The Gentlemen Hackers interview: The Grugq (on cybersecurity)

The Gentlemen Hackers interview: The Grugq

Thaddeus E. Grugq is a longtime cybersecurity dude who is reasonably clear thinking about the issues.


The Grugq: Yes, absolutely. The operating systems that we have on mobile devices are so much more secure than what we have on laptops. It’s much, much harder to break into an iOS device than a macOS device. Of course, if someone really cares about you, then they’ll break in anyway, but in terms of just straight-up security, absolutely, tablet, way better, much safer.

Mik: Why are mobile systems so much more secure?

The Grugq: A number of reasons, but it’s fundamentally that when they started out developing it, it had a security paradigm of being locked down for kind of bad reasons. They don’t want other people to be able to take advantage of their market share and things like that. But because the approach was, “How can we restrict this? How can we make it limited? How can we reduce things that the user can do so that it’s less likely to break?” All of those things compound to make mobile devices at this point in time very, very secure comparatively. I travel with an iPad, not a laptop for these reasons. If someone wants to break into whatever I’m doing enough to go after an iOS device, then it doesn’t matter what I’d be doing.

Mik: We’ll switch gears. Let’s talk a little bit about nation-states because you’ve done a lot of work with nation-state security as well. What’s your opinion on the cyber doctrines? East and the West have very different cyber doctrines. Who’s right? Why?

The Grugq: None of the above. Both the East and the West are wrong, but for different reasons. The East is, I think they’re closer, like they are less wrong. They’re closer to the truth. The sort of differences are, in the Eastern approach, they tend to think about information, the information sphere and the information domain as the battlefield. This is where it’s all going on and that cyber is within that. It’s just a subset of information operations. I think that this is very good because their concept of information includes what we would call the cognitive domain. It’s the minds of the people that you’re interacting with. It’s not just the information that you’re giving out, it’s the information that they’re taking in and processing. That’s part of what you’re affecting and interacting with. That’s very, very useful because that gives you things like the 2016 disinformation campaigns, both in the Brexit and in the US with the election. The cyber doctrine encompasses that sort of thing. The West, on the other hand, is much more focused on CNO, like computer network operations, then CNA, computer network attack, and CND, computer network defense.


He has a Simple Security Guidelines document over at github that expands a bit on how to keep more secure:


I checked all the boxes for using iDevice !!!


2013 interview on Hacker OPSEC:


Between Two Nerds: How bureaucracies deal with super talented people