Monday, January 31, 2011

"Navy Short of Tools to Detect, Nab Cyber-Intruders"

If I could run an ad promoting cyber privateers as a key to our national defense, I'd just link to this blog from today's National Defense Magazine.  Their headline reads, "Navy Short of Tools to Detect, Nab Cyber-Intruders." The headline should have replaced "Navy" with "The Whole Stinking Government and 99% of the Private Sector." And I only said 99% on the off chance that somebody out there has a skunkworks project to quietly "Identify & Kneecap" (or I&K) cyber intruders. I don't have first-hand knowledge of any such I&K operations, but there's just gotta' be one. Doesn't there?

Saturday, January 29, 2011

Larry Ellison quote verified by one source

"The only way the ORACLE RDBMS will ever be delivered to Russia is in the nuclear warhead of an ICBM."
On December 24th, I posted the above as an unverified Larry Ellison quote. Well cyber privateers, thanks to my thousands of readers and one trusted friend from years ago, I have confirmation. The following email came in on January 27th:
By the way, I personally heard Larry say: "The only way the ORACLE RDBMS will ever be delivered to Russia is in the nuclear warhead of an ICBM." He said it to me several times in front of training classes of new hires.
 Clearly, Larry is the master of the calculated overstatement, since Oracle is not only active in Moscow but in Beijing and in other Eastern European countries (Hey, Google it for yourself!). General publishing prudence demands that a quote be verified by at least two independent sources. I have one down and at least one more to go. I'm sure another will pop up. Too many people are reading about cyber privateering, now. Word spreads. I'll await another confirmation via someone I know from…the good old days. Possibly one of those who attended an Oracle training class my friend cited in his email. There are apparently two Moscow Oracle offices (I can't read Russian and could use some translation from one of the many Russians who follow this blog, but here's the Google map):
I still can't come up with a similarly inflammatory quote of my own concerning payback to the Chinese and Russian cyber attacks on my little Linux box. But I'm working on one. Who knows? Maybe a really colorful line or two will emerge from the mouth of a fictional character in one of my novels. And to Mike Wilson, author of The Difference Between God and Larry Ellison, sorry I didn't come up with a source for you when you were researching the book. 

I do however have a bone to pick with you, Mike. On page 165 of the hardcover edition of your book, you introduced me by saying: "Bennett, who had helped write the ad equating Oracle to SQL/DS and DB2, possessed all the qualities Ellison was looking for in an adman: He was bright, he was creative, and he was by no means a slave to the literal truth." Doggone it Mike, I am a slave to the literal truth! Which is why neither me nor my clients have ever been sued for one of my ads. I use technological intimidation to cut through all the hyperbole and spinning of the truth. For the record, I completely agree with and live by the definition: "A lie is any communication the intent of which is to deceive." Period. My Cyber Privateer Code of Ethics probably explains my visceral reaction to the cyber criminals who try to present false credentials in order to get into my Linux system. Someday there will be an accounting, and I'd really like my name somehow be tied to the payback mechanism. Fair warning, bad guys. Fair warning. 


Friday, January 28, 2011

Infecting an alien architecture, Part III

In my first two posts on infecting an alien architecture (part I and part II), I discussed how one might implement principle #7 of The Perfect Virus to facilitate Black Box Portability. This principle is the Holy Grail of viral infection as fictionalized by Piers Anthony's seminal novel Macroscope, and is the key to a real cyber defensive weapons arsenal. It's defensive in nature because the alien intelligence must "present itself" to the system before The Perfect Virus can respond and wreak havoc (or politely say "Hello E.T., what'chu want?"). In today's Kurzweil newsletter (my daily bible of innovation in technology), they report on a team of Spanish and Australian researchers who have "…taken a first step towards a scientific method to measure the intelligence of a human being, an animal, a machine or an extra-terrestrial." They calculate the "Kolmogorov complexity" using mathematic and computational concepts (the original article is posted on the Physorg.com Web site). The authors claim:
The most direct application of this study is in the field of artificial intelligence.
Au contraire, pussycats. The most direct application of these ideas is to quantify the computing power of an alien architecture presenting itself to known systems. How fast is it? Is it multi-threaded, massively parallel, or quantum architecture? Of course, it wasn't worth the $35.95 they want for the full paper, since I'm less interested in the concept of "intelligence" than I am in grokking the "cognitive architecture" of an alien system.

My from-a-distance "net net" of their using "…mathematical and computational concepts in order to encompass all these conditions…" is that they haven't yet stumbled onto a few more more obvious ways to evaluate an alien system. Then again, I'll limit my "Einstein thought experiments" to my next novel.

Thursday, January 27, 2011

No terrorist nukes in NYC…

Well, there were no terrorist nukes in NYC on May 27-28, 2008. I reported Tuesday on the H3Tec nano-ionic resonance scanner. About six months after we ran the ad in Chicago's USA Today, I made a special trip to New York City to spend two nights racing bicycle messengers all around Manhattan while using the H3 to scan for kilogram-sized chunks of weapons-grade nuclear materials. Since I put between 3,000 and 7,000 miles a year on my bicycle, and since spring is a really fun time to bicycle around Manhattan, I decided to kill two birds and go play superhero. Here's the ride map for the two evenings of May 27th and 28th captured from my Garmin GPS (and merged using Photoshop):
The yellow lines denote my path, and I tested for nuclear material every mile or so and for a radius of about two miles. Each night, I made my ride between 8:00 PM and 1:00 AM. Again, this is a terrific time to cycle around Manhattan! To my disappointment and/or relief, nothing popped. I'm glad, because I didn't have a solid plan for dealing with a positive hit. Somehow, the "A-Team" motto of playing it by ear and then exclaiming "Ain't it great when a plan comes together?" probably wouldn't have worked out for me.

Yes, I could have triangulated not only the location but the elevation of the materials. But then what? Dial 911? Interesting conversation: "I'd like to report weapons grade nuclear material at 666 Madison Avenue…Well, I picked it up on my H3 scanner…No Maam, I'm not wearing a tinfoil hat…" You get the picture.

Or I could tap on the window at the suspect location and ask the security guard to show me around. Trouble is, if he was in on the plot you'd be finding pieces of me all over Saudi Arabia. Worse yet, my visit could have spooked the jihadists into detonating their nuke. Then, of course, I wouldn't be writing this blog. Nor would a lot of my NYC audience be reading it.

One thing is certain: I couldn't possibly have left New York City without doing something. Getting on a plane to save my own skin simply isn't a part of my DNA. I met some really cool guys, sprinting to pass bicycle messengers and chatting up three-wheeled sightseeing pedal taxis. I told one of the pedaling taxi guys that he had a GREAT job. He said I should try it, because I could make a lot of money. So I told him about a venture capitalist friend of mine in Silicon Valley, whose son quit his job to be a bicycle messenger around San Francisco. The cabbie thought the boy made a perfect career decision. Maybe he did.

