Sunday 16 August 2009

Torture, Learned Helplessness, Psyhological Trauma and the CIA

Illuminati Killer Robots reveals::
I have been researching the self-inflicted affects of torture on the human soul and i came across this article by David Dobbs who was writing about Dr Vaughn Bell's comments relating to the psychological impact of torture and the results of "learned helplessness". My interest in his article was particularly acute when he introduced the notion that depression is really the result of a process of "learned helplessness". Having suffered years of "self-torture" where my mind constantly remined me I was just about to die, which finally ended in a complete emotional and intellectual breakdown, i really can see the similarities between a largely self-imposed torture by the ego and the torture administered by the CIA.

Here is the article.
Amid my flu frenzy I missed Vaughn Bell's excellent consideration of CIA psychology through the declassified memos:
I've been reading the recently released CIA memos on the interrogation of 'war on terror' detainees. The memos make clear that the psychological impact of the process is the most important aim of interrogation, from the moment the detainee is captured through the various phases of interrogation.
Although disturbing, they're interesting for what they reveal about the CIA's psychologists and their approach to interrogation.
As Vaughn notes,
A couple of the memos note that the whole interrogation procedure and environment is designed "to create a state of 'learned helplessness'.. This is a concept originally developed by psychologist Martin Seligman who found that dogs given inescapable electric shocks would eventually just give up trying to avoid them and remain passive while electrocuted. The theory was related to depression where people with no control over their unpleasant lives supposedly just learnt to be withdrawn and passive.
Vaughn points out that while the concept is not particularly well validated, "if it was and you were an interrogator, you'd want to avoid learned helplessness at all costs, because the detainee would see no point in co-operating."
I'd add another point: Some studies have shown "learned helplessness" to be an apt model for major depression from both a behavioural and even a neurological perspective. In a sense, then, to intentionally produce it in someone by causing them pain and distress in a situation they are powerless to change is to inflict on them a mental illness.

You can argue that depression is not a mental illness (i'd argue back). But the point here is that the prevailing medical view is that depression is a mental illness, and that it may be defined (among other ways) as a state of learned helplessness, despondency, and hopelessness. It follows that intentionally producing that state through torture is to intentionally make someone quite ill. And regardless of the ridiculous arguments over whether waterboarding and beating and hanging by the arms for days is torture, the act of making intentionally making someone sick -- indeed, seeking to give them an illness known to carry a risk of death (by suicide) -- would seem rather not okay.

Wednesday 12 August 2009

Hacker Intelligence: You have 3 Choices in Hacker Life.

Illuminati Killer Robots Reports:
I listened to this person explain the concept and feeling of enlightenment.

After I finished hearing it, I understood that there were three paths I could follow.

1. I could sit in a cupboard all day and do nothing. Because being enlightened is a place where there is no concept of anything. Just an awareness. So sitting doing nothing is what I could do.

2. I could live life "IN" the "CONTENT" of life - through the imagination.

3. I could dart between Enlightenment and Content.

I chose number 3, because there is not enough action in Enlightenment.

Chuvakin wades in on 'so called' Security Experts.

Illuminati Killer Robots Reports: Ok, in the spirit of disruptive naughtiness I thought that I'd publish this report by Anton A. Chuvakin Phd considering the Myth of the Security Expert. 

Whilst I don't necessarily agree in what he says about "how security experts must be accorded authority and status by their peers or the public in order to be credible", I do agree with him that security experts should try to develop their careers around one particular area of specialism. 

I also understand the dilemma that security people face where clients expect generalist all round knowhow. My own advice being for security people to develop a broad perspective on the security and intelligence world, but concentrate more acutely down one particular line. Anyways, here is Anton's report. In the future, it will become clear why I am writing this... For now, please treat this as some random analysis of our profession as well as of the dreaded definition of “a security expert.” Some might say it is a rant, but I prefer to tag it as “musings.”

