Uncertain Future – Part XI – High Value Protection

High Value Body Guards and Military Contractors

Executive security is the industry of protection for VIP and High Value Individuals. While this includes those who specialize in shuttling primped up primadonna starlets like Justin Beiber from show to show, unharassed by throngs of fans, there is a much deeper need for experienced, battle ready security teams.

Due to the attention grabbing nature of these massive catastrophes, many other acts of overt criminal activities have grown in practice, but go relatively unnoticed by those not engaged in foreign policy news. First among these is the threat of kidnapping. While assassination or general acts of terror surely rank high on the list, kidnapping has a special role to play in the story of international chaos that exists today and which will continue in the future.

To understand why this is, one needs to understand how criminal empires and murder crazed caliphates primarily get funding. According to documents discovered following a raid of a prominent ISIS leader [56], the organization is funded massively through the use of kidnapping with the purpose of ransom. CNN and Business Insider investigate further to show the staggering amounts of money generated by these tactics [57] and the rationale for why the act of kidnapping is really such a good idea for such criminal and terrorist organizations. [58]

The kidnapping of Kenji Goto and Haruna Yukawa rattled the international press for this reason. This time, however, it wasn’t for the sheer barbarity that their fellow news agents were experiencing, (those attempting to report the news in the region are a favorite flavor of victim for the Islamic State, along with female humanitarian aid workers  [59]) but the magnitude of the ransom being demanded. The Islamic State demanded of the government of Japan $200 million for their safe return. Like so many others, this negotiation broke down and both were eventually beheaded in brutal fashion.

ISIS’ rationale seems similar to other terror groups: Kidnappings help raise money and, if ransoms aren’t paid, make a point, such as the groups are not to be messed with and even civilians are in danger.

$200 million is sizable demand and one which could drastically help fund the operations of the terrorist organization, which is currently already expanding its reach internationally as its borders shrink locally. While these two did not turn a profit, others did. The French have denied that they have paid ransoms [60], but according to a New York Times Report [61]they succeeded in buying back the freedom of kidnapped Frenchman from the Islamic State from ISIS. A second group working for a french nuclear firm were also freed by an al Qaeda affiliate in return for money. In perhaps the greatest coup for the terrorist state, 49 captives of Turkish origin were returned, seemingly for no reason at all to Ankara. Those following the report, myself among them, strongly suspect a major payoff for their safe and uneventful return [62]. There are other reports of three hundred Christians being charged more than $30 million for their release. One victim gave in an interview with New York Magazine that his captors forced him to call his family and a friend while he was being tortured, in hopes that his anguished screams would move them to pay the ransom money. [63] [64]

“We were blindfolded and chained, and every day they would torture us,” he said. “They would come in, one at a time, and electrocute us or beat us with anything they could find.”

“But they didn’t kill me because they wanted to ransom me. One time, they made me speak to my family on the phone as they were electrocuting me. Then, they made me call a friend, who told them he would pay.”

However, the practice of criminal kidnapping for profit is not limited to the ISIS threat. Moving to the Gulf of Aden and Somalia in one last example, one only has to recount the story of Captain Phillips.  [65]There, Somali pirates attempted to take an American vessel hostage along with its crew. This practice has become common in the narrow straits between Iran and the Horn of Africa. Massive ships with massive shipments worth billions are capable of attracting huge payouts to the pirates and the warlords who control them from the mostly European companies who control them. In the case of Phillips, though, the problem wasn’t solved by a financial transaction so much so as the extremely potent delivery of precision fire from the muzzle of US Navy SEAL Snipers.

Regardless of the success of the Phillips case, piracy and kidnapping for ransom are not going away. In fact, seeing the financial and propaganda potential for such violations, the value of making such attacks has prompted many, many more. This, perhaps, has only been exacerbated by the American shift in policy that some would say encourages the practice by providing a means for private individuals to pay the ransoms of their friends and families, thus encouraging more like kind kidnappings.

Having said all of this, it is no longer safe for most Westerners to travel to the Middle East, and the growing troubles of the region are only spreading more and more throughout the Islamic world, as millions sympathetic to the ideals of the Al Qaeda and the Islamic State begin to copy their tactics and methods. Still, people still have business to do, so Westerners are still going to go there. This leads to the need for private military contractors (PMCs).

Mention of the practice of PMCs is one that elicits fear and suspicion in most people unfamiliar with how they are actually used. Often, they can’t be mentioned without imaginations of secret mercenary black helicopter events and Orwellian fears of off the books private armies. In all honesty, very few such companies are used for anything other than bodyguards for individuals of extremely high value in the region, rather than elite soldiers willing to kill for the highest dollar. The US State department often contracts with these companies to provide a greater level of security than they can do otherwise with the military for their foreign dignitaries and ambassadors, and the CIA for their foreign case officers. This is outlined well in the opening chapters of the new book 13 Hours – The Inside Account of What Really Happened in Benghazi. The book begins by detailing the lives of the contractors involved, both professional and personal. All of those in the book possessed varied military experience, some US Navy SEALs, Army Rangers, and Marines. They may have in their experience sets Master’s Degrees in Criminal Justice, stints as the local police chief, or run warrants as bail bondsmen, and PIs stateside. Other PMCs may come from more diverse backgrounds; internationals with the French Foreign Legion, British SAS, and any number of other places and backgrounds. When I was deployed to Iraq, one team which frequented our Entry Control Point in Al Anbar Province had team members that came from as far off as South Africa, Romania, and Singapore, lead by an English Special Air Service soldier.

For the CIA and State Department, the go to is the Global Response Staff, an open secret of an organization created after the attacks on September 11th, 2001. The GRS gathers together teams of the best and most experienced operators from within the United States military with the knowledge and experience to be able to covertly guard its most valuable assets anywhere on the globe. What distinguishes these individuals from the common military they appear to be is the benefits package. Some PMCs today take in over $150,000 annually for their work overseas, on average, around three to five times what they could have expected in any given military career doing much harder work. Why they are useful is their flexibility and potency. Small teams deployed to a city can easily intertwine with the area, and adapt to cover any target that needs their level of protection. They can do this, however, without the massive overhead of the slow moving US military and sticking out like a sore thumb in places where Americans already have a hard enough time blending in. While these men (and women) and their skills don’t come cheap, they come without the prohibitive costs of deploying an entire unit of Marines or Army soldiers, which could rank in the millions, assuming an entire base doesn’t need to built for the task.

As Benghazi itself showed, the need for these individuals does still exist, and the threat of kidnapping, assassination, extortion, and any number of nefarious concerns may confront high value individuals at any time. This is why operators, such as those working with the Global Response Staff or other private military contractors will be in extremely high demand by foreign dignitaries of all nations, local government leaders, spies, journalists, and corporate executives who travel abroad, all doing business in places where business has to be done. These are the types of people who don’t want to be recorded in orange jumpsuits, a propaganda tool for murder fiends across the world. What this also means is that over the next twenty years, PMC operators of every brand and color will be in such high demand that they pop up literally everywhere important people can be seen in places where bad things often happen. What’s more, many will be more than the sum of high paid former Special Forces operators. They will be homegrown and specialized to their tasks through courses like the various Executive Protection [66] [67] courses that exist and under instruction by companies such as the American security services training company Academi [68]or the European Security Academy [69]. Both of these firms provide, alongside their training, mission support in the form of human resources, planning, and operational support. Remember that these people aren’t accountants, get creative and realize that that means  more or less exactly what you think it does.

The big change we will see as a result of this will be rather undemocratic shift in politics across the world. As the means of terrorism continues to grow, the need for higher and higher priced body guards to handle the threat will make some very rich people very safe, while leaving many others with little more than a prayer. In the end, expect to never see another photo again of any person of worth in a critical conflict area of the world without a dedicated staff of very skilled warfighters at their sides and at the ready.

Of course, this causes us to ask a very important question, where are all these extremely well paid and well trained operators going to come from?

