NSA Top Secret History of Computer Security

A FOIA request made ten months ago (Case 60495C) has just released a 1998 “Unknown Author, draft history of COMPUSEC” from the NSA

Example of the kind of details to be found:

ON THE POLITICAL FRONT… in 1966, a Democratic Congressman from New Jersey, Cornelius Gallagher, chaired a special subcommittee of the House of Representatives Government Operations on the invasion of privacy. The hearings were the first of their kind regarding computer technology and the need to establish ethical and legal protection as well as technological safeguards for certain computer applications. They would not be the last!

The purpose of the hearings were to establish a “climate of concern” in regard to the Bureau of the Budget proposal for establishment of a data bank. The bank would combine all personnel and business files that were maintained by different government agencies.

The document then makes reference to one such result of the “climate of concern”: a February 1970 publication by the Department of Defense called Security Controls for Computer Systems.

Gallagher’s Invasion of Privacy Subcommittee was meant to ensure “that the Government computers do not provide the means by which federal officials can intrude improperly into our lives.” He then tried in 1969 to create a Select Committee on Privacy, Human Values, and Democratic Institutions, which failed in a 1972 political power struggle.

House committees and their chairmen do not react lightly to potential incursions on their jurisdiction, Mr. Gallagher of New Jersey discovered last Tuesday when the House defeated his resolution that would have created a select committee on privacy, human values and democratic institutions to look into potential invasions of privacy by government and industry. Mr. Gallagher’s resolution drew the opposition of Representative Emanuel Celler, Democrat of Brooklyn and chairman of the House Judiciary Committee, who argued on the House floor that his committee already was dealing with the issues that would have been handled by the new committee. Mr. Celler’s view prevailed, and Mr. Gallagher’s proposed committee was rejected, 216 to 168, with 20 New York Representatives voting with Mr. Gallagher and 18 New Yorkers siding with Mr. Celer, the dean of their delegation, and voting against the proposed committee.

In reality the committee on privacy was torpedoed by the FBI. Equifax (then known as the Retail Credit Corporation) was a staunch ally of J. Edgar Hoover. The FBI mined the data bank for background checks on their agents.

More importantly, however, Hoover or the Treasury department blackmailed and destroyed political careers of anyone who dared attempt to investigate either commercial or political privacy problems in America.

Indeed, Gallagher faced a barrage of false allegations and fraudulent claims from Hoover to block any attempts to investigate government privacy abuses. In one infamous case Hoover tried to pressure Gallagher to frame the FBI’s illegal bugging of MLK as a Kennedy plot.

Mr. Gallagher said his troubles with the F.B.I. began in June, 1966, when as chairman of a House subcommittee on invasion of privacy, he refused to sign a letter to then Attorney General Nicholas Katzenbuch demanding copies of “the authorizations for the illegal bugging” of the late Rev. Dr. Martin Luther King Jr. “and of the casinos in Las Vegas.” He said Mr. Cohn, a personal friend, had dictated the letter for his signature and had urged that it be forwarded.

[…]

“He told me that Mr. Hoover was very upset about the statements being made by Mr. Kennedy about widespread illegal wiretapping, eavesdropping and bugging and that Mr. Hoover was sick and tired of being made the sole brunt of that kind of criticism. He stated that Robert Kennedy had authorized those two activities by the [F.B.I.] and that Mr. Hoover was furious with Senator Kennedy, who was blaming it on Mr. Hoover.”

The core of this debate really was civil rights when you look at who experiencing privacy violations by the FBI. Consider that Gallagher’s concerns were being aired just as FBI wiretaps and bugs targeting MLK were believed to have violated the privacy rights of over 6,000 people by 1968.

In case you haven’t heard the story, here’s a brief recap:

Hoping to prove the Rev. Martin Luther King Jr. was under the influence of Communists, the FBI kept the civil rights leader under constant surveillance. The agency’s hidden tape recorders turned up almost nothing about communism.

In fact, recordings turned bore the opposite truth, that MLK privately referred to communism as…

…an alien philosophy contrary to us.

