Archives

One Things To Do Today: Threat Actors, “Yes Nazi are Bad” edition.

1

When I was growing up AMC was actually the “American Movie Classics” channel. No ad men, no zombies. I watched black and white movies from the ’30s and ’40s all the time. Even though it was the 80’s and 90’s, I got indoctrinated into a certain set of core beliefs about American Values.  It is sort of amazing to me that people seem to need to be reminded about one of the ones that was at the top of that list. Nazi’s are Bad.

Let’s review:

  • Nazis think there is only a small subset of humanity deserving of dignity, and that somehow, magically, they just, oh gee, happen to be it.
  • Nazis steal shiny things that don’t belong to them and try to drape themselves in the glory because they can’t make anything of real substance on their own, because substance requires valuing empathy. Just look at the architecture. All muscle, no heart or head.
  • Nazis enjoy expressions of pain from the not-people who aren’t in their magical golden cohort. The sheeple are just toys or vermin after all.
  • Since a Nazi has no internalized model of you as a human being like them, there are no norms of behavior to limit what they’re capable of doing to you to “win.” Nazi’s will not only use violence and threats of violence to silence dissent, but degradation as well.
  • Winning to a Nazi is the utter destruction of anything that doesn’t reflect the glory of the cult of Nazi-dom and complete rigid control of anything that remains so that it appears that “all good” only comes from compliance with Nazis.
  • Nazi’s use fear and favors so effectively, eventually they don’t even need to say anything in order to get others to comply.

Lucky us. In 2017 we have to deal with both literal and figurative Nazi’s who’ve discovered the internet.  From the Nazi mindset we get trolling, doxxing, fake news, swatting and lots of the other usual suspects directed on those who would stand up against them.  Let’s create our threat actor persona.

Nazi Persona

  • Demographics: People you might never suspect. Everyone has a tribe.
  • Motivation: Your fear. Your silence. For you and your values to vanish from the face of this earth.
  • Willing to Do: Anything

Yeesh. That’s like comic book levels of evil. And that makes it hard to predict what they’ll be capable of. But you know the nice thing about having Nazis as an enemy? Nazis lose.

Attack Vectors

This proto-Nazi figure I’m talking about here wants nothing more than to get into your head. Humans have an operating system. The attention merchants of Madison Ave and Silicon Valley have been gaming it for years. What if instead of getting us to buy toothpaste or in app purchase, we’ve got some chucklehead trying to make us hate our neighbor?

Drawing a technical system map first would be a huge mistake. Also a mistake, I worry, is leading with the words “Hacking” and “Cyberwarefare” because they cause policy misdirection. The average person will start asking about computer logs instead of about Social Engineering and time honored PsyOps techniques that just happen to be delivered with new technologies.  This flavor of threat actor doesn’t lead with the technological objectives. Why should we? Let’s think about the different layers a Nazi might try to attack.

  • Drive: Can I take away their reasons for fighting? Can I hide the problems? Can I minimize or dismiss the issues as unimportant or not relevant to most people? Can I make the the fight seem futile or not worth the effort?  If a loved one is the reason for fighting can I get control of said loved one? If the majority are happy and well fed, no one will notice as we round up the neighbors.
  • Moral Compass: Can I normalize my values over theirs? Make it seem like this is now “just the way it is.” People hate change so once my way seems like the normal, they’ll even fight for me to preserve “tradition.”
  • Sanity: If I can’t change their values can I try to subvert the facts that their values are based on? Can I discredit people who have access to facts I don’t like? Can I create a scenario where facts aren’t facts anymore? Ideally, can I make my rules become the new “facts”?
  • Financials and Resources: Can I make it so they can’t fund their fight? Jeopardize their income? Assets? Home? Credit rating? Simply use up all their time?
  • Health/Stamina: Can I make them too weak to fight? Induce stress via breaking up supportive communities, removal of simple pleasures, removal of food, removal of healthcare?
  • Physical Safety: Can I end them? Get someone else to do it for me? Can it look like an accident? Even better can I end them in a way that makes people think its a false flag? Boom.

Exploits and Mitigations

So at this point you might be thinking, “Seriously Carlyn, Nazi’s?? I’m calling Godwin’s Law on you.”  To which I’d reply with flippancy you’d deserve, “Oh you sweet summer child, you need me on this wall.” Even Godwin would back me up on this one.

I am not a conspiracy theorist. I don’t generally ascribe to malice or smokey rooms patterns in society that easily emerge from human nature and math.  But that’s exactly my point.  We got this tribalism thing pretty deep in us and we’ve got this crazy new playing field called the internet that we do in fact have to share with actual people actually seig-heiling the new president of the United States. This is not a drill.

So what are we going to do? Well we’ll look into each category of vector to understand our vulnerabilities and what we can do about them.  While my emphasis will still be on technology based exploits and their mitigations, not all of the recommendations will be downloads or gadgets.

I leave you with a homework assignment. How has technology been used, intentionally or not, to destabilize you or someone you know from in each of these 6 directions. I’m going to give high profile examples.

ALL of these attacks have counter measures.  We’re going to deploy them all.

 

Share.

About Author

I make things that do stuff. The best, though, is teaching others to do the same. Founder of @crashspacela Alum of @ITP_NYU