Photo by Michael Bracco.

Kotgham from Korea

Deep in the mountains, there was a small quiet village, and on the mountain behind this village lived an enormous, terrible tiger. One evening, the tiger crept down into the village to get something to eat.

Bogeyman. Original artwork by Michael Bracco.

He came to a house where a baby was crying and had been for a while. “What an annoying brat,” thought the tiger. “By eating him, I’ll put an end to this racket.”

The mother in this story threatens the child first with a fox, then with a bear, but the child keeps crying. Desperate, the mother cries: “Look! The big tiger from the mountain is here, right outside the window!”

The tiger, of course, is flattered, but the child keeps crying. The tiger is flummoxed, but decides to eat the child to demonstrate his power.

But just as he is about to pounce, the mother cries, “Look! A persimmon!” and the baby stops in mid-cry.

“A persimmon!” thinks the tiger. “More fearsome than a fox or a bear? Even more terrible than me? What a horrible monster it must be! I’m done for if the Persimmon sees me,” and in a single leap he leaves the village and runs away back up the mountain.

There are many versions of this horror story: at its core is the fact that the tiger doesn’t seem to know what a persimmon is, despite his otherwise articulate reflection on his own hunger and his helpful, even prosocial attitudes toward noise control. As a result, something mundane—indeed, even delicious and nourishing—acquires the power to terrify, as well as a reputation for being powerful, dangerous, destructive, and silencing.

This is how monsters are born/made.

Don’t WannaCry

Deep in the mountains, there was a small quiet village, and on the mountain behind this village lived an enormous, terrible hacker. One May evening in 2017, the hacker was bored and he crept down into the village and released a computer exploit known as WannaCry.

It was a widespread and devastating ransomware attack in which 230,000 computers in 150 countries were encrypted and ransomed in Bitcoin. Mission-critical systems like the National Health Service in Britain and Deutsche Bahn in Germany were affected, as well as corporations in China, Russia, and South Korea.

The hacker used an exploit known as EternalBlue and a worm called DoublePulsar, which together encrypted the files and displayed a ransom message.

In a twist, the code also contained a kill switch discovered by @MalwareTech (a.k.a. Marcus Hutchins). By prying into the software he could trick the worm into thinking it was in test mode, forcing all traffic to his own fake server. Bizarrely, on his way to the hacker convention DEF CON to celebrate his success, Marcus Hutchins was arrested by the FBI on suspicion of cocreating an unrelated piece of malware. His arrest raised the question of whether he might himself have been involved in this attack, since he was so quick to help stop it.

“Look!” shouts the mother. “Criminals! Stop crying or he will steal all your money and your identity too!”

But since Bitcoin is a public ledger we know that only 367 payments totaling $130,000 were made. The fact that this number is so low suggests that the motive was not simply criminal. As one security analyst earnestly blogged: “If the goal was currency generation, the financial support infrastructure would have been more robust and they would have worked harder to make the payment mechanism more user-friendly.”

But WannaCry went on crying. So where did EternalBlue and DoublePulsar come from? Was it an old exploit, a so-called zero day?

Neither. The tools were well known because they were created by the U.S. National Security Agency (NSA) as offensive weapons to be used in their own massive, unaccountable digital spying and warfare operation. Naturally, they had not previously alerted Microsoft or anyone else about the hole or their tools for exploiting it.

“Look!” says the mother. “The National Security Agency. Stop crying, they see you and know everything you’ve done!”

But the NSA was not behind the attack. Too amateur. The NSA would have created a robust customer support system, for one thing. No, the story has yet another twist: the EternalBlue exploit was part of a cache of such tools released between August 2016 and April 2017 by a group called the Shadow Brokers—a mysterious person or collective possessing an impressive cache of tools and exploits that they somehow stole or acquired from the NSA.

The Shadow Brokers first tried to auction the tools off online, but when that failed they simply released them for anyone to use.

Some think they are Russians, but their messages bear more similarity to activist hackers like Phineas Phisher, whose interest is not espionage or crime but a public-interest warning about the range of vulnerabilities that the NSA (and private security firms) have discovered, weaponized, and kept secret—an instance of what Phisher calls “hacking back.”

“Look!” cries the mother. “Hacktivists! Stop crying or they will rend the social order and unleash chaos in our world!”

But there is no evidence to suggest that the Shadow Brokers were directly behind the WannaCry attack.

No, a different bogeyman is conveniently available for this purpose: a persimmon, of course, called North Korea. On thin evidence, the United States decided to attribute the attack to North Korea. Attribution changes tigers into persimmons.

Few security researchers buy the evidence. It was amateurish; it harmed North Korea’s own allies, China and Russia; it didn’t generate revenue; and even in the cloud-cuckoo land of Kim Jong Un, the approach was bizarre. But now the monster is real.

A consensual, collective desire to name the bogeyman often operates in these cases. And one of the specific powers of the bogeyman is that it never reveals itself as a specific threat, always going by many names: APT27, Lazarus Group, Dark Seoul, Unit 180, and so on. The bogeyman does not exist, but the bogeyman is also uniquely powerful for scaring children, tigers, and citizens alike.

Persimmons

If you don’t know what a persimmon is, it can be terrifying.

But the persimmon in this case is no mystery: it is not North Korea, it is innovation. The endless enthusiasm for innovation, its easy financialization, the desires it has unleashed. Innovations that make it trivial to acquire data about people’s every desire and move; innovations that wrap this data up in legal restrictions and black boxes that no one can open; innovations that masquerade as participatory projects of liberation; innovations that seek out ways to monetize the routine actions of people in ways that can only leave them vulnerable; innovations that have been distributed globally for free to nearly everyone in the world.

It is easier to breed monsters. Because we need monsters to scare away, tigers that we ourselves have created and that threaten us in our small quiet villages. It’s only because we don’t know—or have forgotten—what a persimmon is that this ruse works.

We built this monster. There is no monster.