Uncertain Future – Part X -Private Security Companies

Beyond the need for standard training, which will introduce a new vocabulary and the mindset to go with it, is traditional security, which is getting a remarkably untraditional makeover. Companies today are forming which are consolidating the need for security. Less and less often are you seeing security divisions within companies which are not in the business of providing security. Instead, the role of security guard for most companies is often filled by an agent of companies which specialize in the outsourcing of such skillsets. What this means for the future is that we won’t see the old mall cops drifting around on their segways, whose only real talents don’t actually center on tactics and prevention, but on finding a job where they are being paid to stand there.

Instead, these jobs are going to be going more and more to the larger security companies who specialize in the role. Soon, we will likely see a time where all private security for public places, such as malls, workplaces, and schools, all wear an inconspicuous similar uniform labeled with the same logo throughout. Instead of working directly for the companies that employ them, they will be contracted in, all centrally trained and networked with their other satellite offices and local police, all working under a centralized headquarters somewhere in the city, or perhaps across the globe. One such example is Sweden’s Securitas, a logo known throughout the West.

A recent article followed Securitas and the year it has had [53]. According to the Association for Financial Professionals, Securitas experienced “a sharp rise in profits for 2015 amid an increased threat of terrorism and the European migrant crisis.”

Net profit for the full-year rose by 18 percent to 2.44 billion kronor (258 million euros, $288 million), or eight percent excluding currency effects.

Sales climbed by 15 percent to 80.8 billion kronor.

In Europe, sales rose by eight percent to 37.5 billion for 2015 and by 11 percent in the fourth quarter, bolstered by the November 13 attacks in Paris and the arrival of hundreds of thousands of migrants in Europe.

The company earnings report cites the increased need for security services owed to terrorism alerts and the refugee situation has impacted organic sales growth in Western Europe, mostly in countries like France, Belgium, Germany and Sweden. They also reported a similar rise in Turkey, a country which has welcomed around two million Syrian refugees and saw numerous terrorist attacks within the last year. Securitas also saw a 24 percent increase in North American sales, as well.

Securitas isn’t alone, however. Spain’s Prosegur has a healthy share of the European public security market along with an American based security firm G4S. G4S started becoming more known for its role as the principal security provider for the 2012 London Summer Olympics, a significant role ever since the Munich massacre where eleven members of the Israeli Olympic team were killed. They have also been called by some the largest company you’ve never heard of [54], since they maintain the third largest corporate workforce of any company Earth (660,000 employees) and are considered (loosely) by some to be the largest private military that has ever existed. [55]

While training for you and me will be mandated behavior to attempt to control and mitigate threats, and very large, very structured private security companies will provide for the broader public to help prevent the dangers, another tier of security will create a phenomenon never before seen – the million dollar bodyguard.

Uncertain Future – Part IX – Physical Security

Changing gears from cyber security to the tangible world, 2015 saw one of bloodiest years on record since the end of World War II. Terrorism that originated in Middle Eastern conflicts has spread out and is beginning to become commonplace in Europe and even starting to appear, yet again, in the United States. The Charlie Hebdo and November 2015 Paris Attacks, along with a third attempt foiled by the presence of American military veterans rocked Europe as the world mourned for them. In the US, a similar, though far less attack, took place in San Bernardino, California. Between these three major attacks, around 160 people were killed. This, however, pales in comparison to the world-wide effects of terrorism. In total, there were nearly 400 terrorist attacks around the world that we know of [51]. In that, it is likely that more than ten thousand people lost their lives in acts of pure terror. I say pure terror, not to add drama to the point, but to differentiate these acts from the similar acts of violence. Acts of warfare, kidnapping, and social strong-arming are being ignored, as their practice has exploded in the last decade to unestimatable levels.

How this will affect the world in the next twenty years is that people, meaning nations, firms, and individuals, will be taking greater steps towards ensuring their own safety in the event of attack. For many, this will see annual trainings being required at many workplaces and schools. Many are already doing this. In another answer, I described how the last decade of terror and threat of “active shooters” has led to new methods and tactics aimed at empowering the individual victim to better deal with theses threats in a way that mitigates their danger, or when cornered in the worst case scenario, confront and attempt to neutralize the attackers. One such training program is ALICE, controversial in that it actually coaches victims of an active shooter incident to fight back as a very last. [52]

Uncertain Future – Part VIII -Cyberwarfare

According to the Rand Corporation, [35] Cyber warfare involves the actions by a nation-state or international organization to attack and attempt to damage another nation’s computers or information networks through, for example, computer viruses or denial-of-service attacks. RAND research provides recommendations to military and civilian decisionmakers on methods of defending against the damaging effects of cyber warfare on a nation’s digital infrastructure because, when nations involve themselves in the acts of cracking, all bets are off. As previously mentioned, even massive companies like Sony can be leveled by a national attack. Second, we have to ask what counts as warfare? Can it really be an act of war if no one can possibly die from it? Does it matter that this was an American company? Does it change things that it is American citizens? What does retaliation look like? The truth is, we don’t have a lot of answers for this right now, but where it might lead to is nerve racking.

Joel Brenner, a Senior Counsel at the National Security Agency, in his book America the Vulnerable, focuses on the subject of cyber warfare. He speaks at length about the vulnerabilities to the United States, some already proven and some hypothetical. One threat we may one day face which he poses, comes in the form of an attack on our infrastructure. An attack centered on the Los Angeles powergrid could hold half the West Coast hostage. A similar attack against the DOD or VA could publish every scrap of data on over 22 million veterans for the whole world to see. What’s worse, he showed how capabilities already exist that could do this.

He continues in his book to describe the threat posed by China. China is a special case in that, besides a cyber warfare branch of the People’s Liberation Army [36], China also has the added asset of tens of thousands of nationalistic, “Patriot Hackers”. These individuals form a community of cracker groups which focus on exploiting all international information vulnerabilities from corporate, to military, and even personal. This core group of international hackers has been responsible for countless patent thefts and billions in lost research and development to the benefit of Chinese corporations, but is also responsible for compromising classified information worldwide. China’s hacker community is distinctly different from that of nations like the United States, which, if a pattern could be set, would be better described as anarchistic and anti-government (remember Anonymous), and even those in Russia, who are much more geared to cyber crime for profit. China’s hackers, instead work together alongside, or at least to the benefit of, China’s national government. All this while still be officially “unaffiliated” with the government for diplomatic and legal reasons. Effectively, the Chinese have a clandestine cyber national guard, growing in capabilities and there isn’t really a thing the world can do about it.

In fact, the largest breach of security for information in an American database last year didn’t come from someone hacking some corporation to turn a quick profit. It came from China. [37] Last year, the Office of Personnel Management discovered that information over 21 million victims had slipped into hacker’s hands.  [38]The attack lasted over a year and included some 19 million people who applied for government security clearances and the information pertaining to their background checks, along with 1.8 million spouses, friends, and family members. To throw gasoline onto the fire, another 5.6 million fingerprint files of federal employees may have been lost [39], as well.

Moving Westward, Russia is a concern, as well. Having lost much of their technological edge in the last twenty years, they’re working to reclaim lost ground. Currently, when one thinks of Russian hackers, they are probably thinking of internet fraud and child pornography. Over the last few years, however, their capabilities have attempted to close the gap. Recently, in their ongoing conflict between Ukraine, Russian hackers were able to shutdown major sections of the Ukrainian power grid. [40]More concerning, however, is Russia’s attempts to control the media through the very bottom up. Called The 50 Ruble Army, Russia has copied a Chinese tactic to start employing professional commenters, people who scroll the internet commenting on content that weighs negatively against Russia with links to pro-Russian content, articles, and propaganda. [41] (Oh, yeah. Did I forget that about China, too? [42])If you speak about Russia long enough, you’ll see these guys.

But Russia and China aren’t the only concern in cyberwarfare. What’s surprising many, is the capabilities of players that weren’t normally seen in traditional spheres of  computing capability. In 2011, by all accounts, Iran was able to steal a United States CIA stealth drone, literally out of the sky.  [43]

According to Iranian sources, they were able to capture the US drone by “spoofing” the onboard GPS system. After technicians were able to hack into the drone, they broke the link with the systems remote controllers. From this point, according to the Iranian source, they simply told the drone to land in on an Iranian base, believing it to be its home in Afghanistan.  [44]Quite frankly, if any part of that story is true, that is a real head scratcher for the Americans. More so than that, given the relatively unharmed state of the drone, at least from the pictures, it very well could be true. As far back as 2012, the concept of GPS spoofing was a proven concept by researchers at the University of Texas.  [45]Given the resources of an entire nation, it wouldn’t surprise me terribly if they figured it out faster than a single American college.

