Showing posts with label Cyber Attack. Show all posts
Showing posts with label Cyber Attack. Show all posts

September 22, 2020

Much To Be Afraid Of

Life size scary-looking Jack In The Box at Home Depot. 

When this clown dude pops out, you'll sh*t your pants. 

And who really wants to be more scared in this world anyway?

With Covid, Cancer, Corruption, Cyber Attacks, Identity Theft, Radicalism, Terrorism, War, Weapons of Mass Destruction, Loss and Death, Environmental issues, and the Economy don't we have enough to be afraid of already?  ;-)

(Credit Photo: Andy Blumenthal)
Share/Save/Bookmark

April 10, 2020

Ignorance Isn't Bliss

Please see my new article in The Times of Israel called, "Ignorance Isn't Bliss."


It’s Passover, and we celebrate our deliverance from Egyptian slavery, yet this is a slavery that was foretold by Hashem, and as you could say, like with many bad things that happen in this world (e.g. Coronavirus), we knew it was coming!

To me it’s not about being afraid, but rather it’s about being prepared. It’s great to be an optimist, but it’s important to be practical, especially when it comes to saving lives. Yes, we need to have faith in G-d and believe that ultimately everything is according to His word and plan for the world, but at the same time, we need to be responsible and do our part to protect ourselves and the future from terrible things that we have a relatively high-level of confidence will happen. There is no mitzvah to wait and be caught off guard, rather there is a commandment to save life (“Pikuach Nefesh”), and for this we need to “face up to facts” (including our known vulnerabilities, threats, and our capabilities to address them) and actually be very well prepared.

(Credit Photo: Andy Blumenthal)

Share/Save/Bookmark

March 13, 2020

Stop The Coronavirus, Please!

It's been a few exhausting weeks since the outbreak of the Coronavirus (Covid-19) has gone public. 

First case in China in November.

Now as a Pandemic in 126 countries!

Over 132,000 confirmed cases, so far .

And around 5,000 deaths 🕱.

The numbers are projected to climb/////.

With Dr. Faucci of NIH's National Institute of Allergy and Infectious Diseases (NIAID) warning that it will "get worse before it gets better."

Everything is closing down from our work facilities to Cruises, Broadway, and Disney.

Of course, we need the government (at all levels), health professionals, and pharmaceutical companies to get their acts together with an effective response strategy. 

Also, this is a wake up call for better preparedness for all sorts of natural and man made disasters that are awaiting. 

Today it's a virus (natural or biowarfare) and tomorrow it'll be a devastating cyber attack that we are woefully unprepared for. 

No more playing politics, half measures, and waiting for the next shoe to drop (Spanish Flu, Pearl Harbor, 9/11).

The rest of us need to do our "prepping" parts and to say a prayer or two and keep going. 

(Source Graphic: Andy Blumenthal)
Share/Save/Bookmark

October 28, 2017

Deterrence Alone Is Not A Strategy

So there is a military doctrine that has been in place for decades. 

- MAD - Mutually Assured Destruction 

If you attack the USA with weapons of mass destruction, you'll get an overwhelming responses that will totally destroy your country. 

This was what supposedly held the USSR at bay during the cold war. 

And even recently, President Trump threatened North Korea that they would be "totally destroyed" if they try anything on us. 

The problem is that the MAD doctrine of deterrence assumes incorrectly that you are always dealing with rational actors and not with madmen.

Let's face it, their are plenty of crazies out there, and some of whom may be willing to go down in a "blaze of glory" as long as they stand up to the United States and die a heroes death for their radicalized or "subjected" people. 

Whether it's Iran or North Korea or others--we may not know what we are really dealing with here until it's too late. 

Life is not everything to these people--remember many a terrorist has died a martyrs death with the promise of 72 virgins in heaven awaiting them. 

To some, as Prime Minister Gold Meir stated:
"Peace will come when the Arabs will love their children more than they hate us!"

Hate by virtue of perceived injustice, required Jihad or "holy war," brainwashing or threats and the desire for a "glorious death" standing up to the infidels or the "great Satan...any of all of these can contribute to ignoring the consequences. 