It probably is important here to mention, therefore, that this very secret NSA history of Computer Security document made no mention anywhere of these core issues of American civil rights or the surveillance of black political leaders. And there’s only one mention of the FBI:

…the FBI file contained unsubstantiated gossip against many individuals…

Ok to be fair there are two mentions, but the other one is about the Soviets controlling an asset inside the NSA to expose intelligence information (an early Edward Snowden).

See also:

Hacker Valley Studio 100th Episode

I’m honored to say I was invited to speak with Ron Eddings and Chris Cochran from the Hacker Valley Studio. They’ve posted our conversation in their 100th episode, released today.

In this special 100th episode we dip into the Hacker Valley Studio vault to bring you never before heard content from some brilliant experts in their field…
Travis McPeak
Rishi Bhargava
Simran S. Sakraney
Gary Berman
Josh Halbert
Nick Vigier
Davi Ottenheimer
Christina Morillo
Rafael Nunez

My segment is at 49:25 of the podcast.

How to Win With Propaganda

An advertisement writer recently posted to LinkedIn his reflections on how to hire the best talent by using “the copy test“. It boils down to this:

… if you can get your readers to empathise with you, in a tone they resonate with, you’ve won.

Judging by comments I sometimes get here (e.g. a white woman angry about my Dambusters post because she thinks the n-word is a very fine name for a dog)… clearly I still have more copy tests to do before I’ve won.

In related news, a book by Thomas Kent is coming out now with advice on how to advance democratic values to combat dangerous Russian propaganda.

Significant attention has been given to Russian disinformation operations and their corrosive effect on the United States and other democratic governments. The Western responses have thus far been weak and uncoordinated, according to Thomas Kent, former president of Radio Free Europe/Radio Liberty who is currently a Jamestown Senior Fellow and adjunct associate professor at Columbia University. He proposes an energetic new strategy to confront this threat: aggressive messaging to combat Russian information operations, while promoting the values of democracy that too many in the West have lost faith in.

I look forward to seeing how to get Russian readers to empathize with American democracy.

And on that note, a very old book called “Techniques of Persuasion” looked into Communist indoctrination camps run by the Chinese during the Korean War and highlighted how important information gathering (“confession”) was to any propaganda method.

Source: Techniques of Persuasion From Propaganda to Brainwashing by J.A.C.Brown, p. 257

Similar methods are described in the film “The Luft Gangster: Memoirs of a Second Class Hero“. When black pilot Lt. Col. Alexander Jefferson, USAF (Ret) was shot down in Germany he was surprised to find Nazi prison camps working hard to get empathy out of him.

The Nazis demonstrated they already had access to every detail of every American’s life down to home street, even showing him high school photos. The real elephant in the room, and palpable in the film, is whether Jefferson fell for Nazi propaganda that they respected his life more than America.

That kind of propaganda gets right into the question of using tribalism to undermine morale and distract enemies from any kind of unified objective. It’s a whole other level of winning, as documented by the Naval Postgraduate School (NPS).

…conflict does not necessarily imply a pure contest of arms. It may center on an economic crisis, a sponsored pattern of betrayal and defection, or broad civil unrest. Whatever form it takes, it remains for the instigator a divide-and-exploit or divide-and-distract strategy that turns the enemy against himself, away from others, and exposes opportunities not otherwise available to an external State actor.

Allegedly it was this kind of strategic thinking that compelled Britain, France and America to operate heavy propaganda and even false flag operations in Africa through the 1980s intended to undermine black nationalism. More specifically, the racist apartheid government of South Africa wanted all its neighboring states to constantly be in a state of permanent improvisation and thus frame itself — an oppressive white police state — as the only stable regional partner for business deals.

Swarms of Decoys Disarmed Anti-Aircraft Defenses… in World War II

I probably should have put a spoiler alert in the title.

A brand new 2020 report from the British Royal Air Force (RAF) warns that they were able to use a swarm of “affordable off-the-shelf decoy to wreak havoc on enemy integrated air defense systems.”

“During the demonstration, a number of Callen Lenz drones were equipped with a modified Leonardo BriteCloud decoy, allowing each drone to individually deliver a highly-sophisticated jamming effect,” according to Leonardo’s press release. “They were tested against ground-based radar systems representing the enemy air defence emplacement. A powerful demonstration was given, with the swarm of BriteCloud-equipped drones overwhelming the threat radar systems with electronic noise.”

