Mark Hurd on HP's Surveillance and Disinformation

Straight from the source - HP's CEO, one that compared to Fiorina's qualitative approaches decided to shift the company's strategy to a quantitative internal benchmarking model -- one is always fulfilling the other and vice versa -- and he succeeded, but with today's competitive environment and seek for "the next big thing" some companies are sacrificing productivity for insider fears related investigations. Not that there aren't any, it's just that this particular case is nothing more than a bored top management employee sending signals to the press. Next time it would be a top floor hygiene COO's comments on how HP are definitely up to something given the late hour conference meetings, the press will quote as "an insider source leaked this to us" type of quotation :

"Now the question is do you pick up the document and turn to page whatever, or do you say, 'are you sure?' He says 'I'm sure.' So then you say, 'what are we going to do?' Now let me give you two thoughts. You could react by not confronting the problem. You talk about ethics. We've gone down the backward looking view. There's also the dimension that says, are you going to bury this or confront it. Pretty big question, right? And I want to make something clear. I only know of the facts around the one leak. I don't know, there's been a lot of speculation around tens of leaks, and they associate with this one person [Jay Keyworth, a longtime HP board member]. This fact was about one leak from this one person who is a really good guy in the sense of contributions he made to Hewlett Packard over many years.

So now you're confronted with data that says, great contributor, and the team is looking at Pattie [Then board chairman Patricia Dunn] and saying 'what are you going to do.' And I can tell you if you're looking down at this room as you're making a decision, my first reaction wasn't to say, 'hey Pattie, why don't you look backward at how the data was collected.' The stress was, how are you going to confront the fact that was being presented to you. You're going to do what?

Now to your point, knowing what we know now I wish we'd looked at a different set of facts. But even at that point, what had been done had been done. You'd have been reacting at that point in time. I don't want to shirk any of this. The buck stops with me. But you can't have a CEO of a company our size being the backstop. The thought that I'm going to catch everything -- revenue, costs, personnel decisions, investigations... you know the scale of this company."

Catch up with the case through a previous post on the topic, and keep on reading. Continue reading →

Government Data Mining Programs - Interactive

A very extensive visualization of various U.S government data mining programs :

"Individually, each piece of information gives only a small glimpse into people’s lives -- but over time, these bits of personal information can begin to reveal patterns. Such as the places they go, the products they buy, or perhaps the type of people they associate with.This pattern-recognition process is called “Data Mining” or sometimes “Knowledge Discovery.” Since September 11, the federal government -- especially intelligence and law enforcement agencies -- have turned to data mining programs to make sense of growing oceans of data. The end result isn’t always about discovering what people have done -- but what people might do tomorrow. What does a terrorist look like? What is the culmination of their credit, contacts, purchases and travel? Is it possible that you might share these similar patterns? Chances are at least some of these programs sift through personal information about you."

Go through the questionnaire for a specific case, directly on a program of interest and see its relationship with the rest, if any of course. Go through a previous post on Able Danger's Intelligence Unit Findings Rejected to find out more about the state of information sharing. Continue reading →

Satellite Imagery of Secret or Sensitive Locations

Continuing the Travel Without Moving Series, and a previous post on Open Source North Korean IMINT Reloaded, this collection of Google Earth, Google Maps, Local Live and Yahoo Maps versions of secret or sensitive locations is worth browsing through. Included coordinates for over 80 locations, for instance :

- Predator Drone Returning From Mission
- Predator Drones at Remote Airstrip
- Predator Drone Taking Off From Remote Airstrip
- TAGS 45 'Waters'
- M80 'Stiletto' Stealth Boat
- U-2 Being Readied For Mission
- Underground Hangars at Sunchon Airbase
- North Korean No-Dong Missile Assembly Building
- Former MI6/FCO high security SIGINT enclave at Poudon
- Former NSA/DoD satellite intercept site
- CIA 'Black Site' for terrorist interogations
- Russian Foreign Intelligence (SVR) Headquarters
- CFS Leitrim - Satellite Singal Interception station
- Russian Don-2NP Pill Box Radar
- Star Wars missile defense support site
- AN/FRD-10 Classic Bullseye Antenna
- Radomes on Fort Belvoir
- Northrop "Secret" Research Facility
- Classic Bullseye listening antenna array

As you will find out the data provided is a historical one -- the UAVs and B2s have already dissapeared for instance. Does the publicly obtainable imagery represent a threat to these locations? Not necessarily, as threats from which these facilities were supposed to be protected from have been replaced by ones requiring a different perspective. The dishes however, are still there, listening..

