Civilian Information Networks as Weapons and Intelligence
Activities conducted on information networks have a proven history of potentiating real-world violence: the internet is no different, though the ways in which civilians – often unwittingly – participate represent new threats to individual and national security.
Consider the vast amount of information you’ve willingly provided to a corporate-owned Human Terrain Mapping System, a recent US-based DDoS attack directed against Iranian government, and the likelihood that the less technologically-savvy are donating their resources to a criminal’s botnet.
Ubi amicitia, ibi oculus.
In all fairness to the realization of instant connections between people and the auxiliary benefits associated with maintaining close contact with one’s clique, the usefulness of modern networked applications – particularly social networking applications – is balanced by a counterpoint: should your willing (and, for most, plentiful) contributions to MySpace, Facebook, or any of the myriad resources for “connecting friends” be used to your detriment the unanticipated effects you neglected to consider when you opted out of private citizenship will become immediately apparent.
It’s not about over-sharing, it’s about whether your links to others earn you a place on a kill chain.
This military concept consists of target identification, force dispatch to target, decision and order to attack the target, and finally the destruction of the target.
- Kill Chain at JargonDatabase.com
Whereas the US Army’s Human Terrain Mapping System has wasted taxpayer money and participants’ lives, web-based social networking applications require comparatively little resources, are continuously updated (by you), and are owned by private corporations who can co-opt your information for marketing purposes, sell it to the highest bidder, or share it with government.
“Because Facebook is so addictive, even if a high-school kid decides to run away with a college boyfriend and they’re three states away, they can’t keep themselves from checking Facebook,” Kelly says. Since the site tracks the geographic locations of log-ons, he says, “on a number of occasions, we’ve helped reunite families.”
Web-based social networking is far more efficient than traditional Human Terrain Mapping Systems – and it is already being employed to the same ends:
On passing through the immigration control at the airport in Tehran, she was asked by the officers if she has a Facebook account. When she said “no”, the officers pulled up a laptop and searched for her name on Facebook. They found her account and noted down the names of her Facebook friends.
- Are Iranian authorities more sophisticated than we think?
by Evgeny Morozov
Update 7/14/2009: … and don’t blow your cover like the head of the British MI6…
In dubiis non est agendum.
If you had the opportunity to influence events in another country – a place which you have never set foot, know no one, and do not stand to profit or lose any material thing you value – and you simply had to click a button… would you?
Matthew Burton, a contributing editor for the Personal Democracy Forum, writes of his experience participating in a Distributed Denial of Service (DDoS) attack against Iranian government websites:
… after a few minutes of letting the attacker run in the background, I stopped it. I don’t know why, but it just felt…creepy. I was frightened by how easy it was to sow chaos from afar, safe and sound in my apartment, where I would never have to experience–or even know–the results of my actions. All I had to do was click a button. And while my intentions were honest, there is something inherently wrong with the ability to so easily cause harm, without bearing any of the ill effects. I could have been causing the failure of emergency services that I was not relying on. I wouldn’t even suffer the guilt of knowing what I’d done, as it’s unlikely I would ever find out.
- On the Weaponization of the Collaborative Web
by Matthew Burton
Participating in an attack of this nature – however justly conceived – should impart some measure of guilt to those who give the action a second thought.
Parasītĭcam cænam quærit.
A trend in network-enabled malicious software turns the infected system into a “zombie” which completes commands received from the botnet – rather than simply compromising a system, the malicious user (or criminal organization) responsible for building the botnet has the ability to pilfer passwords and sensitive data from every zombie machine and issue overwhelming attacks against target networks.
Are you one of them?
If the applications on the list below are not familiar to you, give them a try:
- A-Squared Anti-Malware for Windows
- AVG Anti-Virus for Windows
- Rootkit Hunter for Linux and Macintosh
Let the purge[s] begin.