Tag Archives: Keith Alexander

The price of identity

We all have needs, we all have identities. It is important to us, as it is for many others. No one debates or disagrees with it. Yet what to do when identity hinders us? When we see the Washington Post (at https://www.washingtonpost.com/world/national-security/former-nsa-deputy-is-mattiss-leading-choice-to-head-the-spy-service-if-it-splits-from-cyber-command/2018/10/05/1be8d7a8-c73d-11e8-b2b5-79270f9cce17_story.html) giving us ‘Former NSA deputy is Mattis’s leading choice to head the spy service if it splits from Cyber Command‘, we need to consider the impact of identity, corporate identity, governmental identity, military identity, projected and presented identity. They are not the same and can vary to a much larger degree. When someone is part of what used to be referred to ‘No Such Agency‘. We will get the impact of identity; we all know that and many faced it too. Look at any friend or co-worker you have ever known and ask him/her about the impact of a merger and they will tell you, there are changes. Some are subtly, some are not noticed, yet others are, usually in infrastructure and the way things were done. Now the change tends to be for the good in the long run but that is not a given.

So what gives?

It is my personal observation and a highly speculative one at that. Yet I believe that the Washington Post giving us: “The current head of both organizations, Gen. Paul Nakasone, has urged Mattis to keep the NSA and U.S. Cyber Command under one leader on the grounds that the nine-year-old military organization is not ready to stand on its own, these people said. In recent weeks, Mattis was close to a decision to separate the leadership arrangement, but Nakasone’s counsel has caused him to reconsider, according to two U.S. officials. The officials spoke on the condition of anonymity to discuss sensitive internal deliberations“, is not entirely accurate. I believe that ‘military organization is not ready to stand on its own‘ is not the setting that matter. I believe that Stratfor who gives us ‘A New, More Aggressive U.S. Cybersecurity Policy Complements Traditional Methods‘ is very much at the heart of that. I believe that the general is not ready or perhaps unwilling to set the offensive and aggressive part in motion. Now, this is no bad reflection on the general, let that be a first. He is well decorated, he has seen the field in many ways and he has done a fair share of field events. He has earned his rank. I merely wonder that a man who has seemingly played a defence and protection game is the man for the offense. I think that this is a football moment, and as a non-football expert (and a 49ers fan) I would compare the General to DeMarcus Lawrence from the Dallas Cowboys against what the US seems to demand is a Derrick Henry (Tennessee Titans), or even a Tom Brady (New England Patriots), roles that are not really moveable. Even as a Quarterback might become a really good Derick Henry that Quarterback will never become a DeMarcus Lawrence. The defence and offense game is that far apart. This is where Chris Inglis comes in. He is an analyst (at heart), he is used to counter offensive strategies and introduce strategies of his own (effective one’s mind you). I believe that this is the game that is in the open at present and these two will need to find a way to make it work. Not merely because it is good for the needed strategy, but because the segregation of the two elements might hurt U.S. Cyber Command in a few ways, not merely funding, but the elements that U.S. Cyber Command currently have access to will partially fall away and getting two infrastructures like the NSA is unyielding, unaffordable and in the end will introduce flaws and dangers on both sides of the isle making the setting (as I personally see it) a non-option right of the bat. Stratfor gives us a few other items.

One of them is “A best-case scenario for a U.S. cyberattack would be disabling computer systems and networks being used against U.S. interests to prevent an attack from happening or to disrupt an attack that is in progress“. The problem there is that some of the opponents are getting to be really good at what they do and a few of them are not state driven, not by any state changing the dynamics of the solution. Even as I discussed the hop+1 strategy almost three years ago, settings like that require an expert layer one knowledge and the players cannot both have these experts changing the needs of the infrastructure overnight.