As soon as the weather turns nice, I might take another bicycle ride around Manhattan with my trusty H3 scanner (maybe one of my new friends will let me take his three-wheel taxi for a spin). There was a lot of cocaine downtown, and a lot of nitrates (aka serious ammunition) up around Harlem (I probably won't be taking any more midnight bicycle rides around Harlem, though). Back in my own neighborhood, though, there are some possibilities when they finish the $1.5 billion cyber security center in Utah. I ride my bike by there at least three times a week. Maybe I could read some USB-based data from a safe distance (just kidding guys, just kidding).

It is too bad nobody in the Moscow airport had an H3. The guy with the bomb wouldn't have gotten within a mile of the place.

Wednesday, January 26, 2011

Is Intel willing to bet $10 million?

Today's Computerworld reports that Intel is "Developing a security game-changer'" that will "stop zero-day attacks in their tracks." Yeah, right. Sorry guys, but The Perfect Virus will eat your lunch. Don't believe me? Then put up some real dough and give some cyber privateers a Get Out Of Jail Free card. Make it $10 million, and  you would do more to save the world from cyber criminals and rogue governments than could all the politicians placed end to end. Given The Perfect Virus and the nano-ionic resonance technology about which I posted yesterday, nothing is safe without a complete ground-up redesign of the TCP/IP and the entire Internet. Nowhere, at no time, and no way can Intel deliver a zero-day-proof technology on today's infrastructure.

Intel CTO Justin Ratner has been listening to pure smoke from their newest acquisition, McAfee, who was a second-tier signature-based security company. I suggest you have them put their money where their mouth is, and peg all their acquisition-performance bonuses to delivering on that outrageous promise. Either they get the dough, or the cyber privateers who crack their bold new idea get the dough. Either way, we win. If nobody collects on the offer, then they've delivered and will have our eternal gratitude. But if they pay, they will have substantially created the first cyber privateer war chest. Hopefully the winner will…"use that power only for good."

Tuesday, January 25, 2011

Breakthrough privateering hardware: H3Tec™ nano-ionic resonance

Back in October of 2007, I found a "genius of the first waters" named Chuck Christensen who claimed to have made "…the most important scientific breakthrough since the invention of the transistor." Called nano-ionic resonance scanning, he claimed his technology "…can detect any element, molecule, or sequential list of elements and molecules at great distances and through any shielding. ANY shielding." Chuck further claimed to have located lost oil drilling bits at depths of 3,000 feet and to within 5 meters. After playing with the device for a weekend, I created the following ad for him, which ran in the Chicago edition of USA Today:
We even had a great online explanation and demonstration of the technology. But bad luck being what it is, neither Chuck nor I knew that my old friend Ed Zander was about to leave Motorola. As a result, Chuck and his company have been spending the last four years gainfully employed doing contract mineral exploration. He loaned me one of the devices on the condition that I DO NOT contract my services in any way shape or form, so I've satisfied myself with little neighborhood experiments and finding the occasional piece of lost jewelry around the house. The H3 is currently being used to detect IEDs in the Middle East. As a writer of fiction, however, my imagination explodes with possibilities for using this remarkable technology. Here are a few:

  1. Imagine parking an H3 unit on an overpass above a major highway, and radioing the license plate numbers of vehicles carrying drugs or explosives to highway patrol or federal agents waiting up the road. 
  2. Use a drone aircraft flying over Iran to give exact GPS locatins (including depth) of weapons-grade nuclear components. Naturally, Israel might use this data a little differently than the USA or maybe the UN. One thing is certain: H3-generated intelligence might have yielded better WMD data prior to Operation Iraqi Freedom.
  3. Finally, because the H3 "excites" the elements for which it is looking, an admittedly far-out use of nano-ionic resonance would be to actually plant The Perfect Virus in stationary devices that are not connected to the outside world and are located deep underground or behind formidable defensive barriers. Yes, this is one or two major PhD dissertations away, but wow, consider the possibilities.
  4. It's not inconceivable that nano-ionic resonance could be used to read the contents of deeply hidden flash memory devices.
Fact or fiction? Hey, I'm just a writer spinning yarns. But so were Jules Verne, Piers Anthony and Arthur C. Clarke. Those guys dreamed up some pretty cool stuff. So has Chuck Christensen.

Monday, January 24, 2011

Former DHS's Allen: "We don't need privateers."

In a remarkably interesting New York Times story Saturday about the "private CIA" of Duane Clarridge, former top intelligence official for the Department of Homeland Security Charles E. Allen said,
"We don't need privateers."
He was of course referring to the "private CIA" of Duane R. Clarridge, a man who left the CIA over twenty years ago to form his own private network of spies. I may appear schizophrenic here, but I almost agree with Mr. Allen. Almost. If he defines "privateer" as someone who skulks around on enemy territory in a black hat, essentially committing treason on foreign soil, then I agree with him. In my October 20th blog on privateer analytics, I pointed out that the body count (a 78% capture rate) was pretty daunting. There are two reasons I don't recommend putting actual bodies in harm's way:
  1. Getting foreign nationals (or even expats) to commit treason on foreign soil is just plain wrong. If you're a citizen of a country you'd better be a law-abiding citizen. "Give unto Caesar…" is the rule of the day.
  2. For an individual entity to put lives in jeopardy by having them sneak around in the dark is inconsistent with doing things in an open and above-board fashion. This is why I put "unambiguous notification" and the "right of parley" into my draft of The Cyber Privateer Code. This is a code of honor and of accountability, a code of integrity and justice.
Now, let me be schizophrenic. If Mr. Allen meant that all privateering is abhorrent, including cyber privateering, then I must profoundly disagree. Cyber privateering is a way to make cyber security profitable to the government, by allowing a controlled but nevertheless disproportionate response to incursions on US government and business sovereignty. Cyber privateering is electronic warfare at the very highest ethical standard. It requires legal justification (hence, a Monroe-like doctrine I call The Morgan Doctrine), letters of Marque and Reprisal issued by Congress, and oversight by a financially responsible bonding authority. 

Kudos to the New York Times for researching this story on Mr. Clarridge's private CIA. This is journalism at its best. Almost on a par with the Guardian in the UK and their December 10th enumeration of world reaction to WikiLeaks, which I think still stands alone in complete journalistic treatment of that story. 

My last word and reaction to Mr. Allen's "we-don't-need-no-stinking-privateers" attitude is, sir, we really do need CYBER privateers.

Saturday, January 22, 2011

A "righteous" hack: Hollywood

Over the years, it's gotten tougher and tougher to find CEOs with the guts to mix it up with the competition, to go head to head in an all-or-nothing battle for survival. Back in 2001, the investors in a unique "DVD hack" technology came to me for help. The company had figured out a way to let you filter various elements out of DVD movies, all without modifying the original movie media (which has since been ruled copyright violation by the courts). Their CEO was a scrappy guy named Bill Aho (now a partner at Sage Point Group) who was willing to take on Hollywood, Jack Valenti (who died in 2007) and the Directors Guild. Here's the Wall Street Journal ad I created and that ran in December 2001 for a great company called ClearPlay:

I love the tag line I coined for them: The Technology of Choice™. The Hollywood crowd went absolutely apoplectic over anyone who modified their final product. And they buried ClearPlay in lawsuits. While they were successful in putting the guys who modified movies out of business, they failed miserably with ClearPlay. In fact, Congress threatened to pass legislation specifically authorizing ClearPlay-like technologies. "The Technology of Choice" means families can choose to eliminate elements they find objectionalble, from profanity to gratuitous sex to several levels of graphic violence.

