Wednesday, August 27, 2014

Israel, The Most Attacked Country in the World, Will Likely Solve Cybercrime One Gorilla Costume at a Time

In today's Wall Street Journal (page A3, see yesterday's online article here), the FBI admits that 61% of their 56 field offices have run into "severe" or "moderate" poaching by other federal law-enforcement agencies. I had to laugh, given my previous posts on FBI incompetence (do a query on "FBI" in the left-hand search box to see my litany of FBI stupidity over the years). The only bright side of the coin is in data exhaust coming out of Israel (see one link here). My previous net-net on Israel as "the last great hope for cyber security" is here. Furthermore, my argument for Israel being our last great hope is proven in the following statement:
The most attacked country in the world is the most highly motivated to REALLY solve the problem.
Therefore, I would NOT be surprised to see the following headline and news story in the very near future:

Islamic teenage hacker found in San Francisco phone booth drugged, and wearing nothing but the top half of a gorilla costume. 
AP, December 25, 2014, SAN FRANCISCO — Eighteen year old Mohammed Finkelstein, formerly Jewish but an avowed convert to Islam, is now recovering in a local hospital after being found naked from the waist down, wearing nothing but the top half of a gorilla costume while duct taped inside one of San Francisco's few remaining telephone booths. Bystanders report him screaming about a visit from Mossad agents who accused him of trying to hack Israeli defense computer systems.
A local FBI field agent, who spoke on the condition of anonymity, said that such activities by any foreign government on US soil were a clear violation of cybercrime laws as well as of U.S. sovereignty, and that such incursions would not be tolerated by the U.S. Justice Department. However, the assertion was rebutted by an anonymous source from Homeland Security, who said, "The FBI couldn't find their rear ends with both hands, and the Department of Homeland Security would be taking lead in the investigation." The investigative landscape was further muddied by the Department of Alcohol, Tobacco, Firearms and Explosives, who insisted the brandishing of automatic weapons by the alleged Mossad agents constituted a clear mandate for them to take action.
In the meantime, the victim's father Rabbi Aaron Finkelstein, made a rather terse statement: "I'd personally like to thank those involved with the intervention in my wayward son's cyber misconduct. He shared with his mother and me just this morning that his conversion to Islam was not sincere; he just wanted to push our buttons. Thank heaven someone is doing more than playing cyber security defense, and are actually going after intruders."
Yo Israel, I say don't disappoint me. Nobody in the U.S. is up to the real task at hand.

Wednesday, August 20, 2014

Androids Can Catch Cyberthieves; iPhones Can't. Period.

Today's ZDNet Tech had the headline, "Five things Android smartphones have that are unlikely to come to the iPhone6" (see article here). With due respect, this article completely misses the boat. The one reason I have an Android (Galaxy S4) is it's ability to record and store phone calls locally. iPhones will NEVER be able to do that. Sure, you can subscribe to third-party services for outbound calls, but what a pain! How about those inbound calls from scammers?

On April 16th of this year (see my article here), I posted A Modest Proposal for Going on the Offensive With Internet Scammers. I even shared a television interview I did, hoping the FBI would take the hint and really "put a check in the swing" of the bad guys. Fat chance.

So for your continuing enjoyment, following is the final phone call I had with an Internet scammer trying to overpay me for a grand piano and have me send the excess funds back to them. Sure, they were willing to wait for the fraudulent check to clear before I sent them the money. Of course, when the company against whose account the bogus check was issued got their bank to reverse the transaction, I'd be out the $5,000 overpayment. I recorded my final  "got'cha" call with the scammer on my Android. Here it is (and I'm displaying the UK and US phone numbers of the scammer, in case anybody wants to do some triangulation and make life…er…interesting for the crooks:
I've been a die-hard iPhone fan since the beginning. And it's the only phone I'd buy for my wife. But for anyone with a measurable technological IQ, I recommend an Android (even though they suck battery life faster than a dozen iPhones).

Monday, August 18, 2014

Are Google's ├╝berGeniuses Playing With The Tin-Foil Helmet Crowd?

When it comes to breaking news stories, I have observed that the first news stories are generally misdirections, and that it takes time for the real stories to unfold. Late last night, my favorite hard-core/right-on-the-money security blogger Brian Krebs broke a highly unusual story about how Google Translate fleetingly turned the Latin-to-English translation of the placeholder phrase "Lorem Ipsum" into modern geopolitical ideas, depending on capitalization, etc. (see the story here). Here is a snippet of variations from the article:
Until very recently, the words on the left were transformed to the words on the right using Google Translate.
Until very recently, the words on the left were transformed to the words on the right using Google Translate.
My own comment posted on the Krebs site sums up my "alternative theory" of the phenomenon:
Alternative theory: From my misspent career as a guerrilla warfare ad man (and my dalliance as a novelist) another possibility is that Google is having some fun with the tin-foil helmet crowd.
I would term the Google Translate story as "the displacement activity of Google ├╝bergeniuses having some fun." Furthermore, I posit that the pranksters are probably Chinese employees.

My own displacement activity manifested itself in my first novel, Destroying Angel, in which one of my characters spoke only in palindromes (sentences that read the same forward and backward). It would often take me a whole week to write one coherent of dialogue. Why did I do this? Because I wanted to "suspend reader disbelief" that my character was an off-the-charts genius who was capable of creating a self-aware/self-conscious AI program that could modify itself on the fly and take over the world.

Hence, I would place pretty good odds on my Google Translate theory. But time will tell, and I leave it up to Brian Krebs to follow this story to…The Truth.

Saturday, August 16, 2014

"Hey Nikolai! As soon as you short that Ford Motor Company stock, I'll have 200,000 minivans slam on their breaks during rush hour!"

Hacking for fun and profit! A low-barrier-to-entry career, just waiting for those rascally Russian hackers to get done in Ukraine so they can pay attention to business. Check out the Register story (read it here) on the latest Black Hat USA advice to car companies.


Wednesday, August 6, 2014

Russian Cyberthieves Roach 420,000 Websites for 1.2 Billion Usernames/Passwords

Yesterday's Register story simply boggles my mind (read it here): "Hackers nick '1.2B passwords' — but where did they come from?" My comment posted yesterday says it all:

That's the trouble with playing defense only. The Morgan Doctrine is the only answer to this sad state of affairs. Period.

Far more interesting are the rest of the 50 posted comments. People are mad, venting, and simply unable to posit a workable solution to the problem. The "bad guys" continue to laugh at us, because U.S. cyber law has us playing the game with both hands tied behind our backs. Now that the college football season is about to start, maybe we'll see what happens to a coach who has his team playing defense only. Oh wait, there isn't such a coach. And if one turns up, he's sure to be fired before the end of the season.

Friday, August 1, 2014

Hacking Streaming Video of Hollywood Movies

Three-and-a-half years ago, I wrote about a "Righteous Hack of Hollywood DVD Movies" (read the article here). The brilliant guys at ClearPlay came up with a way to allow DVD users to apply their own parental controls to movies, thereby filtering violence, drug use, sex, profanity, vulgarity to the tastes of the viewer. Hollywood balked and sued ClearPlay, claiming that the creators of those movies were having their babies butchered by technology. The United States Congress said, "Hold on, Hoss. Consumers have the right to control what comes into their homes." ClearPlay won, and that was that.

Unfortunately, ClearPlay had to go into the hardware business, building and selling their own DVD players. And later, ditto for BluRay players. But guess what, sports fans? The DVD/BluRay industry is tanking, in favor of…yep…streaming video.

Enter the geniuses at ClearPlay with an honest-to-goodness hack. Again. Google Play movies come right to your computer browser. ClearPlay hacked the stream, so now you can sign up for ClearPlay, and stream Google Play movies through their filters, setting slide-bar controls for how much smut, profanity, violence, etc. you want, and watch a streamed movie with your children, grandchildren, or even the minister from your church who has dropped by unexpectedly. Better yet, you can either buy the Google Play movie or just rent it.

Next? Netflix and Amazon Prime streaming videos? Walmart? Hell (excuse me, "Heck"), everybody wants to get into the streaming business. No inventories to maintain. No stocking that $5 bin of virtually unsellable DVD movies. No watching your DVD sales tank. And for consumers, forget buying that new BluRay player. If you want to upgrade something, get an 80-inch HD TV with built-in Internet connectivity.

And here's a little fact you didn't know. On any given evening, Netflix consumes  over 30% of all Internet bandwidth in the USA (check out the July 21st WSJ story on Netflix earnings doubling)? Yep, streaming movie technology that gives parents full control of what comes into their homes is now a reality. My "data exhaust" prediction: You are about to hear "howling from the damned" in Tinsel Town.

Righteous hacks, ClearPlay! Keep 'em coming.