A cyber world in crisis
In the late 60’s I dropped way too much acid. One of the lingering side effects of overindulgence in LSD is an infrequent occurrence of something called a “flashback”. It’s a situation where the world turns upside down – bizarre and incomprehensible for a period of time, just like an original LSD trip. I have happily avoided one for a number of years. However, I currently must be in the middle of one of the worst I have experienced.
Let me describe it to you:
In my acid trip, China has, apparently, sucked up millions of extremely sensitive records about every U.S. Government employee for the past 40 years, including all military personnel (from five star generals on down), covert agents (spies – many of them entrenched for dozens of years in foreign governments), and all civilian personnel who ever received a government security clearance (weapons designers, military drone manufacturers, cryptographers, nuclear specialists, etc.). In addition, in a separate act, China apparently sucked up nearly half a million records of Department of Homeland Security employees, contractors and job applicants.
Simultaneously, believe it or not, Russia and China successfully decrypted all of the encrypted information about secret government programs that were in the possession of Edward Snowden. Basically, the beginning of the end of the world as we know it.
These barely believable facts, individually, should be enough to alert a person that they are in the middle of an acid trip. But all together? I could feel a bare knuckled bad trip coming on with a vengeance, and I had no benzodiazepines on hand to cushion the comedown.
A Crowd of People Turned Away
To make things worse, I read two news lines, one after another, just as I was hoping for a return to sanity. The first read:
“OPM (Office of Personnel Management) Spokesman Samuel Schumach reassures that there is no evidence that Security Clearance information has been compromised.”
This calmed me greatly, and gave me hope that all would soon be back to normal.
The second entry, however, read:
In spite of having no access to the requisite 30 milligrams or so of Xanax, I realized that all of the above, unbelievable as it sounds, was actually true (except for the Schumach mendacity). I was not having a flashback, no matter how hard I wanted to believe that I was.
Take a Trip: This Was Not an Attack
Now, dear reader, it’s your turn to see what a bad trip feels like. All that follows is true:
The Cyber Warfare “Pearl Harbor” attack (as this OPM attack is being called) did not happen, pure and simple. The event did not resemble an attack, nor was it an abortive attempt to attack. It was, admittedly, enemy reconnaissance of a very high order. And the obvious enemy spying that has been going on with regularity and depth that would surprise any non-hacker is clearly in full swing. But there was certainly no attack. The Government records were not stolen, destroyed, mutilated or even modified. If it had been a cyber attack from another sovereign nation – and one is certainly coming – every man, woman and child in this country would feel the impact as strongly as if a nuclear weapon had exploded in every town and city in this nation.
Understand this: The fact that this unauthorized access to the Government’s sensitive digital data was even noticed was due more to hacker incompetence than to Governmental vigilance. Fewer than one percent of unauthorized access to Government or corporate data is ever detected. Detection, in almost all cases is due to an error on the hackers part or, in some cases, a perverse desire on the part of the hacker to leave a calling card – “I was here suckers”. Barring these two options, it is not possible, with most currently deployed technology, to detect a competent hacker’s access to sensitive data.
The Horror of What Comes Next
Now I want you to imagine what all-out cyber warfare will look like. The attacker will first gain access to every piece of information within the victim country that the attacker deems critical. Keep in mind that this one hack alone has provided the enemy with every critical piece of information about every critical employee within the U.S. Government for the past 40 years. For some attackers, this alone might be sufficient to plan an attack. The Chinese, I believe, are far more clever and forward-thinking than to rely on such simplicity.
If it were me, for example, I would also want access to all of the U.S. power grid computers. I would want the codes necessary to guide and deploy the U.S. fleet of armed drones (oddly enough, a small child with a smattering of computer skills could take control of one – absolute truth). I would want access to and control of all US military and civilian satellites (again, not very difficult for the competent hacker). I would want to remotely control the movements of every civilian airliner (we certainly now know that is possible) I would want access to and control of all U.S. Fortune 500 company financial records (trivial for a competent hacker). I would want access to the records of every major U.S. banking institution. If you think these things are difficult or impossible to do, keep in mind that the U.S. Government’s most sensitive and critical data – more valuable, in the long run, than all the banking assets in the U.S., was just snatched up with no fanfare whatsoever.
