Blog

  • Propaganda

    posted by Keito
    2012-09-29 18:23:18
  • Controlling Powers

    posted by Keito
    2012-09-29 17:27:22
  • Class War

    posted by Keito
    2012-09-29 17:24:10
  • Calling U.S. Drone Strikes 'Surgical' Is Orwellian Propaganda

    posted by Keito
    2012-09-29 17:05:05
    'A moment's reflection is enough to understand why intellectually honest people should shun the loaded metaphor.


    The Obama Administration deliberately uses the word "surgical" to describe its drone strikes. Official White House spokesman Jay Carney marshaled the medical metaphor here, saying that "a hallmark of our counterterrorism efforts has been our ability to be exceptionally precise, exceptionally surgical and exceptionally targeted." White House counterterrorism adviser John Brennan attributed "surgical precision" and "laser-like focus" to the drone program. He also spoke of "delivering targeted, surgical pressure to the groups that threaten us." And a "senior administration official" told The Washington Post that "there is still a very firm emphasis on being surgical and targeting only those who have a direct interest in attacking the United States."

    They've successfully transplanted the term into public discourse about drones.

    I've been told American drone strikes are "surgical" while attending Aspen Ideas Festival panels, interviewing delegates at the Democratic National Convention, and perusing reader emails after every time I write about the innocents killed and maimed in Pakistan, Yemen, and elsewhere.

    It is a triumph of propaganda.

    The inaccuracy of the claim fully occurred to me as I played back a recent interview I conducted with Peter W. Singer of the Brookings Institution. (His book Wired for War is a fascinating read.) "You used to measure a surgeon by how still could he hold his hand," Singer told me. "How precise could he make the cut? Well, robotic systems, it isn't a matter of shaking at minute levels. It doesn't shake. You are amazed by a surgeon doing a cut that is millimeters in precision. With robotics it is in nanometers." He was explaining why unmanned systems make sense in a variety of fields, not commenting on the Obama Administration's rhetoric in its ongoing, multi-country drone war.

    But that is how we think of surgeons, isn't it?

    They use a scalpel. Their cuts are precise down to the millimeter. Once in a great while there is a slip of the knife, a catastrophic mistake. In those cases, the surgeon is held accountable and the victim lavishly compensated. Oh, and there's one more thing about surgical procedures: While the person being cut into is occasionally victimized by a mistake, there is never a case where the scalpel is guided so imprecisely that it kills the dozen people standing around the operating table. For that reason, orderlies and family members don't cower in hospital halls terrified that a surgeon is going to arbitrarily kill them. And if he did, he'd be arrested for murder.

    So no, drone strikes aren't like surgery at all.

    "As much as the military has tried to make drone pilots feel as if they are sitting in a cockpit, they are still flying a plane from a screen with a narrow field of vision," Mark Mazzetti reports. "Then there is the fact that the movement shown on a drone pilot's video screen has over the years been seconds behind what the drone sees -- a delay caused by the time it takes to bounce a signal off a satellite in space. This problem, called 'latency,' has long bedeviled drone pilots, making it difficult to hit a moving target." That's one more way drones strikes are unlike surgery.

    Are they "surgical" compared to an H-bomb?

    Er, no, they're less destructive and more precise. To conjure a surgeon with a knife is to lead the listener astray. And it is a downright dishonest metaphor when invoked by an administration that could make their strikes more like surgery but doesn't. For example, the Obama Administration could make certain of the identity of the people it is "operating on." Instead it sometimes uses "signature strikes," wherein the CIA doesn't even know the identity of the people it is killing. It could also attempt autopsies, literal or figurative, when things go wrong. Instead, it presumes sans evidence that all military-aged males killed in drone strikes are "militants."

    Said George Orwell in 1946:

    In our time, political speech and writing are largely the defense of the indefensible. Things like the continuance of British rule in India, the Russian purges and deportations, the dropping of the atom bombs on Japan, can indeed be defended, but only by arguments which are too brutal for most people to face, and which do not square with the professed aims of the political parties. Thus political language has to consist largely of euphemism, question-begging and sheer cloudy vagueness. Defenseless villages are bombarded from the air, the inhabitants driven out into the countryside, the cattle machine-gunned, the huts set on fire with incendiary bullets: this is called pacification. Millions of peasants are robbed of their farms and sent trudging along the roads with no more than they can carry: this is called transfer of population or rectification of frontiers. People are imprisoned for years without trial, or shot in the back of the neck or sent to die of scurvy in Arctic lumber camps: this is called elimination of unreliable elements. Such phraseology is needed if one wants to name things without calling up mental pictures of them.

    The phrase "surgical drone strike" is handy for naming U.S. actions without calling up images of dead, limb-torn innocents with flesh scorched from the missile that destroyed the home where they slept or burned up the car in which they rode. The New America Foundation, which systematically undercounts these innocents, says there have been at least 152 and many as 192 killed since 2004. The Bureau of Investigative Journalism puts the civilian death figure at between 474 and 881 killed. Either way, would "surgical" strikes kill innocents on that scale in a region with just 2 percent of Pakistan's population? Using data that undercounts innocents killed, The New America Foundation reports that 85 percent of Pakistanis killed in drone strikes are "militants," while 15 percent are civilians or unknown. What do you think would happen to a surgeon that accidentally killed 15 in 100 patients? Would colleagues would call him "surgical" in his precision?

