Thursday, February 28, 2013

A Defense That Makes Sense: mokafive

Yes, I've railed persistently on the dangers of playing a defense-only game. But in this BYOD world, when I see former BigFix CEO Dave Robbins join a new Silicon Valley company after selling his previous company to IBM, I take notice. Plus he's putting his team back together with marketing superstars like David Appelbaum. And just so you don't have disclosure heartburn (I believe disclosure beats discovery any day), I do not have a business relationship with these guys. Their approach—BYOD with no VPN to worry about—is simply brilliant. And it's bulletproof. Keep your eyes on mokafive (

Friday, February 22, 2013 Hacked. What, No Bounty? (and "some of it's other websites") was hacked and served up bank-heist malware (see Computerworld story here). The major media has been a bit slow reporting this story. Seems like NBC should have been out front on this. Too bad cybercrime laws forbid them from putting a bounty on finding and publicly punishing the culprits. Judas Priest! I wonder if the American Idol app I downloaded from FOX has enabled some Ukrainians to empty my bank account as I'm writing this.

[moments later]

Hey, so far, so good. Although somewhere, somehow, someone lifted my AmEx data and tried to go shopping. Luckily, AmEx called me within hours to let me know they were canceling the card and replacing it overnight. I've had AmEx for almost 40 years and really appreciate their attention to my viability.

Wednesday, February 20, 2013

Alltime Most Popular Cyber Privateering Articles

Since I started this project in October 2010, I never cease to be amazed at the things that strike a responsive chord with my readers. Following are the top-10 most-read articles. I consider this "data exhaust" meaningful, since my readership is over 50,000. You can click on each link to read the individual story:
Not a surprising ranking, given that the whole purpose of this project is to look at monetizing world-wide Internet security. Yes, there is a substantial upside, but also substantial risks.

Something about cyber privateering and my cyber privateer code struck a responsive chord in Japan.

Confession: I've thoroughly enjoyed meeting JOSEPH from SPAIN and chronicling his public bitch-slapping of the FBI's "best & brightest" cyber talent. 

 My late friend Frank Herbert (who wrote Dune) nailed the reality of today's battleground. Unfortunately, not a single politician gets it. Yet.

I just added a comment to this post. With some lone Iranian taking responsibility for the RSA hack, it is now almost certain that China was the culprit (see the New York Times story here) and that the Iranian boast was just hollow chest thumping. Or more likey, the "Iranian boast" was misdirection and written by a clever Chinese cyberwarrior.

My indictment of "playing defense only" got a little personal. If the premier domain registry can't protect themselves, then what chance do any of the rest of us have?

All 22 Principles for Creating The Perfect Virus are high on the list. My one intellectual contribution to the technology of cyber privateering are those principles, which you can see in their entirety here. There are two more principles on which I have not opined in this project, but which form the majority of my first novel, Destroying Angel (see if you want to buy a copy). I'm thinking about updating it and issuing an ebook edition, complete with hyperlinks to my 22 principles.

The U.K. Register made a foolish move in an attempt to turn the Anonymous and LulzSec anarchists into a news source. Evidently, this caught the attention of…Anonymous and LulzSec. I sure would like someone to share with me the behind-the-scenes fallout.

I suspect that most of the people following my 1-800CONTACTS analysis are attorneys involved in the case. Sometime ago, I was talking to Federal Judge Clark Waddoups, who wrote this ruling, and he indicated that 1-800CONTACTS is not letting this decision die. Not only have they asked him to reconsider his opinion, but I believe they are appealing. I don't know what it is about these guys, but they must have been toilet trained at gunpoint and are spending the rest of their lives compensating for that trauma. This story is not over, and for all our sakes I hope they do not prevail.

My second-most-amazing intellectual feat (yes, I'm a legend in my own mind) is that my Cyber Privateer Code (I reserved the domain which you can see here) has not required subsequent drafts. I intended Draft 01 as a starting point only.  But it's held up for almost two-and-a-half years. I'd really appreciate some editorial comment and suggestions for improvement.

So thank you one and all for your eyeballs. The above "data exhaust" combines with geographic readership and traffic sources (referring URLs, referring sites, and search keywords) to give me an interesting perspective on the global cyberwar "DEFCON" level. I think we're very close to DEFCON 1. Stay tuned.

Monday, February 18, 2013

Absolute Proof that The Morgan Doctrine Would Work

For nearly two-and-one-half years I've been wrestling with the ultimate justification that licensed and bonded cyber privateers could stem the tide of bad Internet behavior by both individuals and governments. I now present that justification, absolute proof that The Morgan Doctrine and adherence to the Cyber Privateer Code (see would make the Internet virtually rascal free. This one Forbes headline (see story here) from November 2, 2011 says it all:

Anonymous Seen Backing Down From Drug-Cartel Attack

Net net: Even "…the world's first, truly ball-breaking cyber vigilantes…" are thinking twice about attacking somone who can really come and get them. Yep cyber privateering fans, deterrence works.

Early in my cyber privateering odyssey, I wrote about high-reward/high-risk privaeering analytics (see story here).  I know the story hit home, because this posting from October 20, 2010 is in my top-ten all-time most-read stories. Over 78% of the Revolutionary War licensed and bonded privateers were killed or captured. That probably dampened the enthusiasm of would-be cyber privateers, especially ones who realized that bad guys—be they Russian mobs or rogue governments—don't play by the rules. I summed it up in the last sentence of my penultimate paragraph:
Will we find body parts from that privateer, along with those from friends and family, strewn in various public places?
But let's look at that glass of pus as half empty, rather than half full. The existence of well-funded and fully legal mercenaries would be a tremendous deterrent to all but the most ardent adventurers. And the first billion-dollar cyber privateer bank bounty would even put a check in China's golf swing.

Happy Presidents Day.

Friday, February 15, 2013

The Question Everyone's Afraid to Ask

Today's Network World headline (see the story here) asks: "Executive Order on Cybersecurity: Will It Spark Further Activity?" ESG surveyed 244 security professionals who work in organizations of over 1,000 employees. Too bad they didn't have guts enough to ask whether or not they agreed with the most important question. I commented on the article with the following:
Here's the survey question I'd dearly like to see answered by those 244 security professionals:  "When is Congress and the administration going to take off the kid gloves and really let us defend ourselves with aggressive countermeasures?" This is a precursor to The Morgan Doctrine.
Gosh, I'd love to see a major news organization with guts enough to report on reaction to the above question.

Wednesday, February 13, 2013

To Ukraine, With Love

Of The Morgan Doctrine's 50,000+ fans, outside the United States the next most frequent visitors are from Ukraine. Here's the all-time top-10 list since I started The Morgan Doctrine back in 2010:
1.   United States

2.   Ukraine

3.   France

4.   United Kingdom

5.   China

6.   Germany

7.   Russia

8.   India

9.   Singapore

10. Canada
As a nod to my Ukranian readers, I have an observation, and then a question.

First, the observation. You and some of your Russian (#7 rank) buddies seem to be doing a booming business looting bank accounts around the world. Don't get me wrong. This is not an indictment and shouldn't be taken negatively. I just want to acknowledge your skills. And I want to implore you to "use this power for good." Which comes to my question.

Right now, the biggest threat to world peace (and Internet life as we know it) is China. Those guys are serious about world domination, and cyberwar technology is one of their top investments (use the search feature on the left to see my documentation of their misconduct). My question: Why aren't you going after the BIG money and looting Chinese financial assets around the world?

Mind you, I'm not suggesting you do this. But I'm wondering why you haven't?

I pose the above question…to Ukraine, with love.

Tuesday, February 12, 2013

How DOE Should Spend Their $20 Million

Read today's Network World story on how the DOE is going to spend $20 million on advanced cybersecurity tools (see story here) to protect (defend) our energy supply. Then consider an alternate scenario: DOE should offer a $10 million bounty on any cyber privateer who can loot the attackers of our energy supply (ie; China), and further offer to split that loot 50/50 with said cyber privateer. The other $10 million of the DOE's $20 million budget would be for legal defense of the looting. In the final analysis, not only will the DOE end up keeping their $20 million, but they could make a good deal more, making this a "self-liquidating" project.

Or DOE could stay the course, continue just playing defense, and watch all the worst parts of the Bible come true.


Wednesday, February 6, 2013

Why M.A.D. Will Not Work as a Cyberwar Deterrent

The reason M.A.D. (Mutually Assured Destruction) worked in the nuclear arms race was that it took government-level resources to play in the game. M.A.D. will not work in the cyberwar arena because anybody can enter the battlefield. Anybody! All they need is a brilliant mind and computer equipment that costs less than a Yugo.

My friend, the late science fiction author Frank Hebert, saw this clearly (see my post here). Simply, when any whacko can muster the technology destroy civilization as we know it (see my post on "Plan B" scenarios), paraphrasing one of my favorite lines from the movie Armageddon, "All the worst parts of the Bible could easily come to pass."

So to my conspiracy theorist genius friend JOSEPH from Spain, who embarrassed the FBI's best and brightest (see my post here), you may have the right outcome for all the wrong reasons.

In fact, I don't even have to sell ANYONE, in ANY GOVERNMENT, ANYWHERE on creating a bonding authority to back licensed cyber privateers. Because they will emerge naturally, as "data exhaust" from today's Computerworld story shows (see story here). The headline reads, "Security-as-a-service gaining popularity."

Such above-mentioned security services will be in geometrically increasing demand as "F--- The World" anarchists decide to focus their brain power on a real way to…FTW.


Monday, February 4, 2013

Cyberwar "Rules of Engagement" to be Kept Secret

Today's New York Times Story (see it here) reports that the the "…rules for how the military can defend, or retaliate, against a major cyberattack…" will be "highly classified." To a certain extent, keeping our retaliation methods secret makes sense, since we don't want the enemy to know our capabilities. However, the only people from whom we're keeping our "provocation threshold" secret are the voters. Our diplomatic forces are jolly well letting governments around the world know where we draw the line. Which means we just don't want the American voter to know how lame our escalation strategy truly is. Or…am I missing something here?