Monday, October 25, 2010

Cyber privateers must be allowed to hit bad guys' bank accounts

The possible deal killer for legalizing cyber privateering is best articulated by Richard A. Clarke and Robert Knake in their book CYBER WAR: The Next Threat to National Security and What to Do About It. Clarke writes: 

"…In the real world, my own attempts to have NSA hack into banks to find and steal al Qaeda's funds were repeatedly blocked by the leadership of the U.S. Treasury Department in the Clinton Administration. Even in the Bush Administration, Treasury was able to block a proposed hacking attack on Saddam Hussien's banks at the very time that the administration was preparing an invasion and occupation in which over 100,000 Iraqis were killed. Bankers have successfully argued that their international finance and trading system depends upon a certain level of trust.

"The U.S. decision to withhold attacks narrowly targeted on the financial sector also reflect an understanding that the United States might be the biggest loser in a cyber war aimed at banks. Even though the financial services sector is probably the most secure of all the major industry verticals in the U.S., it is still vulnerable. 'We've tested the security at more than a dozen top U.S. financial institutions, as hired consultants, and we've been able to hack in every time,' one private-sector security consultant told me. 'And ever time, we could have changed numbers around and moved money, but we didn't.'"

Net-net, the politicians have put banking off limits because, well, that is our greatest vulnerability. Kind of the equivalent of the nuclear M.A.D. (Mutually Assured Destruction) philosophy. Two serious arguments against this philosophy as far as privateers are concerned:
  1. International criminal organizations and rogue governments use the banking system extensively; and
  2. As Willie Sutton pointed out, "That's where the money is." The only way for a cyber privateer to "monetize" the assets of target organizations is to go after their liquid assets.
One of the questions I often ask in creating guerrilla warfare marketing programs for clients is, "What is the worst thing a competitor could do to you?" The first response is generally bravado and claims that they fear nothing a competitor could do. Of course, I always have a follow-up question: "Oh, then it wouldn't worry you if they did this…" Whereupon I suggest what I'd do to them if I were a named competitor. I'm instantly greeted with silence, and a lot of very bright people suddenly find something quite interesting about their own shoes. One prominent international icon forcefully told me to keep the idea to myself forever and never ever let it fall into the hands of a competitor. In another case, years after the fact, I shared my idea with someone I'd recommended targeting. That individual actually changed his name so no one else could ever use the play on words I'd suggested. Maybe I'll share that story in this blog someday.

Which brings me to rules of privateering engagement as they relate to international banking. Banking is our biggest vulnerability. It's certainly not North Korea's, nor is it particularly important to the jihadists sitting in caves with laptops powered by portable generators and linked to the Internet via satellite phones. They're going to go after our banking assets as soon as they can figure out how. But international cyber criminals are using banks to launder their money. Rogue governments are stashing kickbacks and paying their minions using the banking system. In fact, by declaring international banking inviolate, we're just handicapping ourselves. You know the bad guys don't have any problem looting bank accounts where appropriate. Further, it could be argued that international banking is complicit in criminal activity.

Thus, our hands-off attitude toward international banking could be the single biggest obstacle to fighting the cyber war and to legitimizing cyber privateering.

1 comment:

  1. Wow, you are one of the few bloggers out there that I know of that are seriously exploring the concepts of Letter of Marque and privateering. I will put your site up on my blog as a resource for others. Take care.


Implementation suggestions for THE MORGAN DOCTRINE are most welcome. What are the "Got'chas!"? What questions would some future Cyber Privateering Czar have to answer about this in a Senate confirmation hearing?