BC TECH
Saved by @jay_millerjay

A quick thread on intelligence analysis in the context of cyber threat intelligence. I see a number of CTI analysts get into near analysis paralysis phases for over thinking their assessments or over obsessing about if they might be wrong. (1/x)

 Consider this scenario. A CTI analyst identifies new intrusions and based on the collection available and their expertise note that the victims are all banks. Their consumer wants to know when threats specifically target banks (not just that banks are victims).
The CTI analyst has, from their collection, at this time, and based on their expertise enough to make an activity group (leveraging the Diamond Model in this example) that meet's the requirement of their consumer. So what's the problem?
The CTI analyst begins to over think it. "What if I had more collection? Would my analysis change? I really don't *know* they aren't also targeting mining companies in Australia as I don't have collection there."
The analyst knows their analysis is going to be shared. Maybe even public. "What if another team or professional intelligence firm has more collection and ends up noting that it isn't banking specific at all. Banks are victims, not targets. Will my consumer distrust me later?"
It's a scenario I see often. I see many of my #FOR578 students run into scenarios like this. "What if I say something about ICS, what will Dragos say. What if I say something about this APT, what will FireEye say. What if I say something about $X, what will CrowdStrike say."
All of our assessments are made using our expertise at a point in time with the available collection. One of the values of estimative language is explicitly accounting for the gaps. If you have significant collection gaps, bake that into the assessment: e.g. Low Confidence
Too many analysts and consumers look for facts. Intelligence is analysis. It's allowed to evolve and change as collection, time, or other considerations change. We're advising consumers to help them make better choices. Not to know the unknowable.
I would advise that analyst to make the group. Sure they can always try to coordinate with others, share, see if other groups/teams see what they see or can expose collection gaps, etc. But that's not always necessary or possible.
One of my favorite articles is the Fifteen Axioms of Intelligence Analysts by Frank Watanabe. It's been in my CTI class for years now as the last slide of the course: https://t.co/45kzw5kLz7
He doesn't start off with anything about being wrong. Or making mistakes. He starts off with "Believe in your own professional judgements." The #2 is "Be aggressive, and do not fear being wrong." It's not until #3 we hear "It is better to be mistaken than to be wrong."
Build confidence with yourself. Then build trust with your consumer. That you are going to deliver the best judgement based on the insights you have at that time. And that if it changes, you'll let them know and admit it. That's really hard to do - but it's vital.
Don't sit on your intelligence and not disseminate it, or overthink it to even finishing your work, if it can be valuable to your consumer. It's always a point in time and based on what you know at that time. You'll never have enough to feel comfortable
The balance is in not blasting your consumer with thinly supported guesses though. Go through your processes. Use your team. "Aggressively pursue collection of information you need." But then make the call. If it was easy it wouldn't be intelligence.

More from Tech

SwiftOnSecurity
SwiftOnSecurity
@SwiftOnSecurity
I think about this a lot, both in IT and civil infrastructure. It looks so trivial to “fix” from the outside. In fact, it is incredibly draining to do the entirely crushing work of real policy changes internally. It’s harder than drafting a blank page of how the world should be.


I’m at a sort of career crisis point. In my job before, three people could contain the entire complexity of a nation-wide company’s IT infrastructure in their head.

Once you move above that mark, it becomes exponentially, far and away beyond anything I dreamed, more difficult.

And I look at candidates and know-everything’s who think it’s all so easy. Or, people who think we could burn it down with no losses and start over.

God I wish I lived in that world of triviality. In moments, I find myself regretting leaving that place of self-directed autonomy.

For ten years I knew I could build something and see results that same day. Now I’m adjusting to building something in my mind in one day, and it taking a year to do the due-diligence and edge cases and documentation and familiarization and roll-out.

That’s the hard work. It’s not technical. It’s not becoming a rockstar to peers.
These people look at me and just see another self-important idiot in Security who thinks they understand the system others live. Who thinks “bad” designs were made for no reason.
Who wasn’t there.
TECH
James Felton
James Felton
@JimMFelton
Butt plugs were originally sold as a miracle cure for headaches, acne, and insanity

Thread, article here and h/t: @qikipedia :
https://t.co/Ts84xnmWKJ


For a long time, medicine was pre-occupied with the question "can this be solved by putting something in the butt?"

