To get notices of new blogs via email, click here:

Monday, September 30, 2013

Phishing for $$: "Hi, we're the Windows support team!"

Got an interesting phone call today from somebody named "Ricky" who claimed he was with the "Windows support team." The number displayed on my caller ID was 1-333-260-2212. When I asked him if he was an employee of Microsoft he said "We support Microsoft who made your Windows computer." I asked him to give me a call-back number for security purposes, and he gave me 1-888-514-1650. When I then asked him which operating system was in question, he said "All of them." I then informed him that I do not run any Windows computers and terminated the call. I googled the 888 number and got a whole page of complaints about their scam.

I tried to get Ricky to spell his last name for me, but his Indian accent was so pronounced that I gave up. The closest thing I could get was "Vhdl."

Too bad I couldn't leave a voice message on the 888 number, which I'm sure would have been monitored by the NSA (they don't have a leave-a-message option). Something implying the specifics of a terrorist plot. Trouble is, I wouldn't want my phone traced. But hey, if I went to an off-brand smartphone store, I could make such a call on one of their demo units. I could press "1" for customer support, ask for Mohammed, and then start a terrorist rant.

Nah, that would be wrong. Wouldn't it?

Thursday, September 26, 2013

Why Larry Ellison is the Captain of My Cyber Privateer Fantasy League Team

For those of you who didn't follow the America's Cup race, Ellison's Oracle team came from an 8-to-1 deficit to retain the America's Cup by a 9-to-8 margin. In short, Larry knows how to wage war and properly lead the troops. He's the only executive on the planet who would stand a chance of securing the Internet and (in a Tony Stark-like lap around a Senate hearing room) proclaiming, "I have successfully privatized world cyber peace!"

I suggest anyone interested in the art of modern warfare take a look at the final Team Oracle press conference (see it here). At about 52 minutes into the YouTube video, skipper Jimmy Spithill was asked to override Larry's refusal to talk specific boat technology and tell what they did to the boat after they "broke the code" for performance. What a class act! Spithill replied:
"I was just winding you guys up. We didn't change a thing."
For six years I spent one, sometimes two afternoons a week with Larry. It was quite an education. For those of you who want to "go to school" and learn how to win, this press conference could provide lesson material for a whole college semester.

Congratulations, Larry!

Monday, September 23, 2013

Data Exhaust: It's Time for Larry Ellison to Save the U.S. Software Industry

Two headlines today do a more effective job of building my case for licensed and bonded cyber privateers. The first, from Computerworld, shows how former U.S. software customers are running overseas because of the "NSA spying fiasco" (see story here). The second story from its sister publication Networkworld has the headline, "NSA wants even closer partnership with tech industry" (see story here). If this trend continues, there will not be any U.S. software industry.

When's Tony Stark (in real life, the head of my Cyber Privateer Fantasy League, Larry Ellison) going to do a victory lap around a Senate Security Committee meeting? Of course, he'll be proclaiming, "I have successfully privatized world cyber peace!"

Okay, Larry. Take some time to win the Americas Cup race. Then get down to saving the U.S. software industry. Hey, you've already saved the world from biblical incineration (see my introduction of Larry here).

Thursday, September 19, 2013

Snowden And The Seven Dorks: What's Next?

Today's excellent summary of Edward Snowden's NSA hi-ho-hi-ho-off-to-datamining-we-go leaks in Computerworld (see the story here) has a not-so-subtle metaphor in the children's tale of Snow White and the Seven Dwarfs (…make that Dorks). Only there may be a lot more than seven. So far we have (my own favorite childhood names come from the1937 movie):

  1. Bashful: Google would like to come clean, but…
  2. Doc: Naturally it's (.doc) Microsoft (see post here)
  3. Dopey: Reserved for the FBI (see posts here and here)
  4. Grumpy: Apple
  5. Happy: Facebook
  6. Sleepy: U.S. Allies around the world
  7. Sneezy: Yahoo (see my story about Yahoo Swiss-cheese security here)
Believe me, the above list is nowhere near complete. But then, metaphors always have a way of falling to pieces in the harsh daylight of reality. Stay tuned, kiddies!

