To get notices of new blogs via email, click here:

Wednesday, December 29, 2010

Reporting Internet crime

We interrupt this cyber privateer flight of fancy to pass along instructions from your federal government on how to report cyber crime ("We're from the government and are here to help you!"). Just go to this Justice Department Site for clear, concise instructions on what to report and where to report it. We now return to our regular…programming.


Tuesday, December 28, 2010

Morris Jones named to my Cyber Privateer Fantasy League team

My contention that the hardware supply chain is vulnerable to piggyback virus snippets (harmless in and of themselves but capable of exploitation by criminals or rogue governments) demands that a "hardware wizard of the first waters" be on my Cyber Privateer Fantasy League team. For this reason I nominate ├╝berguru Morris Jones to my august troop. I met Morris back in 1981 (but unknown to us both, he did some work for me back in 1974). Egad, so it's been almost 36 years that we've associated with each other! Let me tell you a little about him.

Back in 1974 I needed a synthesizer keyboard interfaced to a Data General Nova computer, so I went to a professor in the Brigham Young University EE department (Richard Ohran) and asked hiim if maybe he could have one of his students do a project to interface a UART chip (that's Universal Asynchronous Receiver Transmitter) to my keyboard, so the synthesizer would look like a typewriter device to the computer. Unbeknownst to me, Professor Ohran assigned the job to Morris Jones, which I didn't find out until…

…about 1981, when I moved to San Jose, CA from the Boston area. I met Morris, who then was a hardware wizard for Amdahl. A short hey-wouldn't-this-be-cool conversation quickly converged on the synthesizer story. Turns out I still had the synthesizer and it had worked flawlessly lo all those years. Morris and I have been friends ever since. After Amdahl, Morris went to SEEQ, a memory company founded and run by Gordie Campbell. He then followed Gordie to Chips and Technologies, where Morris became their senior scientist.

About that time, circa 1986, I was having lunch with Morris and Gordie Campbell and mentioned I'd dearly love to have a computer/telephone interface to run my business. Since I'm a hired gun who doesn't want to have any employees, better computers and smarter phones are the only way for me to project more power into the Universe. During that lunch, Morris said, "Hey, that would be really easy to build!" And Gordie Campbell said, "Hey, I'll fund the company." What emerged was a company called The Complete PC. Not only did I get a swell phone system that could answer a call and then track me down for the caller, but I even got to do some really cool ads like this one:
Intel eventually bought Chips and Technologies, and Morris retired from Intel. He is now puttering around, teaching Electrical Engineering at San Jose State University. 

I could regale you with stories about my exploits with Morris Jones (like our partnership in Mother Jones' Son's Software Company), but that is far beyond the scope of this blog. Needless to say, my Cyber Privateer Fantasy League team needs a hardware wizard to both ferret nefarious schemes out of (and craft designs for insertion into) the hardware supply chain. 

Monday, December 27, 2010

How about a "Get Out of Jail Free" card?

Interesting that some politicians who have been well and truly paid off by special interest groups would introduce a bill (the Cybersecurity Act of 2009) with a provision for "mandatory licensing of cyber security professionals." Boy, there's nothing like hiring a guy with a government-issued certificate to make me feel all warm and fuzzy. It gives me the same feeling of well-being as going to get my hair cut by someone certified by my state cosmetology board. Don't get me wrong. I understand that "the fix" is in—for everyone from organized labor to beltway bandits to higher education to non-profit (wink, wink) organizations with highly paid bureaucrats at their head—to keep cyber space safe for the world. As recently as August 28th of this year, Information Week carried a puff piece for a bunch of self-proclaimed certification authorities. Boy, look at how fast Silicon Valley snapped up computer whizzes who had their treasured CDPs (Certificates of Data Processing). After all, how else can a corporate customer be assured his vendor is properly trained? Huh? How else?


