Thursday, October 31, 2013

Hacking The World Banking System. Nobel Prize in Economics for Scott Smith?

Scott Smith, author of the most insightful book ever written on our modern economy, should at this very moment be standing in front of his mirror and reciting thoughts similar to those voiced by George C. Scott in the movie Patton:
"The last great opportunity of a lifetime—an entire world a war, and I'm left out of it? God will not permit this to happen! I will be allowed to fulfill my destiny!"
Long ago, another author named Smith wrote a seminal economic book: Wealth of Nations. That would be Adam Smith, of course. Scott Smith's new book "Boom!" eclipses Adam's in every way (click here to buy the book). Scott is a genius and an early pioneer of structured finance on Wall Street, co-founder of two nationally acclaimed charter schools, and over half a dozen companies in the fields of technology, finance, education and agriculture. In a mere 100 pages and for the meager price of $14.95, Scott opens up a giant can of whupp-ass by completely and unambiguously hacking the world banking system. End of debate.

In a perfect world, Scott should win the Nobel Prize in Economics.

Of course, in a perfect world, Scott would have taken my advice and called his book The Real Wealth of Nations by Scott Smith (acolyte of Adam Smith) and his website (which he did reserve but never enabled) would be ZeroDDT.com. 


"ZeroDDT" stands for Zero Deficit, Zero Debt, and Zero Taxes.



That's right. Scott shows how our financial system could be HACKED to produce an economy in which there is no deficit spending, do national debt, and not a stinking penny of income tax.  I tried to convince Scott that he should openly campaign to be the next head of the Federal Reserve, where he could oversee the hacking and keep everybody honest.

Then again, in a perfect world the U.S. Congress would be issuing Letter of Marquee and Reprisal to licensed and bonded cyber privateers.

It's not a perfect world. But just maybe Scott can get himself a Nobel Prize. 

Stay tuned. 

Tuesday, October 29, 2013

Key to Stealth with The Perfect Virus: The Supply Chain

If you want to undetectably infect the known cyber world, the key is the supply chain. Hence my reluctance, along with the U.S. Government, to buy stuff from Chinese-based companies like Huawei. Alas, my deep-dive security guru Brian Krebs has sent chills running up and down my spine since his revelations about the Adobe security breach (see today's article here). His headine: "Adobe Breach Impacted At Least 38 Million Users." You see, if it weren't for Adobe products, I'd probably be robbing liquor stores for a living.

No, it isn't the theft of credit card information or user names that has freaked me worse than a bunch of super-fast zombies racing up the mountain to my pirate cottage. It's the theft of Adobe source code and the likely misdirection of Adobe attention to their 38 million active users and away from their source code management system. The biggest coup for hackers and rogue governments would be slipping malware into the Adobe Acrobat Reader.

Yegads man! The very thought of it makes me shiver like a virgin at the Playboy Mansion. Sooner than later, somebody is going to lace my ginger ale with GHB and I'm going to wake up in bed with some troglodyte asking, "Was that good for you?" Sweet mother of pearl, the reason I don't have to get in a suit and go to meetings all over the world is that I send guerrilla warfare campaigns to my clients as PDF files!

Yo, Adobe. Please make protection of your software release management system the top priority. And please consider putting a couple million dollars as a bounty for finding and, er, punishing the culprits. A little creative accounting and only the vaguest suggestion defining the word "punish" should do the trick. That way, you'll have plausible deniability when ears, fingers, and other terribly crucial organs start appearing in iced FedEx boxes on your doorstep.

Otherwise, I'm going to have to start casing liquor stores. Hey, maybe Mothers Against Drunk Driving (MADD) would give me a stipend?

Saturday, October 26, 2013

Blackberry BUZZ: Sculley or Lenovo (and the prayers of HP and Larry Ellison)?