Thursday, September 12, 2013

Excerpt From DADDY'S LITTLE FELONS (and why every smartphone ought to come with a lanyard and a QIK Internet account)

I strongly suggest there is a great market for smart phone lanyards and premium QIK Internet accounts. Not only would this allow instantly streaming video to the Internet while your hands (and feet) are otherwise occupied, but this capability might mean the difference between beating a criminal charge or doing some serious jail time. To illustrate my point, here is an excerpt from Chapter 7 of Daddy's Little Felons. Enjoy!

I turned left in front of the Grand America hotel and spotted two men about fifty yards behind, one of whom I recognized from the Kendrick hearing. I wondered if he’d gotten a belt since our last encounter. It wouldn’t be at all cool if his pants fell down during our next conversation. His companion looked about the same size, which meant they thought the two of them could handle me. Deciding not to risk involving bystanders in the hotel elevator lobby, I walked down the underground parking ramp from the outside. Once out of their line of sight, I hurried even faster toward my car. Luckily, less than a dozen cars occupied the space near the elevator, which meant we’d have the garage to ourselves. It also meant that the inevitable security cameras near the elevators would put any physical activities in context. But to be sure, I hung my cell phone from a lanyard around my neck and connected through the hotel’s Wi-Fi system to a streaming video. Both sound and video would instantly stream to the Internet, creating a record of the encounter. If I played this fair and square, notwithstanding greater risk to myself, Lyle Kendrick might have some friends and family with whom to while away the hours behind bars in Draper. Greater risk to myself, because I’d have to let them make the first solid move, as opposed to my OPA philosophy—that’s Overwhelming Preemptive Assault philosophy—intercepting the first incoming fist and pulverizing everything in sight with overwhelming retaliation. 
The two guys following me didn’t take any great pains to do it stealthily. Interesting. Maybe they hoped I’d run from them. Or die of fright. Or let me get my car door half open before rushing and pinning me half way into the seat. Upon reaching the car I examined their reflection behind me from my tinted glass windows, and they didn’t appear to come armed, walking with their arms loosely hanging away from their bodies the way weight lifters strut around the gym—or the prison yard—after getting pumped up. 
“Hi, guys,” I said, turning slowly to size up the visiting team. Then, to Lyle’s look-alike, “You must be a Kendrick?” 
“You owe me an apology,” he replied. 
“They don’t teach manners in the trailer park, huh?” I said. “My name is Morgan. And you are?” 
“I’m Lavar. Lavar Kendrick,” he said. He didn’t seem to take my trailer park comment as an insult, possibly wondering instead how I knew where he lived. Gesturing to his companion, “This is Lamar Kendrick.” 
“Lyle’s brothers?” I asked. 
“Yep,” said Lavar. 
“Cousin,” said Lamar. 
“Like I said, you owe me an apology,” restated Lavar. 
And at that moment, I realized I probably did owe the poor blighted soul an apology. Sure, he’d been about to vent his frustration on a poor defense attorney, but I’d humiliated him in public just after his brother had been thrown into the slammer. Maybe the two of them had endured quite a few beatings in their respective lives. Maybe the abused hadn’t yet become the abuser, and Lavar’s problem solving skills had evolved past physical confrontation. I decided to cut him some slack. 
“You’re right, Lavar. I guess I do owe you an apology,” I began. Neither one of them could make eye contact without looking up at me, and I hoped they’d use my apology as an face-saving excuse to back off. “I was just trying to stop you from giving that poor attorney a heart attack. The pants thing just happened.” 
Alas, Lavar didn’t take my apology in the spirit I’d intended. Instead, he did his smirk toward Lamar, incorrectly assessing my honest apology as cowardice. Then back to me, “Too little. Too late, Morgan.” 
“So I don’t suppose you’ll let me buy you guys a beer and call it even?” I asked. 
“You’d probably get arrested for walking into a bar without your pants on,” smirked Lavar. 
“Ah, quid pro quo,” I said. 
“What’d you call me?” said Lavar, flexing to keep his pump-up going. Lamar looked equally confused and flexed, too. 
“Boys, that means eye for an eye. Pants for pants.” 
“Yes it do,” said Lamar, wanting to keep up his end of the conversation. 