I suggest that an enterprising group of future Cyber Privateers could fund early development of The Perfect Virus by running their "Get Out of Jail Free" verbiage in a clip-out ad (also accessible from their Website). They could say something to the effect, 
"We'll show you how badly you need us. Have an authorized representative sign our get-out-of-jail-free card, and within 24 hours you'll be peeling your CFO's scalp off the ceiling. And you'd better tell your management committee to bring in some clean undergarments, because they're going to need them."
Back in 2000, my friend Adam Joseph was president of ICSA, and I proposed he run the following ad in Time Magazine. His board of directors vetoed the ad. Too bad. I believe ICSA could have been the premier hot-shot security firm on the planet if they'd complied with my motto: "God Hates Cowards." Selah.

By the way, who would you hire as a security consultant? Some bozo with a government-authorized certificate, or an NYSE-listed company that (heh, heh)  ran an ad like the one above?

I once went into an Oracle ad meeting with Larry Ellison. He'd just finished interviewing a Computer Science PhD for a job on his development team, and couldn't contain his amusement at the fellow. Larry had asked him about a co-worker Oracle was also interviewing, and the candidate said in total seriousnes, "Oh, doesn't he just have his Masters degree?" Larry didn't give the PhD a second interview.

Friday, December 24, 2010

Great unverified Larry Ellison quote

"The only way the ORACLE RDBMS will ever be delivered to Russia is in the nuclear warhead of an ICBM."
When MIke Wilson was interviewing me for his book The Difference Between God And Larry Ellison, he asked me to corroborate the above quote. I couldn't, since I'd never heard Larry say such a thing. But I told Mike that it sounds exactly like something Larry would have said. Mike never corroborated the statement, so it didn't find its way into his book.

For the past few months, I've written to a lot of old friends, trying to confirm whether or not any of them heard such a pronouncement from Larry, and all but one have responded that they could not verify it. As for the one, well, he's been ducking me ever since. No return emails. No return calls from my voice messages. So I can't say for sure that such words ever left Larry's lips. But to use a line from one of my all-time favorite western movies, The Life and Times of Judge Roy Bean, "Maybe this isn’t the way it was…it’s the way it should have been."

I believe Larry said those words—even though Oracle is now penetrating Russia just as it is the rest of the world—because Larry is the master of the calculated overstatement. Perhaps he was trying to land a big defense department license sale for Oracle. Who knows? Spending as much time as I did with him over the six years I created ads for him, I heard many equally flabbergasting prophecies. Which is why I named Larry Ellison to be the leader of my Cyber Privateer Fantasy League team.

Maybe Larry didn't say that the only way the ORACLE RDBMS will ever be delivered to Russia is in the nuclear warhead of an ICBM. But he should have.

QUOTE VERIFIED BY ONCE SOURCE IN MY POST ON JANUARY 29, 2011

Thursday, December 23, 2010

Wanted: Chinese spies

On November 11th I published the IP addresses of Chinese attack servers hammering on my little Linux box. Just this week I published my 3rd unanswered request to the FBI about cyber criminal activity. And on December 13th as I talked about Universalization (principle #18 of The Perfect Virus), I suggested, "It is likely China will be developing (or maybe has already developed) one-of-a-kind technology with which they will conduct cyber warfare." So today I'd like to turn the tables. If you are a Chinese dissident reading this blog from an anonymous proxy server, and if you have specific software or hardware architectural details on (a) unpublicized zero-day exploits; (b) code for super virus software; (c) new Chinese-based hardware architectures; and/or (d) a new Chinese cyber war operating system, then please send me SFTP technical access information in a comment to this blog. I will see to it that the information gets dropped into the hands of the NSA as well as the Black Hat organization. But most importantly, I promise to publish a summary of the technical data in this blog (My motives are not altruistic; I absolutely positively don't want some spooks showing up and torturing me to death just to make sure I don't know anything). Yep, that's the novelist in me.

You know why I am doing this: I'm yea verily irritated at the Chinese attacks on my little worthless Linux box.

But why would you want to do this? I will not insult you with a litany of anti-Chinese rhetoric. And I'm not holding up the USA as the world-wide paragon of virtue. Instead, I'm simply proposing that freedom is better than servitude. If you share that value, you know what to do.

Wednesday, December 22, 2010

My Cyber Privateer Fantasy League team

In a perfect world—one with a rational Congress that wanted to solve the cyber crime/war problem rather than cater to the special interest groups who make big campaign contributions—we would issue Letters of Marque and Reprisal to licensed and bonded cyber privateering organizations. And in that perfect world, I'd like to be an angel investor in a company run by the five nominees to my Cyber Privateer Fantasy League (CPFL):
  1. Larry Ellison
  2. Marc Benioff
  3. Jeff Walker
  4. Nancy Harvey
  5. Suresh Madhavan
  6. Morris Jones (added 28 December 2010)
I've hyperlinked their names to my nomination post. If I add more individuals to my first-string team, then I'll come back and modify this list with the appropriate link. I don't plan to add individuals that I don't know or with whom I haven't personally worked. Someday, if I ever have a best-selling novel or maybe attend the premier of a movie based on one of my novels, I'll host a dinner for these individuals. A good deal of the fun I have in life is introducing people who subsequently share an adventure together. These five people would have one heck of a cool adventure as the premier cyber privateering organization on planet Earth. And they'd make their stockholders an awfully lot of money. In a perfect world.

Tuesday, December 21, 2010

Suresh Madhavan named to my Cyber Privateer Fantasy League team

Today I'm naming PointCross founder and CEO Suresh Madhavan to my Cyber Privateer Fantasy League team. Originally from India, this brilliant iconoclast once roomed with Stephen Hawking (A Brief History of Time and The Grand Design). Given his off-the-charts intelligence, the pair-up was no accident. This non-linear thinker is the kind of a guy who, if his son decided to play little league baseball, would cut down an Ash tree to make the boy his own bat. Suresh has done everything from designing hydrofoils for racing boats to architecting a non-relational context-driven way of handling business data. And his go-for-the-throat business sense is legendary, since he routinely solves staff incompetence amongst his customers by betting the offending idiot fired (a process I jokingly call "outplacement with extreme prejudice").

Suresh would play quite well with other members of my fantasy league. His hydrofoil designs would probably give Larry Ellison's racing yacht another couple of knots. He smart enough to give Jeff Walker workable alternative architectures. His sense of right and wrong would resonate with Marc Benioff and My "Mrs. Black" Communications and Parley officer Dr. Nancy M. Harvey.

Finally, Suresh is the consummate warrior. Not long after the 9/11 terrorist attack, we were chatting about the world situation. I love "net-net" situation one-liners, and out of the blue Suresh said, "Why the hell haven't we nuked Mecca?" A good warrior net net, right? Always on the lookout for gut-wrenching headlines, I catalogued this for future use. A few years later, one of my buddies had bought the Wendover, Utah airfield where the Enola Gay and Box Car bombers were outfitted to spectacularly end the war with Japan. The city of Wendover had asked my friend to come up with a billboard to promote tourism to the Utah side of the town. The Nevada side of Wendover was glitzy with casinos and golf courses, being just over the border from Utah. But the Utah side of Wendover looks like…well…it kind of looks like the Enola Gay and Bockscar planes tested nuclear payloads on it. Rusted mobile homes, cars up on blocks in the front yard, poorly maintained streets. So my friend came to me in July of 2004 and asked my help in coming up with a billboard to promote tourism to the Utah side of Wendover. I remembered Suresh's comment and created the following 14-foot high by 48-foot wide ad:
My buddy was so thoroughly horrified that he never even presented my idea to the Wendover city fathers. In fact, he didn't even ask me to come up with an alternative idea. Come to think of it, we haven't spoken more than 25 words to each other in the last 6 years. Was it something I said? Come to think of it, Wendover, UT probably wouldn't have wanted many Muslim visitors driving Yugos filled with explosives.

It is with great pleasure that I name the brilliant and profound Suresh Madhavan as my next Cyber Privateer Fantasy League team member.

