Today, Jeff Atwood posted about social engineering as the ur-vulnerability in computer systems. The crackers he profiles, Kevin Mitnick and “Max”, aren’t emotionally-stunted keyboard jockeys but rather masterful (or at least highly effective) manipulators. Atwood writes:
One of the most striking things about Ghost In The Wires is not how skilled a computer hacker Kevin Mitnick is (although he is undeniably great), but how devastatingly effective he is at tricking people into revealing critical information in casual conversations. Over and over again, in hundreds of subtle and clever ways. Whether it’s 1985 or 2005, the amount of military-grade security you have on your computer systems matters not at all when someone using those computers clicks on the dancing bunny. Social engineering is the most reliable and evergreen hacking technique ever devised. It will outlive us all.
(Emphasis in the original.)
Bruce Schneier has written about bomb threats as a social denial-of-service attack. Sometimes this happens inadvertently, as with this “suspicious package” left on a bus in Victoria. False threats and accusations are nothing new, of course: It costs very little to conjure up a threat, and the more extensive the response the more appealing the cost:benefit ratio. Commenter Mark on the Schneier post points out that the IRA did this in Britain in 1997.
Yesterday, news that an American-Israeli real-estate magnate named Sam Bacile was filming a five million-dollar “documentary” based mostly around the principle of insulting Mohammed (possibly in cahoots with noted American asshat and pain in the ass to civil libertarians everywhere Terry Jones) brought about attacks on the American embassy in Egypt and consulate in Benghazi. People were killed, more people were hurt, shit was broken, and even otherwise-reasonable commentators were driven to bay for blood.
Now it turns out that “Sam Bacile” is at best a pseudonym and quite likely, along with the movie itself, a complete fabrication. Care to wager on whether this was a false-flag operation? Spend a few thousand dollars on a shitty movie trailer, do a shitty overdub to make it offensive to Muslims, release it on September 11th, and hope someone gets stupid. At the very least you can expect to keep this particular culture war simmering right along, and there’s a nonzero chance that you can incite some serious violence and a major international incident. No poker player in the world would fail to bet at those odds.