 I was also asked to mention that the defendant is up next in his presentation of, so you've gotten your ass sued. As everyone can see, this is about hackers and information operations. Let me go through and basically just so you know what's coming. Who the hell are we? Why am I giving this talk? Since most of you have come here, hopefully you'll already understand some of what information operations are. Give you a little bit about doctrine and then tying into the reason I'm here, more than a few words on computer hackers. So just so everyone also recognizes, I think it's probably a good thing because what I want to do is I want to encourage people to catch the social message in this. So you're going to see this spread throughout things now and again. Can I get the icon in Cornflower Blue, aka a line from Fight Club where the first rule of Fight Club, so you don't talk about Fight Club. My point for bringing that up is some of what I'm going to be talking about as the sociology of computer hackers and where we're going. You could look at Fight Club as a good model. I don't want you all to become space monkeys and follow Tyler Durden around. So that's what this is about. Obviously, if this is your first night at Fight Club, you have to fight. I'll be outside of the pool area after the speech. Yeah, no shirt, no shoes, no belts, let's go. So, Komi, Seven Pillars is a professional military company. Also known as a PMC under United Nations designation, which means that it's an insult in the industry, but you can refer to us as, quote, mercenaries, I would prefer you didn't, however. We're actually a boutique firm meaning we provide intelligence on conventional warfare, infrastructural warfare, information operations, and psychological operations. I am the managing partner, which means nobody else in the firm want to take responsibility for signing contracts. So, just so you know, I've gotten sort of a big award over at US National Defense University, the SunSum award, which is for excellence in information operations, blah, blah, blah. G2 Intelligence Professional Award, and I do have a technology background. So, onward, why am I giving this talk? As you're well aware, and particularly because the feds have been coming down on computer hackers for a long period of time, sort of the reason they do that is they really don't understand computer hackers. It scares them, what you don't understand you're afraid of. The reason I'm scared of computer hackers in a lot of ways is because they don't understand themselves. So, a lot of this is gonna be trying to give the people out there who are interested some structure to think about what they do and then obviously some differences in terms of how to think about what's motivating their actions. And obviously, I would like to help you set some of the direction. So, whatever information operations, I'm glad you all came here to hear about that, basically actions taken that affect the decision cycle. What's the decision cycle? I will show you that shortly. And this is sort of my little rant here and I apologize for this. If you ever read anything on this topic, you go to the professional papers, you'll always see people talking about critical infrastructure, minimum essential infrastructure, all the things that they claim computer hackers are gonna do in terms of cyber war attacking the US. They always give you this sort of nice long list of things they're worried about, but they never tell you where they got it from. Well, what's kind of interesting is that list was cribbed from one of my early papers and because I never published the methodology that that list was derived from, no one can actually supply you with where that list came from. I'll show you the tool that generated it and be nice from now on some people credited the source. So, let me just talk a little bit about where information operations came from and I'm gonna do that by backing off the topic a little and getting abstract, which is about progress. And progress is sort of both analog, meaning it's a nice smooth situation and it's punctuated, you have developments, this is kind of Tothers, the third wave thing where you have the industrial age and then you're moving on to now the information age and extrapolation at times can seem like a complete nonsense. And so for instance, I'll give you an example here, for example, motive power where if you were to go back to a time period when all we had was muscle power, you look at your curve and you go, oh, a man walking, but if you start to increase that curve, it becomes nonsense. You have a man running thousands of kilometers a second, just doesn't make any sense. So that's obviously not what's going on. So what's actually really going on is that progress occurs. We have new options that occur and that actually creates punctuations. So you move from human power up to animal power, simple machines, mechanical, steam engine, internal combustion and then surprise, surprise nuclear power. And this is sort of in parallel with Moore's law where if you were to go back, Moore's law should have been violated, what is it, four or five times now where we shouldn't have actually been able to move to the next level of progress and actually a breakthrough occurs and we just sort of keep moving up the curve. So some progress obviously goes beyond linear improvements. It creates a whole new breakthrough that creates new capabilities and let me drop back to a little bit of history for you for a moment and that would be an example of oil and internal combustion. So as you're all aware, the oil industry really started at the turn of the century, the 1900s and we started to see some impact back in World War I and there was a new petroleum industry and the oil boom sort of leading up to World War II became absolutely pivotal of the conflict. Oil was a major cause of conflict. Anyone who knows the history of Japan recognizes that much of the moves that they were doing and what precipitated Pearl Harbor was their need to control their oil supply. Oil was essential to combat power. If you didn't have oil, you weren't gonna be out there and fighting the war and it was critical to production capacity and just for everyone who can remember their history and you'll hopefully remember this, the US didn't win the war based on being really, really good in the military. They won the war on the fact that we were able to flood the Europeans and the Japanese with equipment. So the impact was actually fairly significant. What was that impact? Well, the impact was the power compression ratio. Suddenly you were able to do things you weren't able to do before like, oh, put airplanes into the air. So that changed ground forces. We