A nice history angle is provided by the US State Department “share” service in an official embassy post about Russian false flag operations.
Russia’s false flag operations date back decades and take many forms. In 1939, the Soviet Union shelled its own troops outside the Soviet village of Mainila near Finland. It then blamed Finland for the attack and invaded its neighbor in violation of the two countries’ nonaggression pact.
Then they jump ahead to five years ago.
More recently, Russian state hackers have disguised themselves as operatives of Iran’s regime or the Islamic State of Iraq and Syria (ISIS) to evade responsibility. In 2017, Russia’s military launched a ransomware attack against Ukrainian businesses. While the attack was disguised to look like the work of profiteers rather than state actors, a joint investigation by Australia, Canada, New Zealand, the United Kingdom and the United States found the Kremlin responsible, according to Wired magazine.
The link to the Wired article is very important because there you will find motive.
[James Lewis, the director of the Strategic Technologies Program at the Center for Strategic and International Studies] argues that Russia’s ultimate goal with its false flag attacks, aside from creating confusion and deniability, is to make the case that attribution isn’t truly possible—that when a US intelligence agency or Department of Justice points the finger at the Kremlin after hacking incidents, they’re merely guessing. “They don’t like being indicted,” he adds. “They would like to create a counter-narrative: ‘You can’t trust the Americans. Look, they got this wrong.'”
Those who try saying that attribution of attack is not possible — sowing doubt about science and intelligence — are feeding into the Russian military intelligence narrative meant to enable their sloppy and inexpensive attacks.
Historians might be the first to disagree with Russia on this. I mean who really disputes today whether Russian relations with the Confederation of Targowica (noble league backed by Russian Empress Catherine II to oppose the Polish Constitution) is what led to Poland being invaded 16 May 1792 (without Russia even declaring war), which resulted in the Russo-Prussian Second Partition? And what about 28 June 1788 when Sweden’s King Gustavus III declared war on Russia by disguising his own soldiers in Puumala with Russian uniforms?
…groups involved in banning books are in fact linked, and backed by influential conservative donors.
Second, a racist motive is obvious:
In Pennsylvania, the Central York school board banned a long list of books, almost entirely titles by, or about, people of color, including books by Jacqueline Woodson, Ijeoma Oluo and Ibram X Kendi, and children’s titles about Rosa Parks and Martin Luther King Jr. “Let’s just call it what it is – every author on that list is a Black voice,” one teacher told the York Dispatch.
Third, the “influential conservative donors” are really more like (a blast from America’s past of shameless billionaire misconduct) radical extremists who advocate for a fascist surveillance state that will prohibit freedom of thought.
PDE’s president [a group that “tells parents they should spy on teachers”] …worked at the Cato Institute, a rightwing thinktank co-founded by Republican mega-donor Charles Koch. The Intercept reported that the IWF has received large donations from Republican donor Leonard Leo, a former vice-president of the Koch-funded Federalist Society who advised Donald Trump on judicial appointments.
Fourth, the opposition is naturally students themselves who would rather not have their thoughts controlled and education dictated by a tiny group of racist American billionaires.
The Pennsylvania ban was overturned in September 2021 after students protested outside their York County high school and outside school board meetings. In Virginia, high school students managed to overturn the Spotsylvania book ban in similar fashion…
Interesting reading, to say the least.
What would America’s first important philanthropistMargaret Olivia Sage say? Margaret Olivia Sage invented a new level of charity in 1907 by giving $10 million to create the first private family foundation in America. A former school teacher, she hoped to improve education and to alleviate causes of poverty. Source: Auburn University Digital Library
But seriously, I’ve just read a very bizarre article by an automotive automation expert (redundant, I know) about Tesla’s “self-driving” software.
This industry luminary (bringing oodles of experience and expertise) starts off with saccharin and effusive framing of a car manufacturer CEO before absolutely TRASHING the cars as garbage that nobody should buy and must be explicitly branded as inferior.
Does it make sense for this automotive expert to promote such an abject failure of leadership in deserving respect before rightfully calling the Tesla CEO’s predominant work an obvious pile of trash?
This is evidence of someone throwing a big juicy bone in order to disorient the obvious mindless attack dogs; much like we see in totalitarian governments where voices of reason have to account for a dictator’s insecurity police before saying anything honest.
I have great respect and admiration for Elon Musk, so sorry to say this but … it’s terrible. I mean really bad. After all those videos I didn’t expect a lot, but I expected more than this. My first drive home after activating it was frightening. […] So I’m giving Tesla FSD an “F” when it comes to self-driving. In fact it clearly shouldn’t have that name, as many have pointed out. It should have a driver-assist name, so I will call it “Street Autopilot”. The problem is I have to give it a “D” as a driver assist product.
Sorry?
He is being too kind. Where does such respect and admiration for fraud come from? I suspect the author is worried about his position in the industry and doesn’t want to ruffle feathers, but at this point he seems to be growing a spine — he no longer can deny water flooding into a purportedly unsinkable Titanic.
That’s why it’s so remarkable to see someone come out waving peace and love flags of apology, while also warning everyone to stay away from Tesla because it’s a total scam.
Really he should have used the warning that Tesla deserves: That T on the car means pile of Trash
If the grouchy Tesla owners insist on “going for a ride” that puts everyone at risk (including them), then should they be cited under existing public safety laws (e.g. littering)?
Proud new Trash owner details it, arguing “I can do whatever I want and avoid accountability because it’s called my Trash can, not a Trash can’t!”
I can’t take any credit for such obviously necessary rebranding as a means of safety awareness campaigns. Tesla rightfully has been called a pile of trash for a very long time by many other owners dealing with the fraud.
Perhaps no better example is a thread from three months ago, when an owner taking delivery of his new “top of the line” model groused how product management was awful and disappointing:
Tesla Model S Plaid build quality is trash
From there you will find comments about an absurdly priced “flagship” such as…
$13,000 car. $130,000 window sticker… same people who are fitting the panels are also fitting the suspension bits and important bolts… an old S’s subframe failed because the design had no margin of safety. It was really poorly designed.
And perhaps straight to the heart of the matter is this comment:
Unfortunately as Sesame Street might say “shit piles” doesn’t start with the letter T.
Will it ever stick or slow down ownership? It has been like going backwards in time and monitoring a fan club for the Titanic, as I’ve been saying here for many years.
My favorite comment from one of these pile of Trash owners is here:
Some manufacturers used to have a problem with so-called ‘Friday cars’. Tesla avoids that by making them all Friday quality.
Ha ha? It is funny except this is safety-related and thus actually criminal-level stuff. Think of all the people around in danger from neglect related to automotive safety quality failures.
It is an intentional race to the absolute bottom of quality and safety if I ever saw one. The CEO is to blame here, right?
Los Angeles County prosecutors have filed two counts of vehicular manslaughter against the driver of a Tesla on autopilot who ran a red light, slammed into another car and killed two people in Gardena in 2019. The defendant appears to be the first person to be charged with a felony in the United States for a fatal crash involving a motorist who was using a partially automated driving system. Los Angeles County prosecutors filed the charges in October, but they came to light only last week. […] Criminal charging documents do not mention Autopilot. But the National Highway Traffic Safety Administration, which sent investigators to the crash, confirmed last week that Autopilot was in use in the Tesla at the time of the crash.
Did you know when you buy a Tesla you may face criminal prosecution for operating false-autopilot exactly how the CEO has repeatedly and personally told you to do so?
In a related case a drunk driver in Norway was pulled by police from his car and he tried to escape blame by arguing Tesla’s CEO had instructed him it was ok to be unconscious at the wheel since he no longer believed he was the driver of the car he was driving.
For what it’s worth as a final thought the CEO, now known for mountains of Trash of his own making, has started a campaign in classic propagandist fashion to fling his mounting failures at his competitors.
Tesla CEO Elon Musk tweeted Sunday: “[Our competitor’s] software is a pile of trash.” [Full self driving (FSD) software by Tesla] is controversial and critics say the name is deceptive… because it doesn’t make cars fully autonomous.
And thus I offer my dear readers an easy to remember security haiku:
Full is not true full.
Self driving is not true self.
T means pile of Trash.
The COVIDtests.gov site has launched ahead of schedule and right at the top it has a “Here’s how you know” link to explain why you should trust this “official website“:
Does it seem safe? While they make a couple sound points, there’s more to it.
Do you also trust that a .gov was developed using a secure lifecycle, is operated safely and that it hasn’t been compromised by commercial motive? In other words, is there high integrity of the data on the pages as much as there may be integrity of the source identity?
I strongly recommend developing quality measures for the former (hard) much more than the latter (easy).
It reminds me of another .gov launch not so very long ago that was subjected to extreme partisan yet technical bickering…
The “healthcare.gov” website at the end of 2013 was ruthlessly attacked by Republican lobby groups and “experts” such as TrustedSec. Here’s a good example from headlines in early 2014:
Source: WFB, 2014
Someone barking that the healthcare.gov site is “100 percent insecure” and trending worse seems factually false, no? It was a gross misrepresentation for political gain if not an outright lie.
In fact, while TrustedSec used the press to spread a rumor that healthcare.gov was 100% unsafe they were actually telling congress in testimony…
It is accurate that no system can ever remain one hundred percent protected against threats.
Could this kind of absolutism fallacy and obvious gaslighting be grounds for being disbarred from practicing security though?
No, because let’s be honest the security industry has no baseline of integrity for meaning being delivered in a message.
Sound harsh?
Consider that the TrustedSec CEO Dave Kennedy was on a highly-politicized PR campaign to discourage people from getting health insurance, mugging with Michele Bachmann (infamous religious extremist who advocated for dropping bombs as “one of the greatest acts of peace” while simultaneously trying to block peace agreements because she believed they could usher in World War III and the horror of… dropping bombs).
Source: Twitter
Kennedy’s obvious political self-promotion at this time went from hugging the extremist bomb-advocate Bachmann back stage at FOX news to literally spreading “100 percent” nonsense and FUD… claiming even healthcare.gov would hack anyone who dared to use it for their life-saving healthcare needs.
…saying vulnerabilities remain on “everything from hacking someone’s computer so when you visit the website it actually tries to hack your computer back, all the way to being able to extract email addresses, users names—first name, last name—[and] locations.”
“Actually tries to hack your computer back”?
This is nails-on-chalkboard stuff, only made worse by him saying the threat scale goes “all the way to being able” to know your name. So your name has been leaked proving that you’re in America and need healthcare insurance just like everyone else? That’s “all the way”?
And then there was the false claim made on FOX news that large numbers of probes of a .gov website indicates it already has been hacked or will be soon.
Source: Fox News, 19 Nov 2013 (via Utah’s Senator Mike Lee)
…you couldn’t pay me a million $ to go anywhere near that website #FullRepeal #ImpeachObama #MakeDCListen
That’s a 2014 reaction tweet from @livinbythelake. Today that same account is retweeting the wife of the Executive Editor for the Washington Examiner that COVID19 is a communist plot.
While clearly a “poison squad of whispering women” show they are coordinated in amplifying a fear narrative from TrustedSec as right-wing misinformation, the actual flaws were being misrepresented.
Probes ought not be directly correlated to breaches without some intelligence. That’s like saying evidence of water around a floating boat means you should guess it soon will spring a leak.
FUD.
Here was another clear sign TrustedSec’s Kennedy was speaking completely out of his mind on this issue.
His examples of “models” were sites later breached at FAR WORSE scale than healthcare.gov.
When it comes to securing personal information online, Kennedy cited Amazon, Facebook, and Twitter as models for the industry.
More than 540 million records about Facebook users were publicly exposed on Amazon’s cloud computing service…
Remember this was TrustedSec CEO testifying to Congress in November 2013 that Facebook should be held up as a model for the industry to protect privacy. This is literally what he said to Congress:
…the federal government isn’t known for having super secure web sites or even having adequate security to protect U.S. related sensitive data.
