Uncertain Future – About the Author

Thank you for reading, seriously. You’ve probably wondered why I would bother writing a 16,000 word essay on every terrible thing that could happen in the next twenty years.

That said, I wanted to write on this subject in particular, is a matter of background. I am a Marine, honorably discharged from the United States Marine Corps in 2008. My primary military occupational specialty was Tactical Data Network Specialist and this was the role I carried on my first tour in Iraq in 2005 along with my second in 2007.

My job centered on building and maintaining the information network with which mission critical information and communications were carried out. Our responsibility was to ensure that that data network was secure from outside threats both physical and through our network. I maintained my base’s SIPRnet that is discussed over and over in the Manning case. We knew the information was critical, mission-important and not necessary for the general public at their malls. Below, you’ll see what were effectively my area of operations during 2005. Yeah, starting to see why I care so much about internet and military security so specifically now?

Since leaving active duty, I went to college and became a writer. It is through writing that my greatest achievements have been realized. I’ve met people I never thought I would and learned lessons I never would have imagined. In that time, I’ve focused on educating others about the military. From Iraq to what it was like and what it means to be a military veteran, there was so much that needed to be understood. In doing this, I’ve learned a great deal about the conflicts of our world and the dangers we face. Since growing to understand all of this, it’s been a personal mission of mine to explain all of this to as many as will listen. That said, it’s also been among the great joys of my life to build and be a part of a community dedicated to understanding the world, its dangers, and bravely pushing through to live in the world we all want so badly. That said, there is another reason why I have been writing so hard this last week.

A few months ago, my wife peed on a stick and now my life is going to change forever.

This is my daughter Gabi and in July we look forward to introducing her to all of you. Nevermind the blue bear, trust me there was some confusion. That said, because I am about to be a dad, this could be one of my last posts like this where I get to drive my focus towards a single massive project, eating away my time for the benefit of others. A good dad has to provide a future and sharing knowledge pro bono, while an endless source of self-fulfillment, doesn’t give Alex the life I want him to have. I’ve been very lucky where I work to be able give time to my second profession. Where do I work? I’m a teaching paraprofessional in Oklahoma. I work with the kids at our school who make bad choices. In my room they mentorship and discipline, learning to write essays and pick up trash in the way only an obsessive compulsive Marine writer could make them.

That said, being a teacher, let alone a paraprofessional teacher, isn’t all that great. The benefits don’t provide much, and the pay is terrible. According to the Washington Post, Oklahoma ranks 48th this year in Teacher Pay at about $44,000 a year [84]. Yeah, and as a para… I can expect about a quarter of that. Did I mention that my wife is also a teacher? If you would like to know what it is like for our house take a look at the title of this little gem: Superintendent: Budget Cuts ‘Worst Financial Crisis To OK Schools In Decades’.

That said, the last real chance for me to keep writing projects like this is to appeal to people like you. Over the last year and a half, I have been submitting my work through the crowdsourcing website Patreon. If you follow me, you’ve probably seen my little at the bottom asking you to pledge to my campaign. My supporters have literally changed my life and allowed me to do projects I never would have imagined, all the way up to the point where I was finally able to write my own book The Next Warrior. Still, if want to give my son the life I really want, I need more. That’s why I’m going full mercenary, and writing one of my longest answers ever, just to get your attention. If you really like my submissions, I really need your help.

This is a link to my Patreon Support Page: Jon Davis is creating A Military Sci-Fi Novel, Articles, and Essays. Here you can pledge any amount you like and every time I submit an article, post, or chapter to one of my books, you’ll donate that amount to the Jonathan Alexander Davis College Fund and/or Leaky Roof Trust. There is also a monthly maximum that you can elect to make, so you don’t have to worry about me writing fifty articles at a time. The only ones that make Patreon are big articles… kind of like this one.

By supporting me, you also support others. 20% of my donations go to other Patreon users as well, namely other veterans like me. So a donation to me helps others veteran artists as they grow, cope, and share their own experiences with the rest of the world. So once again here’s that link: (PS – Baby/Veteran/Poor Teacher – needs your help) Jon Davis is creating A Military Sci-Fi Novel, Articles, and Essays.

That said, If you’re reading this far, I’m sure you’ve already upvoted, by the way (cough). All kidding aside and with deepest sincerity, I enjoyed every minute of the research and writing that went into it, and hope each and every one of you enjoyed it too. Thank you for reading and sharing.

Semper Fidelis,

Jon Davis

Uncertain Future – XIII – Drones

Do cheap, readily available civilian drones potentially pose a new and unique threat in terms of terrorism?

Absolutely.

