Hacking Mr. Robot, week 7.

"Slate and Future Tense are discussing Mr. Robot and the technological world it portrays throughout the show’s second season. You can follow this conversation on Future Tense, and Slate Plus members can also listen to Hacking Mr. Robot, a members-only podcast series featuring Lily Newman and Fred Kaplan. In this episode of Hacking Mr. Robot, Fred and Lily discuss Episode 8: ‘eps2.6succ3ss0r.p12.’ They’re joined by special guest Matt Devost, a cybersecurity expert and the CEO of FusionX." Source: Hacking Mr. Robot, week 7.


Startup investors are looking to hackers for help on smart bets

"‘I’d say we have really seen a growth in that particular market over the last five years,’ said FusionX CEO Matthew Devost, referring to an uptick in revenue for his business from services purchased by investors. Devost’s company, which was acquired by Accenture in August 2015, leverages offensive cyber capabilities to test clients' digital defenses.  FusionX is traditionally employed by investors to conduct tests during a pre-funding stage or in preparation of a merger, acquisition or initial public offering, said Devost. In the past, FusionX has worked closely with clean-tech, biotech and several large software companies to improve cybersecurity on behalf of their investors. Currently, the Reston, Va.-based cybersecurity company is…


What a real cyber war would look like

"In a hot cyber war, the first line of attack would not be like on Star Trek, with spectacular bursts of sparks flying out of computers. Instead it would be a stealth attack on the enemy’s military command and control infrastructure, to keep it from being able to strike, said Matt Devost, managing director of Accenture Security and a special government advisor to the U.S. Department of Defense. The problem is that much like nuclear attacks, no one wants to let the genie officially out of the bottle. Certainly the United States and Europe benefit the most from a free and open Internet, so weaponizing it is not a step taken lightly." Source: What a real cyber war would look like


Every Cyber Attacker is an Insider

"What enterprise executives need to realize is that in today’s environment, every cyber attacker is a potential insider. Given the prevalence of BYOD (bring your own device), supply chain integrity issues, foreign travel, and the plethora of successful spearphishing campaigns, executive leadership needs to operate on a presumption of breach basis and work on reducing their attack surface through red teaming, early detection of attacks, thwarting lateral movement through the enclaving of critical systems, and having robust incident management plans in place before the breach occurs." Source: OODA Loop - Every Cyber Attacker is an Insider


10 Red Teaming Lessons Learned Over 20 Years

I've written a few popular blog posts over at OODA Loop. Here is one I did on red teaming lessons learned. "I often get asked what lessons I’ve learned over the past twenty years, so I started putting together this list of 10 lessons learned over 20 years of red teaming a few years ago. Given that I’ve officially hit the twenty year mark, I figured it was time to hit the publish button. While many of these feel like concepts, vice lessons learned, I hope the reader finds them thought provoking as they formulate and execute red teams of their own. As always, feedback and comments are welcome. This article is also posted at Red Team Journal if you’d like to discuss it there." Source: OODA Loop - 10 Red Teaming Lessons Learned Over 20……


Virtual Reality paper from 1993

Before Neo awakened to the existence of the Matrix and before Mark Zuckerberg donned his first Oculus Rift VR goggles, I was writing about the relationship between immersive virtual reality, philosophy, and human behavior (adopting a position of do no harm). I've mentioned this essay several times over the past couple of decades and finally located a copy to preserve here for easy linking. I don't recall what the title was and it wasn't captured in my Word Perfect file with this text, nor was the bibliography for the paper. The world is your exercise book, the pages on which you do your sums. It is not reality, although you can express reality there if you wish. You are also free to write nonsense, or lies, or to tear the…


What Dan taught me

Over 20 years ago, I was an unknown graduate student at the University of Vermont with an unpopular research idea. I was convinced that our increasing dependence on inherently vulnerable critical infrastructure presented an emerging national security issue. Few others were similarly convinced. Then I somehow caught the attention of Dan Kuehl at the National Defense University and on a trip to Washington DC he invited me to visit his office. I ended up spending the entire afternoon with Dan who entertained all of my questions, walked me through the halls of NDU, introduced me to all his colleagues, and bought me lunch. The most critical thing Dan did was encourage me to keep going with my research. Little did I know at the time, but…


Virtual Tradecraft Paper outline from 2006

Capturing this here for posterity. A friend in the intelligence community got me interested in Second Life which lead to putting together some thoughts on the intelligence implications of virtual worlds. We were talking about this seven years ago... Virtual Tradecraft 2006