    Unlike the Democratic politicians and former Obama Administration officials I heard speak in Aspen, retired Brigadier General Craig Nixon didn't say that American drone strikes were surgical.

    He was asked to explain how a farmer was accidentally killed.

    And he used a different metaphor when recounting his field experience:

    A drone or another intelligence device is sorta like being at a football game sitting on the 50-yard line and looking through a soda straw. I mean you see what you see. But there's a lot of other context that you don't see.

    As technology improves, he said, it's a little better, like looking through multiple straws, but there's still a lot of missing context.

    It's a very different image than a "surgical drone strike," isn't it?
  • Hackers Breached Adobe Server in Order to Sign Their Malware

    posted by Keito
    2012-09-29 17:01:17
    'The ongoing security saga involving digital certificates got a new and disturbing wrinkle on Thursday when software giant Adobe announced that attackers breached its code-signing system and used it to sign their malware with a valid digital certificate from Adobe.

    Adobe said the attackers signed at least two malicious utility programs with the valid Adobe certificate. The company traced the problem to a compromised build server that had the ability to get code approved from the company’s code-signing system.

    Adobe said it was revoking the certificate and planned to issue new certificates for legitimate Adobe products that were also signed with the same certificate, wrote Brad Arkin, senior director of product security and privacy for Adobe, in a blog post.

    “This only affects the Adobe software signed with the impacted certificate that runs on the Windows platform and three Adobe AIR applications that run on both Windows and Macintosh,” Arkin wrote. “The revocation does not impact any other Adobe software for Macintosh or other platforms.”

    The three affected applications are Adobe Muse, Adobe Story AIR applications, and Acrobat.com desktop services.

    The company said it had good reason to believe the signed malware wasn’t a threat to the general population, and that the two malicious programs signed with the certificate are generally used for targeted, rather than broad-based, attacks.

    Arkin identified the two pieces of malware signed with the Adobe certificate as “pwdump7 v7.1″ and “myGeeksmail.dll.” He said that the company passed them on to anti-virus companies and other security firms so that they could write signatures to detect the malware and protect their customers, according to the post.

    Adobe didn’t say when the breach occurred, but noted that it was re-issuing certificates for code that was signed with the compromised signing key after July 10, 2012. Also, a security advisory the company released with its announcement showed that the two malicious programs were signed on July 26 of this year. Adobe spokeswoman Liebke Lips told Wired that the company first learned of the issue when it received samples of the two malicious programs from an unnamed party on the evening of Sept. 12. The company then immediately began the process of deactivating and revoking the certificate.

    The company said the certificate will be re-issued on Oct. 4, but didn’t explain why it would take that long.

    Digital certificates are a core part of the trust that exists between software makers and their users. Software vendors sign their code with digital certificates so that computers recognize a program as legitimate code from a trusted source. An attacker who can sign their malware with a valid certificate can slip past protective barriers that prevent unsigned software from installing automatically on a machine.

    Revoking the certificate should prevent the signed rogue code from installing without a warning.

    Stuxnet, a sophisticated piece of malware that was designed to sabotage Iran’s nuclear program, was the first malicious code discovered in the wild to be using a valid digital certificate. In that case the attackers – believed to have been working for the U.S. and Israel – stole digital certificates from two companies in Taiwan to sign part of their code.

    Adobe said that it stored its private keys for signing certificates in a hardware security module and had strict procedures in place for signing code. The intruders breached a build server that had access to the signing system and were able to sign their malicious programs in that way.

    In addition to concerns about the compromised certificate, the breach of the build server raises concerns about the security of Adobe’s source code, which might have been accessible to the attackers. But Arkin wrote that the compromised build server had access to source code for only one Adobe product. The company did not identify the product but said that it was not the Flash Player, Adobe Reader, Shockwave Player or Adobe AIR. Arkin wrote that investigators found no evidence that the intruders had changed source code and that “there is no evidence to date that any source code was stolen.”

    Questions about the security of Adobe’s source code came up earlier this month after Symantec released a report about a group of hackers who broke into servers belonging to Google and 33 other companies in 2010. The attackers were after source code for the companies. Adobe was hacked around the same time, but has never indicated if the same attackers that hit Google were responsible for hacking them.

    Symantec found evidence that the attackers who struck Google had developed and used an unusually large number of zero-day exploits in subsequent attacks against other companies. The attackers used eight zero-day exploits, five of which were for Adobe’s Flash Player. Symantec said in its report that such a large number of zero-days suggested that the attackers might have gained access to Adobe’s source code. But Arkin insisted at the time that no Adobe software had been stolen.

    “We are not aware of any evidence (direct or circumstantial) indicating bad guys have [source code],” he told Wired at the time.'

    http://www.wired.com/threatlevel/2012/09/adobe-digital-cert-hacked/