The bogus expert and social media chicanery of DC’s top cyber think tank

Like viruses, cybersecurity charlatans are incidental guests in the body of infosec. These men sell false expertise, conspiracy theories, and invisible security potions and they are as unintentionally hilarious as they are alarming. Case in point: BuzzFeed's exposé of James Scott, cofounder of Washington DC's big cybersecurity think tank, ICIT (Institute for Critical Infrastructure Technology).

With "at least 45 fake Twitter accounts being used to amplify ICIT content and Scott's book, as well as a group of fake YouTube accounts that upload and like ICIT videos." The think tank eventually verified in writing to BuzzFeed that it does, in fact, operate the twitter accounts in question. Twitter has since suspended 11 of the accounts. When we reached out for comment, Scott replied:

ICIT had outsourced its social media management to overseas contractors. I've apologized and regret not managing them more vigilantly at the time. I voluntarily resigned my duties at ICIT so that ICIT was not impacted.

While at ICIT, I wrote several books which we gave away for free so that "cost" never stopped people from accessing the data. I never charged for public speaking engagements or public sector advisory to critical infrastructure organizations due to my deep conviction to help secure our Nation from cyber attack

The thing about cyber and digital decepticons is, all you usually need to do is give them enough rope and they pretty much hang themselves — which, along with some great investigative reporting, is what BuzzFeed did. And "A DC Think Tank Uses Fake Twitter Accounts And A Shady Expert To Reach The NSA, FBI, And White House" is a great story. But it comes with an even more insane backstory.

It started when BuzzFeed journo Craig Silverman noticed a random Twitter reply from the cofounder of ICIT, which appeared to have a lot of spammy support. Silverman looked closer, unearthing numerous bot accounts pushing Scott's recent self-published book on cyber information warfare.

Artificial influencer

Bizarrely, one of the connecting threads was a unique insult: Scott calling Silverman a "mind midget" (used when the reporter started asking uncomfortable questions). Scott's distinctive misuse of "mental midget" started Silverman down a rabbit hole of sock puppets using the same insult and phrasing, leading to aliases, unsubstantiated claims of bestselling books, a career as a cybersecurity expert that only began in 2013, and (prior to that) a variety of shady startups — including one that sold automated social media boosting.

"He also placed incredibly fawning articles about himself on sites that seemed to exist to improve his SEO," Silverman tweeted. "Fast forward to now and he's still doing that," he added. "Along with the bots that retweet brooding memes of him, there are the fake YouTube accounts that upload ICIT videos of Scott and also leave comments that declare him to be a genius."

After Scott cut off contact with Silverman, the ICIT cofounder was quick to publish a tweet saying that "journalists on Russian/Chinese payroll who are targeting us for exposing them in my Information Warfare book."

That all of this is married to an influential DC cybersecurity think tank struck Silverman as alarming — as it should. "But it seems no one checked on [Scott's] credentials or looked closely at his background," he tweeted.

To which we say, "Welcome to cybersecurity!"

Look: I know we're living in the stupid timeline, the one where the normal and the abnormal are all blurred together.

Especially in Washington DC. It's where John Bolton (no cyber experience) eliminates terrifyingly necessary cyber positions in the White House. Where Jared Kushner (no cyber experience) is Cyber Commandant, and for a while Rudy Giuliani (no cyber experience) was named Donald Trump's official presidential cybersecurity adviser. It's also a fetid warp in space and time where US Deputy Attorney General Rod Rosenstein makes up phrases like "responsible encryption" in order to pretend he has knowledge of a way to backdoor encryption in a totally secure way.

But con artist reward and success is horribly normal for infosec. It has been for ages — look no further than respected indie site Attrition's long-running and oft-referenced Charlatans page. On it, there's nearly a decade of researched and citation-heavy documentation of sketchy technical experts, infosec journalists, companies, and bogus crowdfunding campaigns. All trading on buzzwords in place of knowledge and experience, selling books and events, pushing fear, and ruled by spiteful ego.

Infosec has a vulnerability

The cyber snake oil salesman is a permanent fixture of the industry, much to the chagrin of those working in the trenches and seeing through the charades. Because we often cope with abuse through humor, infosec attempts to cling to sanity with parodies like @SecSnakeOil, Threatbutt, and this year's new addition the F.A.K.E. Security patent-pending line of cybersecurity solutions — literally dressing up and selling products at security conventions packaged as old-timey snake oil potions.

The problem is that everyone uses security but no one understands it. When an industry is like magic voodoo to the world at large, and the industry's knowledgeable inhabitants are hereditarily misanthropic, you have the exact scientific formula for all sorts of wankers to come in and be big stinky assholes, ruining everything they touch.

That's not to say ICIT has ruined anything — but wow, do we have a lot of questions now about their research, citations, experience, vetting, connections, advising, and, well, everything else. James Scott, ICIT's senior fellow and cofounder and the whole reason BuzzFeed even looked into this, is its top expert.

Under the auspices of ICIT last month, James Scott recently downplayed Russian troll armies to Forbes. Scott, as ICIT, told respected-in-infosec outlet CSO last year that AI could "crush" ransomware and would slay the healthcare ransomware dragon, while telling ZDNet that IoT was somehow going to be ransomware's next Pearl Harbor. In another WTF example, Scott-as-ICIT chose the months leading up to 2016's presidential election -- when Russian trolls and propaganda had become a five-alarm fire -- to tell MSNBC that "Islamic terrorists" were about to attack and "The 'cyber jihad' is coming."

Getty Images

Fire up your conspiracy engines

Aside from the incredibly spammy activity around him, the bulk of Scott's cybersecurity work is ... odd. Take for instance his book "Cybersecurity 101: What You Absolutely Must Know! – Volume 1: Learn how not to be Pwned, Thwart Spear Phishing and Zero Day exploits, Cloud security basics and much more." The book's description claims it will tell readers "how to block Zero Day exploits" -- a claim that makes literally zero sense. It's not too surprising, then, that the review rated "most helpful" straight-up says that all the book's positive reviews must be fake.

Scott's latest book ("Information Warfare: The Meme is the Embryo of the Narrative Illusion") is being heavily promoted by ICIT and on its website, stating in its front matter that "this powerful philosophy is the bedrock of [ICIT]." It's a fairly schizophrenic conspiracy book about cyber attackers and memes, positioned firmly against the "Corporate Nation State censorship collective."

The thick rant includes gems about political correctness as "a loaded gun that the individual holds to their own head" that "normalizes the abnormal and is an elitist weapon over minions." Its dedication, to Scott's sons, warning them of a battle "to construct an artificial universe of foreign ideas in your Minds" and pleads that they "emancipate your minds from the matrix" so they can "carry on the Great Work." Which doesn't at all conjure worrying influences of red pill ideology or Nazi "Great Work" occultism steering DC's top cyber think tank. As you might've guessed, ICIT's new book by its cyber expert includes mentions of "radical online collectives, such as the Muslim Brotherhood or antifa," categorizing anti-fascists as "Ideological Domestic Terrorists."

You may wonder what all that has to do with cybersecurity and ICIT, which is promoting every bit of it to leaders from the Department of Homeland Security, the NSA, the current assembly of frothing weirdoes in the White House, the FBI, and the public at large.

What it has to do with directly is James Scott. What it has to do with in regard to infosec in leadership positions steering the course of this shattered country is at once absurd and a sign that everyone is really not okay.

Images: Library of Congress (Snake oil salesman); Getty Images (Looking through blinds)



via Engadget RSS Feed https://ift.tt/2KWBKun
RSS Feed

If New feed item from http://www.engadget.com/rss-full.xml, then send me

IFTTT

Comments

Post a Comment

Popular posts from this blog

Evernote cuts staff as user growth stalls

Image
Note-taking app Evernote has fallen on hard times of late, culminating in its latest spate of job cuts impacting 15 percent of its workforce (54 employees). CEO Chris O' Neil -- an ex-Googler who took the reins in 2015 -- announced the firings at an all-hands meeting earlier today, reports TechCrunch . In a message on the Evernote blog , O' Neill admitted he'd set "incredibly aggressive goals" for the company in 2018. He continued: "Going forward, we are streamlining certain functions, like sales, so we can continue to speed up and scale others, like product development and engineering." The layoffs follow an exec exodus just weeks ago and the company's recent brand refresh (complete with a refined logo and wordmark). But critics are more concerned about its product, especially the free tier, which they claim lacks the perks to
Read more

The best air conditioner

Image
By Liam McCabe This post was done in partnership with Wirecutter . When readers choose to buy Wirecutter's independently chosen editorial picks, it may earn affiliate commissions that support its work. Read the full article here . After six summers of researching, testing, and recommending window air conditioners, we've learned that quiet and affordable ACs make most people the happiest—and we think the LG LW8016ER will fit the bill in most rooms. This 8,000 Btu unit cools as efficiently and effectively as any model with an equal Btu rating, and runs at a lower volume and deeper pitch than others at this price. Little extra features like a fresh-air vent, two-axis fan blades, and a removable drain plug help set it apart, too. The LG LW8016ER is a top choice for an office or den, and some people will find it quiet enough for a bedroom, too. If our main pic
Read more

We won't see a 'universal' vape oil cartridge anytime soon

Image
Pre-loaded cartridges of cannabis concentrate are currently among the most popular means of consumption, and for good reason. They're discreet to use and easy to handle, a far cry from the dark days of 2016 when we had to dribble hash oil or load wax into narrow-mouthed vape pens by hand. But, frustratingly, an ever increasing number of oil cartridge manufacturers employ one-off design standards so that their products won't work with those of their competitors, thereby locking customers into proprietary ecosystems. We've already seen this with nicotine vaporizers -- which has a seen a massive rise in "pod systems" in the last few years, each outfitted with a unique canister and battery built to be incompatible with those of their competition. Is it too late for the burgeoning cannabis industry to set a universal standard for their product designs?
Read more