See the video below.
See the video below.
2016 was just the latest in #cyberwar; and #informationwarfare attacks where even bills were introduced in Congress. It has been ongoing as long as there have been digital mediums and technologies; and information distribution technology. My company saw it happening last year and got more and more concerned as the election grew closer. We literally wrote letters to people in government, people at the DNC and elsewhere, basically yelling as loudly as we could that the #USA was being cyber and information warfare attacked.
As a cyber security, and weaponized information expert – it was all too clear what was happening. It has left a feeling of being sick in the stomach for a year now, and this feeling has not abated. Because it has not ended. For millions of Americans and millions of people around the world too.
The Unites States is witnessing both the worst and best it can show at once. The worst by all the traitors amongst us: those pretending we were not just victims of a non lethal act of war.
The best by all those in and out of government banding together to excise the cancer from the nation; regardless of the risks and dangers.
Some cyber and information warfare players have been better than others. Some have taken a longer term perspective than others. Nation states that have invested heavily into cyber technologies and offensive information warfare technologies are multiplying every year.
It is not just the domain of: Russia, Iran, North Korea, China, Ukraine, the UK, France, USA and other large or technologically advanced countries. It is now the domain of any country who decides to invest in the people and the technology and take a longer term view than the average hacker for hire.
Sun Tzu believed that “all warfare is deception,” — but where does that leave the average person; who does not understand they are caught up in forces through control of information; that they can neither understand or ever hope to control?
One of the points I made; was that almost all of our lives are not just locked up in databases in offices or on the cloud somewhere. But indeed, flying through the ether every millisecond of our lives. Hundreds of companies; and dozens or more countries have the capabilities to hack into it, to manipulate it, change it and even delete. 24 hours a day, with lots and lots of ways for data to be intercepted, changed, made into FUD. (Look it up – means F*#$ed Up Data) – or just simply deleted. Not to mention when the data flying through the ether becomes weaponized by either a Nation State or a Company or a bad actor group or individual with ill intent.
The implications on the types of information warfare that Russia is enacting on the US and the Western Coalitions; is that it is multi level, persistent, and consistent. It is coming in through a combination of weaponized social media, fake websites, fake news, automated bots as well as hacking, intrusions and exfiltrations of data that then become weaponized. It is happening in multiple countries, with a huge budget and thousands of people behind the execution of it. This was the path the Russians took in 2016: a multi pronged effort, all across the United States, focused on Federal, State, and Local authorities. This included national and state political leaders, parties and their allies, as well as election vendors and election technology across the spectrum.
To be extremely clear, the efforts that Russia leveraged as non lethal acts of War against the USA – are still ongoing. They never stopped. Indeed, 2016 was just a continuation of Russia’s long game in cyber and information warfare.
So now we need to take action steps as a country to come together. We need to put aside political partisanship and simply deal with what we have to deal with in terms of investigations and cleaning house. Of all those who played a role in the greatest act of treason since Benedict Arnold tried to give West Point to the King’s Army. All of the people in the United States who played any part in supporting this treasonous Act of War should pay.
Just like General Arnold did.
This is a time for the decision to be made. Are you Partisan, and metaphorically selling out West Point by supporting those who sold out the USA to Russia?
Or are you a Patriot — and going to fight for your country to not disappear by virtue of some digital exhaust of ongoing, persistent information warfare + cyberwar?
Nathan Hale was America’s first spy to be killed in action. When being hanged by the British – he is reported to have said this most famous quote: “I only regret that I have but one life to lose for my country.” Hopefully none of us have to be in such a dangerous position. But we are in a place in history where Patriots are already at work, saving our country.
What are you?
*When your kids ask you what you did to stop this non lethal act of war, what will you say?*
#Digitaldiplomacy and #Cybersecurity on a Rough Patch in 2017.
The last several years have seen an explosion of digital diplomacy tools and techniques. This is driven by an ongoing growth in technology platforms; and social media combined with the increased numbers of world Governments adopting open data and open government principles. There has also been a parallel explosion in fake social media, fake news and fake information being propagated globally.
The effect of the combined forces is that cybersecurity is now playing an even more vital role in digital diplomacy. Where digital diplomacy just a few years back was between recognized principals of Governments, now there are lots of other players trying to make that communication much more failure prone.
