The Return of FUD: (Fear, Uncertainty, and Doubt)
Oceania
is at war with Eurasia; therefore Oceania has always been at war with
Eurasia.
Excerpted from — George Orwell,
1984
FUD as a concept in and of itself has been around marketing and other
forms of
mass persuasion since at least the 1920s, although
its history can also be traced back to at least 1693, with a similar
statement of "doubts, fears, and uncertainties" entering the literature.
Fear, uncertainty, and doubt (often shortened to FUD) is a
propaganda tactic used in sales, marketing, public relations, politics,
polling and cults. FUD is generally a strategy to influence perception
by disseminating negative and dubious or false information and a
manifestation of the appeal to fear.
Let me offer an example of how FUD might be used in sales. The
wiley computer salesman might warn you about making the wrong choice of computer.
FEAR: Computer salesman says don't buy that XYZ
computer. I cannot and will not support those POS. Buy my ABC
computer.
UNCERTAINTY: But Uncle Billy has a XYZ computer.
And he likes it. Uncle Billy works for Robinson's Helicopter, so he
knows these things.
DOUBT: Oh maybe I'll just keep the old one for a while
longer. It's kinda slow, but it still works.
At the turn of century and for a few years after, FUD entered the
lexicon of IT, as
Microsoft was said to have used FUD in both its marketing and
technical practices. Microsoft was accused of
deliberately causing competitors' products to fail when running under
Windows.
My first encounter with the term FUD was maybe 15 years ago and in
the context of the real practical effects of malware on the
digital economy and the psyches of all involved.
In late
2012, the entire American banking system was shutdown for days.
A new form of malware was discovered that clearly spread from
webserver to users' PCs, and vice versa.
An attack in 2013 on South Korea by North Korea
that had shut all down electronic commerce and communication was
facilitated by compromised cell phones.
In hacking circles,
FUD came to mean "Fully Undetectable." That
refers to malware that will evade all attempts of security
software products to detect the presence of FUD malware.
So in our interconnected world, we are all full of FUD. Indeed,
ZERO TRUST assumes FUD is simply the constant state of being in
any network environment.
And now we have a new harbinger of FUD. Not since the
Cuban Missile Crisis of 1962, have we had to contemplate the
real possibility of direct military confrontation with Russia.
Not only the obvious, but FUD permeates our time in other
distinct and not so subtle ways that nevertheless still relate
to the current conflict. |
|
One area of FUD planting its roots is the yet to happen Great
Russian Cyberattack. FUD, with all its furry tentacles, is
well represented here.
First, the
Federal Government as represented by the Cybersecurity
and Infrastructure Security Agency (CISA) certainly does FEAR a
series of Russian cyberattacks. Indeed, CISA
is now at the forefront of a concerted campaign to do
the one single defensive action ALL MUST TAKE NOW and patch all
known vulnerabilities.
(Well, bless its little pea
pickin heart.)
On March 25, 2022,
CISA added 66 known vulnerabilities to its list of
actively exploited software vulnerabilities.
In its directive to all federal agencies, CISA reiterated and
referred to its
BINDING OPERATIONAL DIRECTIVE 22-01- REDUCING THE
SIGNIFICANT RISK OF KNOWN EXPLOITED VULNERABILITIES,
which states, if I may summarize and paraphrase: "Thou Shall
Patch." To others who may also be so impacted, CISA
meekly, but
"strongly urges all organizations to reduce their
exposure to cyberattacks by prioritizing timely remediation of
Catalog vulnerabilities as part of their vulnerability
management practice." Like I said, bless its
little pea pickin heart. |
Still, there is yet to come the much vaunted Russian Cyberattack.
In fact, the warnings issued by CISA referenced above, have left others
in government feeling rather UNCERTAIN about what this
hubbub is all about, and questioning "why
U.S. officials haven’t already defined what constitutes cyberwarfare."
And there is certainly a degree of UNCERTAINTY within
and without government circles as to what provokes a retaliatory action
by the US, and what might would those actions be.
