Reading Your Emails

So you know you typically get a message when you log on your computer at work that there is “no expectation of privacy.”

Meaning…you’re on the corporate network and so remember that you can be monitored. 

Well we all read that warning and sort of know it by heart.

But do you really think that someone is watching you.

Well be assured that they are!

Talking to one of my colleagues and friends recently and this is what happened.

He had to fire one of his senior guys. 

And I asked him why?

He said:

“Because he was dead wood.”

I asked what he meant as this was a senior person in the organization that was being let go.

So he said:

“Well I read the last few days of his emails on his account and he was doing absolutely nothing!”

And I was like hmm, that’s amazing that you actually go into his account and read his stuff.

Yeah, I know it’s not really his employees–the guy is at work–but still it’s his email account that he uses, seriously.

So it’s not just some corporate spooks sitting in the bowls of the building in a darkened security operations center behind a lot of cool looking screens monitoring your accounts for suspicious activity.

It’s your management too that can logon and see and read your stuff, whenever.

So this guy that was fired wasn’t just dead wood, he was actually dead meat. 

“Smile you’re on camera” in more ways then one.

So if you decide to write some juicy emails today or save some salacious files on “your” computer or on the network, the expectation surely is that they are being read–you can take that to your privacy bank. 😉

(Source Photo: Andy Blumenthal)

Data 4 Ransom

The future of cybercrime will soon become the almost routine taking of your personal and corporate data as hostage. 

Once the hacker has control of it, with or without exfiltration, they will attach malware to it–like a ticking time bomb.

A simple threat will follow:

“I have your data. Either you pay for your data back unharmed OR your data will become vaporware! You have one hour to decide. If you call the authorities, you data is history.”

So how valuable is your data to you?  

– Your personal information–financial, medical, legal, sentimental things, etc.

– Your corporate information–proprietary trade secrets, customer lists, employee data, more.

How long would it take you to reconstitute if it’s destroyed?  How about if instead it’s sold and used for identity theft or to copy your “secret sauce” (i.e. competitive advantage) or maybe even to surpass you in the marketplace? 

Data is not just inert…it is alive!

Data is not just valuable…often it’s invaluable!

Exposed in our networks or the cloud, data is at risk of theft, distortion, or even ultimate destruction. 

When the time comes, how much will you pay to save your data?

(Source Comic: Andy Blumenthal)

Dire Warnings On Cybersecurity

This week Adm. Michael Rogers, the Director of the National Security Agency and head of U.S. Cyber Command issued a stark warning to the nation about the state of cybersecurity:

With our cybersecurity over the next decade, “It’s only a matter of the ‘when,’ not the ‘if,’ that we are going to see something dramatic.“

The Wall Street Journal reports that he gave ” a candid acknowledgement that the U.S. ISN’T yet prepared to manage the threat!”

China and “one or two others” [i.e. Russia etc.] are infiltrating our SCADA networks that manage our industrial control systems, including our power turbines and transmission systems,.

The cyber spies from the nation states are “leaving behind computer code that could be used to disable the networks  in the future.”

Can you imagine…you must imagine, you must prepare–not if, but when. 

(Source Photo: Andy Blumenthal)

6 D’s Of Cyberwar

Popular Science had a interesting article that spelled out the six D’s of Cyberwar:

On the offensive side, you want to destroy, deny, degrade, disrupt, and deceive.

“Unlike World War II code breaking, cyber attacks offer the potential to not just read the enemy’s radio, but to seize control of the radio itself.”

– Step 1: Infiltrate the enemy’s networks and communications and gather/exfiltrate information.

– Step 2:  Compromise the enemy’s information either by:

1) Corrupting the enemy’s information, planting misinformation, sewing erroneous reports, and causing poor decision-making. 

2) Taking control of their networks, disabling or jamming them, and disrupting their command and control or harming their critical infrastructure and causing mass confusion, destruction, and death.

Examples are “not merely to destroy the enemy’s tanks, but to make them drive in circles–or even attack each other” or to cyber attack an enemies control systems for electricity, dams, transportation, banking, and so on. 

With the ability to steal information, sow misinformation, seize control, or even stop the information flow altogether, cyberwar is not just another weapon in our arsenal, but “a tool to help achieve the goals of any given operation.”

On the flip side, you want to defend against the enemy’s use of cyberspace to hurt us.

