Thursday, December 25, 2014

1800CONTACTS Gets Trumped By An Eagle Scout

First 1800CONTACTS tried to hijack the Internet, and got put down by Federal Court Judge Clark Waddoups (see my story here). They appealed, and the appeals court whacked them hard for their insufferable greed (see the story here).  Then on Tuesday this week, 1800Contacts got some big-time publicity on ABC's local news station by giving a whopping $7,500 to the Utah Association of Intellectual Disabilities (see the news coverage here). Wow. A whopping $7,500. Nice headlines. Well, this morning, Christmas Morning, without cameras and fanfare, my namesake grandson (Richard H. Bennett, IV) delivered 75 gift packages to the American Fork (Utah) Development Center.
(L to R: Richard H. Bennett, III, Richard H. Bennett, IV, and me-Jr.)

That's 75 packages filled with the specific Santa lists of severely disabled people. I can only speak for two of the packages, since my wife and I shopped for them, but my grandson's Eagle Scout Project should have at least equalled the $7,500 contributed by 1800CONTACTS.

Those guys should have made a donation at least equal to the several hundred thousand dollars they've spent on frivolous litigation. Of course, their choice of charities probably mirrors their own intellectual disabilities. Paraphrasing author Jeff High, "1800CONTACTS' end of the gene pool needs a little more chlorine."

Thursday, December 18, 2014

Prediction: Some GOOD Hackers Broke Into Sony & Sold Access to the NORKs

One of my mantras is that "Creativity cannot exist in a repressive environment." The North Koreans simply don't have the environment to foster decent hackers. Sure, NORK "script kiddies" can launch DDoS attacks on select targets, and they might even hold relatives of South Koreans hostage to lever themselves into media outlets in the South. But to break into to Sony Pictures so thoroughly? Get serious! Any smart cyber brains in the North have their IQs cut in half out of sheer fear of their emotional-pygmy leader. So my serious advice to the FBI is…yup…follow the money and find out who broke into Sony and sold the goodies to the Un-geniuses.

Oh, wait. The FBI is barely qualified to compete in a cyber version of The Special Olympics. And the NSA isn't about to give away their inventory of Zero-day exploits.

So again, Sony, my advice is to CALL THE MOSSAD.

Wednesday, December 17, 2014

Sony Hackers Cost Me H$2 Million in the Last Week

The Interview Featured Image

Of course, the two million was "funny money" in the Hollywood Stock Exchange, a website that gives you two million in funny money to start betting with other investors on how movies are going to do. I parlayed my H$2 million into about H$250 million, and I bet big on the premier of Sony's The Interview. Then the hack hit, and the movie stock went up a bit, before the hackers (I originally thought they were North Korean operatives, but I'm growing more convinced that this was a "false flag operation") threatened terrorist activity in any theaters that played the movie. Regal, AMC and other "major chains" have yanked the movie (see the DEADLINE story here). Talk about drawing people away from going on Christmas or any other Day. Of course, the hackers are costing Sony Entertainment some REAL money. I have some inside information on what really happened with the hack and its aftermath, but I'm not playing the one-upmanship game these days. Suffice it to say, the hackers aren't as clever as the media makes them out to be. They just got lucky.

Which leads me to speculate that this is really a false flag operation. The NORKs and their mental midget Un really aren't that smart. If they were smart, they'd fund their own movie (a comedy) on assassinating President Obama, staring Jackie Chan and Lucy Liu. In fact, a movie about the NORKs making this movie would be a knee-slapper, too.

Alas, I'm letting my money ride on The Interview with the Hollywood Stock Exchange. Even if the movie gets pulled, I'll just lose another H$4 million, which still puts my Hollywood portfolio somewhere around H$280 million. I sure do hope that, even if they pull the movie from theaters, Sony will go to DVD. Because I really would like to see this movie (edited, of course, courtesy of the ClearPlay filtering technology that turns "R" movies into "PG13s").

Friday, December 12, 2014

More Unsolicited Advice to Sony and Japan: Call the Mossad!

The cyber invasion of Sony (definitely a NORK attack, since nobody else on the planet holds Kim Jong Un in anything approaching esteem) prompts me to offer one more in a long string of unsolicited recommendations (enter "Sony" in the search bar to the left for my other postings). Simply, my advice is to CALL THE MOSSAD. The FBI can't find a solution for getting out of a Chinese finger puzzle. The NSA doesn't want to give away anything that might compromise their inventory of zero-day vulnerabilities. Ditto for Homeland Security. So the answer? Call the Israeli Mossad and offer them a blank check the minute they can demonstrate sufficient retaliation and adequate restitution. In fact, to heck with restitution. Give them the blank check AND let them keep any loot from their revenge exploits. I leave it up to you and your government to facilitate the dialogue.

Taman Shud.

Wednesday, December 3, 2014

Unintended Consequences of North Korea Hacking Sony

Unbelievable stupidity on the part of Kim Jong Un's let's-please-the-boss minions when they not only hacked Sony in retaliation for a comedy making fun of said leader, but who are actually being smug about it to press inquiries. This just goes to show that Kim Jong Un is the only world leader whose laughable stupidity—which he uses as a tactical weapon—keeps backfiring all over him. The net result of the hack will be to take a movie that had marginal possibilities for success and making it a Christmas Day blockbuster. As I have said before:
In a world full of emotional pygmies, the patient man is king.
The good news? A team of reasonably competent hackers will probably be executed by a red-faced midget. Merry Un-Christmas to you for doing exactly what you were told.


Tuesday, November 25, 2014

Perfect Virus Score Card: NSA-Brit "Regin" Rains Rancid Reign

In March of this year, I added the Russian "Snake" to my last virus score card (see it here). Thanks to today's New York Times story (read it here) referencing Symantec's paper published Sunday (read it here), following is my best estimate of the new "Regin" virus capability as measured against my criteria for the Perfect Virus (read all 22 Principles of the Perfect Virus here):

The good news? This joint US-British effort appears to be a typical government/state-developed piece of bloat-ware that assumes anything worth stealing can be accessed from a Windows environment. Hence, forget about seamless migration (#5), black box portability (#7), no common denominator (#10), and universalization (#18). Net net, government employees and beltway bandit contractors really aren't the best and brightest.