Israel has tried to deter horrible homicide bombers/and other mad terrorists from performing their evil misdeeds on the civilian population by for example, demolishing the terrorist homes as a potent consequence that they know going into it, yet many terrorists still wear the explosive vests and detonate anyway.

Similarly, North Korea despite the President's threat that they "will be met with fire and fury like the world has never seen," brushed it off and shot off more volleys of ICBMs and threatened to engulf Guam in fire. 

- The point is that deterrence alone is not a strategy!

If our enemies can hit us with a devastating attack--whether WMD, cyber, EMP, or quantum attack-- that can inflict immeasurable harm on us--they may actually choose to take their best shot, rather than wait for us to hit them or continue to feel disrespected, subjected, inferior, and hopeless.

To someone on the radical fringes or the mental edge, maybe--just maybe--they will do the unthinkable and surprise us.

What good will our fire and fury counterstrike do us, when our cities are in ruin and our people dead and dying en masse. 

Revenge isn't so sweet when your family, homeland, and virtually everything you know and held dear is gone.

The only real military strategy is to be able to defend ourselves and AVOID getting a homeland catastrophe!

We need massive investment and expertise in missile defense, bio defense, cyber defense, quantum computing, and expansive hardening of our critical infrastructure.

Unfortunately, as naysayers to the threats abound, we are no where near where we need to be in protecting the homeland.

If one person falls from the high wire and smashes their head, what good is it that the other person falls and suffers similarly or worse. 

The point is not to fall, not to get hurt, not to die, not to have our country and way of life destroyed.

Deterrence does not guarantee this security to the country--especially when dealing with no shortage of radicalized nuts out there. 

Only a genuine defense that can STOP and counter the threats BEFORE a devastating attack happens and hits us is a strategy worth pursuing ...and THEN you can punch the other person squarely in their devil's face!

Without an adequate defensive strategy, get ready, because every high flying act eventually falls to the ground and hits their head hard. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

August 21, 2017

Navy Under Attack?

So there was another collision of a U.S. Navy Destroyer.

The Navy destroyer collided early today with an oil tanker off of Singapore. 

10 sailors are missing and there is significant hull damage. 

This is the 4th known accident just this year of our Navy vessels in Asia waters.

And previously I wrote incredulously about the last Navy collision with a massive container ship in June that resulted in 7 dead. 

How do U.S. Navy ships with the most advanced sensors, navigation, weapons, and command and controls systems in the world--that are supposed to be protecting us--just simply collide with other ships like toys in a bathtub?

These Navy ships are a vital projection of U.S. might, and are supposed to be able to keep the worst foes away and keep our dedicated men and women warfighters safe at sea--whether from bomb-laden terrorist attack speed boats to anti-access/area denial missiles and all threats from on, above, or below. 

Yet, they just keep crashing...

There was supposedly some buzz online about a stealthy new cyber weapon that is attacking our ships and making them useless and helpless pieces of (G-d forbid) floating junk at sea or perhaps enabling them to be hacked and electronically commandeered and controlled in order to crash them.

Either way, how many collisions does it take for this to become a concerning problem with our Navy's ability to manage the ships under their command and be ever war-ready. 

Our ships are a major element of our national strength and security, and loss of control implies a potentially great risk to our nation. 

We need our Navy and their tremendous people, assets, and expertise to safeguard our people, freedom, and democracy.

A few months ago, there was a hackathon to test the Navy's systems' security--and most certainly, this is a crucial type of test that we potentially face every day in real life.

These are challenging times for everything cybersecurity, so let's make sure we have all the capabilities we need and are fully up to the task to defend ourselves and take out our enemies--it's not just our Navy in the spotlight and at risk. ;-) 

(Source Photo: With attribution to CNN and adapted from here)
Share/Save/Bookmark

July 6, 2017

Driverless Cars - New Beginning or Part of The End

Driverless cars are exciting to so many.

But doesn't it also seem so boring?

There is a lot to be said for being the driver and doing the driving. 

We control the destination, trajectory, speed, etc.

Occasionally, there is even time to stop and enjoy the view. 

