Modern Information Warfare Hits Hard

2016 was just the latest in #cyberwar; and #informationwarfare attacks where even bills were introduced in Congress. It has been ongoing as long as there have been digital mediums and technologies; and information distribution technology. My company saw it happening last year and got more and more concerned as the election grew closer. We literally wrote letters to people in government, people at the DNC and elsewhere, basically yelling as loudly as we could that the #USA was being cyber and information warfare attacked.

 

As a cyber security, and weaponized information expert – it was all too clear what was happening. It has left a feeling of being sick in the stomach for a year now, and this feeling has not abated. Because it has not ended. For millions of Americans and millions of people around the world too.

 

The Unites States is witnessing both the worst and best it can show at once. The worst by all the traitors amongst us: those pretending we were not just victims of a non lethal act of war.

 

The best by all those in and out of government banding together to excise the cancer from the nation; regardless of the risks and dangers.

 

Some cyber and information warfare players have been better than others. Some have taken a longer term perspective than others. Nation states that have invested heavily into cyber technologies and offensive information warfare technologies are multiplying every year.

 

It is not just the domain of: Russia, Iran, North Korea, China, Ukraine, the UK, France, USA and other large or technologically advanced countries. It is now the domain of any country who decides to invest in the people and the technology and take a longer term view than the average hacker for hire.

 

Sun Tzu believed that “all warfare is deception,” — but where does that leave the average person; who does not understand they are caught up in forces through control of information; that they can neither understand or ever hope to control?

 

I spoke at the US Army CyberTalks in NYC in 2016 on “Global Cyber Security on Earth and in Space.”

One of the points I made; was that almost all of our lives are not just locked up in databases in offices or on the cloud somewhere. But indeed, flying through the ether every millisecond of our lives. Hundreds of companies; and dozens or more countries have the capabilities to hack into it, to manipulate it, change it and even delete. 24 hours a day, with lots and lots of ways for data to be intercepted, changed, made into FUD. (Look it up – means F*#$ed Up Data) – or just simply deleted. Not to mention when the data flying through the ether becomes weaponized by either a Nation State or a Company or a bad actor group or individual with ill intent.

The implications on the types of information warfare that Russia is enacting on the US and the Western Coalitions; is that it is multi level, persistent, and consistent. It is coming in through a combination of weaponized social media, fake websites, fake news, automated bots as well as hacking, intrusions and exfiltrations of data that then become weaponized. It is happening in multiple countries, with a huge budget and thousands of people behind the execution of it. This was the path the Russians took in 2016: a multi pronged effort, all across the United States, focused on Federal, State, and Local authorities. This included national and state political leaders, parties and their allies, as well as election vendors and election technology across the spectrum.

To be extremely clear, the efforts that Russia leveraged as non lethal acts of War against the USA – are still ongoing. They never stopped. Indeed, 2016 was just a continuation of Russia’s long game in cyber and information warfare.

So now we need to take action steps as a country to come together. We need to put aside political partisanship and simply deal with what we have to deal with in terms of investigations and cleaning house. Of all those who played a role in the greatest act of treason since Benedict Arnold tried to give West Point to the King’s Army. All of the people in the United States who played any part in supporting this treasonous Act of War should pay.

Just like General Arnold did.

This is a time for the decision to be made. Are you Partisan, and metaphorically selling out West Point by supporting those who sold out the USA to Russia?

Or are you a Patriot — and going to fight for your country to not disappear by virtue of some digital exhaust of ongoing, persistent information warfare + cyberwar?

Nathan Hale was America’s first spy to be killed in action. When being hanged by the British – he is reported to have said this most famous quote: “I only regret that I have but one life to lose for my country.” Hopefully none of us have to be in such a dangerous position. But we are in a place in history where Patriots are already at work, saving our country.

What are you?

 

*When your kids ask you what you did to stop this non lethal act of war, what will you say?*

Digijaks CEO Speech at US Army CyberTalks NYC

 

Global Cyber Security On Earth + in Space

Networx

**Excerpt from a talk by Digijaks CEO Alan W. Silberberg at the 2016 GEOINT Symposium.**

When you think of Cyber Security you probably think about your iphone getting hacked, or your email, or your companies servers, or your credit card, or bank card or health care, or banking, or government information plus so many others…

But did you ever stop to think about how a huge chunk of all the data populating all those things actually gets there? Not in the sense of how Google asks prospective employees to describe how the internet works. But close. Think Space.