The bad news, however, continues to snowball:
  1. If you're using Windows in any form, you're basically hosed.
  2. If you attempt any aggressive defense against intruders, you're probably going to get hosed repeatedly by one or more cell mates in prison.
  3. This cyberwar escalation can only prompt Mr. Putin to somehow demonstrate to the world that Russia can trump Regin (heaven forbid the U.S. power grid will be a target on Christmas Eve).
  4. With a formal policy of letting the U.S. "fox" guard the henhouse, there is little hope a modern-day Tony Stark will invoke the U.S. Constitution's Article 1 Section 8 clause to become a licensed/bonded cyber privateer and take a victory lap around the Senate proclaiming, "I have successfully privatized world cyber security!"
  5. You really don't want to be driving a car controlled by a Windows-based computer
Hence, we are the equivalent of Princess Leia in the first Star Wars movie, sending Obi Wan (see the YouTube clip here) an SOS:  "Help us Israel; you're our only hope." 

Yep, Israel—the most attacked country in the world—has nothing to lose and everything to gain by monetizing world-wide Internet security. They could make it extremely risky to attack anybody. Heck, I'd buy a you-hack-me-and-I'll-sic-the-Mossad-on-you insurance policy. Shalom, momma!

Saturday, November 22, 2014

Yo Israel, What's Happening?

I've long contended that Israel would be the ultimate host country for cyber privateering. I even made that premise a major plot element in my novel, Daddy's Little Felons. Imagine my surprise when Web traffic to this blog increased by 1500% last week from Israel alone. This is a piece of "data exhaust" I'll keep my eye on.

In the meantime, anyone interested in the logic behind my assertion that Israel would indeed be the ultimate host for government-sponsored cyber privateering need simply to enter "Israel" in the search box to the left for a curation of my thinking.


Friday, November 21, 2014

Federal judge keeps 1-800CONTACTS from hijacking the Internet

In my opinion, this is the most significant Internet legal ruling of the first decade of the new millennium. (Originally posted December 30, 2010 but inadvertently deleted)

I've been following this case since 2009, and Federal Judge Clark Waddoups' ruling makes for some extremely entertaining reading. All I can say is "Thank Heavens this judge got it right, because he just saved commerce on the Internet." You can see his December 16th ruling by clicking on this link.

Let me put my comments into proper context:
  1. I am not an attorney, so my thoughts are an opinion uninformed by professional legal training.
  2. My original interest in the case had to do with SEO (Search Engine Optimization) practices in which every marketeer engages and which would have been outlawed had the plaintiff won his lawsuit.
  3. This is one of the few federal cases that deals with who-owns-what? on the Internet, which means…
  4. This case directly relates to the legality of anyone attacking and trying to gain access to my servers.
Net net:  In my opinion, 1-800CONTACTS, Inc. tried a "hail mary" legal gambit to take over the Internet as it relates to service marks and the purchase of Google ad words. Specifically, 1-800CONTACTS wanted to prevent LENS.COM from buying "1-800CONTACTS" as a search engine keyword because the sponsored links were likely to cause confusion on the part of the buyer. Luckily for all you guerrilla warriors out there, not to mention Google who stood to see their stock valuation plummet deeper than whale dung, the judge beat 1-800CONTACTS and their legal counsel like the proverbial gong. Such a ruling would have prevented a comany like Sybase from buying the keyword "Oracle" so they could compete with them. Likewise, the OpenOffice product couldn't compete with Microsoft Office by buying various Microsoft-specific keywords, thereby effectively giving Microsoft a monopoly on that space. 

Of course, were the average consumer's intelligence on a par with the O. J. Simpson jury, maybe 1-800CONTACTS might have had a case. Luckily, the judge was considerably more Internet savvy than one might have expected. Which is why I find parts of his 65-page ruling to be knee-slappingly funny. For example:
  1. Between 2003 and 2008, 1-800CONTACTS spent $11 million advertising with Google alone [p.2].  Over the same period of time, LENS.COM spent between $3 million and $4.7 million in Internet advertising [p.3]. LENS.COM used 9 keywords contested by 1-800CONTACTS to generate about 1,626 impressions, 25 clicks, and about $20.51 in profits. That's right. 1-800CONTACTS declared war over $20 in profits. Obviously, this sounded ridiculous even to 1-800CONTACTS, so they pulled in LENS.COM affiliates (of which there were over 10,000 [p.11]. I'll talk about that later.
  2. But dig this. While 1-800CONTACTS went to war over $20 in profits, they engaged in buying "1-800-lenses" and similar keywords which generated 91,768 impressions, 8,477 clicks and about $219,314 in profits [p.8] for them! Hummmm. Same behavior. Reminds me of the schizophrenic line out of Blazing Saddles as Cleavon Little holds a gun to his own head and says, "Drop your weapons or I'll shoot the…[African American]."
  3. Not to be daunted, 1-800CONTACTS admitted that their suit was for more than 1,600 impressions generated by LENS.COM, but for the activities of LENS.COM affiliates. Doing the "click-arithmetic" conversion, even the affiliates "haul" was a pittance [p.13]. 480,000 first impressions and 65,183 second and third impressions generated by the affiliates accounted for 3,515 clicks or (using the $25.51 in profits from 25 clicks metric) approximately $3,586.71 in profits. Okay, you could buy a used Yugo for that kind of dough. Sheesh!
  4. Both law firms engaged in the laughable "Hey-let's-crank-up-the-billable-hours" game as illustrated on page 15 of the ruling: "The following day, Plaintiff's counsel sent a return e-mail thanking Defendant's counsel for discussing the matter with him that morning. He further stated, '[w]e appreciate your client's willingness to work towards an amicable solution on this matter.' He then listed twenty terms and asked defendant and its affiliates to implement negative matching for the specified terms." They probably each billed their clients for the used Yugo based on that one call and associated action items.
  5. [p.16] Since 1-800CONTACTS alleged confusion, they had to prove it. While earlier courts [p.25] concluded that "…use of another's mark 'to trigger internet advertisements for itself,' is a use in commerce…", Judge Waddoups said (in effect), "Get serious!" [p.31] "Plaintiff asserts that whenever a advertisement appears when a consumer enters the search term '1800Contacts,' it is akin to a consumer asking a pharmacist for Advil and the pharmacist handing the consumer Tylenol. This analogy mischaracterizes how search engines function. A more correct analogy is that when a consumer asks a pharmacist for Advil, the pharmacist directs the consumer to an aisle where the consumer is presented with any number of different pain relievers, including Tylenol. If a consumer truly wants Advil, he or she will not be confused by the fact that a bottle of Tylenol is on the shelf next to Advil because of their different appearances." Good job, Judge! You actually understand how the Internet works.
  6. One of the more amusing last-ditch/desperation moves by 1-800CONTACTS was to assert that telephone conversations between attorneys of the opposing sides constituted a binding contract to which LENS.COM did not live up. Judge Waddoups kills this on two grounds. First, such an agreement between competitors makes "…[the court question] whether it would survive an antitrust challenge." [p. 59] But more entertaining, a very astute Judge Waddops reiterated my point 4 above stating that "…Plaintiff appreciated Defendant being willing to work towards an amicable solution…" doesn't sound at all like a contract, nor does it sound like they had "…reached a meeting of the minds." Hear that gong? BONG!
In my opinion, Judge Waddoups has protected the competitive viability of the Internet. While 1-800CONTACTS will probably appeal this ruling, I can't resist relating a war story almost 30 years ago.