I was doing research for a book I am writing on the future of war, and I explored this topic. Since using drones to commit terrorist actions hasn’t really been a thing yet, (Criminals yes. Terrorists, not quite) I decided my best place to research would be to drive down to a local remote controlled hobby shop near where I used to live and just ask a few questions. I had to introduce myself as an old Marine and Sci-Fiction writer before asking any of my other questions, because leading off with, “I’m interested in knowing how I could make a flying bomb.” would have probably not gone over so well. What the guy said amazed and terrified me, more so, his assistant who quickly developed a new respect for his nerdy boss.

What the conversation left me with was a firm understanding that terror drones will be a part of the future of warfare that the military is, unfortunately, going to have just as many problems with as we give to the bad guys. Here are a few of the key take aways that I have developed from the conversation with my friend at the hobby shop and my own experiences in Iraq fighting a counter-insurgency war.

We are taking about VBIEDs – Vehicle Borne Improvised Explosive Devices which, during my day, meant car bombs that were either parked or driven to places where they were used. In the future, we might start seeing these things in the air. A few things need to be kept in mind though when thinking about VBIEDs or IEDs of any kind.

1) Payload

The most important element for a terrorist weapon is the devastation it can inflict. During the Iraq War, that devastation was massive. That’s because the terrorists had access for much of the war to unused artillery rounds taken from Saddam’s Iraqi Army after the fall of his regime.

I’ve seen more Humvees leveled by these things than I care to remember. They are seriously massive communicators of destruction, but also, serious limiters of capabilities if we are talking about drones.  Those things weigh around 40 to 80 lbs. Yes, it would be terrifying if one of those dropped from the sky (they are artillery shells after all), but there is no practical way for most drones available today that are terrorists (I’ll get to that in a minute) to carry something like that. Take Amazon’s plan to start droning things all over major cities. They are limited by weight because those adorable little propellers are not going to be able to carry something as massive as an IKEA bookshelf (between 40 to 80 lbs).

That means that the weapons are going to have to evolve, or at least become more potent. They aren’t going to be able to carry massive bombs capable of doling out huge earth shattering explosions. They are going to need to carry smaller explosives. That doesn’t mean they will be less deadly. No, in the future it might be possible to load up pipe bombs, smaller IEDs, loaded with shrapnel in the form of screws, bolts, nails. This weapon doesn’t level buildings or destroy armored vehicles like the above option did, but it has the ability to brutally maim people who are close enough to the blast, making them visual advocates and symbols for the depravity of the terrorists for years to come. Drones carrying these could fly it directly into a crowded restaurant, through the window of a politician’s office, or even over the stands of a crowd at a sports stadium.

2) Cost

Cost is king for weapons manufacturing, as with anything. Terrorists aren’t going to have the multimillion funds that first world nations do to produce highly sophisticated weapons like the Reaper or Global Hawk drones used by the Americans, nor will they have their $80,000 Hellfire missile. Terrorists run on shoestring budgets and they’ve done quite well at it.

Part of my conversation with the hobby shop guy dealt with cost. I had a design for a terror drone and he made me realize just how bad an idea it might be. For example, for the situation above that required a pipe bomb in a stadium, you would need at least a few thousand dollars to make such a weapon. That sounds like nothing compared to the costs of creating the F-35 Strike Fighter, but when you think about the volume that terrorists need to create the terror effect they desire, those costs are extremely prohibitive. Take the below for example. These are estimates on the number of rocket attacks which were delivered from the Hamas terrorist organization.

It can be a lot. Below is Iraq. Terrorists are featured in red.

As I said, when you deal with high volume operations, unit costs can be prohibitive. In the Hamas/Israel example, one of the most used rocket designs, the Qassam, can be built for as little as $800 American. Considering what that can do with it’s 9 pound warhead over a 17 mile range, that’s a pretty good deal.

But to produce a drone, like what we think of as drones that can carry the kinds of warheads we are talking about will be much more. Some tech analysts have stated that the Prime Air drone (Amazon) could run as much as $50,000 a piece to deliver a 5 lbs “package” to anywhere within 10 miles (in under 30 minutes though!). That is way too much for a sensible terrorist to ever consider paying, especially when you consider that if those things are near enough to the ground, they are getting shot down by everything from surface to air missiles to slingshots.

What my colleague instead suggested would be something akin to balsa wood gliders. Balsa wood is an incredibly light and cheap material used for toy planes and RC hobbyists. Taken from the hands of children and old men, though, these tools could be used to some devastating effect. They are made of cheap materials which are widely available. You can even buy them in kits. Once they reach altitude, they don’t have to use the engine for guidance and can glide silently to their terminal destination. And lastly, they are small, made of light materials, and slow moving. I am not an expert on radar, but that scary. It sort of sounds like a large bird.

I’ll provide this as a proof of concept. Note that the vast majority of the cost of this plane goes into its aesthetics and ensuring it can be recovered, both unnecessary for a suicide drone. It’s also important to know that the RC – Remote Controlled – element isn’t necessary. All flight paths can be programmed into modern systems.