We've given up on doing or even knowing how to do so many basic things.

Probably 90% plus of us would fail at any sort of basic survival test. 

You can't hunt, you don't know how anything really works, and you don't even have a green thumb.

You'd be dead in under a week or max three

The only thing you do know how to do is sit at a desk, push papers, go to meetings, and post endless nonsense on social media--congratulations you're an imbecile!

When Axis of Evil North Korea, Iran, or Russia decide to hit us with an ICBM, EMP, or a massive cyber attack your gonna wish you knew something (anything) real, let alone how to drive a simple automatic. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

August 28, 2016

Preppers Preparing

A very interesting article in the Washington Post on the prepper movement.

People are concerned about the inaction, misdirection, and chaos of where things are going, and they are preparing for a potential post-apocalyptic America and world.


Grave worries seem to be coming from a multitude of concerns whether about an eventual bursting of the bubble of our national debt and the downfall of our economy and associated good jobs, an outbreak of ebola or a deadly influenza, a dirty bomb by Iran or North Korea, a cyber attack or EMP that takes out our critical infrastructure including electricity and anything with computer circuits, or a devastating natural disaster, many of which are considered "overdue."


The preppers are moving to the American Redoubt (pacific northwest--Idaho, Montana, Wyoming, Washington and Oregon.


They are buying and building defensible homes (bunkers and "fortresses"), stockpiling food, weapons, and ammunition, and preparing for life off the grid with water sources, solar farms, and secure storage.


While survivalists have always existed, the numbers of concerned, disaffected, and generally disgruntled citizens seems be growing exponentially along with prepper network shows, books, blogs, websites, and sales of survival gear.


Many people seem to either feel insecure, fearful, uncertain, or that we are simply going in the wrong direction, and that it is only a matter of time until there is some sort of major earth shattering, society destabilizing disaster, and not everyone will survive.


So from home shelters to luxury underground bunkers, preppers are putting their money and efforts where their mouths are, and are preparing for potentially the worst.


If as all agree that an important part of the government's job is to ensure the national security of the country, and protect life, liberty, and property, then something seems to be going very wrong that many people are feeling so insecure and unprotected physically and in terms of their human rights.


From corruption to divisiveness, dependency, and dirty dealing, communication and trust between government and the governed is being needlessly undermined.


Why can't we get some decent leaders with a solid moral compass, and a real plan to bring us back from forever walking the brink to a nation of strength and unity, prosperity and health, and a superpower not only today, but for the future, once again. ;-)


(Source Photo: Andy Blumenthal)

Share/Save/Bookmark

August 24, 2015

My Ashley Madison

So Ashley Madison is now a well-known adulterous website, particularly after hackers stole 37 million records on the site participants, and have released that information to the public.

These tens of millions of users seek companionship for loveless or sexless marriages or perhaps are just plain liars and cheaters--who knows? 

But yikes, now everyone knows!

Huffington reports that divorce lawyers are anticipating a deluge of new clients seeking divorces

And BBC reports that two people have already taken their lives in Canada as a result of the release. 

What is incredible as well are the 15,000 people who used their .gov or .mil accounts presumably to hide their infidelity from their spouses, but now are in potentially huge trouble with their government agencies.

I assume that Ashley Madison prided themselves on their discretion in handling their clients accounts, but lo' and behold the discretion is for naught compliments of some very naughty hackers. 

Privacy is becoming a very lonely and meaningless word whether you are faithful or a cheater--it's all open fodder on the net. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

July 12, 2015

The "Real" OPM Data Breach

A lot has been made and should be made of the theft of over 21 million federal employees' sensitive personnel records and security clearances. 

Everyone rightly, although somewhat selfishly, is worried about identity theft and the compromised privacy of their information.

The government is worried about hostile nation states using the pilfered information to bribe or coerce military, intelligence, high-level politicals, and others to turn and work for them or otherwise to use against them. 

But what is grossly missing in this discussion is not what information presumably the Chinese stole and how they will use it against us, but rather what information they inserted, altered, or otherwise compromised into the OPM personnel and security databases when they got root access to it.

