17D_guy

So, Here's a cool hack that happened. I think the story illustrates well what I've been trying to discuss in the other threads about capabilities development and utilization. story - https://arstechnica.com/gadgets/2020/12/iphone-zero-click-wi-fi-exploit-is-one-of-the-most-breathtaking-hacks-ever/ Blog post - https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html (Very long) For those that don't know Project Zero is a Google initiative to get after bugs in software in a very aggressive manner. About page - https://googleprojectzero.blogspot.com/p/about-project-zero.html These guys are genius level hackers, working with literally unlimited funding going after the biggest names in the business to break their things...and get them patched. The take away - "one person, working alone in their bedroom, was able to build a capability which would allow them to seriously compromise iPhone users they'd come into close contact with." Something to note about software development - having 2 guys work on the same thing doesn't reduce the time by half, or even at all. It can, but is not likely. So, if you're thinking, "Well, the FSB probably has 20 of these guys so they could do it faster." Not really, and they don't have 20 of these guys. There's very few of these guys, and Google pays them 7+ figures. These Project Zero folks are the same people that are trying to get after our voting systems to help protect them, and we have enemies that could be trying to do the same thing to reduce confidence in our democracy. Right now we have no evidence of the later and evidence that they are trying to hack those systems isn't evidence that they have. Cyberops is tied very heavily into Intel, and there's legit concerns about Intel gain/loss and weapons loss that we and our enemies go through. As I said in the other thread, if the National Security Orgs had a wiff of this going on, we'd be hearing something about it. Probably from the President himself, because he can't shut his mouth about it. Think about what would happen the first time this bug dropped, and apply that to the election.

"the ease" is the questionable part. Which adversary has the infrastructure, capabilities, and means to get this accomplished without anyone competent bringing it forward? Pres Trump has now stated Biden can't be Pres if the votes weren't legit...if it was hacked, why would he not push that forward with evidence from any national security agency?

@jazzdude dude hits on my concerns. Our local numbers are not inline with the averages you found @brabus. I'm not saying they're wrong, there's just less hospitals here in the great-wide west, and less that can deal with COVID. Our current numbers - Percent of all non-ICU Bed Occupied 57.1% Percent of all ICU Beds Occupied 85.7% Percent of Referral Center ICU Beds Occupied 88.8% Average and median age for hospitalization have dropped by a year in about 2 weeks. % ICU beds and Referral Center were over 91% during "wave 2" peak. It's only going to get worse. Especially since we had an anti-mask demonstrations, one through a store the other week... On top of the work the medical community is putting in, we've also got demagogues claiming the doctors are getting paid extra to lie about COVID. I know if I was getting slammed at work, being told my work was a lie, and not being listened to when trying to get around the emergency...yea. I'm looking for a way out. But, I don't have the dedication Dr's and nurses do. Nor the student loans.

Come get your man

So, this had to be a thing - https://www.military.com/daily-news/2020/12/01/no-kraken-refer-military-intelligence-unit.hmtl Also, Flynn (whose twitter handle is @genflynn...douche) is endorsing: So...yea.

For cyber peeps ADSC was a consideration after a few other factors (shiny penny, training, etc.) but according to my buds at the slaughterhouse it was there. Since our jobs got realigned to more actual Ops...who knows if it's more/less important. But it was part of the vectoring/assignment discussion, sometimes in the shitiest way possible.

Write up by the guy who wrote the spiderfoot tool that was so widely hailed as "proof" from the failed Trump Campaign. Guess if he agrees more with COL Cybersecurity Expert, or your lowely, local cyber guy. https://medium.com/@micallst/misusing-osint-to-claim-election-fraud-cfb89c858c3a Relevant quote -

Apparently they're asking about Russell's availability. Also, you guys should check out https://old.reddit.com/r/formula1/ It seems to avoid too much stupid drama in the main comments, and has really quick updates. Right now there's a photo of the Haas survival cell on the front page.

I love it. You're "just asking questions" with some video of a cybersecurity expert for the disaster that is campaign trump, and I try to figure out if he's actually one because his claims are amazing. I watch the video and tell you it's bullshit, and what he's briefing doesn't make sense. Also, he's presented zero actual proof for what he claims. There's no information online about his expertise, and his background, as he presented it, sounds mad fishy. Spent a hour trying to find information on him, and listening to the video. But I'm just diminishing someone's career. Well played, troll. We're done.

As a D, why would you lose seats in the house, and not guarantee at least 50 in the senate? Are they in Ohio? I didn't see any lawsuits there after checking a few "legacy media" sites (and wiki).