had tanks, naval combat, suddenly the ships were able to do all sorts of things they couldn't do before and it sort of created air power. And again, these systems wouldn't have existed if it hadn't been for the oil industry. So the power of oil, what happened? Range was dramatically improved and we had extended force projection. What that basically means is, you know, you're able to take off off of carriers, you're able to move ships out further. Speed and mobility led to what's now referred to as tempo and maneuver and supply and sustainment became easier, which is what's referred to in the military as interior lines, but also extremely vulnerable. If you remember, much of the early part of the war was about, you know, German submarines taking out supply lines. So what you can do is you can think of it in terms of this is effect per unit density and that's what actually made the difference. So let's move on. For anyone who remembers their information theory, the internal combustion engine is a Carnot cycle, which means it runs on a difference. If you don't have your heat sink, everything really starts stopping to work and in Bayton's term, the heat sink is a difference that makes a difference, which I of course bring up here. So basically you can look at that as basically a difference engine, which is the same thing that's information. Surprise, surprise. And in military terms, information reduces uncertainty and so the parallels are actually kind of important and as we're seeing now, the information industry is creating just as much of a transformation in the world as the petroleum industry did. So it's worth recognizing about conflict that conflicts are generally not one, they're lost. Friction is the common source of loss, which basically means that you just sort of try to keep things going as long as you can until the other guy runs out of steam. You can look at that for the Germans, the Battle of the Bulge, that sort of thing. And lack of a difference, in other words not having information is what's referred to in the military as the fog of war. So just as in the physical world, there are all sorts of things, friction that occurs and that impacts on your actual intentions and capabilities. Just so everyone understands this, you can have capabilities, meaning I have nuclear weapons, I can blow you up. Am I actually going to use them? Yes or no, that ties into my intentions. You have to understand the difference there. They're critical because one of the things I'll be explaining later on is hackers now have the capabilities to do all sorts of damage, they just don't have the intentions. Which is another thing that we need to point out to everyone in the audience who works for the federal government. So the more information you have, the less friction there is, which basically now becomes integration of intelligence and conflict. Information operations are intended to create friction. And again, you can get all sorts of valuable intelligence. Let's try and move forward here. Okay. Basically, these are the things you need to understand. What petroleum did was created the, obviously the concept of range, which means non-locality in our current terms, speed and mobility translate to instantaneous simultaneity and effect per unit density means impact per unit unit energy. What that means is that somebody can attack a system from thousands of miles away, they can attack it from distributed points from all over the globe. And they have all sorts of effect completely out of line with what they put into it as an investment. So this is why everyone is afraid of computer hackers just as a functional process. So again, a little more explanation here. In terms of examples, computer hackers in Russia breaking into Citibank, instantaneous simultaneity, when operations take place in microseconds, that's not that difficult to understand. The distributed denial of service attacks are a good example of that. And the impact per unit energy, what's a good example recently is the US dependence on GPS units. I don't know if anyone remembers Desert Storm, but if it wasn't for the soldier held GPS units, they really wouldn't have been able to navigate very well in the desert. Well, in the next conflict, I don't think anyone's gonna be able to be too certain that GPS units are gonna work because it doesn't cost very much to build a jammer. So it's just one of those interesting things that we're gonna start seeing this sort of thing really showing up as a major play in the next set of conflicts. So there we go. Information is critical to future economies. It's a part of every aspect of conflict. It's being separated right now by the military because they haven't learned how to integrate it in. And as information becomes the building block, that's obviously gonna make everybody a lot more vulnerable. So here we go. Is that visible? Can people read that? Not really? Shit. Okay. Tell you what, I'll just tell you what it says. What I had is I had an epiphany a number of years back, which is basically, there are actually three cycles, don't hold up four fingers, hold up three, there are three cycles that are actually isomorphic, meaning that they function very much the same way. And the cycle on the outside is observe, orient, decide, and act, which is known in the military as the Boyd cycle. Now, Boyd goes back as far as Korea. And in Korea, he was a fighter pilot. He got involved in a dogfight. And when he survived the dogfight, for the life of him, he couldn't figure out really what he'd done. He'd done something correct to win, but afterward he got introspective and said, if I can figure that out, I have an advantage in future dogfights, and it'll help other pilots. So he sat down to try and figure out what occurred. And what basically happened was he looked at his aircraft, he looked at the opponent's aircraft and said, I have a better view of the outside world, and I can also maneuver faster. His airplane was actually slower, but it responded faster. And so what he realized is that this is sort of time competitive activity that the faster you could turn over your decisions, faster than your opponent could, gave you an advantage. So that's cycle one. Cycle two is starting at the top and reading around clockwise is context, content, constraints, and consequences. And this comes from sort of chaos theory, the science of emergence. And basically what you do is you look out at the world and you recognize that you have an environment. There are things that you distinguish out of that environment. There are constraints for interaction, and then what occurs in that environment has consequences, and then you cycle back through again. And then the final piece is