Monday, December 20, 2010

Dear FBI, my 3rd request

The single biggest reason we need to privatize cyber security with self-funding cyber privateers is that no centralized organization, funded by tax dollars, can possibly keep up with the onslaught of criminal enterprises. On November 5th, I went throught the www.ic3.gov Website for the SECOND TIME to complain about cyber criminals hijacking my dead friend's email so they could peddle cut-rate drugs. My first request was October 22nd. I haven't heard anything, so below is my note to them from today, posted again on the IC3.gov site under "additional information" for my complaint:
"I sent my original complaint on Nov 5, 2010. It is now December 20, 2010 and I have received no communication from you indicating that anything has been done. Do you seriously think I'm going to approve of additional tax dollars going to your organization? How about turning some licensed, bonded Cyber Privateers loose, armed with Letters of Marque and Reprisal. They'll get your job done and it won't cost the taxpayer a nickel. See www.TheMorganDoctrine.com."
And just so you'll know I'm not blowing smoke up your kilt, my IC3 Complaint number is  I1011051123313961.

Dozens of times since my first posting, I've received email from my friends' hijacked email accounts (at least they were living friends) with just a Web site selling discount drugs from "my friendly Canadian pharmacy." Now since the site opens a money trail where credit card transactions can be facilitated, any cyber privateer worth his salt (and armed with an attack toolset even 1% in compliance with my previously published 22 Principles for Creating The Perfect Virus) ought to be able to make a pretty penny looting the bank accounts of the parent criminal organization responsible for this rather massive effort. I say "massive" because it appears they've thoroughly breached the security of both Yahoo! mail and AOL mail accounts.

Every time I see a news story of yet another municipal, state or federal effort to get more tax dollars to fund cyber crime efforts, I can become rather poetic. What mental pigmy can possibly come to the conclusion that more tax dollars to fund a larger (unresponsive) bureaucracy is the right solution?

Honestly, if someone has a better solution to cyber crime (and even preventing Chinese/Russian misbehavior from escalating into full-blown cyber war) than private, licensed, bonded Cyber Privateers, I'd love to hear it.

Saturday, December 18, 2010

The Perfect Virus: All 22 principles summarized

On November 23rd, I began enumerating the 22 Principles for Creating The Perfect Virus. I completed that project yesterday, and herein include a chronological summary. They are listed in order and hyperlinked to the original post. Based on Jeffrey L. Walker's original monograph on the 22 principles of the perfect application, this project helped me create the technological background for my sequel novel. It may serve another important purpose also, and that is to motivate the United States to take the concept of full-blown cyber war much more seriously. Worst case, though? While cyber war is a throw-away plot element for my novel, because fiction is driven by characters and not by clever plot elements, some pretty great technology has emerged from some of my favorite military science fiction authors and specifically from Piers Anthony's Macroscope. It is to Mr. Anthony that I owe the inspiration for principle #7 below: Black Box Portability. So here they are, my 22 principles of The Perfect Virus.
  1. THE PRINCIPLE OF OVERSIGHTThe Perfect Virus must be unbreakably subservient to oversight. Whether from a dead-man's switch, a "disable" command string, or even a visual/image, there must be at least two ways (permanent and pause-mode) to make the virus stand down. The virus must also be able to drive a coordinated attack on another system, or receive penetration instructions from a "superior officer" coordinating an attack on its own system.
  2. THE PRINCIPLE OF FERAL FERTILITY: In yesterday's post on principle #1, Oversight, I contended the reason that The Perfect Virus needed reliable off-switch or pause capability transcended a mere moral argument. Simply, without compliance to principle #1, you cannot achieve Feral Fertility. Feral Fertility demands that The Perfect Virus not only spawn geometrically, but it must be able to mutate or even kill itself or its own spawn to avoid either its or their detection. It must be able to sense available nesting areas via wireless technologies (such as Bluetooth) or in peripheral EPROMS for reseeding.
  3. THE PRINCIPLE OF SELF AWARENESS: This is the second-most difficult principle to enforce in a virus (the most difficult of which will be #7, that of Black Box Portability). Please do not confuse self awareness with consciousness, that metaphysical quality of being that's only achievable by sentient beings. What I call self awareness, IBM's Paul Horn described on October 15, 2001 as "autonomic computing." Specificaly, self awareness is that quality that allows The Perfect Virus to not only generate/re-generate/heal itself, but flawlessly maintain itself in the absence of oversight from any outside source. In its roughest sense, this would be analogous to performing an appendectomy on yourself.
  4. THE PRINCIPLE OF PERFORMANCE: The Perfect Virus provides high performance by minimizing memory usage, instruction path lengths, and database operations within itself and within its spawn. Ideally, the virus will metamorphose (discussed in greater detail in principles # 5 through 10) into tight, machine-language code.
  5. THE PRINCIPLE OF SEAMLESS MIGRATION: The Perfect Virus can seamlessly migrate all or part of itelf from one technology environment to another. I'll discuss several dimensions of this quality in the next five postings.
  6. THE PRINCIPLE OF MUTATION CONTROL:  Because a virus projects itself geometrically (see principle #2, Feral Fertility), it must quickly recognize the presence of siblings and take appropriate action. The Perfect Virus can recognize pre- and post-versions of itself in order to cede control to the more highly evolved version.
  7. THE PRINCIPLE OF BLACK BOX PORTABILITY:  The Perfect Virus can deduce a totally alien environment and adapt itself iteratively to become native (see upcoming principle #9) to that environment, and it must do so without human intervention. Black Box Portability is the Holy Grail of all Perfect Virus principles.
  8. THE PRINCIPLE OF OPENNESS:  The Perfect Virus is extensible from and to legacy systems, from anything there ever was to anything there ever will be.
  9. THE PRINCIPLE OF NATIVE IMPLEMENTATION: The Perfect Virus fits underlying hardware and software as though exclusively written for them. This is not only an important goal as discussed in principle #4, Performance, but you will see how critical it is to principle #14, Stealth. And clearly, Native Implementation is exceptionally hard to achieve in an alien architecture (see principle #7, Black Box Portability).
  10. THE PRINCIPLE OF NO COMMON DENOMINATORThe Perfect Virus exploits the strengths of underlying hardware and software, even when those strengths are not universally available.
  11. THE PRINCIPLE OF PROSUMPTION: The Perfect Virus is designed for "professional consumption" or Prosumption (a word coined in 1972 by Marshall McLuhan and Barrington Nevitt in their book Take Today, p. 4), to allow the user to spawn and control their own attack fleets with zero IT support. I hesitate to use the much-overused term "dashboard" to describe this, but The Perfect Virus really must have the ultimate dashboard if it is to be used by a privateer knowledgeable in politics, warfare, and  tactics but not necessarily a computer science prodigy. 
  12. THE PRINCIPLE OF IMPLICIT SOPHISTICATION:  The Perfect Virus is a prime example of Implicit Sophistication in its compliance to the other 21 principles enumerated herein. Specifically, zero IT support, Self Awareness (principle #3), and absolute Stealth (principle #14, to be covered on Wednesday) are the definition of sophistication.
