Over the last 4 articles, I’ve developed a slow-burn look into the world of the private spy. The idea that in less than 4 years the industry wants to hire 3 million unlicensed, unbonded, and untrained experts to work both government and corporate Intel and spy gigs should scare the hell out of you.
Can you give me a reason why the US which already collects and analyzes every piece of data on the internet needs so many more of what amounts to interns working with state sized software packages?
That’s 82 US citizens per new hire private sector OSINT agent. They have to literally spend 4 days on each person they investigate (82 per year including babies) just to get a full year’s worth of work because of the existing DNI, FBI, CIA, DIA, DOD OSINT agents have the rest of the world covered.
How serious is the information I’m providing? The EU Computer Emergency Response Team (CERT-EU) sent the articles to the EU institutions, agencies and bodies as well as outside governments and agencies. This means the EU has real concerns about the practice, laws, and policies allowing the practice because of the inherent damage so-called bit-players in private Intel and Information Operations (IO) can do at home and abroad not to mention diplomatically.
After you grasp the magnitude of the problem and begin unwinding the moving parts it can become manageable again through lawfare. Legal and societal protections you take for granted no matter where you live went out the window as soon as these practices became the norm.
Even from street level, people can make large sweeping changes to the world. Before you poo-poo, the idea, look at the CERT-EU screenshot again. I believe this can be done because I have already done it.
Towards the bottom of the article, we’ll get into the international policy for cyberwar and non-war situations. The same people that I’ve been writing about for the last 5 years exposing how they go after groups with protected status also wrote the policy for the US Government, all the agencies. While they didn’t write international policy directly, people they trained or work with closely did.
Four years ago, I exposed a flaw that exposes them to justice in the Tallinn Manual and threatened to pursue it. I did this because to win, I needed that gap closed. Tallinn is about applying the laws of war to cyber. It is something that otherwise would get no mention at all because it’s not considered a gap in any other context.
They closed that specific gap verbosely and gave me the opportunity to show how sordid this mess is. This also paves the way to provide a real resolution from private spies attacking civilians, social groups, political groups, journalists and other protected parties. Myrotvorets and Propornot should take note as should the other better and lesser-known companies and personalities.
No one has the right to use what they, themselves, rightfully label as Al Qaeda tactics on civilian populations, social activists, journalists, and other protected groups without assuming the legal definition of a terrorist, i.e. cyber terrorist.
Should lawfare (legal activism) fail to provide a remedy, the penalties for cyber assault (terrorism) and the right to a vigorous defense against perpetrators is what can make the laws change-FAST. Terrorism is terrorism is terrorism.
Once that fact is established anyone supporting them or hiring them in any way shape or form is guilty of material or direct support of terrorist activities against their own nation. Congressman, what say ye?
Law and policy makers fell in love with this power they never had before because it gives them the ability to shape policy they have no right to change for the sake of constituent and lobbyist cash and gift donations. They create loopholes in the cyber laws they write with the help of the companies and practitioners engaged in criminal behavior (under every other circumstance). Today, they hire the same criminals to help them with elections. Oppo-research, reputation management, Information Operations, and even projecting their (congressman's private) own foreign policy agenda into the international arena.
Imagine Congress asking a cybercriminal what kind of regulation or oversight their industry needed? What if Congress then asked the same societal deviants to write the laws that define the limit to what is legal they would agree to. Real criminals decided what the laws protecting their victims should be. They decided what the penalties should be if they got caught.
The tradeoff is this same Congress that was never allowed access to Top Secret information unless they have security clearance on their committee can get the actionable Intel before it’s marked “secret” if it’s gathered through OSINT by a private contractor working for US Intel agencies. That loophole makes it ok for anybody to move information before it’s been vetted and resell it.
Imagine these same legislators hiring you because you’re the expert they trust and they knowingly wink at the crimes you’re committing against your own people. They haven’t updated labeling the new twist on criminal law yet, and they won’t because you don’t want them to. And hardly anyone is referencing the same crimes using older precedent as a reference for prosecution or lawsuits.
