KIRILL KUDRYAVTSEV/AFP/Getty Images
There’s a crisis in the Information Security Community right now related to the Russia Hacking Attribution issue.
The short version is that people have mind-fucked themselves into simultaneously believing nothing and everything.
Putin is Russian. He’s ex-KGB. He has been sanctioned nearly to death for a very long time. And he’s pissed off.
The U.S. government as well as private companies have been watching Russian hackers for years, and they have key people and key groups identified. They have a decent idea of how the operate, the traces they leave, etc.
There are dozens or hundreds of small pieces of circumstantial and second-hand evidence. About the TTPs used. About the possible motives. About observed communication styles by the various players. Most of them point to Russia.
Some pretty smart people, like @thegrugq, Brian Krebbs, and others, have no direct interest in agreeing with the Russian Hack narrative, yet after hours of analysis of all the available information, seem to pretty obviously think it was Russia.
Our own government comes out and says they’re pretty much in agreement across multiple agencies that Russia did it. And they’ve released multiple official reports that make that opinion very clear.
Yet, despite all this, we have people in the infosec community who discard it all and call bullshit.
They say it’s POC or nothing. So either the government gives up direct evidence that proves it was Russia or they feel compelled to believe it’s false. Separate but related question: if you’re that skeptical of the government why would you believe their evidence anyway? Do you need some globally authenticated and agreed-upon truth before you’ll accept potentially obvious information?
The narrative for the skepticism is just as bad as the doubt itself. It’s things like:
POC or GTFO.
I’m tired of being lied to by the government.
I don’t trust anything our government says.
This is normal for foreign states to hack each other.
We hack other peoples’ elections all the time. This is just fair play coming back to us.
Let’s set aside the fact that a lot of those aren’t refutations of the narrative, but rather reasons to not care if it’s true.
What’s far more disturbing is where this takes us if we follow this anti-US rhetoric to its conclusion. Here are some examples:
The U.S. is a colonialist and evil country.
The U.S. Lies to its people constantly.
Russia is just trying to survive. Leave them alone.
Who’s to say that Putin is evil but Obama is good?
Think of how many Iraqis have died because of the U.S.
What does good even mean anymore in a country that supports so much war around the world?
Maybe Russia is evil, but they aren’t any worse than we are.
Maybe Russia is just trying to help themselves by initiating peace?
Maybe what Putin wants for America is better than what our own leaders want for America.
Maybe Trump and Putin are protecting America from itself.
And here’s the best one:
Put that in a Fox News poll and see what you get. And get ready to throw up in your mouth.
So here’s the issue.
Is it true that the U.S. has done some horrific shit? Yes?
Is it true that it’s still doing some horrific shit? Yes.
Does it influence elections in foreign countries? Yes.
So is it hypocritical for us to do all these things and then get upset when Russia does something similar to us? Probably.
But here’s the trick part. Does this make the U.S. Just as evil as any other country? Do we now have moral equivalence between the U.S. And Russia? Iran? China? ISIS?
What’s the difference? What makes us better or worse if we’re all admiteddy doing some nasty things? Once you understand the answer to that you can start to figure out which narratives to believe and which to discard.
Russia has the RT network. It’s basically state propaganda. Assange seems to be on staff at RT at this point, perhaps due to his increasingly precarious legal position.
But the one thing we cannot do is accept the Putin / RT / Assange narrative as equal to the narrative of the FBI, DHS, and NSA. That’s plainly ridiculous.
If you believe that then you’ll believe anything. Here’s a hypothetical Putin.
So what’s a good information security person to do with this?
Then here comes the Pentagon in a public statement:
The Russian response?
So evidently if you’re a solid infosec person you have to question everything. The NSA says Russia’s in Ukraine, but they’re a bunch of liars probably perpetrating some sort of plan to steal data from domestic folks, like Snowden warned us about! They can’t be trusted! The photos can be faked, right?
Putin is possibly a liar as well, but I do know that the media is pro-Clinton, and Clinton hates Putin, so I guess Putin isn’t in Ukraine!
Here’s Putin again:
TRUMP SUPPORTER: “See? This is the type of leadership that Obama never provided, because he’s a Muslim Kenyan communist.”
Unsupervised Learning — Security, Tech, and AI in 10 minutes…
Get a weekly breakdown of what's happening in security and tech—and why it matters.
Obama is a communist who doesn’t have a real birth certificate. Our government cannot be trusted about anything they say, ever, because they’ve lied in the past. And Putin is the leader that America needs.
Try to imagine what would happen if Reagan walked in the room right now.
He’d be like….um…what? The American people are getting behind Putin? As a strong leader? With Trump spurring them on, against our existing President who’s been fighting against Putin for 8 years?
Are. You. Fucking. Kidding. Me.
Putin is laughing his fucking ass off right now. He’s got Trump retweeting his shit, against the president of the United States, about a hack he obviously ordered, which Trump has made his followers think didn’t happen.
He could say anything right now.
He could do a joint Trump / Putin message that says Russia should Annex Canada and join up with the U.S. to counter the terrorism and communism of the E.U., who are trying to take our freedoms because of immigration and gun rights.
blink blink 200 million people look at each other slowly.
No, Putin is not your friend. No, the U.S. Government is not your enemy. It might be sometimes. About certain things. But here’s a PHENOMENAL rule of thumb:
When your entire government tells you that you’ve been owned by your single most powerful communist enemy in the world, which Reagan and all your other heroes spent a generation fighting against, you don’t back THAT ENEMY against your own fucking president and government because a reality TV star with Russian real estate ties told you they didn’t do it.
That’s fucking dumb.
Does this mean you can trust the government about everything? No. Does it mean Putin is the Anti-Christ? No. Does it give us CERTAINTY about anything at all that we’ll hear in the future? No.
All this should do is remind you that there’s a lot of information out there if you bother to read. Consume the history. Look at the players. See where the incentives are.
Putin’s, RT’s, and ISIS’s statements do not have equal value or worth to the Pentagon’s or to Obama’s or to Paul Ryan’s or anyone else you love or hate in American politics.
They’re not the same. They’re not equally evil. They’re not equally American. They’re not equally on your side. They’re not equally looking out for your interests.
It’s true that it’s REALLY HARD to find truth when everyone has lied to us, and when everyone is evil and self-serving in their own ways. And when we don’t have hard evidence.
But if you discard all narratives, and all evidence—regardless of source—because you’ve been burned in the past, you’re simply resigning to having no opinion whatsoever. You’ve opened your mind so much that everything falls out, or closed it so much that nothing valuable can enter.
Don’t be like that. Don’t be one of the masses who cannot evaluate many streams of data and determine which have the BEST signal. Not good signal. But the best, based on everything we know.
That is a person who won’t end up believing nothing—it’s someone who’ll end up believing something spectacularly stupid. Something like Obama being more communist than Putin.
Keep your skepticism. It’s a valuable tool. But don’t sacrifice your common sense to it. Sometimes it’s the best and only thing we have.