data information, knowledge, and wisdom, which if anybody has a background in cognitive science, it's sort of the knowledge transformation that's become very important to the modern world. So, and you probably can't read the differences, let me sort of go through here. So how does, you know, observe content and data and move into the next bubble? See if I've got that. Yes. Well, here we go. That's sort of what I just explained to you. Here we go. Okay, observe context and data, which is sort of at the very top of the cycle, is what we experience directly through proxy, which is instruments, video cameras, human communication. I may be there and I may be understanding what's going on, or I may be relying upon somebody showing me a videotape. It's also the context, it's where we are, it's our environment. And in terms of decision support, sort of it's raw intelligence. This is, you know, how we look at the world around us. So then you move to orient content information and this is done by filtering. So basically you can look at everything on the web itself as data. When you go to a search engine to look for something specific and you then pull that up, that becomes information. Basically you've done that by saying, I don't want all the other stuff. This is why if someone actually tells you that we're living in an information age, sort of laugh at them, we're living in a data age, we haven't become really good at this process yet. Context difference in the content, which is true, you basically say, what is it that I used to make my decisions? I want this versus I'm not interested in that. Where is your attention directed? This comes in, and this is particularly critical in the Observe Orient Side Act. Orient is what I'm facing. In other words, if I'm looking at you this way, I'm not too certain what's going on behind me. So you'll see where this fits in later on. Obviously wherever I'm focused is something that's important to me, wherever I'm not focused is an area of vulnerability. Boundaries, distinctions, and differences, I think you all can recognize that, and decision support in terms of what's actually important. So here we go. Have you moved to the next stage? Well, you provide analysis and abstraction, production to practice. This is sort of intercontextual information, tells you what's going on in just that environment. You learn about your constraints, and again, this is sort of, what are your decision points? Where do you make your decisions at? Sorry, I'm sort of going through this, but I've actually got a lot of slides, and I was stuck in the newbie section. So I think everyone's pretty clear on this sort of thing. Let's move to the fun stuff. There we go, tempo. This is one of the advantages that computer hackers have. So at the very beginning, you start out with getting your information, then of course you filter it, and then you make your decisions, and then you react and respond. Guess what? Hackers have an edge here over everybody in the military, everybody intelligence, everybody in corporations, and why is that? Because they are hierarchical rather than hierarchical. And we can talk about what the difference is, but basically hierarchies are organizations that your authority is based on your position, and your position is generally enforced by your control of information. And obviously for computer hackers, this is not something that they're very fond of. So what hackers have is hackers have sharing and a community memory. The tool base out there is amazing, and the level of just passing information about exploits is incredible. That's what computer hackers refer to as information wants to be free. But it's also worth pointing out something far more important, which is that information defies control. Or it's, you know, once I say something to you, I don't get to take it back. And that can carry on and carry on and carry on. So it's important to recognize, so I don't know if anyone saw Bamford's speech, but again, they tried to come back to him once they released a report, and they couldn't put it back. So when people talk to you about things like crypto, being the genies come out of the bottle, that's what they mean. Here's a Fight Club quote. So it's worthwhile to wreck. This is actually from the book, not the movie, so you won't recognize it if you've only seen the movie. The reason one of the other striking parallels between what's going on in Fight Club and the hacker movement is much of what was going on is sort of the personality cult of Fight Club was very much based on what you can see in the hacker communities, including things such as it's always going to be free. So let me see, summary stuff. I don't think we need to go into any particular detail there. I can explain some of this later on. I think I've got some additional slides. So warfare, independence, and infrastructure. Okay, this is the overall conceptual strategy under which everything else falls in. This is basically warfare on the decision cycle, and the Boyd Matrix looks at the core cycles and turns them into the target. Let's bring that up. So basically, this is something I invented because I had to keep thinking about this, and since you've got a four-step cycle, you've got 16 possible combinations of attack and failure, which makes it pretty easy, so you can start pulling this up, and you can actually start looking at warfare by where it hits the Boyd cycle. So you can just sit there and say, hmm, 0, 0, 1, 0, Observe, Orient, Decide. So basically, maneuver warfare goes after the decision part of the cycle, which is what we all are familiar with from maneuver warfare. Gorilla warfare attacks where people aren't paying attention, which is why it hits on the Orient part. Political warfare, attrition, these are all pretty clear, but when you start hearing people talk about critical infrastructure, surprise, surprise, this is where it came from. You can sit there and say, great, based on that cycle, what we know about people making decisions, which is what it's all really about, is what supports those decision-making processes, and you've got communications, power supports certain things, fuel, schools, water. So yeah, and it's not gonna be really visible again. I just gave some examples, and some more examples. If anybody wants the slideshow, we can talk about that afterward. So, I'm sure you've heard this from other people so far. Cyber wars, the whole concept of the Pearl Harbor scenario is bullshit. Allow me to call bullshit on it again. There are some folks out there in the audience who probably are making a lot of money off of walking around scaring people with, we're gonna have mass hacker tax by computer hackers, it's gonna take everything