Additionally we now have leaders using Twitter and other tools to communicate directly with each other and or to directly go around the news media. Just in the first few months of 2017 alone, we have witnessed multiple world leaders using Twitter to speak in ways that are different from the stated policies of their countries, or to put pressure on other countries through this most public of mediums.
There have been recent successes and failures. I wrote about some of these a few years back. We have also seen a tremendous growth in what I call “anti digital diplomacy” thru the concerted use of fake social media accounts, fake news websites, and fake statistics designed to make the role of real diplomats much harder. While some of this is innocuous, much of it is organized and part of larger cyber deception plots being run by larger nation states.
Western European countries are currently experiencing the same types of digital attacks on their electoral systems, including the use of selective leaking of compromised materials that the US experienced in 2016. Which means that hacking, and hackers have been deeply involved too. One does not get compromised materials without someone first doing the exfiltration of the information from its original home.
Which brings the question of what role cybersecurity needs to play in digital diplomacy? It is a dynamic situation now with asymmetrical threats and increased attack surface area affecting the very direct communications that digital diplomacy allows.
Governments, Diplomats and the media alike need to be trained and continually updated on how to spot fake accounts, fake news, fake websites, and how to ensure only officially verified information is being transmitted through the digital diplomacy channels. Additionally steps need to be taken on dealing with constituents and the news media to ensure that fake information is put down quickly with the truth and facts to back it up.
Diplomats across the globe have already been caught up in re-tweeting fake news or getting trolled by fake accounts. But there needs to be a verification role too, that is played with the public, especially in terms of proving the falsity of fake information being purposely distributed.
Further, steps need to be taken to lock down accounts with two factor authentication, very strong passwords and strict internal organizational controls on who uses the digital diplomacy tools and how. Cybersecurity needs to be incorporated into every decision and every level of communications, both internally and externally.
Finally, Governments and Companies around the world need to adopt a rapid response routine to deal with both fake news and fake information coming from non-official sources, as well as from official sources or official twitter accounts. The World now has several leaders who seem to want to try to use Twitter to go around their local politics and news media and or tell the world an un-true or incoherent story. If Diplomats are not ready to respond to falsities or cyber-attack driven leaks quickly, then they will be playing a constant game of catch up. True for the news media and global citizens alike.
noun: conundrum; plural noun: conundrums
a confusing and difficult problem or question.
“one of the most difficult conundrums for the experts”
This is the conundrum of the digital age.
One one hand executives of a company will be the first to state they think their systems are secure, and if there are any problems they are small.
Maybe they think their information, data and business relationships are not important to hackers because, “too small”, “not on radar screen”, or “we have nothing worth taking.”
But both of these are clearly conundrums:
But- and this is actually more like a because — Organizations have to think and act pro-actively when it comes to cyber security and privacy. True for people too. If you think you have no cyber weaknesses than you do. If you think you have nothing to lose, than you do. If you think no one is interested in your organization because it is too small or not on the radar screen, than you are wrong, and they are.
Now is actually the time to assess your organization’s situation, and that of your people too. Do it now before you get hacked or breached. Because you will get hacked or breached. Be prepared. Don’t be caught behind a truck that just ran over your business and people.
My company Digijaks sees a lot of these types of issues with clients. Preventive medicine works, in healthcare and cyber security. Both need daily hygiene and maintenance and both also need updates, checkins and repair work too.
Ah, the Internet of Things.
Just the sound of it sends thrills, chills and huge question marks through both technologists and regular people alike.
Just think, you can already do the following:
I could go on with this list. But why bother?
The Internet of Things, or IOT as it is called in the media, by analysts and techies alike is an amorphous concept and does not easily translate into everyday speak for the average person.
There are cybersecurity concerns with the overlapping inter-connectedness that are growing exponentially by the month; as more and more devices come on line, get connected to the Internet. Many if not most have little to zero security protocols built in.
There is no current “IOT cybersecurity standard” or anything close. As a result, the apps and tools that seemingly make your life so easy, are in most probability leaking, if not pouring personal information about you or your family onto the internet in ways you may or may not be aware of.
There are reputation control and reputation management issues arising from both the above mentioned inter-connectedness as well as from some basic common sense things that come from having devices connected to the Internet and talking to “home” or each other in ways that also reveal identity, location and other personal information. Some of these IOT apps and tools even tweet or post other social updates for you as reminders, alerts and other pushed out information into public or semi public arenas.
So ask yourself 5 Major IOT for Reputation Questions:
We live in a hyper-connected world that brings the globe to you; and you and your family to the globe at equally fast speeds. While on one hand, any one of us can access the internet, through any number of tools, platforms, technology and software and almost any combination too. But on the other hand the internet can and does access us, and all of our information, every minute of every day. Probably more than you and your family access the internet.
One thing that is growing in need and in reality is the international and cross cultural aspects of Cybersecurity. For example, businesses and governments alike in the US and in Israel face similar challenges within similar robust telecom and economic environments. 15 years ago the idea of US and Israeli Cybersecurity companies working together seemed remote or exotic. Speak to anyone in Cybersecurity, and it won’t take long for the Israeli Cybersecurity community to come up. True for Venture Capital in Israel too.
Dr. Orit Mossinson, a Venture Capitalist + founder of Dalai VC – A VC firm that specializes in Cybersecurity – had this to say: “Bringing Israeli Cybersecurity companies through capitalization to becoming the leading edge of how to combat cyberwar efforts, is just beginning. Over the next few years there is going to be massive growth in this unique space.”
My company Digijaks is constantly working with businesses and governments on Cybersecurity. What applies to big business or governments applies to people and families mostly too. That is true in the USA, Israel, UK, Canada, Japan, Singapore, etc, or any nation considered 1st world with full internet access.
Within as long as it takes to blink an eye, you or your family can get caught up in a Cybersecurity breach leading to a Reputation and search breach. It does not take much, and is not the sole domain of big companies being targeted. Ask yourself, do you have wifi? Is it secure? Do you have devices? Run a business? Pay taxes? Do Online Banking? Any of the above could be the entry into your life by a hacker.
This might sound hard to believe in the era of downloadable feature films in a few seconds and the huge amounts of data coming “down” the “pipes” to our devices. But for every bit of data coming in; we are pouring it right back through apps, games, web browsing, file uploading, liking, tweeting, sharing, and videos and not to mention the IoT — as in your tweeting fridge and internet sharing toaster. Don’t even get started on the lack of cybersecurity for IoT globally. Because there is none. Or very little of note.
There just is not any in most of those devices or apps yet. Don’t kid yourself or mistakenly think you or your families are not being monitored and watched through the IoT. The more devices you have connected, the scale of magnitude of potential monitoring and watching is exponential.
Several years ago the digital exhaust of the average first world person with access to the internet was less than 1000 data points per person roughly. Now scale upwards and it is closer to 20,000 data points per person in their digital exhaust. How many companies are tracking these, and or reselling them to other groups? How many governments? How many hacking groups? Extortionists? Kidnappers? Digital Money Robbers?
When we get invited to address groups about Cybersecurity, they always want to know about their specific devices. Is this safe? Is that dangerous? Cybersecurity is one part hardened data, encrypted data and secure data transport. It is also one part human. Increasingly so, with socially engineered attacks such as phishing and drive by malware hosted on social media or in apps. The human element is about training employees, about families working with each other to be private and safe online and is about the fact that humans will and can get tricked by their own emotions and desires. This is what makes social engineered attacks so pernicious.
They are not about weak data points or lack of encryption. They are about our human frailty and how it gets exploited by digital tormenters.
Think about it. What if a Stuxnet-like custom designed cyber war tool; were to take out all the SCADA devices in a particular city? Or take out a particular industry like oil and gas or electrical generation; or at 50 hospitals at once? The problem is every unsecured SCADA device is also listed in multiple places to be publicly found on the internet, not even the dark web. 7 million + devices, terminals, industrial control centers, power plants, factories, utility grids and transportation and information networks are to be found just by searching.
Bring the best of the best together and create new environments in which they can work together to stop a global scourge of cybersecurity breaches and the resultant reputation and search breaches that follow every attack. True in the USA and true in Israel. The world is looking at the very beginnings of a 3rd World War. This one is invisible mostly, harms people in real life sometimes, yet is being conducted by numerous countries, companies, and criminals all at once against each other. Now is the time to start combining the best of the best and the brightest.
Many people must feel the 2015 holiday break could not have arrived soon enough what with terrorism, crazy weather and other events that get covered rightly or wrongly in social media. While these can be scary and confusing times, they can also be times to educate, learn and help one another to understand a new reality we are all living in now.
There are specific tactics and strategies for understanding how live events unfold in social media and these can be instructive to the general public about what you are seeing and when, during events like these past weeks that we have all experienced. Real life events almost always flow to the internet in a micro second. Knowing how to tell the difference between truth and fiction could be critical to saving your own life of that of your family in a real life emergency that is also happening on social media.
