society

all warfare is based on deception

hornet

hornet

5 min read
all warfare is based on deception
breaking all rules of thought cohesion with a 12-gauge slug - call that shit forced entry

since the dawn of time, humans were killing each other and inventing new ways to do it more efficiently. from sticks and stones to guided missiles and thermonuclear weapons, mankind always thought one thing - is there a way to kill more with less resources spent? and some of them had found the final answer in the mid-80s, in the long and tight corridors of intelligence agencies buildings.

mass-scale psychological warfare campaigns, also known as psyops, are by far the most common and effective weapons of the 21st century. though the history of psychological warfare is as old as humanity itself, starting from plain screaming, arrows with death whistles and battle horns - today it has incorporated some of the best humanity's inventions of the last century, them being computers, networks and everything that stems from it.

"well, duh" you might say, reading all of the above - words you've heard thousands of times, maybe even pondered on them a bit, just to brush off with "it is what it is" and go about your day. and that's exactly what everyone appears to be doing wrong. unknowingly being a victim of such warfare campaigns is one thing, but if you acknowledge their existence and influence on you and still allow it to happen without any sort of internal resistance - then, my friend, you're betraying yourself. "but what can i do about it?" you might ask, and my first response would be: deception.

let's elaborate on this "deception" thingy a little more. and for that, allow me to use a fairly simple threat model that will help us outline who is who and what is what:

it will all make sense in a minute

on this chart, red boxes represent threats themselves and blue boxes represent their sources. solid arrows represent direct influence or relation, while dashed ones represent indirect or unproven(though suspected). yellow arrows are a bit special - they represent how one threat source uses another to achieve it's goals.

here, on this example, we have some threats that affect the person in question, though we will only focus on three of them for now:

  • mass-scale cyberwarfare - nation state activity in the geopolitical forefront of the cyberspace, attacks directed at government and public infrastructure;
  • mass-scale psychological warfare - also a nation state activity, but involving using information sources available to the global public in a way that promotes a certain agenda;
  • OPSEC failure - an umbrella term that means privileged and/or private information of said person is made public against his will or ability(doxxing, personal documents or photographs leaks, credentials theft, etc.)

those three threats are pretty much universal to any person who lives in our time, regardless of geographical location, wealth or age. everyone is affected by some manifestation of them, be it plain old state-sponsored propaganda in your newspapers or online news, or citizen database leak originating from one of the many ministries. there are hundreds of thousands of people, from different sides and groups, whose only job is to exploit you to the fullest of your potential. nobody is 100% safe, but some are less prone to be severely affected than others. but why is that?

here's where deception comes into play.

protecting yourself in the digital world of our time is not an easy feat, all things considered - corporate-led and government-backed dragnet surveillance, malicious actors of widespread origin and motivation, cyberwarfare activity is at it's peak and still rising. all these endeavors, however, rely on one thing at most - information. and by committing to hide, exclude and poison said information about yourself and your whereabouts in all planes of existence, you set upon a path of never-ending asymmetric warfare against forces far greater than you, yet still possible to withstand against.

you probably already figured where does deception play its role here. but as an interactive example - imagine that your personal information was leaked because of a government database "breach"(most of those are actually shadow deals with concrete sums and middlemen, i believe), so your legal name, contact info, residential and banking information is now available to someone other than you consented to share this data with. in this scenario, we have two forms of counteraction possible - preemptive and post-mortem, aka damage control.

as for the former, you would opt-out of all government services to the possible extent, leaving only bare minimum attack surface exposed, although that is increasingly harder to do with respect to current trends. also, preferably, you would obfuscate some of the information that bears little to no legal consequence if found incorrect or has lower chances of being discovered as being such, like leaving your old residence address after moving to a different place, submitting an old phone number that is no longer active(that might lead to some inconvenience however, i.e. authorization in services that require OTP of some form sent via SMS or messengers).

moving onto the latter, your damage control strategy would likely include making the information that was exposed irrelevant, such as changing your phone number, bank accounts, passwords, perhaps even a place of residence, if your threat model requires such measures. all of this is usually performed without any concrete end goal in mind but rather to the best effort possible, since circumstances often limit us in what we can change about ourselves at the exact point of time.

now, i want you to consider that your adversaries use deception in some form to achieve their goals as well, and they have vastly larger resources that you ever will have, in regards to computational power, personnel, working hours, legislation, and most certainly physical force. just like modern armies use covert communications and disinformation campaigns, so do APTs and other threat actors you might come across. needless to say, they have excelled in the art of deception - hence why you should master it.

for every distinct threat in your model, you should have at least one, and preferably more, means of mitigation said threat. yet the cornerstone of it should be - again - deception, an indirect means of preventing or minimizing the impact of the actions against you by spreading misinformation about yourself, concealing or withholding details of your whereabouts and person, and imitating average behavior with reasonable deviation to make yourself appear insignificant to your adversary. the exact methods may vary, yet they all are directed to one goal - deceive your enemy to ensure his failure in his actions against you. this is a fight without direct confrontation, an elusive dance of one and the many, appearing to be a waltz from afar, but being a martial art under the covers of lies and misinformation. to deceive, but not be deceived.

you don't have to defeat your adversary in a fair fight, since that is usually impossible - you only need to avoid him long enough and keep dodging the swings, which will eventually result in exhaustion and resource reallocation to a more prioritized target .examples of such, without chronological order: vietnam war, GWOT, kurdistan resistance, soviet and polish partisans in WW2, baltic "forest brothers", even WW1(if looked at a certain angle). remember, this is asymmetric warfare - you are outgunned and outnumbered, but the element of surprise is usually on your side due to how insignificant you are for any statistics-driven behemoth. also, do not fucking die. as long as you're alive and well - you win.

and i will say it again, all warfare is based on deception.

Read more