Tommy Wren (3:37)

Yep. So you're not describing an entirely free gift. I guess it's a gift that exposes the fishes in society is right. Like that's the point of what you're trying to get at, is that right?

Gruk (3:51)

Exactly, yeah, pretty much. Another example would be, so the UK has got like the, the lowest welfare payments for single mothers in all of Europe. So if you broke into the UK government and you issued press releases saying, we are rectifying this great injustice. Here are all of these studies that show that when you're paying single mothers to stay at home and take care of their kids, you have better school outcomes, you have better attendance, better grades, better graduation rates, all of this stuff. So we are investing in our future with a view to growing the economy in the next 10 years. Blah, blah, blah, blah. All of this stuff that's just backed up by studies. You do that and at the same time you double the payments just to whatever it is to bring it up to the median for Europe. Not like the best, but just not the worst anymore. So then you've put the government in a position where they've come out and stated a logical, clear case to everyone about why they should do the thing they've done. You've actually done it so that you've implemented policy for them and then you leave it to them to figure out what to do. Do they go to all of these single mothers and welfare and say like, actually you have to give us the money back. That's not going to be particularly easy to pull off. But the problem is they would just do it because that's the world we live in and everyone will be like, yeah, that's what's going to happen, the government's going to crash it. What are you going to do?

Tommy Wren (5:18)

I mean, that seems like a very multi faceted campaign and if you were going to carry it off entirely in, you know, cyber operations, it would be difficult to do right I'm sort of fascinated with the idea, but I struggle to see where you could practically apply it. And I think that if you could practically apply it, wouldn't someone have done it by. By now?

Gruk (5:45)

I don't know.

Tommy Wren (5:45)

I mean, I have heard of. Is it fin7. I think they used to also be called Carbonek and they would alter the bank balance of accounts, increase them, and then they would just take out the money. So in fact, the account holder, it.

Gruk (6:04)

Is a gift, did not lose money about it.

Tommy Wren (6:08)

But that's not exactly the same as.

Gruk (6:12)

The thing is, banks have a way of, if they accidentally give you too much money, then they can claw it back. Right. But I think it's difficult if you do it in other ways. So, yeah, one of the attempts that sort of makes sense to me would be if you go after a very large company that has narrow margins, even one that doesn't, and then you go after their finance department and you just give everyone a $1 per hour pay raise right before payday. You disable any of the checks in place, people get paid not a huge amount of money, more. But for someone who's making very low hourly wage, an extra dollar an hour is a significant amount of money, whereas for the business, it's not the end of the world. It would impact their margins by some amount, but not massively. But you've now created a situation where does the business go to all of the employees and say, we gave you too much money. Next paycheck, we're going to not pay you that amount to compensate for whatever we gave you? Do they go to the government and say, like, this was an attack, we want to be compensated for what we've lost. Do they write it off? It puts them in a difficult position of where do they go? And I think that that would create a. Like, you would highlight a contradiction, it would highlight a fissure and that would allow a different vector of attack. If you now went to, like, organizing to have the $1 an hour raise made permanent, that would be a thing that you could promote and it would have much more traction.

Tommy Wren (7:48)

Yeah, but, yeah, like that's.

Gruk (7:51)

It does end up becoming this sort of, like, not necessarily convoluted, but there seems to be too many layers for it to actually have a proper impact.

Tommy Wren (7:59)

Right? Yeah, yeah. So in that example, it's hard to know what effect you would have.

Gruk (8:03)

Right.

Tommy Wren (8:04)

So I think it was the National Cyber Force, the UK's national cyber force, they wrote what I thought of as a white paper about offensive cyber and their three principles I think would be targeted, tailored and precise.

Gruk (8:21)

Is it?

Tommy Wren (8:22)

That's one principle expressed three ways. But yeah, one of the points was to do something that would have an effect that they could predict, whereas being nice. Like I said, I like the idea of trying to expose fishes, but it's opaque to me what the actual outcome would be.

Gruk (8:42)

I don't think it's predictable.

Tommy Wren (8:44)

Like you could just force people to like each other, which is like, I don't know.

Gruk (8:50)

Yeah.

Tommy Wren (8:50)

It's probably not what I wanted.

Gruk (8:51)

Send out Hallmark cards for everyone's birthday. You know.

Tommy Wren (8:54)

That's right.

Gruk (8:55)

Yeah, yeah. No, I think part of the problem is it doesn't necessarily have a visible effect and any effect it does have is unpredictable, which is sort of part of what you're doing. Right. You're taking a chaotic system and applying pressure somewhere like you're going to get chaos because that, that's what you started out with. Right. So the. Yeah, the results are unpredictable. But I think that if your point of view is China is my enemy, anything that makes China less stable is good for me. I will do that. Right. And so you find ways to create these situations within China. I can see that as being viewed as a, an approach that some governments would take because why not? Right, right.