Satellites are massive growth industry, for both government and business alike. We have scaled globally from a situation 20 years ago where only a handful of countries could afford to mount in orbit operations on even one satellite.

Now there are literally thousands of satellites in space with more and more getting launched into either permanent or semi permanent orbits — along with resulting real space junk and debris following closely along.

There is a correlation of increased launches with smaller launch packages, increasingly smaller and lighter satellite platforms and lower cost; with massive increased consumption and transport of data in both up and down link; and other bands.

All of this has led to a reset of the cyber security needs surrounding ground stations, launch facilities, terrestrial platforms, satellites, rockets, and of course the data. There are multiple types of data flowing into the typical modern communications satellite. Up-link, down-link controls and management software, then data payloads of voice, video, data, etc + then often reversed in direction again. Add to this the security levels, the control levels and maintenance levels — and there is a digital river of information coming in and out of every satellite, ground station and in between.

This is one of the major targets for global cyber war efforts by governments as well as cartel hacker groups and other groups seeking only power and information to then bring money.

One of the key weakpoints is the people on the ground and their BYOD (Bring your own device) methods + practices – whether sanctioned or not.

Along the same lines is the social engineering side of hacking and cyber war and how people’s pictures, social media posts, location tags, and other digital exhausts can be combined in a detailed matrix for an attacker to figure out organizational patterns, phrases, colloquialisms and other ways to use psychology against us.

Another key weakpoint is that many of the cyber security protocols designed for this global data transfer every milli-second is that they are simply outdated and not up to the task of modern efforts to hack and crack this technology and its safeguards and firewalls.

Follow my remarks in a few more weeks to hear more on the very real risks being posed by the explosion in satellites and data flowing between Earth and Space. Indeed, Global Cyber Security is on Earth + Space.

 

Cybersecurity Dilemna -A Conundrum-

 

co·nun·drum
kəˈnəndrəm/
noun
noun: conundrum; plural noun: conundrums

a confusing and difficult problem or question.
“one of the most difficult conundrums for the experts”

This is the conundrum of the digital age.

One one hand executives of a company will be the first to state they think their systems are secure, and if there are any problems they are small.

or

Maybe they think their information, data and business relationships are not important to hackers because, “too small”, “not on radar screen”, or “we have nothing worth taking.”

But both of these are clearly conundrums:

  • The first is pretty basic, if you think you are secure but have not brought in outsiders to test your systems and people and facilities, then how do you know?
  • The second is also pretty basic, if you think you have nothing to lose, then you might not take stringent security steps necessary, thus making your organization ever more vulnerable.

But- and this is actually more like a because — Organizations have to think and act pro-actively when it comes to cyber security and privacy. True for people too. If you think you have no cyber weaknesses than you do. If you think you have nothing to lose, than you do. If you think no one is interested in your organization because it is too small or not on the radar screen, than you are wrong, and they are.

Now is actually the time to assess your organization’s situation, and that of your people too. Do it now before you get hacked or breached. Because you will get hacked or breached. Be prepared. Don’t be caught behind a truck that just ran over your business and people.

My company Digijaks sees a lot of these types of issues with clients. Preventive medicine works, in healthcare and cyber security. Both need daily hygiene and maintenance and both also need updates, checkins and repair work too.

Emergency Social Media and You in Crisis

Many people must feel the 2015 holiday break could not have arrived soon enough what with terrorism, crazy weather and other events that get covered rightly or wrongly in social media. While these can be scary and confusing times, they can also be times to educate, learn and help one another to understand a new reality we are all living in now.

There are specific tactics and strategies for understanding how live events unfold in social media and these can be instructive to the general public about what you are seeing and when, during events like these past weeks that we have all experienced. Real life events almost always flow to the internet in a micro second. Knowing how to tell the difference between truth and fiction could be critical to saving your own life of that of your family in a real life emergency that is also happening on social media.

So below are general truths about live events that unfold in a digital realm and in real life.

