Category Archives: History

Cyberwar and Drugwar: “Metaphors We Live By”, by Lakoff and Johnson

This book published in 1980 was required linguistics reading when I attended college many years ago.

It’s been coming up a lot lately, as people start to realize that disinformation is an area of security thousands of years old.

Here’s a quick explanation of the book’s thesis:

One of the most useful applications of this old book for me has been to explain how a rhetoric of war is overused in information security. It undermines a practice of computer security as a science.

Technology giants and governments pour time and money into loose concepts of “cyber war” yet remain mostly unprepared for even the most banal and predictable integrity issues (e.g. “deep fakes“).

As another example the “war on drugs” has even more documentation of failure. It was a concealed racist metaphor initiated by President Nixon to silence American political speech and incarcerate Blacks on false pretense.

The Nixon campaign in 1968, and the Nixon White House after that, had two enemies: the antiwar left and black people. You understand what I’m saying? We knew we couldn’t make it illegal to be either against the war or black, but by getting the public to associate the hippies with marijuana and blacks with heroin, and then criminalizing both heavily, we could disrupt those communities. We could arrest their leaders, raid their homes, break up their meetings, and vilify them night after night on the evening news. Did we know we were lying about the drugs? Of course we did.

This has been widely discussed by historians so shouldn’t surprise anyone. Technology giants and government in the 1960s used drugs as a metaphor for Blacks, turning the country backwards into President Wilson’s (KKK) race war platform of the 1910s.

If that fact surprises anyone, they’re probably going to be angry they have been taught lies due to some “Young Turks”.

Gerald Ford became President of the United States after he rose to prominence in a right-wing group called “Young Turks” and Nixon chose him as VP. Donald Rumsfeld also was a “Young Turk”.

The “war” on drugs was initiated and waged by a radical Republican faction known as “Young Turks“. Although it now frequently is declared “lost”, as drugs are more widely sold and used in America than ever I don’t know anyone who brings the loss back to those who came up with the metaphor.

In 1960 he was mentioned as a possible Vice Presidential running mate for Richard Nixon. In 1963 a group of younger, more progressive House Republicans—the “Young Turks”—rebelled against their party’s leadership, and Mr. FORD defeated Charles Hoeven of Iowa for chairman of the House Republican Conference, the number three leadership position in the party. In 1963 following the assassination of President John F. Kennedy, President Johnson appointed GERALD FORD to the Warren Commission that investigated the crime. […] In the wake of Goldwater’s lopsided defeat at the hands of Lyndon Johnson, GERALD FORD was chosen by the Young Turks to challenge Charles Halleck for the position of minority leader of the House. With the help of then- Congressmen Donald Rumsfeld and Bob Dole, Mr. FORD narrowly upset Halleck.

Despite all the “Young Turk” leadership driving over-militarized U.S. interventions to incarcerate or assassinate non-whites and silence political opposition, they instead turned military bases into a “symbol of our definitive loss“.

Get-tough measures on part of police and prosecutors have done nothing to reduce the demand for narcotics, and demand will always beget supply. The 50-year history of the failed War on Drugs has taught nothing if not that. Perhaps there is no greater symbol of our definitive loss in that interminable war than Fort Bragg itself. From this flagship base, the beating heart of the U.S. special-operations complex, the military apparatus behind the global War on Drugs deploys to the far corners of the world. Green Berets train security forces in countries like Colombia, El Salvador, and Honduras. Delta Force reportedly took part in the anti-cartel operations that killed Pablo Escobar and captured El Chapo Guzmán. Yet drive down Bragg Boulevard into the Bonnie Doone neighborhood of Fayetteville, and in between the storage facilities, mobile-home dealerships, and tattoo parlors, you will find roach motels full of addicts, indigent veterans camped out beneath bridges, and strung-out junkies hanging around boarded-up trap houses. The dismal tide of synthetic opioids and amphetamines has penetrated Fort Bragg’s high-security gates, permeated through to the lowliest privates’ barracks, and caused at least a dozen overdose deaths in just the last year. These dead soldiers, who far outnumber combat casualties, are clearer proof of the United States’ unequivocal defeat in its longest-running international military campaign than a white flag run up over the main parade field. As the old saying goes: The War on Drugs is over — drugs won.

See the problem with the metaphor?

A “war” to criminalize an “antiwar left” and Black Americans never really intended to stop drugs. Assassinating non-white leaders considered “too left” did basically nothing to end a drug crisis because that’s obviously not how anyone would go about reducing production and use of drugs, especially since white leaders are heavily involved in the drug crisis too yet escape justice.

Unfortunately it still gets talked about in terms of drugs instead of politics and race because the metaphor became so ingrained.

How many white Americans hate non-white immigrants? Far more today than if there had not been a “war” trying to convince them non-whites are drug users.

Thus returning to the early 1900s race war (e.g. Red Summer) by another name is what really came from the metaphor — turning Americans into a mindless militant crusade against other Americans — and so you still see today a rhetoric from the Republican extremists about drug this and that when they really mean non-whites.

In that sense Nixon, Ford, Rumsfeld, Reagan… were all really a sad repeat of Prohibition-era racism, which also worked too well. The KKK had a policy of assassination and incarceration of Blacks hidden inside an anti-alcohol platform.

The KKK’s war on alcohol as much as the “war” on drugs has failed, in other words they succeeded in both cases seriously destroying political power and American prosperity of other Americans (non-whites). America did not completely stop alcohol production or consumption (mostly shutting down non-white distilleries, breweries and taverns while giving exception licenses to whites), and instead used its government for excessive violence against Blacks. Today we know whites and conservatives sell and make heavy use of drugs yet the Nixon (and later Reagan) concept of this “war” never intended to target them.

Cyber and drugs are just two examples of how “war” has become the unfortunate metaphor that Americans still live by.

Or, to put it like a recent book about Pentagon growth, “Everything became war and the military became everything”.

Albania Breaks Ties With Iran After 2022 Microsoft Investigation of CVE-2019-0604

The U.S. is very confidently accusing Iran of attacking Albania, based on yesterday’s report by Microsoft about Microsoft’s usual software vulnerabilities and mis-configurations.

Microsoft assessed with high confidence that on July 15, 2022, actors sponsored by the Iranian government conducted a destructive cyberattack against the Albanian government, disrupting government websites and public services. At the same time, and in addition to the destructive cyberattack, MSTIC assesses that a separate Iranian state-sponsored actor leaked sensitive information that had been exfiltrated months earlier. Various websites and social media outlets were used to leak this information. […] A group that we assess is affiliated with the Iranian government, DEV-0861, likely gained access to the network of an Albanian government victim in May 2021 by exploiting the CVE-2019-0604 vulnerability on an unpatched SharePoint Server, (Collab-Web2.*.*), and fortified access by July 2021 using a misconfigured service account that was a member of the local administrative group. Analysis of Exchange logs suggests that DEV-0861 later exfiltrated mail from the victim’s network between October 2021 and January 2022.

The report unfortunately is not titled “What are you even doing running Sharepoint in 2021” and instead uses this far more provocative line:

Microsoft investigates Iranian attacks against the Albanian government

Just a decade ago many experts in the security industry warned against investigations being so overtly bold or confident with their attribution statements. The fear was rooted in dubious logic that someone could make a mistake and therefore shouldn’t even try.

I mean if that was sound logic Sharepoint would have never been released to the public. Ok, maybe there’s some truth to that logic.

But seriously, anyone in any history 101 class knows you can’t let perfect be the enemy of good when writing reports about what happened in the past. Of course you can get attribution wrong, which is in fact why you should try hard and make sure you do it well.

It feels like a very long ago time ago (but really only 2014) that I gave a counter-argument to fears about uncertainty, in a presentation to incident response teams in Vienna, Austria basically saying it’s time for attribution.