Tommy Wren (9:42)

Yeah. And so I guess if it's a long term, many opportunities to introduce that kind of discord, like it's a gift that causes discord, I think is the.

Gruk (9:53)

It'S like the golden apple of the Trojan War, which is it was thrown between the three goddesses and it says for the fairest. So the three goddesses have to choose which one deserves the golden apple. Right. Like that's sort of what you're doing is like someone's going to get a golden apple but going to piss off everyone else.

Tommy Wren (10:10)

Right.

Gruk (10:10)

Like I see it sort of you're doing that like someone comes out ahead, but in doing so, other people lose.

Tommy Wren (10:18)

Yeah. So one of the pieces of news that came out of China some time ago now was that I presume it was the rocket force, that some of their missiles were fueled with water, I think was the story. And that struck me as the sort of story which would be quite effective in undermining confidence within the Chinese leadership that we've got a rocket force that can actually do the job that we want, whatever that job was.

Gruk (10:48)

Right.

Tommy Wren (10:49)

And so like I was thinking to myself, well, is that some kind of operation? You could easily imagine that leaking that material to the press or giving it to the press, if it's secret intelligence, would be Actually, yeah, this is worthwhile. It's harder to imagine that they actually created the situation in the first place, but not impossible like with human agent in the right place. And that seemed to me the sort of operation that a planner could go, okay, step one, step two, undermine confidence. Step three, off we go. Yeah, sign.

Gruk (11:25)

Yeah. Well, I'd also point out that the, like the Vietnam War, particularly when it was the Indochina War, Van Zap, the general under Ho Chi Minh, was in charge of the Viet Minh army that destroyed the French at Jianben Fu during the Indochina War. His book on this basically points out that the way that they defeated the French was by exploiting inherent contradictions. So his thing was that the contradiction that they faced was as a colonial power, like they didn't have a large army. So they would either have to spread out in order to provide protection everywhere, which case they were spread thin. And so they could be defeated in detail. You could just pick off these smaller isolated areas, or they would have to concentrate. And if they concentrated, then they couldn't defend all the other areas that they were no longer in. So that this inherent contradiction that he was exploiting the entire time. And I think that that sort of view can be applied to this thinking of, like, if you can find an inherent contradiction that you can exploit, it's worth considering that you don't need to exploit it by destroying things.

Tommy Wren (12:39)

Right, okay. The examples that you've given me, none.

Gruk (12:43)

Of them make sense.

Tommy Wren (12:45)

Exactly. And so now, on the other hand, I'm not convinced that the real world examples of offensive cyber operations that we have, which are kind of the large scale, attempted destructive ones, none of them really seem to have paid off. Some of them seem to have come close. Now, like I said, that white paper from the UK Cyber force, that to me seemed like, yes, spot on. The this is the sort of thing we're after would make sense. Maybe not what we're after, but make sense.

Gruk (13:21)

Right. And one of the things that they pointed out though, was that it works against small groups.

Tommy Wren (13:26)

Yes, that was. Yeah, yeah, so. So cyber gifting you think would work against larger groups? Is that your.

Gruk (13:32)

I think it could.

Tommy Wren (13:33)

Where does it fit into this sort of paradigm between, you know, very much better. Between, on one hand, the very small scale tail, tiny effects that have hopefully predictable outcomes on small groups. The destructive stuff that is destructive, but doesn't seem to have been so far all that effective. Like this is a third way you're proposing?

Gruk (14:03)

Yeah, well, I feel like I'm rounding out the possibilities and I want to explore the idea of using cyber for things other than replicating military kinetic operations. And I think that it's worth looking at cyber as what are things that you can do in cyber that you can't do anywhere else? So if you look at cyber as well, it's a way that we can destroy things and still recover them quickly. Yes, that takes advantage of one of the properties of cyber and that it's sort of soft and can be reversed. But that's very minimal thinking. Like you're not really exploring what you can do with cyber, you're just looking at like how a cyber like artillery system, but different. And I think that that's a limited blinkered view. So I'm very much interested in things like using cyber to create situations that manipulate social dynamics, which I think is an interesting approach. It's been viewed purely through the lens of information warfare so far that it's always been. If we lie to people online then we can change how they behave. And that's certainly true. But that's not the only thing that you can to change people. Like people respond to incentives. So I think there's more to cyber.

Tommy Wren (15:18)

Right.