Lately I’ve run into too many people who [claim to] “know security” or are [claim to be] “security experts.” Now, as some of you recall, I used to do theoretical particle physics before I came to information security. In my physics days, I’d be pretty shocked if I were to meet a colleague in the hallways of the C.N. Yang Institute for Theoretical Physics who would self-identify as “a scientist” or, for that matter, even as “a physicist.” It is overwhelmingly more likely that he would say “quantum chromodynamics” or “lepton number violation in electroweak gauge theories” or “self-ionization of the vacuum” or some such fun thing :-) However, as we all know, some folks in our industry have no shame introducing themselves to a colleague as “security experts.”

So, you are “a security expert.” Awesome, happy to hear it! Please let me know whether you are Case A or Case B.

Case A: you know more than an average person on the street about every single area (or many, many areas) of information security: from ISO27001 to secure coding in Ruby?

or

Case B: you know more than your peers in security about one particular area (or a few areas) of information security: log management, Java security code review, penetration testing, NIDS/NIPS rule creation, firewall management, wireless scanning, etc?

Let’s see which one is consistent with how people in other professions define “expertise.” The obvious start is Wikipedia. As of today, http://en.wikipedia.org/wiki/Expert entry says:

“An expert is someone widely recognized as a reliable source of technique or skill whose faculty for judging or deciding rightly, justly, or wisely is accorded authority and status by their peers or the public in a specific well distinguished domain. An expert, more generally, is a person with extensive knowledge or ability in a particular area of study.”

Other sources (such as Google “define:expert”) present similar results; expert can only be an expert in a specific narrow area.

Now, notice that the farther you are from a certain area, the more it seems like a narrow one (example: “science” to a average janitor is a narrow area). On the contrary, the deeper you are inside a particular area , the more it seems like a wide area (example: “brain tumor surgery” to a neurosurgeon is a broad area or “quantum gravity” to a physicist).

Despite such relativism, other professions somehow managed to converge on their definitions of “an expert.” After all, you don’t get to “enjoy” a neurosurgery from somebody who “knows more about medicine than an average layperson.” However, as we all know, many organizations “enjoy” having their NIDS tuned by a just-hired CISSP (aka proof of being “a light-year wide and a nanometer deep” in security :-)). What’s up with that?

I think this has a lot to do with the fact that the area of security is too new and too fuzzy. However, my point here is that a little common sense goes a long way even at this stage of our industry development. In light of this, next time you meet “a security expert,” ask him what is his area of expertise. If the answer is “security”, run! :-)

Finally, career advice for those new to information security: don’t be a generalist. If you have to be a security generalist, be a “generalist specialist;” namely, know a bit about everything PLUS know a lot about something OR know a lot about “several somethings.” If you ONLY know “a bit about everything,” you’d probably die hungry...