“Too bad you feel that way, Lamar, Lavar,” I sighed. “Let me therefore apologize in advance.” 
“In advance of what,” said Lamar. 
“I truly didn’t want to hurt you guys, but you’re not leaving me much choice.” 
The faintest shadow of concern registered as Lamar’s eyebrows seemed to grow together. He looked about to step back, but Cousin Lavar seemed to miss the implication of my pre-pology. He snickered and said, “We’ve taken down big guys before.” 
“In a bar fight, maybe,” I said. “Fair warning. I’m a US Navy SEAL. Team Three if you know anything about SEALs. I’ve seen a lot of combat, and I could whip ten of you. So, last chance Lamar and Lavar Kendrick.” 
I repeated their last name, for my streaming video record. 
“Don’t forget Cousin Laverl,” said a voice behind me. Obviously, he couldn’t get to me with the car to my back, but perhaps he wanted me to turn so the other two could sucker punch me. My only risk in not assessing the threat might be a baseball bat to the head, but I mitigated against that threat by stepping away from the car and toward the two guys in front of me. Laverl would have to throw his bat, if he had one. 
My forward motion threw off the timing of Lavar’s round house punch, which glanced off my shoulder, instead of my jaw. Lamar also stepped forward, which accelerated his throat into my two right knuckles headed for his larynx. Luckily, I pulled the thrust at the last instant, thereby saving Lamar’s life. But even the pulled punch put him out of the fight, which I knew it would. Lavar had quickly followed his right-hand round house with a left jab to my solar plexus, and it might have hurt me if I didn’t have the reach advantage. A split second after I’d slugged Lamar in the throat, the heel of my eft hand slammed into Lavar’s unprotected chin. Combined with his forward momentum, the force snapped his head back and into a garage supporting post. He bounced rather nicely with eyes rolled back before he hit the ground. Now, where was that little scamp, Cousin Laverl? 
I turned to see a wide-eyed statue on the other side of my car. He hadn’t moved since his opening line of the scene. A quick glance behind me at Lamar on his hands and knees and breathing, albeit with difficulty, reassured me that I hadn’t killed the poor devil. Maybe time for an olive branch? 
“Laverl is it?” I said. “You want to take a crack at me, that’s fine. Or you can give me a hand with your cousins to make sure I haven’t hurt them too badly. Your call.” 
He came around the car, both hands with palms raised and facing me. “Okay, mister. Whoever you are, we don’t want any more whup-ass.” 
“Good call.” I knelt by Lamar and massaged his throat. “Relax man, you’re panicking and that’ll just make it harder to breathe. I’m not going to hurt you unless you give me a reason to.” 
Laverl was shaking his unconscious cousin. “Lavar?” 
“Is he breathing?” I asked. 
“Y-yeah, he is,” stuttered Laverl. 
“Good,” I said. “I’ve got a bottle of water in my car.” 
I opened the car door, the remote-proximity feature of the key in my pocket unlocking it, and grabbed a bottle of water from the door pocket. After squirting a little into Lavar’s face and seeing a quick shudder, I handed it to the now sitting Lamar. “Take a very small sip of this water.” 
He accepted the water tentatively, as if expecting the bottle to get jammed down his throat or into an eyeball. 
“Okay, Mom, I’ll go feed the chickens,” came Lavar’s voice to my left. 
“He’s probably got a concussion,” I said. “Would you guys like a ride into emergency? Lamar ought to have his throat looked at. If his larynx is bleeding, he could drown in his sleep.” 
Both Lamar and Laverl stared at me in disbelief. Lamar croaked something unintelligible and then shook his head to decline the offer. Laverl got the gist of the message and said, “Lamar’s truck is on the corner. We can take it.” 
I helped Lamar to his feet. Laverl grabbed the semi conscious Lavar and walked between them toward the parking lot ramp. Lavar looked up and around, probably wondering how he got here, and Lamar carried my water bottle in his free right hand, using the left to steady himself against his cousin. 
“I’m serious, Laverl,” I said. “I know your name, and if you don’t go to emergency and something bad happens to either one of these guys, me and a bunch of SEAL buddies are going to pay you a midnight visit.” 
“Yes sir,” said Laverl. I watched them disappear up the ramp, and turned off my telephone streaming video. My one or two video followers would probably have some fun passing around the link.

