Wednesday, June 11, 2008

Who can you trust?

When graduating students attend campus presentations by prospective employers, a few may find themselves at the somewhat embarrassing session where those in attendance are reluctant to look at each other; where the main briefer is a tweedy, faintly Ivy Leaguish sort of man at whose elbow is an Eastern European man in a cheap suit, horn rimmed glasses and a pocketful of calling cards with a telephone number good for two weeks only. In some Third World city the setting for the same process may be different. An extended conversation at a cocktail party with an embassy official that goes on for an extraordinarily long time. Or maybe at a private dinner following long acquaintance where the atmosphere turns somewhat muted and charged at the same time.

To be or not to be. This is the question that crosses the minds of many an adventurous person in his life. And the one reason not to be -- that is, affiliated with any official type of clandestine organization -- is the question of who you can trust. The one source of danger that no person in the field can guard against is the pentration of the agency in whom he has placed his trust. Russian agents working for the United States may never have heard the name Aldrich Ames, even till the time when they felt the cold steel muzzle of the execution pistol placed languidly against the back of their heads. They probably died still wondering how the hell they were compromised.

"In God We Trust" means literally that. In all other cases, you takes your chances. Recently, a number of classified computers in the US Senate containing the names of Chinese dissidents were discovered to have been hacked by the People's Republic of China.

WASHINGTON - Multiple congressional computers have been hacked by people working from inside China, lawmakers said Wednesday, suggesting the Chinese were seeking lists of dissidents.

Two congressmen, both longtime critics of Beijing's record on human rights, said the compromised computers contained information about political dissidents from around the world. One of the lawmakers said he'd been discouraged from disclosing the computer attacks by other U.S. officials.

Virginia Rep. Frank Wolf said four of his computers were compromised, beginning in 2006. New Jersey Rep. Chris Smith, a senior Republican on the House Foreign Affairs Committee, said two of his computers were attacked, in December 2006 and March 2007.

Wolf said that following one of the attacks, a car with license plates belonging to Chinese officials went to the home of a dissident in Fairfax County, Va., outside Washington and photographed it.

Things were bad enough in the days when "files" meant thick Manila folders with a garish security warning sheet on the front page. One of the good things about those types of files is that to meaningfully replicate them, you needed a Minox camera with a length of chain, or latterly, a photocopying machine. But today files mean computer files and especially, databases. And databases love to replicate. To cubes, backups, mirrors, subsets, reports, charts, graphs and mashups.

Thomas Jefferson in his genius, described the promiscuous nature of information in his famous analogy of the candle. "He who receives an idea from me receives instruction himself without lessening mine -- as he who lights his taper at mine, receives light without darkening me."

Wednesday's disclosures came as U.S. authorities continued to investigate whether Chinese officials secretly copied the contents of a government laptop computer during a visit to China by Commerce Secretary Carlos M. Gutierrez and used the information to try to hack into Commerce Department computers.

The Pentagon last month acknowledged at a closed House Intelligence committee meeting that its vast computer network is scanned or attacked by outsiders more than 300 million times each day.


The Belmont Club is supported largely by donations from its readers.


Blogger Charles said...

In this repost over at freerepublic, Michelle Malkin shows just why Obama is technically not eligible to run for president.

The greatest dangers to the republic are counterfeit marriages, counterfeit citizenship and counterfeit money. The USA may be having some success at addressing the last but none so far in addressing the first two.

6/11/2008 08:56:00 PM  
Blogger Sparks fly said...

Is that 300 million a typo?

6/11/2008 11:59:00 PM  
Blogger CorporateCog said...

16 Gig on a USB stick holds a lot of information, but it still takes some time to load.

It is also putting Swiss Banks under a lot of pressure (Germany's exposure of tax evasion accounts in Lichtenstein). It will be interesting to see if UBS can be trusted or if they will buckle and provide the IRS with the names of all the tax evaders it has assisted.

Maybe these things have something to do with why the price of gold has gone so high.

6/12/2008 12:01:00 AM  
Blogger wretchardthecat said...

Is that 300 million a typo?

It hasn't been retracted and it is quoted repeatedly. See this search:

It doesn't have to be if some of the attacks are DDOs.

6/12/2008 12:03:00 AM  
Blogger Doug said...

How do they count so fast?

6/12/2008 01:19:00 AM  
Blogger Bob said...

They use a computor to do the counting.

6/12/2008 01:48:00 AM  
Blogger RWE said...