Gruk (15:18)

Than is dreamt up in your philosophy is where I'm getting at with that. And I think that this approach explores one of those options. All of the literature is basically about assume that you're a state and you're facing another state, what's the things that you can do to each other. And that's ignoring the majority of cyber. I think that there's just so much more out there, like non state actors, things other than attacks, you know, there's just so much to be done. And I think that this like cyber gifting or cyber discord attack, it provides, while maybe not a practical formula that you can implement it at least forces thinking outside of the paradigm of destroy, deny, disrupt.

Tommy Wren (16:07)

So one thing that occurred to me as you were speaking is that I read an academic paper quite a long time ago where they had given Chinese netizens behind the Great Power access. I can't remember if it was to VPNs or what it was, but it basically provided the people in the study with access to uncensored news from Western sources. And the details escape me, but they managed to create some premise where it wasn't clear that the point of the study was to give you uncensored news and then see what you thought about it. And it seemed like sort of breaking down the great firewall in that sort of subtle way where people don't know that that's the point that might actually be some sort of cyber gift that could. Could fall into the category that you're talking about. But again, in that example of undermining the great firewall, it's not clear to me what you get, what you would get out of it. Yeah. Like, it seems like there's the friend of my enemy is my enemy. Like, the Chinese government spends time and effort maintaining the great firewall. Therefore, it must be good for me if it breaks down. But I don't know that that is actually true. And what would I get out of it? I might get political discord in China that might distract them from doing other things. Does it actually benefit me? No, I don't know.

Gruk (17:38)

That was kind of the theory behind.

Tommy Wren (17:40)

Radio Free Europe and Voice of America and.

Gruk (17:45)

Right. All of these things of, like, if you can just get true information to the population under an authoritarian regime, that will inspire them to something like, that was sort of the. And, you know, it seems like a lot of that is based on the experience of World War II, where you had, like, the. The BBC secretly broadcasting into France, you know, occupied France, for example. And I'm. I'm not sure it's a direct parallel. I think that there's. So I do believe that there's merit to it, and I think from speaking with people who were there, like, there was value that they got out of having the sort of unbiased news, but I don't think it played such a major role in winning the war. Yeah. But I mean, on the other hand, it's quite cheap to do and it's good for the people, so maybe.

Tommy Wren (18:40)

Yeah, like, I like the idea as well, but you probably don't need a cyber operation to do it. Right, right. Probably just need. Well, like.

Gruk (18:48)

Well, I mean, you kind of do. Right. I think one of the problems with a lot of this, you know, like, if we can just get them the right information, is it's based very much on the theory that other people want to be Americans. They just need the opportunity. Right. So if you can. If you can just give them enough stuff that they can become Americans, they will do that spontaneously.

Tommy Wren (19:07)

Yeah. Give them enough blue jeans and.

Gruk (19:09)

Right, right. Exactly. Like it's the Full Metal Jacket quote by the Colonel inside every indigenous Vietnamese is an American trying to get out.

Tommy Wren (19:22)

Okay. So we've kicked around some ideas about what a cyber gift might look like, and to be honest, still none of them sound all that compelling to me. So what's the problem with the current strategic thinking in the cyber operations? Space.

Gruk (19:41)

Yeah. So I think it's. A lot of it comes from the sort of the original sin of American strategic cyber thought, which is that they've read Class Fits and they saw, like, okay, you know, there's the center of gravity, and you sort of. You know, there's something about politics, but you can kind of ignore that. But it's about destroying the will of the enemy. So destroying the enemy is what we can take out of that. And the center of gravity is like, where they get their strength. So we destroy their center of gravity. Right. And so they look at these things and they sort of come up with the idea of that the way that you win is you have a decisive battle. And if not one decisive battle, two or three or however many. Like, however many it takes to completely destroy the enemy. And once you've destroyed the enemy, you win. That's what you're aiming for, is you're getting to the point where they are no longer able to contest, like, where they have no army, so you don't need to pay attention to them. That's very much the American view, and it sort of misses the mark because obviously the point of Clausewitz is that war is a way of achieving a political end. So the thing that you're trying to do is actually achieve that political end goal. And when you're fighting the war, it's not supposed to be about destroying the army of the other side, which might be the way that you achieve your political end, but it might not be right. For example, if you're in Afghanistan or Iraq or Vietnam, destroying the other side's army is not how you achieve a political victory. Like, that's not how you achieve your ends.

Tommy Wren (21:09)

Yeah, yeah. In case people forget, in Afghanistan, they disbanded the army. Was that Iraq?

Gruk (21:15)

That was.

Tommy Wren (21:16)

Iraq disbanded the army and then.

Gruk (21:19)

Yeah.

Tommy Wren (21:19)

Like, they were in a position to control it. And so they didn't have a force to maintain security, I guess.