I remain a ClearPlay client to this day, which means I could have the grandkids over to watch Zombieland (a superbly entertaining movie that I've referenced before in this blog) without subjecting their young minds to all that profanity. Having spent my life in advertising, I know how easy it is to hardwire people's brains (see my posts on Infecting an alien architecture, part 1 and part 2, as well as The Perfect Virus principle #7, BLACK BOX PORTABILITY). And once they're hardwired, it's damn near impossible to rewire them. That's why ClearPlay's DVD hack is so important. Hook a young mind on porn, and that child will never EVER have a truly meaningful and loving marriage relationship. And those who don't think entertainment wires the brain and changes behavior are either ignorant, stupid, or malevolent.

The Technology of Choice! Now THAT'S a righteous hack. I strongly recommend ClearPlay to people who want to give their kids (and their own adult addictive behavior tendencies) a fighting chance at happiness in this life.

Too bad I couldn't get the CIA to run my anti-terrorism ad. As I understand Islam, if you bury a devout suicide murderer in a pig skin, he is unclean and cannot enter heaven, collect his 72 virgins, etc. Would it have made a difference? We'll never know how this might have "infected" the alien noggin. But it sure gets a laugh when I give speeches.

Friday, January 21, 2011

Philosophical musings on cyber privateering

In yesterday's post wherein I considered an alternate hypothesis about Russian involvement in Stuxnet, I tried to put my own motives into context. Longshoreman/philosopher Eric Hoffer did a better job in The True Believer (NAL edition, 1951, p. 128]:
The genuine man of words himself can get along without faith in absolutes. He values the search for truth as much as truth itself. He delights in the clash of thought and in the give-and-take of controversy. If he formulates a philosophy and a doctrine, they are more an exhibition of brilliance and an exercise in dialectics than a program of action and the tenets of a faith. His vanity, it is true, often prompts him to defend his speculations with savagery and even venom; but his appeal is usually to reason and not to faith. The fanatics and the faith-hungry masses, however, are likely to invest such speculations with the certitude of holy writ, and make them the fountainhead of a new faith. Jesus was not a Christian, nor was Marx a Marxist.
I began my infatuation with cyber privateering (my solution to cyber crime and cyber war threats) as a throw-away plot element in a novel. Somewhere along the way, I started to think (perhaps arrogantly) that my little idea had some legs. So evidently do a growing number of readers. But as I tell myself that this is a pretty good idea, the words of Eric Hoffer have more than once sprang back into my mind, as if echoing my mother's advice not to take myself so seriously. This is advice I often gave to my clients; "Don't believe your own press clippings."

With regard to the "man of words" who brings about new ideas, Hoffer goes on to chronicle his fate. Simply, as soon as a movement reaches critical mass, the ruling class must figure out a way to get rid of the founding father. They hung Jesus on a cross, and modern-day revolutionaries tend to get a bullet in the brain for their troubles. Thought-leaders and innovators tend to be a royal pain, maybe a little too quick to point out the flaws of the management team who has been tasked with executing their bright ideas. Bureaucrats absolutely hate leaders. And as I've said before, managers get letters of commendation from the home office while leaders get letters of reprimand.

On the plus side—and as a method of self preservation, should cyber privateering ever get off the ground in reality—I have envisioned three mechanisms whereby the "purity" of my idea can be built into the DNA of the program:

  1. My Cyber Privateer Code is a decent foundation for equity and self-sustaining/self-policing processes.
  2. The Perfect Virus is a piece of unique technology that a benevolent and possibly non-profit organization could not only license to bonded cyber privateers but also use to keep them in line. They could essentially say, "Honor the Cyber Privateer Code or we'll take you out of the picture forever." Or as Mel Brooks penned it, "It's good to be king." Well, as long as the king is more like Arthur and less like Hati's Papa Doc Duvalier or Russia's Joseph Stalin.
  3. Finally, if we ever did get a Joseph Stalin or Papa Doc Duvalier in charge of privateer oversight, I've got to have faith that somewhere, someone will be smart enough to come up with a more-perfect virus and bring down the despot. The framers of the US Constitution envisioned a similar recourse, should the system ever become too corrupted.
Jeff Walker, one of my Cyber Privateer Fantasy League nominees, is a master of building self-managing processes into organizations. Years after he left Oracle, most believed that he still ran the Oracle Applications Division just because his processes kept the organization on track. Hopefully, my Cyber Privateer Code will achieve the same results, should this little exercise in fiction rear its newborn head in reality.

Thursday, January 20, 2011

Russia is now in the "protection racket"

I've been pondering the Telegraph story about Russia warning of an "Iranian Chernobyl" since my posting on Monday. I gave four reasons that Russia might have extended that warning. I slid over a third point, but in hindsight it's the big point: Russia is in the protection racket. Pure and simple. Period. They're not only extorting money out of Iran, but they're trying to protect that and other revenue streams from rogue governments around the world. Rogue governments like Venezuela.

Consider this my "displacement activity" after several days of considering the…sorry Mr. Nobel-winning Vice President…"inconvenient truth" that Russia has come to a gunfight with a…sickle? I've never been to Moscow, but on the off chance that they sell advertising on the walls of their airport, I'd like the Russians to imagine this backlit wall-sized ad greeting passengers arriving from the Middle East:
WARNING IN THE LOWER LEFT-HAND CORNER: IT’S JUST AS EASY TO HIDE BACK DOORS AND VIRUS HOOKS IN PLAIN SIGHT THROUGHOUT INNOCUOUS SOURCE CODE. A 3-WAY “PERFECT STORM” CAN MAKE OTHERWISE WELL-BEHAVED OPEN-SOURCE SOFTWARE BEHAVE IN REMARKABLY DAMAGING WAYS.
BODY COPY:  Iran has been named by the issuer of our Letter of  Marque and Reprisal as a rogue government. Our underwriter has bonded, indemnified, and authorized Destroying Angel cyber privateers to confiscate your assets wherever we can find them. Think twice before you deliver that trunk load of money to the Russians. They can’t protect you or your computer systems, and you may need some cash once your checks start bouncing.  
So get back on that jet and be careful where you refuel, since we may just impound your ride. 
Go home. Invoke your Right of Parley under The Cyber Privateer Code. See what conditions you’ll have to meet before we cost you billions. Because after we grab all your assets, we’re going to take you off the grid. Forever.

Comrades, one thing to come out of Wikileaks is confirmation of what bad boys you've been, selling shoulder-fired missiles and nuclear components to terrorists and whack jobs in both hemispheres. Furthermore, I've given the Chinese a hard time about attacking my Linux server, because they're doing a pretty smart job of it. You guys are not only attacking my harmless little Linux box, but I think I let you off the hook a little too easily when I blamed the theft of my dead friend's email account on the Chinese. 

I've seen no indication that your cyber skills are up to par with the Chinese. Given you share a common border, you'd better be sweating them a lot more that we do in the USA. And a few of your so-called upstanding citizens should really be nervous if our moronic government lets us take off the kid gloves and start kneecapping cyber criminal organizations. 

ALTERNATIVE RUSSIAN HYPOTHESIS:  Remember who I am and why I write this blog. I'm playing with over-the-top ideas to enhance my novels and to flesh out my cyber privateer concept. There is an alternative explanation for Stuxnet's "expiration date" and odd number of infected centrifuges harmed by the virus. If I were sitting around the poker table on the television series Castle (Season 1 or Season 2) with the other cameo-appearance mystery writers, I might just as easily propose an alternative to Richard Clarke's "US lawyers" hypothesis elaborated in my Monday post. Namely, that Russia created Stuxnet and cleverly misdirected the world to assume the USA and Israel were in cahoots. Even if this hypothesis proves true, however, it is still consistent with today's assertion that Russia is now in the protection racket. Iran had better pay up or…hey, an 'Iranian Chernobyl' could be the outcome. Selah.

Wednesday, January 19, 2011

"Hu's attacking my Linux server!"

To commemorate the visit of Chinese Chairman Hu Jintao to the United States this week, I'd like to find out why nobody's asking the hard question: "Why is China waging a cyber war against US government and private institutions, and against my little Linux server in particular?" Thanks to Bud Abbott,Lou Costello, and Jay Leno for the puns used a fictional conversation that never happened between myself and the FBI:

Me: Hu is attacking my Linux server.

FBI: How should we know who is attacking your server?

Me: Because I'm telling you.

FBI: Okay, tell us. Who is attacking your Linux server?

Me: Yes.

FBI: Yes who?

Me: That's right.

FBI: What's right? I'm just asking who?

Me: I wish you would, since he's in town visiting the president this week.

FBI: Who's in town?

Me: Yes, Hu is visiting the president.

FBI: Who's visiting the president?

Me: Yes. Have the president ask him to stop attacking my Linux server?

FBI: This is getting us nowhere. Who attacked your server, and when?

Me: Listen,  Hu is attacking my server. Forget about Wen. He's the Premier and he's still in China.

FBI: Who's the Premier?

Me: You idiot, Hu is the Chairman. Wen is the Premier. Hu is attacking my Linux server.

FBI: [gasping] I'd like to know why?

Me: Wei? For crying out loud, Wei is in the Secretariat and he's still back in China! I want you to track down Hu, with the president, and ask him to stop attacking my Linux server.

FBI: Okay [audible sigh], just where am I supposed to find who's attacking your server ?

Me: I've been trying to tell you. Hu is attacking my server. And they're probably having lunch at the Foo King Restaurant.

FBI: Sir, profanity is uncalled for. Pull yourself together and call us back when you can control your mouth. [click]

Okay, so this doesn't hold a candle to Abbott and Costello's Who's On First routine. And thanks to Jay Leno and his writers for for his headline routine years ago where someone is trying to report that the Foo King Restaurant is on fire. I've always wanted to use it.

Seriously, I'd like to someone to publicly ask Hu Jintao some hard cyber war questions.

Tuesday, January 18, 2011

The ultimate cyber privateer smartphone

Today's Computerworld story "Coming soon: A new way to hack into your smartphone" prompts me to reaffirm that The Perfect Virus is absolutely device agnostic. It will present itself as a zero-day exploit on a vanilla iPhone just as easily as on a jailbroken iPhone; on an Android or on a Blackberry, etc. Because The Perfect Virus is capable of SEAMLESS MIGRATION (principle #5 along with corollary attributes 6 through 10), it can even distribute itself amongst different smartphone architectures located within WiFi range of each other. That said, my choice for the ultimate cyber privateer smartphone would be the Android.

In the interest of full disclosure, I am an iPhone and iPad user. I like these devices and I like Apple. Yes, I have Linux and Windows computers in my network, along with a Wii and a PS3 and my trusty PSP. That said, I think Apple could have taken a more enlightened approach in making iPhone "guts" available to applications and developers. The Android is my selection for the ultimate cyber privateer smartphone because:

  1. It has all the "hooks" necessary to do pretty much anything I want to do as an end user
  2. It can do things that even a jailbroken iPhone cannot do (I'm going to keep those things confidential only because I'm well into writing my sequel novel and would prefer NOT to do an emergency rewrite when someone says, "Hey, we really ought to add that capability to the iPhone) .
  3. I like an open architecture for totally different reasons than Putin and the Iranians are abandoning closed systems, in that there are things closed systems will not let you do that I want to do (see #2 above).
  4. Most importantly, the Android is a robust enough platform that I can make it my cyber privateering dashboard (principle #11, PROSUMPTION) no matter where I am, how fast I'm running at the time, and with a pretty good dead-man's switch (principle #1, OVERSIGHT) in case things get really ugly, really fast.
There is one feature available on Androids that I once had on my jailbroken iPhone (but have since given up by going to a vanilla iPhone because re-jailbreaking a new iPhone OS release is absolutely more trouble than it's worth): Instant streaming of videos to the Internet. Maybe it's my vivid imagination, but I could see myself coming upon a crime in progress and firing up my Qik.com application , hanging the smartphone from a lanyard around my neck and saying, "Smile son, you're being streamed to millions of users on the Internet right now." Then again, I could just keep my mouth shut and do the streaming so I could later testify in court against the badly startled felon. In either case, Qik on the iPhone requires you to subsequently decide whether or not you need to upload the video, whereas on the Android (I got one for my father, who is a criminal defense attorney) the video streams to the Qik library as it is being shot. Hence, my preference for the Android (and certainly my father's preference for it, since he deals with some extremely dangerous clients who have impulse control issues).

Monday, January 17, 2011

Stuxnet about to cause an "Iranian Chernobyl"

The Telegraph story today has Russia warning of an "Iranian Chernobyl' because of a second Stuxnet payload. I don't find this hard to believe, since Stuxnet is just a delivery mechanism. It happened to deliver centrifuge bugs cleverly targeting the Iranian nuclear industry. It could also deliver other payload packages designed to make Chernobyl look like a minor X-ray mishap. The question is, who has the Stuxnet command and control dashboard (PROSUMPTION principle #11 of The Perfect Virus)? If, as Richard Clarke (author of Cyber War) suggests in the December 13, 2010 Newsweek:
Why bother with an expiration date at all? The answer supplied by Clarke is so very Washington-centric that it’s almost a dead giveaway. “All that suggests to me a nation-state actor with a series of lawyers involved in looking at the covert action,” says Clarke, whose latest book is Cyber War: The Next Threat to National Security and What to Do About It. “I’ve never seen or heard of a worm before that limited its spread.”
Makes sense to me, which also means that the US is running the Stuxnet dashboard. Lawyers run this country. The Israelis wouldn't operate with nearly as much restraint. Which means there probably won't be an Iranian Chernobyl. I can just see a State Department lawyer convincing the administration that we could be guilty of "crimes against humanity" if our involvement in some massive nuclear disaster became public.

The fact that Russia has issued the above warning tells me that they're [check all that apply] (a) miffed that they weren't smart enough to sell the Iranians roach-proof technology; (b) giving fair warning that they'll hold Stuxnet creators responsible for their loss of revenue; (c) they want more revenue from Iran and figure they can sell some protection to them; and/or (d) they're praying to whatever cosmic entity they worship that the USA and not Israel is in control of this thing.

Comrades, if the US is not running the Stuxnet dashboard…all bets are well and truly cancelled. Shalom or else.

Saturday, January 15, 2011

Infecting an alien architecture, Part II

In my January 11th post, I suggested that a complete psychological profile could be developed by watching individuals play online games. And I referenced my good friend Steve D'Angelo at Spring Lake Technologies as someone who is taking his company down this path. They are focused on building successful sales people. But today's story in the New York Times about Tucson gunman Jared Loughner's postings in an online game forum leads me to extend another invitation to Sony Entertainment, the Microsoft X-Box people, Nintendo, and every other online game maker: You can "grok" the twisted brains and "alien architectures" of violent deviants and report them to the authorities. You can quietly modify your online usage agreements, which no one reads anyhow, so your online players give you permission to notify the FBI, who I contend has jurisdiction since player deviant communication probably crosses state lines. Forget local authorities, as their level of competence is all over the board. If you doubt this is possible, at least give the psychologist at Spring Lake Technologies a phone call and have him explain it to you.

The concept of computer viruses and infecting an alien architecture goes all the way to "graywear" and the human mind, as Piers Anthony illustrated in his oft-mentioned book Macroscope. I've spent my entire professional career infecting the "human noggin" through advertising. Ask Larry Ellison at Oracle and Marc Benioff at Salesforce.com (both nominees for my Cyber Privateer Fantasy League team) how well I did that job. I helped destroy several Fortune-size companies by driving their management teams completely insane. Don't take my word for it, ask them. Or read Mike Wilson's book The Difference Between God and Larry Ellison. Or Marc Benioff's book Behind the Cloud. Both Larry and Marc acknowledge my work for them.

Heck, I even got former Morgan Stanley financial analyst (and former Oracle president) Chuck Phillips to change his name to Charles, and I didn't even run the ad. The client, Forté Software wouldn't let me. In fact, it scared them so bad they told me to destroy it, fearing that Chuck Phillips would see it and think they'd commissioned it. Of course, Forté was acquired by Sun which in turn was acquired by Oracle, so I have no problem sharing that ad with you here. I did eventually send the ad to Chuck when he was still with Morgan Stanley, hoping he'd get a laugh out of it and at least consider reporting on another of my clients. That never happened because he joined Oracle shortly thereafter, but here's the ad that made "Chuck" Phillips change his name to "Charles" Phillips:
Yeah, I know you're saying, "Hey, he signed his analyst stuff as 'Charles' didn't he?" True, but at Morgan Stanley, the telephone extension listed on his business card was 1-212-???-CHUCK". Everybody called him "Chuck." Until he went to Oracle. Then it was Charles. Every time he was introduced at speeches (ask my friend M. R. Rangaswami at Sand Hill), he was introduced as "Charles" Phillips.

So I contend that infecting an alien architecture (even the human noggin) can be accomplished, and further that spotting deviant behavior can be accomplished by observing online game playing behavior. But my assertion today is that the game companies—Sony, Microsoft, Nintendo, et al—really should consider their moral responsibility to be a tripwire. I'd be glad to debate this with the head of the ACLU like I did back in 1978 when I invented the voice stress analyzer.

Enough sermonizing. I'm now back to promoting cyber privateers as the solution to our cyber crime and cyber war challenges. Taman Shud.

Friday, January 14, 2011

Infecting an alien architecture, A NEW KIND OF SCIENCE

Black Box Portability (principle #7 of The Perfect Virus) requires (literally) a new kind of science, specifically Stephen Wolfram's seminal book A New Kind Of Science. As I've previously stated, Wolfram's book had a larger impact on my view of technology and mathematics than any other academic influence. Interestingly, Stephen Wolfram had to invent Mathematica before he had the right tools to go after the really interesting problems, as he says [p.21]: "When I first started at the beginning of the 1980s, my goal was mostly just to understand the phenomenon of complexity." He builds a compelling case that classical mathematics kept solving fairly uninteresting problems, problems that depended upon simplification in a world without computers. The kinds of "complexity" that interested Wolfram, and which led to the many cross-discipline breakthroughs discussed in A New Kind Of Science, didn't manifest themselves to him until several thousand computational iterations. More interesting still, he used classical mathematical theorems to prove that his "cellular automata" (simple binary processes that could produce incredibly complex behavior) were equally capable of solving infinitely complex multi-dimensional problems.

So if you expect to "grok" an alien architecture with what you term to be high-power mathematics, you might consider Wolfram's assessment [p.859] that modern mathematics of today "…can be seen as a direct extension of…arithmetic and geometry that apparently arose in Babylonian times." He further puts my own college major in perspective by saying that today's mathematics is "…nothing like the majority of the programs that I discuss in this book."

Unlike any textbook I've ever read, Wolfram's 338 pages of chapter notes are a more compelling discourse than the 857 pages that make up the body of his book. Furthermore, if one reads A New Kind Of Science while simultaneously trying to solve a specific problem, methodologies for solving that problem will literally jump off the page. This was my experience as I considered how to take Piers Anthony's fictional Macroscope approach to infecting an alien architecture and realize it as it applied to The Perfect Virus.

Admittedly, I'm in a "state of play" here. I wanted a plausible mechanism around which to weave my own novel. But darned if I didn't find several such mechanisms. So I'm twice humbled. Once by my Cyber Privateer Fantasy League nominee Jeff Walker, who told me I wouldn't recognize a good application if it bit me and who subsequently shared his 22 principles of the perfect application. And a second time, as Stephen Wolfram told me that my college mathematics field hadn't seen much innovation since the Babylonians. A Socrates dialogue of Plato gives me my net-net: "…wisdom is knowing what you don't know…" Turns out, the list of stuff I don't know is growing faster than the things I do know. But my humble thanks go to Jeff Walker and Stephen Wolfram for those whacks upside my head.

Will cyber privateering be a workable solution to what I consider to be a gigantic problem facing our modern civilization? Damned if I know. But it's sure fun to consider the possibilities. And China will almost certainly give us an alien architecture against which we'll have to contend.

Thursday, January 13, 2011

Giant readership spike from…Canada?

Woah fat hippo! Aren't you Canadians a bunch of pacifists? Today's readership just about doubled over any previous day, and the lion's share of the increase came from ("Beauty, eh!") my friends up north. Hey Hoser, pass me a beer. Top-10 sources of readers today are:

  1. United States
  2. Canada
  3. Spain
  4. United Kingdom
  5. India
  6. Sweden
  7. Australia
  8. Germany
  9. Belgium
  10. Brazil
Not only did Canada spike, but Spain also. Normally it's the USA and the UK in the top two slots. Spain too, eh? Go figure.

Top of the cyber privateer blog hit parade is The Perfect Virus principle #14, Stealth, followed by my summary of all 22 Principles for Creating The Perfect Virus. Admittedly, Stealth is interesting. But few are picking up the truly most exciting aspect of The Perfect Virus, its ability to "grock" and then infect a totally alien architecture (principle #7, Black Box Portability—which is at the bottom of the popularity list today). Get Microsoft and Windows out of your crosshairs, Grasshopper. Alien architectures out of China are the holy grail of cyber warfare. 

Read Piers Anthony's Macroscope and then put on your thinking hats. This is doable. And if I can get somebody to give me pile of Get Out of Jail Free cards, I may pass a few around to my more interesting readers.

Wednesday, January 12, 2011

GCN: "5 cyber threats to watch out for this year"

Today's Government Computer News story on "5 cyber threats to watch out for this year" is a bit too optimistic, in my opinion.

  1. SUPPLY CHAIN SECURITY:  That horse has already left the barn. They talk about software supply chain security. I would add to that the firmware and hardware supply chain. And the large number of people with access to Adobe's source code management system are just the tip of the iceberg. When the director of the FBI publicly asks Silicon Valley vendors to build in back doors, causing Russia and the Iranians to mistakenly think their salvation is open source software, I would contend that the supply chain is hopelessly corrupt right now.
  2. CONSUMERIZATION OF IT:  "The trend is to bring more and more unmanaged devices into the network," writes one of their quoted experts. USB devices, WiFi connections, BlueTooth, etc. make for more ignorance on the part of all consumers who blither along, trusting their "stuff" to work without conscious security management.
  3. MOBILE DEVICES:  I've been thinking of doing a blog on smart phones. Jailbroken iPhones and hacker's-dream Androids (and associated tablet platforms) are not only easy pickings, but you just have to sit in an airport and grab data as high-income travelers deplane from their first-class seats.
  4. TARGETED POLITICAL ATTACKS:  At the bottom of the scale you have DDoS responses to anti-WikiLeaks firms by script monkeys who don't know they can be caught and prosecuted, and at the top of the food chain we continue to marvel the sophisticated Stuxnet virus, which has many of the qualities I identify in my 22 Principles for creating the perfect virus. As far as I am concerned the cyber war has already started.
  5. CYBER WAR:  Here is where our current political institutions will NEVER EVER catch up, and where the only workable solution for government as well as business protection are licensed and bonded cyber privateers (yeah I know, you could see this one coming from me a mile away).
The final section of the GCN article is entitled: "On the bright side…" and says in part:
But legal consequences can effectively raise the stakes of engaging in online crime, which until now has been a low-cost, low-risk and high-return endeavor. Fortinet, a vendor of network security appliances, predicts that in 2011, there will be greater international collaboration to shut down the bad guys through the courts.

I call this "whistling in the graveyard" and think the bigger-budget/give-us-more-of-your-tax-dollars approach of a publication supporting the "usual list of suspects" (ie; The Beltway Bandits) comes to the fore. I'm not optimistic. There is no bright side, at least on this side of fiction. Selah.

Tuesday, January 11, 2011

How to recruit cyber privateers: Dear Sony Entertainment


My inspiration for creating Oracle's "The Last DBMS" ad for Larry Ellison came from none other than The Last Starfighter movie, where a kid aced a video game which turned out to be the recruiting mechanism for an alien race looking for top talent to help protect the Galaxy from outside invaders. They of course ripped off Orson Scott Card's book Ender's Game. Over the years, I've shared the idea with entrepreneur friends of mine that a really cool game could be "corporate America's" way to identify and recruit people with special talents. One of those entrepreneurs is Steve D'Angelo at Spring Lake Technologies. Imagine playing a multi-player online game (via your PC, your X-BOX or PS3) when you suddenly get a message:
The folks at IBM have been watching your online play and would like to offer you a job. Click here to set up a meeting.
Now that I've formalized all 22 Principles for Creating the Perfect Virus,  complete with the user-definable oversight dashboard (discussed in Principle #11, Prosumption), I can actually envision a pretty neat online game called (since I own the domain) Cyber Privateer. Each player gets a toolkit detailing the 22 qualities the cyber attack suite available in his arsenal, and then has to fight other cyber privateers as he or she builds a penetration campaign for fictional government, criminal and banking entities. Naturally, players would need to be informed that "Destroying Angel" or some other cyber privateer entity was watching their play, and I guess each player could choose whether or not to opt out of the potential recruitment scenario. But the possibilities are endless, some of which I list below:

  1. You could build a complete psychological profile of potential candidates just by observing their game play.
  2. You could find the best dashboard metaphors and, even if you didn't hire the individual, you could pay them to use their dashboard design.
  3. You could sell advertising that appears on billboards during game play (Sony does this now on some of the auto racing games).
  4. During a national emergency, there might be some legal way where the players could be "turned lose" on actual criminal or rogue-government IP addresses.
What a cool game, eh? Visually, you could navigate networks and hostile systems as suggested by William Gibson in Mona Lisa Overdrive. Complete with shooting, blowing things up, spawning botnets, and even launching pseudo-virus infections on the systems of competing players. 

You know, Sony, I could really get into this game.

Monday, January 10, 2011

Larry Ellison for President!

After my last post where I shared my jocular ad running Linus Torvalds for president back in 1999, I've had the weekend to consider our plight at the hands of professional politicians. I'm convinced that legalized cyber privateering can no how, no way come to pass in today's political environment. With that idea in mind, I want to float an off-the-charts-crazy idea: Larry Ellison for just one term as president?

Larry wants to own a professional NBA basketball team in the worst way (see this link).  This is the man who won and who is moving the America's Cup Yacht race to San Francisco. And I'm pretty sure this is a man with whom I'd disagree on most of the moral issues that define a presidential campaign. But doggone it, Larry understands the waging of all-out competitive warfare. And Larry understands how to identify and hire very smart people. Just one problem: the 2013 America's Cup Yacht Race. I don't think the Secret Service would permit a sitting president to race his yacht competitively. Okay, so there are two problems, since they wouldn't take kindly to POTUS going to watch his basketball team play. Unless, in both of the above cases, he were to turn those events (along with the running of Oracle) temporarily and blindly over to trusted managers. Managers like:

  1. Safra Katz and Mark Hurd, who could probably keep Oracle on course.
  2. His championship captain and crew for the America's Cup race.
  3. A tested coach and organization head for a yet-to-be-named NBA team (like Jerry Sloan and Kevin O'Connor, if Larry will commit to my friend Greg Miller to keep the Jazz in Salt Lake City, UT).
Would Larry be a handful for the religious right? Absolutely.

Would Larry drive the ACLU absolutely crazy? Guaranteed.

Would Larry win the cyber war with China, Russia and anyone else who throws down on us? You can take that one to the bank.