The second consideration is: “Perhaps the main challenge to U.S. engagement in tit-for-tat cyberattacks is that the United States is by far the biggest target for such attacks“. That might be true but that goes beyond mere true enemies, it includes a truckload of students wanting to finger the man (or is that giving them the bird)? Do they really want to waste resources to those people whilst the US has actual enemies in the world?

The larger issue is seen with: “Discussing the strategy, national security adviser John Bolton hinted that the administration had already taken steps to bolster offensive efforts in recent weeks, warning that the United States is no longer just playing defense when it comes to cybersecurity. But despite the Trump administration’s more hawkish tone regarding cybersecurity, it will continue mainly to rely on traditional measures such as the legal process, regulations and cooperation with the private sector when it comes to cybersecurity” It is here when we get the consideration of the resources required. The defence, offense and legal sides of it all becomes a real mess if the two split up giving the chance that targets and issues walk away on technicalities. How does that help?

The strategy s even more profound when we consider “Clandestine, discreet attacks are certainly already key elements of U.S. cyber tactics. There have likely been more examples of U.S.-launched attacks that have not come to light, perhaps because they were never recognized as cyberattacks. While the less known about U.S. cyber capabilities, the more effective they will be when deployed, this by definition limits the deterrence value of U.S. cyber capabilities“, at this point is the setting of ‘discreet’ that comes into play. With the two separated they will get into each other’s fare waters and more important give accidental light to the discreet part of the operation, there will be no avoiding it, only the most delusional person would think that it does not get out when more than one player is involved, because that will always introduce a third item being the intermediary, the cold war taught many players that part of the equation. And that is even before we get to the statement: “recent cases like the September indictment of North Korean cyber operatives, which displayed heavy FBI reliance on private security firms such as Mandiant and Alphabet to collect technical evidence and carry out investigations“, now we see the folly as Mandiant and Alphabet are mentioned, the entire matter grows further as soon as Constellis becomes part of the equation. That is beside the point of realising (highly speculative on my side) that neither three Mandiant, Alphabet and Constellis have the required safe servers in place to prevent names, places and facts from going out into the open. I might not be able to get in, but there are dozens who will get in and that voids the security of the matter to a much larger degree. For arguments sake I will leave Booz Allan Hamilton out of that equation, they have been snowed on long enough.

And even as we see the instance of legal preference, the US must realise that any attack from state or non-state parties in China or Russia has close to 0% of being successful (outside of the exposure part), the entire matter in case of the OPCW in the Netherlands is one. An attack was thwarted, yet was it THE attack? The guardian article (at https://www.theguardian.com/world/2018/oct/04/visual-guide-how-dutch-intelligence-thwarted-a-russian-hacking-operation) reads nice, and we see all these facts and from my point of view, things do not add up. You see, I would have used the car that we see mentioned “In the boot of their car was uncovered an arsenal of specialist electronic Wi-Fi hacking equipment” as a fire and forget consumable, use it as an access point, segregating the hacker from the accessing unit. When you have (as they stated) “cash: €20,000 and $20,000” getting a second car far enough to access yet not be directly linked is seemingly easy enough. Then there is the setting of the photo at Amsterdam’s Schiphol airport. I am not debating the issue of the photo, it seems genuine enough. In this operation they did not fly to Germany and took the train, or take a car and cross at Oldenzaal, Emerich, or even via Belgium and enter via Antwerp, or Eindhoven. It almost read like they wanted to get noticed. They know that Amsterdam Airport is high tech and nothing escapes their camera eyes. To me (a paranoid me) it comes across as ‘Where did they not want us to look‘. A mere sleight of hand deception, and again the entire GRU mention. A phone outside of that building and they had the taxi receipt? No one merely driving them to the airport in Russia or even them taking a bus from any hotel in Moscow. No a taxi receipt of all things, is anyone buying that? So in this it is not the Dutch, it is the Russian side that makes no sense at all.

How did I get there?

