot less interesting, which is probably precisely the reason Shachtman's piece did not paint this picture. My apologies to DARPA. This whole scenario illuminates the point I was trying to make here regarding the media in a somewhat over-the-top way. Even in cyber security, sex sells- just don't believe everything you read. I should start taking my own advice.

Continue reading

cybersecurity newsletter
The MPG newsletter

Get great curated articles into your inbox.

Our semi-regular newletter is a great source of information.
No spam!