Imagine for a moment what could hostile nations or terrorists can do to this crown jewel database of personnel and security information:

- They could insert phony records for spies, moles, or other dangerous persons into the database--voila, these people are now "federal employees" and perhaps with stellar performance records and high level security clearances able to penetrate the depths of the federal government with impunity or even as superstars!

- They could alter personnel or security records taking prominent or good government employees and sabotaging them to have questionable histories, contacts, financial, drug or criminal problems and thereby frame or take-down key government figures or divert attention from the real bad guys out there and tie our homeland security and law enforcement establishment in knots chasing after phony leads and false wrongdoers and villains.

Given that the timeline of the hack of OPM goes back to March and December 2014, this was more than enough time for our adversary to not only do to our data what they want, but also for the backup tapes to be affected by the corrupt data entering the system. 

The damage done to U.S. national security is unimaginable. As is typically the case with these things, "An ounce of prevention is worth a pound of cure." Instead of investing in security, now we can invest in "credit monitoring and identity theft protection" for a very sparse three years, while federal employees will go a lifetime in information jeopardy, and the federal government will be literally chasing its tail on personnel security for decades to come. 

With the price so low to our adversaries in attacking our systems, it truly is like stealing and much more. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

December 20, 2014

2014 The Bad News Goes On

What a 2014 it's been as the world continues it's descent into madness.  

If Ebola, the War with Hamas in Gaza, the shoot down of Malaysian Airlines Flight MH17 killing 298 including 80 children and 15 crew, the intransigence of Iran on Nuclear Weapons, employment still near a 30-year low, the National Debt hitting over $18 trillion (and growing $2.43 billion a day!) and the suicide of comedian, Robin Williams wasn't enough...

- Criminal Records: 1 in 3 adult Americans (i.e. 80 million people) now have a criminal record...hmm, if the average family has around 2.5 people then just about 1 person per household has a criminal record. Are you starting to look around you now?


- Economy: Uber, yes, it's a online "ride-sharing" (i.e. taxi) service, but after it's recent IPO, Uber is worth over $41 billion dollars (more than Delta, Charles Schwab, Salesforce.com, and Kraft Foods). Someone's getting taken for a ride. Is this even surprising considering the S&P is priced over 27 times average 10-year earnings (while the historical average is only 16), the result of pumping the economy with short term easy money policies.  


- Cyber Attacks: After a blithering cyber attack by North Korea, Sony withdraws the release of the movie, The Interview, surrendering to cyber terror, and putting us all at greater risk in the future because cyber crime does pay!


- Islamic Terrorism: While ISIS advances in Syria and Iraq, 132 school children (mostly ages 6-18) plus 9 adults massacred by the Taliban this week in Peshawar, many shot in the head and others lit on fire with gasoline and burnt to death so they are unrecognizable. This only 9 months after the April kidnapping by Boko Haram of more than 280 schoolgirls in Nigeria, which was repeated this week with the kidnapping of another 185 woman and children.


- Russian Militarism: The Great Bear is back with a vengeance as Putin continues driving Russian nationalism and buildup of advanced weapons, including WMD (e.g. nukes), aircraft, submarines, and ICBMs to counter alleged "Western Aggression." And despite, the rubbles' massive decline, Putin promises an economic comeback within 2 years--he'll wait out the West and hold Crimea hostage and spoil it for everything it's worth


So where are we going next--more hell on Earth or at some point a turnaround towards heaven again?   


(Source Photo: Andy Blumenthal)

Share/Save/Bookmark

March 6, 2014

Beware of Botnets



Interesting video demonstration of how botnets work and can literally take over your computer.

In essence, your computer becomes a zombie under the command and control of the botnet sender.

Computers get infected through a trojan or worm, and then the sender has you--they control your computer and information.

Generally, they do this to send spam, steal information, or send out other malware, all under anonymity. 

Once infected, the sender has complete control over your computer and can exfiltrate, delete, or change your data, turn on the keyboard lights, add a tail to your mouse, and even format your hard drive. 

The malware often can even disable your firewall.

The sender can turn on a keylogger and log your keystrokes, and capture your user ids and passwords to banking and financial institutions, and draw out your money. 

