Here’s a crime story with multiple interesting twists. Perhaps the biggest news is this part:

…former Ubiquiti developer, who has reportedly been charged with stealing data and trying to extort his employer while pretending to be a whistleblower.

Pretending to be a whistleblower in order to gain power or extort money is very serious act not least of all because it may undermine all legitimate whistleblowers.

Let me put that a different way, though. There seems to be a trend among staff attacking their employer while claiming protected status because they try to align their personal gain objectives with some greater interest.

I am reminded of people asking me about Tristan Harris’ real oppositional position to Google, as he suspiciously branded himself a whistleblower.

It seems to me he was most upset that he personally wasn’t profiting enough and given more power — to him the wrong people were getting all the money and fame. Thus Tristan charted a course for himself to get far more of that, and is primarily using his experience at Google to become famous and wealthy.

My favorite take-down of Tristan is from his not-very-ethical self-promotional movie pretending to be a documentary:

The film is really designed to showcase Tristan Harris, who probably takes up 1/3 of the screen time. Tristan made his name by being the internal “ethicist” at Google for a little while before setting out on his own to become the high prophet of “internet companies are trying to manipulate us!” But, as others have pointed out, Tristan has a habit of vastly exaggerating things, or being misleading himself. As just one example, highlighted by Antonio Garcia-Martinez in his must-read dismantling of the film, is that Harris argues that we didn’t have these same problems with earlier technologies — like the bicycle. But as Antonio points out, there was, in fact, quite a large moral panic about the bicycle…

I covered this “controversial machine” in my 2019 Keynote called “Whose AIs Are On Your Data“, not to mention for many years before.

Notably, the controversy about bicycles that “revolutionized politics” (pun presumably intended) was related to oppression and freedom of women.

Netflix failing to be in a 2020 Netflix film about companies like Netflix that do bad things, failing to include voices of women, comes across as a giant nail in Tristan’s attempted whistleblower status claim.

Shameless. But this also doesn’t change the fact that someone attacking their former employer may in fact expose them for serious mistakes.

Thus, the second notable point in the Ubiquiti crime story is a turnabout — how a supposed whistleblower has been exposed for making serious mistakes.

According to the indictment, after securing a job at another company, Sharp allegedly used his still functional privileged access to Ubiquiti’s systems at Amazon’s AWS cloud service to download large amounts of proprietary data. To cover his tracks, Sharp had used a SurfShark VPN connection to mask his real IP address. He then sent a ransom note to Ubiquiti using the same cover, demanding 25 bitcoin in exchange for a promise not to share the data. However, investigators were able to trace the downloads to Sharp because his flaky internet connection briefly failed multiple times, exposing his real IP address. And, he forgot to turn on the Kill Switch on his SurfShark VPN. By default, this is off.

As I said, you can see Ubiquiti exposed for using AWS infrastructure (infamously insecure configurations) leaving privileged access enabled for ex-staff, not to mention allowing massive extractions of data. That’s a lot of oops.

However, far more interesting in this case is Sharp being not so sharp. (They say the only criminals are dumb ones because if they’re smart they never get charged with being criminal.)

He bungled the basics of VPN configuration (likely because impatient, if not just sloppy and incompetant) after he bungled the basics of VPN purchase.

…investigators were also able to link the attacker’s VPN connection to a SurfShark account purchased with Sharp’s PayPal account.

The cost of SurfShark is so minimal, it begs the question why Sharp didn’t think to pay anonymously.

In this case, perhaps we also should ask why SurfShark markets itself for safety online while lacking any warning that it will by default expose your personal information (IP address).

In fact SurfShark warnings go the opposite direction from safety; when you enable the “kill switch” it warns your connection may be protected causing outages. It encourages you to operate less safely for the benefit of smooth connectivity.

“How to use Kill Switch” seems incredibly selfish and misleading of SurfShark (emphasizing better availability and thus fewer support calls, while failing at basic confidentiality — they had ONE job).

Windows:

OSX:

Android:

iOS:

Get a longer rope.

Here is an amusing footnote from British special forces history. In short (pun not intended) there was a distinct shift from Orde Wingate’s 1940s self-reliant “long line” marches by “Chindits” into Burma, let alone F. Spencer Chapman‘s work in Malaysia… to the British SAS getting slightly “hung up” when parachuting in the 1950s:

Equipped with 100 feet of rope, the paratroopers would tie the rope to the tree and abseil down to the ground. The technique was first instigated in 1953. However, it was found that many trees were taller than 100 feet, so the amount of rope carried was doubled to 200 feet.

