US terror alert becomes political football

Crying wolf at great public expense


Update As we reported recently, the latest ratcheting up of the terror threat level in the United States was based on captured documents dating back some time. In that article, we observed that it was "not clear whether any of the information recently obtained relates to current or future schemes."

We can now address that question with some confidence. According to the New York Times, "much of the information that led the authorities to raise the terror alert at several large financial institutions in the New York City and Washington areas was three or four years old, intelligence and law enforcement officials said on Monday. They reported that they had not yet found concrete evidence that a terrorist plot or preparatory surveillance operations were still under way."

One may well wonder why the cities of New York, Washington, and Newark suddenly began burning taxpayer dollars to stage a grand security rain dance - guarding sites that might have been attacked during the past four years, or may be attacked four years hence. With such a vast window of opportunity, one must ask why there should have been a sudden rush to security starting on Monday of this week.

It certainly sounded like an emergency, at least to hear Homeland Security Secretary Tom Ridge tell it. "The quality of this intelligence based on multiple reporting streams in multiple locations, is rarely seen, and it is alarming in both the amount and specificity," he said.

Ridge also gushed about "the President's leadership in the war on terror," to which he conspicuously credited this lifesaving, four-year-old information.

Predictably, President Bush and Senator Kerry went tit for tat on Monday, slagging each other and bickering over who can "protect us" better, and even answering each other in subsequent speeches. Meanwhile, White House Chief of Staff Andrew Card staged a lengthy press conference with National Security Advisor Condoleeza Rice to emphasize Junior's deep respect for the 9/11 Commission report, and in particular its recommendation that a cabinet-level coordinator of intelligence be created.

No fewer than eight different "terrorism experts" were interviewed on CNN, MSNBC and Fox, which simply would not let go of the terror alert story, leading with it every half hour for over twenty-four hours.

After her press conference, Condoleeza Rice later appeared on the NBC Nightly News to peddle her views on the fine job the President is doing to eradicate Al Qaeda and protect the Fatherland, and to explain why his new initiative on the intelligence coordinator is so crucial to that mission.

Why now?

If anyone is wondering why terrorism, and especially attacks at home, should have been so fully hyped on such thin evidence, it's useful to consider the news cycle.

Last week, John Kerry did a surprisingly good job of introducing himself to the nation as a plausible replacement for Bush. Last week, a devastating car bomb claimed the lives of 68 Iraqis, just as US Secretary of State Colin Powell was in country to deliver several absurdly optimistic speeches. Christian churches in Iraq have for the first time become the targets of terrorist attacks, in which eleven lives have so far been claimed. And the infamous Abu Ghraib Military Police unit has just returned Stateside to answer charges of torture.

Not to put too fine a point on it, last week sucked for the Bush Administration. It's no wonder, then, that a multi-city security rain dance should be choreographed - no wonder that police in paramilitary jumpsuits and helmets and boots should appear on the streets and in the subways with fully automatic weapons. It's no wonder that streets should be closed to traffic and cars stopped at random. The rest of the news is just too depressing.

Practicalities

One hates to rain on the Administration's parade of media misdirection, but practical matters do apply. Guarding these sites, which have been under careful surveillance by Al Qaeda for four years without incident, is expensive. The question is, when does one stop guarding them? Al Qaeda is renowned for its patience. If the security emergency is called off six months from now, then perhaps the sites will be attacked three years further on. Or perhaps they will not be attacked at all, since they're now under scrutiny. And perhaps a half-dozen unknown targets that have been cased thoroughly will be substituted for the ones we're now guarding so assiduously.

Clearly, aggressive security will have to stand down at some point. But where is that point? How long should we maintain this posture? If we spend a fortune protecting the sites currently under protection for years to come, and inconveniencing citizens in the bargain, how will we protect the next fifty or sixty sites that may pop up on the radar as potential targets in the future? How will we manage our resources in that case? The enemy could easily use misdirection to tie up resources and hamstring security efforts in a cumulative manner.

Furthermore, the problem with telling the enemy what you know is that you can't avoid telling it what you don't know. We've announced publicly the sites that we think need defending. Only Al Qaeda knows the target sites that we haven't discovered.

From a security point of view, the exercise is pointless. The Administration should never have indicated the particular sites it's focused on. From a security point of view, the smart thing would have been to announce in vague terms that Al Qaeda attack plans have been discovered, and then to beef up security quietly and subtly in the particular areas that the information specified.

Let the enemy guess what we do and don't know.

Politics

But this rain dance was not undertaken from a security point of view. It was concocted with a political motive, and its purpose was to distract the public from the additive disasters in Iraq, and the unexpectedly strong showing by the Democrats in Boston last week. It was designed to make Junior look like the "strong leader" that his cheerleaders insist, against all evidence, that he really is. (We note that the true Prince of Darkness, Dick Cheney, has been dutifully silent, and conspicuously absent, during the recent national security festivities, to vouchsafe the limelight to Junior.)

But it would be unfair not to point out Democratic exploitation of the Republican exploitation. On at least two occasions Monday, John Kerry took the terror warnings at face value, rather than as examples of Tom Ridge's exceptional proclivity for crying wolf, and insisted that he would have overreacted sooner than Bush, and at even greater expense.