The video demos an example of botnets with a variant of the Zeus trojan. 

Worth a watch.

Makes me wonder whether our adversaries are infecting more and more computers, until they have almost everyone--eventually a virtual army.

Then at the time of their choosing, they can conduct one big massive attack, or incremental ones, logging into peoples accounts, stealing their identities and savings, sending out misinformation, destroying data and computers en masse. 

We need to be aware of what's possible, maybe even probable. 

Is your computer infected and you don't even know it yet?
Share/Save/Bookmark

July 29, 2013

Medical Hacks

Usually when we talk about the dangers of cyber attacks, we are concerned with the dangers of someone stealing, spying, or systematically corrupting our information systems. 

But Barnaby Jack who died last week at age 35 brought us awareness of another, more personal and perhaps dangerous hack...that of hacking medical devices.  

Barnaby, a director at computer security firm IOActive, became known first in 2010 for being able to hack at cash machine and have it dispense money. 

In 2012, he drew attention to a flaw in insulin pumps whereby someone could cause it to administer a fatal dose to its unknowing victim. 

This week, Barnaby was going to demonstrate how heart implants could be hacked, killing a man from 30 feet away. 

With advances in the miniaturization and battery life of personal medical devices and implants for monitoring and managing patients health, more and more people could be exposed to malicious or murderous cyber attacks on their body.

With the potential for RFID embedded chips for managing our personal identities to bionics for replacing or enhancing human body parts with electronic and mechanical implants, the opportunity for someone seriously messing with our physical person grows each day. 

If dangerous vulnerabilities are discovered and exploited in these devices, an enemy could go from the traditional attack on our information systems to potentially sickening, disabling, or even killing millions at the stroke of some keys. 

Imagine people keeling over in the streets as if from a surprise attack by a superior alien race or the release of a deadly chemical weapon, only it's not extraterrestrial or kinetic, but instead a malevolent cyber attack by a hostile nation or cyber terrorist group taking aim at us in a whole new and horrible way.

(Source Photo: here with attribution to Bhakua)

Share/Save/Bookmark

July 21, 2013

Like Buying A Nuke On The Black Market

Buying a serious computer vulnerability is now like acquiring a nuke on the black market. 

Nations and terrorists will pay to find the fatal flaw in computer programs that will enable them to perpetrate everything from subversive cyber spying to potentially massively destructive cyber attacks. 

As the world is focused on nuclear non-proliferation, computer weapons are the new nukes--able to do everything from a targeted strike on an organization or agency to taking out vast swaths of our nation's critical infrastructure.

According to the New York Times (13 July 2013), there is a great interest in buying "zero-day exploits"--one where governments or hackers can strike using a computer vulnerability before anyone even knows about it and can correct it. 

The average zero-day exploit persists for "312 days--before it is detected"--giving amble time for attackers to cash-in!

Brokers are now working to market the computer flaws for a 15% cut, with some even "collecting royalty fees for every month their flaw is not discovered."

The average flaw "now sells for around $35,000 to $160,000" and some companies that are selling these are even charging an annual $100,000 subscription fee to shop their catalog of computer vulnerabilities in addition to the cost for each one that varies with it's sophistication and the pervasiveness of the operating system behind the exploit. 

While governments and terrorists are on the prowl to buy the exploits for offensive purposes, technology companies are competing to purchase them and are offering "bug bounties" in order to identify the flaws and fix them before they are exploited. 

We've come a long way from people and organizations buying software with their regular upgrades and patches to nations and hackers buying the knowledge of the flaws--not to patch--but to spy or harm their adversaries. 

You can buy the bomb shelter or software patch, but someone else is buying the next more lethal bomb or vulnerability--the question is who will pay more to get the next exploit and when and how will they use it. 

(Graphic by Andy Blumenthal adapted from here with attribution for the mushroom cloud photo to Andy Z.)
Share/Save/Bookmark

June 19, 2013

Malware Through A Charger

Who would've thought you can get cyber attacked this way...

Forbes is reporting that Georgia Tech researchers have discovered an exploit where malware could be introduced to your computer through the plug in AC power charger. 