We need to continue to get serious about cyberwarfare and cybersecurity and become the masters in the information domain, and quickly. 😉

(Source Photo: Andy Blumenthal)

Remodulate The Shields For Cyber Security

I really like the concept for Cyber Security by Shape Security.

They have an appliance called a ShapeShifter that uses polymorphism to constantly change a website’s code in order to prevent scripted botnet attacks–even as the web pages themselves maintain their look and feel.

In essence they make the site a moving target, rather than a sitting duck.

This is like Star Trek’s modulating shield frequencies that would prevent enemies from obtaining the frequency of the shield emitters so they could then modify their weapons to bypass the shield and get in a deadly attack.

In real life, as hackers readily change their malware, attack vectors, and social engineering tactics, we need to be agile and adapt faster than the enemy to thwart them.

Changing defense tactics has also been used by agencies like Homeland Security to alter screening methods and throw potential terrorists off from a routine that could be more easily overcome.

I think the future of IT Security really lies in the shapeshifter strategy, where the enemy can’t easily penetrate our defenses, because we’re moving so fast that they can’t even find our vulnerabilities and design an effective attack before we change it and up our game again.

And hence, the evil Borg will be vanquished… 😉

A SCIF Can Be Yours

A SCIF can be yours…if the wallpaper is right.

According to PC Magazine, a SCIF (Sensitive Compartment Information Facility) is a secure area where classified information can be discussed and handled. A SCIF is built to prevent information from leaking, being intercepted and compromised.

Now, your business or home office can have its own SCIF-type protection without the use of more expensive Faraday cage electromagnetic mesh (e.g. chain-link) conductive shielding or Japanese anti-Wi-Fi paint that blocks all frequencies.

BusinessWeek (31 January 2013) reports on a new wallpaper called MetaPaper that blocks Wi-Fi signals and helps “improve data security and network speeds.”
The Wi-Fi shielding wallpaper is developed by the French pulp and paper institute, Center Technique du Papier (CTP).

MetaPaper is a snowflake pattern wallpaper “printed in conductive metallic ink” that “blocks Wi-Fi signals, while still allowing FM radio and emergency frequencies to pass through.”

Its filtering is 99% effective (which may not be good enough for handling state secrets, but could be terrific for safeguarding most information) and sells for $12 per square meter.

Aside from information security, additional benefits of MetaPaper is to protect people’s health in terms of attenuating electromagnetic waves that cause genetic damage and cancer as well as socially to create quiet space, Wi-Fi free zones, such as in hospitals and movie theaters.

Here is a link to a presentation on MetaPaper’s development and benefits. 😉

Securing Transport To The Cloud

A new article by Andy Blumenthal on cyber security and cloud computing in Public CIO Magazine (June 2012) called Securing Cloud Data Means Recognizing Vulnerabilities.“It’s the principle of inertia: An object in motion stays in motion unless disturbed. Just like a car on a highway, everything zips along just fine until there’s a crash. This is similar with information on the superhighway.”Let’s all do our part to secure cyberspace.Hope you enjoy!

(Source Photo: here with attribution to Kenny Holston 21)

Facebook IPO–Love It, But Leave It

With the Facebook IPO scheduled for this week, valuing the company at as much as $96 billion, many investors according to Bloomberg BusinessWeek (11 May 2012) see this as overvalued.

Facebook will be the largest Internet IPO in history, and would be about 4 times as much as Google was valued at its IPO at $23 billion in 2003.

Further, Facebook could be valued at offering at 99 times earnings.

This is more than the price earnings ratio of 99% of companies in the S&P Index, yet even with some estimating sales of $6.1 billion this year, Facebook would only rank about 400 in the S&P 500.

True Facebook has amassed an incredible 900 million users, but the company’s revenue growth has slowed for the 3rd year in a row.

Another article in BusinessWeek (10 May 2012) describes a new social networking contender called Diaspora.

Unlike Google+ which is predominantly a Facebook copycat, Diaspora is bringing something new and major to the table–they are addressing the privacy issues that Facebook has not.

Diaspora is a distributed (or federated) social network, unlike Facebook which is centralized–in other words, Diaspora allows you to host your own data wherever you want (even in the cloud).