General Truths:

  • In any emergency in the digital age, there are three things that happen. The first is the incident itself. The second is the round of rumors, untruths and outright lies that get spread at the speed of email, phones, sms and of course social media. The third is the round of truth, where all the earlier rumors, untruths and outright lies now have to be dispelled.
  • The fear factor is something we all face. Some deal with it better than others. This fear factor only gets enhanced by constant updates, notifications and of course, people checking social media non stop during emergencies/crisis/terrorist attacks.
  • Truth and Veracity in information sharing, whether in person, on the phone, through email and on social media are paramount in times like this. Do not be the one spreading false or unverified rumors. Do not be the one sharing non-verified *news*. These actions can cause panic, can cause a response from authorities in the wrong place and more importantly can add to the sense of fear that already exists in events like these.
  • As members of a community it is extra important for us to not be sharing false information, to be extra calm and careful with facts and to have vigilance with the news and information; and especially that our kids are getting access to. Help them. Make sure they are both understanding the facts, and not mis-truths; and that they are not responsible for sending or sharing false information.
  • Even the media can rush to judgement in a situation like this and often times reporters will start referencing tweets and other social media. Many times the sourced social media is not a verified source, so even the news media will get it wrong in these situations. So it is up to you to take the extra couple of minutes to *verify* information, especially any information being provided to your kids or others’ kids.
  • Just because you heard/saw/read something *DOES* not make it a fact, especially in a crisis situation. DO NOT JUST SHARE ANY RUMOR OR ANY STORY. CHECK. INVESTIGATE. THIS IS FOR THE SAFETY OF YOUR FAMILY AND THE COMMUNITY.
  • Be aware that your kids may be getting wrong information/scary information from the internet, from social media, from the chats in games and from their friends. Work with your kids to understand the importance of getting to the facts, and not sharing what could be dangerous information. Same is true for the adults in your lives. Social media during emergencies can make normally calm people get very nervous and then they spread that nervousness by posting wrong or misinformed information in their zeal to make themselves feel better about the situation,.
  • Be aware that not all technology will always work the way it should. Sometimes you may get called, sometimes you may not. Sometimes you may get an email, sometimes you may not. So build up a quick reference of social media accounts that you trust and are verified. Create a list of these, and keep it on your computer or device.
  • Be prepared. We have all hopefully created safety plans for our businesses, community groups and families in case of emergencies. Do the same for digital emergencies. Know where to look. How to find what you need. How to dispel rumors that can be dangerous. Create a digital emergency family plan, and teach it to your kids. Practice it before something happens so it is not something to worry about, but rather something that becomes instinctive and instructive.

I created an emergency social media list on twitter with accounts that are both trusted and real. I suggest you do the same and keep that list handy.

Make a list of your local real life emergency providers websites, twitter accounts and other social media tools. Use them to verify information and dispel rumors.

Cyber Reputation Management and Control

BAM!  There it is.

Right in your face one morning when you check your social feed as news.

That nasty little something that someone, a bot, or a person, or maybe both left for you overnight. It is a digital take down. A bad blog post. A social media meme that is being unanswered or purposely pumped up to discredit you, your company or organization or your brand. Or maybe it is a false allegation. Or paid fake bad reviews that your competitors put up.

Face it. The Internet is a hostile place for your reputation and your brand, whether that is personal, corporate or government. The control and management of your reputation start and end with you. As we enter 2015, it is worth paying attention to, in fact it is important to take stock of your online reputation, the management of it and the control of it. It is yours. Not anyone else.

The — Internet, social media, the cloud, mobility, bring your own device, artificial intelligence, autonomous computing etc etc — all are really cool buzz words. All come with prices to pay that include the constant need for personal, corporate and government level cyber security, reputation management and reputation control.

Our top 10 List of Ways That Cyber Security, Social Media and Reputation Management and Reputation Control all mesh together.

  1. Social Media — is the entrance point for viruses, malware, malformed links, phishing and learning enough about someone to turn around and destroy their reputation.
  2. Mobility — allows for instant access to social media, email, sms, cloud and phone, and video, as ways to tear down a brand or reputation. It can happen anywhere, at any time, by anyone around you holding a smartphone or smart watch or smart glasses.
  3. Cloud — allows people to store information quickly and easily. This can be for phishing, for cyber crime, for reputation destroying or extortion. Images and videos, poems and documents and your complete online profile can be easily harvested by smart people and or bots and then turned around against you. What information are you allowing out or putting out to make it easier to be attacked? Or easier to have your reputation tarnished or that of your brand?
  4. Bring Your Own Device (BYOD) — While fun and easy for users and your employees BYOD brings a whole fruit basket worth of cyber security and reputation management and control issues along with it. BYOD allows users and employees to access the internet and social media channels without approval or notice from the employer. A reputation can be destroyed in an instant with a recorded conversation, a video, an errant email or sms, or worse corporate espionage and cyber crimes can be instituted easily with BYOD.
  5. Artificial Intelligence — The name alone. What does it mean? How can artificial intelligence (AI) bots or autonomous computing affect your cyber security and reputation management and control? In so many ways we are just beginning to understand.
  6. Lazy People — Sorry but many times the malware or the phishing or the destruction of reputation starts with someone simply being lazy, not having security and privacy settings attended to, and or worse letting someone else use their login credentials.
  7. Your Competition — They have access to the same tools you do. They can buy hackers, they can buy reputation destruction; they can attempt to steal your trade secrets; they will try to insert bad people into your organization at every level. (See 8 below.)
  8. Bad People — No good, no ethos or morals. These people do not care if they harm you. They seek to. These come in the form of social media contacts or email phishing all the way through HR, interviewing, shadowy financiers and content theft propagators from online goods. They will use any and every tool out there to disrupt your business, to destroy your reputation.
  9. Posting stupid pictures of yourself — on to any website regardless of how safe you *THINK* it is.
  10. Not checking the health and welfare of your own digital reputation and brand.