Based on their proof of concept, when you connect your computer and electrical plug, you could get more than an electrical charge to your Apple iOS computer--you could get hacked! 

The malicious charger has been named Mactans and in the future could be put together by inserting a miniature computer board (e.g. a BeagleBoard) right into the base of a charger plug (larger than the one shown above).

The hack attack is enabled by the USB port which is used for charging and doubles as a data port so that the malicious code would be surreptitiously inserted into your computer. 

So be careful what you plug into, because when you think you're just powering up your battery, you may end up powering down your whole computer device.

This sort of reminds me of the shoe bomber that forever changed how we view seemingly innocuous shoes at the airport.

A shoe may not just be for walking, and a AC charger may not be just a power source anymore.  ;-)

(Source Photo: here with attribution to Lee Bennett)
Share/Save/Bookmark

May 26, 2013

Mayim Chaim

You can only live about 3 days without water--that's why protecting our water is so critical.

Emergency Management (May/June 2013) says, "There are numerous ongoing threats to our water supply. Some of them [natural or man made] could be catastrophic."

- Water poisoning: Already in the 1st century, Roman Emperor Nero poisoned the wells of his enemies.  These days you'd need a large supply, like "several dump trucks of cyanide or arsenic to poison a reservoir.  Plus the water system is monitored and has purification protections such as chlorine, so it's not that simple. We can also issue "boil alerts" for people to boil the water before drinking it. Then again, we saw what some radiation did to the Japanese water supplies after Fukushima.

- Blowing it up: The water system infrastructure can be disrupted using explosives, so keeping intruders far away from it is important to keeping it safe.

- Earthquakes/Hurricanes: Much of the water system pipes are old--some built during the Civil War--and these can be destroyed by natural disasters or even a construction crew jackhammer hitting in the wrong place. 

- Electrical outage: If you shut down the electricity, you shut down the water pumps...and even with generators taking over for a while, your up against the clock, if you don't get the juice flowing again soon. 

- Cyber Attack: Our water systems, like other industrial control systems are vulnerable to cyber attack. A hacker that gets control of the systems could overheat it, overtreat it, flood it, or otherwise break it and shut it down. 

Keeping our water infrastructure secure, the water supply safe and potable, the transport pipes intact, the electricity working, and the systems under control--are not little matters--they are the difference between life and death for millions. 

As in The Rime of The Ancient Mariner, when the ship gets blown off course into unchartered waters and the crew is thirsty for water and desperate to survive, the poet states, "Water, Water. Everywhere. And All The Boards Did Shrink; Water, Water, Everywhere. Nor Any Drop To Drink."

In Hebrew, there is a short saying that sums up this topic, "Mayim Chaim"--water is life. ;-)

(Source Photo: Dannielle Blumenthal)

Share/Save/Bookmark

May 22, 2013

Blackout Nation

We are reaching an exciting but dangerous phase of technology adoption where our dependence is virtually complete. 

From mobile to social computing, from telecommunications to transportation, from industrial systems to electronic health records, from banking to eCommerce, from homeland security to national defense--we are dependent on technology.

But while technology proliferates everywhere, so do the risks. 

Bloomberg BusinessWeek (16 May 2003) in an article called "The City That Runs On Sensors" talks about how initiatives like IBM's smart-cities is bringing sensors and technology to everything running our towns--"Smart [city] innovation is improving our economic fabric and the quality of our life."

The flip side is an editorial in today's Wall Street Journal by former CIA director James Woolsey and Peter Pry who served on the congressional EMP commission warning how "A single nuke exploded above America could cause a national blackout for months" or years (stated later in article)

They write that "detonating a nuclear weapon high above any part of the U.S. mainland would generate a catastrophic electromagnetic pulse" (EMP)--and that this "would collapse the electric grid and other infrastructure that depends on it."

This would be a national blackout of epic proportions that would impact all areas for 21st century sustainment of 311 million lives. Think for yourself--what would you be able to do and not do without the computers and telecommunications that you use every day? 

Woolsey and Pry call for a preemptive surgical strike, for example, to prevent North Korean development of an ICMB capable of inflicting a nuclear EMP strike, but you can imagine other nations that pose a similar threat. 