3) Complexity

One of the things that has prevented more people from suffering the threat of terrorism is the complexity involved in various systems. Bombs are pretty complicated to build and not just anyone can make one. Since, historically, terrorists have had two main pools of recruiting to choose from, fanatics and the unemployed, rocket scientists have not been easy for the average terrorist leader to come by. Most of the time, a few key bomb masters, such as an Algerian chemistry student who joined against the French forces in the Algerian War, are the leaders of the munitions manufacturing process. When they are killed, they take with them large amounts of the enemy’s capability to do harm. If they don’t leave quality apprentices, then the movement may have been ended with the death of only one man. Usually, those individuals who carry on in the master’s footsteps are less capable in most regards.

Take colloquially, the example of Jesse Pinkman.

In the show Breaking Bad, a brilliant chemist, Walter White teams up with scumbag degenerate methhead Jessie Pinkman in a scheme to cook meth. In the early part of the show, it is comical to see how inept Jessie actually is at the science of cooking. Walter bestows his knowledge and by the time that the series ends, Jessie is an expert of cooking meth as good as Walter is.

There is a point to be made here, though. Even at the end of the show, Jessie isn’t as good at cooking than his teacher Walter. Even after a year of intensive training, he is only an expert of cooking Walter’s way. He will forever lack Walter’s expertise in the science of chemistry, which would allow Walter to produce many, many other kinds of recipes, most completely harmless or beneficial to humanity, if he chose. Jessie may know the way he was taught, but could never produce alternative products or where he wasn’t allowed to use quality materials and processes similar to his teacher’s. He can’t improvise like Walter could.

Wow, that was tangential example, but it serves the point that complexity in operations is an extremely limiting factor. You take the few evil geniuses out, then their apprentices are left without the ability to improvise on parts, resources, implementation, or usage because they came into the act of making bombs as a terrorist who only cares about killing and not as a lifelong scientist who then joined a terrorist operation.

Now let’s take that bomb and stick it in a drone. The first obvious problem is that you are going to need people who can build and service drones, something very few people know how to do yet. The information is out there and growing in the RC communities, but it still isn’t a respected art form in the terrorist world. So let’s say we take out a few of the engineers who know how to make the birds fly. That will be a setback for them. Let’s say instead, we take out the guy who knows how to program them on their automated missions. That’s a major setback. Let’s say we take out the guy who knows how to build the warheads. That’s a huge setback because now the other two are demoted down to nerdy RC enthusiasts. Now, let’s say that they have all these geniuses rolled up into one. How replaceable is that guy? How long before he can pass off what he knows? How hard would it be to disrupt the communication networks he possesses? How devastating would killing that one guy  be? Would his people be able to adapt?

Depending on the complexity, not often, but in some cases, yeah. In the case of the Amazon Death Drone, no. What happens if the terrorists are cut off from making the engines that powers the propellers? What happens if the application they use to pilot the drone is brought down? What if the chemical they use to either fuel the thing or build the bombs gets internationally outlawed or embargoed? As I said, will they be able to adapt, or a better question, how many compromises will these people be able to make before the weapon is no longer lethal?

The fact is, terrorists have to keep weapons system as simple as possible or they can’t replicate their processes. For a terrorist organization to work, it can’t revolve around the genius of a few masterminds. It needs to be weapons that can be produced by many people, even those with very little education. Pinkman could keep a drone program up for a while, but eventually, he wouldn’t be able to adapt to circumstances and changes in the environment in the way that Walter White would.

Sorry, I spent way too long making that point. There are, however, alternatives that are simpler than what we normally think of as drones. These methods already have abundant supplies and designs in existence for the would be terrorist to experiment with and provide the flexibility he needs to do terrible things. The hobby shop guy I talked to was really adamant about the balsa wood, enough I realized he’s thought of this before.

What do I see happening?

I hypothesize for my story that weapons like the one pictured above, (yep) may be loaded with apps created with the purpose of using GPS enabled phones to autonomously steer planes like this. Being that DARPA, the Defense Advanced Research Projects Agency, isactually funding efforts to make software programming something that is super simple for everyone, this feat might actually not be as complex as think. Thanks DARPA. Once in flight these planes, perhaps a few hundred dollars a piece up to the point, might be capable of being loaded with small pipe bombs or, more practically, napalm. Napalm is any chemical that has two qualities, it is very sticky and it will burn a long time. Napalm is also extremely cheap, made from readily available materials anywhere, and easy to use. There are even recipes all over the internet that will make you sad about humanity. Being that the plane itself becomes part of the warhead using napalm, it will literally be a weapon raining fire from the sky. En masse, that can be a weapon that is devastating, cheap, and easy to use.

Oh, and if you were keeping track, the military definition for this is a cruise missile, but thanks to the advances in modern military technology, available to just about anyone for only $500. Enjoy the future.