Copyright © 2010-2015 Digijaks, LLC

#IoT Security Is Just Not.

A few weeks ago I wrote this piece about #IOT Cybersecurity and how it affects personal and brand reputations. I got a lot of criticism for basically speaking the truth. I appreciate all the tweets, emails and Linkedin posts engaging on this piece, including all the people who attempted to say I was wrong.

But the points raised in that piece are simply the opening salvo in a multi front disruption. The disruption is NOT IoT. The disruption is to switch from product leading first with security as an afterthought in the rush to go to market. What needs to change is the mindset to build in design security from the beginning,

Last week I sat on a panel at the California Cyber Security Task Force meeting. The panelists were all cybersecurity experts, from across the field, including homeland security, penetration testers, strategy and policy. When it came time to talk about #IOT Internet of Things, we were all asked what people thought about the current state of cybersecurity in IoT.

The answer from the entire panel was: THERE IS NO SUCH THING AS CYBERSECURITY AS OF YET IN THE INTERNET OF THINGS.

Think about that for a second. Or maybe longer. Sure there are a few Iot devices that do offer some level of security. But often, as was raised by one of the other panelists, that is simply writing a marketing statement to the effect of “We take your security very seriously.”

But most IoT devices do not provide any real security, and many are simply copies off other IoT devices that also have no security. Then you have to add in the problem of the unsecured devices talking and sending your data to other non secure devices and or third party companies.

The disruption has to be the switch from rush to market with little to no thought about security — to one where security is built in from the design level up and where devices are not put on the market without first being hack tested every which way to be able to prove their security credentials. Otherwise, we are all simply at very real risk. In part because of the inattention or even stupidity of others who do not think this is important; or in the rush to market skip cybersecurity completely — or just write a lame #fail marketing statement about how they value your security.

Because. Not.

Alan W. Silberberg, CEO of DIGIJAKS

Reputation Control for Kids by Social Media, Search Results

In Digijaks daily course of business with reputation management we come across a lot of people (adults) who have seen their life get turned upside down because of something appearing in search results that negatively affect them. This happens so much, and so often it has created a whole industry to deal with it. Search results leading to problems to people happen for many reasons. I recently wrote about this problem on the Huffington Post as it relates to adults.

But this same correlation exists for kids, for families and the same problems may arise, but with lifelong implications. Imagine being an 11 year old who innocently posts a picture or a quote or a poem or a location, thinking nothing of it. Fast forward 6 years to college applications. You can be very sure college admissions officers are carefully looking at social media, at search engine results and other digital mediums to find reasons to say no. The same is true for private high schools; and employers, the military and many others.

We all need to work with our kids to help them understand the direct linkage between social media use and search results that can and will last a lifetime. This affects a lifetime of Reputation Management and Reputation Control efforts that need to start at a young age.

Basic steps:

  1. Have a family discussion, and make it more than one time; about the critical relationship between posts on social media, search results and your children’s future.
  2. Be constantly on the lookout for pictures, quotes, links to offensive material and other social media faux paus that might be innocent in nature but can lead to lifelong difficulties.
  3. Set up Google Alerts in your family’s name, your name, and your kids name. This will alert you when posts from social media land in search results, and also when other websites pick up that material.
  4. Set up a family social media plan that includes rules and guidelines for what your family feels is appropriate, ethical or morally ok to be posted onto the internet.
  5. Remember that nothing that gets posted on the Internet is only in one place. Once posted, it will be replicated on multiple servers, and therefore can keep coming back in search results even if the original post is taken down.

