Sunday, August 14, 2016

Zero Days Spoiler Alert

The movie Zero Days answers a lot of questions, but it poses so many more, that I think any good review should be a spoiler.  We are left to wonder and search for what's next, how foolish people with power and financial resources will be, and how clever the better and worse technologists around the world will prove to be while struggling against each other to make things the way they want them to be.

Personally, I'd like to see Siemens spend a few million on a court case against the U.S. government to win a settlement that would pay for A) replacing all existing PLCs that are affected by Stuxnet so that they are not vulnerable to the malware as they currently are, and B) explicate the exploits that were used well enough for the creators of the software containing them to remove them.

My observations on the state of the audience and my personal desire for Siemens are not the reason I'm writing this post.  I wrote those paragraphs in order to provide a setting from which I can propose my theory and hopefully get some of the most important minds working on solving the problem of corruption (if they aren't already).

The ostensible goal of Stuxnet was to disrupt the Iranian nuclear program.  The effect was to release a kind of masterkey to infect and control a variable but very well defined set of Siemens PLCs in any way a programmer wants.  Anyone can get it because it's everywhere.  The idea of Siemens PLCs providing useful logical functions in a secure manner is no longer reasonable.  We are vulnerable to the madmen of the world who have the programming skills.

The madmen of the world generally do not have the programming skills because they are too busy getting elected, whispering in the ears of those who've already been elected, or both, and that is NOT their fault.  It's ours.  Well, not my fault because A) I don't vote, and B) I have no respect for fake (coercive) authority.  So it probably isn't your fault either, but there are loads of people who still believe that obedience to authority is a good thing, and it's entirely their fault. They suffer for it too, which is ok by me, but we suffer too, and that's what I'd like to stop.  I think it's up to us to stop it.

The people who do have the programming skills will be hired by those madmen because too many software engineers (yes, Jerry, I'm talking about you) do not peer deeply enough into their work to see whether or not it will be used for good or evil.  Einstein and Oppenheimer come to mind.  My theory is that the money to be paid to the engineers who can modify the Stuxnet to create grand problems will come from taxpayers and be funneled through black ops for that exact purpose: create grand problems.  Why?  Because that is how fake authority justifies itself.  Check out the Peace Revolution Podcast if you don't believe me.

How do we stop it?  The answer is to make people like Jerry aware of what they are doing so that they can request that more light be shone upon it.  The Jerry about whom I write offered me some work related to "smart meters" and, because it was a government contract, I declined.  Perhaps it was a mistake for me to decline.  Perhaps I would have been able to brighten the lights and scare away some of the development of "grand problems" that I believe is going on.

I don't know if Jerry will ever read this, but if he does, I hope he considers how much his work is related to the Siemens PLCs targeted by Stuxnet and whether or not he's helping create instability in a world that is very altered now that the CIA / NSA / FBI has released this masterkey into the wild.

We are not powerless.

No comments: