I used the word terror because I am working from a simple and common definition:

calculated use of violence (or threat of violence) against civilians in order to attain goals that are political or religious

The attack by Loughner therefore seems to me a form of terrorism. With that in mind…

Foreign Policy has an article called “A Very American Conspiracy Theory” that says Loughner was a student who succumbed to extremist rhetoric, which has a long history in America.

Arizona has, by some measures, become a ground zero for anti-government conspiracy theories. Loughner lived in a politically polarized state in which the federal government’s policies, from health care to immigration, were excoriated by mainstream politicians as evidence of a tyrannical plot against liberty. And these theories took root beyond Arizona’s borders. Throughout the United States, conspiracists rage against the alleged subversion of their country by “un-American” forces that reside in the U.S. government itself.

Conspiracy theories may seem to thrive on the margins of American politics: When historian Richard Hofstadter diagnosed a “paranoid style” in American politics in the 1960s, these views were easily characterized as fringe. But they become central when they gain powerful sponsors in the media and politics who inject their paranoid theories into the body politic. These conspiracy theories can be ridiculed in pop culture, but they will eventually lash out against reality — as they tragically did last Saturday.

A blog editorial in the Broward Palm Beach New Times goes even further and criticizes several people for a conspiracy theory linked to “un-Americans”:

The right wing has no monopoly on hyperbole, but it has very nearly cornered the market on the weaponizing of difference, on the insistence that a political opponent is not a citizen with ideological differences, but an enemy, immoral and un-American. Joyce Kaufman does this. Allen West does this. In Loughner’s back yard, Jan Brewer does this. These individuals do not merely craft the occasional martial metaphor; they are in the business of articulating a whole, martial political philosophy.

Another take on the same issue of semantics and persuasion is found on the Lawyers Guns Money Blog, which defines and explains “violent rhetoric”

The more pernicious rhetoric here is the conspiratorial variety being mainstreamed by the likes of Glenn Beck: rabid and ahistorical anti-federalism feeds into the beliefs of those who believe they’re being persecuted by vast faceless conspiracies.

The tragic attack in Tucson obviously is bringing forward a whole new look at conspiracy theorists in America. This, of course, will further alarm the conspiracy theorists. Like the dilemma of Schroedinger’s Cat, America has a need to assess a culture of violence without increasing the culture of violence by trying to assess it.

Take the reaction after California passed a law limiting the online sale of handgun ammunition (AB 962), for example. Conspiracy theorists worried that their supply of bullets was being limited, which only helped to push up demand and reduce supply, which increased conspiracy theorists fear of government control and demand for bullets increased, reducing availability…12 billion rounds of ammunition were apparently sold in 2009, up from 7-10 billion in “a normal year”. And therein lies the paradox of the box with Schroedinger’s Cat — can Americans find a reliable way to renounce terror as an undesirable state, or will some remain so fearful of judgment that they will try to maintain superposition (duality and the unknown)?

The Governor of California’s signature on the handgun bullet limit law explains how he decided:

I am signing Assembly Bill 962. This measure would require vendors of handgun ammunition to keep a log of information on handgun ammunition sales, store ammunition in a safe and secure manner, and require the face-to-face transfer of ammunition sales.

Although I have previously vetoed legislation similar to this measure, local governments have demonstrated that requiring ammunition vendors to keep records on ammunition sales improves public safety. These records have allowed law enforcement to arrest and prosecute persons who have no business possessing firearms and ammunition: gang members, violent parolees, second and third strikers, and even people previously serving time in state prison for murder. Utilized properly, this type of information is invaluable for keeping communities safe and preventing dangerous felons from committing crimes with firearms.

Moreover, this type of record-keeping is no more intrusive for law abiding citizens than similar laws governing pawnshops or the sale of cold medicine. Unfortunately, even the most successful local program is flawed; without a statewide law, felons can easily skirt the record keeping requirements of one city by visiting another. Assembly Bill 962 will fix this problem by mandating that all ammunition vendors in the state keep records on ammunition sales. As Governor, I have sought the appropriate balance between public safety and the right to keep and bear arms. I have signed important public safety measures to regulate the sale and transfer of .50 caliber rifles, instituted the California Firearms License Check program, and promoted the use of micro-stamping technology in handguns. I have also vetoed many pieces of legislation that sought to place unreasonable restrictions and burdens on firearms dealers and ammunition vendors. Assembly Bill 962 reasonably regulates access to ammunition and improves public safety without placing undue burdens on consumers. For these reasons, I am pleased to sign this bill.

The law goes into effect Feb 1, 2011.

It was based upon limits that were studied in Los Angeles and Sacramento (LA, California, Code Chapter V, article 5 $ 55.11; Sacramento, California, Code $$ 5.66.010 – 5.66.090), as presented to the Sacramento City Council in 2008.

SecTechno caught my attention with their title of “2010 Top 5 Most Dangerous Malwares”, and then I read this line at the start:

1-STUXNET…it is for the first time in the history that a malware bypass the cyberspace to get directly to the physical environment

Whoa! Stop right there. Not true.

Malware existed on removable media first. It started with boot-sector viruses on floppy disks. Malware spreading in the 1980s depended on “get directly to the physical environment”. The only real exception was the Morris Worm on UNIX in 1988. There was a slow transition to malware on the network through the 1990s (Ivar on MacOS System 7 was my personal favorite) but it was the mid-1990s before malware started to take full advantage of network infection vectors instead of removable media, as explained in a paper by Peter Bergen.

In retrospect we can confidently state that malware writers adapted more quickly to the changed circumstances than Microsoft did. The combination of network connectivity, powerful macro languages and applications which were network aware on one level but had not really incorporated any important security concepts and, of course, the sheer number of targets available proved quite impossible to resist.

So don’t believe the hype. Stuxnet is not dangerous because of how it works. That is the same old story. It is dangerous because it was highly targeted. In addition the malware was directed to achieve a consequence of social or even political significance, instead of just financial gain.

In other words, when you look at a breached castle wall you should ask whether it was from a special and unknown type of attack (very unlikely) or because the attacking army did their research and targeted the weakest spot (very likely). Likewise, you can ask whether the defending forces had done their research and responded with sufficient resources in time, or whether they were caught off-guard or unready.

Inside the main gate of Chepstow Castle, Wales. The curtain wall on the right was breached 25 May 1648 by Isaac Ewer’s cannons and the site where Royalist commander Sir Nicholas Kemeys was killed. Photo by me.

What does a system ready to defend against malware look like? History tells us that this is a pretty good list to monitor, and would have detected Stuxnet:

1. Alternate Data Streams (ADS)
2. Audit Policy status
3. System file checksums
4. Local User activity, dumps
5. Open file handles
6. Modified, Access, Created times of files on system drive
7. Hidden files on the system drives
8. Temporary files and cookies
9. Associated DLLs of running processes
10. System, application, and security logs
11. Interface configuration
12. Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) activity — ports opened by processes
13. Local registry hive changes
14. Rootkit detection
15. Services running
16. System information about hardware, OS, and installed software