down, and they're using it as justification to keep cryptography under control and to go after computer hackers and do all sorts of unpleasant things as well as push up their budget. But the US as a target is still, it's a load of crap. The truth about the US is basically it's resistant to denial, and let me explain sort of something you need to understand about the US economy. The US economy has been gifted by two really interesting things. It's got plenty of space and it's got plenty of resources. So if you were to compare the US against, say, for instance, an Asian economy where they have a very limited amount of space, some of them things like Singapore and other countries, and they have a very limited amount of resources, what they've had to do is be very, very careful with what they use. So there are actually more susceptible to denial and not as susceptible to subversion and the US is reversed. It's not about denial here, it's about subversion. And let me give you an example on this. In one sense, if someone were to take, attack a hospital system and basically shut off all their medical records, the hospital would recognize that this has occurred and probably not rely upon that. But if you were to break into one record specifically and change somebody's blood type or to say, oh, they're a diabetic, and then you just sit back and wait. Well, when that person's admitted, they've been typed in cross match wrongs. They've been given the wrong blood and they're probably gonna be given insulin. So again, this is where subversion is a lot more effective and obviously a lot more dangerous. The only time I get worried about the Pearl Harbor scenarios and what's referred to in the military is the combined arms approach, which is that there's something else going on at the same time. But the US doesn't have quite as much of a concern about being invaded in some other places. So back to my fight club quote. What I wanna do here, the first quote is directed at hacktivism and script kitties as well, which is basically sticking feathers up your butt, does not make you a chicken. So, and not to be insulting about this, but running somebody else's scripts and exploits written by some of the very brilliant hackers at conferences like this doesn't turn you into a computer hacker. And obviously point number two, I think is the important one at the very bottom here is all gun does is focus and explosion in one direction. A lot of this is about directed force, directed, oops, I've got a question, is about what am I targeting? And I'm also trying to help you at this point in time, not get targeted by bad people. Question. Go back, are you talking about attacks against the United States where you have guns? It's, the question was a clarification on the Pearl Harbor scenario. What it boils down to is you should, if you take a look at some of the literature, it's been a very big thing. They've called it the Waterloo and Pearl Harbor. Basically it would be a massive sneak attack on the U.S. military and U.S. economy. And that just like the Japanese thought in World War II, that would supposedly put the U.S. out of the conflict. Okay, and that's again the whole emphasis. And of course those are people who are not remembering what occurred after that, which was that Pearl Harbor became a rallying cry and essentially started the U.S.'s entry into World War II. So what I'm basically trying to express in this is the scare tactics used by these guys who are profiting off of the Pearl Harbor scenario. Don't buy it, it's a lot of crap. And that's just kind of what I'm trying to get across. Does that help or? What I'm saying is the same with the Pearl Harbor scenario. Are you talking about solving the United States and launching the Pearl Harbor type of war? How do you get to know what you're talking about? Okay. The question is, is this going to be an attack by a sovereign nation, which is essentially an act of war? Or whether it's going to be an independent group, which could be of any sort of arbitrary composition? And what I would like to point out to the audience is, is that you're all sovereigns. The joke is that sovereignty used to be defined by having a sort of military arm that you could use for force projection. And then the defining factor of power became nuclear weapons. And everyone wanted to be in the nuclear club. It's why some countries still pursue nuclear weapons sort of aimlessly just because they want to have them belong to the club. What I think needs to be clear to everybody in the audience is that what I'm telling you, and what I think you already know, is you have just as much power as a sovereign in this domain. You may not be able to launch a mass attack personally. But if you were to sit down and plan for two years, map out the computer network, look for the vulnerability points, and then, for instance, go out and crack 400 systems that were just sitting there waiting for you to give it the command, you could launch a mass attack simultaneously against whatever your target is. And that can be a sovereign. It can be a corporation. It could be another individual. But you have the exact same power in this domain as a sovereign does. And that's one of the key points you have to understand. And this is, again, another factor that is obviously going to scare folks is you are much more on the ball in terms of this than the solvrens are. You know how to use the tools. You communicate. You share. The trick is that what you're missing is some of the methodology to think about what the target were to go after things. And I'm not encouraging that. Let me make that clear. But this is out here. And you're going to start learning about it. And as some of you I suspect are also going to start getting recruiting calls, particularly amongst the best of you. I'm sure you've already probably been approached by this sovereign nation or that military group or something else with probably a very attractive offer. And what you have to understand is that people are starting to take sides. And this is to start educating you, see you are not going into this without a clue. So I'm going to skip over that simply because I should have put it in a much larger font and broken it up into multiple slides. I thought the projector would be better. What this basically was as I sat down and said to myself, based on what the threat is, what's the probability, what are the consequences of it, and what is the sophistication. And because of what's going on with the globalization of the economy, the probability of attacks is obviously going up. The consequences of attack is going up very rapidly. And the sophistication necessary to launch these attacks is going down precipitously. Let