  13. THE PRINCIPLE OF STRATIFICATION: The Perfect Virus is layered to eliminate maintenance, automatically add new functionality, facilitate not-yet-invented innovation, and (once the layer has outlived its usefulness) strip out functionality as demanded by Performance (principle #4),  Stealth (principle #14 to be discussed tomorrow), Mutation Control (principle #6 as dictated by principles #8-10), or a change in goal or policy as communicated from the dashboard under Prosumption (principle #11). True, Stratification is really an enabling methodology to facilitate Mutation Control, and it's certainly possible that a future technology may replace this principle. If so, Stratification will…heh heh… allow this to happen.
  14. THE PRINCIPLE OF STEALTH: The Perfect Virus is invisible before, during, and even after it pulls the proverbial trigger to deliver its payload. The destructive aspects of the payload will closely enough resemble a fully formed virus that postmortem forensics will be fooled into thinking that the still-virulent payload was indeed the virus, but the real delivery system will either seed itself invisibly or outright destroy itself to avoid detection and analysis. For those of you who have done your homework and watched the DVD movie Zombieland, this is "Zombie Killer Rule #2: Doubletap." When you shoot a zombie, do it at least twice if you know what's good for you. Ditto for systems your virus is infecting.
  15. THE PRINCIPLE OF COMPLETE LIFE CYCLE MANAGEMENT:  The Perfect Virus not only manages each stage of its own life cycle, including the ability to find and incorporate later stages of itself that it finds in its Feral Fertilitycycle (principle #2) into its current stage of Mutation Control (principle #6), but can be managed externally from the Prosumption (principle #11) dashboard by a human controller.
  16. THE PRINCIPLE OF TEAM ISOLATION:  The Perfect Virus dashboard (described in Prosumption, principle #11) provides each team, indeed each team member (although we will cover this in more detail in principle #20, Individuality) with an effective, independent workplace.
  17. THE PRINCIPLE OF OPERATIONAL SOPHISTICATION:  The Perfect Virus lets armies, teams or individuals use the Prosumption (principle #11) dashboard to work on groups of entity occurrences as though they were single occurrences.
  18. THE PRINCIPLE OF UNIVERSALIZATION: The Perfect Virus transcends mere globalization by implementing Black Box Portability (principle #7), allowing it to deploy in any combination of language, cultural, technological or species environments. Not only does The Perfect Virus thrive in all past, present or future technologies on this planet, but it will "grock" any conceivable cybernetic mechanism that presents itself (ie; that queries) to the existing virus host.
  19. THE PRINCIPLE OF SIMULTANEITY: The Perfect Virus spawns applets capable of doing many things at once. And since it obeys principle #5 (Seamless Migration), it can be multi-threaded not only on the same machine but on different machines, architectures, and operating systems as well. This is also beneficial to Stealth (principle #14), in that distributing MIPS and machine cycles can reduce the chance of getting detected through abnormal clock usage. Naturally, you'll have to piggyback on legitimate network packets or the not-so-perfect virus will give itself away through network traffic anomalies.
  20. THE PRINCIPLE OF INDIVIDUALITY:  The Perfect Virus provides a user dashboard (Prosumption principle #11) that lets each person create and use an optimal work environment, including a unique view of penetration and viability, to exactly meet their intellectual preferences and capabilities.
  21. THE PRINCIPLE OF INSTITUTIONAL MEMORY:  The Perfect Virus aggregates genetic memory—from previous Mutation Control (principle #6) trails, failed attacks or suicides documented as part of Feral Fertility (principle #2), and various other penetration metrics reported to the Prosumption (principle #11) dashboard—into an Artificial Intelligence (AI) help desk mechanism for leaders as well as individual workers. The AI uses Institutional Memory to compute the probability of and the timeframe for success at each state of an operation.
  22. THE PRINCIPLE OF DEFENSE:  The Perfect Virus has defenses that make Sigourney Weaver's Alien monster look like a mildly incontinent house pet. It can be directed to so fundamentally change the DNA of the host system that eradication will destroy the host, intelligently and forever. Think of it as a genetic mix of the fictional Alien and Predator (a la Arnold Schwarznegger) species. Armed with Jesse Ventura's chain gun. In fact, rent or buy and then watch the Aliens vs. Predator DVD. It'll give you some additional virus Defense scenarios to consider.
Given a choice between making headline news for articulating the principles for The Perfect Virus or being one of the "guest authors" on the television show Castle who sit around the poker table discussing ways they'd solve a mystery in their novels, hands down I'd wish to be on Castle. Of course I wouldn't mind managing a little payback to the Chinese and Russians who've been attacking my Linux box, but I'd want to do it legally and above board. And I suppose those exploits might make headlines, but I truly prefer to deal in fiction. I'll leave reality up the folks who have the stomach for receiving body parts of friends and relatives from criminals and rogue governments that are retaliating for having been well and truly hammered by cyber privateering activities.


Friday, December 17, 2010

The Perfect Virus principle #22: Defense

As indicated in my post of Monday, 11/22/2010, I am extrapolating Jeff Walker's Principles for the Perfect Application into a discussion of The Perfect Virus. Since Jeff's monograph on the subject did not anticipate stealth or suicide mechanisms, any errors or lapses into stupidity are solely my additions and should not reflect poorly on what I consider to be the biggest single contribution to software application design since the invention of computers. And Jeff, thanks for giving me permission to do surgery on your baby.
THE PRINCIPLE OF DEFENSE:  The Perfect Virus has defenses that make Sigourney Weaver's Alien monster look like a mildly incontinent house pet. It can be directed to so fundamentally change the DNA of the host system that eradication will destroy the host, intelligently and forever. Think of it as a genetic mix of the fictional Alien and Predator (a la Arnold Schwarznegger) species. Armed with Jesse Ventura's chain gun. In fact, rent or buy and then watch the Aliens vs. Predator DVD. It'll give you some additional virus Defense scenarios to consider.


You now have The Perfect Virus. You maintain Oversight (principle #1) via the Prosumption (principle #11) dashboard. The Perfect Virus is gifted with Self Awareness (principle #3) and combines Feral Fertility (principle #2) with Mutation Control (principle #6). Black Box Portability (principle #7) lets it spawn a Native Implementation (principle #9) of itself on stuff that hasn't even been invented yet. And Stealth (principle #14) means it gives your nightmares their own nightmares. 


You want a scenario? Got Bluetooth? Got a Ford? Boy are you screwed! Consider the plight of the "Russian Mafia" system manager who discovers you are using his server as a zombie to wreak havoc on China. Rather than do something really smart, he decides to pull the plug and take his system off the net:

  1. A countdown timer appears on his SysAdmin screen with the message: "Yo, Ivan Smirnoff, husband of Lena and father of Peter and Violet. You have 120 seconds to get this system back online or a natural gas explosion is going to destroy your home on 666 Gorbachev Boulevard along with anyone in it."
  2. Ivan jumps into action and tries to reach is wife Lena on the cell phone. Ivan hears a recorded message: "I will not allow you to complete a cell phone call or a landline call. You now have 90 seconds to reconnect to the Internet."
  3. Suppose Ivan is a hard case and doesn't believe you. Suddenly his video phone vibrates and shows a military satellite high-resolution image of his house on his street, with a countdown timer. Well, Ivan is feeling a little more confident, because he notices that his wife's new Ford is not parked in the driveway. Like I said, he's a tough cookie and would rather call a bluff than risk the ire of his Russian mob bosses by letting the system go back into zombie mode. Curious though, he watches the timer go to zero and his house go…away in a fireball.
  4. A voice comes from his phone, now in speaker phone mode. "You wife and children are running an errand in your new Ford, as you must have suspected. Too bad the car is using the latest embedded Microsoft operating system. You can hear them but they can't hear you." Ivan is then treated to the panicked voices of his wife and children as the car accelerates and decelerates on its own."
You get the idea. My guess is that Ivan will quickly get his system back up and running, after which a human controller from his Prosumption (principle #11) console can talk Ivan off the ledge and give him a slot for a Parley discussion if he feels he's been immorally treated. Perhaps fearful for his life, he'd appreciate it if assured (in flawless Russian, by the way) that the entire incident had been recorded from the security cameras he didn't even know his employer had installed and will be sent to his boss's boss with the message that Ivan had better stay in good health or far worse things would happen up and down the organization thank you very much and have a nice day.

Suppose a rogue government is trying to backtrack through your virus command and control system? A cyber privateer organization might just turn the probing computers into useless slag. Forever (embed a vicious little destruction bug in every EPROM, every Bluetooth device, every thumb drive). If more sophisticated (ie; hardened) systems are involved and this is not cyber privateering but full blown cyber war, the probing systems might be treated to video from an out-of-control high-speed train about to sail into Beijing at 240 mph.

