Pentagon’s Weapon of Mass Distraction?
Copyright © 2010, Henry Norman
“If he [Pfc. Bradley Manning] did what he’s accused of doing, he’s a patriot and should get a medal. I think the war criminals should be the ones prosecuted, not the whistle-blowers.”
– Bob Meola, Berkeley Peace & Justice Commissioner
In the early seventies, while working as a systems programmer for Scandinavian Airlines System (SAS, in Sweden), the company was in the process of purchasing a new IBM system for their Copenhagen data center, when I alerted SAS’ IT management of a “backdoor” in IBM’s operating system code,[1] which if properly entered would grant privileged access to the program so doing. They wanted proof, so I asked if it would be OK to show that I could “take control” of the shiny new IBM S/370 computer (in Copenhagen) by running a simple non-privileged program remotely (from Stockholm). Nothing damaging, just disable all interrupts, then enter an infinite loop. After which a “re-boot” (in those days called “IPL” (initial program load)) was the only way to restore functionality of the expensive big blue machinery. No big deal. I did get my AC permission, and for effect, I choose to perpetrate the political prank during the official computer inauguration ceremonies.
System dead. Frozen solid. IBM salesreps panicking…
As I had made no attempts to erase my tracks—I could easily have made it darn near impossible to trace the origin of this system freeze—a memory dump analysis immediately revealed that my little hack was the culprit. Boy, were the Danish systems programmers ticked off… They came after me, screaming and yelling and threatening me with bodily harm… They thought that I should at least be fired, preferably worse. Now, why was this happening?
Because I had embarrassed them. Given all their talk of how secure the new system would be, they had been exposed as distributors of bovine feces. Luckily though, I had my get-out-of-jail card up my sleeve, so I managed to keep my job.
The interesting part of this story is that they were not ticked off with IBM (providers of a less than adequate OS), but with me, for making a flaw in their precious system obvious for all to see. For publicizing the leak, as it were… They all seemed to believe (just like IBM) that by keeping the flaw a secret, everything would be hunky-dory. The image of the proverbial ostrich, with its head buried in the sand, comes to mind… Only this time, the big bald bird is farting, too!
Keeping security flaws “secret” does not stop crackers from exploiting them. In a somewhat similar fashion, the Julian Assange persecution is a shameful (and rather silly) witch hunt: silencing him (or WikiLeaks) can and will not stop other unauthorized agencies from obtaining that same data (which in unbowdlerized form presumably could be used to some really evil ends), as long as it stays virtually unprotected by its creators/owners. And greed can be a powerful motivator for people who find themselves positioned to pull a fast one… Opportunity makes the thief!
The issue with Julian Assange and WikiLeaks is not that secrets are being made public. The issue is that these secrets were easily obtainable in the first place (that someone could “rip off the keep”): if WikiLeaks could get them, then—obviously—so can others. WikiLeaks is a symptom of a problem, so locking up Julian Assange and shutting down WikiLeaks doesn’t solve a thing. Besides, maybe, providing a misguided sense of revenge to some medal-encrusted generals… We sorely need these whistle-blowers, for it is obvious that the original checks-and-balances schemes thought up by the founders are no longer working!
The WikiLeaks hoopla only distracts from the real issue (and I would not be surprised if this is the real reason why we have the current situation): that some governments apparently are embarrassingly and amateurishly clueless when it comes to basic security stuff, like protecting state/war/diplomatic secrets.
This is, of course, a major load of eggy goo in the face of governments getting exposed. And how do they respond to the problem? Apply heavy-duty pressure on anyone even thinking of helping this guy! Hunt him down! Defame him! Kill the motherf*ng messenger! The nerve of this guy, disclosing our tax-financed atrocities!
If government (or private!) agencies are worried about getting their secrets exposed, instead of trying to cut out tongues, they should start thinking about how to prevent unlawful access to their dirt: after all, implementing safe storage, data encryption, and restrictive export protocols is not exactly rocket science…
And, come nightfall, how do we know that some of these “leaked secrets” is not simply disinformation? Planted in order to create a specific kind of turbulence, when intentionally “leaked”? Hasn’t this always been a specialty of these cloak-and-dagger agencies and their gun-toting agents?
Henry Norman
Semi-Retired Computer Systems Analyst
Independent Researcher, Tagaytay City, Philippines
[1] The infamous SVC 255, a “user supervisor call” (now, there’s an oxymoron!) introduced by IMS (under OS/ MVT), which needed privileges in order to construct and extend “OSAM data extent blocks” in system queue space. Problem was that all one had to do was to set up a chain of fake control block addresses, in the proper order, and then issue SVC 255 (an assembler language instruction), and shazam! Privileged access! Voice from Poughkeepsie: “Just keep the darn thing a secret, boys! Who reads all those boring manuals anyway…”
Killing civilians is a crime, exposing the killers is not!
Further Reading:
tinyurl.com/26ogqfq Insightful Weblog
tinyurl.com/244dkn2 On Bradley Manning’s arrest
tinyurl.com/2bwvp8u Berkeley suggests declaring Bradley Manning a War Hero
