Improved Ghillie Suits (IGS)

Personally I wish someone had pushed for the phrase “future update ghillie suits” (FUGS) when they were thinking about “future warfare”. Instead the US Army is talking about Improved Ghillie Suits (IGS) to address the shortcomings of past designs.

Notable issues:

  • If you dress like a tree, you may be as flammable as one (several snipers have burned to death)
  • If you dress like a woolly mammoth, you may be as heavy and hot as one (ok, that’s really two issues)
  • If your suit is singular instead of modular, the above two properties are greater

Innovation is happening in the field, by snipers working to stay alive, blend better and also function more efficiently/safely, so the textile department of the Army decided to incorporate some of these ideas.

Maj. WaiWah Ellison, assistant product manager, Durable Goods, Soldier Clothing and Individual Equipment with Program Executive Office Soldier, explained the need for the update: “The current kit is thick and heavy and comes with a lot of pieces that aren’t used.

“Soldiers are creating ghillie suits with their own materials to match their personal preference. We want to make the IGS simpler and modular so the snipers will use what is issued to them instead of relying on outside resources,” Ellison said.

While this all makes sense from a product manager view in terms of updating the suits, relying on outside resources does kinda sound more like what camouflage is all about. And you have to marvel at the fact that nobody thought forward enough to realize that a Scottish concept of a heavy and fluffy suit originating in a rainy cold climate would be hot and flammable elsewhere.

Yes, I said Scottish. Just in case you’re wondering what a Ghillie is…Scotland Magazine breaks the meaning down over the centuries:

Since the Victorians discovered their passion for stalking, the life of the ghillie has had less to do with carrying Highland chiefs across raging torrents and more to do with the management of the landscape and looking after stalkers on the hill.

Fast forward to today:

Urban warfare researchers find the Ghillie suit flammable, hot and….hard to blend in

It’s nice if you don’t have to take time to gather local capabilities to blend in, but that does presume accurate and fast feedback loops reaching the top of a very large organization.

A recent IDF investigation into a failed operation gives insight into how local knowledge — required for blending into the most dangerous environments — is very dangerous to underestimate.

Nterini – Fatoumata Diawara

In a story that I’m almost certain nobody has read (based on everyone I have asked about it)…hundreds of thousands of letters that were seized by British warships centuries ago, now are getting digitized for analysis by the Union of the German Academies of Sciences and Humanities.

Somewhere in the U.K. National Archives in London, there are 4,000 boxes containing more than 160,000 undelivered letters from ships captured by the British during the naval wars of the 17th, 18th and 19th centuries.

Now those letters — some of which are bundled in old mail bags and affixed with wax seals that have never been broken — are about to go online.

[…]

The mail, sent mostly between 1652 and 1815, is written in 19 different languages and contains songs, notebooks, packages and personal correspondence.

[…]

Many of the letters are made inherently tragic by having never reached their destination.

A series of four letters from a Madam Dupont in Quebec between 1702 and 1703 show a woman frantically trying to reach her husband, who is away on business in France, and growing increasingly despondent by his lack of response.

“These letters are full of the hazards of the flu epidemic and chicken pox in Quebec and her tone gets more and more desperate, because she doesn’t get any sign of life from her husband,” Freist said.

“She feels utterly neglected and resented and finally decides not to write anymore. In the letter she says: ‘You can’t love me anymore if you don’t answer. I will now stop writing. I give up.’ But then she writes again and she implores her husband once again to come back.”

No word yet on why the German Prize Papers Project is leading the effort for a British archive.

I almost feel like this is the German way of trying to prove again how terrible the British Empire was for global humanity.

Speaking of letters of humanity, and of messages sent but never received…the Fatoumata Diawara video Interini about migration is a must watch/listen:

Lyrics:

Cette chanson parle de la souffrance que la distance inflige aux amoureux. Mon amour et mon confident est parti loin et ne me donne pas signe de vie. Je l’aime malgré tout et il me manque nuit et jour. J’aimerai avoir des nouvelles de mon chéri, sinon je n’arrive pas à dormir.

