The Pentagon doesn't meme like you or I. Before the DoD's cyber warriors can shitpost, images must be approved, tweets drafted and redrafted, and everything has to go through the chain of command.From conception to deployment, the picture of the Soviet bear dropping malware candy took 22 days. The tweet got 364 likes and was retweeted 190 times. [...]
The bumbling bear is part of an effort by U.S. Cyber Command to make Russian hackers look uncool online. "We don't want something they can put on T-shirts, we want something that's in a PowerPoint their boss sees and he loses his shit on them," an anonymous U.S. official told CyberScoop in November, 2020. [...]
Cyber Command's response to the report contained a detailed explanation of why it's making bad memes. According to Cyber Command, they "impose costs on adversaries by disclosing their malware," and the graphics "are used and included to increase engagement and resonate with the Cybersecurity industry." Though it did admit that "the graphics may not be shaping adversary behavior."
All that's missing is a link to a t-shirt site with that design being offered...
364 likes?! That's almost enough for a whole year!
Hmm.
Compare this to what Japan's National center of Incident readiness and Strategy for Cybersecurity has been putting out....
For example, this introductory portrait of "Black Hat the Cracker and his minions, the Black Pumpkins, and various malware" from page 8 of `Information Security Handbook for Network Beginners':
(part of a broader International Cybersecurity Campaign, which includes comprehensive handbooks, posters, etc.)
"We don't want something they can put on T-shirts...”
My money is on T-shirts have already been printed.
It's funny to me to see the same sort of email chain tomfoolery, with endless middle managers being CC'd, that I put up with in Fortune 250's, being done in the NSA. It's illuminating that this has surprised me. I have given them too much credit in my mind. Every time I think I'm properly cynical, life reminds me that I'm only half way there.
If you were a really smart maths/CS/whatever person and you got a job offer from some startupy company offering you the chance of doing cool stuff with stock options and the possibility of being very rich (maybe not Musk rich but certainly live-comfortably-for-the-rest-of-your-life rich) by your late (mid? sooner?) 30s, and another from the NSA offering you the chance of doing cool stuff which you could never talk about, in a giant bureaucracy which had no idea of what stock options even were and which you could, maybe, one day, escape from but probably would end up rotting in, which would you take? 15 years ago the NSA were hiring google's rejects: today I guess they're hiring the rejects from the companies google is buying to try to stay relevant.
nsa != cyber command. not that the bureaucracy is likely any different in either.
people are complex, multi-faceted, and differently motivated than you. i've worked in both government labs and some successful startups. some of the pure research being done by the giant brains in the navy's labs was way ahead of what was going on in the commercial space. one of the projects i worked on as a contractor was brought into my company about ten years after i had already worked on it the labs. the company put form/resources put around it then spun out into its own. the people that did the pure research had no interest in the tedium of commercialization or even worse, sustaining a product and dealing with customers. to imply someone is a reject because they aren't motivated the same things as a typical silicon valley tech-bro isn't right.
You have magnificently missed my point, and also made assumptions about my motivation which are deeply and splendidly wrong. Hint: I've worked for the government (not the US government), including doing things I can't talk about (I think I'm allowed to say I worked there but not what I did).
My point (do I really have to make it again) was only that, despite the myths we all like to believe there is no secret group of super-people with super-brains and super-technology working away for the government, who somehow we never see. There are only people, who are variously incompetent in the same ways all people are. And we know in the case of the NSA, for instance, that they were very incompetent indeed in the years leading up to 2013: they entirely failed to secure their computing infrastructure against a fairly obvious attack, which then succeeded brilliantly. Let's hope they are better at it now (or not, depending on who you are).
I'm picturing some kind of Trinity-style meme reveal. Scientists are wearing special glasses that partially obscure the bear, and some deposed project director is half-drunk, weeping and cursing the S.O.B.s who actually went through with it.