Perhaps the rank incompetence of the Colonial Office (e.g. Sir Shenton Thomas’ retreat) was foreshadowing?

Whitehall bungling and incompetence leading directly to the fall of Singapore in 1942 has been disclosed for the first time by Whitehall officials. Papers relating to the wartime defence of Malaya and Singapore were considered so sensitive that they have been withheld from public inspection for 50 years – 20 years beyond the normal release date for official files. But the newly published government papers confirm that British efforts to scapegoat Australian forces and the Governor of the Straits Settlements for the most humiliating debacle in the history of the Empire could well have been motivated by a wish to deflect attention from Whitehall’s far greater dereliction of duty.

A need for better knowledge of the environment and risks seems like exactly what the British military should have taken from WWII; as Chapman himself published details in his 1949 public memoir…

Yet somehow someone in the 1950s didn’t bother to check in with Chapman, let alone the height of trees before jumping into them, especially after at least a decade of prior military missions run beneath them?

Speaking of being bad at estimating environment/size, I’m reminded of a Delta memoir that made some obvious cultural errors.

The key takeaway from UK news about their Ranger Regiment design is that they’re claiming a need to move from training/advisory to “expeditionary” roles that go into the field with the forces they’re training.

Training, advising and accompanying partner forces dealing with extremist organizations and hostile state threats… creation of land regional hubs in Oman, Kenya, Germany and Belize…

General Sir Mark Carleton-Smith, Chief of the General Staff, actually has the money quote:

…all army capability, matching brainpower with firepower, data and software with hardware. …if you actually want to guarantee tactical success, you’re much better placed operating alongside those troops you’ve actually been responsible for generating and training in the first place.

Matching software with hardware seems… more like standard operating procedure than specialized. Likewise, was firepower being sent into field without any brainpower? And does that sound like training actually had been taking place at all?

I found a message from 1994 (Army Communicator, Vol 19, No 2) by Robert E. Gray, Major General, U.S. Army Commanding, which used similar language in a bitter form of farewell/warning.

It is a myth that technology is an operational panacea and thus requires fewer people to get the job done. Rather, budget constraints and technology require innovative people doing things smarter… We will endure reductions in training, and field units will have to pick up the ball. Also, some technology enhancements will be slow in reaching the field. Despite all these factors, no country in the world can match our might — whether it’s firepower, technology, or brain power.

“Field units will have to pick up the ball” of 1994 sounds eerily like General Carleton-Smith today, no?

Perhaps even more interesting is what was called an “uncomplimentary view of the US military noted by a retired Army officer” (James Mrazek, “The Art of Winning Wars” 1968, p. 53), as cited in “Strategymaking for the 1980s” by Lieutenant General Raymond B. Furlong, US Air Force (Parameters, Journal of the US Army War College, Volume 9, Issue 1, 1979, p. 9)

Except for our first two wars, an overwhelming abundance of economic power has been the deciding factor that has given the United States Army its victories. America has been inclined to rely on raw strength to the neglect of brains.

When you really get into reading Mrazek, you have to wonder why he didn’t call his 1968 thesis the war of art…

The impotence of the American juggernaut in Vietnam has put this problem under the spotlight of history. The one thing the guerrillas have in abundance is imagination, and this seems to outweigh the imbalance in materiel. It is the author’s contention that creativity is what wins battles–the same faculty that inspires great art.

Anyway, back to the 2021 UK message details, their stated move from training to an expeditionary approach signals to me planners admitting failure or obscuring harsh reality by trying to rebrand it as a new opportunity (far more than actually taking a move towards “guarantee” of any success).

It’s almost like when the power of money and technology fails to deliver, there’s a tendency of those charged with power management to grasp longingly at mysticism for solutions — as if art comes from divine inspiration, an individual appeal towards ultimate power, instead of being the expression of collective wisdom and collaboration (inverse to conflict).

Unfortunately, this announcement very much reminds me of an intentional lack of UK intelligence — how under reported SAS history has been (not to mention the role of US Vietnam War veterans), given who actually was sending expeditionary forces into the disastrous killing fields of Rhodesia.

I mean in reality will this really be anything more than a new chapter for the infamous “ace of spades“, or more than a return to the 101 of special forces (roots planted in WWII by the “long lines” of an “expeditionary” Wingate)?