Looking back at my slides, honestly I think I tried too hard to make data integrity funny. Attribution is less complicated by some unique thing about computers than it is by things about people like this: Americans are more likely to want to intervene in places they can’t find on a map (click to enlarge and have a sad laugh).

Here’s another one, where I poked fun at FireEye for making very crude and rube attribution mistakes and surviving (they’re still in business, right?).

Now look how far the world has come!

Microsoft shakes heavy doses of political science into its computer forensics reports like it’s powdered sugar on a Turkish delight.

  • The attackers were observed operating out of Iran
  • The attackers responsible for the intrusion and exfiltration of data used tools previously used by other known Iranian attackers
  • The attackers responsible for the intrusion and exfiltration of data targeted other sectors and countries that are consistent with Iranian interests
  • The wiper code was previously used by a known Iranian actor
  • The ransomware was signed by the same digital certificate used to sign other tools used by Iranian actors

[…] A group that we assess is affiliated with the Iranian government, DEV-0861…
[…] The geographic profile of these victims—Israel, Jordan, Kuwait, Saudi Arabia, Turkey, and the UAE—aligns with Iranian interests and have historically been targeted by Iranian state actors, particularly MOIS-linked actors.
[…] The cyberattack on the Albanian government used a common tactic of Iranian state sponsored actors…
[…] The wiper and ransomware both had forensic links to Iranian state and Iran-affiliated groups. The wiper that DEV-0842 deployed in this attack used the same license key and EldoS RawDisk driver as ZeroCleare, a wiper that Iranian state actors used in an attack on a Middle East energy company in mid-2019.
[…] Multiple other binaries with this same digital certificate were previously seen on files with links to Iran, including a known DEV-0861 victim in Saudi Arabia in June 2021
[…] The messaging, timing, and target selection of the cyberattacks bolstered our confidence that the attackers were acting on behalf of the Iranian government. The messaging and target selection indicate Tehran likely used the attacks as retaliation for cyberattacks Iran perceives were carried out by Israel and the Mujahedin-e Khalq (MEK), an Iranian dissident group largely based in Albania that seeks to overthrow the Islamic Republic of Iran.
[…] The messaging linked to the attack closely mirrored the messaging used in cyberattacks against Iran, a common tactic of Iranian foreign policy suggesting an intent to signal the attack as a form of retaliation. The level of detail mirrored in the messaging also reduces the likelihood that the attack was a false flag operation by a country other than Iran.

Done and dusted. Need I continue?

It is nice to see such definitive and detailed work about attribution as if it’s a normal investigation with regular analysis methods… but it’s even nicer to read Albania has announced they’re cutting ties with Iran. And then… to see the U.S. follow-up with announcements about sanctions, it’s like why didn’t Microsoft start doing this way back in 1986 instead of for decades completely ignoring security as a get-rich scheme?

Wyoming Congressional Race Wrecked by Terror Threats… Like It’s 1869 (KKK) Again

In a state that calmly sent the same candidate to Congress three times before, this year safety and stability has become noticeably bad in Wyoming.

The incumbent candidate (Liz Cheney) received so many violent threats during her GOP primary campaign that even having a special protective detail wasn’t enough to allow her to speak or meet with voters.

Rep. Liz Cheney’s campaign (R-Wyo.) spent thousands of dollars on private security this year following death threats… according to a new report. Cheney’s campaign spent $58,000 on security from January to March, The New York Times reported Monday, citing Federal Election Commission records. She was also temporarily assigned special protection by Capitol Police while in Washington, D.C., a move the Times noted is unusual for a member of Congress not in a leadership position. The few public appearances Cheney has made in in her home state of Wyoming, where she has spent much of the recent congressional recess, have reportedly not been widely publicized beforehand for security reasons.

And here it is reported again, but this time note the amazing buried lede at the end of the quote.