http://chuvakin.blogspot.com/2009/08/myth-of-expert-generalist.html

http://www.chuvakin.org/

Monday 10 August 2009

Defense Department eyes hacker Defcon for more Gary Mckinnon's

Illuminati Killer Robots reveals: We thought this report by IDG News was very ironic in more ways than one. The US Air Force are recruiting hackers at the same time as attempting to extradite Gary Mckinnon for acts of a similar nature. Perhaps the intelligence agencies have finally realised that a lot of these guys do want to help and that guys like Gary Mckinnon are better off being listened to rather than abused. Here is the report. The Air Force recruited 60 at last year's hacker conference; this year it's back for more. The U.S. Air Force has found an unlikely source of new recruits: The yearly Defcon hacking conference, which runs Thursday through Sunday in Las Vegas. Col. Michael Convertino came to Defcon for the first time last year, and after finding about 60 good candidates for both enlisted and civilian positions decided to come back again. "The principal reason that I'm here is to recruit," said Convertino, commander of the U.S. Air Force's 318th Information Operations Group, speaking Thursday during a panel discussion at Defcon's sister conference, Black Hat. "We have many empty jobs, empty slots that we can't fill." Federal agencies have only recently begun embracing the hacker crowd. When U.S. Department of Defense (DoD) director of futures exploration Jim Christy hosted his first Defcon "Meet the Fed" panel on 1999, he was one of two people onstage. At this week's Defcon, there may be several thousand federal employees in attendance, he said. Federal government employees first started coming to Defcon to get information and build relationships from the hacker community, Christy said during an interview, but now it is becoming more acceptable to find new recruits at the show, despite its reputation as a subversive hacking conference. "The character of Defcon has changed over the years," he said in an interview. "Ninety-five percent of the people here are good guys." And federal agencies have changed too, particularly since the terrorist attacks of Sept. 11, 2001, said Linton Wells II, the former CIO of the U.S. Department of Defense (DoD), now a research professor with the National Defense University in Washington D.C. "The federal government has engaged with a lot of people they wouldn't have even talked to before 9/11," he said. Christy expects that a couple of hundred of this year's attendees will be recruited by federal agencies, but no one is recruiting more aggressively than the Air Force. "The Air Force has always been the leader in this area," he said. Convertino's efforts reflect a government-wide effort to step up cyber-security recruiting. On Monday, the DoD co-sponsored an effort to recruit 10,000 young computer through a series of cyber-contests, known as the U.S. Cyber Challenge In an interview, Convertino said that by next year many of his recruits will have completed the hiring process and will be able to attend the conference and encourage others to enlist. The federal government has long had a hard time attracting and keeping top computer security talent, even at the very top. Although the Obama administration created a new high level cyber security advisor position earlier this year, it remains unfilled. According to a Forbes Magazine report, the job has already been turned down by several qualified candidates. Cyber-security is becoming a hot-button issue, which means more congressional interference, and for people in the field more time spent responding to political pressures instead of real security threats. The recruitment process is long and tedious -- obtaining a security clearance can take 18 months -- and the pay is generally lower than in the private sector. But the challenges are unique and at Defcon this week the DoD's chief security officer made a recruiting pitch to attendees, describing it as a place where geeks could develop world-class cyber security skills. "I have never seen in my entire career a more concerted effort.... to focus on this are area of education, training and awareness," CSO Robert Lentz told conference attendees. "Any one of you in this room who want to seek positions in the government…. the opportunities are there; the resources are there. " There might be one other reason why a government job could appeal to Defcon attendees. The feds like to talk about developing cyber-security capabilities to protect the nation's infrastructure, but they may also be spending time at Defcon looking for people who know how to attack systems as well, said Mikko Hypponen, chief research officer with security vendor F-Secure. "If you want people who know how to attack, this is the place." The IDG News Service is a Network World affiliate. http://www.networkworld.com/news/2009/080109-defense-deparment-eyes-hacker-con.html

