The latest effort to spread wrong information by ASPI — which styles itself as an independent, non-partisan think-tank — is an article titled A chance to get smarter in cyber space of intelligence written by Danielle Cave, deputy director of its International Cyber Policy Centre and published in The Australian. It is said to be an edited extract of her essay, Data Driven, in the new issue of Australian Foreign Affairs, Spy v Spy, which was published on Monday.
The spreading of fear, uncertainty and doubt is an old tactic; one of the best examples I have seen was by then US Defence Secretary Dick Cheney when he visited Saudi Arabia in August 1990, soon after the late Iraqi leader Saddam Hussein had invaded Kuwait.
Cheney had doctored satellite images with him, showing Iraqi troops allegedly inside Saudi Arabia, to use in his bid to convince the Saudi monarch, the late King Fahd bin Abdulaziz Al Saud, to invite American troops in to guard the Kingdom. Saudi Arabia was awash with American arms and fighter jets at the time and many princes had become F-16 pilots as it was a glamorous job. But on the morning after the invasion, none of these princes showed up for work.
But I digress. Cave starts with Wuhan and the coronavirus, a subject about which there has been no conclusion yet – apart from in the US where both President Donald Trump and US Secretary of State Mike Pompeo have claimed they have intelligence to show that the virus leaked from a lab in Wuhan.
Of Wuhan, Cave claims that discussions on WeChat in November resulted in a lot of information being generated, all of which was collected and stored in various places, including the Microsoft-owned code repository GitHub.
Then there is more speculation that numerous governments and intelligence agencies were monitoring this process. Enter a so-called state actor, given the moniker APT32, and said to be of Vietnamese origin. Apparently, Cave believes that this actor gained enough knowledge to alert Vietnam to shut its borders early.
As an aside, the use of the term APT has been termed useless in describing attack groups. "The terms 'APT', 'targeted attack', 'nation-state sponsored', and even 'cyber-espionage are inaccurate and misrepresent the object of study which is to say an espionage operation partially carried by the use of malware," wrote seasoned researcher Juan Andrés Guerrero-Saade who works with Russian security vendor Kaspersky in the US.
"The execution of this complex task is largely determined by a cross-section between the requirements and resources of the attacker, the particular features of the victim systems and the dynamic and opportunities between the two.
"The breadth of interactions that arise therein lend themselves to persistent attacks that are not advanced, advanced attacks that are not persistent, widely distributed attacks intended for a specific target and targeted attacks with the intention of reaching a wider audience. APT is the generic moniker applied to all of these cases for the same of convenience and easy marketability, at the expense of accuracy and greater understanding."
Cave then proceeds to an examination of changes in approach by spies because of the coronavirus pandemic. Claims that collection of intelligence, especially humint, are difficult and that agencies take time to redirect their efforts from one area to another — whatever happened to so-called agile methodology? — are then aired, followed by speculation about how intelligence was collected during the early months of the pandemic.
At this point, Cave claims the most important question is how intelligence agencies will operate after the pandemic subsides and that such operational procedures need to be finalised right now.
One very good explanation of the way fear is whipped up to control the population was provided by the goth singer Marilyn Manson in the film Bowling for Columbine. The clip below should be enough for anyone to watch and understand.
There is then a very fanciful claim: that the pandemic was a so-called black swan event. Rubbish. For years, Microsoft co-founder Bill Gates. who can hardly be described as a retiring sort, has been warning that a pandemic would hit. We've had apertifs aplenty: SARS, MERS, Ebola, to name just three.
Stephen Soderbergh produced a film in 2011 titled Contagion with big names like Matt Damon and Gwyneth Paltrow. And former US president Barack Obama's administration was so convinced of a pandemic being on the horizon that it prepared a whole set of procedures to deal with one.
No, this business of naming COVID-19 as a black swan event is purely to lay the blame on China — which is, by the way, ASPI's biggest target these days — and make it seem that were it not for Beijing's lethargy, the pandemic would never have been. Which is rubbish of a very high order. The truth is we just don't know right now. But when did that stop ASPI from creating its own myths? [There have been reports of traces of the coronavirus being found in sewage in Spain in March 2019; additionally, an Oxford University expert believes that the virus may not have originated in China at all.]
Then we have another small dose of misinformation: that the Australian Signals Directorate was involved in warning the government to ban Chinese telecommunications equipment vendor Huawei Technologies from having a role in the 5G networks. Again, this is false. Australia, once again. was told what to do by the US and promptly followed orders.
Cave is excellent in following the Goebbelsian recipe: repeat a lie over and over again and if people have no chance of learning the truth, they will believe the lie.
And then we come to the nub of the whole thing: hey, give us some money. Here's the way Cave introduces her begging bowl: "As billions more netizens and smart devices come online around the world, conquering data will be essential. Collecting data is the easier part; analysing it is hard, and storing huge datasets can be astronomically expensive. Finding the needles in the haystack will require financial investment, a greater use of emerging technologies such as machine learning and the right mixture of analysts."
And, sure, if any money is provided to fund these resources, there will definitely be a need for consultants (read ASPI), advisers (read ASPI again) and analysts (read ASPI for a third time).
Again, once this kind of rhetoric has borne fruit, all of ASPI's sponsors will be laughing all the way to the bank. The likes of French defence contractor Naval Group, shipbuilder Austal, US defence contractor Lockheed Martin, US defence supplier Northrop Grumman, Swedish defence company Saab, the Australian arm of American defence contractor Raytheon, MBDA Missile Systems, French defence giant Thales, and Jacobs, a global provider of technical, professional, and scientific services, will all stand to gain.
So too will the sponsors of its cyber arm: Services Australia, Microsoft, Google, au domain namespace administrator auDA, security firm Palo Alto Networks, Thales, Amazon, the Cyber Security Co-operative Research Centre, the National Archives of Australia, the Department of Prime Minister and Cabinet, AWS, the Australian Signals Directorate, AISA, CyberCX, Facebook, Fortinet, Splunk, UpGuard, Jacobs and encryption company Senetas.
If anyone missed Cave's fund-raising effort, here she is again: "Our intelligence chiefs increasingly will have to come out of the shadows to talk to and engage with the public. Major decisions, emerging threats and increases in public spending, particularly when cyber and technology issues are involved, need to be explained, and justified, by the government."
This bid to raise money is understandable given that ASPI, despite this illustrious list of weapons manufacturers on its donors list, was short of some $70,000 in 2018-19. Doubtless, the organisation would prefer to have cash in the bank.