Category Archives: Cyberwar

Russia’s Propaganda Trolls become a power in cyberspace

Summary: Cyberspace is not just a means to steal information and wreck systems, but also a means to touch people’s minds and change how they see the world. The tech is new, but the methods are old. Russia has a long history of playing this game well. Here Emilio Iasiello explains how they have aggressively exploited this new medium.

Soviet propaganda


Russia’s Propaganda Trolls
Make an Impact in Cyberspace

By Emilio Iasiello, 27 August 2015
From DarkMatters: superior attack intelligence

Posted with their gracious permission.


Russia’s propaganda machine in action

Recent reporting reveals that the Russian government may be using online propagandists in order to project a positive Russian image to the global community, while attacking those perceived to be a threat to Russian government interests.

Two individuals that used to work for an organization called the “Internet Research Agency” exposed the propaganda machine whose objective was to influence public opinion, and in some instances, discredit specific targets.

The Internet Research Agency is an organization that employees hundreds of online “trolls” – individuals whose job it is to create online discontent.

Located in four floors of a building in St. Petersburg, these trolls logged twelve-hour days supporting the Russian government while attacking perceived enemies – the United States, political oppositionists, for example – on social networks, blogs, and comment areas for social media sites (“One Professional Russian Troll Tells All“).

These online operators created personas and blogs in order to disseminate propaganda to the wider Internet audience. Techniques ranged from blatant attacking content to leveraging more subtle techniques in attempt to discredit the West. According to one former “troll,” the operations were tightly controlled and closely supervised. Assignments were handed out to the propagandists, each focusing on a theme and a list of key words to be used in online content. (“My life as a pro-Putin propagandist in Russia’s secret ‘troll factory’“.)

Some of the more prevalent topics included the situation in Ukraine, the Syrian conflict, and stories related to U.S. President Barak Obama. For this they received a monthly salary of approximately $750 (“Woman who sued pro-Putin Russian ‘troll factory’ gets one rouble in damages“).

Continue reading

Determining guilt in cyberspace: difficult now, but there’s hope for the future

Summary: We see the nature of modern America in our response to cyberattacks. The government quickly points to one of the usual suspects, and Americans believe. Reminders of past government lies have no effect, nor do experts’ warnings that attribution in cyberspace ranges from difficult to impossible. For a change of pace, today cybersecurity expert James Palazzolo explains why this might not always be so. Law and order might someday come to cyberworld.   {1st of 2 posts today.}


The Complexities of Attribution in Cyber Space: An Overview

By James Palazzolo, 25 August 2015
From DarkMatters: Providing superior attack intelligence.
Posted with their gracious permission.

Seeking attribution

The challenges with attribution and Cyber Space are a study of both social and political aspects that directly relate to the overall technical architecture of the Internet as a whole.

Rid and Buchanan argue that attribution is not a matter of technology but a matter of want; meaning: attribution in Cyber Space is determined by the importance for states to want accurate high confidence attribution with regards to cyber systems. If this want is not realized than little kinetic effort will be spent on the process of attribution.

The challenges of attribution are a well-known argument from a technical studies perspective, but it still does not help to answer: what can organizations do in the short term when looking for high degrees of confidence in attribution? If high degree confidence technical attribution is possible how long will organizations (that utilize cyber systems to conduct business) have to wait until states globally accept levels of concrete identity over the Internet for all systems? From an analogous perspective the wait for an answer to the question is the ‘gorilla in the room’.

There is a good possibility that consistent high confidence attribution of cyber systems will never be achieved. From a covert operations viewpoint the lack of high confidence attribution benefits states’ Intelligence communities.

The ability to launch political campaigns with almost complete anonymity is too convenient for states to ignore (Alyia Sternstein in Defense One). It can be argued that social applications have cemented this stance as these applications are able to reach millions of individuals rapidly and typically cost the end user nothing to use.

Therefore, why would states want to engage other states in creating policy that reflects the technical gaps surrounding attribution in Cyber Space?

Additionally, there is no monetary incentive from a private industry stance to push the conversation closer towards high confidence attribution for cyber systems. With billions of dollars already invested in offensive and defensive cyber systems there is no need to reel in development costs and towards developing systems that offer high degrees of user and host attribution.

Continue reading

Fight the hysteria about the hack of OPM’s files. It’s probably not a big threat.

Summary:  We’re told the OPM hack will have horrific consequences for America. Just as we have been told so many times since WWII, almost always falsely. I expect this too will prove to be a wet firecracker. Here are the reasons why, obvious things few journalists have told you. {1st of 2 posts today.}

China cyberattack

Know fear, America, that you might be easily ruled. Graphic from Third Certainty.