MAYBE THIS IS WHAT LENS.COM SHOULD DO:  In 1982, Stratus Computer said Tandem Computers' slogan "NonStop" was pure baloney. Tandem sued Stratus for false advertising. Stratus CEO and founder Bill Foster, an old friend of mine, said to himself, "Gotcha!" and countersued, accusing Tandem of filing a frivolous lawsuit and demanded treble damages. And as part of the discovery process, Stratus asked for disclosure of every one of Tandem's customer service records. Zowie! Both suits evaporated for "undisclosed reasons" and Tandem CEO Jimmy Trebig told a subsequent users group meeting that "NonStop is a goal, not a promise." In my non-attorney opinion (yeah, jailhouse lawyer extraordinaire), the 1-800CONTACTS lawsuit was so shamefully cynical and such calculated bullying, that LENS.COM could well recover all their attorneys' fees and treble damages by going after 1-800CONTACTS. Sure, to prove this assertion they'd have to show some internal emails between 1-800CONTACTS executives and/or marketing/PR consultants laying out the real plan of attack and the real reasons for the lawsuit, but all they need is one whistle blower to slip them an email or two and they'd be off to the races. Not only would this be a great incentive for 1-800CONTACTS to tube any appeal, but the likely out-of-court settlement could possibly pay for LENS.COM's complete Internet advertising budget for the entire history of the company. Having done the "Vulcan mind meld" over six years with Oracle's Larry Ellison, that's what I predict Larry would do. Gee whiz, look at the hundreds of millions he's beating out of SAP right now! But, maybe they're kinder and gentler in Louisiana, Missouri.  

WHAT DOES THIS HAVE TO DO WITH CYBER PRIVATEERING?  Judge Waddoups did indeed affirm that 1-800CONTACTS owned their name that that any attempt to fool the buyer into thinking that he or she was dealing with them when in fact they were dealing with LENS.COM or an affiliate was illegal. Similarly, hackers trying to break into my Linux box by presenting themselves as someone they are not (trying different usernames/passwords) is yea verily illegal. Period. So what's with the US Law that keeps me from kneecapping the hackers? They're clearly breaking US law, and we should articulate and enforce…The Morgan Doctrine. As is written at the end of The Rubaiyat of Omar Khayyam, "Taman Shud." But this isn't "The End." It's just the beginning. Selah.

APPEALS COURT UPDATE ON AUGUST 9, 2013: 1-800CONTACTS appealed this decision, and got whacked. Again. See posting here.

Wednesday, November 19, 2014

Hacking Wall Street, Again.

How do you break through the clutter of all the social media products out there? One answer is to use the best-kept secret in the advertising industry: the front-page of the Wall Street Journal. A little company—rFactr—with a killer technology and a who's-who client list took my advice. Here's the front page of today's WSJ (or link to it here):

Tuesday, October 14, 2014

Dreamforce & My Reminiscences on Marc Benioff

Today's Wall Street Journal story on Marc Benioff (page B3, read it here) prompted me to muse on my old friend Marc Benioff (see my story here). I'm feeling downright nostalgic!

Maybe you'll understand better why I put Marc on my Cyber Privateering Fantasy League team (see the posting here).


Sunday, October 5, 2014

The Russians Are Better Chess Players Than I Am!

On July 24th, I predicted that the Russians would retaliate for sanctions against them for their Ukrainian adventures by hitting the vulnerable U.S. power grid (see my article here). Silly me. If we muck with their economy, they want to less-than-subtly muck with ours (see Friday's New York Times story here). Like the apocryphal Willie Sutton quote, "You go where the money is." Silly me. The U.S. power grid is several steps down on Russia's hit list.

To quote one of the smartest people I know:
"It could be we're developing a kind of warfare like 17th & 18th Century privateering."
Yet another nod that it might be time for licensed and bonded cyber privateers?

Monday, September 29, 2014

The Patent that Hacked Wall Street

You've seen the billboard:

Here's an interview with the Christopher himself. Enjoy!

Wednesday, September 24, 2014

My Afternoons With Larry Ellison

Given the publicity surrounding Larry Ellison and Oracle, the introspections of this "old, bold gunslinger" turned into a 4200-word homage to "the smartest man I've ever known" (and the captain of my Cyber Privateering Fantasy League). Read it by clicking here.