No, that wasn't my point. I've got my quals/creds in my resume, online in various job search engines, in LinkedIn exactly where I worked and what positions. I've been featured in a magazine for an award or 2, and even a couple of newspapers (gasp...I'm old!). I was known by my community (as fledgling as it was), and could be found in various groups that you can google (or my preferred - duckduckgo). This dude isn't active anymore, and is working for a political campaign, so we can probably assume that he's not still a spook. But nothing of his cred is online, not a PME paper, not a twitter handle, not a FB, not a LinkedIn, not previous work, not where he currently works that would employ him as a cybersecurity expert...and want to highlight that. He apparently doesn't have his own company he's pushing either. He's cited as a cybersecurity expert, but he's not in any of the circles I can turn to in order to evaluate (not prove) expert. I can't even find out when this dude retired, which would inform me if he was slinging bytes or simply signing paperwork approving the next "digital weapon buy" for random-three-letter-agency. His career-progression makes sense, as there's a lot of Army O's the crossed -- my exp has been mostly Artillery O's. But did he cross as a O5? He legit could have crossed as a O6. Would he be smart on cybersec, for sure. Would he be an expert...no. But, I don't know because we're unable to validate anything about him. Look, this is exactly the same as you zipper-suited Sun-Gods bitching about rando general having 69hrs of flight time in a platform and not being qualified to speak on X in platform (Phoenix Program comes to mind). Like everything else about the Trump campaign - lies, disinformation and utter failure at their mission. //BREAK BREAK// I actually just watched the video of the entire testimony from PA, and looked at spiderfoot. Here's a link to spiderfoot overview...it does not appear to do what he claims it does. That's as nicely as I can put it. Yes, their main webpage was connected to the internet on voting day, same as it is now. I will also give him the benefit of the doubt that he's speaking, unsworn, to legislatures...but he called his people, for his unnamed company "white hat hackers." dude is sus. Found his whole testimony here, he claims to have done the following in the last 1/2 of his career: "info warfare as - psychological operations officer, information operations officer, doing computer network operations, electronic warfare and special electronic warfare, deception, counter-deception, OPSEC, and a couple other specialties." Simply...bullshit. "One of our white hat hackers (sus) previously discovered malware that's present on 'the servers.'" - This is a crime. As an "expert" he should know you can't do that in our country without prior approval. Did they have approved access to get on those systems and evaluate them to discover that malware? Which servers, the webservers, the voting servers, development servers, update servers, etc? "No audit trail." Except those paper ballots they hand over, and can you know...audit with. Here's a guy on twitter breaking down the AZ testimony as the utter bullshit it is as well. You can check his quals in his twitter bio, like a real world expert. EDIT - Found out he retired in 2017 as a Col. Assume 3 years for in rank retirement he pinned on in 2014. Looking at some dates, Cyber Mission Force achieved IOC in Oct 2016, and FOC (right before I was there) in 2018. USCC elevated in 2018. I'd put good money on this dude commanding a battalion/brigade that supplied operators that actually did everything he claimed to do to USCC/3LA and being a staffer that pushed to get the CMF stood up. That's it after listening to his testimony in PA. To be clear, he claimed to do all the following jobs the last 1/2 (15 yrs) of his career - 29A MOS, 35G MOS, 30A MOS, 37A MOS, plus whatever job deception/counter-deception are rolled into. Overall, AF Intel manages their officer (and some enlisted) career paths extremely carefully to build expertise within certain areas, build credibility and ensure people have accesses throughout. We hated it as cyber guys for 2 reasons - fucked us for opportunities, fucked us for employing their people the way we wanted. They were especially stringent at O4 and up. My (limited) experience was the same for the Army (outside GO ranks...because they'll put a Infantry officer anywhere they fucking want in command). So...simply, no. TL;DR - This dude was minimum exaggerating his experience, and not credible about what he was briefing.

Sounds like politics to me. "Oh, if only we had more time!" Like every single Trump lawsuit. If only the legislature could have done that before the election since they already passed other laws on how their state was going to administrate the elections. Convenient of them to do that after they lost. Also, misleading of you to post it without the context of it not getting heard/passed. I googled this guy, but could find nothing supporting these claims. Go with creds you have, otherwise I'm going to assume he's as credible a cybersecurity expert as Rudy.

Romain's update on Insta - https://www.instagram.com/p/CIL-IOZJ7Xm/?igshid=eyhf0s4kdrsu

Started retirement in Mar during the first wave of shutdown. Couldn't agree with this statement more. You do not want to be figuring this shit out, TAP'ing, job hunting and dealing with whatever relationship issues you may/may-not have in the mean time.

showed my wife the Senna documentary last night, then this happened today. It's amazing how far they've come to protect drivers. A wonderfully engineered miracle.

SD? MI? WA? I guess not WA...they had the first round.

Oh, we're going with the Hugo Chavez voting system thing still even though it's backed-up with paper ballots? K.

Man, if they could only have presented competent cases in court where evidence is actually required.

The merc engine...it's so...whew.

Here's Cody Garbrandt's update on why he hasn't been in a fight this late in the year. Meh, healthy young prize fighter, brick for right hand, healthy. Shouldn't have a problem.

