View profile

The Cybers Are Weird - Issue #3: Goosebone Prophets

Ian Campbell
Ian Campbell
‘The old-timer generally speaks dogmatically of bad luck, death bells, ghosts, witches and the like. But he becomes a bit more cautious in discussing the weather. “Nobody ever claimed that them old signs was always right,” a gentleman in Jasper county, Missouri, said reasonably. “But I’ve been a-watchin’ the weather for sixty years, an’ I believe these here goosebone prophets are just about as good as the government men we’ve got nowadays.”’ -Vance Randolph, Ozark Magic and Folklore
One of the old ways of Seeing centers around Thanksgiving and feels like a good story to tell today while the leaves change and the winds grow colder and more full of whispers. Recorded in the Old Farmer’s Almanac and numerous books on folklore, and of course subject to various differences according to local custom, goosebone prophecy stands out as a practice spread wide across the country. As indicated in the interview quote above it also continued to hold much sway even as meteorological science advanced.
Some say you only need kill a wild goose in the fall and examine its breastbone to get a hint of what’s ahead. Others impart a deeper ritualism - the wild fall goose must be cooked and enjoyed, and the breastbone preserved and watched over time that the changes in its appearance can provide insight on the winter to come.
And it’s worth it to remember that the folks who swore by this were no credulous fools. They farmed and toiled and lived by the quality of information that came their way about the weather - an epistemology of survival. Not always accurate, but the regularly inaccurate were readily wheedled out as few could afford much foolish loss.
IT in general and security in particular can be the same way - we have our special ways of Seeing, we have our rituals and offerings and festivals. We have our oral traditions that get paid homage in internal video calls and late night trouble sessions but that can never make it to the marketing tracts or podcast episodes.
We’ve got our own goosebone prophets and our own survival epistemology, because those security failures are very much the crop or market crashes of our own fields, tilled with tired hands.

Item 1: For Your Entertainment
Turkey: Hackers allegedly used streaming platform Twitch to launder $10m | Middle East Eye
What a great case of follow-on effects from a completely unrelated hack. Early last month, the livestreaming/entertainment service Twitch experienced a massive breach including details on payouts to livestreamers. Someone pawing through that realized that a ton of Turkish accounts with little or no following were making a killing on collecting Bits - a monetized form of community engagement - and got curious. Turns out it’s a sizeable money laundering operation!
Item 2: We Don't Need No Education
Ransomware Has Disrupted Almost 1,000 Schools in the US This Year
A great piece by Motherboard on how hard-hit schools have been by ransomware attacks this year alone. I highlight it because it’s a fantastic way of understanding federal cybersecurity priorities - one oil pipeline customer/payment system gets ransomwared and entire departments rearrange and retrofit over a declared national security threat to private industry. But a thousand schools disrupted by the same mechanism and it’s simply accepted as part of our incomprehensible dedication to underfunding education.
If this prioritization and utilization of federal agencies doesn’t necessary align with your viewpoints… maybe give your legislators a call. Just a thought.
Item 3: On A Scale of 1-10, How Shady Am I?
New Anti Anti-Money Laundering Services for Crooks – Krebs on Security
This is really neat - someone repackaged some analysis tools and rebranded them as a way for criminals to see just how suspicious their cryptocurrency wallets and transactions look to outside observers.
Because it’s on the blockchain the assets end up exposed in certain ways, and that of course allows for automated analysis of incoming and outgoing funds and the traffic patterns involved. For $3 per inquiry you can see just how shady you look.
I really, really want these services to be secretly run by law enforcement agencies who set them up just to see how many criminals would plug their own assets in and give themselves away. It’s happened before with other dark web services such as drug markets and criminal-adjacent encrypted communications networks, and would fill me with glee.
Honorable Mentions
So someone hacked a cryptocurrency network, transferred hundreds of millions of dollars worth of assets out, and then… transferred ‘em back. This was fun to watch in real time.
Abraxas Spa on Twitter: "🇸🇻 police using a DJI Matrice M300 with Zenmuse H20T camera, during operations against Barrio 18 gang… "
Wrapup
Thanks for reading, folks. Please feel free to hit me up on twitter or email me at igcwrites at gmail with thoughts or suggestions. No pitches, no ads.
As best I can tell I have no conflicts of interest regarding anything above, but if I write up something where I do, I’ll make sure it’s clear.
Please keep yourselves safe, stay masked up, get vaccinated when you can, and be kind where you can.
-ian
Did you enjoy this issue? Yes No
Ian Campbell
Ian Campbell @neurovagrant

Unique items of note in information security/cybersecurity, privacy, and technology

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Created with Revue by Twitter.