Uncertain Future – Part XI – High Value Protection

High Value Body Guards and Military Contractors

Executive security is the industry of protection for VIP and High Value Individuals. While this includes those who specialize in shuttling primped up primadonna starlets like Justin Beiber from show to show, unharassed by throngs of fans, there is a much deeper need for experienced, battle ready security teams.

Due to the attention grabbing nature of these massive catastrophes, many other acts of overt criminal activities have grown in practice, but go relatively unnoticed by those not engaged in foreign policy news. First among these is the threat of kidnapping. While assassination or general acts of terror surely rank high on the list, kidnapping has a special role to play in the story of international chaos that exists today and which will continue in the future.

To understand why this is, one needs to understand how criminal empires and murder crazed caliphates primarily get funding. According to documents discovered following a raid of a prominent ISIS leader [56], the organization is funded massively through the use of kidnapping with the purpose of ransom. CNN and Business Insider investigate further to show the staggering amounts of money generated by these tactics [57] and the rationale for why the act of kidnapping is really such a good idea for such criminal and terrorist organizations. [58]

The kidnapping of Kenji Goto and Haruna Yukawa rattled the international press for this reason. This time, however, it wasn’t for the sheer barbarity that their fellow news agents were experiencing, (those attempting to report the news in the region are a favorite flavor of victim for the Islamic State, along with female humanitarian aid workers  [59]) but the magnitude of the ransom being demanded. The Islamic State demanded of the government of Japan $200 million for their safe return. Like so many others, this negotiation broke down and both were eventually beheaded in brutal fashion.

ISIS’ rationale seems similar to other terror groups: Kidnappings help raise money and, if ransoms aren’t paid, make a point, such as the groups are not to be messed with and even civilians are in danger.

$200 million is sizable demand and one which could drastically help fund the operations of the terrorist organization, which is currently already expanding its reach internationally as its borders shrink locally. While these two did not turn a profit, others did. The French have denied that they have paid ransoms [60], but according to a New York Times Report [61]they succeeded in buying back the freedom of kidnapped Frenchman from the Islamic State from ISIS. A second group working for a french nuclear firm were also freed by an al Qaeda affiliate in return for money. In perhaps the greatest coup for the terrorist state, 49 captives of Turkish origin were returned, seemingly for no reason at all to Ankara. Those following the report, myself among them, strongly suspect a major payoff for their safe and uneventful return [62]. There are other reports of three hundred Christians being charged more than $30 million for their release. One victim gave in an interview with New York Magazine that his captors forced him to call his family and a friend while he was being tortured, in hopes that his anguished screams would move them to pay the ransom money. [63] [64]

“We were blindfolded and chained, and every day they would torture us,” he said. “They would come in, one at a time, and electrocute us or beat us with anything they could find.”

“But they didn’t kill me because they wanted to ransom me. One time, they made me speak to my family on the phone as they were electrocuting me. Then, they made me call a friend, who told them he would pay.”

However, the practice of criminal kidnapping for profit is not limited to the ISIS threat. Moving to the Gulf of Aden and Somalia in one last example, one only has to recount the story of Captain Phillips.  [65]There, Somali pirates attempted to take an American vessel hostage along with its crew. This practice has become common in the narrow straits between Iran and the Horn of Africa. Massive ships with massive shipments worth billions are capable of attracting huge payouts to the pirates and the warlords who control them from the mostly European companies who control them. In the case of Phillips, though, the problem wasn’t solved by a financial transaction so much so as the extremely potent delivery of precision fire from the muzzle of US Navy SEAL Snipers.

Regardless of the success of the Phillips case, piracy and kidnapping for ransom are not going away. In fact, seeing the financial and propaganda potential for such violations, the value of making such attacks has prompted many, many more. This, perhaps, has only been exacerbated by the American shift in policy that some would say encourages the practice by providing a means for private individuals to pay the ransoms of their friends and families, thus encouraging more like kind kidnappings.

Having said all of this, it is no longer safe for most Westerners to travel to the Middle East, and the growing troubles of the region are only spreading more and more throughout the Islamic world, as millions sympathetic to the ideals of the Al Qaeda and the Islamic State begin to copy their tactics and methods. Still, people still have business to do, so Westerners are still going to go there. This leads to the need for private military contractors (PMCs).

Mention of the practice of PMCs is one that elicits fear and suspicion in most people unfamiliar with how they are actually used. Often, they can’t be mentioned without imaginations of secret mercenary black helicopter events and Orwellian fears of off the books private armies. In all honesty, very few such companies are used for anything other than bodyguards for individuals of extremely high value in the region, rather than elite soldiers willing to kill for the highest dollar. The US State department often contracts with these companies to provide a greater level of security than they can do otherwise with the military for their foreign dignitaries and ambassadors, and the CIA for their foreign case officers. This is outlined well in the opening chapters of the new book 13 Hours – The Inside Account of What Really Happened in Benghazi. The book begins by detailing the lives of the contractors involved, both professional and personal. All of those in the book possessed varied military experience, some US Navy SEALs, Army Rangers, and Marines. They may have in their experience sets Master’s Degrees in Criminal Justice, stints as the local police chief, or run warrants as bail bondsmen, and PIs stateside. Other PMCs may come from more diverse backgrounds; internationals with the French Foreign Legion, British SAS, and any number of other places and backgrounds. When I was deployed to Iraq, one team which frequented our Entry Control Point in Al Anbar Province had team members that came from as far off as South Africa, Romania, and Singapore, lead by an English Special Air Service soldier.

For the CIA and State Department, the go to is the Global Response Staff, an open secret of an organization created after the attacks on September 11th, 2001. The GRS gathers together teams of the best and most experienced operators from within the United States military with the knowledge and experience to be able to covertly guard its most valuable assets anywhere on the globe. What distinguishes these individuals from the common military they appear to be is the benefits package. Some PMCs today take in over $150,000 annually for their work overseas, on average, around three to five times what they could have expected in any given military career doing much harder work. Why they are useful is their flexibility and potency. Small teams deployed to a city can easily intertwine with the area, and adapt to cover any target that needs their level of protection. They can do this, however, without the massive overhead of the slow moving US military and sticking out like a sore thumb in places where Americans already have a hard enough time blending in. While these men (and women) and their skills don’t come cheap, they come without the prohibitive costs of deploying an entire unit of Marines or Army soldiers, which could rank in the millions, assuming an entire base doesn’t need to built for the task.

As Benghazi itself showed, the need for these individuals does still exist, and the threat of kidnapping, assassination, extortion, and any number of nefarious concerns may confront high value individuals at any time. This is why operators, such as those working with the Global Response Staff or other private military contractors will be in extremely high demand by foreign dignitaries of all nations, local government leaders, spies, journalists, and corporate executives who travel abroad, all doing business in places where business has to be done. These are the types of people who don’t want to be recorded in orange jumpsuits, a propaganda tool for murder fiends across the world. What this also means is that over the next twenty years, PMC operators of every brand and color will be in such high demand that they pop up literally everywhere important people can be seen in places where bad things often happen. What’s more, many will be more than the sum of high paid former Special Forces operators. They will be homegrown and specialized to their tasks through courses like the various Executive Protection [66] [67] courses that exist and under instruction by companies such as the American security services training company Academi [68]or the European Security Academy [69]. Both of these firms provide, alongside their training, mission support in the form of human resources, planning, and operational support. Remember that these people aren’t accountants, get creative and realize that that means  more or less exactly what you think it does.

The big change we will see as a result of this will be rather undemocratic shift in politics across the world. As the means of terrorism continues to grow, the need for higher and higher priced body guards to handle the threat will make some very rich people very safe, while leaving many others with little more than a prayer. In the end, expect to never see another photo again of any person of worth in a critical conflict area of the world without a dedicated staff of very skilled warfighters at their sides and at the ready.

Of course, this causes us to ask a very important question, where are all these extremely well paid and well trained operators going to come from?

Uncertain Future – Part IX – Physical Security

Changing gears from cyber security to the tangible world, 2015 saw one of bloodiest years on record since the end of World War II. Terrorism that originated in Middle Eastern conflicts has spread out and is beginning to become commonplace in Europe and even starting to appear, yet again, in the United States. The Charlie Hebdo and November 2015 Paris Attacks, along with a third attempt foiled by the presence of American military veterans rocked Europe as the world mourned for them. In the US, a similar, though far less attack, took place in San Bernardino, California. Between these three major attacks, around 160 people were killed. This, however, pales in comparison to the world-wide effects of terrorism. In total, there were nearly 400 terrorist attacks around the world that we know of [51]. In that, it is likely that more than ten thousand people lost their lives in acts of pure terror. I say pure terror, not to add drama to the point, but to differentiate these acts from the similar acts of violence. Acts of warfare, kidnapping, and social strong-arming are being ignored, as their practice has exploded in the last decade to unestimatable levels.

How this will affect the world in the next twenty years is that people, meaning nations, firms, and individuals, will be taking greater steps towards ensuring their own safety in the event of attack. For many, this will see annual trainings being required at many workplaces and schools. Many are already doing this. In another answer, I described how the last decade of terror and threat of “active shooters” has led to new methods and tactics aimed at empowering the individual victim to better deal with theses threats in a way that mitigates their danger, or when cornered in the worst case scenario, confront and attempt to neutralize the attackers. One such training program is ALICE, controversial in that it actually coaches victims of an active shooter incident to fight back as a very last. [52]

Uncertain Future – Part VII – State Sponsored Cracking

Now that we have thoroughly made it clear that there is no place left safe on the internet for the common individual, or even major corporations and government organizations, what about the governments themselves? What role do they play in this story.