Due to security concerns, the congresswoman has rarely campaigned in the state, and when she has, it has been so with little to no public notice ahead of time or after. When she has appeared, it has been with a noticeable security detail nearby… Cheney and Hageman do not differ significantly politically.

No real political differences between two candidates, yet one is violently threatened to block her from even speaking?

Threats from within the GOP to intentionally destroy the democratic process and replace it with violence? Sounds familiar to this historian, not least of all because some in the GOP have even dared to bring back “carpetbagger” rhetoric of the KKK to attack Liz Cheney (not so subtlety implying they want to murder her).

Source: Encyclopedia of Alabama, 1 Sept 1868 Tuscaloosa Independent Monitor. The KKK threatened that March 4, 1869 — first day of rule by avowed racist Horatio Seymour — would bring lynchings of white Americans (“scalawags” and “carpetbaggers”) who weren’t racist. Instead the Presidency was won in a landslide by Civil War hero and civil rights pioneer Ulysses S. Grant)

1868 political campaigns were literally rife with Americans accused of being “carpetbaggers” and threatened to either quit the election or be lynched by white men. The cover of this history book from the 1960s makes the term painfully clear.

A book by Godfrey Hodgson from the JULLIARD COLLECTION ARCHIVES N° 23. 1966.

Such 1868 noose rhetoric being waved at political opponents, like the genocidal Nazi swastika or the racist Betsy Ross flag, implies suspension of law and order. It has been a favored symbol embraced by brutal anti-democratic mobs and traitors to America, which is why it keeps popping up lately within the GOP.

Little is known about how a gallows came to be built near the Capitol [during the January 6th violent coup attempt], but the motif has become a favorite among right-wing extremists and white supremacists.

While “carpetbagger” should be raising alarms for dangerous domestic terrorist tactics, it more likely is being overlooked by most Americans as they don’t know their own country’s history. Most likely think such a term and threatening behavior suggests a remote climate of some far away Banana Republic under the thumb of corruption and crime, as I’ve also written about here before.

However, Wyoming clearly has the domestic terrorism hallmarks in a slide away from democracy and towards the rather grotesque origin story of America as an intentionally backwards thinking profit-driven white police state (created to preserve slavery and opposed to freedom).

A long and troubled history of American election tampering (e.g. armed terrorists invading Kansas to stuff ballots and attack election officials) not to mention the long list of violence-backed coup attempts in the USA, seems more relevant now than ever.

In fact there’s many direct precedents for this current news story straight out of 1869 America, as I’ve also written before: “‘First-Class Men’ Torture and Try to Kill Congressman…

Cyber Yankee: U.S. Cyber Marines in Cyber Team Cyber War

Cyber War. It’s long been used to scare Americans into spending money. The military is again talking about protecting the country from disasters by training on cyber (information technology).

Who can forget, for example, the 2022 NYT opinion piece alarmingly titled:

I’ve Dealt With Foreign Cyberattacks. America Isn’t Ready for What’s Coming.

It’s been crickets since then, and rightfully so. In fact, Cyberattacks have been the exact opposite of such predictions with Russia losing badly and nobody really talking about it — a blog post for another day.

So let’s take a look one again at allocation of risk resources versus reality of disaster in America.

First, to properly set context, we should review a non-military operation meant to prevent fireworks on Independence Day.

Bay Area firefighters this year partnered with law enforcement to run a huge “zero-tolerance” policy.

Last year, authorities promised to crack down on the use of illegal fireworks by issuing a “zero-tolerance policy” in counties where fireworks were already illegal, The Chronicle reported. This year, authorities were expected to do the same. [Cal Fire Battalion Chief Jon] Heggie said Cal Fire departments were coordinating with local, state and federal agencies to create task forces intended to prevent the use of illegal fireworks. Anyone caught with illegal fireworks could be fined up to $50,000 and sent to jail for up to one year, according to Cal Fire.


It seems to have been a great success as I’ve found exactly zero fires reported due to fireworks.