Each of these independently owned Diaspora instances or “pods” (dispersed like in the Diaspora) make up a true social “network”–interconnected and interoperable computing devices.

With Diaspora, you own your own data and can maintain its privacy (share, delete, and do what you want with your information), unlike with Facebook where you essentially give up rights to your data and it can and is used by Facebook for commercial use–for them to make money off of your personal/private information.

When it comes to personal property, we have a strong sense of ownership in our society and are keen on protecting these ownership rights, but somehow with our personal information and privacy, when it comes to social networking, we have sold ourselves out for a mere user account.

As loss of personally identifiable information (PII), intellectual property, identity theft, and other serious computer crimes continues to grow and cost us our money, time, and even our very selves in some respects, alternatives to the Facebook model, like Diaspora, will become more and more appealing.

So with social networks like Facebook–it is a case of love it, but leave it!

Love social networking–especially when privacy is built in–and others don’t have rights to what you post.

But leave it–when they are asking for your investment dollar (i.e. IPO) that could be better spent on a product with a business model that is actually sustainable over the long term.

(Source Photo: here with attribution to Allan Cleaver)

 

In The Year 2032 And Beyond

Trends help us to see where things are coming from and potentially where they are going.

There is a Cisco Visual Networking Index (VNI) Forecast for 2010-2015 that projects global IP traffic (voice, video, and data) and the numbers are ginormous!

Here are some highlights from their highlights for where we will be in only 3 years–by 2015:

– Annual global IP traffic will reach one zettabyte (which is about 100 million x all printed material in the U.S. Library of Congress (which is 10 terabytes)).

– Devices connected to the network will be 2 for 1 for every person on this planet (and many people who live in 3rd world conditions do not have any devices, so what does that say for how many devices the rest of us have?).

– Non-PC traffic (from TVs, tablets, smartphones, more) will reach 15% and is more than doubling every year (makes you think about when you fridge and toaster are going to be connected to the Internet).

– Mobile Data traffic is practically doubling (or 92%) annually meaning a growth of 2,600% over 5 years (and according to the New York Times (5 Jan 2012) “The Top 1% of Mobile Users Consume Half of The World’s Bandwidth” and the top 10% of users consume 90%!).

– Video traffic (TV, Video on Demand, Peer to Peer, etc.) will be almost 2/3 (or 62%) of all consumer internet traffic (and services like YouTube, Skype, FaceTime, Hulu are WebEx all play a role as we want to see as much or more than hear what is going on).

The takeaway for me from all this is that truly information transmission is exploding over the Internet, and we will continue to need more advanced technologies to “pipe” it all to where its going and do it faster than ever.

However to build on these forecasts, over the longer term (further out in time, so more risky, of course)–say 20 years or so–some of my colleagues and I studying at National Defense University project the following:

– Rather than transmitting voice, video, and data over the Internet, we will be focused on transmitting thoughts (mental activity rather than spoken) and transmitting matter (like the Transporter on Star Trek).

– Transmission of thoughts will occur in real-time, through persistent connections, probably implants in teeth, glasses, subcutaneous, etc.

– Safety and health will be monitored through these same “connections” and medicine or other physiological treatments for routine things will be administered remotely through the same.

– Education will be through instantaneous zaps of information to your brain (like in The Matrix) from a universal database, rather than through traditional in-class or online courses.

– Like now, the contextual policy and legal issues will be around privacy and security–and you will need to pay dutifully for each in a world where not only what you say and do, but rather what you think, can get you in lots of trouble.

Okay, for these things to happen by 2032 is probably a little aggressive, but don’t rule any of them out over time.  😉

The Star Wars Internet

I just love the creativity of this Star Wars-like animation video to explain how we communicate over the Internet (using the guidelines of Transmission Control Protocol/Internet Protocol, TCP/IP).From the initiation of the data packets to the transport over the LAN, WAN, and Internet, and through the routers, switches, proxy servers, and firewalls. The data is packed, addressed, transmitted, routed, inspected, and ultimately received. This 13 minutes video explains Internet communications in a simple, user-centric approach. It helps anyone to understand the many actors and roles involved in ensuring that our communication get to where it’s going accurately, timely, and hopefully safely. I guess to make this really like Star Wars, we need the evil Darth Vader to (cyber) attack and see how this system all holds up. Where is Luke Skywalker when we need him? 😉 Great job by Medialab!