  1. OPM, our latest bout of hysteria
  2. An alternative forecast
  3. Why so much hysteria so often?
  4. Other posts about the OPM hack
  5. For More Information

(1)  OPM, our latest bout of hysteria

We were confidently told that the revelations of Private Chelsea Manning would cause countless deaths of American soldiers (example). But they never materialized. US authorities confidently predicted even more horrendous results from Edward Snowden‘s revelations. Again, nothing big happened (unfortunately, that “nothing big” includes reforms of the NSA). These are just the most recent in the long list of scary stories the government has told us since WWII.

The latest nighttime story concerns the hack of the Office of Personnel Management database (see the posts at the end for details). A wide range of information has been stolen on tens of millions of Americans, as the OPM announced on July 9

Social Security Numbers; residency and educational history; employment history; information about immediate family and other personal and business acquaintances; health, criminal and financial history; and other details. Some records also include findings from interviews conducted by background investigators and fingerprints.

What could someone do with this treasure trove? Anonymous government officials, private experts, and amateurs have let their imaginations run wild. Both Left and Right go wild, predicting horrific results. See how fear-mongering brings America together. Here’s my favorite, from Naked Capitalism on July 27.

Continue reading

Seeing behind the headlines about China’s attack, stealing the governments’ jewels

Summary:  China attacked! Playing a script from countless action-adventure movies, our political leaders and columnists gear up for bold headlines by screaming for war while they know nothing. It’s America. But the info highway gives us information to see beyond the headlines and sort fact from fancy. Here’s the latest news about the massive theft of Federal personnel data. It’s a follow-up to the post describing the attack and who was at fault.

“Experts, shmexperts. Time for action…. Attribution solid enough for the US government is solid enough.”
— Tweets from a man on the street. The kind of American that rulers dream of having.

Cyber Warriors


  1. Dueling US officials.
  2. About attribution of attacks.
  3. What we know.
  4. For more information.


(1) Dueling US officials

From the initial announcement of the theft of files from the Federal Office of Personnel Management (OPM), anonymous officials confidently blamed China — which journalists repeated as fact. The FBI has made no official statement since its “we working” on it statement on June 4. China has denied the accusation, of course.

Today we got more useful information from the GeoInt 2015 Symposium (geoint: geospacial intelligence):

“So what really makes you think that, as the head of NSA and Cyber Com, I’m going to talk with you about this,” he told a reporter here today. … Rogers’ response did seem a trifle dismissive of a reasonable question asked reasonably in an open forum. {Breaking Defense}

Rogers spoke in response to a question about how the National Security Agency was going about attributing the breach to the Chinese government. “You’ve put an assumption in your question,” he said. “I’m not going to get into the specifics of attribution. It’s a process that’s ongoing.”

… Rogers’s hedged response, given during a question-and-answer session at the GEOINT symposium in downtown Washington, comes in stark contrast to the NSA’s approach to attribution during the Sony hack. In that case the FBI, working with the NSA and DHS, quickly named North Korea as the perpetrator, resulting in the prompt issuance of sanctions.

Rogers called that a great example of cross-agency collaboration. “Working across the United States government, DHS, FBI and the National Security agency, we were able to relatively quickly come to consensus about the characterization of the activity we were seeing coming in, which formed the basis of our attribution, and with a relatively high confidence factor, which allowed us to respond in a very public and direct way.”

Why hasn’t that collaboration worked in the case of the OPM hack? Said Rogers: “every dataset is different.”  {Defense One}

Director of National Intelligence James Clapper also spoke at GeoInt, giving a remarkably casual statement on a matter of such importance.

Continue reading

Advice from Sun Tzu and John Boyd on winning at cyberwar

Summary: While we’re enmeshed in 4th generation wars we don’t know how to fight, (let alone win) a new form of conflict arrives. Least we repeat our feckless habit of fighting then thinking, let’s develop strategies before serious clashes begin. Chet Richards helps us decide if the military classics can help us, or has new tech made them obsolete?  {2nd of 2 posts today.}

“Victorious warriors win first and then go to war, while defeated warriors go to war first and then seek to win.”
— Sun Tzu in The Art of War.


Chet Richards comments on

InfoSec, Sun Tzu & the Art of Whore
by Steve Tornio and Brian Martin.
Posted At Attrition, 2 July 2010.

The authors did a great job. I found nothing to argue with in their article. But they appear to have underestimated the power of Sun Tzu’s advice, even in the unique realm of cyberwar.

