News Applications: Considerations and Dangers

Wednesday, October 12, 2011

Joel Harding

94ae16c30d35ee7345f3235dfb11113c

I recently read an article entitled: China’s Defense Ministry releases iPhone app; a friend in China asked me what I thought when I shared the link with him.  

As I wrote a response I began considering more and more perspectives, none good but often ignored in this shoot-from-the-hip social media environment. 

Too often blogs are also written that only have one coherent thought, are not objective and don’t consider other factors beyond one defining factor.

I have a few different perspectives on this app.  Not having actually seen it I still think it has the potential for a great leap forward in openness and transparency for the Chinese PLA. 

According to a friend of mine, Timothy L. Thomas, the Chinese and Russian information warfare expert at the US Army’s Foreign Military Studies Office at Fort Leavenworth, Kansas, the PLA is surprisingly open and many military authors write prolifically about strategy, tactics, techniques, doctrine and so on. 

He has browsed through the PLA bookstore on numerous occasions, I missed my opportunity when I visited Beijing, choosing instead to shop online with the help of my gracious host. 

Not that I can read Chinese but I’m still trying to find the latest books on information warfare and cyber warfare from the PLA.  Back to the topic… I’m assuming the office populating this app with stories is a government associated entity in China and is somehow responsible for Public Affairs or Public Relations for the military.

There is also a chance that it is somehow connected with the Foreign Propaganda Office, but I’m not sure, perhaps even an intelligence agency.  Regardless of origins I am nearly certain there are very tight restrictions on what information can be released and I’m also certain there are multiple approval levels. 

We struggle with that same “release authority” with the US military.  When I was still on active duty the number of approvals required for the simplest of matters was overwhelming and disheartening.  We’ve made huge improvements since, reducing the levels of approvals required by increasing education and subtly changing the trust factors of our leaders. 

Don’t get me wrong, many of our leaders today are still extremely paranoid and  will never trust subordinates.

The problem of easier release authorities is that whoever writes must not only know but understand the guidelines within which he or she can work.  Good guidance would be: write without endangering any soldiers or operations, in other words don’t release personal details or operational details. 

Classified material is an entirely different matter, often seniors tap dance around classified material and still inadvertently release enough information that classified details can still be discerned or at least deduced.  Regardless, the writers and approval authorities must be diligent to protect sensitive information.

The problem with such an app is also perception.

  • Anytime any news is released one has to wonder if the release is altruistic and made just to inform the public.
  • Is it designed to put fear into the hearts of enemies?
  • Is it meant to send an unwritten message, to fill a gap and, possibly create a false perception of the truth or to create more understanding?
  • Is it intended to bolster morale and support of the people, friendly citizens?  Whose friendly citizens?
  • Is it intended to illuminate a gap and therefore become a subtle request for money, people or equipment? I saw this once in the late 90s when one of the papers I wrote showed up verbatim in the Washington Times and it sure as heck wasn’t me that released it!  (must restrain tongue What, too Dilbertesque?)
  • Is it bravado?
  • Is it intended to say something else?
  • What is the bias of the author?
  • Who is the intended audience?
  • What scale or level of impact is this intended to achieve?

This list is not at all all encompassing, I’d love to hear from others about more questions one should ask while reading news.

Only long term reading, analysis and understanding can tell, and then again, any one message can deviate from the norm.  Growing complacent allows one’s guard to falter, exposing weakness.  Trust comes from long term relationships and ongoing reinforcing actions.

I have friends I’ve known for decades, I know their strengths and weaknesses and how they talk, what they mean, how formal or informal their personalities are in different circumstances and they know mine. The same for news releases and apps designed for that purpose.

Another problem with apps is that more and more computer exploits are built into new apps, smart and cell phones are the latest and future platform for emerging exploits. Does the app allow a hacker or attack or even spy to place a Remote Access Tool on the phone? 

How about a remotely detonated payload (when executed will your phone turn off or launch a malicious attack)? Will it turn your smart phone into a zombie?  Will it become a launch platform for further exploitation?  Will you become a source for foreign intelligence?

I have predicted, as have many computer experts, that the next wave of cyber attacks will come through smart phones, cell phones and their data networks. Smart phones are almost ubiquitous and attacks launched either using the smart phones or attacking smart phones will be devastating on a scale we have not seen to date.

I’m sure that many apps have a backdoor or other hidden functions built in. Until I read it in the press I won’t know, but I’m hoping every app is being examined closely. This app must have been examined closely to appear in the Apple App store, I’m just not sure it was examined from a security standpoint.

Cross-posted from To Inform is to Insluence

Possibly Related Articles:
4665
Webappsec->General
Information Security
China Application Security Remote Access Attacks Exploits Espionage backdoor
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.