me see. Open source intelligence intelligence without espionage works best against the West. If anyone's actually interested in this sort of thing, there's actually a really, really good manual written by the Chinese available on the net, which basically tells you how to go out and using open sources. You can basically collect everything you could ever want to know. And then obviously there's been competitive intelligence programs operating against the West for forever in a day. An example, and I can just sort of give you things. Don't know if anyone was at Bamford's talk yesterday, but he was talking about having to go through this long, rigorous process for the Information Act and everything else to get information about NSA. And I was going to point out two interesting things. For example, there's something called the Maryland Procurement Office, which all the black programs, meaning the secret programs, all the purchasing was done through the MPO. Now the MPO obviously wasn't paying very much attention. And they actually put all the purchasing requests for classified budget stuff in the open database. So if you want to go back and look at what NSA has been buying for the last couple of decades, all you have to do is hit the MPO, and you can actually watch all the equipment purchases. You can figure out what they've got in the giant basement at the bottom. The other thing that's interesting is you can hit the IBM patent server. He was talking about echelon, and some people were asking questions about echelon's technology as well. Well, if you were to go to the IBM patent server and pull up, I think one of the primaries is shown, S-C-H-O-N-E, there's something called semantic forests. And semantic forests is basically the technology used to analyze the output from the echelon system and filter down what you're looking for. So this stuff is out there. It's all open source. You really don't have to work very hard for it. You just have to know how to work the system. And nobody works the system better than computer hackers. So let me see. Psychological operations. Let's pass over that. Let's get to the stuff that I really wanted to try and bring up here about computer. Hello. It's not mine. So capabilities versus intentions. Hackers have the capabilities. The tools are out there, guys. All you have to do is decide what vulnerability you want to attack after you've taken a look at the system. And you can find as many things as you could possibly want. What basically you're missing is a doctrine was referred to as an ontology or basically a process and a structure. Think about these things. And the big problem with computer hackers is that your intentions are pretty fuzzy. You're sort of unclear on your motivations about doing things. Am I batteries fully charged? Thank you. Shoot. There we go. Motivations and intentions of computer hackers. Some of you probably are at least sort of introspective enough to have considered some of these things. Why do you do things for political motives, profit motives, pathology, social motives, and practical motives? Let's talk about some of this. Here's a Fight Club quote, again, which I think is important to go into. And I recognize this when I'm at DEFCON. One of the things that Tyler Durden was using as a motivational factor in Fight Club to put together the Fight Clubs was the fact that a lot of you out there don't know where you're supposed to be going. What's your place in history? Where are you going to be going with your lives? And you're not real happy about that, in fact, as we say here. And they're very, very pissed off. Some of the stuff that I see going on in terms of breaking into websites and some of the other stuff is clearly showing a fairly high degree of anger at somebody. And that's actually counterproductive. So what's the hacker profile? Let's talk about this. Just so you know, a long, long time ago, in a galaxy far, far away, this was where I came from. So I recognize this in myself. And I recognize this in a lot of other people. We've done a lot of work on this to develop it. What's going on in terms of what's going on with your behavior? Let's start at the top. Behavior is patterned, which basically means that there's a high degree of obsessive, compulsive behavior, or monomaniacal. You will pay attention to levels of detail that would drive other people crazy. And if you decide that you want to do something, you're not going to stop. You're going to keep at it until you're successful. There's also addictive tendencies, which is you like the adrenaline rush. Stress is good for you. Right now, there's a lot of people who are medicating their kids because they have attention deficit disorder. And that's another thing I think is a lot of crap, because what it just means is you're not getting enough stimulus. You guys all know this. You need as much going on around you as you can get. I know I need that, and you're all the same way. And I apologize for this being slow. So ego and identity issues, again, here. You're acting out demonstrations against authority and real issues about being controlled. Linguistic manipulation, this is something that other people have mentioned. It's worth going into a little bit in detail. Hackers have their own language. And what this means is that we are isolated from the community at large. And we're also only talking to other people that we can talk to. Who else understands us? Well, other computer hackers do. So what it does is it isolates us from society, but it's self-reinforcing inside the small private community of computer hackers. So you need to understand that what you're doing is you're cutting yourself off by the very things that are actually working their way into your language. And then this is where Kevin Mitnick got into big trouble. Very, very good at role play. He was very good at social engineering, because he could pretext like nobody could believe. He could sit down and get into a role just as well as an actor could, and was so convincing he could talk them out of anything that he wanted pretty much. That's called socialized sociopathology. If somebody here should talk to Luke Cook, because he's got some interesting ideas on this. And then basically what this can also boil down to is you have a sort of blurred sense of real identity. I know Kevin really was missing a kind of core internal knowledge of who he was himself. And some sort of difficulty distinguishing games from real life. And real life has consequences. You do something bad, something bad's going to happen to you. So that's not a good thing. And this is kind of, as I've been walking, oh, another question. OK, there's actually, from a lot of research done with a couple