Granted, the loss of our drone rattled many, but it wasn’t the first attack in the Iran/American Cyber War. Nor would it be the last.

Let’s take a step back to the 1980’s. Russia had poor abilities to produce microchips and the soviets worked to steal technology from the West, decades aheads of them technologically speaking. Because of a defector, the United States was able to know what it was Soviet spies were after. The Americans allowed flawed microprocessors to be stolen and their programs copied. These were made so well that they passed an initial inspection, only break down chemical and manufacturing facilities and overpower turbines in the Trans-Siberian pipeline. When soviet spies stole plans for gas-line pumps, they were unaware that it was intentionally designed to pump with much more pressure than the pipes were ever meant to handle. William Safire of the New York Times in 2004 was the first to break this story 25 years later. In his words, “The result was the most monumental, non-nuclear explosion and fire, ever seen from space.”

Fast forward a few decades.

In January 2010, inspectors with the International Atomic Energy Agency visiting the Natanz uranium enrichment plant in Iran noticed that centrifuges used to enrich uranium gas were failing at an unprecedented rate. The cause was a complete mystery—apparently as much to the Iranian technicians replacing the centrifuges as to the inspectors observing them.

Five months later a seemingly unrelated event occurred. A computer security firm in Belarus was called in to troubleshoot a series of computers in Iran that were crashing and rebooting repeatedly. Again, the cause of the problem was a mystery. That is, until the researchers found a handful of malicious files on one of the systems and discovered the world’s first digital weapon.

Stuxnet, as it came to be known, was unlike any other virus or worm that came before. Rather than simply hijacking targeted computers or stealing information from them, it escaped the digital realm to wreak physical destruction on equipment the computers controlled.

WIRED senior staff writer Kim Zetter [46]

A piece of code began showing itself around which became known as the Stuxnet virus, made famous for its approach to disabling Iranian nuclear refinement operations. Brenner describes why Stuxnet was so incredible. It was a worm, a self-replicating virus, which utilized not just one, but four previously unknown vulnerabilities in Microsoft operating systems to spread itself throughout a worldwide infection. Once spread, it sought out particular Siemens centrifuges, like those used by the Iranians to refine Uranium, and bring them down. This virus baffled engineers for months, unaware that random system outages were really the result of advanced sabotage efforts from outside the country. What it showed was the threat to even extremely powerful and well defended military systems were possible via online attack. More perplexing, the Stuxnet virus, Brenner postulates, could have only have been created by one of a very few groups who would have had the technological capability to create it, that being the national governments of either United States, Russia, China, Israel, or one of a few members of the European Community. It goes way beyond the capability of the midnight hacker savant or the college computer science nerd out for kicks. This was deliberate and ingeniously engineered attack conducted by nations.

Enter: The US Cyber Command. All the necessary ingredients are in place for the possibility of cyber-threats from other nations, or even cyber-terrorism. For all intents and purposes, the United States built them. For that reason, the United States military created the US Cyber Command. On June 23, 2009, the Secretary of Defense directed the Commander of U.S. Strategic Command to establish a sub-unified command, United States Cyber Command (USCYBERCOM). Full Operational Capability (FOC) was achieved Oct. 31, 2010. The Command has three main focus areas: Defending the Department of Defense’s Intelligence assets, providing support to combatant commanders for execution of their missions around the world, and strengthening our nation’s ability to withstand and respond to cyber attack. I couldn’t find a video. I don’t think they want me talking about it.

Many speculate that either the US Cyber Command, or some other third party affiliate with the CIA, or even companies like Hacking Team to have created the Stuxnet virus, in conjunction with allies in Israel. As of yet, US Cyber Command has only once, very recently admitted ever taking part in any offensive actions. In the fight to retake Mosul, Iraq US forces are working with allies in the region to stop ISIS on the ground, in the air, and via the web.  [47]

Meanwhile, U.S. forces are waging a cyber offensive to cut or spy on ISIS communications in Mosul. Carter said cyber attacks are being used “to interrupt [and] disrupt ISIL’s command and control, to cause them to lose confidence in their networks, to overload their network so that they can’t function, and do all of these things that will interrupt their ability to command and control forces there, control the population and the economy.”

While this is the first admitted time the US Cyber Command has officially been used in an act of cyber warfare, it will certainly not be the last. Along with this, many fear a future where it is needed. In an answer on a similar vein, I was once asked how vulnerable the US Naval fleet was to attack.

Future state-on-state conflict, as well as conflicts involving non-state actors such as al-Qaida, would increasingly be characterised by reliance on asymmetric warfare techniques, chiefly cyber-warfare, Chipman said. Hostile governments could hide behind rapidly advancing technology to launch attacks undetected. And unlike conventional and nuclear arms, there were no agreed international controls on the use of cyber weapons.

“Cyber-warfare [may be used] to disable a country’s infrastructure, meddle with the integrity of another country’s internal military data, try to confuse its financial transactions or to accomplish any number of other possibly crippling aims,” he said. Yet governments and national defence establishments at present have only limited ability to tell when they were under attack, by whom, and how they might respond.

The US Defence Department’s Quadrennial Defence Review, published this week, also highlighted the rising threat posed by cyber-warfare on space-based surveillance and communications systems.”On any given day, there are as many as 7 million DoD (Department of Defence) computers and telecommunications tools in use in 88 countries using thousands of war-fighting and support applications. The number of potential vulnerabilities, therefore, is staggering.” the review said.

“Moreover, the speed of cyber attacks and the anonymity of cyberspace greatly favour the offence. This advantage is growing as hacker tools become cheaper and easier to employ by adversaries whose skills are growing in sophistication.” [48]

Some of those vulnerabilities are forehead-smackingly simple, once you know where to look. “You can walk around any ship, most aircraft, and you can find either USB ports or serial ports that were put there for maintenance,” said Leigher. “They were done for good engineering reasons” — to download diagnostic data, for example — “but the engineer wasn’t thinking about computer security.” What if an enemy agent undercover as a contractor or even as a civilian on a good-will tour slipped a virus-loaded thumb drive into one of those ports? What if the bad guy simply tricked a sailor into doing it for him? [49]

U.S. computer experts playing the part of foreign hackers managed to shut down all communications among the U.S. Pacific fleet, and could have shut down the entire western half of the U.S. power grid. [50]

In that answer, given everything we know about the numerous breaks in our defenses, the capabilities of hackers across the globe, and the outdated systems of much of our Navy, it is plausible a group of hackers which are well enough organized and with enough backing, could compromise our carrier’s systems. It is possible that infected equipment could be installed on the ships themselves, since it is economically impossible to produce all the technologies built for these ships in government controlled factories, nor even, all in the United States. Foreign manufacturing produces gateway points for hardware to be slipped in with infected files that could then reproduce throughout the vessel’s internal secured networks and systems. If this were to happen, it is possible that these ships could be brought down through their own control systems, locking up, halting their communications, melting down their reactors, crashing them into the rocks or even city docks, or just causing them to float dead in the water defenseless against enemy attack and unable to protect us here at home.

Uncertain Future – Part VII – State Sponsored Cracking

Now that we have thoroughly made it clear that there is no place left safe on the internet for the common individual, or even major corporations and government organizations, what about the governments themselves? What role do they play in this story.

To begin with, let’s talk about Hacking Team. Hacking Team is a company out of Milan that deals in “offensive intrusion and surveillance” capabilities. This includes the ability to monitor communications of internet users, decipher encrypted files and emails, record Skype and VoIP phone calls, as well as remotely activate microphones and cameras on the devices they target. Their primary clients include governments and major corporations, including a few governments with shady human rights records. Basically, they are the most terrifying conspiracy theories on the internet come to life.

