I just noticed that a reporter had contacted the company in Beijing cited by McAfee as a source of attacks in their Night Dragon report. It was sometimes called Sloppy Night Dragon because the attacks were not well concealed. I started to call it Operation Sloppy Joe because McAfee said the perpetrators were “company men”.

The Associated Press really has the scoop on why it could have been anyone on hosted servers rather than company men:

Song said hackers using his company’s services had an estimated 10,000 “meat computers” controlled remotely without the owners’ knowledge. He said “yes” when asked whether such activities might be improper but he said Chinese authorities never have contacted him about them. He hung up the phone when a reporter asked for other details.

He’s a service provider of meat computers used in Operation Sloppy Joe?

If only I had known sooner…the world is being attacked by “sloppy meat as a service”.

But seriously, that could be a really bad translation.

肉 (pronounced “zh-rou“)

noun
1. meat
2. flesh
3. beef

Maybe he said something like I provide “beefy” computers, or “meat” is Chinese slang for big and powerful if less literally translated. I doubt he said he has fleshy computers, although even that has a plausible translation — easily commandeered.

I bet the provider in Beijing even offers sub-levels of Chinese SMaaS:
1) Rare – infrastructure (RSMaaS)
2) Medium – platform (MSMaaS)
3) Well-done – software (WSMaaS)

Rumor has it that #3 is available with BROCCOLI (Binary Rootkits and Computational Compromise of Logical Information)

Tuesday I gave a presentation where I described the phases of Operation Ajax, the CIA plot to overthrow the democratically elected leader of Iran in 1953.

One of the key phases involved fake mobs. The US gave money to people, apparently both for and against Prime Minister Mossadegh, to create the appearance of chaos and the need for order from military power.

After the presentation I started to notice news of growing protest crowds in Wisconsin. Today pro-rally new sites say that angry crowds have grown into the tens of thousands.

Madison Police Chief Noble Wray, a veteran of 27 years on the city’s force, said he had has never see a protest of this size at the Capitol – and he noted that, while crowd estimates usually just measure those outside, this time the inside of the sprawling state Capitol was “packed.”

On Wednesday night, an estimated 20,000 teachers and their supporters rallied outside the Capitol and then marched into the building, filling the rotunda, stairways and hallways. Chants of “What’s disgusting? Union busting!” shook the building as legislators met in committee rooms late into the night.

Although it might be hard to get to attribution with public crowd numbers, as mentioned above, all Madison schools were shutdown this week as teachers collectively called in sick. You can’t argue with those numbers. Empty school rooms are easily counted.

The Governor of Wisconsin has responded by calling protesters a minority and threatening them with action by state militia.

In an interview with Fox News’ Greta Van Susteren on Tuesday, Walker played down the number of protesters. Van Susteren observed that tens of thousands of residents have turned out to protest, saying, “I don’t think Madison has seen a protest like that in quite some time.” Walker replied, “In the end though, you’re still talking about 5.5 million in the state. You’re still talking about a couple of hundred thousand state and local government employees. So sure, you’re going to have a few riled up about this, there’s no doubt about it.”

Tens of thousands in protest and schools shutdown seems significant to me. Walker seems to emphasize that he has a formula to estimate how many people (or which key people) must oppose him before he will admit a loss of popular confidence in his position.

While this was unfolding, I caught an interesting article on the HBGary breach.

Just today I was listening to Stand Up with Pete Dominic on XM’s POTUS channel. He was talking about the Wisconsin labor attack and how he had seen a lot of people email and contact the show in support of the Teachers there. Then he added a “but”: “I’ve also seen a lot of anti-labor people on Twitter…”

Really? I thought. How do we know if those are real people? Twitter has to be the easiest thing to fake and to automate with retweets and 180 characrer max sentences. To the extent that the propaganda technique known as “Bandwagon” is an effective form of persuasion, which it definitely is, the ability for a few people to infiltrate a blog or social media site and appear to be many people, all taking one position in a debate, all agreeing, for example, that so and so is not credible, or a crook, is an incredibly powerful weapon.

That is related to the HBGary breach because it turns out that this is a project mentioned in a leaked internal email message:

According to an embedded MS Word document found in one of the HB Gary emails, it involves creating an army of sockpuppets, with sophisticated “persona management” software that allows a small team of only a few people to appear to be many, while keeping the personas from accidentally cross-contaminating each other. Then, to top it off, the team can actually automate some functions so one persona can appear to be an entire Brooks Brothers riot online.

The 1953 example again comes to mind. That is exactly like the model actually used by the CIA to generate chaos and conflict in the streets after the Iranian PM was arrested and soldiers were deployed.

What we are seeing is the steady erosion of attribution, which perhaps is best seen in the measure of crowd events and growth statistics. When a site says they now have 500 million users; a user to real person ratio could be as high as 100:1 or more.

The loss of attribution to an HBGary system is not a development that comes out of the blue. It has been a result of users defending themselves against weak privacy controls.

Tuesday night I met with a group of security professionals and tossed this idea out as a security trend — new generations will not only further erode attribution, they will be exceptionally adept at it as a form of self-preservation. They will be better at privacy than older generations because they will enter into a world actively debating the best way to achieve anonymity and repudiation. They will learn from and adapt around privacy mistakes made by others before them. As older generations continue to wonder why they can not trust someone online like they do offline, and how they might fix the issue, new generations will be far more prepared to see a lack of attribution and weak trust as the norm.

Today at RSA, during a keynote session, Sec. Michael Chertoff, Bruce Schneier, and ADM Mike McConnell discussed “cyber war.” The consensus appeared to be that the term cyber war is over used.

I would take it a step further and say many make too big a deal over the term and constantly claim a cyber 911 or cyber Pearl Harbor is coming.

Also today at RSA during a round table with Dorothy Denning and others the audience was asked how many believed we have already had a cyber war. Despite the media’s claims, apparently to sensationalize the news, very few if anyone in the audience was willing to agree a cyber war has already occurred.

So, why all the discussion and uncertainty about cyber war? One word: attribution!

How do you know who is actually attacking you? Should a nation go to war against a 14 year old sitting at home using his parents computer and Internet connection?

Let’s face it, for now cyber war is what will happen between nations when prepping the battlefield prior to a kinetic offensive. Right now, in my opinion, the biggest threat is cyber espionage.