Oh really?
Facebook had just been breached in June 2013 leaking 6 MILLION records for over a year when this highly politicized testimony was filed alongside a poisonous PR campaign.
Does Facebook ever sound like any sort of real “model” for an industry to you? Facebook always has been known for failing at security and being a threat to U.S. data. It’s almost inconceivable that someone in 2013 was recommending them as a model, and it’s incredibly suspicious for anyone claiming the title “TrustedSec”.
Come on people, let’s look at this in context.
TrustedSec’s CEO was spreading on partisan news campaigns that the US government website is “100 percent insecure” and that everyone instead should carelessly put their data in Facebook (foreign adversary) hands?
Here’s how I described Facebook to everyone reading this blog in 2011 why I deleted my account in 2009:
…private company funded by Russians without any transparency that most likely hopes to profit from your loss (of privacy)… if Facebook is dependent on Zuckerberg their users are screwed.
That’s a full two years before the “TrustedSec” CEO was on TV telling Americans to hand their most sensitive data to the Russians instead of their own government.
Facebook’s massive unprecedented failures of safety (gross negligence if not incompetance) were never hard to find, and have only worsened over time:
2015 CSO quits abruptly and new one (hired from Yahoo despite failing to disclose breaches) boldly markets delivering best security in world (fired by 2018)
2016 Facebook breaches implicated in US Presidential election
Am I missing some? Surely this alleged “model” couldn’t have been any worse of a recommendation.
The icing on this history cake is that TrustedSec’s testimony gave milquetoast recommendations for fixing healthcare.gov that read like they were pulled directly from a 2-minute introduction to information security.
Fix the current security problems on the web site, which pose a high or critical risk… Develop a security operations center and ensure effective controls are in place… Perform end-to-end testing to benchmark the existing risk towards the healthcare.gov infrastructure and take appropriate action…
It’s so vague and generic as to be completely unhelpful.
Here’s what the TrustedSec guide to marine safety probably looks like: if you see or hear water you must be sinking, take appropriate action.
Let’s recount.
After five years healthcare.gov reported about 10 million people had received health-care coverage (essential to quality of life) while only as many as 75,000 people may have had sensitive information breached. Even that amount is disputed, so where’s the giant disaster predicted?
Headlines by 2017 were “Obamacare is working well” no thanks to TrustedSec doing its best to tell people to stay away.
So, will the right-wing lobbyist “hackers” put on suits and ties to be wined-and-dined by FOX news again to spread FUD about this new health-oriented .gov site being a threat?
Facebook, the darling of the Republican lobbyists and extremists intent on destroying Obamacare, over the same time delivered the worst security practices and breaches in history (on top of destroying quality of life and being implicated in atrocity crimes).
Why so bad?
Basic American history offered us a good insight into “experts” like Dave Kennedy stumping in 2013 for the Confederate Party, even predicting escalation to the violence seen last year.
ObamaCare cannot be accepted. No matter that it was passed by Congress, signed by the President, found constitutional by the Supreme Court, and ratified by the people when they re-elected President Obama. It cannot be allowed to stand, and so the tactics for destroying it get ever more extreme. The point of violence has not yet been reached, but the resistance is still young.
How dangerous was it in 2013 for a security “expert” to tell people not to sign up for healthcare from a .gov site?
Very dangerous, made far worse by telling them to trust Facebook instead. We can think of extremists like Bachmann telling us that dropping bombs was her model for peace like Kennedy telling us that using Facebook was his model for privacy.
So back to today, how dangerous will it be if someone says avoid .gov and don’t get test kits or vaccinations during this pandemic?
Our modern Confederates are quick to tell the rest of us that we don’t understand them because we don’t know our American history. And they’re right. If you knew more American history, you would realize just how dangerous these people are.
So it all begs the question who do you trust and what does it mean when you see that you are using a .gov site? History has the answers.
Related: Timeline of Amazon breaches and timeline of Twitter breaches, neither doing nearly as well in trust as healthcare.gov has this whole time.
a blog about the poetry of information security, since 1995
