Defending Intel Agencies & Agents (the same team)

From all the posts I have written so far this will likely be the most controversial, not because I am making fantastic claims or pushing someone's name in the mud but for doing the exact opposite (Defending them). So what exactly am I defending and why? Well lets start off with Snowden, when this event happened I wrote about how we need to secure data against internal attacks and malicious people or threat actors. Snowden has been celebrated as the most influential person that has "given" us "freedom" of information, but is this really the case? My opinion is no, while it is absolutely true that we need to have accountability, we can not drop all the defenses we have for the sake of "unauthorized" data disclosure. If a private person would have done this, they, he, Snowden would have gone to jail without one big headline. So maybe its time that someone actually defends the need for intelligence, the FBI, CIA, NSA's of the world. For lack of anyone else stepping up to this enormous plate, It looks like the least likely person qualified is doing that (me). So I will kick off this post by stating that I believe we are on the same team and I appreciate the work everyone does to make this place safer.

The world is no safe, happy place...

Many folks tend to forget that we live in a world of many cultures, religions, ways of doing business and the customs that are associated with them. When you are like me (for better or worse) you tend to travel extensively and really see a lot of the world. Its an eye opener to be sure, once we remove ourselves from the equation you start to think about what is really going on and how do we manage to detect the really nasty stuff before people get hurt or worse, they die. This gathering of data is a constant battle between, freedom of information and defending against threats without informing them that we know who they are and what they are up to. This aspect of finding a balance of information collection and privacy (I believe) is the defining challenge of our future. It is something that Snowden has not helped to resolve. We have seen many examples in the last few years of things going awry in the intelligence sector and how there is no real governance of private security companies that sell software and hardware to any and everyone with a thirst for information. The lack of private sector "cyber" security companies governance has global implications (just think about all the malware based on the Hacking Team hack recently). The "cyber" aspects of war, espionage and crime are inseparably linked to each other because cyber crime is a flourishing business, as are the others. Examples of private companies selling spyware is still vivid in our minds (i.e. Hacking Team, FinFisher, AGT, etc.). The challenges are bigger that most people really think or recognize. I looked at the leaked data, talked about how this technology can be used in "hybrid warfare" but what I also talked about is how this tech does find its way into cyber crime. This effects us all and there are many reasons for this, again Snowden has not made my job easier.

Intelligence Services, Agencies, etc. Why?

Why do we need intelligence agencies like the CIA, NSA, GCHQ, etc? Well we can start off by saying the world is not perfect, its not full of people who are ALL good and have the planet's best interests in mind. Its normal (to an extent) because this is also an ego based human nature issue that is deeply embedded in all of us. We have not developed far enough as a species to realize that if we all got along, we would have reached the far ends of this universe in space travel capable vessels ages ago or solved many seemly unsolvable problems . So we need agencies, law enforcement and intelligence services simply because others have the same thing, everyone spies, everyone has spies. So whats the point discussing this if everyone is doing the same thing? There is no good reason to question something everyone is doing because we, I can not change human nature (unless everyone does the same thing). So maybe we should start by looking at what people do in these services and what they give up to do that, shouldn't we? Is it not humane to at least thing about, maybe even thank the people that believe they are defending me and you against some of those threats? I think so. I certainly am tired of always being called a cyber criminal when all I am doing is helping people defend what they love against attackers and breaches. If I really think about it we are actually on the same team in many aspects. I (we) defend corporations and people against cyber attacks, I(we) teach, spread awareness about how to defend against those bad folks. So am I really different than an agent that protects attacks against HVTs or a principle? No, not really. Both need to handle information carefully, both are open to misunderstanding, attacks and live somewhat paranoid lives. One really big thing in my opinion is ethical beliefs. I would imagine that my fellow researchers and agents have similar discussions about the stuff we see, dealing with really big dangerous threats and also deciding to do the right thing every day even though we have access to tools, information and data that could easily be used for self gain or financial gains. But we don't. If you think about how much money we make and the responsibility then we don't even have to get started about that. Its easy to see how much an agent earns because that data is publicly available. I wonder if anyone ever bothered to look it up.... Likely not... Just like some of the day rates we security researchers have to accept in order to pay bills, get our family some presents, take the kids to the movies, etc. Hmm, interesting isn't it?

Conclusion

So the security community and agencies do work on some of the same things (threats) but also have a few differences. We both handle technology and information that can be used for good or evil. We both have to (sometimes) struggle with decisions about how to handle very sensitive data. We can not usually talk to family, friends or others not involved in the projects or tasks we are working on or about what we do. It is tough and hard work especially if you can not always talk about what you are doing, or how insecure many systems and companies are. Where the differences are (I believe) is that there are simply going to be areas that have to stay secret for nation or global security reasons. Sometimes having the capability to know what your enemy is doing should not be explained to the public. I can just hear the WTH's so let me explain. If I am looking at a target and can collect data or information on what they are doing then I don't want them to know this. Why? Well if someone knows I know what, how, where and who they are don't you think they will change things? Sure, I would. So the biggest challenge I believe is how do we protect while still being controllable, responsible for our actions (bulk data collection) and subject to governance. Its no easy fix to say the least. If I can help defend partners, customers and the nation, I would and will. I know many others feel the same way. What I hope we can do is find some governance and a balance that can help everyone concentrate on what we do best. 

So to conclude this short post I just wanted to thank all those folks that work globally and locally to protect critical infrastructure, nations, businesses, people and data from enemies (in the community, research, academia and national security as well as law enforcement). I appreciate the help, support and discussions we have had so far and that we will have.

God Bless, Happy Halloween and enjoy the time off. 

If you would like to discuss this, I welcome any positive feedback. If you want to troll, I won't answer back. You see I have to get my project work done, its Saturday after all and Halloween...

1D10T