So below are general truths about live events that unfold in a digital realm and in real life.
I created an emergency social media list on twitter with accounts that are both trusted and real. I suggest you do the same and keep that list handy.
Make a list of your local real life emergency providers websites, twitter accounts and other social media tools. Use them to verify information and dispel rumors.
Every day we hear of more stories of people’s Reputation getting smashed instantly online. On a personal level it just plain sucks, and causes mounds of heartache, headache, paperwork, and costs. To a business or a brand, there are risk mitigation and compliance issues, trademark defense costs, and reputations getting taken down, despite having been built up over years or decades.
It could be any trigger. Even, a mistaken identity or you share the same name as someone who gets in trouble.
Or it could be malicious from criminals, or cyber hackers looking to steal your identity, or file false tax returns to claim fake refunds, or to make it appear you were the one who did something when in reality it was someone pretending to be you.
The problem is multifaceted in that it can come from almost any angle, and happen at any time relatively instantly thanks to the linkages that exist between content, social media and search. Digijaks’ CEO has written about this triangulation before as it relates to cyber security and how we all need to look at the this inter-relationship, and it’s effects on all of us.
It is extremely important to understand that your real life – offline, not digital experiences now can and will be instantly transmitted by others, with or without your knowledge and with or without your consent.The little every day things, from getting coffee to getting dressed, to private conversations between two people are suddenly potential fodder for instant intent smearing, reputation trashing and persistent online harassment. Just because someone else had a smartphone on.
This is without writing harsh or bad emails, or saying inappropriate things, or doing illegal or immoral things. The above is just for the regular people who now find themselves in the daily potential trap of someone else deciding to make an internet mockery of them. Just Because. But then, there are the people who are out there willingly doing things to disrupt their families, their businesses, and themselves. There is an entire group of people doing these things every day, hoping no one will post their baggage online and trash them. Some even think it can never happen to them. They are above recrimination or above being outed for whatever proclivities they engage in.
Digijaks offers boutique solutions for high impact individuals, brands and organizations to deal with the combination of cyber security, social media and reputation management and control. We see and hear all kinds of stories. Those from people who are completely innocent and just get caught up in something a bad person did. Those from people who admit to making mistakes and now are working to try to fix the damage or prevent it from happening. Then there are those who just think things will never catch up to them. But they do.
The reality is, the ability to trash reputations, for others to *control your reputation* is all too real. Whether you like it or not.
Cybersecurity used to be be the geek’s eagle’s nest. it was hard to understand, hard to get to, hard to see the impact and need often times. If there was a CIO or CISO, he/she would not be in the board room too often, and usually the budgets were the first to go in any budget change environment. But the cycle switched. Now we are in the opposite cycle. The CIO and CISO are ruling the roost and commanding serious budgets and attention. But being missed in all the excitement is this:
The Crossover from pure cyber crime to real world crime from the same instance.
It is safe to say, times have changed. Now – Cybersecurity has become a word known in almost any home where there is digital connectivity. Time and time again, we are offered proof that cybersecurity now encompasses reputation management; active control of search and social media as well as the traditional hardening of data access points, transport points, and login authorities. Cybersecurity itself has become such a buzzword that it threatens to create a numbness for people hearing it and responding to it.
Recently Digijaks has worked with multiple clients who have faced the crossover from Cyber Security to Real Life Security. It is our recent experience that shows us that law enforcement is *mostly* unprepared for cyber crossover attacks and does not yet have the substantial depth of understanding of the relationship between social media, cyber security and real life people.
The connections are impossible to overlook. What starts as a cyber threat, like impersonation of another; brand or trademark attacks, social media memes and fake social media sock puppet accounts — can now easily and does easily cross over into real world crimes.
The real world crimes escalate too, often in parallel with online escalation. In our recent experience in dealing with the crossover, most law enforcement agencies of *all levels* are simply not prepared to cope with this reality, and have few to zero people in place who are trained investigators and can assist the public, or corporations or utilities or governments with cyber cross overs.
Digijaks CEO Alan W. Silberberg is advising both the company’s clients and law enforcement agencies to take these “cyber cross over” events seriously. There is growing evidence amounting that shows that real world crimes are becoming easier in some ways and can be facilitated through initial cyber intrusions, whether phishing, trolling or direct digital attacks.