To begin with, let’s talk about Hacking Team. Hacking Team is a company out of Milan that deals in “offensive intrusion and surveillance” capabilities. This includes the ability to monitor communications of internet users, decipher encrypted files and emails, record Skype and VoIP phone calls, as well as remotely activate microphones and cameras on the devices they target. Their primary clients include governments and major corporations, including a few governments with shady human rights records. Basically, they are the most terrifying conspiracy theories on the internet come to life.

Hacking Team are leaders in the growing industry to help governments hack in ways that make the rest of this article look like child’s play. The Hacking Team gives its clients, through use of their Da Vinci and Galileo platforms the ability to do everything from keystroke logging, GPS tracking on cell phones, and extracting wifi passwords, among many other capabilities. [31] Perhaps most interesting is their ability to steal data on local accounts, contacts and transaction histories by decrypting Bitcoin and other cryptocurrency wallet files. [32]The tools they use, or rather sell, have been used by governments to… well… you’ve seen the movies. Before you start getting up in arms, you might want to check their previous clients, regimes such as Sudan, Bahrain, and Saudi Arabia, and have been accused of being used against activists and protesters in Morocco, Syria, the United Arab Emirates. [33]They even basically serve as the intelligence agency of the Uganda. Some of those relationships landed them in hot water with the UN. To make matters even more frightening, the Italian company maintains two satellite offices within the United States, one in Annapolis and another in Washington DC. That shouldn’t lead people think this relationship buys the US anything though, since Hacking Team is suspected of selling tools to clients in Turkey who used it on a woman in the US [34]and is now suspected of selling their technology to Syria, as well.

What’s put Hacking Team in the news now? Perhaps unsurprisingly at this point, they too were also hacked in 2015. At some point their network was breached and published online – over 400 gigabytes of data. Like I said before, no one is safe.

Hacking Team’s fate, while ironic, only served to open the eyes of millions to existence of real companies whose only profession is equipping governments with the tools to break down any wall, crack any password, end any online uprising, and own our digital lives. For an example, let’s start with something small, like a foreign government hacking into a major American company to determine what media Americans and the rest of the world were allowed to see.

You know, I’ve always wondered if any of the “A movie they don’t want you to see,” advertisements were ever real. Turns out, there was one that absolutely was. In late 2014, Sony pictures planned to release a movie about a talk show host invited to North Korea. Oh, and he tries to assassinate the dictator. It was an okay movie, but honestly, not something you would watch twice on purpose. Where things went terribly, horribly wrong was when Sony pictures suddenly pulled the movie. In the weeks leading up to the release, the North Korean government expressed their “disapproval” of the film. With its ending scene depicting the violent death of their glorious leader, the North Koreans demanded the movie never show… or else. Whatever, we’re Americans, or sort of. Sony Pictures was in America at least. What are they really going to do, bomb us?

No, they didn’t bomb anyone. Instead, what they did was hack Sony Pictures. In that breach, they stole data that included personal information about Sony Pictures employees and their families, e-mails between employees, information about executive salaries at the company, copies of then-unreleased Sony films, and other information. They threatened to release the information, which any of it could have been deadly to the company, from its employee’s information to scripts of movies that haven’t been made. What happened next?

Sony pulled the film.

Not long after, popular demand, and there was a lot of us who now demanded to see this movie, made it available for streaming. Eventually, we were all able to get our fill of the death of the most infamous man alive, but it cost us. The Guardian called the event a massive defeat on American soil and the message was received, international government sponsored hackers can scare Americans into doing whatever they want.

It pissed us off as it introduced a new word into our collective lexicon: Cyberwarfare.

Uncertain Future – Part VI – If the Feds Aren’t Safe, What Makes You?

Ok, so maybe various versions of making people look bad on the internet aren’t nearly as terrifying as legitimate terrorism, but what about the presence of true cybercrime, those who use the internet with no agenda for reform, no desire for publicity, and who 99% of the time, you never knew existed? What about when the threats aren’t out to make you think about some subjective moral wrongdoing, but steal your money and ruin your life. What’s really scary is that no one is safe – quite literally no one. Not even the director of the United States Central Intelligence Agency.

A group of young hackers, using rather unsophisticated methods, broke into the CIA Director John Brennan’s personal email. So that we are all aware, the director of the CIA is the guy in charge of all US spies and one would thing be well beyond the reach of hackers… especially a group of teenagers. Much to the chagrin of the US government, he really wasn’t. This one, however, wasn’t really his fault. The method the hackers used was to implement a tactic that predates modern computing by only a few thousand years. They pretended to be people they weren’t, tricked a Verizon worker and got Brennan’s email password changed the old fashioned way… by lying. The term they used is “social engineering”. While they didn’t find much, they did find were some documents important to him. Then they bragged about it on Wired. While all of us think this one is hilarious, if a story turns up about a few of these kids turning up missing in a couple of years when no one remembers their antics… don’t say this wasn’t foreseeable.