Is 12% the national average? Where are you getting this number? For UT the last number we have for positivity is 23.6%. Which means, according to the experts, there's a lot of people that aren't getting tested that are positive. Our hospitalization rate is high, also: Percent of all non-ICU Bed Occupied - 53.7% Percent of all ICU Beds Occupied - 87.9% Percent of Referral Center ICU Beds Occupied - 91.9% So I guess the question, for us locally at least, is when do we want to get serious about burning out our healthcare workers and not having to ration care? Of course we've got people trying to break into hospitals to show it's a hoax, and saying germ-theory is a lie while protesting the mask "mandate" also...so. This is exactly what happened to us. Ex-wife is a school teacher, she needs that check (she didn't get any of my retirement..woo) and had to go back to school. Daughter goes over before Ex has symptoms. Boom, 8 days later daughter has COVID. Ex's husband had to do a few days in hospital, and a week later is still on O2 looking really rough and she's had to go back to work but is exhausted at the end of the day. Ex's symptoms were done last week. Are we counting people in their 50's as elderly? That's the median and average age for hospitalizations in our State. Yes, avg deaths is prob the same as everywhere else - 70's. Our state is extremely healthy, and extremely white (minorities are having much worse outcomes). The gov't here, in ND and Republican Gov's across the midwest have been suggesting wearing masks for months. Doc's sure weren't making the policies here because the Gov's ignored their pleas for months for a mask mandate. But the gov's damn near begged people to do it, and asking businesses to enforce it. Why would the Governors change that now to a mandate? Do they suddenly hate common sense, and got a case of the "COVID fear." Might be because North Dakota had 9 ICU beds left in the whole state. UT's had exponential growth and an extremely stressed healthcare system. Plus people throwing Halloween parties in warehouses because "they engaged in plenty of high risk activities that are more likely to cause harm than COVID. Life is to short for us to hide in the house for something that most likely a non factor." But they're young people, they'll not be hit to hard and prob go out with a slight cough. Get someone sick in line at Starbucks who's in Healthcare who just wants a coffee before another long shift at work, or a teacher, or a nursing home worker, or a grocery store worker. Advising doesn't work for the majority of the population, ever. Didn't work for seat belts, smoking indoors, drunk driving, and other "personal liberties" that were eventually legislated against. Which is really too bad. This could have been a moment where we can together as Americans to fight a common foe like many other countries. I'm pretty sure I posted this when it kicked off, but this whole thing is a giant, "It's not about you" test.

I gave it a listen. He's very right about what the pandemic has caused. Now, there's a couple of caveats moving forward to remember when thinking about cyber. I also think that we're going to see big change on this within 5 years. 1) Cyber is not currently a "utility" in the US. It's not treated like water or power for individual consumers, or even small/med businesses. It's not a necessity or right. That mindset allows it to be almost an afterthought. There's no big push to get fiber everywhere, to make us competitive across the US like some of our peers are (Japan, SK, Europe). Our costs are expensive in comparison with less to show for it. This is mostly a political and commercial discussion. But this framing is important because we (USA), as a people, don't really think it's that important. (Counter to my point above is mobile access...but you can't do everything on phones, and they're just as susceptible to hackers, if not more in some respects.) 2) Cyber operations, as levied by nation states or very advanced hackers, move in a larger spectrum than just the internet. It's literally across the electromagnetic domain, and that's all I'm comfortable saying on here. There are little/no norms, and the norms we have are poorly formed and based mostly on leadership personalities. Trump's cyber engagement was VERY different that Obama's. I'm not saying here whether one was better than the other, but that for the most part our other norms of military engagement don't change too much from one Pres to the other. So, on one had we have a domain we're actively fighting...kinda. And at the same time it is the baseline for modern society to function, but it's "nerd shit" that doesn't need a second thought until you gotta call the geek squad. Everything is digital now: TV, voice lines; nothing comes to your house that isn't wrapped in a IP packet. Many leaders are of the mindset to either pay it lip service and not fund an adequate amount, or do a checklist approach with a "jobs done" when they meet the bare minimum. There's also a lack of skilled workers, which is a whole other discussion. The pandemic is pushing it forward faster, but I'm worried it's going to take a lot more. We're already seeing the creep and what I believe is a failure to engage correctly. For example, I talked about red lines for voting machine/infrastructure, is crypto-locking up hospitals a red line? I think it should be. I think the Pres should be able to say that is a clear-and-present danger to the US and our way of life and vector the DoD to fix that problem for us. So this dude is right, we all have to figure out the fix together. But we're all fighting across it, and there's no norms. On top of that, as Americans we actively resist the idea of centralized control, which is what is needed in the setup/build phase. I need a fully redundant and resilient power grid -- well the power companies, and states, are going to tell the Fed to pound sand because a myriad of reasons. The Fed, prob DHS, is the exact cross nation organization to lead that effort. I'm rambling, I apologize. I'm still going to post this, but let me know if it made/didn't make sense. I'm very tired.

I'm invoking Goodwin's law.

How about one about seat belts or drunk driving?

I don't know, would the leader of the free world have called it a hoax of the opposition, not a big deal and under control while s/he encouraged people to disregard their local leaders while suggesting injecting "disinfectant" and internal sunlight until it's gone this summer, winter, next year when there's a vaccine? Salk said he wouldn't patent the vaccine because it would be like "patenting the Sun." That's how much fear polio caused. We've been coddled in our lifetimes with no serious epidemics in our country.