Mon amour est parti loin
Et ne va peut-être plus revenir
Mon chéri est parti loin de la famille
Et ne reviendra peut-être plus
Il était mon ami, mon confident, comment va t-il?
Je veux juste savoir si tu vas bien?
Il est parti dans une contrée lointaine
Il me manque beaucoup
Toi qui as toujours été mon guide
Je t’aime de tout mon cœur

Mon amour a pris son envol
Qui sait quand est-ce qu’il va revenir?
Dites-moi, mon chéri est parti loin
Et ne va peut-être plus revenir

Il est parti s’installer dans un pays lointain
Et ne m’a rien dit
Ce n’était pas le temps du matin qui m’empêchait de le voir
Ni la chaleur de la journée

This song speaks of the suffering that distance inflicts on lovers. My love and my confidant have gone away and do not give me any sign of life. I love him despite everything and he misses me night and day. I would like to hear from my darling, otherwise I can not sleep.

My love is gone away
And maybe not coming back
My darling left the family
And may not come back again
He was my friend, my confidant, how is he?
I just want to know if you’re fine?
He left for a distant country
I miss him a lot
You who have always been my guide
I love you with all my heart

My love took flight
Who knows when will he come back?
Tell me, my darling is gone away
And maybe not going back

He moved to a distant country
And did not tell me
It was not the morning time that prevented me from seeing him
Neither the heat of the day

Insurance Companies Say NotPetya Means War (And Therefore No Coverage)

Add cyberwar to the long list of reasons for why insurance companies will deny claims

Essentially, Zurich’s position is that NotPetya was a “hostile or warlike action” by a “government or sovereign power.” In fact, NotPetya is widely viewed as a state-sponsored Russian cyber attack masquerading as ransomware that was designed to target Ukraine but inadvertently spread globally. Russia denies these allegations.

According to Mondelez, even Zurich had doubts about denying coverage and at one point, rescinded its denial and committed to advancing $10,000,000 partial payment towards Mondelez’s insurance claim. But, for some reason, Zurich changed its tune and reasserted the declination of coverage.

For me this story is less about what is cyberwar, and more about why insurance companies are so good about self-declaring reasons to refuse coverage.

I recently had an insurance company executive tell me they were in the healthcare industry. So I asked if they provide care, to which they replied “no, we know more than anyone, even doctors, about health and we want to encourage people to make smaller and fewer claims.”

That’s not healthcare. That’s finance. Fewer claims (of care) means more margin.

The NotPetya-based denial of claim means the insurance company has assigned themselves the fun burden of proving that a “government or sovereign power” has committed a “hostile or warlike action”. Presumably they think the cost of that proof is less than $10,000,000

Google Lights $1M on Fire to Protest Separation of Test and Production

Advertising news sources are saying that it was an accident.

On Tuesday at about 7 p.m. ET, many publishers both in the U.S. and Australia saw many–if not all–of their ad slots filled with display ads featuring nothing but the color yellow. They were up for 45 minutes.

The costly mistake occurred during a Google training program when an employee accidentally purchased the 300×250 ad units, the sources said. Publishers who checked their logs saw the advertisements came from theiconic.au.com, an Australian retailer.

Estimates are upwards of $1m burned in just hours. Google made an official statement, confirming both payments and that the protest didn’t encounter any resistance.

We will honor payments to publishers for any ads purchased and are working hard to put safeguards in place to ensure this doesn’t happen again

“Top 10 Security Disasters in ML: How Laurel and Yanny Replaced Alice and Bob”: 2019 RSAC SF Presentation

I’ll be presenting again at the RSA Conference in SF, discussing how the information security industry shifted fundamentally after 2014 from ongoing confidentiality to growing integrity concerns.

SESSION ID: MASH-F02

TITLE: Top 10 Security Disasters in ML: How Laurel and Yanny Replaced Alice and Bob

SCHEDULED SESSION DAY AND TIME: Friday, Mar 08, 9:50 AM

ROOM: Moscone West 2007

LENGTH: 50 minutes

ABSTRACT: A seismic shift is upon us. Integrity flaws stand looming and untamed despite the security industry making great progress in availability and confidentiality awareness and control. Now a crisis of trust is developing as developers rush into “machine learning” with integrity a paramount risk. This talk will expose keys of past breaches of integrity to help attendees prepare to control ones just ahead.

QUICK ABSTRACT: If you thought confidentiality breaches were a crisis, are you ready to detect and prevent integrity failures at machine speed?

Apple Alert: SSD Data Loss in 13-inch Macbook Pro

In an awkwardly worded statement, the laptop manufacturer has alerted owners of its 13-inch Macbook Pro that SSD firmware flaws are causing serious data corruption and even complete failure.

Apple has determined that a limited number of 128GB and 256GB solid-state drives (SSD) used in 13-inch MacBook Pro (non Touch Bar) units have an issue that may result in data loss and failure of the drive. 13-inch MacBook Pro units with affected drives were sold between June 2017 and June 2018.

Apple or an Apple Authorized Service Provider (AASP) will service affected drives, free of charge. Apple recommends having your drive serviced as soon as possible.

A few things stand out here:

  1. The firmware update means an Apple “technician will run a utility”
  2. The repair process is to backup your data, update the SSD firmware in a destructive manner, and then restore all your data from backup. And this begs the question why someone can’t do the update themselves if it means restoring a backup to a fresh OS install. Apple ought not be worried about data loss or failure in the process as that’s a guaranteed outcome. Are they concerned the firmware update would brick the laptop, or that the utility would grant too much authority to the end user?
  3. Data already destroyed by the faulty SSD can not be recovered
  4. Anyone who already paid for this service can get a refund. Although at the same time, it only “covers affected MacBook Pro models for 3 years after the first retail sale of the unit”. The repair will not be free if your SSD has faults beyond 3 years…

2018 Ebola Crisis Worsens as US Regime Denies Aid

Here’s a pithy comment by Peter Salama, head of the new Health Emergencies Program at the World Health Organization, about factors leading to Ebola crisis unfolding this year in DRC:

These viruses manage to exploit social vulnerabilities and fault lines. That’s what we’re seeing in this Ebola outbreak starkly.

And even more to the point:

In the last two years since I have been here, 80 percent of our major outbreaks have been in conflict-affected areas. This is the issue of the future.

The issue of urban outbreaks of high-threat pathogens is really an issue of our generation. I don’t think we’ve fully grappled with that. Now with yellow fever, plague, with Ebola, we are starting to see these patterns. All bets are off [in terms of] thinking we know about the transmission of diseases because of what happened in rural outbreaks in the past. It’s completely different now.

Ok, so you have this data showing conflict-affected areas are where the major outbreaks occur, and that is “the issue of the future”. Consider this in terms of infected drones easily deployed over/under/around barriers into urban areas, and then rapid lateral transmission.

I’m not trying to think out of the box here. This is an ancient security worry, for those familiar with the history of siege weaponry.

Who (pun not intended) can guess the current US regime’s response to the outbreak of a high-threat pathogen in the place most expected? Perhaps the title of this post gave away the answer.

Vox reporter Julia Belluz asks Salama the following:

The US pulled its Centers of Disease Control and Prevention workers out of Beni, the outbreak epicenter. They decided it was too dangerous for America’s best Ebola experts to be there — and it sounds like they are not coming back anytime soon. […] But I understand Canada, the UK, even nonprofits with US personnel, are sending people, and you have hundreds of WHO officials deployed. Is the US government an outlier?

This makes the American leadership appear weak and feckless; and Salama replies very diplomatically:

The US government is the main country that has had constraints.

Insecurity of US Regime Impacts Trade

China has downgraded the rating of US ability to partner or deliver goods, and is distancing itself from the instability of a white nationalist White House.

…the economic relationship between the U.S. and China has been permanently altered.

[…]

The president’s abrupt return to brinkmanship…underscored U.S. unpredictability.

[…]

…imposition of tariffs on more than $250 billion in Chinese goods already has prompted China to [buy] soybeans from Brazil rather than Indiana or Iowa.

[…]

Xi has personally directed a campaign to promote “self-reliance,” with public tours of China’s modern industries in the south and its traditional Rust Belt region in the northeast.

“The turn away from reliance on the U.S. for agricultural and industrial inputs will accelerate,” Charles W. Freeman Jr., a former U.S. diplomat said in an email.