While be beef up our Cyber Corps and attempt to strengthen our tools, methods, and configurations, this is just the tip of the iceberg when it comes to securing cyberspace. 

Cybersecurity is more than just protecting us from malware infiltration and exfiltration--because the whole IT system that our society is built on can be wiped out not by cyber attack alone, but rather by collapsing the very electronic infrastructure that we rely on with a pulse of electromagnetic radiation that will fry the very circuits that run our devices. 

While we build firewalls and put up intrusion detection and prevention guards and establish a court system of antivirus and spamware to put away violators and so on, how shall we prepare for a pulse attack that can incapacitate the electronics underpinnings--security and all? 

"Star Wars" missile defense, preemptive action, and hardening of critical infrastructure are all security options--it costs money to keep the IT lights on, but better to pay now, then pay catastrophically bigger later. ;-)

(Source Photo: Andy Blumenthal)


Share/Save/Bookmark

February 27, 2013

Cyberweapons Power Up

In you haven't heard of Project Aurora, this is a wonderful segment from 60 Minutes on this cyberwar project. 

Faced with some of the worst case scenarios for cybergeddon, Idaho National Labs set out in 2007 to test what would happen to a 27-ton power generator if the researchers hacked into it from a mere laptop. 

The turbine was sent instructions that would essentially tear itself apart--and in the video you can see what happened--it shudders, shakes, smokes, and ultimately destroys itself. 

The test was a grand success demonstrating our capabilities to conduct cyberwar operations against an adversary.  

Interestingly, Reuters reported the Symantec researchers "uncovered a version of Stuxnet from the end of 2007 that was used to destroy two years later about 1,000 Iranian centrifuges used in their Natanz nuclear uranium enrichment facility for alleged development of weapons of mass destruction. 

The flip side of this cyberwar test is the realization of the potential blowback risk of cyberweapons--where adversaries can use similar technology over the Internet against our critical infrastructure--such as SCADA industrial control systems for the power grid, water treatment, manufacturing, and more--and cause potentially catastrophic events.

As stated toward the end of the video, this is a type of "pre 9/11 moment" where we identify a serious threat and our vulnerability and we need to act to prevent it--the question is will we? 

Share/Save/Bookmark

January 10, 2013

One-Two-Three Punch For Cyber Security

Here are three crafty ideas for improving our cyber security that can be used to protect, prevent, and recover from attacks:

1) Intrusion Deception (not detection)--Mykonos Software aims to protect websites by putting up a virtual minefield--"setting traps to confound hackers." When the software detects hackers trying to infiltrate, it can flood hackers with false information on vulnerabilities that goes nowhere, mess with the hackers computers such as by pop-up flashing maps of their locations and local defense attorneys, and disrupt their connections and slow down their hacking attempts (Bloomberg BusinessWeek).

2) Scamming The Scammers--Notorious email spams such as from Nigeria that look to ensnare victims into wiring money overseas in order to secure some lost fortune costs $9.3 billion in losses in 2009. Psychology professors Chris Chabris and Daniel Simons suggest that we can prevent many scammers from succeeding by raising the cost of their doing business by scamming them with " baiters" that send responses to scammers and occupy them but never actually send any money. They suggest that artificial intelligence could actually be used to create "automated scam-baiters bots" simulating potential gullible victims. These bots could even be programmed to provide phony account numbers and data to scammers to really get them spun up. (Wall Street Journal)

3) Insuring Again Losses--Insurance is a common way to manage risk by purchasing coverage for potential liabilities--this is used to indemnify against losses for everything from auto accidents to home fires, personal theft, and business interruptions. However, according to Bernard Horovitz, CEO of XL Insurance's Global Professional Operations, businesses (and of course, individuals) are rarely are covered by insurance for hacker attacks. Insurance companies are now offering specialty products to recover from the insuring liabilities. Additionally, the insurers will "help with preventing and mitigating cyber crime" through security audits. (Wall Street Journal)

These three cyber security strategies are great examples of how we can make it technically and financially more difficult for cyber attackers to succeed in geting in a knockout punch on their victims. ;-)

(Source Photo: Minna Blumenthal)

Share/Save/Bookmark

December 27, 2012

Resilience In The Face Of Disaster


This year when ball drops in Time Square next week to usher in the New Year, it will be a little different than in prior years, because rather than blanket cheer, there will be a good amount of consternation as we hit the debt limit of $16.4 trillion as well as the Fiscal Cliff where broad spending cuts and tax increases are to go into effect (whether in full, partial with some sort of deal, or in deferral).