of other people. And we can talk about that. If you want to, we can go into a methodology that's, I know that I thought Lou was going to ask that question, but there's actually a methodology behind this. And we can talk about some of this. But the big issue here is most of what's being used as a profile for computer hackers is actually based on the intelligence community and the FBI have done really, really extensive work on double agents and moles and defectors. And much of that right now is, if you look at much of the literature that's about computer hacker profiles and sort of those who commit crimes that relate to computers, say it again. I missed the first one. Yeah, it's more RAND, yes. But he's asking for the actual, the model that's used to create this. But what's interesting is you have to understand the model that much of what's being used is sort of at odds with this. Because the model that's being used is the model for doubles for people who are moles, people who defected, which does not have the same traits. You should look it up sometime. There's actually on the CIA's website, they've actually got a couple of good profiles of what they've done on their prior work on double agents and what they see as the mechanisms. There's also a book, Private Lives of the CIA, which has some of the papers that were published out of CIA's internal journals that have been declassified, which go into the profile as well. So you have to understand, that's where it's coming from as the conventional approach. And we need to get away from that, because it's just not healthy for computer hackers. Just some minor comments. Hackers always have those ego issues and power issues. And I'm hoping for more self-knowledge and self-improvement. And again, I dropped back to a Fight Club quote. One of the things that computer hackers get is a feeling of power. I mean, you're finally in control of something. I know that that was one of the things that drove me into it. I needed to have something in my world way back when that was explicitly mine. And again, once you start going around, and I can see this in some of the guys out there on the challenge floor, they start to look at the world in a very different place. I could do something to these people, or I could get even. So if you want to look at hacker communities, I think of hacker communities as tribal or nomadic. And of course, what that takes is an inspiration and reputation to get ahead. On the other hand, it's still a pretty primitive culture. Find any one of the women in the audience and ask them to explain their view of women in technology and women in hacker culture. And you'll see sort of what I mean there. So what are the interactions? Let me see. Let's just move on. OK. As I mentioned in the beginning of this, one of my concerns is that suddenly a Tyler Derdner, a messianic sort of figure shows up and is trying to lead the hacker movement. I was at Simple Nomads' presentation, and he made some kind of a comment about, we have to get organized. Well, a big concern that I have is, yeah, someone is going to show up and organize people, but it's not going to be towards really beneficial ends. So things that you, I guess what I'm trying to do here is sort of inoculate you against other people leading you somewhere, controlling you, doing something bad. Just this is to raise your awareness level personally. The people you need to look out for have these sort of characteristics, which if you look also at the people who are very big in the computer hacker scene, they share these characteristics. Have to be articulate because the community's virtual communication skills matter. Those people who write well and distribute are the ones that are getting the attention. Being knowledgeable helps to be more than a script kitty. Those people who write the exploits or find the vulnerabilities are the ones who get the accolades. Be informative and share. Again, information wants to be free. All of us respect that. And being skilled, it's the people that we know with the names that we recognize are those people who've done things. It's one of the reasons that people keep going and hacking websites. So being connected, again, we still have things like CDC and other organizations out there if you're a member or that's who your buddies are, that translates to social position. Being real always helps. What's interesting, and you might want to consider some of this in your own lives, in terms of who you respect, the sort of top computer hackers are those people who are also doing something beyond computer hacking. They actually have something else going for them. Being directed is extremely important. Obviously, there's a lot of people out there who don't know where they want to go in life. So they're attracted to somebody who does have a direction. And being different, and I'm sort of guilty of this. I'm the one wearing a suit. I don't think there's anybody else in the entire conference who's actually walking around in one. And by the way, I haven't even had somebody say spot the fed, which is kind of cool. So this goes back to the ego issue, which is how it's sort of easy to lure computer hackers in. Which is, how's it working out for you being clever? I know back in my era of this, I had a hell of a time, because attention's always good, even bad attention. So the trick was to do something that shows how clever you are, and any attention's better than no attention at all. So where can you go out there? Well, you've got some pathways, corporate, military intelligence. Let's talk about that a little. Where am I on time? We're okay. Okay, corporations do not like computer hackers. I'm sure some of you have gone through this already. You can read what's going on in the press. Large corporations where you could actually have some job security and do something with your life. Just don't like people with a hacking background. If you are a self-professed hacker, or even to show some of the outside exhibition of being a computer hacker, tattoos, wearing leather, little things, they're generally not really happy to hire you. Got a question in the back? Right, and I sort of agree with that because I've commented in the past, what's the difference between a hacker and a cracker? You'll always get into that sort of pissing contest with people where they demand that you use the term cracker for those breaking decisions rather than hacker. I mean, the difference that I commented on before is that the hacker is the guy who generally owns the company now. I mean, you can go back as far as jobs in Wozniak building blue boxes. You want to look where the original money came from to support Apple. I mean, they were out there doing