This really isn’t about China or America, though. Anyone familiar with the erratic performance and quick failure of a certain steakhouse, casino, airline…probably wouldn’t want to hitch their wagon to a horse unwilling to pull its own weight let alone help anyone else.

Top Australian Soldier Accused of War Crimes

You may have noticed a post the other day about a decorated SEAL charged with war crimes.

Some have decried this investigation as political maneuvering by those serving with the accused, while others have said they simply do not believe in challenging the accuracy of decorated war veteran records.

Meanwhile I noticed a similar story brewing in Australia about special forces with some interesting commentary on both political maneuvering and motives among those involved.

In a statement to Fairfax Media sent on Wednesday evening, an AFP spokesperson said: “The Australian Federal Police (AFP) received a referral to investigate allegations of war crimes committed by Australian soldiers during the Afghanistan conflict.”

[…]

Fairfax Media has confirmed through multiple military sources that both the AFP inquiry and the Brereton inquiry have gathered extensive information from decorated serving and former special forces veterans who served alongside Mr Roberts-Smith in Afghanistan. The Brereton inquiry has interviewed more than 200 witnesses on oath since 2016.

[…]

Dr Nelson, a former defence minister, has repeatedly attacked the media reporting and Inspector-General’s inquiry into Mr Roberts-Smith on the basis that it is taking too long and because, “We want to believe in our heroes”.

But Fairfax Media has confirmed from special forces insiders that over a dozen SAS soldiers are assisting the Brereton inquiry. Many believe that scrutiny of allegedly unlawful acts is needed to preserve the integrity of the regiment and are scathing of Dr Nelson’s advocacy, believing it amounts to an attack on soldiers willing to raise concerns about alleged battlefield combat.

Another high-profile supporter of the Brereton inquiry is former SAS officer and Afghanistan veteran Andrew Hastie, who is now a Coalition MP.

200 witnesses, a dozen soldiers assisting and a former officer/veteran who entered politics supporting the inquiry. It seems to me those most dedicated to the professionalism of their craft will welcome inquiry into their actions, as it validates what they already know or uncovers things they would want to hear.

And on that note, I have concerns with the response to an inquiry in this case

…Mr Roberts-Smith, he has vehemently denied any wrongdoing in Afghanistan, insisted he has a “spotless record” and insisted those making claims about him are disgruntled or jealous liars

Any auditor will tell you that angry claims of a “spotless record” can be a tell. Continuous improvement is what people aim for, not spotless records (indicates methods of intimidation and coverup). Also accusing messengers of jealousy can be a tell, which doubles-down on the risk that the accused believes spotless records are a function of destroying critics.

We definitely saw this behavior in the unraveling of Theranos, for example.

Q: The Theranos story has many remarkable aspects. What was the most striking thing you found during your reporting?

A: Two things. One, the egregiousness of the lies, the serial lies, of Elizabeth’s serial lies. Sunny’s, too.

The second thing is the unbelievable campaign of intimidation against me and my sources. I’ve been a journalist for more than 20 years and I’ve never encountered anything close to that. Still, I’m a big boy and the Wall Street Journal has been around for a long time. But Theranos went after my confidential sources. They threatened doctors in Arizona who had spoken to me on the record. It was beyond the pale.

And also with Lance “Live Wrong” Armstrong, as extensively documented

The original whistleblower who helped bring down Lance Armstrong has revealed how she was tormented and intimidated for more than a decade by the cyclist and his allies as they stopped at nothing in their bid to silence her.

Mr Roberts-Smith does himself a disservice by insisting he has a spotless record, and perhaps you can see why that’s not even an objective goal. Even if it doesn’t alarm you on its own, though, attacking critics makes the spotless record seem even less believable.

US Updates Antique Safety Standards to Allow Modern Train Technology

Interesting news from Streets Blog about the change in security standards that now allows foreign train technology to the US

Building trains to unusual U.S. safety standards for the small American passenger rail market made rolling stock purchases needlessly expensive. Opening the door to standardized European train specifications will significantly lower prices.

Rail operators are expected to save hundreds of millions of dollars a year as a result, enabling them to invest more in operating train service and upgrading rolling stock and infrastructure.

the poetry of information security