I named Larry to head my Cyber Privateer Fantasy League team. But as I play "WHAT IF?" games, it's just possible that America is so totally fed up with professional politicians that there are scenarios where a guy like Larry Ellison might just get himself drafted as the 2012 Republican (populist) nominee to run as President of the United States. Yes, he'd be a RINO (Republican In Name Only), but isn't that what we had with McCain. Or would have with Rudy Giullani?

Consider the possibilities, Larry. Tom Clancy eventually got his fictional Jack Ryan into the White House. Does my own flight of fancy need to remain a fictional scenario? Consider the possibilities.

Saturday, January 8, 2011

WSJ: "FBI's Mueller asks SV to build SW back doors?"

Stop the presses Wall Street Journal! It's not that I don't believe the story you ran yesterday, but I'm absolutely flabbergasted that it came out at all. What kind of complete moron lets the world know he's asking American software companies to build in back doors?
But just a few weeks before Mr. Putin publicly endorsed open-source software, FBI Director Robert Mueller toured Silicon Valley's leading companies to ask their CEOs to build back doors into their software, making it easier for American law enforcement and intelligence gathering agencies to eavesdrop on online conversations. The very possibility of such talks is likely to force foreign governments to reconsider their dependence on American technology. Whatever the outcome of Washington's engagement with the Internet, Silicon Valley will be the one to bear the costs.
Sure, I proposed in point #4 of my discussion on The Perfect Virus (principle #14 on Stealth), that compromising the Source Code Management System of major software vendors would be a priority. But my topic was STEALTH for crying out loud! You don't announce to the world that you're asking your country's bread-and-butter industry to build in back doors! Hell, technology is one of our few money crops for export. Nice shot in the foot for our trade deficit. Holy Mother of Pearl! A back door without STEALTH is just a lost sale for American software, whether or not they even considered complying with the request.


"So, Satan walks into a bar…" began Liam Nesson in The A-Team. Somewhere in the punch line of whatever joke you want to make will be the story of our telegraphed punches. If this whole story weren't so ludicrous it would be funny. Well, enough of the bad news. Now for the real punch line on Putin and Iran and all the others so justifiably offended at our public stupidity. The fact is, back doors and trap doors and dead-man switches can be hidden in plain sight, in legitimate source code that performs an indispensable function in any program. Heck, I've done it myself.

Back in 1978, I ran for the US Congress in the state of Washington (obviously, I lost). My home computer was a PDP 11/34 that took up a whole room in my house and needed both special power and special air conditioning. I had 16 dial-in phone lines coming into the system, and it really ran my whole campaign. I wanted to make sure that I could ALWAYS get into my system, no matter where I happened to be, so I built a back door into it. In otherwise critical source code, I slipped in kind of a combination lock, where three conditions had to be met at various points in the system in order for my back door to open and give me super user privileges. Without any one of those conditions being met, nothing unusual would happen. But when all three were met, "Zowie!" I'm telling you, nobody would EVER find that code or be suspicious of it, even if they had access to the source code. One wizard did look at my code, and I had to smirk when he didn't have a clue about its real purpose. So the joke is on Mahmoud Ahmadinejad and Vladimir Putin. Go for open source stuff. Please! With luck, the CIA won't be so forthcoming in their efforts to influence the open source movement. Hats off to Jack Bauer, wherever he is.

"So, Satan walks into a bar and bellows: 'Who broke into my servers?' Linius Torvalds throws a drink in his face and says…" You can finish the joke. I had some real fun in 1999 promoting Linus Torvalds for President of the United States (politics is never far from my mind) in the Wall Street Journal (yeah, I always pay close attention the good old WSJ). Here's the ad:
I have Linus's signature on a copy of the ad I tore out of the WSJ. He was greatly entertained. Which is more that I can say for myself when I read yesterday's WSJ story. Of course, The New York Times kind of carried the story on November 16, 2010. My advice to politicians who might think you're hot stuff— and want to go out and press the flesh with people who you think will be awed in your august presence—is: "Stifle that notion." I rather suspect guys like Larry Ellison and Steve Jobs are not awed by you or your self importance. In fact, they're probably laughing at you. They're busy changing the world in spite of your efforts, not because of them. Larry Ellison once hired a Clinton press secretary. The poor schmuck didn't last long after Larry discovered how high (and this is my opinion only about the individual and the event) some truly stupid people can rise in government.

Friday, January 7, 2011

How China/Russia can make (are making?) billions by slowing down the side channel

Today, Infoworld ran a story showing how high-speed financial networks are vulnerable to latency attacks. I got the story from the Kurzweil news aggregation feed (gotta give credit where it is due). Remembering how China re-routed a lot of US Government Internet traffic (they claim it was an honest mistake), I propose this is no mere pie-in-the-sky speculation. Quoting from the Infoworld story:
"High-frequency trading networks, which complete stock market transactions in microseconds, are vulnerable to manipulation by hackers who can inject tiny amounts of latency into them. By doing so, they can subtly change the course of trading and pocket profits of millions of dollars in just a few seconds, says Rony Kay, a former IBM research fellow and founder of cPacket Networks, a Silicon Valley firm that develops chips and technologies for network monitoring and traffic analysis."
Just over three years ago, I had some fun with the power of advance knowledge in a USA Today ad I created for My friend Philip Moyer the then-CEO of EDGAROnline, pointing out that hedge funds and "quant shops" pay a lot of money for advance information. But imagine the power of harnessing The Perfect Virus just to give you a little heads-up warning on financial trading networks. Then imagine the power a government-size financial war chest could wield using that information. Here's the EDGAROnline ad from September 2007:

While the Infoworld story seems to be a "proof of concept" warning, I suspect that financial network latency manipulation is already a reality.

Thursday, January 6, 2011

$1.5 billion cyber-security center

The U.S. Army Corps of Engineers and National Security Agency host a joint groundbreaking ceremony for the first Intelligence Community Comprehensive National Cyber-security Initiative (CNCI) Data Center Thursday, Jan. 6, 2011, at Camp Williams. Construction of the $1.2 billion Data Center is scheduled to be completed in October 2013.
Since I've been harping on (choose one: [a] current; or [b] future) cyber war with China, the coincidence of having a likely hub for that war being built in my back yard didn't escape me. The above photo and story in my local newspaper today made me wonder if October 2013 might be slightly too late. I hope not.

It'll be fun to see construction progress, since about 8 months a year I ride my bicycle by this site two or three times a week (I put between 4,000 and 7,000 miles  a year on my bike). Who knows, but maybe they'll rent secure offices to the first authorized cyber privateers in the US? The bad news, though, is that such a facility will be ground zero for a low-yield nuke or EMP weapon should cyber war break out.

I wonder how much it would cost to turn my entire house into a Faraday cage?

Wednesday, January 5, 2011

The New Net: UUU for Universal Ubiquitous Users

Author Douglas Russkoff says we must abandon the Internet and move on (see his remarks at Shareable.net). He is more correct that he knows. Trouble is, nobody commenting on his article can get from point "A" to point "B" with any efficiency whatsoever. From WWW to UUU. What's UUU?