The same group were responsible for this breach also targeted the FBI… because they are just ballsy I guess… and broke into portals used by police and federal agents to share intel. The site is also used to book suspects, and while it isn’t known how much was taken, hundreds of thousands of users may be vulnerable, many already being leaked following the hack.

2015 saw attack after attack like these, and some of the most massive breaches to internet security the world has yet seen, all with little other incentive than stealing money, stealing information, and extortion. Like my fictional spy from the future, there are many who profit heavily from the information you keep secret. Over the course of the last year, it is estimated that some 70% of the US population experienced some form of cyber attack and over 2.1 billion internet users worldwide.   In a Verizon Study of 90 Security breaches, there were 285 million data exposures. Unsurprisingly, attacks are getting much more advanced, with hackers sometimes using multiple attacks simultaneously to succeed in a breach, such as malware, brute force, and SQL injection. Furthermore, 74% of the attacks were external, meaning that 26% were executed from within the companies we are trusting with our data.  [21]In a related vein, but just as disturbing, we are now seeing more breaches being discovered by employees than outsiders. Traditionally, these sorts of attacks were discovered by feds or other companies detecting the irregularities. [22] Now, it is much more likely that when you’re breached, you’ll be the first to know… which for some of us, isn’t that comforting.

Depending on how you look at this, it could either be welcome news or utterly terrifying. On the one hand, this means that internal security is at least able to grow to the point that they become aware of their own breaches. On the other hand, it means that the number of breaches, and all the possible avenues of failure have become so numerous, that no government agency can possibly be aware of the threats anymore, let alone protect us from them.

The next troubling discovery, this one from the 2014 report, was exactly how big the hacking business is. In spite of the whole last section of activities by groups such as Anonymous, malicious hackers working with financial motives still account for some 60% of cyber crime. Corporate spying, those seeking intellectual property and trade secrets accounted for some 25% (up from previous years). Those hackers who were not set on serious crimes (you know, for the lulz) or hacktivists with some ideological agenda, in spite of all the news, accounted for next to nothing. [23]That means that in spite of internet hacktivists publicised achievements, the vast majority of illicit attacks happen for no other reason than to rob of us of something precious.

Some of the biggest of these hits last year:

  • Excellus Blue Cross/Blue Shield – 10 million records lost including names, birth dates, social security numbers, mailing addresses, financial accounts, and claims information [24]
  • Anthem Health Insurance – Access to 80 million current and former customers names, Social Security numbers, birth dates, addresses, and income data [25]
  • Experian – 15 million T-Mobile customers names, addresses, birth dates, drivers’ license ID numbers, and passport numbers. Encrypted Social Security numbers were also stolen, which may provide some measure of safety, but the company warned that encryption may have been compromised [26]
  • Scottrade – 4-6 million customers contact details compromised [27]
  • CVS, Walgreens, Rite Aid, and Costco – millions of customers’ credit card, email, postal addresses, phone numbers, and passwords. [28]
  • Donald Trump’s hotel chain – many thousands of guests’ credit card data [29]

Several people probably noticed that last line and thought to themselves, “Ha, that will show the asshat.” Well, we need to think about that one again, don’t we? Who was hurt by the breach at Trump hotels? Innocent people. Really think about who these people are who are hurt; people who slept at a place. Imagine yourself, really just you, getting a hotel anywhere in the world, never really thinking about the guy whose name is on the side of the exterior wall and if one day he may potentially run for President of the United Freaking States. No, you just slept in a place and now your information is floating around the internet by people who are trading it for money. So to those who are getting their lulz right now from finding out that the “Orange carpeted clown” got pwned (“laughing hard at the misfortunes of Donald Trump” for those not accustomed to the vernacular of the lower internet), you’re real a-holes.

To illustrate this point, as shown already, some the biggest breaches didn’t steal money directly. The big payoff was information. Hackers who can get access to data about real people, not just one, but millions of people at a time, are the biggest scores in the illicit industry of online invasion. Stealing a whole database with customer or employee names, birthdays, SSNs, or any other useful private information can open the door for those people to be targeted later for individual attacks. These attacks may be for money, or they can be for more information, perhaps even national secrets, incriminating information for blackmail, or worse. Often, this information is collected and merged into larger databases, where users are profiled and where that which is stolen can be used against them in some of the most terrifying ways imaginable later… like a hack on the Internal Revenue Service.

The IRS is a common target of hacking. As the central collection agency for all taxes of all people of the United States, it is one of the largest gold mines ever created. In 2015 it suffered the largest breach in its history. It acknowledged that hackers had gained access to view more than 300,000 previous tax returns. They did this through a tool made available by the IRS called “Get Transcript”. Get Transcript allows users to view old returns. The safety in this system is that it requires numerous layers of identifying information to access Get Transcript and view those old returns. The types of information needed: names, social security numbers, birthdates, addresses – the very same items stolen from the other hacks mentioned above. This means that the hackers were able to make one of the largest internet heists in history, only through access of stolen information, gathered, collected, and organized by other hackers in a cyber black market where your information is the most valuable and most traded commodity there is.