In fact, I’ve seen and heard almost zero fireworks.

Independence Day fireworks are a widespread tradition and zero evidence of them is actually quite peculiar. The only other time I imagine it’s been this quiet was in southern American states that lost their Civil War when they tried to spread vicious propaganda that the 4th of July is only a holiday for Black Americans.

Second, such success in suppressing personal fireworks lies in stark contrast to basically constant news about commercial fires running out of control.

I mean everyone surely knows how a privately-run power utility Pacific Gas and Electric (PGE) in California has been very weakly regulated, and continues to flaunt safety with massive repeated disasters.

Starting fires all over the place for decades, seemingly all the time killing Americans, hasn’t been stopped by local authorities and the military certainly hasn’t been called in.

The Wall Street Journal (subscription) reported that investigators attributed more than 1,500 fires to PG&E power lines and hardware between June 2014 and December 2017. CAL FIRE attributed 12 fires that started in Northern California on October 8 and 9, 2017 to PG&E power equipment.

It’s unbelievably just how constant disaster has become, literally synonymous with critical infrastructure in the U.S.

Is there an oil rig or tanker around somewhere?

Then you might as well expect a devastating breach of safety.

Did a power line run through some remote wilderness?

Then you might as well expect a devastating fire.

And no military response.

The biting analysis could go on for years, there’s so much evidence of critical infrastructure being a giant dumpster fire with little to no real safety.

Over 1,500 California fires in the past 6 years — including the deadliest ever — were caused by one company: PG&E. Here’s what it could have done but didn’t.

It has a real and present danger (including but not limited to wrongful death, personal injuries, property loss, and business losses), which is so very much worse than anything cyber.

Here’s a headline you WON’T see…

U.S. Marines Deployed to defend California from companies there running critical infrastructure — threat to national security is from the “business” of ignoring risk.

Third, in other words, it seems like on the 4th of July in the Bay Area you would need only to drive a big truck with PGE logos full of fireworks and you could launch all you want wherever you want. Just make sure you don’t put the word “cyber” on anything. It will be seen as business as usual for critical infrastructure.

In fact under the logos you could write “Go ahead and fine us again, we don’t care” as the motto of the privately-run power utility; nobody is going to call the Marines in to defend America from obvious and present disaster… unless of course (again) you put that word “cyber” on anything because that could get some attention.

Did I mention PGE is privately-run?

The wealthy owners faced upwards of $30 billion in fines from its disasters over just three years (2015–2018) and all they did was declare bankruptcy for ONE YEAR.

This is like Cyber War destroying PG&E ability to distribute power (even killing people and destroying homes and businesses) and the company announcing it will simply pay some fines and declare bankruptcy for a year then declare everything back to normal.

Does the US military have a training program for responding to that? Army of lawyers perhaps?

How bad can any Cyber War really be compared to ongoing existing disasters, seriously?

Is it any wonder we hear about “22 mayors, including San Jose’s, pushing to make PG&E customer owned” so it can be less of a threat to security.

And so (fourth), now let’s dig in a bit more to a National Interest story at hand about the U.S. Marines gearing up to defend America from “disaster”.

During a conflict with the United States, an opponent could try to disrupt power and water supplies by knocking regional power supplies off-line or cutting off access to running water. In response to this challenge, the Marine Corps is working with National Guard units to prepare for this challenge. […] “They vary in levels of sophistication from a cyber-criminal or hacktivist that is doing nothing more than low risk access attempts that can be mitigated by very simple security controls and elevate all the way up to the most advanced threat act or using sophisticated means of initiating access with stealthy movement throughout the IT enclave and into the operational technology enclave where the critical infrastructure is located,” [cyberspace operations chief of the Marine Innovation Unit, M Sgt. Mike] McAllister continued.

Oh no, a hacktivist! Wonder if that includes a mayor who would be trying a hack to protect his city from PG&E-led dangers.