You may be wondering if this is the first successful test by an air force of affordable off-the-shelf decoys wreaking havoc on air defense systems.

To answer that quickly, I present to you an account of decoys in a 1946 report called “Paper Bullets” from the United States Office of War Information.

A Mitchell bomber crew, which had been bombing Italian rail communications carried a couple of bundles of leaflets and some wine bottles every time they went out to bomb. Questioned by a psychological warfare officer, who failed to find this particular plane on his schedule, one member of the crew replied: “This is psychological warfare, Mac. Before we hit the target we take a fake bomb run over the nearest flak crew and throw these bottles and the leaflets out. They whistle just like bombs and the flak crew takes cover. Then we go on and bomb as per schedule.”

Set aside the point that maybe the crew was joking and they came up with a funny story to hide the fact that they were alcoholics or at least drank a lot of wine while flying as some form of self-medication.

John Belushi stars in the movie “1941” directed by Steven Spielberg

The idea of dropping whistling bomb decoys over air defense units makes a lot of sense, and wine bottles might disintegrate or disappear enough to avoid suspicion of decoys.

Here’s the full report as a PDF on archive.org:

Another perspective from history on “drones” (human pilots seen as disposable) overwhelming air defenses is here:

RAND’s first attempt to model a nuclear strategy ignored so many key variables that it nonsensically called for deploying a fleet of aging turboprop bombers that carried no bombs because the United States did not have enough fissile material to arm them; the goal was simply to overwhelm Soviet air defenses, with no regard for the lives of the pilots.

In related news, DefenseOne asked readers earlier this year “Should the US Have a Secretary For Influence Operations” and Military.com has just published the headline “‘Data Is the Ammunition’: Inside the Pentagon’s New Strategy to Dominate Future Battlefields“.

Looking back again, the 1946 Paper Bullets view of the world ends with these questions:

We are very well aware that the right words properly put together, delivered at the right spot at the right moment, can capture and kill. Why not use words and ideas as an instrument of peace, rather than as an instrument of death? A longing for peace is deep in the hearts of all decent peoples everywhere. There are good arguments for those who insist the best way to maintain the peace is to maintain a war machine to police the world and to keep the peace by force. Why not, then, the establishment of a U.S. Department of Information on the same status as the War Department and the Navy Department? Why not a U.S. Department of Information to police the world with words of truth?

We’ve come a long way from swarms being empty wine bottles, yet it seems also we haven’t moved very far along at all.

And I have to wonder if veterans talking about dropping bottles from planes is the kind of story-telling that inspired the iconic opening scene in The Gods Must be Crazy…

Russian and Chinese Business Leaders Not Worried About Cyber Attacks

The World Economic Forum (WEF) just released their annual report on global business leaders’ perception of Regional Risks for Doing Business (RRDB).

It offers interactive maps to see what global and regional business leaders are considering as biggest risks.

For example, cyber attack is ranked globally in 4th place, yet in North America it is considered the top risk by far. Even in Europe it is a secondary risk concern.

More interesting is probably the fact that Russia and China both don’t list cyber attack at all in their top five risks.

New Broom vs Old Hand: Leadership for Threat Containment

The following “other considerations” are mentioned in a passage on how to choose a “containing force” leader for regions dealing with terrorism. It’s on page 9 of Readings in Counter-Guerrilla Operations, US Army Special Warfare School, April 1961:

The local commander may be overfamilar with his surroundings and somewhat contemptuous of the emergency. He may be reluctant to adopt “face-losing” precautions, and he will tend to underrate the terrorists. In company with some members of the administration and the police he may resent the emergency as a personal setback and the arrival of reinforcements as a slur on his own capabilities. So the appointment of commanders must be balanced between the qualities of the “new broom” and the “old hand,” and it is important that a right choice should be made.

Nazi Operation Masqueraded as Right-Wing News Station to Target Voters

An anti-semitic journalist named Paul Ferdonnet exiled himself in the late 1930s to Nazi Germany and was believed by French intelligence to be the broadcast voice of Radio-Stuttgart.

Ferdonnet had risen to fame by fraudulently boasting in French that Hitler was interested in peace and that Britain was no ally of France.