Hacking Team are leaders in the growing industry to help governments hack in ways that make the rest of this article look like child’s play. The Hacking Team gives its clients, through use of their Da Vinci and Galileo platforms the ability to do everything from keystroke logging, GPS tracking on cell phones, and extracting wifi passwords, among many other capabilities. [31] Perhaps most interesting is their ability to steal data on local accounts, contacts and transaction histories by decrypting Bitcoin and other cryptocurrency wallet files. [32]The tools they use, or rather sell, have been used by governments to… well… you’ve seen the movies. Before you start getting up in arms, you might want to check their previous clients, regimes such as Sudan, Bahrain, and Saudi Arabia, and have been accused of being used against activists and protesters in Morocco, Syria, the United Arab Emirates. [33]They even basically serve as the intelligence agency of the Uganda. Some of those relationships landed them in hot water with the UN. To make matters even more frightening, the Italian company maintains two satellite offices within the United States, one in Annapolis and another in Washington DC. That shouldn’t lead people think this relationship buys the US anything though, since Hacking Team is suspected of selling tools to clients in Turkey who used it on a woman in the US [34]and is now suspected of selling their technology to Syria, as well.

What’s put Hacking Team in the news now? Perhaps unsurprisingly at this point, they too were also hacked in 2015. At some point their network was breached and published online – over 400 gigabytes of data. Like I said before, no one is safe.

Hacking Team’s fate, while ironic, only served to open the eyes of millions to existence of real companies whose only profession is equipping governments with the tools to break down any wall, crack any password, end any online uprising, and own our digital lives. For an example, let’s start with something small, like a foreign government hacking into a major American company to determine what media Americans and the rest of the world were allowed to see.

You know, I’ve always wondered if any of the “A movie they don’t want you to see,” advertisements were ever real. Turns out, there was one that absolutely was. In late 2014, Sony pictures planned to release a movie about a talk show host invited to North Korea. Oh, and he tries to assassinate the dictator. It was an okay movie, but honestly, not something you would watch twice on purpose. Where things went terribly, horribly wrong was when Sony pictures suddenly pulled the movie. In the weeks leading up to the release, the North Korean government expressed their “disapproval” of the film. With its ending scene depicting the violent death of their glorious leader, the North Koreans demanded the movie never show… or else. Whatever, we’re Americans, or sort of. Sony Pictures was in America at least. What are they really going to do, bomb us?

No, they didn’t bomb anyone. Instead, what they did was hack Sony Pictures. In that breach, they stole data that included personal information about Sony Pictures employees and their families, e-mails between employees, information about executive salaries at the company, copies of then-unreleased Sony films, and other information. They threatened to release the information, which any of it could have been deadly to the company, from its employee’s information to scripts of movies that haven’t been made. What happened next?

Sony pulled the film.

Not long after, popular demand, and there was a lot of us who now demanded to see this movie, made it available for streaming. Eventually, we were all able to get our fill of the death of the most infamous man alive, but it cost us. The Guardian called the event a massive defeat on American soil and the message was received, international government sponsored hackers can scare Americans into doing whatever they want.

It pissed us off as it introduced a new word into our collective lexicon: Cyberwarfare.

Uncertain Future – Part VI – If the Feds Aren’t Safe, What Makes You?

Ok, so maybe various versions of making people look bad on the internet aren’t nearly as terrifying as legitimate terrorism, but what about the presence of true cybercrime, those who use the internet with no agenda for reform, no desire for publicity, and who 99% of the time, you never knew existed? What about when the threats aren’t out to make you think about some subjective moral wrongdoing, but steal your money and ruin your life. What’s really scary is that no one is safe – quite literally no one. Not even the director of the United States Central Intelligence Agency.

A group of young hackers, using rather unsophisticated methods, broke into the CIA Director John Brennan’s personal email. So that we are all aware, the director of the CIA is the guy in charge of all US spies and one would thing be well beyond the reach of hackers… especially a group of teenagers. Much to the chagrin of the US government, he really wasn’t. This one, however, wasn’t really his fault. The method the hackers used was to implement a tactic that predates modern computing by only a few thousand years. They pretended to be people they weren’t, tricked a Verizon worker and got Brennan’s email password changed the old fashioned way… by lying. The term they used is “social engineering”. While they didn’t find much, they did find were some documents important to him. Then they bragged about it on Wired. While all of us think this one is hilarious, if a story turns up about a few of these kids turning up missing in a couple of years when no one remembers their antics… don’t say this wasn’t foreseeable.

The same group were responsible for this breach also targeted the FBI… because they are just ballsy I guess… and broke into portals used by police and federal agents to share intel. The site is also used to book suspects, and while it isn’t known how much was taken, hundreds of thousands of users may be vulnerable, many already being leaked following the hack.

2015 saw attack after attack like these, and some of the most massive breaches to internet security the world has yet seen, all with little other incentive than stealing money, stealing information, and extortion. Like my fictional spy from the future, there are many who profit heavily from the information you keep secret. Over the course of the last year, it is estimated that some 70% of the US population experienced some form of cyber attack and over 2.1 billion internet users worldwide.   In a Verizon Study of 90 Security breaches, there were 285 million data exposures. Unsurprisingly, attacks are getting much more advanced, with hackers sometimes using multiple attacks simultaneously to succeed in a breach, such as malware, brute force, and SQL injection. Furthermore, 74% of the attacks were external, meaning that 26% were executed from within the companies we are trusting with our data.  [21]In a related vein, but just as disturbing, we are now seeing more breaches being discovered by employees than outsiders. Traditionally, these sorts of attacks were discovered by feds or other companies detecting the irregularities. [22] Now, it is much more likely that when you’re breached, you’ll be the first to know… which for some of us, isn’t that comforting.

Depending on how you look at this, it could either be welcome news or utterly terrifying. On the one hand, this means that internal security is at least able to grow to the point that they become aware of their own breaches. On the other hand, it means that the number of breaches, and all the possible avenues of failure have become so numerous, that no government agency can possibly be aware of the threats anymore, let alone protect us from them.

The next troubling discovery, this one from the 2014 report, was exactly how big the hacking business is. In spite of the whole last section of activities by groups such as Anonymous, malicious hackers working with financial motives still account for some 60% of cyber crime. Corporate spying, those seeking intellectual property and trade secrets accounted for some 25% (up from previous years). Those hackers who were not set on serious crimes (you know, for the lulz) or hacktivists with some ideological agenda, in spite of all the news, accounted for next to nothing. [23]That means that in spite of internet hacktivists publicised achievements, the vast majority of illicit attacks happen for no other reason than to rob of us of something precious.

Some of the biggest of these hits last year:

  • Excellus Blue Cross/Blue Shield – 10 million records lost including names, birth dates, social security numbers, mailing addresses, financial accounts, and claims information [24]
  • Anthem Health Insurance – Access to 80 million current and former customers names, Social Security numbers, birth dates, addresses, and income data [25]
  • Experian – 15 million T-Mobile customers names, addresses, birth dates, drivers’ license ID numbers, and passport numbers. Encrypted Social Security numbers were also stolen, which may provide some measure of safety, but the company warned that encryption may have been compromised [26]
  • Scottrade – 4-6 million customers contact details compromised [27]
  • CVS, Walgreens, Rite Aid, and Costco – millions of customers’ credit card, email, postal addresses, phone numbers, and passwords. [28]
  • Donald Trump’s hotel chain – many thousands of guests’ credit card data [29]

Several people probably noticed that last line and thought to themselves, “Ha, that will show the asshat.” Well, we need to think about that one again, don’t we? Who was hurt by the breach at Trump hotels? Innocent people. Really think about who these people are who are hurt; people who slept at a place. Imagine yourself, really just you, getting a hotel anywhere in the world, never really thinking about the guy whose name is on the side of the exterior wall and if one day he may potentially run for President of the United Freaking States. No, you just slept in a place and now your information is floating around the internet by people who are trading it for money. So to those who are getting their lulz right now from finding out that the “Orange carpeted clown” got pwned (“laughing hard at the misfortunes of Donald Trump” for those not accustomed to the vernacular of the lower internet), you’re real a-holes.

