Meredith L. Patterson (maradydd) wrote,
Meredith L. Patterson
maradydd

Indicators of Compromise: An open letter to certain Does in the infosec community.

If you are one of the people that Georgia Weidman refers to here:

Conference staff was originally very supportive. But then they went to hear his side of the story and they suddenly wouldn’t even look at me. I realize it’s a complicated situation, but what I hit myself in the eye? I asked an organizer point blank if he believed me, and he said he didn’t know. I don’t know what the guy’s story is, but from the police and the conference’s refusal to act, I assume it’s pretty convincing. Hotel staff pulled the security tapes. Someone I thought was a friend of mine watched them with hotel staff. The general jist I got from the interaction was because I was on the tape letting him into my room, walking in the hallway with him, etc. I must be lying. Where in any of that did I consent to unprotected sex, being hit, etc?

The interesting stuff is the reactions. The people who say things like, “This isn’t what I think of course, but I bet a lot of people don’t believe you because you flirt on Twitter,” or “Everyone saw you kiss so and so at this party, so of course no one believes you didn’t want to have sex with that guy.”

then you are fucking terrible at incident response and should find a career field where you are not responsible for the safety of anyone or anything of more value than a common goldfish. Preferably not even yourself, because you're not even competent enough for that.

I refer you to the following excerpt from slightly earlier:

So I gave [the police] my driver’s license and after they left I tore the room apart looking for my passport. In all my passport, wallet, iPad, one of my test phones, one shoe, and my Tag Heuer Carrera watch were stolen. Anyone who is into watches will know my pain at losing it. He originally said he had nothing of mine when questioned by hotel security. Then he magically found my iPad and passport but nothing else. The phone was later found in the hallway of his floor of the hotel. The rest of my things were recovered the next evening from his room by conference staff.

So let me get this straight. Because you have some uncertainty about whether a sexual assault occurred or not, therefore nothing else happened? What about the missing watch, the missing iPad, the missing shoe, the missing passport for crying out loud? Have we suddenly Quantum Leaped into a timeline where a person confessing to taking items of value and then returning them is, somehow, magically, not incontrovertible evidence of theft?

Take your time. I'm not going anywhere.

As infosec professionals it falls to us to recognise, as quickly as possible, any and all indicators of compromise, and prioritise our responses to them. If you are somebody who looks at Shaky Evidence For A and Irrefutable Evidence For B (Not Conditional On A), but decides that because A's evidence is shaky then B can't be true, then you fail at logic and should find a job that doesn't require it before your incompetence hurts someone. I don't care whether you have strong feelings about A or not -- taking a job in this field means committing to evaluating evidence objectively and taking action based on that evidence, and if your feelings about A cloud your ability to evaluate B objectively then you suck at your job. This goes for any A. If the Russians know that you have an irrational hate-on for the Chinese, and they hit you with one exploit that might be Chinese but you can't really be certain and another that is undisputably Russian, and your response is, "Those dirty Chinese, let's get 'em!" then the Russians win that round and you deserve to be mocked. Also fired.

I mean, seriously. I believe Georgia completely, but for the sake of this discussion I will go so far as to stipulate a situation where not only no sexual assault occurred, but no physical assault occurred (so, like, they both walked into doors? a particularly vicious door that left him bleeding freely from the temple? OK, whatever you say). How, then, do you explain the bizarre assemblage of stuff he took from her room and subsequently returned? "She loaned me the watch, phone, and iPad" strains the bounds of belief, but "she loaned me one of her shoes" beggars it entirely. Stop straining so hard at those gnats, you'll hurt yourself.

Not to mention the passport. I don't know whether any of you have ever been without a passport in a foreign country; I have. Mine was stolen on a plane from DC to Brussels last August, and I spent four days in a Belgian border detention center because of it. I have also been raped. If I were forced to choose between reliving either experience exactly as it happened originally, I'd pick the rape, no question. Granted, it sounds like Georgia had the support of the US Embassy, and could have probably gotten a replacement passport without a side trip through Club About to Be Deported, but that does not excuse the fact that taking someone's passport is serious fucking business. Keep in mind, a United States passport is not the property of the person to whom it is issued, but of the State Department. I am not a lawyer, and cannot credibly tell you whether a passport is the kind of "public record" that 18 USC 641 applies to, but if I were Fernando Gont -- the thief Georgia was reluctant to name, but said I could -- I would check with an actual lawyer and find out just what my actual liabilities might be, at least before stealing another fucking passport again.

But back to you, the people I'm addressing. I believe it to be the case that this community is one that does not countenance rape or assault. Perhaps the evidence of assault in this situation is too tenuous to meet the burden of proof for that, which is why I spotted you that point to begin with. I also believe it to be the case that this community is one that does not countenance theft, and what else can you call "taking physical objects that aren't yours and not returning them"? Gont didn't wake up the next morning with a throbbing headache, find a mysterious passport and iPad among his belongings, and take them to the hotel staff saying "Dear me, I appear to have come into possession of Georgia Weidman's passport and perhaps this iPad is also hers," they had to question him -- and at first he lied about it. Then the conference staff had to recover the rest of her things that he'd taken. Including her shoe, let me remind you. Who takes a shoe? What the fuck is wrong with this guy? What the fuck is wrong with you for not being as repelled as I am by this demonstration of his apparent get-hammered-and-steal-shit-from-people proclivities? Keeping on our physical-security toes is all well and good, but if people are wandering around conferences getting plastered and going "oh I like that, it's mine now," then maybe those people don't need to be drinking. Or maybe they don't need to be at our conferences.

Or is someone going to try and rationalize theft away now? Note, please, that I'm not saying "if you accept that Gont stole Weidman's and the State Department's property, you must also accept that he assaulted Weidman"; rather, if you accept that Gont committed crimes of property, one of which is probably a federal felony, why would you just handwave a thing like that away?

I'm waiting.
Tags: assholes, couldn't make it up if i tried, cut that shit out, stuff that got dropped in my lap, this is why we can't have nice things
Subscribe
  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 9 comments