IMHO, the most serious problem with Google Glass is lack of stealth. A simple lanyard attachment to any smartphone and an instant-streaming account with a video online repository (like QIK) is a  necessity in these dangerous (read that as "litigious") times.

Wednesday, September 11, 2013

Syrian Data Exhaust: "Assad Na Zdorovie, Obama Nyet!"

In my last post, I hypothesized that either Russia or China were arming the Syrian Electronic Army with cyberwar technology (thanks to Jerry Pournelle's and Larry Niven's novel Footfall, I had a metaphor to describe how such a group of incompetents as the SEA could mount such sophisticated attacks on The New York Times and on the USMC website). Given that Russian President Vladimir Putin has openly stated Russia will provide Syria with a missile shield should the U.S. launch an attack (see story here), there may not be enough to convict Russia in a criminal court. But any Las Vegas bookmaker would be crazy to bet against that hypothesis. So yes, it's the Russians. China, I'll let you off the hook this time. But only this time.

Wednesday, September 4, 2013

DATA EXHAUST: Who's Helping The Syrian Electronic Army? China or Russia?

How do the bumbling nincompoops in the Syrian Electronic Army manage to get their own servers hacked and yet do some fairly sophisticated hacking themselves (I suggested decent hackers would use DNS vulnerabilities in my post of almost three years ago—see item number 5—which you can read here)? The answer, once again, was predicted by my friend and science fiction author Jerry Pournelle (with Larry Niven) in their novel Footfall. In this hilarious piece of fiction, a elephantine race called the Fithp manages to leapfrog technological evolution when they stumbled upon advance alien technology. Not understanding a tenth of what they had, the Fithp set out to conquer earth using kinetic weapons they feel is metaphorical to their own understanding of dominance. And they can't grok why humans won't let them put their big elephant-like feet gently on human heads as a symbol of mankind's surrender. No, they don't want to crush human heads. They just want what they regard as obvious symbolic surrender. Humans should let them put those big feet lightly on their human heads. This analogy is a lot like the Syrian Electronic Army.

This bunch of troglodyte Iranian-backed numbskulls have clearly gotten their hands on a few early versions of sophisticated cyber weapons developed by outside sources. Perhaps those outside sources wanted plausible deniability as they conducted the equivalent of nuclear testing. Give this "gang who can't shoot straight" a couple of decent cyber weapons, and then watch them have some fun.

Further "data exhaust" proving my point is the Twitter rhetoric of the Syrian Electronic Army, who promises worldwide cyber war if the U.S. attacks Syria (for the record, I think a U.S. attack of Syria is stupid on too many levels to articulate in this venue). Their threats are oddly reminiscent of Saddam Hussein's "Mother of all wars" pronouncements prior to commencement of his own bitch slapping. Again, elephant brains with sophisticated weapons they didn't create themselves.

Data exhaust from the Twitterverse (using now-publicly-unavailable Quantum Leap Buzz Pattern Based Analysis—hey, I live in a state of grace and sit on the Quantum Leap board of directors) suggests either China or Russia are SEA's cyber arms dealers. Right now, my gut tells me China is arming the mullah mothers. But then, I have an old bone to pick with China and their attacks on my now-decommissioned Linux servers (see my diatribe of almost three years ago here).

Time will tell whether or not I'm on target. I'm personally staying tuned to Brian Krebs' eventual dissection of SEA's toolset. That ought to get some imamaries in a twist.