Related posts and resources:
Satellite
Defense
Military
Japan's Reliance on U.S Spy Satellites and Early Warning Missile Systems
Stealth Satellites Developments Source Book
Anti Satellite Weapons Continue reading →

NSA Mind Control and PSYOPS

Basics of recruiting, interrogations, brainwashing and PSYOPS on the foundations of Visual Hallucinations, Event-Triggered (conditional) Implant Delivery, and Complete Quiet Silence? Maybe, but this article is full of interesting concepts, consider however skipping the part on how the NSA brainwashed Curt Cobain :

"Curt Cobain of the musical group "Nirvana" was another victim of NSA brainwashing and was terminated by NSA. Cobain had started writing clues to the NSA activities into his music to communicate it to his music followers. He referred in music to the NSA as the "Friends inside his head". Once the NSA puts on the highest level of brainwashing pain, the subject expires quickly. Cobain used heroin to numb and otherwise slow the effect of the brainwashing."

He had different "friends".

Related resources:
Intelligence
NSA Continue reading →

Anti-Counterfeiting Technologies

Handy overview of various anti-counterfeiting technologies and where they're primarily used at, such as Holograms, Optically variable inks, Microlenticular technology, Special inks, Nanomarkers, and yes, RFID tags, but keep in mind that they used to be "covert" decades ago, but in the passports of some nowadays.

You might find a previous post "Pass the Scissors" worth reading as well. Continue reading →

Afterlife Data Privacy

Have you ever asked yourself what's going to happen with your digital data in case the worst happens, or most importantly, the pros and cons of privacy in such a situation?

Taking passwords to the grave is always be default, and while your email service provider may get socially engineered -- or have to comply with a court order -- under the excuse of emotional crisis, family relations, reconsider how you would like to have your (accounting) data handled :

"The situation poses a dilemma for e-mail providers that are pilloried by privacy rights advocates at the mere suggestion of sensitive data being exposed, at the same time they are expected to hand over the digital keys to family members when a customer dies. Last year, Yahoo was forced to provide access to the e-mail of a U.S. Marine killed in Iraq to his father, who got a court order in the matter. "The commitment we've made to every person who signs up for a Yahoo Mail account is to treat their e-mail as a private communication and to treat the content of their messages as confidential," said Yahoo spokeswoman Karen Mahon. Beyond acknowledging that Yahoo complies with court orders, Mahon declined to discuss Yahoo's requirements for providing family members access to the e-mail accounts of their deceased loved ones. Google will provide access to a deceased Gmail user's account if the person seeking it provides a copy of the death certificate and a copy of a document giving the person power of attorney over the e-mail account, said a Google spokeswoman."

Whereas some inboxes should never be opened -- your spouse's one for instance -- leading email providers have already established practices when dealing with such requests and I feel the lack of reliable stats on the occurrences of such isn't proving the necessary discussion. The majority of people I know don't just have a black and white sides of their characters, they're too colorful to hide it both offline and online, and that's what makes them "people I know". Changing a provider's privacy policy wouldn't necessarily have a significant effect unless an author's email communication truly becomes his property, while on the other hand local laws could ruin the effect. It would be highly flexible if users are offered the opportunity to speak for themselves and their privacy while still able to do it.

Sometimes, on your journey to happiness and emotional balance you end up opening more and more of pandora's boxes, when what you're looking for is right inside your head - the clear memory of the person in question, not the pseudo-individuality in all of its twisted variations. Make sure what you wish for, as it may actually happen!

The ultimate question - Why does a deceased soldier’s email thoughts become the property of a company? Continue reading →

Media Censorship in China - FAQ

Controversial to the generally accepted perspective that China's Internet censorship efforts are primarily a technological solution only, I feel it's self-regulation as a state of mind that's having the greatest impact on the success of their efforts -- the very same way you're being told not to misbehave while seeing yourself on a monitor when entering a store for instance. Self-censorship as a state of mind by itself is a way of hiding the plain truth that the Chinese government is aware it cannot fully control what information is coming in, and going out of the country. That of course doesn't stop it from speculating it still can. Here's a recent FAQ on the Media Censorship in China answering the following questions :

What is the current media policy in China?
How free is Chinese media?
What are the primary censoring agencies in China?
How does China exert media controls?
How does China control the influence of foreign media?
How do journalists get around media control measures?