Kill with a borrowed sword – An Origins Story

If you've seen me speak in the past 15 years, you've seen a slide that looks something like this: It was my adaptation of an ancient Chinese stratagem for the information age in which an adversary would use our infrastructures as weapons against us. I originally used it as a reference for information operations, but it turns out it was a good model for the attacks on September 11, 2001 as well. AQ terrorists could never have built missiles that could be delivered with the precision and explosive and incendiary impact as they achieved by hijacking commercial airliners. In 2001, I also used the concept to promote a capability I'd started advertising in 2000 as an "Information Outcomes Cell" which proposed to use commercial IO capabilities…


I am Big Data and so are you

Bob Gourley, former CTO of DIA and current CTO of CrucialPoint LLC was guest lecturing at my Georgetown “Information Warfare and Security” class and was discussing mega technology trends when it occurred to me - the next revolution in big data is going to be about me and you. We are sitting on a treasure trove of data about ourselves that will be aggregated into big data repositories and analyzed and mined to augment our lives. Quantified self data from your Nike Fuel band, input from your Google Glass, your email, schedule, events you have attended, foods that you ate, times you got sick, searches you conducted, games you played, movies, books, music, social network status, your social graph, news you’ve read, on and on and on.... All…


State Sponsored Cyber Threats – The Long View

"Thinking about state-sponsored cyber threats over the long term doesn't come easy to Western strategists. This essay takes a look at at the strategic implications of thinking only in the short-term." Source: OODA Loop - State Sponsored Cyber Threats - The Long View


Tim Cook’s Freshman Year: The Apple CEO Speaks

"We want diversity of thought. We want diversity of style. We want people to be themselves. It’s this great thing about Apple. You don’t have to be somebody else. You don’t have to put on a face when you go to work and be something different. But the thing that ties us all is we’re brought together by values. We want to do the right thing. We want to be honest and straightforward. We admit when we’re wrong and have the courage to change." Source: Tim Cook's Freshman Year: The Apple CEO Speaks - Businessweek


Chinese IW – 1996

Digging through some old files and found this from 1996: ::::::::::::::::::::: May 10, 1996, Friday SECTION: Part 3 Asia-Pacific; CHINA; MILITARY; EE/D2609/S2 LENGTH: 308 words HEADLINE: INFORMATION WARFARE; China: characteristics of information warfare explored SOURCE: Source: Jiefangjun Bao', Beijing, in Chinese 16 Apr 96 p6 BODY: [6] Text of report by Chinese army newspaper Jiefangjun Bao' At present, information warfare remains a very abstract concept. In order to clearly understand and master information warfare, we have to conduct a more detailed analysis of information warfare by dissecting it into a number of combat forms, each with a unique content, including an all-frequency electromagnetic war, a computer virus…


Siri – the Augmented Intelligence Agent

My latest thinking about Siri over at TechGrid… "Siri does not represent a foray into the realm of artificial intelligence, but rather a necessary stutter-step in that direction which can be more accurately referred to as Augmented Intelligence. Despite an ability to engage in limited natural language processing, Siri is only capable of augmenting the capabilities of an iPhone in ways that were pre-defined by her programmers. This augmentation will only be improved upon with future iterations of Siri and some day soon, she may become more context aware. For example, ask Siri to play a game and she’ll trigger on the word “play” and look for a song or playlist that match the remainder of the interpreted words “play a game”. Tell her you…


Dronegate: The First Casualty is our Cybersecurity Paradigm

Out of respect to the original blog, my comments on this article can be found by following the link below the excerpt. These are important issues and we should be examining and debating them in detail. "As of yet, there is no definitive narrative of the virus that hit the U.S. drone fleet at Creech Air Force Base in Nevada this September. Original reports stated that drone cockpits had been infected with a keylogger virus and, while there was no indication that classified information had been stolen or that missions had been compromised, the virus has proven tenacious, resisting efforts to disinfect machines and forcing the Air Force to wipe entire hard drives. Sources said that officials at Creech never informed the 24th Air Force, the…


Facebook devours Twitter – a simple strategy…

Facebook is about to eat Twitter for lunch. I'm slowly recognizing that more and more of my activity is migrating from Twitter to Facebook. I've also been wondering if Apples upcoming IOS 5 integration with Twitter is a strategic mistake on Apple's part? What will it take for Facebook to finish Twitter off? Here's my lists of recommendations of what to do and not do. Give me a separate "subscribed" news feed - I want to be able to toggle back and forth between people I am subscribed to and people I am friends with in my newsfeed. An integrated view is nice, but sometimes I just want to see my friends and vice versa. Public Subscribe Button - I already have a button for follow me on Twitter and a button to friend me on Facebook. What…