I can’t argue with their observation that if you try to follow the specific prescriptions of of The Art of War,  you’re either going to be playing with analogies or you must find an opponent willing to act like a Chinese army of the Warring States Period (475-221 BC).

However, when viewed from another perspective it’s possible to see beyond the specifics of long-ago technology for deeper insights. These insights are rooted in human nature and so may prove as useful to cyber war as to any form of conflict.

Their criticism, for example, of how people tend to apply Master Sun’s advice also applies to the works of the late John Boyd (Colonel, USAF), whose major briefing, Patterns of Conflict, appears to be all about war, and mostly about the German Blitzkrieg. But to find deeper meanings, let’s start with what Boyd said about Sun Tzu’s Art of War, on Patterns of Conflict chart 13. First, he talks about some of the “themes” he finds in the work:
Continue reading

How would Sun Tzu defend computer systems? Poorly. A new era needs new thinking.

Summary:  The theft of the Federal government’s personnel data has brought information security back to the front pages. Along with the usual cries of “off with their heads” for the guilty and promises of Total Information Security in the future, as the signal to noise ratio in the media drops towards zero. To help restore our sense of proportion, here’s an article from the past by two well-known experts discussing the difficulty of e-defense in the 21st century.

This is a follow-up to About the theft of the Federal government’s personnel records: sorting fact from fiction, another in a series about a new age of conflict in which the old ways no longer work.  {1st of 2 posts today.}

“As we shall show, defense is a stronger form of fighting than attack. … I am convinced that the superiority of the defensive (if rightly understood) is very great, far greater than appears at first sight.”
— Clausewitz, On War, Book 1, Chapter 1


InfoSec, Sun Tzu
& the Art of Whore

By Steve Tornio and Brian Martin.
At Attrition, 2 July 2010.

Posted with the authors’ permission.


Lately, you can’t swing a dead cat without hitting someone in InfoSecurity who is writing a blog post, participating in a panel or otherwise yammering on about what we can learn from Sun Tzu about Information Security. Sun Tzu lends the topic some gravitas and the speaker instantly benefits from the halo effect of Ancient Chinese Wisdom, but does Sun Tzu really have anything interesting to say about Information Security?

In The Art of War, Sun Tzu’s writing addressed a variety of military tactics, very few of which can truly be extrapolated into modern InfoSec practices. The parts that do apply aren’t terribly groundbreaking and may actually conflict with other tenets when artificially applied to InfoSec. Rather than accept that Tzu’s work is not relevant to modern day Infosec, people tend to force analogies and stretch comparisons to his work. These big leaps are professionals whoring themselves just to get in what seems like a cool reference and wise quote.

“The art of war teaches us to rely not on the likelihood of the enemy’s not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable.”  { The Art of War}

This seems to make sense on its face. If you focus on making your systems and networks invulnerable to attack, then you don’t need to worry about attackers. So, on any modern network where people actually need to get work done, can you make systems invulnerable to attack? If not, does this particular advice tell us anything useful? Maybe Sun Tzu was trying to say that we need to spend more and more money on IPS/SIEM/firewalls/antivirus, even if we don’t see a particular need to upgrade or improve those areas.

Information security is not warfare (leaving aside actual warfare, of course). The bulk of security practitioners are working to protect private and public networks and do not strike back against any enemy.

Continue reading

About the theft of the Federal government’s personnel records: sorting fact from fiction

Summary: We’re into the phase of the OPM records breach scandal where the US public policy crisis process predictably breaks down into finger pointing and aggressive guessing. Here is a brief on what little we know, and pointers on what we certainly don’t know.  {2nd of 2 posts today.}

cyber war


  1. How was it done?
  2. What was taken?
  3. Who was at fault?
  4. Who did it?
  5. Panic!
  6. For More Information

(1)  How was it done?

We can learn the bare bones about this series of attacks from the statement by Office of Personnel Management (OPM) Director Katherine Archuleta (bio here) to the House Oversight and Government Reform Committee. For an easier to read version see this typically excellent ars technica article by

Department of Homeland Security Assistant Secretary for Cybersecurity Dr. Andy Ozment testified that encryption would “not have helped in this case” because the attackers had gained valid user credentials to the systems that they attacked—likely through social engineering. And because of the lack of multifactor authentication on these systems, the attackers would have been able to use those credentials at will to access systems from within and potentially even from outside the network.

Beyond this we hear mostly guesswork.CyberEspionage

(2)  What was taken?

Lots of high-volume guessing in the news. The best answer might be: lots was taken. The Director’s statement says “we have not yet determined its scope and impact”. For a more precise answer see…

Continue reading