Terrorist Outrage >> Media Reaction >> CyberSecurity Knee Jerk ...


As soon as any network security, cyber security or technology expert writes in the wake of any atrocity there is a temptation to overstate a view in the hope that your opinion may be the fact that turns out to be true.

A week later, it may appear that the terrorists may have been more low tech than anticipated - which does beg other questions about surveillance. However this is not the point I wish to raise.

It is too easy to write an opinion article and join in the media reaction to what is clearly a major tragedy. Even media analysts admit that the western bias of many news organs miss out on the fact that there are other attacks taking place around the world, especially in the middle east. There is no single source, this is a multi-faceted issue, with multiple individuals, each with their own ideologies and capabilities.

While surveillance is an interesting tool and via open media channels information can be harvested - the sheer volume of data encrypted and unencrypted does not mean that a single terrorist communication can be discovered. It would be great to have the computing capacity - but the reality relies on detective work, informed intelligence from other sources and a directed approach towards individuals that may be considered interesting by the intelligence services.

Even then, lets assume that they are using an encrypted means of communication - which has a back door exposed to our security services. They need to understand if any messages sent have any meaning.

My Son (now 23) educated me around eight years ago in how a subversive cell could undermine the watchful eye of state censored technology. Okay it wasn't that interesting, he was 15 and like many children in the UK, used a school network that would flag any inappropriate communication and web sites. So naughty sweary words would be flagged and network technicians would take pleasure barring this puberty ridden clan.

Willing to rebel against this oppressive regime (in their opinion) - his mates all contrived a newspeak of their own making. Transliterating and misspelling many interesting naughty words. I will leave the lingo to your imagination - it wasn't refined and you may guess what the meaning of mayonnaise is.

I was more impressed than appalled - admiring the ingenuity of these young minds.

If someone or a group of souls are looking to subvert national security and communicate illicitly across a monitored system. Unless there is clear professional trade craft combined with cyber security skills - mass surveillance is going to do diddly. Large volumes of data may be harvested - every website we visit may be logged for one year - but if I agree a communication convention that is innocuous and in plain sight. Then what good will that do.

Dear Media, do shush, dear cyber security experts and politicians, do shush as well - let us be more tactical and rely on some considerably old fashioned means of analysis.





Comments

Popular posts from this blog

If airlines offer in-flight Wi-Fi, they should invest in an extra black box for security ...

Wikipedia editors never walk alone: Hillsborough changes can be traced ... from @ConversationUK

Highlights and lowlights of 2014, a golden year for cybercrime from @ConversationUK