This is leading people who were previously *only* cyber criminals or terrorists to become real world ones too, often at little to no monetary cost. We see this a true emerging threat, as yet mostly being unaddressed either at the Federal or State levels, and a threat that is most acutely faced in local communities who very definitely are not prepared.
Reputation. Is hard to get, hard to maintain, hard to control; especially in an era of hacking by governments and criminals alke.
Cybersecurity is something many people long put off as a back burner decision, or lower funded priority, but in actuality is a critical need, now at the forefront of many leaders’ thinking due to the sheer number and audacity of the hacks from 2013 forward. There is a distinct triangulation between reputation control and cyber security and search results. The more things get hacked, the more information flows onto websites, both for sale, and for free, and the more the search engines index these results. Digijaks’ CEO Alan W Silberberg has written about this triangulation before as it relates to cyber security and how we all need to look at the this inter-relationship, and it’s effects on all of us.
The recent OPM hacks were so huge, the numbers are simply staggering that it is hard to process for most people, especially “regular people” who feel this does not affect them or their friends or family.
But in addition to the 21+ million social security numbers that were stolen in the OPM hack, so were over 1.1 million sets of people’s fingerprints. People who serve the US Government in all sorts of capacities, some secret, some not. So in addition to the notion of identity theft through the means we have become unfortunately accustomed to, like credit, social security and personally identifiable information (PII) — we now have to contend with the theft of biometrics.
It means every citizen, whether they believe the OPM hacks relate to them or not, have to start taking on steps to protect themselves. When a nation state can combine vast databases of personal information with biometrics for some of those same people; it means that nation state, or proxies or vendors it sells to could become one of us through surreptitious methods. It means identity theft is potential on a massive scale, as is exploiting people through their information in security clearance documents or medical records.
It means the push to make encryption weaker or illegal should actually be reversed to become a push to make encryption a standard for citizens; and one that is supported by our Government ln light of attacks and theft of information from tens of millions of US Citizens. The US Government through the Congress should adopt stringent laws making it hard not to encrypt personal information.
It means, think about what information you put in the cloud. Think about what information you put in social media. What information you never put into digital form. It means think about carrying a second and or even third form of identity in case you are ever challenged with not being you.
As the CEO of a cyber security and reputation company, I have to admit to not being surprised by the recent successful hacking and penetration of the US Government.
While the scope of the recent events is most definitely shocking, myself and others have been researching, writing about it and trying to push and pull officials to focus on the whole set of threats, not just the known ones, and not just the data hardening ones.
This recent set of hacking and penetration successes were definitely done by a Nation State, China in most probability. But guess what?
The intrusion was apparently found by a Vendor doing a sales pitch to the US Government, and not by the billions of dollars of hardened equipment or custom platforms designed to stop cyber attacks.
I am not being critical. Nor attempting to assign blame. It is what it is. Millions of Americans who work for or have worked for the US Government, myself included have been hacked. Not just hacked, but all of our secrets may soon be on public display or for sale or other.
In the past few years, US consumers have been the targets of hacks from any number of companies that were breached, from Target and Home Depot to Equifax and Anthem among the biggies. But the reality is most companies have probably been hacked.
Most small to medium business do not have the sophistication or the resources to put in place strong cyber defenses. Even for the ones that do, that does not mean a successful defense.
What it means for you:
1. We are all vulnerable. Do not think your information is safe.
2. Disconnect computers from the internet when not using them, and power them down. Same for devices like tablets or phones or other internet connected devices.
3. Create a backup hard drive, find an encryption program you can easily use, and create an encrypted back up of your life.
4. Maybe your whole world does not to be interconnected. Maybe the smart home is not so smart in light of the potential privacy and security vulnerabilities presented by the inter-connect.
5. Take steps to protect private information. Get a safe deposit box at a bank, put all original documents in it, plus a copy of them.
6. Try to make air gaps between your information. Keep your financial records in one secure place. Your medical records in another, different secure place.
7. Be aware that your life may well be not private at all.
8. You are not alone, in fact maybe your whole country is right in the same situation.
In 2013, at my Gov20LA event we hold annually, I made some remarks about the need for families around the world to adopt encryption techniques to protect their information and themselves. That message was partially intended for families trying to fight against tyranny abroad; but is also a critical message for all of us now.
Bottom line though is that the world has changed. *A lot.*