To illustrate this point, as shown already, some the biggest breaches didn’t steal money directly. The big payoff was information. Hackers who can get access to data about real people, not just one, but millions of people at a time, are the biggest scores in the illicit industry of online invasion. Stealing a whole database with customer or employee names, birthdays, SSNs, or any other useful private information can open the door for those people to be targeted later for individual attacks. These attacks may be for money, or they can be for more information, perhaps even national secrets, incriminating information for blackmail, or worse. Often, this information is collected and merged into larger databases, where users are profiled and where that which is stolen can be used against them in some of the most terrifying ways imaginable later… like a hack on the Internal Revenue Service.

The IRS is a common target of hacking. As the central collection agency for all taxes of all people of the United States, it is one of the largest gold mines ever created. In 2015 it suffered the largest breach in its history. It acknowledged that hackers had gained access to view more than 300,000 previous tax returns. They did this through a tool made available by the IRS called “Get Transcript”. Get Transcript allows users to view old returns. The safety in this system is that it requires numerous layers of identifying information to access Get Transcript and view those old returns. The types of information needed: names, social security numbers, birthdates, addresses – the very same items stolen from the other hacks mentioned above. This means that the hackers were able to make one of the largest internet heists in history, only through access of stolen information, gathered, collected, and organized by other hackers in a cyber black market where your information is the most valuable and most traded commodity there is.

Relying on personal information — like Social Security numbers, birth dates and street addresses — the hackers got through a multistep authentication process. They then used information from the returns to file fraudulent ones, generating nearly $50 million in refunds. [30]

That means that each of the victims were hacked not once, but twice. The big takeaway from the 2015 IRS Hack is that there is growing evidence of the existence of something we are all afraid of. Databases out there that are growing day by day, where cells of each of our data are collected and merged without our permission or our knowledge, and that these databases are being traded by people across the world, with no good intention for us. This leads many to believe in a future decades from now which has no secrets, where all of our information is direct and open to the public. For those of us with bank accounts, street addresses, or children, that’s not the idealistic image of an open society that some would paint. The fact is, we live in a state of danger everyday because of the secrets we entrust to others. In the next few decades, for companies to remain viable, they are going to have to prove they can be trusted with our information. More so than this, if we ever want to feel safe again, perhaps the most valuable enterprise in the future of internet security might not be the next guy who is able to steal our information, but the first guys who figure out how to get it back.

Uncertain Future – Part V – Hactivism


Having said that, there is more power to the open internet than you think. Your private information, while important to you for reasons shown in the previous section, is very little compared to what organized groups with an agenda are really after – complete system change. These groups have proven the means to bring down massive sites and even fight terrorism. Of course, they have also cost thousands of innocent people their personal information, destroyed companies, and ruin marriages, along with more than a few lives.

To begin, one needs to look into the (perfectly named) Ashley Madison Affair [13]. Ashley Madison was and is the internet’s largest website for cheating. Literally, that’s all they do is help people who are married cheat on one another. After a savvy campaign including talk shows and clever advertising, one which brought tons of open scorn, but just enough silent attention to keep the profits rolling in, a group calling themselves, “The Impact Group” decided they weren’t amused with the salacious shenanigans. The Impact Group researched Ashley Madison and found it to be under the ownership Avid Life Media, which also owns other hookup sites like Cougar Life and Established Men, which they claimed supported prostitution and human trafficking. When Ashley Madison reported that they offered a service to completely delete the accounts of users no longer interested in their services, the Impact Group moved out to show that this service wasn’t all it was cracked out to be. 37 million disclosed users later and the site which sold itself on discretion, was in the midst of its worst nightmare.

The impact group is only one such online Robin Hood alliance which exists. Others out there have proven themselves time and time again to be able to affect change, either through direct action, or the threat of it via hacking individuals, corporations, and even governments. One such group calls itself, aptly enough, Anonymous.

Wikipedia describes Anonymous as a loosely associated international network of activist and hacktivist entities. A website nominally associated with the group describes it as “an Internet gathering” with “a very loose and decentralized command structure that operates on ideas rather than directives”.

To understand them further, a group of users of various internet forums Reddit and 4Chan, all functioning under anonymous user names began coordinating efforts towards various political and social agendas. Conversation in the all anonymous sites would form, ranging on the spectrum of enlightened social commentary and debate, to outright bigoted hate groups. Within these conversations, like minded leaders would collectively pool resources, and take the conversation into a more private level.

To use a metaphor, the internet is a single massive room where everyone is screaming to be heard. The chaos and confusion that follows allows a small group to gather by a wall, completely visible to anyone who were to look, and speak openly to where anyone could listen, but their voices still lost because of the constant noise of internet traffic, entertainment, and news. In these “private open sessions” the leader groups came to a consensus of some action which should be taken. Among them were many who were legitimately talented crackers, the term for internet hackers with malicious intents. Their skills, along with a few who just executed their wishes, were able to achieve some crazy results. From here, the cell would plan an operation, in their parlance, and if successful disintegrate back into the crowed. From there, they may join a new operation, or never be heard from again. For this, they describe their movement as “leaderless.”

In the beginning operations or “attacks” ranged on the low end with benign acts of internet weirdness, such as the when hundreds of Anons gathered in an online Finnish Hotel with identical black avatars, forming swastikas and closing down the pool due to “fail and AIDS”. A bit higher up were a few high profile “operations” including attacks on the Church of Scientology,  Recording Industry Association of America and the Motion Picture Association of America, various international copywriting offices, Paypal, and eventually Sony’s Playstation Network.

The group’s preferred method of attack were a series of well-publicized publicity stunts and distributed denial-of-service (DDoS). A DDoS attack is one in which an asset is bombarded with fake traffic, slowing down the service or bringing them down all together. Consider a telethon for kids with cancer or adopting puppies. A version of a DDoS attack (by seriously mean people) would be hundreds of people who all collectively call in with prank calls, tying up all the operators, thus making it impossible to actually take real donations. On the internet, this is done through special programs written to cause a single normal device, such as the phone or computer you are reading this article on, to send false traffic to a website with its spare processing power in the background. Your devices are actually quite powerful and the spare processing power can generate a lot of worthless traffic for the receiver. This is often compounded through the use of botnets, programs which control many devices, sometime thousands, with or without their owner’s consent, all generating traffic to bring down the target websites or online assets. Technically, this attack is harmless, unlike uploading a malicious computer virus, as all effects end the moment the attack stops. The servers go back to operating as normal, no harm done… except for the millions lost through down time and breaches in their security.

Of course, this is all extremely illegal. Many anonymous members found that their movements weren’t as secretive as they believed. Various Anons were jailed or suffered massive fines for their infractions. Sadly, many of the people who suffered the most were not leaders in the movements, or operations, but people who didn’t understand the risks and were just acting under instructions from other Anons more versed in what could go wrong. One example of this is Dmitriy Guzner [14], a 19 year old American given a one year prison sentence for attacking a protected computer. It was around this time that Anonymous truly began evolving in an attempt to be more than just internet pranksters. Seeing many hauled off to long prison stays saw the movement break into various camps; namely those motivated for ideological reasons and those seeking to provoke for entertainment, ie. trolls for the lulz.

Following this period of internal rebranding, and backed by energy gained through the Occupy Wall Street Movement [15], there was some realistic clout to those who participated in the online actions. Brought together by the idealistic sides of Anonymous, operations became more complex, as legitimately talented media experts, artists, videographers, and yes, more hackers, were able to add their capabilities to spread their message and their actions. In the next few years their major operations were more focused and even altruistic. Charitable actions included events like #OpOkand Operation Safe Winter, as well as attempts to intervene in what they viewed as unlawful police brutality, attacking the KKK, and taking down child pornagraphers[16]. Most recently, in an attempt to fight back against the growing threat of Islamic fundamentalism and Middle East born terrorism, operations like #OpSaudi and#OpISIS, sought to disrupt funding for the Islamic State and their vast online propaganda presence. According to some reports, as many as 20,000 accounts on Twitter of ISIS affiliates and recruiters have been brought down [17], as well as the hundreds of websites, and the releasing of ISIS recruiter’s personal information including their home address.  [18]

While many question Anonymous as nothing but a bunch of unaccountable internet pranksters with various and chaotic agendas, others are impressed by their power and the complexity their operations are taking, if for no other reason, than the attention they are able to garnish for their causes and themselves. Others, however, aren’t happy with what they are considering a virtual lynch mob. Some are leaving the group for its rather chaotic history of attacking innocent people, which have included people in the random databases Anons have gained access to, as well as anyone who speaks badly about Anonymous. [19]

“When I started with Anon I thought I was helping people but over the past few months things inside anon have changed,” the hacker said in a statement posted to the Web. “I am mostly talking about AntiSec and LulzSec. They both go against what I stand for (and what anonymous says they stand for). Antisec has released gig after gig of innocent peoples information. For what? What did they do? Does anon have the right to remove the anonymity of innocent people?

