Low-quality, high-entropy information incites war

This article is practice for my ongoing and developing theory of fundamental information classification. I do this for fun.

From the SANS NewsBites Vol. 14 Num. 76 email:

The Financial Services Information Sharing and Analysis Center (FS-ISAC) has issued a warning to US financial institutions to be alert for cyberattacks following outages on the public websites of Bank of America and JP Morgan Chase. There are reports that several banks are being targeted by distributed denial-of-service (DDoS) attacks, but the others have not been named. The warning from the FS-ISAC comes just two days after the FBI issued a fraud alert warning that cyber criminals may be launching attacks as a distraction from attempts to conduct fraudulent wire transfers. National security officials in the US now believe that Iran is behind the attacks on the bank sites, and they may have been launched in retaliation for US sanctions on Iranian banks.

Source-provided link: Officials see Iran, not outrage over film, behind cyber attacks on US banks

The primary information of this specific article includes: “Iran” “attacks”, and “US”. Information classification has been discussed here: http://yawnbox.com/736. Information entropy has been discussed here: http://yawnbox.com/385.

All possible facts aside…

A group of purported hackers in the Middle East has claimed credit for problems at the websites of both banks, citing the online video mocking the founder of Islam. One security source called that statement “a cover” for the Iranian government’s operations.

A “…source…” existing at all is primary-derivative information, because the primary information would exist without the support of this derivative information — in other words, the information network(s) that this article is, is bettered by the inclusion of this derivative information.

All in-network information (having to do with the primary information) should start out with a “primary-” indicator. All in-sub-network information, or, information concerning supportive information (secondary, meta, operational, or derivative) should start out with a “primary-[secondary,etc]-” indicator. Dependencies should always be explicit when identifying information classifications and information network definition.

“One [ ] source…” is low-quality primary-derivative-operational information. It is “operational” because of the defined rule of there being one and only one source, from which the primary information is presumed to be based, creating a low-quality primary-derivative information dependency. The stakes on this dependency is high and the explicit nature of one-and-only-one, lacking diversity or specificity, can only get lower one more time (zero sources). Information entropy = high.

One “…security…” source is low-quality primarty-derivative-operational-meta information. It is “meta” (purely: an indication about the nature of non-meta information and not definitive enough to be operational or derivative, yet attempts to be operational) information in an attempt to support the “…source…” operational information, being that “security” has multiple (non-related) definitions that are dependent on third-party and/or non-communicated ideas. Information entropy = high.

Observational note: the inclusion of “…security…” to describe the “…source…” can go both ways in terms of supporting information or disinformation. It may be that fourth-tier information (primary=1st, -derivative= 2nd, -operational=3rd, -meta=4th) will always have this “either-or” effect. Or, perhaps, because it is dependent “meta” information.

“One security source called that statement “a cover”…” is low-quality primary-derivative-operational-derivative information. It is “derivative” information, in support of the operational information provided by the “source” (priamry-derivative) information. Due to the dependency on the upper-tier information (derivative and derivative-operational) and the stark “take my word for it (by an unknown actor)” play, information entropy = very high.

The attack is described by one source, a former U.S. official familiar with the attacks, as being “significant and ongoing” and looking to cause “functional and significant damage.” Also, one source suggested the attacks were in response to U.S. sanctions on Iranian banks.

“…[B]y one source…” is low-quality, primary-derivative-operational (see above) and primary-derivative-operational-derivative information. The additional, fourth-tier information classification (-derivative) is evident due to the fact that the language used distinguishes this source from the former source in the article. It is not “meta” information due to the fact that it is supportive in understanding the article’s supportive presumed-information. This additional information classification is further supported by the (still low-quality) primary-derivative-operational-operational information, or, the operational information that specifies that this source is “…a former U.S. official…”. Information entropy = high.

Observational note: Information can and likely always has multiple classifications.

“…[F]amiliar with the attacks…” is low-quality primary-derivative-operational-meta information. It is “meta” to the “…one source…” because it attempts to describe how well the source should understand the nature of the primary information of this article. It is implicit information, meaning that it is lacking any supportive information, yet is being used as supportive information for dependent upper-tier information.

Observational note: “implicit information” needs further definition. Perhaps it is simply high-entropy information, which requires an explanation, or it simply represents the nature of “meta” information.

“Also, one source suggested…” is low-quality and follows the same logic outlined above. This appears to be a third, unknown source. Information entropy = high.

The former head of cyber-security for the White House testified Thursday that “we were waiting for something like this from Iran.

“We” is low-quality primary-derivative-operational-meta information. It is “meta” because “we” (more than one, including s/he) is not supported by any explicit information–the sentence implicitly suggests close ties with the White House. It is attempting to support the third-tier operational information, or, the act of said group (second-tier derivative) expecting (third-tier operational) an attack “like” this. There is a disconnect here. At first glance, “we” reads as if explicit derivative (fourth-tier) information. It is very easy for me to read this sentence and presume that “we” is explicit given the implicit context of the quote. This portion of the article could be substantially bettered by the addition of derivative (fourth-tier) information. Information entropy: very high.

“…[L]ike…” is a huge red flag. This is low-quality primary-derivative-operational-meta information. Qualitatively, there are so many things that an “attack” can be like. US intelligence for government requires specificity. Information entropy = very high.

Retrospectively, all primary information networks that have dependencies on these  primary-derivative pieces of information have high to very-high entropy, meaning, the likelihood of misleading and/or disleading information is high to very high.

Information that is intended to conform an informee to an idea(s) can be dangerous. In the United States, citizens are often[1] exposed to information that compels an informee to generate information networks (knowledge) that align with the possibility of war between the US and Iran.

[1] http://www.aljazeera.com/programmes/listeningpost/2012/02/20122258252674477.html

This analysis of this single source is still dependent upon the likely existence of “secondary” information (the absence of primary information) and/or the likely existence of supportive (meta, operational, or derivative) information or misinformation.

UPDATE 2012-SEP-23

Some support my findings:

“Iran has not hacked the US banks,” Head of Iran’s Civil Defense Organization Gholam Reza Jalali told FNA on Sunday.

Source: http://english.farsnews.com/newstext.php?nn=9106241736

UPDATE 2012-OCT-03

Some more support my findings:

…none of the five experts interviewed for this article had any evidence to support claims the attacks were sponsored or carried out by Iran…

Source: http://arstechnica.com/security/2012/10/ddos-attacks-against-major-us-banks-no-stuxnet/


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s