The first nation/state that explicitly outlaws cyber crime and issues Letters of Marque and Reprisal to licensed, bonded cyber privateers will then be able to set up a defacto secure and safe successor to the World Wide Web (WWW), maybe called UUU (Universal Ubiquitous Users—sorry, it's the novelist in me rearing his creative head) portal. It will require a secure successor technology to TCP/IP. My nomination for that nation/state is Australia for numerous geographic and cultural reasons. I'd hoped for the USA, but I'm not holding my breath.

Is Russkoff's "New Net" inevitable? I believe the answer is a strong "Yes" for the following reasons:

  1. We will have a full-blown cyber war where at least one party to the conflict brings down the whole Internet quite permanently. That party will probably be a minor player who doesn't depend upon the Internet for their core commerce. Someone like North Korea.
  2. The TCP/IP standard is too flawed to be fixed.
  3. In the meantime, until the Internet gets well and truly smoked, a "first mover" nation/state could legalize cyber privateers and thereby create a big enough economic base to dictate a demonstrably superior new and secure standard communications protocol. The market will follow this standard because people like me (and most of Douglas Russkoff's readers) will buy hardware based on that standard as fast as it becomes available.
I don't see another path to a viable "New Net," because politicians have taken over any hope of rational thinking about standards and security. Which is why we must do this ourselves. There is a precedent from my own past: FidoNet.

Back in the 1980s, I had a client run out of money and pay me in laser printers. I had a garage full of them. So I went and traded the laser printers for a bunch of PCs, which I then set up on some extra phone lines in my home/office with FidoNet bulletin boards. Man, did those puppies get busy in a hurry! So hey, Australia! Want to be the pre-eminent cyber power on the planet. AND the home country for THE NEW NET? The only guys who will attack you are North Koreans, and chances of one of their nukes coming within a thousand miles of your shores are infinitesimal. Plus you've got good enough Aussie hackers that you could probably take out their entire CCS (Command and Control System) anytime you want to.

Eat Chinese tonight and toss some hackers on the barbie for me. I even posted a few Chinese attack server IP addresses for your target practice.

G'day, mates! "Woof, woof!" in memory of my wonderful FidoNet BBSs.

Tuesday, January 4, 2011

My legal justification for cyber privateers

I'm not a lawyer, as I indicated in my December 30, 2010 post on the federal judge's decision to whack 1-800CONTACTS in the head.  An excellent legal source for cyber crime in general and Letters of Marque in particular is Susan Brenner, a law professor who blogs on the subject. You can categorize me as a novelist looking for a way to "suspend disbelief" mixed with a technorati who is extremely irritated with attacks on his Linux server. Net net, I'm one step lower on the food chain than the proverbial "jailhouse lawyer."

Before enumerating my legal justification for legalizing cyber privateers, let me quote a few concerns raised by the above-referenced Susan Brenner in her blog on Letters of Marque as they apply to cyber crime. Quoting from her May 18, 2009 blog:
Since I don’t see how a power that is limited to seizing assets could be particularly useful in the cybersecurity context…
I think seizing assets is a useful deterrent. Yes, it will take some cleverness, but a cyber privateer armed with the right toolset (like The Perfect Virus) is clearly up to the task. Professor Brenner further writes:
I see a lot of problems with the strike-back option, the most important of which is that it can be an invitation to vigilantism. I might be tempted to do more than just make the person who hacked my system or is trying to hack my system back off; I might go after them seeking revenge for that and other attacks and go too far. I might also go after the wrong target, which could cause all kinds of problems as well as maybe getting me charged with a crime (unauthorized access + damage to a system).
Again, I believe forced compliance with The Cyber Privateer Code would mitigate the above concerns. How about her start-a-cyber-war concern?
If I’m acting on my own, that could be a cybercrime and the North Koreans could ask the U.S. government to extradite me so I could be prosecuted in North Korea. If I’m doing in on behalf of the United States, does that transform my conduct into something more . . . into an act of war, perhaps?
Acting within the contest of my above-referenced Cyber Privateer Code, no bonding authority would authorize a foray into cyber space without specific conditions being met by the licensed and bonded cyber privateer, who is indeed in it for the money (something to which Professor Brenner takes issue):
If we were to decide to use cyber-letters of marque and reprisal, I’m not at all sure we should incorporate the “use this power to enrich yourself” aspect of the old letters. I’m quite sure people could use the cyber-letters to enrich themselves by hacking into criminal systems and taking whatever could be sold or redeemed for profit. I’m just not sure it’s a good idea;  
While I am not totally sure myself whether or not cyber privateering is "…a good idea…", it's the best idea I've seen so far. It will not be a drain on the taxpayer. Quite the contrary, it will be a revenue source for not only the government, but major insurance institutions looking for a new product: Privateer Liability Insurance. And as to her concern about "who is fair game," I cover that in The Cyber Privateer Code.

The one concern raised by Professor Brenner that I can't easily dismiss is that of reprisal by the criminal entity:
If we were to authorize cyber-privateers to deal with cybercriminals, it seems to me we’d be opening up the possibility of essentially reversing that dynamic: I’m assuming that the cyber-privateers would be representatives of legitimate U.S. businesses and other entities who are going after online criminals as redress (reprisal) for prior attacks on them or on other U.S. businesses or entities. If I’m correct in assuming that, then it seems to me our cyber-privateers could make the entities they work for sitting ducks.
I can envision scenarios where "corporate America" might not want to risk reprisal on company officers and their families. However, I'm willing to let "the market" determine those dynamics. And certainly, a cyber privateering organization could well be under contract to the Justice Department to act in behalf of the United States government.

Susan Brenner has taken a professional and thoughtful approach to these issues, and I suspect she'd be asked to testify in any congressional hearings concerned with legalizing cyber privateers. But within the context of the above discussion, here is my (jailhouse lawyer) enumeration of the legal issues.

  1. Article I § 8 of the U.S. Constitution gives Congress the “Power To . . . grant Letters of Marque and Reprisal”.
  2. Like The Monroe Doctrine drew a line in the sand, it is imperative that a similar approach alert the world that a new policy is in force. Hence the name of this blog: The Morgan Doctrine.
  3. There is a common law precedent for defending your home/business against intruders.
  4. Among other legal precedents, Judge Waddoups (referenced above) ruled that it is illegal to present yourself in cyberspace as someone you are not, with credentials that you do not legitimately possess. 
  5. The rules of "hot pursuit" could be applied to going after criminals on their home turf, although the 1917 US pursuit of Pancho Villa into Mexico and the 1960 Israeli capture and kidnapping of Adolf Eichman in Argentina are questioned as violations of international law. That's why "The Morgan Doctrine" needs to be unambiguously articulated by whichever government issues it.
  6. The Cyber Privateer Code linked with a bonding authority will mitigate the financial and legal risks of the cyber privateer.
As I said above, I'm not totally convinced cyber privateering is a good idea. But it's the best one I've been able to come up with to address cyber crime and rogue governments. You have a better one?