And thus national security has become firmly established as a key campaign issue, and a dangerous political football that can only bring us harm regardless of who wins the election. ®

Thomas C Greene is the author of Computer Security for the Home and Small Office, a comprehensive guide to system hardening, malware protection, online anonymity, encryption, and data hygiene for Windows and Linux.


Other stories you might like

  • Lonestar plans to put datacenters in the Moon's lava tubes
    How? Founder tells The Register 'Robots… lots of robots'

    Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.

    Here is where some of the most important data is stored, to be left untouched for as long as can be. The idea sounds like something from science-fiction, but one startup that recently emerged from stealth is trying to turn it into a reality. Lonestar Data Holdings has a unique mission unlike any other cloud provider: to build datacenters on the Moon backing up the world's data.

    "It's inconceivable to me that we are keeping our most precious assets, our knowledge and our data, on Earth, where we're setting off bombs and burning things," Christopher Stott, founder and CEO of Lonestar, told The Register. "We need to put our assets in place off our planet, where we can keep it safe."

    Continue reading
  • Conti: Russian-backed rulers of Costa Rican hacktocracy?
    Also, Chinese IT admin jailed for deleting database, and the NSA promises no more backdoors

    In brief The notorious Russian-aligned Conti ransomware gang has upped the ante in its attack against Costa Rica, threatening to overthrow the government if it doesn't pay a $20 million ransom. 

    Costa Rican president Rodrigo Chaves said that the country is effectively at war with the gang, who in April infiltrated the government's computer systems, gaining a foothold in 27 agencies at various government levels. The US State Department has offered a $15 million reward leading to the capture of Conti's leaders, who it said have made more than $150 million from 1,000+ victims.

    Conti claimed this week that it has insiders in the Costa Rican government, the AP reported, warning that "We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power, you have introduced an emergency." 

    Continue reading
  • China-linked Twisted Panda caught spying on Russian defense R&D
    Because Beijing isn't above covert ops to accomplish its five-year goals

    Chinese cyberspies targeted two Russian defense institutes and possibly another research facility in Belarus, according to Check Point Research.

    The new campaign, dubbed Twisted Panda, is part of a larger, state-sponsored espionage operation that has been ongoing for several months, if not nearly a year, according to the security shop.

    In a technical analysis, the researchers detail the various malicious stages and payloads of the campaign that used sanctions-related phishing emails to attack Russian entities, which are part of the state-owned defense conglomerate Rostec Corporation.

    Continue reading
  • FTC signals crackdown on ed-tech harvesting kid's data
    Trade watchdog, and President, reminds that COPPA can ban ya

    The US Federal Trade Commission on Thursday said it intends to take action against educational technology companies that unlawfully collect data from children using online educational services.

    In a policy statement, the agency said, "Children should not have to needlessly hand over their data and forfeit their privacy in order to do their schoolwork or participate in remote learning, especially given the wide and increasing adoption of ed tech tools."

    The agency says it will scrutinize educational service providers to ensure that they are meeting their legal obligations under COPPA, the Children's Online Privacy Protection Act.

    Continue reading
  • Mysterious firm seeks to buy majority stake in Arm China
    Chinese joint venture's ousted CEO tries to hang on - who will get control?

    The saga surrounding Arm's joint venture in China just took another intriguing turn: a mysterious firm named Lotcap Group claims it has signed a letter of intent to buy a 51 percent stake in Arm China from existing investors in the country.

    In a Chinese-language press release posted Wednesday, Lotcap said it has formed a subsidiary, Lotcap Fund, to buy a majority stake in the joint venture. However, reporting by one newspaper suggested that the investment firm still needs the approval of one significant investor to gain 51 percent control of Arm China.

    The development comes a couple of weeks after Arm China said that its former CEO, Allen Wu, was refusing once again to step down from his position, despite the company's board voting in late April to replace Wu with two co-chief executives. SoftBank Group, which owns 49 percent of the Chinese venture, has been trying to unentangle Arm China from Wu as the Japanese tech investment giant plans for an initial public offering of the British parent company.

    Continue reading
  • SmartNICs power the cloud, are enterprise datacenters next?
    High pricing, lack of software make smartNICs a tough sell, despite offload potential

    SmartNICs have the potential to accelerate enterprise workloads, but don't expect to see them bring hyperscale-class efficiency to most datacenters anytime soon, ZK Research's Zeus Kerravala told The Register.

    SmartNICs are widely deployed in cloud and hyperscale datacenters as a means to offload input/output (I/O) intensive network, security, and storage operations from the CPU, freeing it up to run revenue generating tenant workloads. Some more advanced chips even offload the hypervisor to further separate the infrastructure management layer from the rest of the server.

    Despite relative success in the cloud and a flurry of innovation from the still-limited vendor SmartNIC ecosystem, including Mellanox (Nvidia), Intel, Marvell, and Xilinx (AMD), Kerravala argues that the use cases for enterprise datacenters are unlikely to resemble those of the major hyperscalers, at least in the near term.

    Continue reading

Biting the hand that feeds IT © 1998–2022