Take, for example, tobacco smoke enemas, in which 18th Century physicians saw drowning victims and attempted to de-deadify them by blowing tobacco smoke up their rectums with a pipe.


Despite having no medical benefit whatsoever, the practice was popular, and enema kits lined the Thames like lifebelts, ready to be used as one final humiliation for somebody who was crap at swimming.

This practice ended sometime after 1800 when it became apparent that it didn't really work, given how the anus famously isn't really connected to the lungs, but doctors weren't quite finished with having a poke around in the old anus to see what happens just yet.
TECH
Advertisement
Yoel Roth
Yoel Roth
@yoyoel
We’ve recently seen research about so-called “bots” and misinformation on Twitter and wanted to share our perspective on why findings that might seem remarkable at first are likely inaccurate. We’re working on a more detailed explanation, but some comments for now.

We continue to be excited by the research opportunities that Twitter data provides. Our service is the largest source of real-time social media data, and we make this data available to the public for free through our public API. No other major service does this.

Many researchers, academics, and journalists use our public API — a set of tools for programmatically accessing information on Twitter. We make all public Twitter content available via our APIs. You can learn more about them here:

The basic issue with much of the research based on our public APIs is simple: The APIs don't provide insight into our defensive actions to protect Twitter from manipulation, including bots.

Because of this, API-based research can't distinguish between accounts we've already identified as bad (and hidden or removed) and real, authentic ones.
TECH
Silver Kayondo
Silver Kayondo
@SilverKayondo
Last weekend, I made a threat on the ongoing #SocialMedia shutdown in Uganda and some implications on the future of #internet & Uganda's #digital agenda.

The thread attracted a lot of engagement and questions. Tonight, I will share some final thoughts on the subject. (1)

Conceptually, social media sites are the largest on-boarding platforms for internet users in Uganda. Notably, Facebook, WhatsApp, Twitter, Instagram & Snapchat attract the highest internet traffic- which drives demand for other platform services e.g Google and Zoom recently.


So- when we talk about an "open internet", we mean the FULL resources of the internet. Any encumberance on selected applications has ripple effects across the entire network thus jeorpadizing standardization of internet/data transmission which is essential for innovation & growth


Furthermore, shutdowns hinder network interoperability (technical ability to plug/link one digital product or service into another product or service). Interoperability is the heart of the "Internet of things" eg business, devices, networks, services, e-govt, integration etc #IoT


Because the internet is a global resource, shutdowns enhance a digital divide (the gap between demographics and regions that have access to modern ICTs, and those that don't or have restricted access). Ironic that 3rd world countries have the highest number of shutdowns globally.
TECH
\U0001f7e2 Ed Guiness
🟢 Ed Guiness
@KiwiCoder
A long time ago I coded up a feature for SocialCoder which converts a link - any link - to a short URL. I use it all the time for sharing links to volunteer profiles and to volunteer opportunity listings.

The feature doesn't care what the link contains, it just hashes the URL, including any query params, and returns a shortened code.

More recently, around Christmas time, I added another feature where I can click a button to send a template notification to a charity that their new listing has been reviewed and published. I call it a next-steps email.

For the past few weeks, its all been working well. Its nice to keep automating things that previously were done by hand.

Fast forward to today.

A new opportunity listing is posted by a charity.

I review and publish it, tweet about it, then click a button to send the charity an emailed notification of next steps.
TECH

You May Also Like

Dr. Jane Clare Jones
Dr. Jane Clare Jones
@janeclarejones
So, on the subject of bonkers hyperbolic pretzeling over the Bell judgement, Grace 'destroy books I don't like & make inappropriate jokes about sterilising teenage girls' Lavery has some thoughts.

Tell me why my feminism is wrong Grace.

Oh

Well, if anyone thought the Bell judgment was going to make TRAs reconsider making massively overblown claims with no evidence backed up with nothing but a thick wadge of emotional blackmail.... HAHAHA, no one thought that.


A high court in the UK made a delimited judgment about teenager's ability to consent to puberty blockers. This puts all trans people everywhere in the world at risk.

Because if any human anywhere has any thoughts that deviate in any way from the rote line dictated by

the trans rights movement, this puts all trans people everywhere in mortal danger.

Let's be honest Grace. It doesn't put trans people at risk. It puts trans ideology at risk. Because trans ideology depends on the idea of innate gender identity, and the trans child is the

necessary material evidence of the ontology of gender identity.