It’s a funny thing about Trust in the U.S. Govt – it is not recognized, officially, but there is a lot of it.

The government can’t show loyalty to anyone. Companies continue to get contracts despite the fact they have only proven their ability to cross-thread a bowling ball. Congressmen continue to disperse funds to their own special interests, over and over again.

Officially there is no “trust.” Can’t be. That would be Discrimination. Instead there are Procedures. Want to gain access to a military HQ and all it takes is a form letter signed out by some GS-5.

But then, if you penetrate the Wall That Protects Things That Are Not There, it’s a whole different story. There is a lot of trust; in fact, it’s all based on Trust. A letter from a GS-5 won’t do, but of Fred told Joe to tell Bob that you were Okay, then they will sit you down and tell you the details of a satellite reconnaissance system that Does Not Exist.

On the No-Trust open world you have $400 hammers and Jack Murtha’s endless budget earmarks for companies that don’t really exist but for some strange reason all have the same mailing address. In the closed Trust-based world you have Kelly Johnson receiving payments personally to build the U-2 – and not only doing a great job but also handing back $2.5M when one of his conceptual ideas did not work out.

When Trust meets No-Trust things get ridiculous. As described in the book “Secret Empire” the Eisenhower Administration created a whole new organization to develop and utilize awesome new recon capabilities to penetrate the USSR – all while being accused by the Democrats of sleepwalking through history. And in the mid-90’s the head of the National Reconnaissance Office was fired, not for wasting money but for not spending all of it and squirreling it away for a rainy day.

6/12/2008 05:21:00 AM  
Blogger Unknown said...

RWE, I find your post to be extremely insightful, but it also poses a problem. How do I, the voter, trust? I personally will never be pronounced "Okay" because I don't walk the walk; I'm a civilian. Therefore I will never know about the Things That Do Not Exist. They're Known Unknowns to me.

But I know that Something Must Be Done in the face of danger, so am I simply to the assume that the President is Doing Important Things on my behalf? What if this time he IS sleepwalking through history? It's a leap of faith I find unnerving, since my way of life may depend on the answer. Many of the facts that have come out of the Clinton Administration (years too late to effect a vote) indicate that I was correct to worry.

How do we get out of this conundrum? The only thing I can think of is a Trusted Middle-Man, like Joe Lieberman. Sadly, men worthy of Trust seem hard to come by in the Congress.

6/12/2008 06:48:00 AM  
Anonymous Anonymous said...

RWE: Excellent!

Brock: Yes ... we as civilians *need* trusted middle-men, and the system doesn't function worth a damn without them. That's why the character of our representatives is so crucial ... probably more important than any specific plans that they may espouse during their campaign. Of course, those plans frequently tell us something about their character ...

6/12/2008 07:01:00 AM  
Blogger always right said...

Maybe I am more dense than the regular Joe Sixpack. Are you telling me that Murtha and his likes are 'secrete but true' patriots, not (on the surface) fat porkers?

And the pork projects have their merits because we will have to trust a lot of things that never existed?

6/12/2008 07:31:00 AM  
Blogger Mad Fiddler said...

Bill Whittle interview with Tim Conway

The Link to the podcast is available on his website.

Citing this is only meant to add some stimulatin' fodder for thought.

This blog, despite some people whose thinking and logic show no detectible consistency, forces each of us to THINK. If we do not agree with another commenter's assertions, most of the folks here at least take the time to respond to contested points one at a time. Not like some web loci where any unpopular post is first insulted and flamed, then deleted.

It's a valuable exercise to consider views that are obnoxious to your own, and try to figure out how'z cum they think what they think, and how to present your own ideas so as to PERSUADE them to give serious consideration to YOUR views.

I am humbled repeatedly by the wisdom and intellectual integrity that shows up here. Coming to Belmont, I am far more aware of the really important trends in world affairs and U.S. domestic affairs than from ANY so-called Mainstream News Media sources. If I need to know about traffic conditions between my home and work, I'll check the local news, but that's about the only use they've clearly proven.

6/12/2008 09:11:00 AM  
Blogger JAF said...

Actually, its not the scanning that gets the chinese in. What they do is they target someone in a certain position which you can easily find out by doing some googling. Then they send an email to that person with a link within the email to an external site that downloads code onto the system. This code will automatically call back to whereever and give access to the badguy on the other end.
Its as simple as that. The scans are done by script kiddies who don't know what they are doing.

6/12/2008 09:22:00 AM  
Blogger eggplant said...