that sort of thing. I'm not saying, by definition, that that's what's going on, but if you look later on, it's not like Apple's running around building a really good security arm by hiring some of the best hackers around there, and Microsoft, who could certainly afford to hire just about everybody at the conference here and turn them loose, isn't doing that either, and they get up on their high horse, and IBM is one of the worst offenders on this. They'll sit there and say, no, we're not going to hire somebody with a questionable background, and particularly on the military side, if you've done anything even questionable, they're not going to go near you, just simply because they don't want to give you a clearance. So you're prohibited from getting a secret top secret and code name. Where do you go then? One of the few groups in the world that could probably appreciate what you could do for them don't even want to talk to you. From the other side of this, in terms of hackers, hierarchies, which is what corporations are, are basically maintained by position. Somebody at the top is going to be able to tell you what to do, and much of how they maintain their authority is through control of information. This does not bode very well for computer hackers in an organization, and more importantly, authority doesn't like to be challenged and hackers are all about challenging authority. So face it, hackers are a control issue, which is, that's why they don't want to know. If that way they can sit there and say, oh, well we had nothing to do with it, it's really not liability. But on the other hand, this is worth talking about, and this also goes back to the point, which is worker bees can leave, even drones can fly away, the queen is their slave. Some of these corporations would not be anywhere if it were not for the computer hackers actually putting things together in the garage, in the basement, in the back office, the guys who are stuffed in who don't have a window. So they're making money off of your hard work. So the military intelligence path, guess what? The lifestyle and the pay sale, they suck. Definitely something to be desired there. You get to learn some cool things, the weapons are fun, but if you think corporations are bad in terms of authority, the military intelligence is gonna be much better. Also what a lot of people don't seem to understand about the intelligence community is it's not like the movies, it's mostly pretty dull, and it's just not gonna be good for you. Now, the other concern that I have, particularly in this day and age, is false flag operations, which intelligence are somebody who's walking around saying, oh sure, we work for so and so side, and we really like you to come help us out with these issues, and of course they don't work for that side at all. Asian cultures, the Israelis are really famous for this. Let's go on. So here and now, when the going gets weird, the weird turn professional. I would actually recommend to anybody in this audience who actually has a skill base to fall back on the old cypherpunk ethic, which is, you know, cypherpunks write code. Some of the best things that are out there in the net actually came from, pardon my tooting the horn on the cypherpunks for a moment, came from the cypherpunks. Nobody would be where they are right now in terms of the success of the community if it weren't for the cypherpunks. But I also want to point out something here. Cypherpunks weren't just operating against Uncle Sam. They were also concerned about things like Scientologists. And everyone sort of is forgetting some of the early heritage of that and need to go back and recognize, you know, we have a big debt to owe there. So the other thing I want to point out, and this is sort of my ego stroke to everybody in the room, and I apologize for this in advance, you guys are the forward edge. I recognize this from way back in my period and I'm seeing it in everybody around me here. Your profile in terms of the way you behave was far and away, you know, you're ahead of your time. You know, we're in an era now which is, you know, sort of completely globalized, 24 hours a day, seven days a week, extremely high tempo, and most people are not going to be able to handle it. You guys can. And that's going to make you, the power players, very soon now, because as the old school dies off or they can't make decisions fast enough or they fall out of the marketplace or have problems, you know, that's it. You get to take over. It's the power vacuum. Also, and this is something I've known and communicated with people here for years. I mean, one person that I've been communicating with for about five years, I consider him a friend. I've got a great relationship. This is the first time I met him. We can do things sort of like virtual relationships in the virtual community that don't make sense in the old corporate face-to-face world of I have to shake somebody's hand and see what they look like before you can actually move forward with them. In a world of globalization, again, the way that we build relationships provides a distinct advantage over the old school. And of course, you all think non-local. You're all inherently globalists, you're virtual. You look at the entire world, you're willing to consider things that are not directly what's in front of you. You've built, you know, incredibly complex modeling skills in your head. You're also, and I'm sure all of you know this, what is called continually and completely connected, which is con-com there. You know, you're using your computers, your cellular, you know, a lot of people who would like to gargoyle themselves. You know, and that's, some of you probably have. I mean, I may not even recognize it. But it's something that's a distinct trend. And again, you guys are the forward edge of it. So don't lose that opportunity. So, but what we need to point out is, you know, what are you doing with it? Time is marching forward, things are moving on. And, you know, we've, I don't know, I think we've hit a lull. Like, I don't see, and I apologize again to the cypherpunks, to be honest, what's come out of the cypherpunks recently? Like, I think of any, oh. So, you know, we need to start getting that ethic back of starting to move things forward again. I'll be talking a little bit about what I think is the wrong direction very quickly. I don't want you to be a space monkey. I don't want you to get used. I don't want you to get sucked into playing the role. There's gonna be a lot of people out there who are gonna try and keep provoking you. They want you as the bad guy. You justify their budget, you justify their lives. From the defense side, on the commercial side of the