The main agencies responsible for history engineering :

"But the most powerful monitoring body is the Communist Party’s Central Propaganda Department (CPD), which coordinates with GAPP and SARFT to make sure content promotes and remains consistent with party doctrine. Xinhua, the huge state news agency (7,000 employees, according to official statistics), is beholden to the CPD and therefore considered by press freedom organizations to be a propaganda tool. The CPD gives media outlets directives restricting coverage of politically sensitive topics—such as protests, environmental disasters, Tibet, and Taiwan—which could be considered dangerous to state security and party control."

Centralization as the core of control, why am I not surprised? Don't tolerate censorship, learn how to undermine it. Continue reading →

Terrorism and Response 1990-2005

Very informative and objective retrospective on the response to terrorism from 1990 to 2005. The syllabus by Bruce D. Larkin and Ben Lozano is even more resourceful with its "what if" brainstorming questions.

Here's another map of terrorist networks in America for 1991-2005, based on states and possible cell of operation -- two more previous versions available. Continue reading →

Able Danger's Intelligence Unit Findings Rejected

The much hyped Able Danger Intelligence unit which has supposedly collected and identified information on the 9/11 terrorist attacks claim was officially rejected :

The report found that the recollections of most of the witnesses appeared to focus on a “single chart depicting Al Qaeda cells responsible for pre-9/11 terrorist attacks” that was produced in 1999 by a defense contractor, the Orion Scientific Corporation.

While witnesses remembered having seen Mr. Atta’s photograph or name on such a chart, the inspector general said its investigation showed that the Orion chart did not list Mr. Atta or any of the other Sept. 11 terrorists, and that “testimony by witnesses who claimed to have seen such a chart varied significantly from each other.” The report says that a central witness in the investigation, an active-duty Navy captain who directed the Able Danger program, had changed his account over time, initially telling the inspector general’s office last December that he was “100 percent” certain that he had seen “Mohamed Atta’s image on the chart.”

Issues to keep in mind:
- the chaotic departamental information sharing or the lack of such, budget-deficit arms race, thus departments wanting to get credited for anything ground breaking
- prioritizing is sometimes tricky, wanting to expand a node, thus gather more intelligence and more participants might have resulted in missing the key ones, marginal thinking fully applies
- OSINT as this Social Network Analysis of the 9-11 Terror Network shows, is an invaluable asset and so is the momentum and actual use of the data

Despite that if you don't have a past, you're not going to have a future, true leaders never look into the past, they shape the future and don't mind-tease what they could have done. Necessary evil moves the world in its own orbit now more than ever, and if you really don't have a clue what I'm trying to imply here, then you're still not ready for that mode of thinking.

So, the man who knew, but no one reacted upon his findings in a timely manner, or a case-study of how terrabytes of mixed OSINT and Intelligence data weren't successfully data mined? I go for the first point.

Able Danger chart courtesy of the Center for Cooperative Research. Continue reading →

HP's Surveillance Methods

Seems like it's not just Board of Directors' Phone Records that were obtained by HP under the excuse of enforcing an exemplary corporate citizenship, but on pretty much everyone that communicated with them or is somehow in their circle of friends -- no comments on the boring minutes of meetings shared with the press as the main reason all this. Besides passing the ball to the next board member over who's been aware of, more details on the exact methods used by HP emerge :

- HP obtained phone records for seven current or former HP board members, nine journalists, and their family members;

- HP provided investigators with the Social Security number of one HP employee, in addition the Social Security numbers of 4 journalists, 3 current and former HP board members, and 1 employee were also obtained by investigators;

- HP investigators attempted to use a tracer to track information sent to a reporter;

- The concept of sending misinformation to a reporter and the contents of that email were approved by Mr. Hurd, although no evidence was found to suggest that he approved the use of the tracer for surveillance;

- Investigators hired by HP monitored a board meeting, a trip to Boulder taken by a board member, as well as the board member's spouse and family members;

- In February of 2006, investigators watched a journalist at her residence and in February of 2006 “third party investigators may have conducted a search of an individual’s trash.”

By the time HP provided the associated parties SSNs, they've pretty much left them on the sharks to finish the rest, disinformation though, is something I previously thought they didn't do, but with dumpster diving in place as well, I guess they did order the entire all-in-one surveillance package.