Relying on personal information — like Social Security numbers, birth dates and street addresses — the hackers got through a multistep authentication process. They then used information from the returns to file fraudulent ones, generating nearly $50 million in refunds. [30]

That means that each of the victims were hacked not once, but twice. The big takeaway from the 2015 IRS Hack is that there is growing evidence of the existence of something we are all afraid of. Databases out there that are growing day by day, where cells of each of our data are collected and merged without our permission or our knowledge, and that these databases are being traded by people across the world, with no good intention for us. This leads many to believe in a future decades from now which has no secrets, where all of our information is direct and open to the public. For those of us with bank accounts, street addresses, or children, that’s not the idealistic image of an open society that some would paint. The fact is, we live in a state of danger everyday because of the secrets we entrust to others. In the next few decades, for companies to remain viable, they are going to have to prove they can be trusted with our information. More so than this, if we ever want to feel safe again, perhaps the most valuable enterprise in the future of internet security might not be the next guy who is able to steal our information, but the first guys who figure out how to get it back.

Uncertain Future – Part IV – Doxxing

The Gamergate scandal didn’t end at name calling, though. Several key individuals suffered far more than the traditional effects of the average internet rabble. Along with threats of rape and murder, which are disturbing, but easily dismissed given the safety that online anonymity provides, there was another threat, one which pierced that veil of safety and put the power directly in the hands of the mob.

Doxxing.

Doxxing – from documents – search for and publish private or identifying information about (a particular individual) on the Internet, typically with malicious intent.

“hackers and online vigilantes routinely dox both public and private figures.” [11]

During Gamergate the ugly side of the conflict saw the threat, “We will dox you,” begin to surface for the first time. Doxxing, as the definition states is when online users attempt to publish personal information about other users, celebrities, or public figures against their will. This personal information ranges from your real name to private email, banking information, and anything that hackers can get hold of. Once one member discovers it and is able to publish it, the fear is that it may lead to future attacks, such as flooding email accounts with harassment emails via a botnet attack, or worse, people literally able to knock on your door.

And this is exactly what happened to the internet’s Queen, Felicia Day.

Day commented that she had thus far remained silent on the issue of Gamergate to fans and the media, including over 2.3 million Twitter followers at the time, not because she wanted to or didn’t care, but out of fear of getting doxxed  – and seeing her personal information become public knowledge on the seedy parts of the internet.

“I realised my silence on the issue was not motivated by some grand strategy, but out of fear that the issue has created about speaking out. … I have tried to retweet a few of the articles I’ve seen dissecting the issue in support, but personally I am terrified to be doxxed for even typing the words ‘gamer gate’. I have had stalkers and restraining orders issued in the past, I have had people show up on my doorstep when my personal information was hard to get.”

This was posted on her personal blog, in a post titled simply The Only Thing I have to Say about Gamergate. [12]She was immediately attacked online and doxxed. Felicia’s experiences in the past have included direct encounters with stalkers, empowered by knowledge about her that they shouldn’t have access to. Others, such as one of the women central to the beginning of Gamergate, Anita Sarkeesian a game designer who also makes videos explaining misogynist tropes in gaming, were far more disturbing.

According to Time, Sarkeesian, had to flee her home because of violent threats. She was even forced to cancel a speaking engagement at Utah State University after an anonymous person sent a letter to the school administration threatening to massacre students if she spoke. “I will write my manifesto in her spilled blood, and you will all bear witness to what feminist lies and poison have done to the men of America,” the letter read.

Now, perhaps, we are getting the reason that anonymity is something of a concern for security analysts. With abilities such as doxxing, which is just one among many possible issues that internet users face, those who use the internet, or everyone, is going to need to learn to deal with some new and very profound threats. In the way that we prepared ourselves for active shooters with things like A.L.I.C.E. training, training is going to have to be done to teach people how to protect their personal information from slippage, the military term for unwanted dispersal of sensitive information. If we don’t take that initiative,I’m afraid of an internet where anonymity creates a world where there are no activists. Many who have read and follow my work know, if nothing else, one thing about me; I am super American. I like that I have this right and freedom to speak up and speak out, but at the point where living room vigilantes are able to threaten the safety of women for complaining about big tits in video games, along with anyone who happens to listen… I’m seriously afraid of a world twenty years down the road. That anonymity grants protection for criminal acts is something we should very seriously be concerned and something the leaders of the internet need to seriously consider when they list their values. As was mentioned before, to quote Goya, “fantasy abandoned by reason produces impossible monsters.” That said, don’t be surprised if in your next annual security briefing, you see the “Dox” for the first, but not the last time.