RWE said:

"But then, if you penetrate the Wall That Protects Things That Are Not There, it’s a whole different story. There is a lot of trust; in fact, it’s all based on Trust. A letter from a GS-5 won’t do, but of Fred told Joe to tell Bob that you were Okay, then they will sit you down and tell you the details of a satellite reconnaissance system that Does Not Exist."

Before he retired, my father was a merchant for a major grocery store chain in Southern California. Grocery stores are very mundane but a typical store can do over a million dollars worth of business in a single day. Very ordinary products like "Tide" laundry detergent can be huge money makers (Proctor-and-Gamble really is the retail world's 500 lb. gorilla).

My father often closed multi-million dollar deals during lunch or at a golf course. He'd make a handshake agreement with the peddler and then hand off the deal to a staff member who would work out the invoice. I'd ask my father why people didn't steal from him. His answer was they could only steal from him once, then the word would get out that they were thieves and their business would be ruined. He also said that a good lawyer could break almost any written contract. If you couldn't trust your counterpart with an oral agreement, then an ironclad written agreement offered no real defense. It's my understanding that almost all business in China is based upon oral agreements.

6/12/2008 09:35:00 AM  
Blogger David M said...

The Thunder Run has linked to this post in the - Web Reconnaissance for 06/12/2008 A short recon of what’s out there that might draw your attention, updated throughout the check back often.

6/12/2008 10:43:00 AM  
Blogger RWE said...

Brock: The short answer is “I have no idea how to handle that problem.” The long answer would take 25 years of experience and some security clearances that Don’t Exist, either.

When I was at the Pentagon I became aware of some disturbing information concerning what the Chinese were learning from launching U.S. made commercial satellites. I conducted my own analysis, on my own time, and finally wrote a memo saying that our current policy in that regard was not only broken but inherently unfixable. But since I was not an intelligence analyst it was ignored. And 6 years later I had the pleasure of testifying to a Congressional investigating team from the position of “I told you so.” And I found out then what my bosses’ boss did with my analysis; he had thrown it away. He had to explain that to the investigators, too.

The problem was that not only was I the only one who had that info, I was one of the very few that could understand its significance. I did talk to an old friend who was in intelligence and he grasped it right away. “How could everyone have missed this?” he asked, mystified. I replied, “Don, how many people are there around who understand this stuff like we do?” He responded “Well, there’s plenty! There’s, there’s…uhhh. Oh! Crap! There is only us!”

Always right: No, I am not saying that Murtha and his ilk are Real Patriots hiding funding for Vital Projects in fake earmarks. The Real Secret Vital Projects don’t get funded that way. The earmarks are real attempts to pay people off and buy votes. If you are sending money to someone to do a mod that is not needed to a piece of equipment that is due to be scrapped – as I know that Murtha did – you are not being patriotic.

And perhaps I did not make myself clear, but the $400 hammer costs that much due to following the open and aboveboard Procedures rather than the Secret Handshake approach.

I guess the rule is: If someone has screwed you in the past you have to assume he will do it again in the future. And you have to assume that he did it a lot when no one noticed as well.

6/12/2008 11:06:00 AM  
Blogger mercutio said...

Hacking the secrets of your adversary is understandable. That's part of the game.

Studidity of intelligence managers, of the kind that RWE relates, is understandable, also. That's the Peter Principle.

Deliberate betrayal of the nation's secrets is a different matter entirely. Aldrich Ames is one type of character, in it for the money, apparently.

But what's with the serial leaking and betrayal that seems to be epidemic, rising to the level of buffoonery in the person of Scott McClellen?

For an interesting cultural read, see the most recent entry in 'American Digest,' a reflection upon the 'National Geographic' article about the 'Gospel of Judas.' A selection:

"Treason, done with the kiss of 'my personal freedom,' proves that you do not really hate your country, you love it. You are, in the final analysis, your country's best friend. In these "new" old tales about Jesus we read that Judas betrayed the Son of God because Jesus told him to do it. . . . . Was this final treason done because this sin had been secretly blessed by God, or for the sheer dark thrill of asserting the self at the expense of life in the light?"

"I betrayed my friend, because he gave me the freedom to do so. Feel my love for him."

"I betrayed my country because it gave me the freedom to do so. Feel my love for it."

6/12/2008 03:03:00 PM  
Blogger Leo3Linbeck said...

Classic repeated Prisoners' Dilemma (see Axelrod's Evolution of Cooperation).