He typically tried to start propagandist campaigns with catchy fraudulent phrases like “Britain provides the machines, France provides the bodies”.

After WWII ended he was tried, convicted and executed by France as a war criminal. His allegiance was with personal power and hate, not his own country, population or its democratic institutions. Getty image from court:

Embed from Getty Images

I made reference to Radio-Stuttgart in my surprisingly popular earlier post about modern hidden symbols of racism.

A news story breaking today titled “Russian operation masqueraded as right-wing news site to target U.S. voters” reminded me of Ferdonnet:

NAEBC has been active since late June and built a small network of personas on Twitter and LinkedIn – some of which used computer-generated photographs of non-existent people – to solicit articles from followers and freelance journalists, according to the Graphika analysis here.

Nimmo said the accounts failed to attract any significant following with many posts only receiving a handful of shares, but got more traction on Gab and Parler – two social media platforms favoured by right-wing users for their lax approach to content moderation.

Paul Rockwell, head of trust and safety at LinkedIn, said his company had previously suspended three NAEBC accounts. “This is part of our regular work to actively seek out signs of state-sponsored activity on the platform and quickly take action against bad actors,” he said.

Facebook said it had stopped one attempt to create an NAEBC account and blocked the website from being shared on its platforms.

Twitter declined to comment. Before being contacted by Reuters, the company had already suspended NAEBC’s main account and an account in the name of Nora Berka, as well as blocking the NAEBC website address as a “potentially harmful” link.

A spokeswoman for Parler said the company was not aware of NAEBC and had not discussed the activity with law enforcement. Gab did not respond to a request for comment.

Letter: Scare tactics have nothing to do with car repair

Originally posted September 25th in the Boston Herald. This is a letter about right to repair sent to the editor by Paul Roberts, founder, SecuRepairs.org and signed by myself among many others.


To the editor:

Halloween came early to the Bay State this year. For the past two months, the airwaves have been filled with scary-sounding ads pushing tales of hacking, identity theft and cyber stalking. Their target: Question 1, a pro-consumer ballot measure that will give car owners and independent repair shops access to wireless maintenance data needed to service and repair modern vehicles.

Our group, SecuRepairs, represents some of the world’s top information security experts. In our professional opinions, this small expansion to the state’s right to repair law in no way increases the risk of identity theft, cyber stalking or vehicle hacking.

If passed, Question 1 would close a loophole in a Massachusetts law that requires automakers to make diagnostic and repair data accessible to vehicle owners and independent repair shops. That law, which was passed in 2013, failed to explicitly cover repair data that is transmitted wirelessly. Seven years later, many newer vehicles transmit maintenance data this way, using a car’s cellular Internet connection to bypass the repair shop and talk directly to automakers’ “cloud servers.” Question 1, which will appear on the November ballot simply closes that loophole. It requires automakers to make wireless data “needed for purposes of maintenance, diagnostics and repair” — the same data that automakers give to their dealerships — available in a standard format to vehicle owners and independent repair shops.

It goes without saying that competition for vehicle repair and maintenance from independent repair shops keeps the cost of service and repair down. It also makes perfect sense that the same mechanical data shared via a wired connection from a vehicle to a computer in a repair shop should also be accessible wirelessly. That’s why automakers are anxious to change the subject. The “Coalition for Safe and Secure Data,” a group funded by automakers, is blanketing TV and radio with ads warning the public that Question 1 will give rapists and burglars the keys to your car and even your home.

These warnings about cyber security risk related to the mechanical data covered by Question 1 are misleading and with little basis in fact. That data might tell you why the “Check Engine” light is illuminated on your dashboard. It won’t open your garage door or let a cyber stalker follow you around town. In fact, the data covered by Question 1 is identical to the data that automakers have been sharing for years under Massachusetts’ existing right to repair law.

There is one thing the auto industry’s scare-mercials have right: Consumers should be worried about the reams of data that automakers collect from our connected vehicles. Modern Internet connected cars have access to everything from personal contact data shared from a driver’s mobile phone to video feeds from in-car cameras to the vehicle’s GPS data. Privacy and consumer advocates ranging from the ACLU to Consumer Reports warn that this galaxy of in-vehicle sensors pose acute privacy and civil liberties risks.

