Inside Cyber Warfare - Jeffrey Carr [59]
Hostile armies may face each other for years, striving for the victory which is decided in a single day. This being so, to remain in ignorance of the enemy’s condition simply because one grudges the outlay of a hundred ounces of silver in honors and emoluments, is the height of inhumanity.
One who acts thus is no leader of men, no present help to his sovereign, no master of victory.
Thus, what enables the wise sovereign and the good general to strike and conquer, and achieve things beyond the reach of ordinary men, is foreknowledge.
Now this foreknowledge cannot be elicited from spirits; it cannot be obtained inductively from experience nor by any deductive calculation.
Knowledge of the enemy’s dispositions can only be obtained from other men. Hence the use of spies, of whom there are five classes: (1) Local spies; (2) inward spies; (3) converted spies; (4) doomed spies; (5) surviving spies.
When these five kinds of spy are all at work, none can discover the secret system. This is called “divine manipulation of the threads.” It is the sovereign’s most precious faculty.
An effective cyber intelligence operation must include the use of espionage and covert surveillance inside the hacker criminal underground as well as nationalistic youth organizations. This is a very broad arena that allows for any number of imaginative approaches, but one thing that is critical, and is a major stumbling block to many US agencies, is the employment of US citizens of foreign birth in the nations that are generally considered adversarial (e.g., the Russian Federation and the People’s Republic of China). The irony of the federal bureaucracy is that it keeps out the very people on whom our national security may depend. A 29-year-old naturalized US citizen who lived his entire life in Russia, was educated in the best Russian institutions, and has now adopted the United States as his home will almost never receive the security clearance that he needs to do the work for which his experience has perfectly prepared him.
This is one of the areas, however, that creates opportunities for GreyLogic’s Project Grey Goose and other investigative international security trust networks (STNs). PGG is not bound by the same bureaucratic shackles or legal authorities that employees and contractors of the intelligence community are. Volunteers are vetted not by their ability to receive a Top Secret/SCI with Full Scope Polygraph clearance; they are vetted by their peers who know and trust them and by the quality of the work they produce, which often speaks for itself.
I have had the opportunity to broach this subject many times during briefings that I provided to various agencies within the IC. Since these were unclassified briefings based on open source intelligence (OSINT), the moment I would broach the subject of conducting this type of covert campaign, the conversation ended. I was told that that was out of their domain. Astoundingly, the very sources and methods on which a successful cyber intelligence operation depends is outside the domain of the very federal employees tasked with the mission of open source cyber intelligence gathering.
An experienced military officer who has spent the bulk of his career working in Computer Network Operations and with whom I have had frequent discussions pointed out that the DoD employees tasked with open source work could not comment or discuss a covert action simply because covert actions are, by definition, not open source.
The open source intelligence model as used by Project Grey Goose investigators is not a passive one that simply gathers publicly available data for analysis. Instead, the model uses active discovery that pushes the envelope but never crosses into illegal activities.
Although progress is being made inside the US intelligence community, this distinction between active and passive collection, as well as legacy