Gruk (21:27)

Yeah. So they disbanded the civil service and the army, and that created a lot.

Tommy Wren (21:32)

Of ongoing problems, a vacuum.

Gruk (21:35)

Yeah. In Afghanistan, they defeated the Taliban, but then they didn't create a political structure to maintain order, which was, to a degree that was the goal, is having a political outcome. Instead, they achieved this military thing of destroying the enemy, and then it was a. You know. And now what?

Tommy Wren (21:55)

Right, right. So in a way, you're saying that the. Because the US Military, I guess, has a heritage of divorcing the military goal from the political goal. And so therefore they're. They're sort of disjointed and they can achieve Military victory and still lose the peace, I guess.

Gruk (22:11)

Right. They can even lose the war. So there's this somewhat famous story where a US Colonel after the Vietnam War was at an embassy function of some sort and he met one of his counterparts from North Vietnam, like a North Vietnamese general. This colonel goes up to him and says, you never beat us on the battleground. Like you never defeated us on the battlefield, not once. And the general looks at him and says, that may be true, but it is irrelevant. Right. And so the colonel keeps repeating the story about how like the Vietnamese lost. That's what you have to understand, right. That they lost. They admitted, I spoke to him and he said it was true and he admits that he lost. And we were stabbed in the back. Like somehow, somehow we ended up leaving even though we were winning on the battlefield.

Tommy Wren (23:06)

Right.

Gruk (23:06)

Like he still can't wrap his head around the fact that the other guy was right, that like it was irrelevant. Like that wasn't what mattered in terms of winning the war. And I think that that disconnect exists throughout the military. That there's very much this understanding of the military does the military thing, which is blowing stuff up, and the politicians do whatever they do as long as they stay out of our way. And that's a problem because obviously what you're trying to achieve is some political outcome. And I think that that strategic vision of how do we destroy this thing so that they can't threaten us anymore, or how do we destroy them so that we no longer care what they say because they have no way of expressing it, that has permeated their approach to cyber. It's very much, they're looking at it from the how can we use cyber to damage the other side to a point where they're no longer a threat?

Tommy Wren (23:57)

Right. How can we augment our military capabilities with this magic cyber stuff?

Gruk (24:03)

Exactly. And I think it falls into the same trap where you're going to have a sort of Vietnam thing of like, you never defeated us in cyberspace. The other psychos. That may be true, but it is irrelevant.

Tommy Wren (24:14)

Right.

Gruk (24:14)

You know, like it's, you can, you can win all the battles and still lose the war.

Tommy Wren (24:19)

Yeah.

Gruk (24:19)

And that's very much.

Tommy Wren (24:20)

Yeah. You can conduct sterling, top notch cyber operations and not achieve what you want to achieve.

Gruk (24:29)

So breaking that kind of thinking is one of the, like, one of the reasons I've been thinking about this discord sort of attack is that it goes against the grain of the how do you destroy things to win? Right. By looking at the how do you foster Winning without destroying things. Like, how can you create the conditions for victory without having to smash everything? Like, how can cyber achieve that without having to turn off the lights or make the ATMs not work? Like, what are the things that you can do?

Tommy Wren (24:58)

I like unorthodox thinking. I like counterintuitive stuff. This feels to me counterintuitive, yet at the same time kind of useless in that I struggle to see practical application that actually works. Yeah. And what occurred to me is that in most of the organizations or structures that I'm aware of that the offensive cyber places, the places that would do this cyber gifting sit within the military and they talk about offensive cyber in a military kind of way. They talk about cyber fires, they talk about, you know, being able to achieve military objectives. A military objective is not to be nice to people.

Gruk (25:45)

Well, I mean, it should be though, right? Like that. Well, I guess that's that sort of coin. Right? Like that's, that's heart to minds, but it's.

Tommy Wren (25:54)

Yeah, maybe that's a. Yeah. This makes me think that perhaps that the structure for that kind of thinking is just wrong.

Gruk (26:03)

Right. No, I agree.

Tommy Wren (26:04)

And so either we'll never see it, which I think would be a shame. I think it'd be nice to be able to talk about cyber gifting operation.

Gruk (26:11)

Yeah. If anyone wants to cyber gift me. So like, basically I've, I have, I believe, a very good basis, like this good idea where I know there's this thing you can do and I know that it will achieve something. I just, I don't necessarily have a good concept of operations of how to get from here to there, you know, like I've got this great beginning.

Tommy Wren (26:33)

It's the underpants gnome of offensive cyber. Step one, give away stuff. Step three, profit.

Gruk (26:49)

Thanks a lot, Tom.

Tommy Wren (26:50)

Thanks, guys.