The news is almost two weeks old. There was no real reason to not look at it, I just missed the initial article. It happens! This is also at the heart of the issue on more than one level. Consider the quotes “The first 13-week programme for Cyber London (CyLon) will kick off in April, with a group of startups drawn from industries including defence, retail, telecoms and health services” and “On the one hand, the government is keen to invest in cyber-security startups: witness chancellor George Osborne’s announcement that GCHQ is investing “£3bn over nine years into developing the next stage of national cyber intelligence”“. So is this just about getting your fingers on a slice of this yummy slice of income? You see, this issue skates on problem that I (many others too) saw that Common Cyber Sense existed, but the bulk of companies treated it as an overhyped requirement. Yes, those managers were always so nervous when they got introduced to ‘costs’. I reckon that the Sony hack will remain the driving force for some time, in addition several business units are more and more in need for some better up to data encryption, so this cyber wave is getting some decent visibility. So as we look at the title ‘Cyber London aims to make the UK a launchpad for cyber-security startups‘ (at http://www.theguardian.com/technology/2015/jan/28/cyber-london-accelerator-cyber-security-startups).
There is no denying that the call of 9,000 million is a strong one, especially in this economy. More important, as more companies are gripped by a decent amount of fear regarding their own future, this event will be at the foundation of several longer running projects and corporations. There is of course question on what is real. That question becomes an issue when we see that even now, rumours still emerge on what happened in regards to who did the works on Sony and how it was done, especially in light that the article in Business Insider claims that the hackers still have access. The latter part will be speculated on by me later in this article.
For the most, the next cyber wave is a good thing, especially when thousands of data holders realise that their corporate future depends on keeping these systems decently safe. I use the term decently safe, because ‘complete’ safety is not something that is achievable, not on budget levels that many depend upon. Yes, security can be better and a lot of companies will invest, they will raise the threshold of many companies, yet will they raise it enough? That is at the foundation of what is about to come.
I predict that these startups are all about consultancy and some will offer products, some on safety and some on encryption. Encryption will be the next big thing, the question becomes how will encryption be properly managed? There are plenty of people who enthusiastically encrypt files and after that forget the password. So what then, all data lost? So, you see that clever solutions are needed, which will bring forth a new wave of solutions, new barriers and new bottlenecks. I wonder if these new startup firms have considered a trainings division, not one that is all about ‘their’ solutions and ‘their’ products, but all about raising proper awareness for Common Cyber Sense.
Training that is meant to give long term knowledge to people working at a firm as well as setting a proper initiation of knowledge with these companies, so that a wave of change will not start a rollercoaster of people jumping from firm to firm, a risk many companies will predict to hit them.
Now it is time for some speculation. I have been thinking on how Sony was hit. I came up with a possible idea on New Year’s Eve. When I wrote this part: “In my view of Occam’s razor, the insider part is much more apt”, my mind started to wander on how it was done.
Speculation on the Sony Hack
The inside story is on the hack of Sony, yes, there was a hack at some point, but, in my view, that is not what actually happened. a destruction was started, but that is not what started it, that is how it all ended. When I did my CCNA (2011), I had the initial idea. You see, hacking is about data at rest, so what happens when the hack is done when data is in motion? That part is often not considered, because it seemingly unmanageable, but is it? You see, when you buy the Cisco books on CCNA you get all the wisdom you need, Cisco is truly very thorough. It shows how packages are build, how frames are made and all in great detail. That wisdom can be bought with a mere $110 for two books. Now we get to the good stuff, how hard is it to reengineer the frames into packages and after that into the actual data? Nearly all details are in these CCNA books. Now, managing hardware is different, you need some decent skills, more than I have, but the foundation of what is needed is all in the Cisco IOS. The hack would need to achieve two things.
- The frame that is send needed to be duplicated and ‘stored’.
- The ‘stored’ data needs to be transmitted without causing reason to look into spikes.