At least one commentator went so far as to consider them the living embodiment of George Orwell’s thought police from his classic science fiction 1984.  [20]There thinking anything against the Party was deemed a criminal act – a “thoughtcrime”, which brought about arrest and rehabilitation (read that as torture) under the Thought Police.

1984 is considered a definitive cautionary tale, but what makes Orwell’s masterpiece particularly terrifying is how close 2015 mimics Orwell’s dystopian fiction. You see it in hacktivist groups like Anonymous, commentary shows like The Hannity Show, and online across social networks, the Thought Police has become a reality. If you are outside of their thinking, you become Public Enemy #1 and must be destroyed.

What this means for businesses and organizations is yet another threat to security which has to be accounted for. No one knows when something they do, or some policy they have, will catch the attention of Anonymous, or any other major group of like minded internet anarchists to bring about action in numbers that the government can’t actually do much about. You never know what kind of vulnerability you have until 10,000 angry hackers start inspecting the cracks in your walls.

Uncertain Future – Part IV – Doxxing

The Gamergate scandal didn’t end at name calling, though. Several key individuals suffered far more than the traditional effects of the average internet rabble. Along with threats of rape and murder, which are disturbing, but easily dismissed given the safety that online anonymity provides, there was another threat, one which pierced that veil of safety and put the power directly in the hands of the mob.

Doxxing.

Doxxing – from documents – search for and publish private or identifying information about (a particular individual) on the Internet, typically with malicious intent.

“hackers and online vigilantes routinely dox both public and private figures.” [11]

During Gamergate the ugly side of the conflict saw the threat, “We will dox you,” begin to surface for the first time. Doxxing, as the definition states is when online users attempt to publish personal information about other users, celebrities, or public figures against their will. This personal information ranges from your real name to private email, banking information, and anything that hackers can get hold of. Once one member discovers it and is able to publish it, the fear is that it may lead to future attacks, such as flooding email accounts with harassment emails via a botnet attack, or worse, people literally able to knock on your door.

And this is exactly what happened to the internet’s Queen, Felicia Day.

Day commented that she had thus far remained silent on the issue of Gamergate to fans and the media, including over 2.3 million Twitter followers at the time, not because she wanted to or didn’t care, but out of fear of getting doxxed  – and seeing her personal information become public knowledge on the seedy parts of the internet.

“I realised my silence on the issue was not motivated by some grand strategy, but out of fear that the issue has created about speaking out. … I have tried to retweet a few of the articles I’ve seen dissecting the issue in support, but personally I am terrified to be doxxed for even typing the words ‘gamer gate’. I have had stalkers and restraining orders issued in the past, I have had people show up on my doorstep when my personal information was hard to get.”

This was posted on her personal blog, in a post titled simply The Only Thing I have to Say about Gamergate. [12]She was immediately attacked online and doxxed. Felicia’s experiences in the past have included direct encounters with stalkers, empowered by knowledge about her that they shouldn’t have access to. Others, such as one of the women central to the beginning of Gamergate, Anita Sarkeesian a game designer who also makes videos explaining misogynist tropes in gaming, were far more disturbing.

According to Time, Sarkeesian, had to flee her home because of violent threats. She was even forced to cancel a speaking engagement at Utah State University after an anonymous person sent a letter to the school administration threatening to massacre students if she spoke. “I will write my manifesto in her spilled blood, and you will all bear witness to what feminist lies and poison have done to the men of America,” the letter read.

Now, perhaps, we are getting the reason that anonymity is something of a concern for security analysts. With abilities such as doxxing, which is just one among many possible issues that internet users face, those who use the internet, or everyone, is going to need to learn to deal with some new and very profound threats. In the way that we prepared ourselves for active shooters with things like A.L.I.C.E. training, training is going to have to be done to teach people how to protect their personal information from slippage, the military term for unwanted dispersal of sensitive information. If we don’t take that initiative,I’m afraid of an internet where anonymity creates a world where there are no activists. Many who have read and follow my work know, if nothing else, one thing about me; I am super American. I like that I have this right and freedom to speak up and speak out, but at the point where living room vigilantes are able to threaten the safety of women for complaining about big tits in video games, along with anyone who happens to listen… I’m seriously afraid of a world twenty years down the road. That anonymity grants protection for criminal acts is something we should very seriously be concerned and something the leaders of the internet need to seriously consider when they list their values. As was mentioned before, to quote Goya, “fantasy abandoned by reason produces impossible monsters.” That said, don’t be surprised if in your next annual security briefing, you see the “Dox” for the first, but not the last time.

Uncertain Future – Part III – Online Harassment

Beginning in August 2014, a the hashtag #GamerGate [6] began to form. It was began by groups of video game enthusiasts on differing camps of the politics of gaming. Those on the side of Gamergate gave the stated purpose for it to be combatting political correctness, censorship, and poor journalistic ethics in video game reporting. Specifically, many organized their efforts to target several female members of the gaming community for attacks against the genre norms and values. In retribution, these women and commenters denied the ethical basis and condemned the affair as misogynistic, which then led to reprisal attacks from across the internet world.

The roots of the debate began as a progressive pull to make  females in video games less… um… genetically improbable babes.

Designers and other feminist gamers argued against the exploitive nature in which females were depicted in many games, showcasing outrageous body types, and surfacing new controversies like “Same Armor/Same Stats” and “Less Armor/More Protection”.

So yeah, anyone who argues that is pretty much arguing, “I want more boobs! Don’t take away the boobs!” Granted, in the defense of the status quo, some interesting arguments did come out  deeper than merely, “Save the boobs!” Many Gamergates, argued that coming down on developers was a legitimate attack on free speech, while others decried the very nature of political correctness for gaming. Perhaps the best I had yet heard gave a rather remarkable feminist appeal by asking whether a very popular, and famously buxom, character from the 1990’s should be “reduced” for the upcoming remake. The argument there was that to retool, some said sensor, a character which is already well known on account of her body type is an attack on anyone who legitimately has that body type. In this case, it sends the message that simply having large breasts or long legs is wrong, and something to be ashamed of.  [7]

I honestly didn’t know if I just heard a masterful counterargument supporting both sides of the controversy from the feminist perspective or simply some grade A BS. Regardless, many of the feminists dismissed such views outright, some retaliating through the absolute attack on what it meant it meant to be a “gamer”, coinciding the meaning with being synonymous with misogyny. This, as it should surprise no one, led to a greater and greater tit-for-tat assault on both sides. More joined the Gamergate cause simply in opposition to the radical feminists among those who in over the top demonstrations, stated that all those who don’t agree with the narrative of the feminists were misogynistic, and eventually homophobic, racists, and bigoted.

That was wrong, but what happened next disappointed many as conversation wasn’t the only thing that came out. Users operating, mostly anonymously via sites like Reddit, 4Chan, and 8Chan, began attacking against leaders on both sides taking the stances that games need to redirect. The attacks eventually grew to threats, including the threat of rape and murder for many of the feminists, and threats to have get many of the Gamergaters fired from their real world jobs. Most of us were surprised it got as bad as it did as fast as it did. I wondered why so many gamers became so visceral in their attacks against activists in the industry, or even just their defense of the boobs. I, along with much of the rest of the gaming community with large internet followings, just wondered with surprise how it got that bad.

And that is what is really scary about online security threats like these. People online can get really mean, hateful, and even cruel. I’m not talking about calling you an “asshat” cruel. I mean subjecting people to the constant barrage of hate that results in  IRL (in real life) ugliness. There is even a hashtag going out on snapchat called #TBR. For those of us blessed not to work with children on a daily basis, you’ve probably never heard of #TBR, but it stands for To Be Rude. Literally, it is nothing but children being hateful to one another, insulting one another in “secret”, via Snapchat. Snapchat is a novel tool for kids because it allows sharing of content that will “delete” after a predetermined time or number of views, and only to those you choose. I suppose this may be useful to revolutionaries fighting against totalitarian regimes, but mostly kids just use it to post pictures of themselves naked and be monsters to one another. It sort of explains the ghost icon, though; a hint of secrecy.

Now where this fits into the GamerGate controversy was that we didn’t just see children acting like children. We saw adults acting very maliciously with the intent to cause fear and psychological harm, with the intended purpose of manipulation. By most accounts, that’s terrorism. What made normal, boring actually, twenty and thirtysomething year old gamers turn into, well let’s call it what it was, terrorists is a question we all need to answer, but it is probably the same reason kids use snapchat to post hateful videos instead of Youtube.

Not getting caught.

In both cases of Snapchat or #Gamergate, the offenders function behind a wall of protection from authority. For middle schoolers acting badly, it is really no different than any other time when mean girls said mean things when no teachers were around. With #Gamergate, we saw something very different. Grown adults behaving online in a way they never would in the real world. Many attribute this to the anonymous nature in which they gathered, communicated, and executed their “operations.”

Anonymity on the internet is an important thing if for no other reason than to understand how people act when functioning under the guise of anonymity. Dr. John Suler is a Professor of Psychology and has written on the subject of online behavior. In his paper The Online Disinhibition Effect, Suler argues that those on the internet are able to disconnect from their normal behaviors and can frequently do or say as they wish without fear of any kind of meaningful reprisal. An example being most Internet communities, even one such as Quora which uses real names. The worst kind of punishment an offender can expect for bad behavior is being banned from interaction. In practice, however, this serves little use; the person involved can usually circumvent the ban by simply registering another username and continuing the same behavior as before [8]. Suler calls this toxic disinhibition.

CB radio during the 1970s saw similar bad behavior:

Most of what you hear on CB radio is either tedious (truck drivers warning one another about speed traps) or banal (schoolgirls exchanging notes on homework), but at its occasional—and illegal—worst it sinks a pipeline to the depths of the American unconscious. Your ears are assaulted by the sound of racism at its most rampant, and by masturbation fantasies that are the aural equivalent of rape. The sleep of reason, to quote Goya’s phrase, brings forth monsters, and the anonymity of CB encourages the monsters to emerge.

Suler’s work was a brilliant synopsis, but we on the internet need a simplified version. “John Gabriel’s Greater Internet F***wad Theory” was a posted comic strip by Penny Arcade. The post regards reflects the unsocial tendencies of other internet users as described by the online disinhibition effect. Krahulik and Holkins, Penny Arcade’s creators suggest that, given both anonymity and an audience, an otherwise regular person becomes aggressively antisocial. [9]

How this relates to security is obvious to those who have experience it. The internet can feel like an unsafe place sometimes. The internet can be an unsafe place sometimes. Looking to the long term effects of bullying that are being better understood every day [10], sometimes I wonder if this place I’ve called a second home is a place I want my kids to play on. Most of us who are active on this playground understand this as the status quo, but in the future of internet security, the debate will center around the freedom to be private and the freedom to be anonymous. Many fear, given precedence, what may happen under this veil of anonymity. I can’t help but agree that his is a rational concern for many. Sometimes the internet comments go far beyond words or threats, which carry lasting psychological damage to some of the victims, but transforming to very legitimate real world threats. What this will mean for the future is that companies is deciding what kind of culture they want to deal with. For the internet to stay the internet we want to be on, we may see more companies adopt guidelines like Quora’s, with it’s real names policy and Be Nice Be Respectful Policy, a place where people feel welcome and safe to exchange and interact.

Movie Tropes and Military PTSD – Hollywood Needs to Start Getting This Right

Post Traumatic Stress Disorder for veterans of war isn’t a real disease. It’s a profitable movie trope.

Vets

This is going to be a very serious post. To be clear, Post Traumatic Stress Disorder (PTSD) is a disease that affects many veterans who have taken part in combat and even non-combat operations in warfare, as well as many civilians who have experienced fatal car accidents, work in emergency medicine, and many other people who have experiences which put them in stressful situations beyond the expectations of what a normal person should expect in their lifetime. The disease can affect the way people live their lives, resulting in follow-on social dysfunctional disorders, depression, and for some, result in suicide.

That said, to not dilute the level of frustration other veterans and myself feel, Hollywood is not treating this disease as a problem which deserves understanding and respect. They’ve turned it into a plot device to add drama and communicate a story they wish to tell, depicting their own biases towards the military, the wars they fight, or the politicians that sent them to this unfortunate fate, with the “innocent veteran victim” now serving as the medium for their message. Masked in a story about “the real heroes and the struggles they face” these narrative mechanics boil down to little more than money making engines and good publicity for film creators by exploiting people who want to identify with veterans and their needs, but can’t. We aren’t part of that world. So their best opportunity years after they decided not to serve, and now maybe don’t feel so good about that, is a two hour war movie which is billed as coming from their point of view.

Movies like the Hurt Locker and Brothers are the worst of these. They tell the story of how warfare will always leave people broken, charred remnants of what used to be happy and productive human beings. Please understand that most of us are just normal people. We went to war. Then we came home and did other things. We enjoy going to our jobs where we add valuable experience and promote cultures of work ethic. We enjoy running on the track with our dogs, and we enjoy spending evenings with our families watching How to Train Your Dragon 2 and playing Mario Kart or Skyrim. However, when I see people who have done the things I have done in movies, and see the way they are depicted as I live today, it really breaks my heart. I’ve experienced prejudice, fear, and even been denied opportunities because I was a veteran of Iraq. What’s more, millions more like me have suffered far worse. Many have faced social ostracism, been denied jobs, and accosted publically for their role in an unpopular war. I just want people to understand, if that sort of treatment happens to you, it would mess you up in the head. People need to feel appreciated, loved, or at least not hated for doing something which they did for all the right reasons. Forget that the war even happened to these people. If you were to be treated as many returning vets were and are still today, you would not come out of it psychologically for the better.

This isn’t just something that sucks. It has been shown to affect how often veterans are hired in civilian positions after leaving the military. Did you know that veterans are discriminated against in hiring decisions because of the assumption that veterans have PTSD and may bring violence to the workplace? It has actually been measured that because of the negative bias created by these types of media, military veterans suffer unfair stereotyping and bias in hiring practices. This phenomena began making headlines when USA Today put out an article calling attention to it. Often, managers will look at a resume and say that, “He went to Iraq? He probably has PTSD. He might one day snap and shoot up the office.” The veteran is not hired because of an unfair stereotype no more accurate or just than not hiring an African American or Latino man because he was probably at one time part of a gang. Recent studies have shown that while only 5-20% of combat vets have justified PTSD (about the same as civilians who have experienced car accidents or personal tragedy) it is assumed by many people that most veterans have the ailment. It is called PTSD bias and is most damaging among middle managers who don’t understand the disease.

Researchers from the Center for New American Security, a Washington, D.C.-based think tank, interviewed executives of 69 leading corporations, including Bank of America, Target, Wal-Mart, Procter and Gamble, and Raytheon. All said hiring veterans can be good for business, but more than half acknowledged harboring a negative image of veterans because of how popular media — from news coverage to films — portray PTSD. [1]

About one in three employers consider post-traumatic stress disorder to be an impediment to hiring a veteran, according to a survey report by the Society for Human Resource Management. [2]
This in spite of the fact that military veterans are less prone to violence than all the other population groups when matched with their own age cohorts [3] and that the presence of non-active duty veterans alone has prevented dozens of criminal acts including bank robberies, muggings, and even acts of terrorism [4]. Still though, veterans are considered potential risk factors by employers when work places say they won’t hire “our kind [5]” and continue to experience higher unemployment rates in spite of more training and more experience than other potential candidates [6].

Hopefully, this example will show that there is a link between the incorrect assumptions formed by media and actual real world civilian perceptions which are affecting veterans’ lives. Perhaps it isn’t that, though. Maybe all vets really do just suck. Well, maybe, but all anyone really has to do is watch the climactic ending to Brothers to understand that Hollywood is pushing an image of veterans that frightens people. Even if you’ve seen the movie, please watch this scene again to really get a feel for how frighteningly people like me are portrayed.

Look, movies have power. The words they say have power. The words said in movies echo over and over and over in the minds of people who see it. The specifics of a guy put into an impossible situation, (literally the premise of Brothers was beyond plausible) are lost as the audience over time forgets the details. Eventually they start to generalize, “it’s a movie about a guy who comes back from the war and is now crazy. As I said, it isn’t just “some guy who came back from the war.”  The “do you know what I did to come back to you?” reference in the clip was of a Marine Corps Captain captured and forced to murder another Marine by his terrorist captors  to buy himself more time in detention before he could be rescued. Anyone would be psychologically damaged from that, however it is a work of complete fiction. There are no stories like that of any actual people who came back from Iraq or Afghanistan. It is complete fiction for the point of adding drama, but that fact is lost. A few months later, people who watched the film only remember, “it’s a movie about a guy who comes back from the war and is now crazy.” When they see a vet a month after that, and find out he was in the war, what framework are they working under? Do you think they are aware that the only reference they had was a movie that wasn’t even possible, which also sort of aligns with vague news reports they weren’t really listening to about veterans and mental illness, and that they already have an incredibly loaded bias behind this person they are now talking to? As I said, it isn’t just, “some guy who came back from the war.” Brothers is a work of fiction, and no one should have to prove themselves against it, but now we do.

Even movies which got a lot right made this unnecessary tangent into depicting veterans as war ravaged husks. Consider the “unfortunate dog scene” from American Sniper.

That was unfortunate because, according to the book, nothing like that was ever mentioned. There was a situation where Kyle killed a dog, but not like the movie. In fact, not even in the United States. In the book American Sniper, on a night before one of Kyle’s overwatch missions, one where he considered his role to be providing security and ensuring the lives of Marines and fellow SEALs under him, there was a dog barking outside his tent. He warned the owner to shut up the dog. The dog kept barking. Deprived of sleep and needing to rest for his responsibilities the next day, he warned the owner again. The dog kept barking. Kyle shot the dog. Given that context, is that anything like what was depicted in the movie? Given the true context of being literally in the middle of a war, doesn’t that kind of sound like something a responsible person might do? Asking another question, what possible reason existed for adding the numerous hints that Chris Kyle had developed PTSD over his numerous tours in Iraq, all the while in spite of no real world evidence existing that the actual person depicted in the film ever had come under the hold of the disease? Was his life not good enough without the extra drama?

In a couple of  interviews [7][8], Clint Eastwood said that the film was meant to be “anti-war”.

“I just wonder . . . does this ever stop? And no, it doesn’t. So each time we get in these conflicts, it deserves a lot of thought before we go wading in or wading out. Going in or coming out. It needs a better thought process, I think.”

While the point is valid, the medium he used was to display a falsified narrative about Kyle, and by extension, all others like him who deployed to the war.

“the biggest antiwar statement any film” can make is to show “the fact of what [war] does to the family and the people who have to go back into civilian life like Chris Kyle did.”
While I agree in practice, I have a problem with Eastwood’s decision to use mental destabilization and broken families as the “facts” that “family and the people who have to go back into civilian life” go through. That sort of experience isn’t universal and it isn’t even common, despite what they say in the movies.

I’m sure from a perspective of cinematography these movies probably pushed the industry forward somehow, but as far as communicating one of the most important social issues of our time, not to mention an ongoing conflict at the time, they have failed miserably. Many have set veterans’ issues back ten years. If we look at how much actually is known about PTSD, much of it discovered through studying and counseling done for combatants of the Vietnam war, and the mysterious black hole of mystery surrounding it now, one might question if the narrative of “a disease we still know so little about,” has set us back even further.

I want people to look at it this way. We have seen LGBT rights and issues get a lot of press and people are now trying very hard to see things from their perspective. It’s not acceptable anymore to portray them as the wildly stereotypical, flamboyant clowns circa the era of Robin Williams’ The Birdcage. No matter your beliefs, (I actually think The Birdcage was meant to help them, somehow…) we all agree that they’re people who deserve respect and to be portrayed in a realistic manner. However, the veteran population is allowed to be portrayed in any manner in which the world pleases to fulfill their narrative, and ironically, is considered a violation of 1st Amendment privileges to argue the practice, where a modern release of The Birdcage might be considered something between criminally insensitive or even a hate crime. These veteran depictions vary from bloodthirsty murderers (Battle for Haditha), psychologically scarred societal dangers (Brothers), impossible killing machines, but incapable husbands while in (American Sniper) unstable love interests, addicted to pills (Parenthood), and everything about the Hurt Locker. In fact, the Hurt Locker was so hurtful to the soldier it was beyond a reasonable doubt depicting, that he sued the filmmakers for his portrayal. Even consider the movie Max, about a dog who goes to Iraq and develops Post Traumatic Stress Disorder. Even a freaking dog who goes to war will come back mentally damaged. Where does it end? What is the overriding theme that Hollywood movies and television are trying to present? Basically, once a person goes to war, he is from then on, on the cusp of losing control and murdering everyone around him if the door slams too loudly. That’s what people seem to think is happening. Now, why is it that I brought the LGBT stance into this? Because, frankly, veterans outnumber the estimated homosexual population in the United States by at least 2:1. Why is it that one group of so many people is allowed to be so egregiously stereotyped, when the others aren’t? Furthermore, being gay isn’t a choice, but serving is. Whether you agree with their mentality, or what they did or didn’t do, they chose to serve their nation, which includes many reading this, in the best way they knew how. They deserve more respect than to become plot devices to the profit of people who neither cared about them, nor bothered getting to know and understand them.

I’ll leave you with this, Hollywood has power. It has the substantial power to mold the way that the average person identifies with experiences they have never had. Unfortunately, we live in an age where fewer and fewer people serve in the military. This is true as a percentage of the population and in real terms. We have fewer members of the military today than we did prior to World War II, and when the United States itself is twice as large. For that reason, for many, the movies are the only place they will experience the military, its veterans, or the struggles they face. When movies collectively paint only on the lines of a particular damaging movie narrative, it has a drastic impact on the lives of those it is thoughtlessly depicting. And it isn’t just the Hurt Lockers and the Brothers responsible for this. It echoes in the “artwork” of people who know even less, but who use these same devices in a downward spiral of our depiction. Below is an excerpt from an “incredibly powerful” short film by a college student for Project Greenlight entitled The Present Trauma.

This hurts me to see, not for the message it is trying to tell, but for the abuse on the character of those same individuals. It’s images like this which make a friend of mine tell me that when her husband finally came from Iraq, her friends asked her, “Do you feel safe?” It’s a childish attempt to do some good, more for creators than for the subjects, through the obvious manipulation, veterans as victims clickbait, but actually slapping the face of the plain old vet sitting at home, wondering why no one will hire him. Of course, the echo shows up in darker forms, where we are nothing more than, to use the words of Muse, “Fucking Psychos”.
I can’t help but agree with the rage of one anonymous writer in his visceral reaction to the propaganda layden depiction of veterans in Muse’s Psycho. It’s disgusting, and against no other minority would this sort of ignorance, callousness, and blind hatred be acceptable. But to the military, it is. It hurts us. We feel the sting of words, and this hurts us. Of course, I doubt this filth would have ever seen the light of day if not for a particular idea being so prevalent in our culture … that veterans are fucking psychos, something Hollywood is, in my opinion, doing the most harm in causing and the least good fixing.

Wow… all of a sudden I understand why 22 veterans kill themselves every day. It had nothing to do with Iraq and Afghanistan. It’s coming home to a place that treats them like this.


Thanks for reading. Everything I write is independent research, meaning that I am supported completely by fan and follower assistance. If you enjoyed this post and would like to see more like it, follow JDT.  Please also show your support by visiting my support page here: Support Jon Davis creating A Military Sci-Fi Novel, Articles, and Essays.