Thursday, September 27, 2012

Who has "Black Box Virus Portability?"

Today's New York Times article—Cyberwarfare Emerges From Shadows for Public Discussion by U.S. Officials (read it here)—seems to have done a credible job summarizing a growing public discussion about government involvement in cyberwarfare. The problem however, is the underlying assumption that only government-level resources are fit to play this game. From the only intelligent individual quoted in the article:
Matthew Waxman, a law professor at Columbia and former Defense Department official, said speaking openly about cyberwarfare policy was important because it allowed the United States to make clear its intentions on a novel and fast-emerging form of conflict.
Professor Waxman essentially makes my point about a publicly stated "DOCTRINE" for cyberwar. Unfortunatey, in the context of the current governments-only mindset, this translates to playing with our hands tied behind our backs. Whereas licensed and bonded cyber privateers operating under strict government authority would be the only viable answer.

Which brings me to my question of the day: Who has "Black Box Virus Portability?" As I have stated in my 22 Principles for the Perfect Virus (see here),  the HOLY GRAIL of the Perfect Virus is Principle #7 (see here, upon which I articulated almost two years ago), BLACK BOX PORTABILITY. Because it DEFINITELY DOES take government-level resources to build an alien architecture that's immune to "grokking" by technology that assumes it knows what it is going up against). So my budding cyber privateers, does anyone have black box portability?

My answer: "No government has it." To be sure, at least two governments probably DO HAVE black box architectures engineered for Cyber Armageddon (the U.S. and China), but I don't believe they've cracked the Piers Anthony Macroscope code to infiltrating another black box. I also believe that they are "sniffing" for black boxes in the wild, because they'd be crazy not to. Finally, the odds are non-trivial that at least one private party HAS achieved black box virus portability. Further, I'm betting that this party is hiding in plain sight and (hopefully) has altruistic motives. Maybe like riding in on a big white cyberhorse and stopping the inevitable all-out cyberwar cold.

I know. I'm such an optimistic sucker.

Tuesday, September 18, 2012

NY Times Op-Ed on Cyberwar is Quite Humorous

I got quite a knee-slapper this morning from my Quantum Leap Buzz "data exhaust sniffer" (get your own by clicking here) when I got a message equating cyberwarfare with the nuclear arms race. A New York Times Op-Ed piece (see here) actually suggests the nuclear metaphor. My problem with that logic is that nuclear weapons development (as the Iranians are proving) is no small task. Compare that with cyberwarfare, where a single brilliant individual with a laptop, a power source, and a satellite phone can bring the world to its knees from a cave in some third-world country. The final quote from this contestant in the 2012 Intellectual Special Olympics gave me two laughs for the price of one:
Cyberwarfare is not to be entered into lightly, and governments need to be more open about their capabilities. Disclosure is imperative to prevent attacks that may cost lives and potentially snowball into major global conflicts.
Translated: "My little security firm in Finland is way behind the curve, and I'd sure like someone to tell us where all that cool stuff is coming from and who has a corner on the zero-day exploit market."

Thursday, September 6, 2012

The "Ultimate Cyber Privateer Platform"

Back in January of 2011 (read here) and again in March of that year (read here), I declared Android to be the ultimate cyber privateer smart phone. I now update that based on today's Network World article (read here): Android is the ultimate cyber privateer platform. Sure, it's also the most popular malware target these days, but that's because it's open and easily programmed. Nevertheless, to cyber privateers, your handy dandy Android is a portable war machine of immeasurable power. Crank up The Perfect Virus (outlined here) and consider the possibilities:

  1. Take a tour of the White House and wirelessly install malware on every computer within Wi-Fi/Bluetooth range. Heck, you might even get the nuke codes from the president's "football."
  2. Tour our local power utility and drop cyber bombs into SCADA devices.
  3. Wardrive around the ritzy neighborhoods and capture passwords and contact lists from every Wi-Fi system dumb enough to broadcast their SSIDs.
  4. Walk the halls of any major NYC office building and do major corporate espionage.
  5. Ditto for the halls of Wall Street merger/acquisition firms, so you can get insider information for upcoming deals.
In short, the Android smart phone is a cyber privateer's best friend. Naturally, it is also the cyber criminal's best friend, which explains why so much malware development is now focused on the Android platform.

Too bad our current cybercrime laws make it impossible to do a "reconnaissance in force" whenever such a device "tickles" one of our systems.