Data exhaust from Quantum Leap BUZZ (see my BUZZ article from two-and-a-half years ago here): Former Apple CEO Sculley is rumored to be considering a Blackberry bid (see Reuters story here). And the Twitterverse is also abuzz with reports that Lenovo is considering the acquisition (see Time Magazine story here). FYI, White House correspondent Peter Baker's tweet about the New York Times story does a pretty good Net-Net of the Lenovo option (see the October 25th story here): Lenovo's likely ties to Chinese spying would kill Blackberry [my reading between the lines of David Sanger's story]. Not only would President Obama have to give up his treasured Blackberry (from Baker's tweet), but global attention would be focused as never before on China's "roaching" the technology supply chain. My own BUZZ prediction:

If Lenovo buys Blackberry, not only would it kill Blackberry, but Lenovo sales would tank due to increased public awareness of Chinese spying. Which means that the PC execs at HP are probably getting on their dimpled knees every morning and every night and offering a Ricky Bobby prayer to "Baby Jesus" that the Lenovo acquisition will go through so they can regain world leadership in PC sales (and Larry Ellison is probably praying that HP will do something dumb, like buying Blackberry).

I'd personally like to see Sculley put together the deal. Why?

  1. Even though my new Android (Samsung Galaxy S4) is far superior to my old iPhones (don't get me wrong, my wife will ALWAYS have the latest iPhone), I'd prefer a less open supply chain for my smartphone operating system, for security purposes.
  2. Naturally, Mr. Sculley would have to make sure certain key features existed on my new Blackberry (I'll keep those secret for now). And finally,
  3. I'd prefer AT&T as a vendor, since I've had very good luck with them as a cellular provider over the years.
We'll see if either one of the above scenarios plays out.

Friday, October 25, 2013

Morgan Rapier: "Who you gonna' believe, Huawei or your lying eyes?"

Morgan Rapier, the hero of Daddy's Little Felons, would have this to say about Huawei's latest pronouncements on security:
Once again, Huawei missed out on a chance to set itself apart from NSA spying and the complicity of U.S. software companies in aiding and abetting those activities. The UK Register reported on October 19th (read the story here) that Huawei published a white paper calling for "…globally backed, verifiable security standards…" :
"Among the global vendors, the spotlight has been on Huawei more than anyone else, because we are quite unique being a Chinese-headquartered business. And therefore we have to go the extra mile when it comes to security, and we are pleased to go the extra mile. But there's no point in Huawei improving its security on its own if nobody else in the ecosystem improves their security," he concluded. 
Two-and-a-half years ago, a solution to your world-wide image problems was proposed in these very pages (see the story here). It was proposed that you put $1 million in escrow with a trusted third party to whom you would have given the right to make disbursement if anyone discovers any kind of back door or trap door in your offerings. You say you are not a secret arm of the Chinese government? Prove it.
U.S. cloud vendors are on their heels around the world. Major U.S. software companies like Microsoft and Google are acknowledged suppliers of intelligence to the NSA. Our own government has come right out and said you, Huawei, spies for China (see story here). Instead of issuing that inane white paper, you could have "bearded the lion in his own den" once and for all.
That fact that you did NOT take a more aggressive stand is proof positive that you are indeed spying for China. Paraphrasing Richard Prior's use of a thought originally coined by the Marx Brothers, as if he were talking to the worldwide computer industry about you: 
"Who you gonna' believe, Huawei or your lying eyes?"

Thursday, October 24, 2013

If Larry Ellison Were Head of the NSA and Testifying About German Chancellor Merkel

I'd like to take another flight of fancy, and imagine Larry Ellison as head of the NSA, testifying before the Senate Intelligence Committee. I suspect Larry would take a scene out of the movie Clear and Present Danger. If you'll remember, the president's advisors were telling him to distance himself from a big campaign contributor who turned out to be a drug smuggler and was killed on his boat, along with his family. Jack Ryan advised that when the press asked the president if he and this newly discovered criminal were friends, to say, “No, we were good friends.” If asked if they were good friends, the response should be “No, we were lifelong friends.” Ryan’s point was simple:  “Give the press no place to go.” I don't believe Larry would give the press, or the United States Senate, any place to go.

SENATOR: Mr. Ellison, as you know the Wall Street Journal reported on October 24th (see story here) that the German Government had summoned our ambassador to discuss allegations that the U.S. was monitoring Chancellor Angela Merkel's cellphone. Is there merit in these allegations?

ELLISON: Yes.

SENATOR: I beg your pardon…did you answer in the affirmative?

ELLISON: Yes Senator, I answered in the affirmative.

SENATOR: [gasping and stuttering are omitted from this transcript] Mister Chairman, I suggest we immediately close this hearing to the public and clear the room of reporters.

ELLISON: [before the committee chairman had a chance to rule] Not so fast on that ruling. It should be no secret that the NSA does extensive monitoring of all communications worldwide. This includes cellphone and email traffic. Our monitoring is totally automated, however, and we don't have an army of digital "peeping Tom" voyeurs listening in on private conversations. Our systems index keywords against which our evolving Artificial Intelligence, or A.I., technology looks for patterns.

SENATOR: When you say "extensive monitoring" of communications…

ELLISON: [interrupting] Senator, we get pretty much all of it.

[The chairman had to gavel down the uproar in the gallery]

SENATOR: All of it? You're referring to email?

ELLISON: No Senator, I'm referring to every email and every cellphone call made on the planet, along with facial recognition from every public and private surveillance camera.

SENATOR: [explicative deleted], Joseph and Mary. Does this include French President Francois Hollande, too?

ELLISON: Yes sir.

SENATOR: I…just…don't know what to say.

ELLISON: I can assure you we have no interest in, hypothetically, the French President's conversations with his mistresses. If, however, several keywords from his and other conversations around the world suggest an impending clear and present danger to the United States or its citizens, these will be correlated into a threat assessment document which is then forwarded to the Director of Central Intelligence, or DCI, the head of Homeland Security, and to the President's National Security Advisor. Our A.I. systems bypass a good deal of bureaucracy, thereby protecting the privacy and personal lives of heads of state around the world.

SENATOR: But…but…you just invaded the French President's privacy by implying he had mistresses.

ELLISON: I never said such a thing. It was a hypothetical example. [Ellison takes a moment to look at a message on his cellphone]. By the way, Senator, your own mistress just texted you that she's maxed out her credit card in a department store and needs…[the CSPAN feed was cut just after the Senator leapt over the divider at Mr. Ellison and before Larry could say, "Just joking, Senator."].

Wednesday, October 23, 2013

Data Exhaust Prediction: Going After Mike Lee is John Huntsman's "Plan B" For a Run on the Presidency

John Huntsman, Jr. really REALLY wants to be president. Question is, does he do it in 2016 or wait until 2020 and run as a United States Senator where, if he loses, he doesn't give up his Senate seat? Enter Mike Lee, a Tea Party superstar who has the Utah power elite dog piling on him over his high profile in the shutdown. My super-secret social analytics engine fired off a whole bunch of warnings for me today as the "Twitterverse" hit critical mass with a Huntsman quote in the Washington Post (read the story here). Putting his own ideological spin on his home state and voter sentiment here, the former Utah governor and Obama's ambassador to China is quoted as opining about Senator Lee:
“You don’t have ideological wack-jobs,” Huntsman said.
Huntsman has the war chest and state-wide recognition to unseat Lee for the nomination in 2016. I predict this is his "Plan B" if a direct run at the White House doesn't look doable.

Speaking about "wack-jobs" though, the Washington Post managed to interview quite a few of them for their hatchet job on Mike Lee. My advice to Senator Lee is not to take this lying down.

Monday, October 14, 2013

Marc Benioff's Possible 2016 Senate Testimony

Marc Benioff is the second nominee for my Cyber Privateer Fantasy League team (see his 11/8/2010 nomination here). Oracle's Larry Ellison sends his X-wing fighters into cyberspace to fight against the forces of evil, while Benioff makes a stand with one big fat target I call the Salesforce "Death Star." Actually protecting one entity against cyber incursions may be much more efficient from a security standpoint, since just one service has complete control over security compliance and software upgrades. Compare this with with the problem of protecting every single Oracle (and Java) customer in the Universe. Following is a little fun, a kind of Einsteinian "thought experiment" on a possible future scenario. Imagine Mr. Benioff publicly testifying before an open session of the Select Senate Intelligence Committee.

SENATOR:  Thank you Mr. Benioff for taking the time to be with us today.

BENIOFF: Like I had a choice.

SENATOR: [Unintelligible whisper from an aide.] Please, Mr Benioff, this does not need to be a confrontational hearing. In exchange for your unambiguous and truthful testimony, you've been granted transactional immunity. This means that nothing you say here today can be used against you or your firm, even if other law enforcement organizations independently obtain evidence of criminal wrongdoing.

BENIOFF: I just made a statement of fact. I intend no disrespect to this body.

SENATOR: [Clearing his throat.] Thank you for clarifying that. Now, Mr. Benioff, the purpose of this hearing is to dig into a Wall Street Journal story of Friday, April 1st, 2016 which reported that your company, Salesforce-dot-com, is the only major cloud computing entity in the world that has had no security breaches. Is it correct to assume that this story is no April Fool's joke and that you indeed have no security breaches to report to your stockholders or to the government organizations responsible for overseeing President Obama's executive order setting up voluntary best practices for the industry?

BENIOFF: I can assure you, Senator, that this is no April Fool's story. We have no security breaches to report for all of 2015 and thus far into 2016.

SENATOR: How do you explain this, given the recent heavy losses reported by every industry sector, major technology company, and our banking infrastructure itself?

BENIOFF: We have contracted all corporate cyber security with an offshore entity called CyberPrivateer-dot-com.

SENATOR: Given that the United States of America spends billions of dollars on cyber security, I find it odd that you firm has no line item in your financial reporting indicating expenses related to your own cyber security. According to the president's executive order, you are required to report costs of compliance, whether or not you are following the recommended best practices. Why is it, Mr. Benioff, that you have no such line item in your 10K and 10Q reports to the Securities and Exchange Commission?

BENIOFF: Senator, that's because we don't pay any money for our security. It's free from our supplier.

SENATOR: [An aide slaps the senator on the back to help overcoming a coughing fit.] I beg your pardon! Do you mean to tell me your unprecedentedly effective cyber security is not costing you a penny? Come now, Mr. Benioff!

BENIOFF: Truly Senator. And I understand that my blanket immunity in this proceeding is null and void if I perjure myself. Let me assure you, we do not pay a cent to the organization who provides our security.

SENATOR: How in the name of [explicatives deleted] and Mary does this entity make money?

BENIOFF: They simply insisted on two conditions. First, we provide them with peer-to-peer access to our servers and the error logs intruders trigger when they attempt to violate Salesforce-dot-com secutiy. Secondly, all our customers have agreed to terms and conditions of usage whereby they hold Salesforce-dot-com harmless no matter what our third-party security firm does to recover losses incurred by them due to activity of cyber thieves.

SENATOR: I still don't understand how your security firm, I believe you called them CyberPrivateer-dot-com, makes money.

BENIOFF: Oh, that's simple, Senator. Obeying a strictly enforced cyber privateer code, what you'd call rules of engagement, they loot the assets of any organization or individual foolish enough to try and penetrate our systems. Those looted assets more than pay our customers for financial losses due to cyber criminal activity.

[An active discussion takes place between multiple senators, some of which is critical to the foul language coming from the questioning senator.]

SENATOR: [Now under emotional control.] What if the penetration activity is initiated by a government entity?

BENIOFF: [Laughing his "got'cha" laugh] Well sir, in the case of our own NSA, for whom we have refused to install back doors into our systems and for whose actions we elect not to confiscate financial assets of the United States of America, our security firm just counterattacks with computer virus modules that causes the attacking computers to melt down. This may be the reason your Utah Cyberwar facility has had such serious fire and power problems.

SENATOR: [To his fellow senators.] I TOLD you they were responsible for our NSA troubles. [Turning to Benioff.] You're going [expletives deleted] to jail for this!

BENIOFF: I believe not, since my company, our contractors, and I have blanket immunity in my testimony today.

[This rest of this testimony classified as ULTRA TOP SECRET.]

Wednesday, October 9, 2013

Morgan Rapier: "The Only People Who DIDN'T Know About PRISM Were U.S. Voters"

The previous assertion (read it here), that the only people who DIDN'T know about NSA spying were U.S. voters, was reinforced by yesterdays UK Register story (read it here) how the Australian government knew about PRISM as early as 2007. Certainly, all the major  "state players" (read that as governments around the world) knew what we were up to. America really ought to hold itself to a higher standard, which means a publicly articulated cyber doctrine of overwhelmingly disproportionate response to cyber intrusion—The Morgan Doctrine—is the high-ground alternative to a PRISM police state. Yes, as Larry Ellison told Steve Jobs, "That moral high ground is expensive real estate."

Sincerely,

Morgan Rapier

Tuesday, October 8, 2013

"Cyber Kill Chain" Nonsense

What a cool title for a cyber security policy: Cyber Kill Chain. Man, that sounds tough. Data exhaust from a good spin doctor at the top of his game. Today's Computerworld article explains this intriguingly named philosophy of cyber security (see the article here). Wow, talk about putting lipstick on a pig of an idea! Let me be unambiguous in my review of this policy:
Cyber security without the threat of instant and disproportionate response is just plain stupid.
This message is respectfully brought to you by Morgan Rapier.

Monday, October 7, 2013

Jeff Walker Could Have Saved The Health-Care Website

Today's WSJ front-page headline is "Software, Design Defects Cripple Health-Care Website" (see story here). Almost three years ago, I nominated Jeff Walker to be the #3 man on my Cyber Privateer Fantasy League (see the nomination here). The key paragraph in the piece follows:
Jeff wrote a seminal document called The Principles of the Perfect Application, in which he enumerated twenty-two concepts that no application has ever achieved (not even his TenFold platform). While doing research for a sequel novel (all of us ad guys are really closet novelists), I reviewed his document. It slowly dawned on me that with the addition of very few new principles, Jeff had created a platform for the Ultimate Virus. I also think it would be the Ultimate Cyber Privateer Toolkit.
Jeff's original 22 principles for the perfect application remains the most brilliant treatise on creating major applications that run perfectly right out of the box. Design defects are an impossibility. Nobody else has ever come even close to articulating his application development architecture, let alone implementing it. Today, there are a handful of companies who use Jeff's technology to seriously consternate anybody trying to compete with them (England Trucking, Devon Way, and Remedy Informatics to name just three). Remedy Informatics in particular could have developed and fielded a scalable/bullet-proof health-care website without even breathing hard. Clearly though, they weren't wired into the "Beltway Bandit" procurement network that has a lock on selling $1,000 toilet seats to the U.S. government.

It is Jeff Walker to whom I owe the insight and inspiration for the 22 Principles of the Perfect Virus (see them all here). Gary Kennedy, former president of Oracle and CEO of Jeff Walker's TenFold, could have made the difference here. Unfortunately, the 9/11 destruction of the Twin Towers obliterated TenFold's two largest customers and sent the company into an unrecoverable tail spin. Jeff and Gary, both independently wealthy from their days at Oracle and both off doing their own things now, could have made a difference, not only in the implementation of healthcare, but in every other cybernetic domain on the planet. That they didn't remains one of the great ironies of my life.

Taman Shud.

Friday, October 4, 2013

JOSEPH from SPAIN Working on Part K4 of the CIA Kriptos Sculpture


In a seriously clever bit of detective work, JOSEPH from SPAIN (see how he made monkeys out of the FBI decrypting the Ricky McCormick code here) has done another tour de force by just possibly backing into the last mysterious piece of the Kriptos sculpture outside the CIA headquarters in Langley, VA (see his proposed solution here). Is he correct? I can't wait to see.