Some keys to making Trust work:

1. Shadow of the future. That's why reputation matters. And transparency (to the players, not outsiders, BTW).

2. Keep the payoffs in a reasonable range. If the sucker's payoff is too high, the benefits to cheating overwhelm the future.

Without this the game becomes one-shot, and the only rational strategy is to defect.


6/12/2008 04:45:00 PM  
Blogger F said...


I think you overlook an important difference in the analogy you set up with Judas and Aldrich Ames (or other traitors). The betrayal of Jesus was the fulfillment of prophesy and the institution of a new era for the Jews (and the rest of the world). Ames' betrayal of his country was no such thing: it was a personal gesture, whether of hubris or greed we might never know, but it reflected his own personal act of defiance designed to damage his country. Say what you might about nationhood, or even about the rightness or wrongness of America during the Cold War: his gesture flies in the face of everything one can presume he was taught growing up (unless he was raised by people who do not share any of the values I and my friends grew up with). One can question how to decide who is trustworthy and who is not, but one can hardly liken Ames' betrayal of his country to Judas' part in an event that changed history. F

6/12/2008 06:20:00 PM  
Blogger Doug said...

US Releases Video Showing Clashes Along Afghan Border

6/12/2008 07:32:00 PM  
Blogger 3Case said...

1. Lieberman is not to be trusted.

2. No one in Congress is worthy of trust.

3. Belief that human engineering malicious code into systems via e-mail is how it is done is naive. That 300M number may be true. I have a nephew who was a SysAdmin for a company that hosted a bunch of DoD websites pre-9/11. I once asked "What do you do all day?" His response: "Chase Hackers and Crackers and make sure they don't get in." I asked if he was allowed to engage in what I would call "counter-battery fire". Answer: "No. Just document the intrusion attempts and any data to help ID the hacker/cracker." I asked if he could tell from where they were coming. Germany, Russia and China were the usual answers.

6/12/2008 08:04:00 PM  
Blogger Craigicus said...

They say that you shouldn't take a new puppy out on the streets of Manhattan because of all the foul germs that the poor pup would run into. They say that the pup is likely to die from exposure.

They also say that, on average, there is a malicious packet sent to the IP address of a new computer on the internet after only 27 seconds of connectivity.

Of course there are at least 300 million packets trying to seek ways to enter mil net each day. That might be a low count. Most of those packets are from the same people who are trying to take advantage of you at home.

The wonderful thing about the USA, though, is that it stands on it's own and institutions will be righted even after they are compromised -- because the people support the government.

The same is not true of China. At some point, many of those who know how to hack a router or how to counter government security will find themselves as part of the opposition to the government. At that point, the antibodies will start fighting against their host.

China will get the internet version of AIDS sooner or later. Let's just hope it is a democracy that arises from the ashes.

6/12/2008 09:00:00 PM  
Blogger jj mollo said...

I had a software firewall that reported intrusion attempts. At first I tried to follow up, but people in position to do something just laughed. I quickly came to understand that there is just too much crap going on for anyone to figure it out ... and this was years ago.

Now I have a lot more protection, but I still manage to contract various kinds of invasive beasties on my computer. I wouldn't even know about those if I weren't using several independent delousing mechanisms. It's frustrating, but I know better than to post my personal data on my own computer. There is more I know I should do, but I think the crackers don't bother with me because there are too many easy targets.

I find it impossible to believe that there aren't serious people in the government who understand this very well and know how to deal with it. I don't find it hard to believe that a Congresscritter would fail to follow sanitation protocols. These people are very impressive, but also impressed with themselves. The problem with verbal virtuosity is that it gives the practitioner an unwarranted aura of intelligence and common sense, which contrary to Transylvanian lore, seems to reflect well in the mirror.

Who should you trust? As suggested several times, the personal network is where it's at. The trouble with such networks is that they only really work at the upper levels. The average person has no way to tap into these networks any more. The result is that no one really makes much sense any more. People swallow the most outlandish tripe.

I am an advocate of structured bottom-up networking with well-defined parameters -- borrowing the Al Qaeda mechanism perhaps, but for sane people. In the past the US had lots of such networks -- informal like old Army buddies or bowling leagues, and formal like the Masons or the Elks. At short political distances, you could know who to trust. I don't believe it was an accident that many of our early leaders were Masons. Trust was passed around like a virus -- a reliable virus.

6/16/2008 10:53:00 PM  

Post a Comment

<< Home

Powered by Blogger