You've heard of the "no-contact" telephone list (which so-called non-profit organizations seem to ignore anyway). How about a no-contact email or IP address? Buy insurance from a cyber privateering organization that will publish your no-contact data and promise to wreak havoc on any violators? Come on Australia, you could become the world's biggest economy by offering this service! I'd pay $100 a month for such a personal policy. Yo Marc Benioff, I'll bet there are corporations that would pay your death star dot com at least $100,000 per month to eliminate all probes, spam and phishing. Of course, you'd have to move that subsidiary to the host country that issues your Letter of Marque and Reprisal. 

Yep, the best Defense is…an absolutely disproportionate response to bad Internet citizenship. Quoting another of my favorite science fiction authors, Robert Heinlein, "An armed society is a polite society." And let there be no doubt about a new world order and unified government. We didn't need a Ronald Reagan-esque alien invasion to bring about a unified world government. We just needed the Internet. In my opinion, the core constitution of the new world government could begin with The Cyber Privateer Code

To the Chinese and Russian hackers having fun trying to break into my harmless little Linux box, have a nice day. Your nice days may be numbered, and there's nothing at all that the ACLU can do about it.

The best Defense is control of…The Perfect Virus. 

Thursday, December 16, 2010

The Perfect Virus principle #21: Institutional Memory

As indicated in my post of Monday, 11/22/2010, I am extrapolating Jeff Walker's Principles for the Perfect Application into a discussion of The Perfect Virus. Since Jeff's monograph on the subject did not anticipate stealth or suicide mechanisms, any errors or lapses into stupidity are solely my additions and should not reflect poorly on what I consider to be the biggest single contribution to software application design since the invention of computers. And Jeff, thanks for giving me permission to do surgery on your baby.
THE PRINCIPLE OF INSTITUTIONAL MEMORY:  The Perfect Virus aggregates genetic memory—from previous Mutation Control (principle #6) trails, failed attacks or suicides documented as part of Feral Fertility (principle #2), and various other penetration metrics reported to the Prosumption (principle #11) dashboard—into an Artificial Intelligence (AI) help desk mechanism for leaders as well as individual workers. The AI uses Institutional Memory to compute the probability of and the timeframe for success at each state of an operation.


Institutional Memory contains:

  1. Tactics that have worked in the past;
  2. Tactics that no longer work in certain areas;
  3. Windows of opportunity that may close soon;
  4. Performance analytics sliced and diced by personnel and organizational performance, financial yield, historical timeline, etc.;
  5. Hardened sites and their defensive countermeasures;
  6. Cumulative Genetic Memory (a la Frank Herbert's Dune novels); 
  7. Mutation history analytics, including timeline;
  8. Parley statistics (conversations invoked due to the institution's compliance with the Cyber Privateer Code) and resolution analysis;
  9. Competitive statistics obtained from run-ins with other privateering/virus-launching organizations; and
  10. Rule-based escalation analytics to immediately notify the command chain of exceptional situations.
The above examples show the importance of maintaining an Institutional Memory that's self normalizing, dynamic, and can not only be queried from the ARRGH (the Astructural Recon & Raid Generation Hyperlanguage) facility but, as is important in any AI environment, also offers the ability to ask "Why?" when an explanation for a given logical inference is questioned. For example, if a dashboard suggests a low probability of success for a given exploit, then management may require the individual operator to drill down the logic chain in order to mitigate high-risk scenarios. The AI's answer to the "Why?" question may give a road map for eliminating certain risks and thereby increasing the probability of success past a minimum-acceptable threshold.

Over time, the Institutional Memory AI will become the crown jewel of any cyber privateering enterprise. In fact, M&A (Mergers and Acquisitioins) activity may depend upon sharing and/or combining Institutional Memory assets of multiple organizations. And an IPO (Initial Public Offering) may require audit by a trusted third party.

Tomorrow will be the final principle, #22: Defense. And I confess, it's the one that let me take some giant leaps of fantasy as I considered the defensive arsenal made possible by The Perfect Virus. Stay tuned.