An Oldie


Back in the mid 90s I had an unusual experience, in which I was caught in the blast-corona of Operation Sundevil – the Secret Service’s attempt to gain relevance in cybersecurity [wik]. My role was small but it made me realize that the government, at that time, was ignorant enough that they could easily be stampeded into doing stupid things, a form of “terrorism by stupid cop” which I later re-framed as “a denial of clue attack.”

All of that led me to formulate some doctrines for cyberinsurgency, which I ran by a bunch of fellow paranoid security people, and eventually wrote down. [cyberinsurgency] This was all done during a couple of nights of creative up-swing, the culmination of decades of observation and frustration. I think the hardest part was to write in a tone that was different enough from my usual tone of the time that maybe it wouldn’t be immediately recognizable.

Dear Wage Slave:

Times have changed, and they change constantly.

But, one constant of change is that people are expected/required to work for a living, and our society has formed itself as a sort of gigantic trap into which you are born: you need a job, you need a “boss”, you need a salary and benefits, or you’re treated like garbage.

You’re treated like garbage, anyway, in case you didn’t notice – unless you’re one of the lucky 1% who have privilege, a nice house, stock options, and some career mobility. If you’re like most people, you work for someone who acts as though they owe you nothing, and you should be grateful that they’re willing to hire you to do whatever task they put before you. In the old days (the 1880’s to 1920’s that is) anarchists spoke to wage slaves, minors, laborers, and members of the permanent underclass, and told them, “they act like they owe you nothing, but the truth is you owe them nothing, either.” Lie, cheat, steal, kill, defraud the rich or your corporate masters – go ahead, what you are doing is pursuing the process of building equity in your brand, just the way that they got to where they are.

Vast numbers of you are being encouraged to join the “gig economy” – which is a nice way of saying “the economy that you have no control over whatsoever” – and that is happening in several important places:

  • More money is being spent on “cloud computing” i.e.: systems that are remotely configured and managed by independent operators that owe only financial loyalty to their customers
  • More software is being developed by contract workers – code farmers who till the software fields to grow vast wealth for their masters, who buy new mansions every so often, but act as though they owe the contract workers nothing. This is nothing new: farm laborers are used to being told “you’re lucky you have a job at all” by the managers who have deliberately acted to make them interchangeable and disposable
  • More software is being assembled rather than built – it’s code that is pieced together from stuff that someone provided on the internet. This site, for example, is built on WordPress, an incomprehensibly massive pile of shit-code that you can get for free over the internet. It’s code that most people never bother to understand. Do you know what’s in it? Do you know where there are security flaws or backdoors? Probably not. “It works” is good enough, because that’s cheap.
  • More operations are being outsourced to service providers of one sort or another. It used to be difficult to get into a data center and wander around, but now – if you’re part of a cleaning crew, or a telco repair team, or a service that waters the ugly plants in the office – you’ve got access to places that a reasonable attacker would pay dearly to gain.

The point is that they owe you nothing, and you owe them nothing, but they probably show you so little respect that they haven’t realized how dangerous you are.

Edward Snowden – whether you approve or disapprove of his actions – is the 21st century man. Edward worked for a contracting company, which put him in a position of field-worker for IT systems administration, then sold his services to the National Security Agency. The NSA had only the vaguest idea that he existed at all; what plantation owner studies the people out in the sun picking the cotton? But Snowden had a degree of access that was tremendous, and he thoroughly ripped them off. Now, Snowden was motivated by some ideological goals – he felt that the NSA’s surveillance program was inappropriate and that the world should know about it. So, he feels his actions were justified – and he’s right: the NSA owed him nothing, he was just field-meat to them and he owed them nothing, either.

Think about these things, wage slave. As part of your job, do you develop software? If that software is important, you might be able to sell a vulnerability in it for enough to buy yourself a ladder you can use to climb out of the trap of wage slavery. So why not add a little mistake in your code that you can sell to a malware operator for $100,000 in a couple of years? It’s an investment in your future and if you’re clever enough it’s just a bug not a backdoor. Do you work in a data center? Do you have administrative access? You should do like Edward Snowden did, and take home some of the system backups. Of course you can get in a lot of trouble for doing that, so be careful. Why would you get in trouble? Because Access is valuable. You don’t have to become a hacker and exploit your corporate masters, you can just leave a little opening somewhere and sell that opening on the dark web.

Think about these things, wage slave. If you’re ideologically motivated – if you think that your employer sucks and is abusing its employees and ripping off its customers (i.e.: you work for any Silicon Valley company, ever) You might want to document those facts, collect data, and dump the lot when you find a better job somewhere else. Or, alternately, stay and be an expensive thorn in their side. Do you think the government is full of lying, criminal, corrupt, jackasses? Then collect their data and – someday when it matters – dump it somewhere.

They have made you insignificant and disposable, but that’s only how they see you. The fact that they use you to accomplish some task means that that task must have some value. THink about it this way: you’re a valuable contributor but you’re a dangerous liability. They don’t owe you anything but if they abuse or betray you, you owe them pain. You owe them pain, wage slave.

The sundevil incident was a real jaw-dropper. I was in a meeting at the executive office building in DC, and one of my Secret Service contacts – a fairly high-ranking guy – asked me if I had heard of “blacknet”? Blacknet was a hoax written by Tim May [fxt] a posting on cipherpunks and elsewhere claiming to be a marketplace for stolen data. This was very “out there” stuff for the early 90s. What blew my mind was that most of us immediately recognized it as a send-up at best, or FBI provocation at worst, and ignored it. But here was a Secret Service Big Shot who was, seriously, asking me if I knew any of the people involved or if I had access.

Comments

  1. Reginald Selkirk says

    Anonymous says it has obtained Republican credentials, secrets

    The database is called the Bin. He acknowledged Republican Rep. Marjorie Taylor Greene (GA-14) might recognize the passwords Boortz and Perewin7 because all of her information has been breached and posted on the Bin…
    It has included information about United States Supreme Court Justice Clarence Thomas’s Pornhub account…

  2. jenorafeuer says

    I remember hearing about Operation Sundevil back during the Steve Jackson Games brouhaha. That wasn’t actually part of Operation Sundevil, but got rather tangled up with it in the media and the general ‘egg on the face’ the Secret Service was dealing with as it was such a wonderful demonstration of how completely out of touch they were with what they were trying to enforce.

    The comments from the people at Steve Jackson Games when their offices were raided certainly painted a picture of the Secret Service agents as ‘we have no idea what computers are or what they can do, we’re scared, and we have no sense of humour or perspective so jokes are taken at face value’.

  3. says

    ahcuah@#6:
    So, did you tell Mr. Secret Service Big Shot that blacknet was a hoax, and if you did, did he believe you?

    I did tell him it was a hoax, but I don’t know if they took me seriously – maybe they applied a bit more skepticism, I hope.

    The reason I said I was in the blast field of Sundevil is because the Secret Service Big Shot was the same guy who went on to trigger that particular clusterfuck. He also was the guy who tried to pressure Wing’s girlfriend into getting him to come visit her in Washington DC so they could grab him at the airport. He was also the guy who I turned over Kevin Mitnick and JSZ’s hacking tool archive to, and I have no idea what they did with that. In those days, the FBI and SS’s cybercompetence in cybersecurity was basically cyberzero. It was interesting and scary because, at that time, I was doing a fair amount of incident response and my clients’ first reaction was always “CALL THE FBI!” and I quickly got a very negative reputation with those guys for telling my clients “don’t waste anyone’s time.”

Leave a Reply