I think that ‘hackers’ have created a new level (as I mentioned before). I think that Cisco IOS was invisibly patched, patched, so that every package would be stored on the memory card in the router, in addition, the system would be set to move 2% during the day to an alternative location, at night, that percentage would be higher, like 3-5%. So overnight, most of the data would arrive at its secondary location. Normally CCNP technologists with years of experience will look into these matters, now look and investigate how many companies ACTUALLY employ CCNP or CCSI certified people. To do this, you would need one insider, someone in IT, one person to switch the compact flash card, stating 64Mb (if they still have any in existence) and put the sticker on a 512Gb Compact Flash card. Easy peasy! More important, who would ACTUALLY check the memory card for what was on it? The Cisco people will look at the startup file and only that one. The rest is easily hidden, over time the data is transferred, in the worst case, the culprit would only need to restart the routers and all activity would be completely hidden, until the coast is clear, afterwards the memory cards would be switched (if needed) and no trace of what happened would ever be there. What gave me the idea? Well I wondered about something similar, but most importantly, when I did my CCNA, the routers had 64Mb cards, I was amazed, because these suckers are no longer made, go to any shop and I would be surprised if you can even find any compact flash card smaller than 16Gb. Consider a place where Gb’s of data could be hidden under the eyes of everyone, especially as Cisco IOS has never been about file systems.
When the job was finished, the virus could be released damaging whatever they can, when cleanup starts, every aspect would be reset and wiped, whatever the culprit might have forgotten, the cleaning team might wipe.
So this is my speculation on how it was done, more importantly, it gives credibility to the claims that the hacks are still going on and the fact that no one has a clue how data was transferred, consider that this event was brokered over weeks, not in one instance, who else is getting their data syphoned? More importantly have these people involved in this next cyber wave considered this speculated path of transgression? If not, how safe would these systems end up being?
Let’s not forget that this was no easy feat. The system had to be re-programmed to some extent, no matter how enabling Cisco IOS is, this required top notch patches, which means that it required a CCSI or higher to get it done, more important would be the syphoning of the data in such a way that there would be no visible spike waking any eager beaver to prove themselves. That would require spiffy programming. Remember! This is all speculation; there is no evidence that this is what happened.
Yes, it is speculation and it might not be true, but at least I am not pointing the finger at a military force that still does artillery calculations with an abacus (another assumption on my side).
There are a few issues that remain, I think upping corporate awareness of Common Cyber Sense makes all the sense in the world, I reckon that the entire Cyber Security event in London is essential and it is good to have it in the Commonwealth. This industry will be at the foundation of growth when the economy picks up, having the UK play a centre role is good strategy and if it does evolve in the strongest way, a global financial node with improved cyber protection will lead to more business and possible even better business opportunities. This event also gives weight and view to my writing on January 29th and a few other occasions “As small innovators are given space to proceed and as larger players are denied blocking patents to force amalgamation of the true visionary into their moulding process that is the moment when economies will truly move forward. That is how you get forward momentum!“, this is something I have stated on several occasions and I truly believe that this will be the starting pulse to a stronger economy. It seems that the event creators Alex van Someren of Amadeus Capital Partners, Grace Cassy and Jonathan Luff of Epsilon Advisory Partners, and advisors Jon Bradford of startup accelerator TechStars and Eileen Burbridge of venture capital firm Passion Capital are on such a path. No matter how it is started, they are likely to get a first leg up as these startups will truly move forward. As the event stated: ‘No equity taken’, but it seems to me that on the receiving end of implementing working solutions, finder’s fees and linked contracts could be very very profitable and let’s face it, any surfer will tell you that being at the beginning of the wave gives you the best ride of all.
Let’s see what 2015 brings us, startups tend to be not too boring. Not unlike startups, so will be more waves of speculations on how Sony was hacked, the US government will likely continue on how North Korea was involved and at the centre of it all.