Categories
Latest
Popular

The American Insecurity State

In March 2013, a 17 year old Russian hacker began selling some malware for hacking retail point of sale systems.  This software was called Kaptoxa, which is “potato” in Russian slang.  He was selling it for $2,000 a pop plus 50% of the loot from any sale of stolen credit cards.  After some initial success, he rebranded the malware “BlackPOS” (much cooler) and proceeded to sell over 40 builds of the software to the cyber mafia across easter Europe.

By November this malware was active across the US, as part of the massive cyber attack on Target and other major US retailers.  BlackPOS, inserted into point of sale system at numerous Target stores, was able to transmitted the credit card numbers, identity, and CCV number (that pesky three digit number on the back of the card) of 40 million customers to the attackers securely located outside the US.  An additional database hack was able to net the attackers 70 million additional customer profiles — name, address,  etc. as well as (as is likely) purchase history at the store.

These cards and the American identities attached to them are being sold all across the world for countless millions of dollars.  This makes it one of the largest cyber attacks on the US financial system to date since it impacted the financial lives of at least a quarter of the US adult population.

This makes it a great example of how people are using the leverage afforded by modern technologies to rig the world’s socio-economic system to great personal gain.

It’s also a great example, since nothing was done to stop it, how little our bureaucracies can do in this new world.

Let me restate why.  One of the biggest cyber attacks in history just occurred and the national security bureaucracy we spend half a trillion dollars on a year did nothing.  The most embarrassing aspect of this to the national security bureaucrat:  the attackers didn’t even spend a moment worrying about the national security system.  Its existence was irrelevant to the attacker’s decision making process.

Of course, the idea of a small unknown group successfully conducting a large scale attack on the US is something we’ve heard before.  The same thing occurred on 9/11.  In that case, as well as this, the attackers didn’t see the US national security system as a difficulty to overcome.  It was just furniture in the room.

Unfortunately, 9/11 was misinterpreted.   Instead of using it as an opportunity to rethink security in the 21st Century, it was used to justify a decade long national security spending spree that did nothing to make us safer.  It just doubled down on the bureaucracy, which dug us deeper into debt.

It also, given the recent attack on Target attests, didn’t make us any safer. We’re as vulnerable as we were before the spending occurred.

What does this mean?  The national security bureaucracy is unable to deliver security in the 21st Century.  The instability of underlying socio-economic processes prevents it from doing anything proactive.

All the national security bureaucracy can do in the 21st century is Monday morning quarterbacking.

JR

PS: I’m writing a book online. This is a page of it. Will package it and the rest of the pages for Amazon. If you want to join me for free in the meantime, sign up with your e-mail in the space below.

Join the movement to restore America's prosperity

Discussion — 8 Responses

  • Burgundy January 22, 2014 on 4:43 pm

    Credit card details on 20 million South Koreans stolen
    http://www.bbc.co.uk/news/technology-25808189

    “This theft of consumer data is just the latest to hit South Korea. In 2012, two hackers were arrested for getting hold of the details of 8.7 million subscribers to KT Mobile. Also, in 2011, details of more than 35 million accounts of South Korean social network Cyworld were exposed in an attack.”

    Seemingly there were massive queues of people at the banks waiting to cancel their credit cards.

    Meanwhile back at the Bureaucracy everything is just fine:

    End of physical currency a ‘reality’, says Visa
    http://www.telegraph.co.uk/finance/newsbysector/banksandfinance/10590499/End-of-physical-currency-a-reality-says-Visa.html

    Not only can our money lose its purchasing power, it can also vanish in increasingly novel ways and when you actually use it there is a plethora of middlemen taking their cut out of it. Its becoming more troublesome than its worth, I guess there is a growing demand for an alternative.

    Reply
  • Geary Sikich January 23, 2014 on 7:30 am

    John:

    In 2009 I wrote an article: “A Great Wreckoning: the effect of government actions on private sector sustainability” that I would be happy to share with you.

    Some of my references for the article are:

    Critical Infrastructure: The National Asset Database, Updated July 16, 2007, John Moteff, Specialist in Science and Technology Policy
    Resources, Science, and Industry Division

    Debt and Deficits Chart, Source U.S. Department of Treasury, U.S. Government Accounting Office, Congressional Budget Office

    Greer, John M. “How Civilizations Fall: A theory of catabolic collapse,” By John Michael Greer; © John Michael Greer 2005

    Idle fleet projection 2009-2015. http://www.alphaliner.com/…/AXS-Alphaliner%20Newsletter%20no%2045%20-%202009.pdf

    Orlov, Dimitry, “Reinventing Collapse” New Society Publishers; First Printing edition (June 1, 2008), ISBN-10: 0865716064, ISBN-13: 978-0865716063

    Sikich, Geary W., The Financial Side of Crisis, 5th Annual Seminar on Crisis Management and Risk Communication, American Petroleum Institute, 1994

    Sikich, Geary W., Managing Crisis at the Speed of Light, Disaster Recovery Journal Conference, 1999

    Sikich, Geary W., Business Continuity & Crisis Management in the Internet/E-Business Era, Teltech, 2000

    Sikich, Geary W., What is there to know about a crisis, John Liner Review, Volume 14, No. 4, 2001

    Sikich, Geary W., The World We Live in: Are You Prepared for Disaster, Crisis Communication Series, Placeware and ConferZone web-based conference series Part I, January 24, 2002

    Sikich, Geary W., September 11 Aftermath: Ten Things Your Organization Can Do Now, John Liner Review, Winter 2002, Volume 15, Number 4

    Sikich, Geary W., Graceful Degradation and Agile Restoration Synopsis, Disaster Resource Guide, 2002

    Sikich, Geary W., “Aftermath September 11th, Can Your Organization Afford to Wait”, New York State Bar Association, Federal and Commercial Litigation, Spring Conference, May 2002

    Sikich, Geary W., “Integrated Business Continuity: Maintaining Resilience in Times of Uncertainty,” PennWell Publishing, 2003

    “It Can’t Happen Here: All Hazards Crisis Management Planning”, Geary W. Sikich, PennWell Publishing 1993.

    Sikich Geary W., Stagl, John M., “The Economic Consequences of a Pandemic”, Discover Financial Services Business Continuity Summit, 2005.

    Tainter, Joseph, “The Collapse of Complex Societies,” Cambridge University Press (March 30, 1990), ISBN-10: 052138673X, ISBN-13: 978-0521386739

    Vail, Jeff, The Logic of Collapse, http://www.karavans.com/collapse2.html, 2006

    Regards,

    Geary W. Sikich

    Reply
  • nickels January 23, 2014 on 11:25 am

    And cisco wants to connect your toaster to the internet.
    Maybe someone can write a program to overload your toaster and burn your house.
    We have to pull back from the internet or at the very least abandon the idea of its greatness. The cat and mouse game of computer security is not winnable in any other way.

    Reply
    • Burgundy nickels January 23, 2014 on 12:07 pm

      There was a case recently where a fridge was used as a spambot for distributing spam emails worldwide. The Internet of Things will obviously be a great asset for cybercriminals and the NSA (is there a difference?), but pretty useless for those that actually install them.

      The main benefit will be cheap electronics widely available for making your own automated devices and sensors. Not for home automation, but for home automated manufacturing or horticulture.

      Reply
      • Penny Pincher Burgundy January 23, 2014 on 10:35 pm

        This internet of things has been going on ever since the networked photocopier or photo kiosk. It’s just now catching up with household appliances.

        The problem being that security is only as good as the knowledge/willingness of the user to use it. When people leave the password to their copier as “Admin” it makes it pretty easy to hack. And those are the computer networking people in an office; imagine Grandma with the new EPA-required “smart” fridge and the 8th grade education (or non English speaking) guy who delivers it. They’re not going to configure it right, or at all.

        Reply
  • frankr January 24, 2014 on 1:37 am

    Call me skeptical. I grew up in the Deep South, and let me tell you, the system was always dysfunctional for black people down there. It wasn’t that the bureaucrats were incompetent or has lost control of the situation in the south, it was that black people just didn’t matter. Indeed, giving black people second-class service was a feature of the system, not a bug. The bureaucrats were/are quite competent when wealthy white people wanted something done. What is happening is that now middle-class white people are for the first time in a long time experiencing the dark side of America (bad pun intended). Hollowing out of the middle-class, with most of the former middle-class being pushed down and only a few moving up.

    Reply
    • John Minehan frankr February 20, 2014 on 1:35 pm

      Actually, this article points out the unlimited opportunity for the talented to raise, as the guy who created BlackPOS did.

      Reply