house, defense contractors are guys looking for mission. They have to support thousands of jobs. And that's why they keep pushing the pro-harbor scenario. From law enforcement, you know, they love to criminalize you guys. So, don't fall for it. And the other thing here is to remember is there's what I refer to as sentinel events. If something bad happens to you, you have two choices. You can explode, which is you can blame other people or you can implode, which is that you can take responsibility yourself. One of the points I'd like to make here is take responsibility yourself. So, because if you go off the handle, if you start going tribal on people's ass, you know, it's just not gonna be good for you. So, again, falling back on Fight Club, you know, what he was basically looking for was people willing to sacrifice themselves to what purpose? Don't ask. Role models, you can pass through that because I want to try and get to, right. And this is, let me stop on this one. I wanted to breathe smoke. I don't want you guys getting angry. If you've got to get angry, there's places you can go. Don't do it on places where you're gonna end up in prison or a fugitive or something else. And I'm, this was something that I wanted to point out because it's here. This was something that Tyler kept trying to push onto his troops, which is exactly what people in the military have happened to them. They take away your identity and try and rebuild you from the ground up. And they're gonna take you and they're gonna make you a man. And, you know, what they do is, of course, try to say you're not something unique, you're not something special. Well, every single person in this room is something unique and something special. So, if you need validation, you know where to find me. Don't go running off and assume that the world hates you. So, now to make my pitch, it's not a commercial pitch, it's a philosophical pitch. Where are we going in the future? Who is the great enemy? Historically, for those of you who remember agriculture and, you know, good Lord, I've been at this one for a while. Way back when, it was groups like Ma Bell. It was corporations who were taking advantage of the little guys and doing all sorts of bad things to you. And, of course, Uncle Sam. And I've been through this myself having built products that, you know, I couldn't get integrated, couldn't get sold overseas because I used crypto and all sorts of things. So, you know, this is, it's a bad thing, but I wanna remind you what the hackers really stand for. And, of course, that's the freedom of the individual. So, allow me to remind you of that when you're thinking about who to go tribal on. Which is, think about who opposes freedom. And, you need to start thinking about what are those choices in starting to be adults. So, and this is my conclusion, so I'll take questions afterward. And, this is sort of the position that we're in. So, you know, right here we seem to think that we're not looking at the sort of next great crusade, nothing interesting going on. You know, particularly in the dot com era, everyone was looking at the fact that, just as we say, we all could have become billionaires if we'd just sort of been in the right place with the right time on the right business plan. And again, sometimes you do something, you get screwed, sometimes you don't do. Then you get screwed. There's a lot of people out there starting to do very bad things to a lot of people. And, you know, for instance, what some of the folks in this conference were saying is, you know, we have the opportunity to make a difference. We can build tools, you know, we can figure out what to do that actually makes a difference. And my final comment is, you know, when you choose your level of involvement, I won't make decisions for you. Which is funny to actually having come out of Tyler who kept doing that for people. So, let me see what I've got. Technically I'm at 50 minutes, so I should be turning this over to the defendant. But does anyone have any questions? Fire. Okay, repeat the question. We're debating the viability of the Pearl Harbor scenario. I've actually got a paper on my website that I wrote a long time ago which pulls apart sort of the mass denial attack versus the subversive attack which I invite anybody to go take a look at. But what, there wasn't exercise. Yes, Rand has done scenarios. Lots of people have done scenarios. Some of the Rand stuff is very good. I think you're probably referring to Ron Feld and Arquilla. Yeah, okay, that's what I thought. So, yes, there is some validation for this. There was even a government exercise which showed that if you took some fairly unsophisticated people and gave them a very small, you know, a modest budget, turn them loose. Give them the computer, let them go out and hire up an ISP, hit the net and hit the tools. What could they do? And, you know, the report's classified but what the report comes out and basically says is that, you know, you can cause, you know, large damage to a large section of the economy for a very short period of time, okay? Again, that's a key point, very short period of time. You can power down, you can fix the problem. I mean, all the corporations that have been hit, what do they do? They lose service for a short period of time, eventually they solve the problem and they come back up. Right, but you know what? If it's started to get that bad, what do you do? You unplug the connection to the outside world. I mean, there are plenty of places you could cut the cable to stop external groups unless they're inside the U.S. At which point, then you, oh, you're okay. If you're looking for all inside. Well, right now I know, but I'm saying, you know, again, running is a sustained continuous attack. What do you want them to hit that you think is going to keep causing crippling damage? Right, no, I'm not saying that we're not vulnerable. In fact, my solution is entirely different. I mean, I would go away from an access control model and go and use cryptography for everything, but that's just my way of viewing things. But what you're saying is that I can agree with you, yes, the system is vulnerable, but again, at this point in time, you're not going to solve it with some of the sort of quick fixes that are going on. You have to go back and you have to do some redesign and I would recommend cryptography on every motherboard. You know what I mean? Cryptographic support built into everything. So, I mean, I don't know, I don't know what you want me to concede. I mean, I can sit here and say, yes, there is some potential validation. That's why I said it's a combined arm strategy that the Pearl Harbor scenario may actually be valid, but why would somebody...