“We have to set up rules of engagement that are absolute, saying
any cyberattack that is associated with a [hacking group] loosely tied
with the Russian government or the Chinese government will immediately
trigger the following actions,” said Emil Sayegh, president and CEO of
data security firm Ntirety.
Nonetheless, security researchers do wonder why Russia's Great
Cyberattack has NOT HAPPENED. "It
was widely established that Russia may have significant cyberwarfare
capabilities following successive cyberattacks it launched against
Ukraine after Russia’s 2014 annexation of Crimea." Some
DOUBT if the Great Russian Cyberattack will ever
materialize.
“I think the biggest surprise to date has been the lack of
success for Russia with cyber attacks against Ukraine,” Stephen
Wertheim, a senior fellow in the American statecraft program at the
Carnegie Endowment for International Peace, told Vox. “This has not been
a major part of the conflict.”
It just might be that Russia's mighty cyber army is no more effective
than its iron army. Or maybe its just too busy fending off its own
incoming fire of cyberattacks. There is NO DOUBT
that Russian systems are under attack from many different actors.
Taking Point in the cyberwar against Russia is the
"Hacking Collective", known as Anonymous. “Anonymous
has proven to be a very capable group that has penetrated some high
value targets, records and databases in the Russian Federation,” he
wrote in a report summarizing the findings. In a
highly detailed report,
researcher Jeremiah Fowler stated that there was
NO DOUBT that Anonymous has made its presence known
among the current combatants.
Since the start of the conflict members of Anonymous and other
groups have targeted Russian state media outlets, government websites,
and what appears to be any Russian and Belarussian database that was
already exposed or newly misconfigured datasets.
Most recently on the list of successful beaches of Russian security by
Anonymous was the March 23, 2022, hacking of the Russian Central Bank.
Its announcement came with a not so veiled threat to Russian elites.
Anonymous had claimed to hack the Central Bank of Russia and
steal 35,000 files. The group went on to claim: “We
have your economic secrets now, you will tremble with fear, Putin.”
And released 28gb of data to back up its claims.
Most interesting of Anonymous's exploits against Russia was its boast
that "Anonymous
hacktivists are compromising vulnerable and misconfigured printers
across Russia and sending print copies to users with anti-war messages."
A "vulnerable and misconfigured printer" is one that has not had a
firmware upgrade to prevent remote access by hackers, and is allowed
enough network access to allow the hackers access to the same network
through the unpatched printer.
Which brings us to the final topic here. Your printer most likely
needs a firmware update. On March 21, 2022, HP published a
bulletin entitled,
"Certain HP Print Products, Digital Sending Products - Potential
remote code execution and buffer overflow."
Catchy, huh? What
"remote code execution" means is that a hacker could take Command and
Control of the affected network, server, or PC that the printer is
connected to. And "buffer overflow" refers to a state
that allows a device to be taken over. If you expand the list of
affected printer models, you will see just about every HP Printer —
EXCEPT THE PHOTO PRO inkjet line — is listed as needing
a firmware upgrade.
These are on top of — and not in lieu of — the computer firmware updates
that probably need to be installed.
I do not like doing firmware updates. Unless your printer was
having problems, I would say don't do it. But that was then, and
this is now. And keeping our computers and other networked gear up
to date is no longer just something those riddled by FUD might do.
It is how we keep FUD at abeyance; and how we do our part to implement
ZERO TRUST; and also do our part in the war effort.
This
is not the first foreign war to be witnessed on our TV sets. But
it is the first foreign war to be conducted in our homes and offices.
And, as our Commander in Chief likes to say, "That is no hyperbole."
We are at war. Yet, nobody is being asked to storm a beach running
headlong into machine gun fire.
Or maybe give up eating meat for a couple of days a week.
Right now, we citizens are only being asked by our government — and
certain cranks like me — to keep our computers and other networked
devices up to date, so
school aged children can get their daily milk.
And so
meat processing plants can stay operating.
And to generally keep the sense and forces of FUD at bay.
Oceania was at war with Eastasia.
Oceania had always been at war with Eastasia.
Excerpted from — George Orwell,
1984
Gerald Reiff
|