Like the statue pictured here, the strength and resilience of the American people will be tested and we will need to stand tall and strong. 

In this context, it was interesting to read in Wired Magazine (January 2013) a interview with Andrew Zolli, the author of Resilience: Why Things Bounce Back, an exploration of the importance of resilience in the face of adversity. 

Whether in response to natural disaster like Hurricane Sandy or man-made ones like the financial crisis and terrorism, we need to be prepared to adapt to disaster, respond and continue operations, and recover quickly to rebuild and grow. 

According to Zolli, we need shock absorbers for our social systems that can "anticipate events...sense their own state...and can reorganize to maintain their core purpose amid disruption."

Adaptability is important, so that we can continue to operate in an emergency, but also vital is "self-repair" so we can "bounce back."

These concepts for resiliency in emergency management are similar to how Government Computer News (December 2012) describes the desire for building autonomous self-healing computer systems that can defend and recover from attacks. 

The notion is that when our computer systems are under cyber attack, we need to be able to defend them in an automated way to counter the threats in a timely fashion. 

Thus, acccording to GCN, we need IT systems that have situational monitoring for self awareness, real-time identification of an attack, continuous learning to adapt and defend againt changing attack patterns, and self-healing to recover from them. 

Thus, bouncing back from social and cyber disasters really requires similar resilience, and for some challenges, it may be sooner than later that we are tested. ;-)

(Source Photo: Minna Blumenthal)

Share/Save/Bookmark

October 13, 2012

Amazing Internet Statistics 2012

Star_wars
So what happens in only 1 minute on the Internet--this cool magazine Ideas and Discoveries (October 2012) provides some amazing examples:

- Information Sharing--639,800 gigabytes of data are exchanged
- Information Generation--6 new Wikipedia articles are created
- Information Visualization--20,000,000 photo looked at on Flickr
- eMail--204,000,000 emails are sent
- eCommerce--$83,000 of sales on Amazon
- Social Networking--320 new users on Twitter and 100 on LinkedIn (wonder how many for Facebook...)
- Cyber Crime--20 new victims of identity theft

And in the same month, Harvard Business Review reported on the growing significance to commerce with the Internet contributing to GDP (in 2010) as much as:

- 8.3% in the UK
- 7.3% in South Korea
- 5.5% in China
- 4.7% in the US
- 4.7% in Japan
- 4.1% in India

Moreover in HBR, this is what was reported that people are willing to give up instead of the Internet for a year--and the numbers are pretty startling--check this out:

- 91% of UK would give up fast food
- 89% of Indonesians would give up smoking
- 86% of Japanese would give up chocolate
- 85% of Chinese would give up coffee
- 78% of Indonesians would give up their shower
- 60% of Japanese would give up exercise
- 56% of Chinese would give up their car
- 56% of Japanese would give up sex--go figure! ;-)

While this is all sort of light, there is also a very seriousness dimension to this. For example, in the Wall Street Journal today, it quotes Secretary of Defense, Leon Paneta warning that with Iran's digital assault on the U.S., the concerns of cyberwar are growing with the SecDef going so far as to say "Is there a cyberwar going on? It depends on how you define war."

Yes, the Internet is amazing for so many reasons and we can't take it for granted--we need to be vigilant and defend the Internet (cyber) with the same zeal and commitment as the other domains of war--land, sea, and air--all are vital to national security and for the preservation of life, liberty, and the pursuit of happiness.

This is a lesson we need to learn quickly and decisively--before the old Star Wars is passe and cyberwar turns deadly. 

(Source Photo: Andy Blumenthal)

Share/Save/Bookmark