Megacorp ownz your digitally accumulated life, and yes, it can also engineer and snoop on your real one. All they were so talkative about, is publicly available information that every decent analyst should have definitely considered starting from HP's historical performance as a foundation for future speculations. In between HP is (was) also sponsoring a Privacy Innovation Award.

Who's the winner at the bottom line? That's ex-CEO Carly Fiorina -- phone records also obtained -- whose upcoming book will profitably take advantage of the momentum. Continue reading →

Hezbollah's DNS Service Providers from 1998 to 2006

Nice visual representation trying to emphasize on the U.S hosting companies connection :

"In the following, we examine the Hizballah domains in light of which companies have provided DNS service. A domain's whois record specifies DNS servers, and the DNS servers tell browsers what IP address/server is currently hosting the domain. This is a mission critical service without which the domains in question would be unreachable. Despite the fact that Hizballah is a designated Terrorist entity in the United States, American companies have been, and continue to be the primary providers of service to Hizballah. We now know of 40 domains of Hizballah, based largely on a list provided by Hassan Nasrollah on a previous incarnation of his own web site. Of those 40 domains, 23 are now or have been provided DNS services by Alabanza Inc. of Baltimore, Maryland. No other provider comes close. Alabanza's domain name registration business, Bulkregister, is Hizballah's registrar of choice. See our report regarding the registrars of Hizballah's domains."

Who knew Hezbollah are indeed the rocket scientistics they pretend to be? UAVs, night vision gear, SIGINT gear, or has rocket science became so "outsourceable" nowadays?

Cyberterrorism isn't dead, it's just been silently evolving under the umbrella provided by the mainstream media -- wrongly understanding the concept, and stereotyped speculations. Continue reading →

Interesting Anti-Phishing Projects

Seven anti-phishing projects, I especially find the browser recon and countermeasures one as a trendy concept, as phishers are already taking advantage of vulnerabilities allowing them to figure out a browser's history, thus establish a more reputable communication with the victim -- adaptive phishing.

01. Social Phishing
The fundamental purpose of this study was to study the effects of more advanced techniques in phishing using context. Receiving a message from a friend (or corroborated by friends), we hypothesized the credibility of the phishing attempt would be greater

02. Browser Recon and Countermeasures
One can use a simple technique used to examine the web browser history of an unsuspecting web site visitor using Cascading Style Sheets. Phishers typically send massive amounts of bulk email hoping their lure will be successful. Given greater context, such lures can be more effectively tailored---perhaps even in a context aware phishing attack

03. Socially Transmitted Malware
People are drawn in by websites containing fun content or something humorous, and they generally want to share it with their friends. This is considered social transmission: referral to a location based on reccommendation of peers. We measured possible malware spread using social transmission

04. Phishing with Consumer Electronics: Malicious Home Routers
It is easy to "doctor" a wireless router like the ones found at home or at a local WiFi hotspot to misdirect legitimate browser links to phoney and often harmful website.

05. Net Trust
Individuals are socialized to trust, and trust is a necessary enabler of e-commerce. The human element is the core of confidence scams, so any solution must have this element at its core. Scammers, such as phishers and purveyors of 419 fraud, are abusing trust on the Internet. All solutions to date, such as centralized trust authorities, have failed. Net Trust is the solution -- trust technologies grounded in human behavior

06. A Riddle
Could your browser release your personal information without your knowledge?

07. Phroogle
Exploiting comparison shopping engines to bait victims

You might also be interested in Google's Anti-Phishing Black and White Lists. Continue reading →

Airport Security Flash Game

Ever wanted to snoop through the luggage of others in exactly the same fashion yours gets searched through? Try this game, and make sure you keep an eye to the instantly updated "dangerous items" unless you want to be held responsible, and lose your badge. Continue reading →

Soviet Propaganda Posters During the Cold War

Posters are a simple, yet influential form of PSYOPS, and their type of one-to-many communication method successfully achieves a decent viral marketing effect. Here's an archive of Soviet propaganda posters against the U.S during the Cold War you might find entertaining -- here's part 2. "Capitalists from across the world, unite!"

North Korea's not lacking behind, and despite the end of the Cold War, is still taking advantage of well proven and self-serving psychological techniques to further spread their ideology.