Can you image the U.S. Marines being called in on behalf of a morally and literally bankrupt privately-run utility, to stop citizens and their leaders from defending against national security risks posed by those utilities?

Sounds like Guatemala, or Hawaii for that matter.

This is a topic I’ve worked on for ages, even inside the world’s leading response teams, and I have seen the worst of it. There’s even a post I wrote in 2019 about real cases of insider threats taking out water and emergency services. Nobody ever suggested a military response.

That’s probably why I see cyber much like Eisenhower described things in the 1950s: a funding sinkhole (congressional-military-industrial complex) begging for massive cash and time allocations when other areas of safety and security are in far greater need.

When the president’s brother asked about the dropped reference to Congress, the president replied: “It was more than enough to take on the military and private industry. I couldn’t take on the Congress as well.”

If firefighters and police can completely shut down fireworks to protect the country from disaster, let them go after the utilities too. The military probably wouldn’t even have to be involved in Cyber (just like they aren’t involved in fires) if American civic action to stop harms from giant private companies like bulk energy was in any way effective.

Related: “Was Stuxnet the First?

Medal of Honor for Major John J. Duffy

A recurring theme in Duffy’s new MOH award statement is repeatedly taking on more responsibility to benefit others, courageously disregarding self, a remarkably caring leader even under the most extreme pressure even from an enemy battalion.

In the two days preceding the events of 14 to 15 April 1972, the commander of the 11th Airborne Battalion was killed, the battalion command post was destroyed, and Major Duffy was twice wounded but refused to be evacuated. Then on 14 April, Major Duffy directed the defense of Fire Support Base Charlie, which was surrounded by a battalion-size enemy element. […] With the goal of a complete withdrawal, Major Duffy was the last man off the base, remaining behind to adjust the covering fire from gunships until the last possible moment. When the acting battalion commander was wounded, he assumed command of the evacuation and maintained communication with the available air support to direct fire on the enemy. […] Only after ensuring all of the evacuees were aboard, did Major Duffy board while also assisting a wounded friendly foreign soldier in with him. Once on board, he administered aid to a helicopter door gunner who had been wounded during the evacuation.

I would argue this is the definition of “type A” personality, to give up anything so that others may have something.

The Army page points out Duffy was very highly decorated for his four years in Vietnam, including 1972 special advisor for Military Assistance Command Vietnam (MACV) Team 162 “Red Hats”; and for his poetry.

…honored with 64 awards and decorations, 29 of which are for valor, including the Distinguished Service Cross (currently in final stages to an upgrade), the Soldier’s Medal, four Bronze Stars with “Valor” device, eight Purple Hearts, seven Air Medals (six with “Valor” device), three Army Commendation Medals with “Valor” device, the Cross of Gallantry with Palm (Vietnam’s highest award for valor), two Crosses of Gallantry with Silver Stars, one Presidential Unit Citation (Naval), three Presidential Unit Citations (Army), the Vietnam Cross of Gallantry w/Palm (Unit), the Vietnam Valorous Service Medal (Unit), the Combat Infantry Badge, Master Parachutist Wings, plus numerous other awards for service and merit. […] Duffy has been nominated for the Pulitzer Prize and has published six books of poetry. Two of his poems were selected to be inscribed on monuments, and others appear in countless publications and anthologies.

The Forward Air Controller
by John J. Duffy
Dedicated 2008 FAC Memorial Park
(With MOH Bud Day present)
Colorado Springs, CO

It is the lonely mission,
The Forward Air Controller.
His are the eyes above the battle.
His is the link to those below.

While others avoid and strike fast,
He lingers and trolls for contact,
Seeking out the enemy below,
Determining the strike force needed.

His is the job to control the air attack.
He determines the needs of the troops,
And works the airstrike margins.
His judgement is relied upon by all.

Watching a “FAC” roll in hot on target,
All guns blazing at his destruction,
Is to watch a man of courage in action.
This is the daily job of the “FAC”.