This is the initial setting of offense and defence. The proper application of strategy in all this matters, because we seem to undervalue and underestimate the need of either in all this. Because we get to push a button anywhere and anytime we seem to underestimate on what is recorded, what is collected and what can we verify. That entire mistake is how any offensive strategy can optionally become folly from the moment the instigation of ‘press any key‘ to start gets us. Proper offensive is not about doing what needs to be done, it is about being able to prove who did what. Perhaps Sony remembers that part as they were given that it was North Korea did something, whilst their computers were not even close to PC gaming ready, the mere processor, which was about 25% (at best) of a 1994 Silicon Graphics Indigo system is not the system that gives you what you need to hack the night away. The tools are equally as important as the access and ability to negate identity. When you see that part, the entire hop+1 intrusion path makes a lot more sense.

This now gets us to the end of the Washington Post, where we were treated to: ““As the build of the cyber mission force wraps up, we’re quickly shifting gears from force generation to sustainable readiness,” Nakasone said in a statement in May. “We must ensure we have the platforms, capabilities and authorities ready and available” to carry out successful cyber-offensives. Some former senior intelligence and defense officials oppose separating the “dual-hat” leadership arrangement, including former NSA Director Keith Alexander, former Director of National Intelligence Mike McConnell and former Defense Secretary Robert Gates. This week, former CIA Director David Petraeus, a retired Army general, said during a Washington Post cyber summit that he’d keep the dual-hat arrangement “for the time being.”” It is not merely the ‘we have the platforms, capabilities and authorities ready and available‘, you see, when we get to capabilities we see the need of offensive players and even as Cyber command might be aces in their field, the offensive game differs to some degree and even as we see that they are way above the student levels, we get back to the Football equivalent you see the application of defence and offense. It is not DeMarcus Lawrence versus Derrick Henry, the question becomes can DeMarcus Lawrence be a Derrick Henry that is good enough, that is the battle within. The mere realisation that if you fail this when the offensive is broken into a train wreck that makes the limelight in every paper, that is the game that is the dilemma that Gen. Paul Nakasone faces as I personally see it.

And when we see Stratfor with the one little gem we did not consider, the mere proposed fact that North Korea has a mere 9,000 IP Addresses, do you really think that they could have done this all, or are we in a setting where someone had the ability to act on BGP hijacking and was able to mask it to the level it needed to be masked at, because that was the offensive play that needed to be considered and there was no way that the evidence had been uncovered to that degree with a backdoor could be removed with a simple reset of routers.




Leave a comment

Filed under IT, Law, Media, Military, Politics, Science

As we grow expertise

An interesting story broke on the Guardian this morning, the title ‘Senior NSA official moonlighting for private cybersecurity firm‘ should catch our eyes in many ways, but for most of you it will seem wrong. The story is about an official named Patrick Dowd and how he, as an NSA official also worked in the late hours for IronNet Cybersecurity, yet never crossing the ethical boundaries.

You see, many will shout scream and all others of noises, but the plain and simple truth is that this happens ALL THE TIME. If you think that this is not true, then look at accountancy firms, look at Google and look at a host of other corporations. In this day and age, to get ahead you need to double dip your brain power.

Of course when doing this, knowledge, more precisely data cannot go from one to the other, yet the knowledge and the knowhow is there, which is the IP of the person holding the brain (aka the man with the thought out plan). Former General Alexander is heading a firm making well over 10 million a year (I will send him my resume shortly).