Here are some collections of ITsecurity related ones as well. Continue reading →

Banking Trojan Defeating Virtual Keyboards

The folks behind VirusTotal, just released an analysis and an associated video of trojan generating video sessions of the infected end user's login process, thus bypassing the virtual keyboard many banks started providing with the idea to fight keyloggers.

"Today we will analyze a new banking trojan that is a qualitative step forward in the dangerousness of these specimens and a new turn of the screw in the techniques used to defeat virtual keyboards. The novelty of this trojan lies in its capacity to generate a video clip that stores all the activity onscreen while the user is authenticating to access his electronic bank.

The video clip covers only a small portion of the screen, using as reference the cursor, but it is large enough so that the attacker can watch the legitimate user's movements and typing when
using the virtual keyboard, so that he gets the username and password without going into further trouble. It would obviously be place a heavy burden on the resources of the computer to capture the complete screen, both when generating the video clip as well as sending it to the attacker. The main reason for doing only a small portion of the screen referenced to the cursor is that the trojan guarantees the speed of the capture to show all the sequence and activity with the virtual keyboard seamlessly."

Anything you type can be keylogged, but generating videos of possibly hundreds of infected users would have a negative effect on the malware author's productivity, which is good at least for now. Follow my thoughts, the majority of virtual keyboards have static window names, static positions, and the mouse tend to move over X and Y co-ordinates, therefore doing a little research on the most targeted bank sites would come up with a pattern, pattern that should be randomized as much as possible. Trouble is, the majority of phishing attacks are still using the static image locations of the banks themselves, when this should have long been randomized as well.
OPIE authentication, suspicious activity based on geotagging anomalies, and transparent process for the customer -- please disturb me with an sms everytime money go out -- remain underdeveloped for the time being. You might find Candid Wüest's research on "Phishing in the Middle of the Stream" - Today's Threats to Online Banking informative reading on the rest of the issues to keep in mind.

No Anti Virus Software, No E-banking for You, or are Projection Keyboards an alternative? Continue reading →

Results of the Cyber Storm Exercise

The Cyber Storm exercise conducted in January "simulated a sophisticated cyber attack campaign through a series of scenarios directed at several critical infrastructure sectors. The intent of these scenarios was to highlight the interconnectedness of cyber systems with physical infrastructure and to exercise coordination and communication between the public and private sectors. Each scenario was developed with the assistance of industry experts and was executed in a closed and secure environment. Cyber Storm scenarios had three major adversarial objectives:

- To disrupt specifically targeted critical infrastructure through cyber attacks
- To hinder the governments' ability to respond to the cyber attacks
- To undermine public confidence in the governments' ability to provide and protect services"

Seems like the results from the exercise are already available and among the major findings are related to :

- Interagency Coordination
- Contingency Planning, Risk Assessment, and Roles and Responsibilities
- Correlation of Multiple Incidents between Public and Private Sectors
- Training and Exercise Program
- Coordination Between Entities of Cyber Incidents
- Common Framework for Response and Information Access
- Strategic Communications and Public Relations Plan
- Improvement of Processes, Tools and Technology

Frontal attacks could rarely occur, as cyberterrorism by itself wouldn't need to interact with the critical infrastructure, it would abuse it, use it as platform. However, building confidence within the departments involved is as important as making them actually communicate with each other.

Go through a previous post on the Biggest Military Hacks of All Time in case you're interested in knowing more on specific cases related to both, direct and indirect attacks. Continue reading →

Examining Internet Privacy Policies

Accountability, public commitment, or copywriters charging per word, privacy policies are often taken for fully enforced ones, whereas the truth is that actually no one is reading, bothering to assess them. And why would you, as by the time you've finished you'll again have no other choice but to accept them in order to use the service in question -- too much personal and sensitive identifying information is what I hear ticking. That's of course the privacy conscious perspective, and to me security is a matter of viewpoint, the way you perceive it going beyond the basics, the very same way you're going to implement it -- Identity 2.0 as a single sign on Web is slowly emerging as the real beast. The marketing perspective, offers unprecedented and fresh data whose value may be the next big project, balance is the key.

Here's an interesting research on "Examining Internet Privacy Policies Within the Context of Use Privacy Values" :

"In this paper, we present research bridging the gap between management and software requirements engineering. We address three research questions. 1) What are the most stringently regulated organizations (health care related organizations including health insurance, pharmaceutical, and drugstores) saying in their privacy policy statements? 2) What do consumers value regarding information privacy? 3) Do the privacy policy statements provide the information that consumers want to know?

Results from this study can help managers determine the kinds of policies needed to both satisfy user values and ensure privacyaware website development efforts. This paper is organized as follows. First, we discuss relevant research on privacy, policy analysis, and software requirements engineering. Next, we cover the research methodologies of content analysis and survey development, and then the survey results. Finally, we discuss the results and implications of this work for privacy managers and software project managers."

The only time privacy policies get read is whenever a leak like AOL's one happens, and mostly for historical purposes, where's the real value, not the perceived one? Don't responsibly generate privacy policies, consider preemptively appointing chief privacy officers, thus commiting yourself to valuing your users's privacy and having a strategy in mind.

Related resources:
Privacy
Snooping on Historical Click Streams
A Comparison of US and European Privacy Practices Continue reading →

Cyber Intelligence - CYBERINT

HUMINT, SIGINT, TECHINT, all concepts for gathering intelligence and supporting decision makers on emerging trends are invaluable by their own definitions, yet useless if not coordinated for achieving the ultimate objective. Cyberspace is so much more than a social phenomenon or the playground of countless pseudo personalities. Info-warriors and analysts are realizing that Cyberspace is becoming so disperse and versatile, that a seperate practice of Cyber Intelligence is necessary to proactively respond -- and always be a step ahead of developing new capabilities -- of emerging players, threats, and tactics. Virtual situational awareness is as important to intelligence analysts, as it is important to security professionals wanting to remain competitive.

What's Cyber Intelligence, or Intelligence analysis for Internet security, can we model it, how long would the model survive before what used to static turns into a sneaky variable knowing its practices has been exposed? What would the ultimate goal of CYBERINT be? To map the bad neighborhoods and keep an eye on them, to profile the think-tanks and assess their capabilities, background motivations for possible recruitment? Or to secure Cyberspace, no matter how megalomanic it may sound, or to basically acquire know-how to be used in future real-life or cyber conflicts?

Intelligence Analysis for Internet Security proposes an intelligence model for the development of an overall systems security model, here's an excerpt :

"Obtaining prior knowledge of both threats and vulnerabilities – as well as sensitivity to possible opportunities to exploit the vulnerabilities - is essential. Intelligence analysis, of course, operates at different levels, ranging from the specific to the general, and from short-term incidents and operations to long term patterns and challenges. Each form or level of analysis is crucial, and complements and supplements the others. Nevertheless, it is important to distinguish them from one another and to be clear at which level the activities are taking place. It is also important to recognize that the most critical insights will be obtained from fusion efforts that combine these different levels. The several complementary levels of intelligence analysis are strategic analysis, tactical analysis and operational analysis. In practice, these categories shade into each other and are not always sharply differentiated, and differing definitions for these terms exist in the intelligence community. Nevertheless, they offer a useful framework within which intelligence tasks and requirements can initially be delineated."

A very informative and relevant research emphasizing on strategic intelligence analysis, tactical intelligence analysis, operational intelligenec analysis, and how cyber intelligence intersects with traditional approaches.

What's the core of CYBERINT?

- the maturing concept of cyberterrorism, propaganda and communications online, thus huge amounts of data to be aggregated and analyzed
- an early warning system for new attack tools, their easy of use, availability, ability to be tracked down, and level of sophistication
- offensive CYBERINT is perhaps the most interesting and aggresive approach I consider fully realistic nowadays. Operational initiatives such as nation-wide pen testing, OS and IP space mapping for instant exploitation, segmented economic espionage attacks -- ip theft worms achieving efficiency -- passive google hacking and reconnaissance, tensions engineering, zero day vulnerabilities arms race

Outsourcing to objective providers of intelligence and threats data should also be considered, but then again it's just a tiny portion of what can actually be achieved if a cross-functional team is acting upon a common goal - to be a step ahead of tomorrow's events, and pleasently going through threat analysis conducted year ago predicting and responding to them.

If you don't have enemies, it means you're living in a world of idleness, the more they are, the more important is what you're up to.

