CIRCUMVENTING

Ever read the book, Ender's Game by Orson Scott Card? 

I was looking at a recent employment ad on the Raytheon site for 250 "cyberwarriors" (The ad was referred to by the guys at Wired.com, so I decided to check it out) 

This ad -- one which sited Obama's recent pronouncement that "cybersecurity is one of our country's most urgent national security priorities" --  made me recall the story of Ender's Game: a fiction in which a young savant fights and wins a war for human-kind vs. an Alien enemy all while thinking he is merely playing and winning a series of battle simulations? 

 

It would seem to me all too easy for Obama's presumptive "cyberwarriors" with Raytheon and elsewhere to become unwitting, adult versions of "Ender" character themselves -- to, in their case, be tasked to attack the computer systems extant in say China, all while thinking they were merely engaging in attack simulations.  

As such, I speculate that perhaps new "cyberwarriors" with Raytheon and elsewhere might inadvertently find themselves playing what might humorously be called "Obama's Game" by some Beltway insiders.

 

Now before the days of the Web I figured one could pull off the aforementioned.  But 20 years ago or more, gathering the information one would need to piece a respective 9 digit number together appeared a challenging but ultimately, criminally uneconomical exercise. 

However, the Web certainly appears to have made it easier to assemble the information needed to begin to successfully deduce the SSN of an unsuspecting victim or victims for villainous purposes. And of course this recent Carnegie Mellon study freely spells out the "recipe" for best employing the web to deduce most of the numbers of said SSNs and for identifying the remaining digits by "playing-the-numbers" with various credit application submissions.

Problem I have with all this is:  Do I want to be reading about this "news" in a major -- or any -- publication? 

Frankly, the fact that I am reading about it suggests that the Obama administration -- an administration that I admittedly voted for -- under-values the potential impact that the release of this information could have on the national security of the U.S.

Let's say I was a bad guy under the care and feeding of a power averse to the U.S.  What if I took my time over the next year, allied with numerous other bad guys and together we correctly deduced millions of SSNs.  

What if we then employed these SSNs for the purposes of opening millions of new credit accounts under the names of their rightful designates -- a year long, "long-game" process painstakingly undertaken to rattle U.S. consumer confidence.  And what if "this" along with other nefarious financial activities set the stage for our foreign power's larger, still economy-focused attack on the U.S.  

And what if our sponsoring power's larger, "short-game" "attack" violently, simultaneously struck all seat-holders on the NYSE, all NASDAQ operational centers, the floor of the Chicago Commodities exchange, the heart of Silicon Valley, and major universities supplying all the personnel working therein.    

 

The rest of the international community would probably "button-up."  And perhaps the U.K. would offer some snickering assistance to those it now termed its bedraggled "neo-colonists."  

Of course, the U.S. would attempt to stealthily leverage its various military appendages in return for international "considerations" during its time of great, financial reconstruction. But alas, the better managed world would now potentially see the U.S. less as "policeman" and more as "unemployed-security-guard" --  a mere "bankrupt," "bully-for-hire"

But I digress.

Personally, I would have advised that the U.S. "sit on" the Carnegie Mellon study and that it similarly "sit on" all university or research organization activity of a similar nature for a period long enough to allow domestic, commercial interests to transition to use of a different identification system.  And I certainly would have rewarded CMU and others research institutions for refraining from letting their studies see the light of day. 

 

Apparently the private computers were located, not domestically, but in either North or South Korea! However, most U.S. officials and computer security experts have dismissed the idea that this "attack" was some kind of effort at electronic warfare vs. the United States by North Korea.

I won't speak directly to this story, but I will guarantee you this much:  If the U.S. government ever has seriously heavy-duty computer problems as the result of some kind of colossal electronic attack by agents or citizens of a foreign power, then you, me and the rest of the general public in the U.S. will be the absolute last people to know about it!  

Let's face facts:  the U.S. government isn't in the business of panicking and giving the bad guys a lot of free press when said bad guys manage to "dunk" on the security protecting U.S. Government computers.

If everybody at, let's say, the Pentagon finds that their respective computers have been compromised, they'll probably just grab some coffee and start writing all of their calculations and analysis on paper.  Then they'll use messengers to convey these papers by vehicle and on foot to their people throughout Washington, the U.S. and overseas.  

But they absolutely will not call the Washington Post and scream and yell about how all the computers at the Pentagon, The Department of Defense, or the Department of Homeland Security are now disabled as the result of an "electronic attack." 

I say that if we the public hear about an alleged attack on U.S. government computers, it is because the Federal Executive Branch has a reason for wanting us and/or Congress to know about it.  That's it.  

I'd speculate that that "reason" probably has to do with money; specifically, it's likely a "manufactured" effort to get the general public to call their elected representatives and get said elected representatives to initiate or support legislation that provides additional funding for computer security within the federal executive branch.  And this, itself, is probably a "fortification" effort -- defense, if you will, to buttress cyber-attacks perhaps initiated by, well, ...the U.S.