Today's news story (and a myriad of infosec lessons) is how the acolytes of the strongest leader of the strongest world superpower accidentally texted Super-Duper-Top-Secret level military plans to a reporter that they didn't particularly like.
(Lesson one: this is why we *have* information classification rules.)
The reporter in question (actually, a bit *more* than a reporter) said he had never seen a breach quite like this.
Well, I have. Not in national or international security terms, of course. We have all had those "oopsies" of doing a reply-all when we just meant to reply, or using autocomplete on an address line, and not reading the autocompleted address carefully. (AI is *not* yet ready for prime time, and I *still* haven't seen anyone successfully implement the DWIM [Do What I Mean] opcode yet.)
But this was a little bit more than that. So, I suppose it is time to tell the story of one of the worst kept secrets in the field of information security.
Over the years, a number of us in the field have grown to love to hate a particular organization in our profession. At the time of this story, that loathing had only reached the point of a slight annoyance. But there was a growing coolness between those of us in the field, and those at "head office." We were pretty open about it, on one of the communications channels. If a decision from "head office" irked us, some of us were pretty vocal about it. (Hmmmm. What's the word for being "vocal" about something, when it's a text-only chat channel?)
I can't recall the particular bone-headed decision from "head office" that precipitated it (although it was related to "head office" not being particularly responsive to those of us who were paying membership fees). But, as usual, a select (and vocal) (libral?) few of us sounded off. And were, on this occasion, joined by others who normally remained silent. So, one of the staff at "head office" sent a private email to another member of staff at "head office," noting that there were rumblings of discontent on the communications forum, and that the decision, being more than usually bone-headed, meant that "I'm seeing comments from people that aren't the usual suspects."
Except that it *wasn't* sent via private email.
It was addressed to the communications forum. And occasioned quite the furor. And no little comment, and questions, about who "the usual suspects" were (and why "head office" referred to them that way).
At the time, I had amused myself by creating, on the platform that hosted the forum, other mailing lists named for various debates that came up in the main forum. So, of course, I immediately created a "usual suspects" mailing list. I was pretty sure that I was a usual suspect, so I started inviting others whom I suspected of being suspect. The size of the group waxed and waned over the years, but some of us still meet to this day.
(Actually, the forerunners of the "usual suspects" were the "LARA nodes," referred to that way as a joke about how prolifically they posted, and referring to early [and simplistic] forms of chatbots. The "LARA" nodes were originally Les, Anton, Rob, and Axel. There may be some irony in the fact that, currently, an emphasis in my research and written is noting the characteristic flaws of the large language models of generative AI, and their weaknesses and failures in hallucinations, graphics, and the banality of their writing products.)
Introduction and ToC: https://fibrecookery.blogspot.com/2023/10/mgg-introduction.html
No comments:
Post a Comment