Related resources and posts:
Information Warfare
Cyberterrorism
Intelligence
Benefits of Open Source Intelligence - OSINT Continue reading →

Leaked Unmanned Aerial Vehicle Photo of Taliban Militants

Missed shot from a predator drone due to moral concerns, remarkable move and one visionary enought not to provoke another media fiasco of killed civilians for the sake of killing alleged militants. "U.S. Military Investigates Leaked Photo"

"The grainy black and white photo shows what NBC says are some 190 Taliban militants standing in several rows near a vehicle in an open area of land. Gunsight-like brackets were positioned over the group in the photo. NBC quoted one Army officer who was involved with the spy mission as saying "we were so excited" that the group had been spotted and was in the sights of a U.S. drone. But the network quoted the officer, who was not identified, as saying that frustration soon set in after the officers realized they couldn't bomb the funeral under the military's rules of engagement."

Hezbollah are also known to be able of operating drones, as well as their "window-shopping" purchasing capabilities for night vision gear but how come? Politically independent parties whose revenues get generated by their ability to be totally neutral and, of course, tactics for bypassing gear embargoes.

However, it would be naive to assume everyone is as rational as you are, as it's a rather common practice for various military forces to build up their foundations near highly populated areas, schools and hospitals. Insider leaks like these show certain weaknesses, namely operatives with access to information whose significance slightly devaluated, so why not generate some buzz on the findings.

Naturally, the Pentagon is taking measures to limit the potential of yet another media fiasco, taking into consideration the growing use of gadgets in the military. Moreover, successfully realizing the power of OSINT, an information security/web site alert was issued during August on what can't be posted at .mil sites.

Predator UAV image of Serbian fighters surrendering in Kosovo, courtesy of Military Intelligence Satellites. Continue reading →

Internet PSYOPS - Psychological Operations

Psychological operations or PSYOPS is an indirect use of information warfare methods to deceive, shape and influence the behavior and attitude of the targeted audience -- military marketers with greater access to resources and know-how. The Internet acting as a global-reaching, cost-effective platform for dissemination of a message, rumor, lie, inside information is directly influencing the evolution of the concept.

You may find this research conducted back in 2001, still relevant on the basics of psychological operations and propaganda online. A brief summary of The Internet and Psychological Operations :

"As an information medium and vehicle of influence, the Internet is a powerful tool, in both open societies as well as in those whose only glimpse of the outside world is increasingly viewed and shaped through webpages, E-mail, and electronic chat rooms. Moreover, the sword cuts both ways, as unconstrained (legally, socially, politically) adversaries find the Internet an effective vehicle for influencing popular support for their cause or inciting the opposite against the U.S. or its interests. Consequently, the realm of military psychological operations (PSYOP) must be expanded to include the Internet. Just as obvious is the need for action to remove or update current policy and legal constraints on the use of the Internet by military PSYOP forces, allowing them to embrace the full range of media, so that the U.S. will not be placed at a disadvantage. Although current international law restricts many aspects of PSYOP either through ambiguity or noncurrency, there is ample legal room for both the U.S. and others to conduct PSYOP using modern technology and media such as the Internet. Existing policy and legal restrictions, however, must be changed, allowing military PSYOP forces to both defend and counter adversarial disinformation and propaganda attacks which impact on the achievement of military objectives. By examining this issue, I hope to highlight the importance of the Internet for PSYOP and foment further discussion."

Undoubtedly, Abu Ghraib's fiasco is among the most relevant cases of unintentional PSYOPS in reverse, where the leak's echo effect would continue to spell sskepticism towards what democracy really is. And while there're indeed legal issues to consider when using such operations, what is legal and illegal in times of war is questionable.

Some basic examples:
- your web sites spread messages of your enemies
- sms messages and your voice mail say you're about to lose the war
- your fancy military email account is inaccessible due to info-warriors utilizing the power of the masses, thus script kiddies to distract the attention
- you gain participation, thus support
- you feel like Johnny Mnemonic taking the elevator to pick up the 320 GB of R&D data when a guerilla info-warrior appears on the screen and wakes you up on your current stage of brainwashing
- starting from the basics that the only way to ruin a socialist type of government is to introduce its citizens to the joys of capitalism -- it always works
- hacktivism - traffic acquisition plus undermining confidence
- propaganda - North Korea is quite experienced
- self-serving news items, commissioned ones
- achieving Internet echo as a primary objective
- introducing biased exclusiveness
- stating primary objectives as facts that have already happened
- impersonation

The evolution of online PSYOPS is on its way and is actively utilized by both adversaries, and everyone in between, it's entirely up to you to be either objective, or painfully subjective. Continue reading →