Tuesday, September 16, 2014

Data Exhaust: Predicting Midterm Election Shenanigans

Here it is, seven or so weeks before the midterm elections, and I was curious what the "twitterverse" shows. Based upon the organization and vitriol of almost every social media pundit besides Sentator Ted Cruz, it would appear that the Democrats are winning the battle of whipping their base into a frenzy to keep the Senate. My prediction, this far out, just looking at the numbers, indicates the Senate will probably be close to a 50-50 split. I figured I'd put this in writing now, and live with the consequences, come what may. Here's my map of the twitterverse:
Certainly, something might happen in the next few weeks to dramatically sway voters one way or the other. Call it gamesmanship, media bias, guerrilla warfare by either the DEMS or the REPS, you name it. But given the element of sheer desperation from the DEMS, I predict some serious pre-election shenanigans. Question is, will they backfire?

Tuesday, September 9, 2014

Hacking Silicon Valley With…A Billboard Near Oracle HQ

Yesterday, the following billboard appeared near the Oracle HQ in Silicon Valley (Northbound, left side of road). It should be self explanatory. On July 31st, I posted a piece on "Hacking Wall Street" (read the article here). That got me thinking, which is why I created this 14-foot by 48-foot billboard for my client.

Go ahead. Check out and see what a "tactical nuke" in the PE/M&A world looks like.

Tuesday, September 2, 2014

Should Home Depot Contract With Israeli Intelligence?

The real security guru, Brian Krebs, broke the story of Home Depot's being hacked in a bigger heist of credit card info than Target (read the story here). Given the abysmal failure of the FBI, Homeland Security, and those whacky guys at the NSA (who sit on zero-day information for their own use, rather than behave properly and alert software manufacturers), Home Depot may want to send an emissary hat-in-hand to visit Mossad headquarters and contract some serious anti-piracy offensive measures. Per my last posting about Israel being our last great hope for solving cyber misbehavior (see the story here), I don't see that Home Depot has another choice. Well, they don't have a choice as long as U.S. cybercrime law has us playing the game with both hands tied behind our backs. Go Israel!

Wednesday, August 27, 2014

Israel, The Most Attacked Country in the World, Will Likely Solve Cybercrime One Gorilla Costume at a Time

In today's Wall Street Journal (page A3, see yesterday's online article here), the FBI admits that 61% of their 56 field offices have run into "severe" or "moderate" poaching by other federal law-enforcement agencies. I had to laugh, given my previous posts on FBI incompetence (do a query on "FBI" in the left-hand search box to see my litany of FBI stupidity over the years). The only bright side of the coin is in data exhaust coming out of Israel (see one link here). My previous net-net on Israel as "the last great hope for cyber security" is here. Furthermore, my argument for Israel being our last great hope is proven in the following statement:
The most attacked country in the world is the most highly motivated to REALLY solve the problem.
Therefore, I would NOT be surprised to see the following headline and news story in the very near future:

Islamic teenage hacker found in San Francisco phone booth drugged, and wearing nothing but the top half of a gorilla costume. 
AP, December 25, 2014, SAN FRANCISCO — Eighteen year old Mohammed Finkelstein, formerly Jewish but an avowed convert to Islam, is now recovering in a local hospital after being found naked from the waist down, wearing nothing but the top half of a gorilla costume while duct taped inside one of San Francisco's few remaining telephone booths. Bystanders report him screaming about a visit from Mossad agents who accused him of trying to hack Israeli defense computer systems.
A local FBI field agent, who spoke on the condition of anonymity, said that such activities by any foreign government on US soil were a clear violation of cybercrime laws as well as of U.S. sovereignty, and that such incursions would not be tolerated by the U.S. Justice Department. However, the assertion was rebutted by an anonymous source from Homeland Security, who said, "The FBI couldn't find their rear ends with both hands, and the Department of Homeland Security would be taking lead in the investigation." The investigative landscape was further muddied by the Department of Alcohol, Tobacco, Firearms and Explosives, who insisted the brandishing of automatic weapons by the alleged Mossad agents constituted a clear mandate for them to take action.
In the meantime, the victim's father Rabbi Aaron Finkelstein, made a rather terse statement: "I'd personally like to thank those involved with the intervention in my wayward son's cyber misconduct. He shared with his mother and me just this morning that his conversion to Islam was not sincere; he just wanted to push our buttons. Thank heaven someone is doing more than playing cyber security defense, and are actually going after intruders."
Yo Israel, I say don't disappoint me. Nobody in the U.S. is up to the real task at hand.

Wednesday, August 20, 2014

Androids Can Catch Cyberthieves; iPhones Can't. Period.

Today's ZDNet Tech had the headline, "Five things Android smartphones have that are unlikely to come to the iPhone6" (see article here). With due respect, this article completely misses the boat. The one reason I have an Android (Galaxy S4) is it's ability to record and store phone calls locally. iPhones will NEVER be able to do that. Sure, you can subscribe to third-party services for outbound calls, but what a pain! How about those inbound calls from scammers?

On April 16th of this year (see my article here), I posted A Modest Proposal for Going on the Offensive With Internet Scammers. I even shared a television interview I did, hoping the FBI would take the hint and really "put a check in the swing" of the bad guys. Fat chance.

So for your continuing enjoyment, following is the final phone call I had with an Internet scammer trying to overpay me for a grand piano and have me send the excess funds back to them. Sure, they were willing to wait for the fraudulent check to clear before I sent them the money. Of course, when the company against whose account the bogus check was issued got their bank to reverse the transaction, I'd be out the $5,000 overpayment. I recorded my final  "got'cha" call with the scammer on my Android. Here it is (and I'm displaying the UK and US phone numbers of the scammer, in case anybody wants to do some triangulation and make life…er…interesting for the crooks:
I've been a die-hard iPhone fan since the beginning. And it's the only phone I'd buy for my wife. But for anyone with a measurable technological IQ, I recommend an Android (even though they suck battery life faster than a dozen iPhones).

Monday, August 18, 2014

Are Google's ├╝berGeniuses Playing With The Tin-Foil Helmet Crowd?

When it comes to breaking news stories, I have observed that the first news stories are generally misdirections, and that it takes time for the real stories to unfold. Late last night, my favorite hard-core/right-on-the-money security blogger Brian Krebs broke a highly unusual story about how Google Translate fleetingly turned the Latin-to-English translation of the placeholder phrase "Lorem Ipsum" into modern geopolitical ideas, depending on capitalization, etc. (see the story here). Here is a snippet of variations from the article:
Until very recently, the words on the left were transformed to the words on the right using Google Translate.
Until very recently, the words on the left were transformed to the words on the right using Google Translate.
My own comment posted on the Krebs site sums up my "alternative theory" of the phenomenon:
Alternative theory: From my misspent career as a guerrilla warfare ad man (and my dalliance as a novelist) another possibility is that Google is having some fun with the tin-foil helmet crowd.
I would term the Google Translate story as "the displacement activity of Google ├╝bergeniuses having some fun." Furthermore, I posit that the pranksters are probably Chinese employees.

My own displacement activity manifested itself in my first novel, Destroying Angel, in which one of my characters spoke only in palindromes (sentences that read the same forward and backward). It would often take me a whole week to write one coherent of dialogue. Why did I do this? Because I wanted to "suspend reader disbelief" that my character was an off-the-charts genius who was capable of creating a self-aware/self-conscious AI program that could modify itself on the fly and take over the world.

Hence, I would place pretty good odds on my Google Translate theory. But time will tell, and I leave it up to Brian Krebs to follow this story to…The Truth.

Saturday, August 16, 2014

"Hey Nikolai! As soon as you short that Ford Motor Company stock, I'll have 200,000 minivans slam on their breaks during rush hour!"

Hacking for fun and profit! A low-barrier-to-entry career, just waiting for those rascally Russian hackers to get done in Ukraine so they can pay attention to business. Check out the Register story (read it here) on the latest Black Hat USA advice to car companies.


Wednesday, August 6, 2014

Russian Cyberthieves Roach 420,000 Websites for 1.2 Billion Usernames/Passwords

Yesterday's Register story simply boggles my mind (read it here): "Hackers nick '1.2B passwords' — but where did they come from?" My comment posted yesterday says it all:

That's the trouble with playing defense only. The Morgan Doctrine is the only answer to this sad state of affairs. Period.

Far more interesting are the rest of the 50 posted comments. People are mad, venting, and simply unable to posit a workable solution to the problem. The "bad guys" continue to laugh at us, because U.S. cyber law has us playing the game with both hands tied behind our backs. Now that the college football season is about to start, maybe we'll see what happens to a coach who has his team playing defense only. Oh wait, there isn't such a coach. And if one turns up, he's sure to be fired before the end of the season.

Friday, August 1, 2014

Hacking Streaming Video of Hollywood Movies

Three-and-a-half years ago, I wrote about a "Righteous Hack of Hollywood DVD Movies" (read the article here). The brilliant guys at ClearPlay came up with a way to allow DVD users to apply their own parental controls to movies, thereby filtering violence, drug use, sex, profanity, vulgarity to the tastes of the viewer. Hollywood balked and sued ClearPlay, claiming that the creators of those movies were having their babies butchered by technology. The United States Congress said, "Hold on, Hoss. Consumers have the right to control what comes into their homes." ClearPlay won, and that was that.

Unfortunately, ClearPlay had to go into the hardware business, building and selling their own DVD players. And later, ditto for BluRay players. But guess what, sports fans? The DVD/BluRay industry is tanking, in favor of…yep…streaming video.

Enter the geniuses at ClearPlay with an honest-to-goodness hack. Again. Google Play movies come right to your computer browser. ClearPlay hacked the stream, so now you can sign up for ClearPlay, and stream Google Play movies through their filters, setting slide-bar controls for how much smut, profanity, violence, etc. you want, and watch a streamed movie with your children, grandchildren, or even the minister from your church who has dropped by unexpectedly. Better yet, you can either buy the Google Play movie or just rent it.

Next? Netflix and Amazon Prime streaming videos? Walmart? Hell (excuse me, "Heck"), everybody wants to get into the streaming business. No inventories to maintain. No stocking that $5 bin of virtually unsellable DVD movies. No watching your DVD sales tank. And for consumers, forget buying that new BluRay player. If you want to upgrade something, get an 80-inch HD TV with built-in Internet connectivity.

And here's a little fact you didn't know. On any given evening, Netflix consumes  over 30% of all Internet bandwidth in the USA (check out the July 21st WSJ story on Netflix earnings doubling)? Yep, streaming movie technology that gives parents full control of what comes into their homes is now a reality. My "data exhaust" prediction: You are about to hear "howling from the damned" in Tinsel Town.

Righteous hacks, ClearPlay! Keep 'em coming.

Thursday, July 31, 2014

Hacking Wall Street: The Strategy PE Firms Haven't Yet Grokked

The barbarians out looking to rape and pillage on Wall Street seem blinded by spreadsheets created by Harvard MBAs who don't truly appreciate what technology can do to completely change the playing field. Take today's WSJ print story (yesterday's online one: read it here). The relevant paragraphs:
Private-equity firms have all but stopped buying public companies, retreating from a cornerstone of their business as rising stock prices push acquisition targets out of reach.
Public companies taken private accounted for 3.5% of the $89 billion of U.S. leveraged buyouts in the first half of this year, the lowest share on record, according to data tracker S&P Capital IQ LCD. In the first half of 2008, at the apex of a buyout boom, these types of deals represented about 68% of all buyouts by dollar volume.
Instead, private-equity firms are buying companies from one another, a shift driven in part by the relative simplicity of completing an acquisition of a private company compared with a publicly traded one. Transactions between private-equity firms have made up 60% of U.S. leveraged buyout volume through June, according to S&P. That is a higher percentage than the ratio for any full year tracked by the firm, whose data date to 2002.
Net-net, leveraged buyouts (or LBOs) keep getting financed the old fashioned way: A bunch of bean counters say, "I can run this better than you can and bleed off profit to service the debt."

A much better LBO approach would be to find large companies with a bloated sales force and pay for the LBO by firing two-thirds of the sales team and using technology to supercharge the rest to exceed the previous numbers. So what is the technology, grasshopper?

Hint: You can find almost anything you want within 50 miles of Silicon Valley.


Thursday, July 24, 2014

Data Exhaust: Time For The U.S. Power Grid To Go Down?

Let's see, now. Russian "separatists" down a passenger airline with Russia-supplied a surface-to-air missile. Palestinians are parading civilian casualties after the psychotic impunity of having used those civilians as human shields in their rocket attacks on Israel. Coyotes are making thousands of dollars a head to smuggle children across our border with Mexico. That makes at least three proponents of the argument that America needs something else on which to concentrate. Hey, how about a few teams of…wink, wink…"separatist jihadist Remember-the-Alamo patriots" with high-powered rifles taking out critical power substations throughout the United States? Take us offline as effectively as an EMP attack. Toss in a few wildfires near populated areas.

Good grief! I hope somebody is thinking a few chess moves ahead besides Vladimir Putin. Those critical power components are well known. Certainly a few governors are deploying their National Guard assets to protect the power grid. Right?

Tuesday, July 1, 2014

Russians and Chinese are Infecting an App Near You

The next-best way to hack the world, if you can't hit the supply chain and nail every customer of Microsoft or Adobe with those vendors' software update programs, is to set up "watering hole" infections of far less astute application providers, like:

  1. Your local Chinese restaurant (or any take-out food supplier) who has their own swell application.
  2. Your favorite TV station's weather application.
  3. Your bicycling or other exercise-logging application.
Yes sir, Big Dog. How many times a day do you see automatic software updates on your iPhone, Android, or even from desktop software suppliers. Heck, look at the permissions you grant to the average Android application, and you'll see why today's New York Times story about those pesky Russians deploying Stuxnet-like viri (see the story here) is really REALLY relevant to your lives. Just update your favorite small business application (hey, you get free meal points, just like your airline frequent flyer program), and before you know it Boris and Natasha (or Wen and Hu, see my parody of the Abbott and Costello routine here) will be draining your bank account.

So the next time you consider downloading an online application from the Foo King Chinese restaurant, remember Hu might be infecting all your computers. It's not a question of "if" but a question of…Wen. 

[Note: Check out the above-referenced Abbott and Costello parody if you wonder about that last paragraph.]

Wednesday, June 25, 2014

2016 Prediction: Bill Gates and Warren Buffett Could Choose our Next President

On June 4th (read the article here), I shared the remarkable news that just two men could pretty well get together and name our next POTUS. No, neither of them is Rush Limbaugh nor Barak Obama. 68% of the random sample surveyed said they'd support a candidate endorsed by Bill Gates and Warren Buffett. Gates I can understand, since his selfless generosity in giving away billions clearly marks him as one with the world's best interests at heart. I guess Mr. Buffett's challenge to the high rollers to give away lots of their net worth pays his dues into that club, too.

So what'll it be, Bill and Warren? Who has the brain power and the courage to step up and save our dysfunctional national family? If you guys agree on it, then it's a done deal.

I have a candidate you should look at, and I've been breaking my pick trying to find people to facilitate some kind of introduction. Alas, nobody who knows either of you two is willing to broker an introduction. I guess those are chips nobody wants to risk, and who can really blame them. I can't tell you how often somebody calls me out of the blue and asks for help setting up a meeting with Oracle's Larry Ellison or Salesforce's Marc Benioff. Half of me seriously doubts I could accomplish the intro, the the other half says out loud, "And you think I'll waste these chips for some stranger?" Yep, no wonder I haven't found a broker.

So directly to Mr. Gates and Mr. Buffett, I've got a candidate whose elevator pitch will blow your mind. Let me give you a one-paragraph elevator pitch, the goal of which is to set up a five-minute telephone call with my guy. Worst case, you'll be entertained. Best case, you'll want to nominate him for election in 2016 as well as for the Nobel Prize in Economics.

Wednesday, June 18, 2014

Russia and China REALLY Want You to Back Up Your Files to The Cloud

There is a fine line between paranoia and plain stupidity. Sure, it sounds like a jim-cracking-dandy good idea to back up your files to the firms advertising on talk radio. Insure those priceless photos and your address book for less than $5 per month. What could go wrong? Two options give me a little heartburn.

First, read the privacy policy and the terms of service of the backup service. Basically, they can screw up big time and your only recourse is a refund of the money you've paid them for the backup service. Not to mention the common disclaimer below:
[Vendor Name Here] will not disclose Your personal information, including the contents of Your Account, to third parties unless disclosure is necessary to comply with the law.
I'm not planning to engage in illegal activities, but it's not like I trust Big Brother, either.

Second, a more troubling story appeared today in Computerworld (read it here). They report a "Russian forensic firm's tool" can access iCloud backups. To my mind, this "data exhaust" presents the very real possibility that foreign governments and/or crooks have targeted all the cloud backup firms with BPTs (that's Brilliant Persistent Threats) designed to let them troll all privately stored files. The same reason several governments will not buy computer equipment from China-based companies like Huawei and Lenovo ought to be reason enough for those same governments to forbid their employees to use cloud backup services: competition, foreign governments, or mere thieves will find a way to monetize your data assets. Guaranteed.

And speaking about guarantees, I have yet to see any cloud backup services advertise significant insurance for losses you might incur due to your files being grabbed by The Bad Guys. Quite to the contrary, their terms of service agreement has you pretty thoroughly indemnifying them from any responsibility for protecting your data.

Paranoia vs. stupidity. Hey, disk storage devices and fire safes are dirt cheap. Buy your own backup.

Tuesday, June 10, 2014

Israel, The Last Great Hope for Worldwide Cyber Security?

Three years ago (read my article here), I gave eight reasons why Israel should become the first cyber privateer haven. Data exhaust from today indicates that the Israelis might just be our last chance for coherent worldwide cyber security.The data points:
  1. Computerworld estimates worldwide cybercrime losses now exceed $400 billion (read their story here).
  2. The New York Times verifies massive institutionalized Chinese cybertheft (see the story here).
  3. On June 2nd, the New York Times essentially verified that the complete U.S. strategy for dealing with cybercrime is to continue playing a defense-only game (see the story here) with DARPA (the Defense Advanced Research Projects Agency) holding a contest to see which genius can come up with technology to detect intrusions and close the doors on the fly (Was that Vince Lombardi shrieking from his grave?)
All the superpowers are playing the cyberspy-vs-cyberspy "plausible deniability" game. The U.S. is telling China, "We only spy on your government, not your businesses." To which China replies, "Give us a break!" The Russians are at least smart enough to go where the money is with some pretty sophisticated cyberthievery. The Brits are keeping their mouths shut and plodding along to create the world's biggest CCTV police state. The French are keeping their mouths shut. The Germans are assuming all their cellphone conversations are being personally monitored by Barak Obama himself. Australia, a nation I thought could host licensed and bonded cyber privateers because of their remoteness, seems to be more concerned with shutting down their home-grown hacker community. South Korea won't do anything to jeopardize the missile defense shield they want from the U.S. North Korea is playing the "Hey-is-THIS-crazy-enough-for-ya?" game. The only purpose being served by Islamic countries is to get the blame for what in reality are false-flag operations created by the big boys (ie; The Syrian Electronic Army). And Japan seems to have lost the national self confidence to do much of anything. That leaves…drum roll…Israel.

It's time for Israel to step up to a foreordination that's been in The Books for thousands of years.


Wednesday, June 4, 2014

Predictive Analytics: Hacking the 2016 U.S. Presidential Election

Last month, I was retained by an unknown and non-political potential presidential candidate to help him determine if he had a shot at winning the presidency in 2016. Conventional wisdom would say "No way in hell!" However, I fielded a "Rhetorical Wargame" survey and was absolutely astounded by the resulting analytics.  Just two sets of factors framed the random survey:
  • In 2016, the main focus of the voter must be our economy and the gridlock in Congress; and
  • I provided a thorough list of politicians, economists, businessmen, and entertainers who might endorse this candidate, so he wouldn't be written off as "just another nut job" by a VERY skeptical electorate.
The key to a "Rhetorical Wargame" is to ask the hypothetical question at the beginning and at the end of the survey:  "Would you consider a candidate whose platform was…?" Between the two identical hypothetical questions, the survey spelled out the details of the platform AND asked the respondents (in a multiple-choice/choose-all-that-apply pull-down list) to choose what prominent endorsements would put this candidate over the top. I expected a one or two percent difference between all the potential endorsers. I was dead wrong.

Two individuals—non politicians but obviously trusted by American voters—could endorse and virtually guarantee my candidate could get elected in 2016. Net net: 68% of the voters would elect this candidate on the basis of a joint endorsement by these two men. And almost as interesting, 75% of the audience would vote AGAINST this candidate if were endorsed by any one of another half-dozen people. 

No, I don't choose to share the names of these two King Makers. Maybe later, grasshopper. After I see whether or not my candidate can meet with them and consider some unusual possibilities.


Friday, May 23, 2014

If China Were Smart, They'd Call Our Bluff

A poster at the Justice Department showing the five men charged this week with hacking the computers of American companies, presumably for the benefit of Chinese businesses. CreditJustice Department, via Associated Press

If China were smart, they'd call the State Department/FBI bluff and extradite these guys for trial in the U.S. Other than their so-called digital signatures, there's no way a U.S. jury would convict these guys. A public trial—where the accused could see the evidence against them—would seriously work to the benefit of the Chinese intelligence community. A big-time if-the-glove-doesn't-fit-you-must-acquit defense attorney could really make a name for himself. And China (or their proxies) could ignore any gag order and make their case along the lines stated in yesterday's New York Times story (read it here):

The Obama administration makes a distinction between hacking to protect national security, which it calls fair play, and hacking to obtain trade secrets that would give an edge to corporations, which it says is illegal. China and other nations accuse the United States of being the biggest perpetrator of both kinds of espionage.
Please don't misinterpret my post today as being the least bit sympathetic to China. The current Mad Magazine version of Spy-vs-Spy unfolding by our bumbling policy engine is really kind of funny, and demonstrates the ludicrous futility of playing defense only. We could…drum roll…eliminate international shenanigans virtually overnight by adopting The Morgan Doctrine of privatizing international cyber security with licensed and bonded cyber privateers.

Taman Shud.

Wednesday, May 14, 2014

Guerrilla Warfare and the 2016 Presidential Election

In today's SAND HILL article (read it here), I show my "sweet sixteen" dial-a-yield nukes I use in guerrilla warfare marketing. I also talk about two of my mentors. Dick Morris is the only guy I know who made the cover of Time Magazine two weeks in a row, first as the man behind Clinton, and a week later after he had to resign in disgrace:

My other mentor was the late Tony Schwartz, who created the television ad that ran only one time on one television network, yet destroyed Barry Goldwater's presidential campaign. Enjoy:

Given that I've just been retained by a man who wants to run for President of the United States (POTUS) in 2016, you might regard this as a preview of things to come. Or not.


Wednesday, May 7, 2014

Symantec Attempts Suicide

The big news this week is Symantec's articulation of antivirus futility (see the Register story here).  Given that antivirus is 40% of their business, this is a pretty good attempt at suicide. Especially since their plan going forward is to continue playing defense only:
Symantec will now concentrate on providing business customers with security as a service – tracking intrusions as they occur, advising on the best way to protect data from collection, and finding out who is doing the attacking.
My assertion of their attempted suicide is NOT their disavowal of antivirus products. It's their continuation of a defense-only strategy that would leave any athletic coaches hoarse from screaming epithets peppered with interspecies reproductive suggestions.

Get set for yet another Symantec management shakeup.

Thursday, May 1, 2014

In 2010, I Predicted Ellison Would Own An NBA Championship Team

Today's Wall Street Journal story (Page B1, below the fold, read yesterday's online WSJ piece here) talked about Oprah Winfrey, David Geffen and Captain of my Cyber Privateer Fantasy League team Larry Ellison putting together a bid to buy the LA Clippers. If the deal goes through, I make another prediction: The Clippers will win the NBA championship within 5 years. Back in October of 2010 I put Ellison into some historical context (read my complete piece here):
Larry is the real-life version of Iron Man Tony Stark. Ellison won the great database wars. This year, he won the America's Cup yacht race. I predict its only a matter of time before he owns an NBA basketball team and leads them to the championship. And one of the greatest moments in any U.S. confirmation hearing would be watching Larry do a Tony Stark in the Senate: "Ladies and gentlemen, I have successfully privatized international cyber security!" Whereupon he will raise his hands in victory and waltz out of the hearing room.
Naturally, Larry wanted to own the Golden State Warriors because they were near his stomping grounds. But his purchase of the Clippers and their LA location is consistent with yet another of my predictions of nearly a year later in October of 2011 (see it here):
So what do my predictive analytics forecast for the head of my Cyber Privateering Fantasy League leader? First, I believe Larry will eventually own an NBA-championship basketball team. Secondly, I predict that Larry will win an academy award as a movie producer. 
In a way, through his children David (executive producer of Ironman II) and Megan (producer of not one but two films nominated for Best Picture this year—Her and American Hustle), Larry has vicariously started his Oscar run. But let there be no doubt that he's in the race to personally take the stage on Oscar night sometime in the next 10 years. Larry plays to win. Whether in the great database wars, the America's Cup yacht race, the NBA, or as I predict, in the movie business. 

This message is brought to you by a mere bystander and part-time follower of a remarkable human specimen named Lawrence J. Ellison. To you doubters of my prediction, I can only say, "What other kind of legacy would you expect of Steve Jobs' best friend?"

Wednesday, April 30, 2014

Huawei Contemplates Suicide

Last week (see story here), Huawei spokesman Scott Sykes said that proof that they were a spy conduit would be "corporate suicide." Interesting analogy. If my presentation for Black Hat 2014 is accepted, you could well be paying for your own hit man. $1,000,000. I guess if you pay your own hit man, that qualifies as suicide, doesn't it? In my best imitation of Godfatherspeak: "Yo Vinnie, deese guys should ought'ta prepare for a dirt nap."

Tuesday, April 29, 2014

White House "Thinking" Makes The Best Case for Privatization of Cyber Security

Yesterday's New York Times story (read it here) on White House "thinking" regarding cyber security is absolute proof that privatization is the only workable solution. The net-net seems to be that we can't count on the people protecting our infrastructure to let us know of vulnerabilities and back doors, because those flaws would then be fixed and unavailable to our own spooks:
But  [Michael Daniel, the White House cybersecurity coordinator] spent the rest of his blog entry describing what conditions might lead to a decision not to publish the details of a flaw — perhaps for a short time, perhaps for much longer. “Disclosing a vulnerability can mean that we forego an opportunity to collect crucial intelligence that could thwart a terrorist attack, stop the theft of our nation’s intellectual property, or even discover more dangerous vulnerabilities that are being used by hackers or other adversaries to exploit our networks,” Mr. Daniel wrote, describing the review that has taken place at the White House in the past few months.
Makes you feel warm all over. Doesn't it?

Wednesday, April 16, 2014

A Modest Proposal for Going on the Offensive With Internet Scammers

After dealing with some particularly innovative Internet crooks over the last two weeks, I gave the local ABC affiliate an exclusive on this story:

This was basically a scam where I was getting both email and text messages from the scammers. I called the local FBI office to see if they wanted to sting these guys, and they declined. The FBI is far too busy to investigate these things. They suggested I send a report to IC3.GOV, which I did. I then called INTERPOL and got an even less enthusiastic answer. Even the local police were uninterested, although they did give me a case number for my police report (2014002363). One thing is certain: If the email and texts had been about a plot to assassinate the President of the United States, you can be sure the Secret Service would have perp-walked the shackled miscreants out of their homes within 24 hours!

What was NOT covered in the story was my suggestion that viewers text messages to the scammers (hopefully from "burner" phones) with a message like, "The Revolutionary Council has approved your beautiful plan to assassinate POTUS. Destroy your cell phone and go radio silent. God be with you." But interestingly enough, even though they didn't have time to air this part of my plan, the clever reporter did manage to include the scammer's US-based burner cell phone in the story (I added both the UK and US numbers to the video above). Since I have proposals to speak at several upcoming 2014 events, I even fantasized about buying a bunch of burner cell phones with prepaid text minutes and giving them to audience members. My invitation to the burner recipients would have been to send a "We approve your plan to kill the president…" message to the first scammer dumb enough to text them, and then toss the free phone into the bushes outside the house of a white supremacist. Of course, I plagiarized from my novel Daddy's Little Felons, so you might say I had this in my planned bag of tricks all along. Excerpting from my novel:
I launched a pre-emptive peer-to-peer command that sent an email in perfect Arabic to his entire address book using quotes from Surahs number 4 and 7 in the Koran as proof that Mohammed was a Satan worshiper and romantically inclined toward swine…My software then erased any trace of itself on his system, after first verifying that the mail had been sent, spectacularly destroying his operating system, and finally displaying the image of a pig on his screen. 
This trick really upped my game, even exceeding the nasty I unleashed on an Internet scammer who was using a burner cell phone to swindle an elderly friend of mine. Rather than go to the trouble of tracking down the scammer, I just sent him a text message from my own untraceable burner. It read: “The Revolutionary Council has approved your excellent plan to kill POTUS. Radio silence from now on. God be with you.” Within twenty-four hours—thanks to the NSA snooping apparatus—the Secret Service descended on the poor devil who, as it turned out, lived just two doors down from my dear friend. Our last vision of him was his being perp-walked in shackles to a SWAT van, followed by agents hauling his computers and file cabinets. Naturally, I immediately disposed of my burner. Chances are, my Internet scammer had a much easier time explaining the text message about assassinating the president (POTUS) to the Secret Service than my Saudi hacker would have justifying his rash email.

But no, above isn't my "modest proposal."

My Modest Proposal

I understand that the FBI and Homeland Security can't possibly investigate all the scams and frauds being perpetrated by international crooks. But why not randomly identify an in-process fraud scheme and marshal the resources (FBI, NSA, Homeland Security, and INTERPOL) to publicly take down the culprits. You're got to believe that this would put a check in the swing of bad guys worldwide.

Can't we FOR ONCE go on the offensive and quit our defense-only mentality dictated by US Cyberlaw? This notion is humbly submitted by a mere pawn in the international game of cybercrookery.

Oh, and by the way. If you want to have some fun with the cyber scammer, here are their (probably burner) cell phone numbers:

UK cell phone:  011-44-7417-403532
US-based cell phone: 646-751-0521