The article written by Spencer Ackerman in Washington (at http://www.theguardian.com/us-news/2014/oct/17/senior-nsa-official-moonlighting-private-cybersecurity-firm) gives the right nuance and is a good read. More important, between the lines he seems to be implying the question that follows from ““I just felt that his leaving the government was the wrong thing for NSA and our nation,” Alexander told Reuters“, he is of course correct, can we allow in certain areas to suffer a brain drain. Keith Alexanders pragmatic approach, if properly used earlier could have saved the intelligence hundreds of millions in the timespan 2003-2007; no one seems to be looking at that part. We seem to allow ‘dodgy’ accountants to sign off on unchecked quarters of billions, but when a soldier find alternative usage of his skills in non-criminal ways, we tend to shine the limelight on them. For this I only need to show the Reuters quote “(Reuters) – The new boss of Tesco (TSCO.L) has told staff he expects to be able to give a “clear and accurate indication” of the impact of a 250 million pound accounting mistake when the grocer reports delayed first-half results next week“, whilst trying to Google Pricewaterhouse Coopers reveals not one, I say again not one link that the press has taken one look at that part of the Tesco equation. So we can conclude at present (from the evidence as seen published) that for now, the backbone of the press is nothing more than a shoddy paperback!

Back to the Age of Cyber Alexander the Great, as we see the Huffington post, we see the quote “The FSR itself is a veritable tilt-a-whirl of revolving doors, with a steadily increasing lobbying budget on behalf of its corporate bankers and insurers and a roster of high-placed former government officials. For example, the FSR employs the firm of Barnett, Sivon and Natter to advocate its causes“, The Financial Services Roundtable (FSR) seems to be dealing with its ‘own’ mess by getting the bigger boys on the block involved. Now, whether the use of mess is qualified is depending on the view of where the responsibility of pro-active protection and support should be at. (at http://www.huffingtonpost.com/bea-edwards/the-nsas-keith-alexander_b_5515718.html), but there is no doubt in my mind, that those who would like to be (people like me), who have advanced data skills will have to clear the field to those with catered skills form the NSA, that is just a plain and at times, a little uncomfortable truth. If we look at the CCNA OSI layer as a comparison, then I would cover the layer two and higher, like most of us data boers (South African giggle), yet people like Patrick Dowd have layer one in addition. We all know layer one (physical layer), yet we do not actively interact with it other than a facilitation level. It is there that the difference of a million a month is easily spotted. We can all do it with time, but we were never able to work on that plain, that is where NSA bang for the buck resides. And let us be clear, this is a massive bang for all of the monthly bucks, because if you had not figured it out. RFID blockers are there for a reason, it is not a fab and it is not an overly worrying thing. The people (a very small group at the tip of the pyramid) would gain knowledge of a person beyond your imagination when they scan you as you pass by. The problem is not that you get scanned at times; it is where the flaws start on how thousands lose small amounts every day and no one is ever the wiser. Bloomberg reported in 2011 that hackers took a billion a year, that leak must be dealt with and this is just the small cash drains, when we consider other avenues, the loss of 1 billion might actually be the tip of another pyramid and as such the FSR will needed another game plan.

Keith Alexander saw this niche that was ignored for far too long and with the help of Patrick Dowd and others like him they are looking at changing the game and drastically reducing the losses. In a game of billions, 20 million would be a steal at twice the price. In the age of cutting down, a market hole was found and IronNet Cybersecurity is filling that niche nicely. Consider that the Securities Industry and Financial Markets Association (SIFMA), the Consumer Bankers Association and the Financial Services Roundtable (FSR) are only the beginning. It’s such a nice view where we see a former General turned data visionary could become the founder of a billion dollar company. This is not a boast, when we see that outside of the US the digital theft age is a lot more than just a simple 9 figure number, the exact amount is not known, we know of the fact that it is, but not how much, but when it is hushed up to this intent, we can safely assume it is to some extent worryingly high, so as such IronNet Cybersecurity is not the first, but it is likely to grow faster and larger then all others for simple reason of skills and access to knowledge, two elements the others do not tend to have to that degree on these fields.

What will be next? That is the question which is not answered with the final quote, but it shows a much larger field then many considered “Compounding the potential financial conflicts at the NSA, Buzzfeed reported that the home of chief of its Signals Intelligence Directorate, Teresa Shea, has a signals-intelligence consulting firm operating out of it. The firm is run by her husband James, who also works for a signals-intelligence firm that Buzzfeed said appears to do business with the NSA; and Teresa Shea runs an “office and electronics” business that lists a Beechcraft plane among its assets” If you think it has no bearing then think again. As the requirements for data retention grows as stated in more than one nation, the clear limits to skills and people, which have been noted by me and several others to some extend over several months, where do you think these telecom companies will get the consultants and knowledge from?