The ability to repair your own vehicle or to hire an independent repair shop — and access to the data needed to make repairs — are critical to keep automotive service and repair affordable. Affordable repair and servicing allows all of us to extend the useful lives of our cars, saving us thousands of dollars. Rather than trying to frighten consumers, car makers should make owner access to this data easy, while also being transparent about what data they are collecting from smart vehicles and how they use it. Facts and transparency, not fear, are the antidote for the public’s anxiety about data privacy and security.

— Paul Roberts, founder, SecuRepairs.org

Jon Callas, director of technology projects, Electronic Frontier Foundation

Ming Chow, associate professor, Tufts University

Richard Forno, senior lecturer, cybersecurity, University of Maryland, Baltimore County

Dan Geer, chief information security officer, In-Q-Tel

Joe Grand, principal engineer and hardware hacker, Grand Idea Studio, Inc.

Gordon Fyodor Lyon, founder, Nmap Project

Gary McGraw, founder, Berryville Institute of Machine Learning

Davi Ottenheimer, vice president, trust and digital ethics, Inrupt

Nicholas Percoco, founder, THOTCON

Billy Rios, CEO, Whitescope.io

Ransomware “Officially” Kills a Person

There undoubtedly have been deaths in the past caused by computer attacks. I once made a list of physical impact from network and system attacks going back to 1992.

What has just changed is someone is willing to go on the record saying a death happened and was directly related to computer security.

We know, for example, that hospital outages and patient deaths have been in warnings posted to American mainstream news since at least 1983:

Time Magazine in 1983 with stern warning that network attacks on computers will kill someone.

By comparison, the latest news coming from Europe is that a delay in care due to ransomware has caused a particular patient’s death and that it should be treated as negligent homicide.

…ransomware attack crippled a nearby hospital in Düsseldorf, Germany, and forced her to obtain services from a more distant facility…

That’s is less news to me and more a chilling reminder of the talk I gave in 2017 in London about preventing ransomware attacks in healthcare.

Slide from my presentation at MongoDB Europe 2017

As someone who parachuted into the front-lines of solving this burning problem at massive scale (personally leading significant security enhancements for the database company most affected by ransomware attacks — infamously insecure MongoDB) I have many thoughts.

Many, many thoughts.

Suffice it to say here, however, when I was building and running hospital infrastructure in the 1990s my mindset about this risk wasn’t much different than it is today.

If anything, it seems to me we’re seeing healthcare industry becoming more honest with the public about its hidden operational risks.

Reading news that an arsonist burned a hospital down — forcing a fatal diversion of patients — should prompt people to ask if failing to install sprinklers is negligence.

And then people should ask if a hospital construction company was building them with sprinklers that were optional or even non-operational, and whether THAT was negligent.

Those are the deeper questions here.

While there are cases of people driving around in circles intentionally to kill the person they’re supposed to be taking to the hospital (e.g. assassination, even more than negligence), they seem a targeted exception risk rather than the pattern.

It is a hospital’s burden of high availability (let alone a region or network of hospitals like the NHS) to plan for intentional low capacity (and their vendors’ responsibility) that should remain the focus.


Update Sep 28: A reader has emailed me an important reference to the case United States v. Carroll Towing Co., 159 F.2d 169 (2d. Cir. 1947), which formed a test to determine negligence (Burden greater than Loss multiplied by Probability).

It appears from the foregoing review that there is no general rule to determine when the absence of a bargee or other attendant will make the owner of the barge liable for injuries to other vessels if she breaks away from her moorings. However, in any cases where he would be so liable for injuries to others, obviously he must reduce his damages proportionately, if the injury is to his own barge. It becomes apparent why there can be no such general rule, when we consider the grounds for such a liability. Since there are occasions when every vessel will break from her moorings, and since, if she does, she becomes a menace to those about her; the owner’s duty, as in other similar situations, to provide against resulting injuries is a function of three variables: (1) The probability that she will break away; (2) the gravity of the resulting injury, if she does; (3) the burden of adequate precautions. Possibly it serves to bring this notion into relief to state it in algebraic terms: if the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i. e., whether B > PL.

the poetry of information security