This creates huge gray zones in the law. Gray zones are areas of law where even though something is illegal, there is no law on the books against a specific method of a known crime. Stalking is the easiest example. If someone is stalking you, follows you, and threatens you, we can all agree a crime was committed.
So is stalking a crime? Not if you are an OSINT practitioner doing it online because there is no legal or regulatory system you have to justify yourself to.
The gray zone, in this case, exists in a couple of areas. The first is attribution or identifying the perpetrator. This isn’t a small thing. The person with the Twitter handle “little ice cream girl” could actually be Stan from Milwaukee who was hired to sway the vote for his candidate. You annoyed him. The state sized software package he inherited working for XXX contractor that was working for the CIA toppling Antarctica is going to come in handy wrecking your life as thoroughly as the preverbal bull in the china shop.
The second is time and distance. Money concerns aside, if you are stalked, harassed, or threatened from the other side of the country or globe, what local prosecutor can even get his head around this new dimension of law?
Last year when I was originally going to publish this series, I spoke to an attorney specializing in international law. He listened for a short time and told me to stop. He didn’t want to hear any more. It wasn’t because of a lack of proof. He reasoned that the substance of what I was saying would put him in a very dangerous position.
It wasn’t his first rodeo and he claimed the last time around, his own national government refused to give him any cover or come to his aid. In his words, his government views taking on private Intel contractors as akin to taking on the CIA directly. And they weren’t willing to do that.
This is the attitude most people and even Congress takes. You can’t beat the deep state. But, the deep state ISN’T sworn-in law enforcement or agency personnel anymore. The illegal hiring practices for almost 2 decades gave private sector (green badges) oversight of agency personnel and projects. The problem multiplies because they trained the managers at the agencies and wield tremendous influence.
A fundamental truth is private industry cannot take on inherently governmental responsibilities legally or successfully. In the end, a company’s only consideration is their bottom line. Patriotism and companies part ways when it is no longer profitable. That’s just business.
What Congress and policymakers have done is to allow a huge gray area to be created where criminals are allowed to thrive because they provide political candy in the form of mostly fake Intel that supports whatever project a member of Congress needs to appease his pet cause lobbyists.
This could all be cleaned up by applying existing stalking and assault laws to online stalkers by making the punishment extreme. The same goes for political activists that are doing this under the cover written for them. As long as they volunteer, they are not targetable for retribution internationally. If they are provably working with a country or company working with a country, as soon as they stop, they can’t be touched. How’s that for a policy?
Putting all these online Intel related cottage industries under rigid government oversight and forcing them to document what they are doing and to whom both domestically and internationally is the one way any type of privateer scenario that is already OK'd by the current policy can actually work. It also gives protected classes the opportunity to stop harassment and demand damages. This is precisely why it won’t happen unless it is pushed hard.
Congress could write and pass a one-page bill to write protection against this if they had the inclination. The crimes exist in the law already. The only expansion is applying them to technology. They won’t.
The other more realistic approach is to demand US president Donald Trump take out his magic pen and write an executive order guaranteeing reasonable protections and appropriate punishment.
This is unlikely to happen because the move would literally box in this already metastasized invasive cancer commonly called the deep state. The celebrated work of the CIA and FBI infiltrating perfectly legal civil groups or dispersing propaganda through news platforms like the New York Times has been rendered child’s play in both scope and impact.
And we’re still waiting to see what kind of trouble 3 or 4 million unregulated new hires will bring domestically and internationally.
International Law and Policy for Online and Cyberattacks
Next, let’s establish a few things directly from Tallinn Manual I. From a 2015 article I’ll be highlighting a lot more in the next article I showed clearly that:
- Civilians are a protected class.
- If you work with a foreign country against their perceived enemies you are considered a military asset even if you work for a private contractor. You are targetable in every sense that word conveys.
- If you work with a foreign country against their perceived enemies you are considered a military asset and attacks against civilians is a terrorist act.
- To my knowledge no western country allows its citizens to make war on each other or citizens of other countries they are at peace with. The Black Letter Rules include: Rule 23.3 Cyber attacks against civilians is a war crime defined by rule 32.