These places refused to grow expertise when they had the chance, pushing the need forward again and again, now these consultants are pretty much all that is left and training in house staff will get a lot more expensive soon enough, good business is where you find it, and it seems that Keith Alexander and Teresa Shea saw that companies were painting themselves into a corner, they only had to wait until the first one realised that they had no place left to go.

The consequence came to them as easy as eating pancakes, the cherry they got for free!

Leave a comment

Filed under Finance, IT, Law, Media, Military, Science

Buying cheap intelligence goods

Well, another week, another story about the world’s favourite traitor Mr Edward Snowden. The latest information as shown by Sky news is that he offers Brazil to defeat US spying, but it starts with a permanent political asylum. So, Brazil would end up spending way too much on a person who is likely not fluent in any way in the Portuguese ways.

So, after he ‘walks away’ from China and as Russia seems to be a non-option, Brazil now gets a shot at buying that diamond in the rough for only $2.99. Is no one picking up on this?

My advice to the Brazil government is that if you want to secure your systems in a proper way, get someone with a decent University degree with additional papers and knowledge of Cisco systems. Both will allow for the implementation of Common Cyber Sense. Now, this might not stop US spying, but it will make it a lot harder for them. In the end, if a Brazilian official opens a mail with a ‘personalised’ letter from some sexy ‘Miss X’, hoping for a dinner date, then the worm that opens their security would already be installed again. So, your system might not remain that secure for long. Still, getting the proper professionals will help.

I just do not get it, a person that is regarded as ‘non-valuable’ in both China and Russia, is now hoping for some future in Brazil? I reckon that Brazil might not want these complications in any way or form. Do you think that IF Snowden was such an asset that there was not some ‘loophole’ in place where he would have been able to spend a permanent comfortable time in either Russia or China? America had been playing that game for decades (even for non-intelligence and zero economic value holding trained ballerinas). I see it in a more simple way. Snowden walked away with a treasure chest, there are plenty of issues on the validity of the bulk of what he had, but now that he is on the outside, that one chest will have to last him a life time. The strongest issue that seems to be ignored by EVERYONE in the press is on how the NSA failed to the extent that he was able to walk away with this amount of data, more important, who is he selling it to?

I am not talking about governments and their intelligence groups, but the commercial branch of many corporations who might want to take a deep look at all this data.

So here we are reading another iteration of the Snowden joke and at present the press seems to ignore many of the most common sides that we should worry about. Some might have read the statement that General Alexander gave. Funny enough, the issues he stated and the acts he described were close to identical to the issues that I mentioned no less than 5 months ago. Many of them were the paces that any IT professional would have seen. No, it is just so much sexier to just take over the issues the Guardian took to heart. I am not stating that what they wrote were not based upon ‘facts’, but the source is already proving to be extremely unreliable and even less bothered by the integrity he proclaimed to have. Also, when people compare him to Julian Assange, then consider that I still have my doubts about Assange, but at least he always remained on his horse of idealism, not one I truly support, but I get to some extent the windmill he believes that he had been fighting. It makes the two worlds apart and in case of Snowden in a very negative way.

So back to Snowden, what to do about him?