Monday 3 August 2009

Boris Johnson in the Telegraph on Gary Mckinnon

Illuminati Killer Robots reveals:: Boris Johnson writes in the Telegraph http://www.telegraph.co.uk/comment/columnists/borisjohnson/5963698/Stop-passing-the-buck-on-Gary-McKinnon-and-let-British-common-sense-prevail.html Since it is now obvious that the British state is about to commit one of the most protoplasmic acts of self-abasement since Suez, and since the clock is now ticking to the moment when Gary McKinnon, 43, will be taken from his home in north London and put – if necessary by force – on a plane to America, it is time to pose the question everyone seems to have ignored. Leave aside, for a moment, the morality of exporting the Asperger’s sufferer for trial in America. Can I ask, what is the point of having a trial at all? I simply do not understand what proposition is to be so expensively tested in this American courtroom. Gary McKinnon is accused of hacking into American military computers. He is charged with roaming around the cyberspace of the Pentagon, and leaving such insulting spoor as “your security is cr-p”. He is accused of guessing passwords, and trying to view secret photos of unidentified flying objects in Nasa databanks. All this will be put to him in court by some brace-twanging prosecution counsel, as though it were the crux of the matter. And yet Mr McKinnon has never denied it. He has always said that he hacked into American military computers, and that is because he earnestly believes that there is a conspiracy between Uncle Sam and Big Oil to cover up the interception of alien craft that are running on some kind of renewable energy. For all I know he may be right. It might just be that the Vulcans have discovered some way of making cucumbers from moonbeams, and then boiling those cucumbers up into bioethanol. It may be that he is right in thinking that alien life forms did land at Roswell. It may be that the securocrats of the Pentagon have for decades been concealing the fact that Elvis is alive and well, and living on Mars. If the trial were to get to the bottom of that or any other big UFO mystery, then it might be worth the admission. But, of course, the trial turns on no such question. The only point to be proven is whether or not Gary McKinnon did the hacking, and on that there is no doubt. He says he did. He says it freely. So the only questions remaining are: whether his actions constitute a crime that deserves the seven-year torture of the extradition process, whether he deserves the possibility of a 60-year jail sentence, and whether the British authorities are right to be engaged in this dog-like grovelling to America. To all those questions the answer must be an emphatic no. I do not believe for a moment that the Pentagon and Nasa sustained half a million pounds’ worth of damage to their systems, as they bleatingly allege. But even if it were true, Gary McKinnon has performed a service that must be rated cheap at the price. He may be a crank, but then he is certainly no terrorist. He may believe in little green men, but he was not operating as a fifth columnist on behalf of these Venusians. He was not trying to cripple American defences in preparation for an assault from outer space. He was simply following up a weird intuition that UFOs exist, with all the compulsiveness that he has exhibited since he was a child. In so doing, he has generously helped America to prepare against attack from a more sinister foe. If it was so ludicrously easy to penetrate these encryptions, then what could al-Qaeda have done? Just imagine if America’s defence establishment had commissioned IT consultants to probe their systems as exhaustively as Gary McKinnon. The contract would have been worth far more than £500,000. McKinnon did it without charge, sitting up all the night, hardly eating, smoking heavily and spending so long tap-tapping in his dressing gown that his girlfriend gave up on him. The Americans shouldn’t be threatening him with jail. They should be offering him consultancy. Even if you still believe – and I don’t – that there was some element of malice in his actions, that does not make him a fit person to be sent for trial and incarceration in America. The diagnosis of Asperger’s has been confirmed by the world’s leading expert in the field, Simon Baron-Cohen. He says that if this dreamer were to find himself in prison, there is a risk that he would take his own life. This 2003 extradition treaty – supposedly aimed at al-Qaeda – has caught the wrong man in its gin. My objection is not that the treaty is lopsided, though of course it is. The crucial point is that Gary McKinnon is not some smooth-talking banker accused of fraud, nor is he a terrorist. He is a classic British nutjob, who passionately believes something that is irrational but cannot be easily controverted, and he is a prime candidate for the protection of the Government. In a tortuous apologia for his decision to extradite, the Home Secretary yesterday wrote – as if it were a good thing – that “one of the most important features of the 2003 Act was the deliberate removal of any discretion the Home Secretary may have in relation to extradition”. On this account, we may wonder why we have elected politicians at all. On this account, the treaty is like a kind of computer-assisted catapult that pings people across the Atlantic whenever the Americans require. In reality, the Home Office has no such excuse. It could easily have decided, on humanitarian grounds, that the extradition should not go ahead. The High Court has merely confirmed that its decision to ignore common sense and decency was not, in itself, illegal. It was just immoral. I can identify at least one mysterious flying object over the skies of London, and that is the buck being passed, at high speed, by the Home Secretary. Not since the waters retired from the face of the earth has there been such a display of blob-like invertebracy in Whitehall. Let us hope that a British court will have the courage in the next few days to stop this madness, shame the Government, and prevent the martyrdom of a harmless eccentric.