- Rule 26.7 The concept of “belonging to” defines whether you can be targeted or not. This rule defines civilians as off limits unless they are “engaged” in real war duties. It includes undeclared relationships where behavior makes it clear which side a person is fighting for.
- Rule 26.9 Virtual online communities and people expressing opinions do not qualify as combatants.
- Rule 30 defines a cyber attack as a non-kinetic attack reasonably expected to cause damage or death to persons resulting from the attack. If attacker mistakenly calls civilians lawful targets, the attack on civilians still occurred. It is a crime. This is an important consideration considering how interconnected the internet has made people.
- Rule 31 Psy-Ops including leaflets, mass emails is not prohibited behavior.
- Rule 33 If there is doubt to the status of a person, that person is to be considered a civilian and not targetable.
- Rule 35.5 Gathering information for the military makes you a combatant.
- Journalists are prohibited targets.
- Once an attack is made, the retribution is legal and does not necessarily need to be in kind.
A cyber attack can be met with conventional weapons.
- Rule 41 Means and Methods describes cyber weapons broadly as the means to carry out cyber war by use, or intended use of cyber “munitions” designed to cause damage, destruction, or death to its targets. The breadth of the rule is required because of the wide array of possible attacks through cyber means.
Now, the first loophole I wanted to be closed comes from an inverse look at a cyber war attack including stalking and targeting protected classes. Here’s how this can be elevated to war crimes.
Cyber can come from anywhere across the globe, anonymously, and stealthily (you may not even realize you were attacked). Because of today’s events people being attacked are from different parts of a given country and even spread across the globe.
This means if political or social activists are targeted, it may look like random events even though the numbers of victims could be in the hundreds of thousands or potentially millions. Here’s the two-minute example from one of the industry pioneers that attack civilians.
If the attack is considered as a single event because one single protected class or group is targeted even though they are physically at different geographical locations, we can reach the threshold for a cyber attack governed by the laws of war. Since it’s civilians, it would need to be litigated but the settlement would come from the offending country. Cha-ching!
Nevertheless, I collected a sample of 50+- IP addresses. Thank you, Mr. Justin, you are an eminently useful idiot.. . Also, many (most?) of the US readers were at work when they visited antiwar.com. Those US readers are concentrated in New York metro, Washington DC, greater Boston, the Bay Area, and Illinois (Chicago and main campus, U of I). Meanwhile, the Russian readers (there are only two in the dataset) are split between Moscow and Saint-Petersburg."- Andrew Aaron Weisburd @webradius
I ask why is this Info war agent that trained all the US Intel agencies, NATO, and works for Ukraine geolocating American citizens for Ukrainian purposes?
This group is a political social group reading and commenting at a media platform in a country that still has the 1st Amendment. It is a protected class.
THIS IS ONLY ONE STEP FROM A WAR CRIME. As soon as it’s established Weisburd is doing this for less than Ukraine’s hit for hire site Myrotvorets, we are in the neighborhood of WAR CRIMES. Interestingly, Weisburd helped spawn Myrotvorets and enhanced Ukraine’s geolocation abilities.
Secondly, if it doesn’t meet the war threshold, it is still a terrorist attack on protected groups. When I proposed that injured parties have the right to robust self-defense, Tallinn II closed up the language by barring civilians the right of redress, self-defense, or preemptive assault because this was the domain of nations.
But, that language also makes it imperative for them to persuade Congress to step up to bat and write restrictive laws or the future looks very bleak for private industry spies and IO working against the public interest.
Did Andy Weisburd take that final step? Stay tuned, it’s detailed in the next articles.
But, that language also makes it an imperative for them to persuade Congress to step up to bat and write restrictive laws or the future looks very bleak for private industry spies and IO working against the public interest.
Did Andy Weisburd take that final step? Stay tuned, it’s detailed in the next articles. Next up, we’ll show the same small groups of OISINT and IO trailblazers are responsible for most fake news, bad Intel, and are covering up crimes against humanity.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License
[/su_spoiler]