The Beginning of the End?
This data among others, would allow a competing nation to do whatever they liked.
- They could empty your bank account and give the funds to a pauper.
- They could send emails on your behalf to anyone at any time and for any purpose.
- They could juggle everyone’s social security numbers and file taxes, make false police reports, buy and sell property.
- They could modify all past business and personal transactions.
- They could give one company’s customer contact list and all previous customer purchases to a competitor.
- They could activate our own military drones and bomb your favorite theaters.
- They could turn off your electricity.
- They could terminate all satellite transmissions and randomize your phone calls so that no matter what number you dialed you reached a random person.
- They could frame you for murder. And that’s just the tip of the iceberg.
- They could bring this country, this military, this civilization and political system to its knees.
What alarms me is that this country continues to monitor its own citizens and is now worried that its spy network has been unraveled. Get a clue America. The Chinese don’t care about our spy network! They don’t care about our military movements, or our political maneuvering or our plans. They just want information about what IS, so that they can take control of it. And they will if we don’t wise up.
Any Which Way but Right
We are told that much of the OPM data was unencrypted. The mere thought tips me back toward a bad acid trip. Unencrypted. Yes. Unencrypted. And if I can believe my senses, we are in the middle of the second decade of the 21st Century. What is wrong with this picture?
The only rational explanation is that somehow, over a period of a couple of dozen years or so, the water supply for every member of our government has been laced with a potent psychedelic. I fear that any other explanation would cause all of us, the citizens, to experience a mental breakdown.
Here is the truth of it: Our government has failed us. More importantly, our technology has failed us.
Nearly every adult member of our society carries with them one of the greatest spy devices ever created: our smart phones. They are susceptible to false mobile cell towers (Stingrays), to applications that ask excessive permissions, to malware of every description. Why? Because their fundamental design supports, more than anything else, the acquisition of data about its owner. It is information about us and our doings that is of paramount value. This design supports hacking as if it was designed by hackers for hackers. These devices are used almost universally by employees to access, at some level, their corporate or government employers’ data.
These corporations and government agencies, in turn, with few exceptions, are using intranets and security systems that were not designed to handle the massive holes that mobile computing creates. In addition, existing encryption algorithms are embarrassingly out of date, unwieldy, not user friendly and easy to crack using simple human engineering techniques. In short, we are waging war in the cyber age with the equivalent of rocks and sticks, and our only shield is a raised hand to protect our face. It is a tragic state of affairs.
Le Roi es Mort
Technology exists to fix all of these problems, but our governments and corporations are so entrenched in the old guards of security service providers – a sick, tired, old industry, too massive and slow to swerve and dodge in this new world of rapidly changing technology.
My own company, Future Tense Central, among a small collection of similar companies, has been developing applications and systems to address this new world, using new technologies that provide more than parity with the lurking threats to our cyber civilization.
Sttarx is our corporate diamond – the most secure intranet product on the market. It uses encryption algorithms that change keys at least once per second, in addition to containing proprietary techniques that 100 percent resist access from outside the net. It has, ironically, been certified by Homeland Security and it recently withstood a two Teraflop Distributed Denial of Service (DDoS) test at Troy University with no loss of data.
Dvasive is our mobile device application that locks all open avenues of access used by hackers and malware. These facilities should be included in the operating systems built into our smart phones, but they are not. Doing so would contradict the fundamental premise upon which these devices make money – access to your personal data.
BlackCert is our Web certification system. It is miles ahead of anything else and relies on advanced encryption.
Demonsaw is the first product of the new cyber age that uses Social Encryption – a new paradigm in the field of cryptography, based on shared knowledge and experience. The levels of abstraction and near infinite entropy of this encryption will only be hackable when thoughts within the human mind become hackable.
I am not attempting to promote my own products as the sole solution. There are a handful of similar small and nimble technology firms in existence that can also provide near magical solutions. The question is – do we have the time to shift an entire nation from the virtual Stone Age to the new cyber age before catastrophe befalls us?
Image credit: Joanna Lyn @backdoorviews, Wrong Bus By Seth Anderson via Wikimedia CC
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We are holding our third cloud startup showcase on Sept. 22. Click here to join the free and open Startup Showcase event.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.