Unintended behaviour is the core of subversivenes
- Notice the system
- See who benefits
- Find an exploit
- Discover or invent a new way
- Care less about what others think
- What are we doing that is fundamentally different?
- What political/environmental/social/technological (PEST) vulnerability can we identify and exploit?
Situation:
- Red Bull founder came across a sugar-caffeine mix in 1982
- no experience in the soda industry
- narrowed focus to clubbers
- allegedly planted "used cans' in trash. streets and floors
- gave DJs plenty of supplies
- made 'Vodka Red Bull' a standard order for clubbers
Hack:
- focused on signals and cues to judge quality and popularity
Ottawa Connection
- Flugtag (unflyable machine contest) behind Parliament Hill
Situation
- low production ad
- Coinbase: Superbowl ad (2022) bouncing QR Code
- 60s add $14M - just a bouncing code - 20M scanned
Hack
- novelty captures our attention - QR codes were relatively new in the mainstream
- novelty is easier to remembers
- novelty works - when others zig - you zag
Situation:
- Selling hot donuts directly
- Used a light to indicate when donuts were fresh and ready
- Caused lineups and traffic jams
- Informed local authorities, paid off-duty police officers to direct traffic
Hack:
- leveraged channels of legitimate authority
- created perception of scarcity (limited hot fresh donuts, as indicated by the light)
- Used demand to drive demand
Situation
- Wilt Chamberlain was great basketball player but lousy at free throws
- Sought help from Rick Barry, who had 90% success rate with the 'Granny Throw'
- Chamberlain used the Granny Throw - increased his shot percentage - but he was being accused of being a sissy
- He stopped using the Granny Throw
- Barry used the Granny Throw - others hated him but he was super successful
Hack
- find vulnerabilities in the system, do things that other won't
- explore all possible ways to accomplish a task
- ask yourself if you are being stopped by shame. ego, and/or pride
Situation
- John Boyd - a maverick fighter pilot
- wrote an unauthorized combat manual
- used dummy mainframe accounts to do similations, almost got court-martialed
- challenged the orthodoxy of larger bomber planes - more nimble fighter jets were more effective
- Formalized the OODA Loop
- Observe take stock of the situation, factor in your goals
- Orient put yourself in your opponent's shoes, figure out your own blind spots
- Decide do a quick tactical step that reveals more information about your opponent
- Act execute your decision, don't equivocate, don't hesitate - the results become input into the next iteration of the loop, iterate as fast as possible
Hack
- Leverage advances in technology to respond quickly
- Time kills all advantage
- subversive thinking requires situational awareness to understand the status quo
- relentless pursuit of novelty and disagreeability let you act where others can't or won't
- Many of the rules that constrain you are folklore, created by the people and organizations in power
- apply novel thinking, fluid intelligence, first principles
- Look for contradictions
- Novelty is power
In fair game the best player wins but nobody plays fair.
- Burger King could not compete with McDonalds marketing budget
- campaign $0.01 Whopper, only if ordered from McDonalds parking lot.
- ignoring directions
- identify outdated norms
- getting a system to behave in an unintended way
- two types of hackers script kiddies and zero-day architects
- script kiddies exploit known vulnerabilities and work at scale.
- WannaCry virus attack happened 4 weeks after Microsoft published a patch for a vulnerability
- WannaCry attacker end-of-life or slow-to-adopt targets (Healthcare was hit really bad)
- Zero-day hacks
- Stuxnet - used 4 zero-day exploits to sabotage the centrifuges
- approach use competitor strengths against themselves
- ad campaign to show how users are targeted by Facebook
- e.g., you are getting this ad because you are into parenting blogs
- make systems behave in unintended ways
- script kiddies use existing vulnerabilities
- zero-day architecture - look for new vulnerabilities and create targeted events