That is, children are being medicalised to provide evidence to underwrite adults identities.

Nothing to see here.
LAW
Simon DeDeo
Simon DeDeo
@SimonDeDeo
One thing that goes unremarked about Wikipedia: the vast majority of the content was written over 12 years ago—which means (given turnover) that the editors dominant today were not directly involved in that creation.

Put another way, the editors who built the dominant nodes in this network...


...have little overlap with the ones who made this much more recent managerial flowchart.


Internet time runs at hundred-fold speed—the difference between the people who painted what's in the Uffizi, and the people in charge of keeping those paintings from deteriorating. Very different tasks, and (one presumes) very personalities as well. @PaulSkallas?
ALL
Advertisement
(\u3063\u25d4\u25e1\u25d4)\u3063 \U0001f499 \U0001d440\U0001d4b6rymo Belfast \U0001f499\U0001f331\U0001f340 \u24cb\U0001f397\ufe0f
(っ◔◡◔)っ 💙 𝑀𝒶rymo Belfa...
@MarymoBelfast
THREAD PART 1.

On Sunday 21st June, 14 year old Noah Donohoe left his home to meet his friends at Cave Hill Belfast to study for school. #RememberMyNoah💙


He was on his black Apollo mountain bike, fully dressed, wearing a helmet and carrying a backpack containing his laptop and 2 books with his name on them. He also had his mobile phone with him.

On the 27th of June. Noah's naked body was sadly discovered 950m inside a storm drain, between access points. This storm drain was accessible through an area completely unfamiliar to him, behind houses at Northwood Road. https://t.co/bpz3Rmc0wq


"Noah's body was found by specially trained police officers between two drain access points within a section of the tunnel running under the Translink access road," said Mr McCrisken."

Noah's bike was also found near a house, behind a car, in the same area. It had been there for more than 24 hours before a member of public who lived in the street said she read reports of a missing child and checked the bike and phoned the police.
CRIME
Noah Smith
Noah Smith
@Noahpinion
1/People I know on the Right tend to be obsessed with the idea of "crimethink", taboos, and the (supposedly) oppressive, omnipresent enforcement of liberal cultural norms.

Why?

My new theory: A lot of it is guilt.

2/It's true that in some circles - the media, universities, many big corporations - liberal norms *are* enforced to some degree, and the enforcement has probably gotten stronger in recent years.

But I don't think this explains all of the Right's obsession.

3/The stereotype is that people on the Right tend to be more threat-sensitive. That would help explain the perception that liberal norm-enforcers are lurking everywhere, ready to pounce and anathematize anyone who makes a misstep.

But I don't think that's all of it either.

4/And of course, it's always fun - whether you're on the Right or the Left, or playing a video game, or whatever - to style yourself as the brave iconoclastic rebel fighting against the oppressive forces of blah blah blah.

But I don't think this is all of it, either.

5/The reason I think it's more than these things is that even *in private*, people on the Right express their "crimethink" ideas very gingerly and hesitantly.

I get the sense that they're not just afraid of external censure, but have also internalized liberal norms.
SOCIETY
ArmaniTalks \U0001f399\U0001f525
ArmaniTalks 🎙🔥...
@ArmaniTalks
A relationship begins to get stiff when excessive patterns begin to form.

Too many patterns leads to a boring, predictable, logical lifestyle.

Get the emotions involved.

Do something spontaneous out of the blue moon & flip the script.

'What's wrong with the patterns?'

Nothing is wrong with patterns.

However, there is a problem when all you have are patterns.

It's boring.

'Can you explain why?'

Sure 👇

The thing with relationships is that it's meant to be an emotional experience.

It's very difficult to logically explain love, right?

'Right.'

Well this is where you want to steer the ship the right way.

1. Too emotional is bad.

2. Too logical is bad.

Let me break it down.

1. Too emotional

If a relationship is completely ruled by emotions, then it's too volatile.

You will never reach productivity if you are aimlessly only following each others emotions.

This lifestyle tarnishes any structure for the couple.

'So why do people do it?'

Because it's fun.

You may ruled by this stage in the honeymoon phase.

Normal.

You'll be so spontaneous that it almost becomes a lifestyle.

But it's hard to level up your life when you're too spontaneous.

Avoid.
LIFE