Although I am all for the ‘drastical’ solution we reserve for certain types, it is important to get him into the US (alive) and into the interrogation room. You see, he got a boatload of data out of a building that should not have allowed the opportunity for this to happen. Even though the American alphabet groups have their own issues as they used private contractors like Booz Allen Hamilton, certain security matters are now at the forefront of whatever they will try to do next. This is not an accusation against BAH, I am convinced that the bulk of these people are devoted nationalists and American patriots. I reckon 99.1% would never consider doing what Snowden did, this makes for a case that there are a few still walking around contemplating what Snowden did. We need to learn what weaknesses the NSA had. Not because we truly care that much (Americans definitely might), but if it happens there where they have an overwhelming budget of many billions, what issues can we expect to find when a light is brought on both the DSD and GCHQ? Let’s not forget that they get a combined budget less than 1% of what the NSA has at its disposal. I feel that direct treason is not likely to happen, but overall, there is the danger of intrusions and even the danger of data heists to some degree. It is that degree that will bear scrutiny. So the open question ‘How easy is it to get data out of the agency?’ is a question that needs to be addressed by several governmental parties.

So back to this Snowden fellow, when we see the LA Times (at http://www.latimes.com/opinion/commentary/la-oe-mcmanus-column-metadata-snowden-20131218,0,4977259.column#axzz2nqe1wbKe) we see other parts of this discussion. There are two quotes in this piece “Congress is debating several proposals to rein in the program, including a bill that would effectively end it.” This is of course a valid option, for one, the US is still a nation governed by laws, and Congress can put in place a policy to change it. Let us not forget now that the bad guys know (thanks to the Guardian amongst others) what is being done; only the stupid terrorists will get caught and they would have gotten caught anyway. The second one is a little harder to discuss “I cannot imagine a more indiscriminate and arbitrary invasion of citizens’ rights”, District Judge Richard J. Leon wrote in a blistering opinion. “The author of our Constitution, James Madison would be aghast.” I feel uncertain to agree with his honour Justice Leon. In the end citizens’ rights were never in danger, we could state that only terrorists were in danger, all were collected to see whether they were a terrorist or not. It could have been stated that if Senator McCarthy had access to these systems, would innocent people ever have been targeted? That is at the centre of this. There people SUSPECTED of communism were destroyed, here they are trying to find the real terrorists. In the end the McCarthy issue went a lot deeper, but at the core we have this notion, is it un-American to object to these methods (if you are an American)? There was never a case for innocent people. There is even the notion that criminals, drug dealers and others could never be gotten at through this way, it is a method to find the hidden dangers of terrorism. In addition, his honour should not forget that it was the legal branch that enacted the Patriot Act the way it was. It was for the most, the legal branch that ‘wallowed’ in ambiguity, which allowed for most of these far fetching ‘freedoms’.

It gets a lot more fun if we consider the article the Guardian published a month ago (at http://www.theguardian.com/world/2013/nov/01/nsa-keith-alexander-blames-diplomats-surveillance-foreign-leaders)

So as General Alexander answered: “the NSA collected information when it was asked by policy officials to discover the ‘leadership intentions’ of foreign countries. If you want to know leadership intentions, these are the issues,” the NSA director said. So basically, the NSA responded to questions by the policy makers. (perhaps the same policymakers who are now proposing a bill to end all this?)

So, who exactly is this pot which is calling the kettle monitored?

It is the Australian that gives us the final part (at http://www.theaustralian.com.au/news/world/us-nsa-spy-agency-is-split-on-snowden-leaks-deal/story-e6frg6so-1226783316594), which discussed a few parts last Monday. The issue of making any kind of a deal with Snowden should not be considered. “General Alexander said an amnesty deal would set a dangerous precedent for any future leakers.” The other quote, which came from Rick Ledgett who stated “Mr Snowden would have to provide firm assurances that the remaining documents would be secured“. This is an assurance that has no holding whatsoever. After the Chinese and the Russians were done with him as well as the Guardian, any ‘security’ to these documents is nothing more than a hollow promise. I personally find it disgusting that treason to this degree could end up being non-prosecuted in any way, shape or form. It is more than a dangerous precedent. It is an almost assured way for fake ideologists to take a roll at the casino for a few million and an optional new passport. It is a dangerous game that will hold long term consequences for all involved.

Leave a comment

Filed under Uncategorized