Cybersecurity: Now the Crossover from Cyber to Real Life

Reputation Control and Reputation Management
Cyber Security, Social Media, You.

Cybersecurity used to be be the geek’s eagle’s nest. it was hard to understand, hard to get to, hard to see the impact and need often times. If there was a CIO or CISO, he/she would not be in the board room too often, and usually the budgets were the first to go in any budget change environment. But the cycle switched. Now we are in the opposite cycle. The CIO and CISO are ruling the roost and commanding serious budgets and attention. But being missed in all the excitement is this:

The Crossover from pure cyber crime to real world crime from the same instance.

It is safe to say, times have changed. Now – Cybersecurity has become a word known in almost any home where there is digital connectivity. Time and time again, we are offered proof that cybersecurity now encompasses reputation management; active control of search and social media as well as the traditional hardening of data access points, transport points, and login authorities. Cybersecurity itself has become such a buzzword that it threatens to create a numbness for people hearing it and responding to it.

Recently Digijaks has worked with multiple clients who have faced the crossover from Cyber Security to Real Life Security. It is our recent experience that shows us that law enforcement is *mostly* unprepared for cyber crossover attacks and does not yet have the substantial depth of understanding of the relationship between social media, cyber security and real life people.

The connections are impossible to overlook. What starts as a cyber threat, like impersonation of another; brand or trademark attacks, social media memes and fake social media sock puppet accounts — can now easily and does easily cross over into real world crimes.

The real world crimes escalate too, often in parallel with online escalation. In our recent experience in dealing with the crossover, most law enforcement agencies of *all levels* are simply not prepared to cope with this reality, and have few to zero people in place who are trained investigators and can assist the public, or corporations or utilities or governments with cyber cross overs.

Digijaks CEO Alan W. Silberberg is advising both the company’s clients and law enforcement agencies to take these “cyber cross over” events seriously. There is growing evidence amounting that shows that real world crimes are becoming easier in some ways and can be facilitated through initial cyber intrusions, whether phishing, trolling or direct digital attacks.

This is leading people who were previously *only* cyber criminals or terrorists to become real world ones too, often at little to no monetary cost. We see this a true emerging threat, as yet mostly being unaddressed either at the Federal or State levels, and a threat that is most acutely faced in local communities who very definitely are not prepared.

Reputation Control. Cybersecurity. Recent OPM Hacks and You.

Reputation. Is hard to get, hard to maintain, hard to control; especially in an era of hacking by governments and criminals alke.

Cybersecurity is something many people long put off as a back burner decision, or lower funded priority, but in actuality is a critical need, now at the forefront of many leaders’ thinking due to the sheer number and audacity of the hacks from 2013 forward. There is a distinct triangulation between reputation control and cyber security and search results. The more things get hacked, the more information flows onto websites, both for sale, and for free, and the more the search engines index these results. Digijaks’ CEO Alan W Silberberg has written about this triangulation before as it relates to cyber security and how we all need to look at the this inter-relationship, and it’s effects on all of us.

The recent OPM hacks were so huge, the numbers are simply staggering that it is hard to process for most people, especially “regular people” who feel this does not affect them or their friends or family.

But in addition to the 21+ million social security numbers that were stolen in the OPM hack, so were over 1.1 million sets of people’s fingerprints. People who serve the US Government in all sorts of capacities, some secret, some not. So in addition to the notion of identity theft through the means we have become unfortunately accustomed to, like credit, social security and personally identifiable information (PII) — we now have to contend with the theft of biometrics.

It means every citizen, whether they believe the OPM hacks relate to them or not, have to start taking on steps to protect themselves. When a nation state can combine vast databases of personal information with biometrics for some of those same people; it means that nation state, or proxies or vendors it sells to could become one of us through surreptitious methods. It means identity theft is potential on a massive scale, as is exploiting people through their information in security clearance documents or medical records.

It means the push to make encryption weaker or illegal should actually be reversed to become a push to make encryption a standard for citizens; and one that is supported by our Government ln light of attacks and theft of information from tens of millions of US Citizens. The US Government through the Congress should adopt stringent laws making it hard not to encrypt personal information.

It means, think about what information you put in the cloud. Think about what information you put in social media. What information you never put into digital form. It means think about carrying a second and or even third form of identity in case you are ever challenged with not being you.

Reputation Control and Reputation Management
Cyber Security, Social Media, You.
%d bloggers like this: