Skip to main content

Featured

What Motivates Young Cybercriminals?

In the world of cybercrimes, the majority of cybercriminals always seek financial gain, but this is not the primary motivation. Aside from the advanced sophistication of state-sponsored incidences, the young cybercriminal venturing into the dark side boils down to their ego. Adolescent criminals seek out recognition among their peers eager for a sense of success in an effort to prove themselves.

Many seek out popularity within internet hacking communities driven by a feeling of accomplishment they compromised a target. This provides them with a rush, a demeanor to develop their skills further becoming tragically involved with organized crime immersed in their addictive and dangerous sphere of influence.

Others find inadequate employment opportunities and thus are lured into the dark side to learn a skill as a matter of survival by participating in online hacking groups. They are easy prey for organized crime and state-sponsored groups to recruit indoctrinating them into …

Cybersecurity Cannot Stand With a House Divided


Abraham Lincoln, the 16th President of the United States, presided over our nation’s Civil War against the evil of slavery. He paraphrased the following passage from the Bible, Matthew 12:25 when he spoke of a house divided:
And Jesus knew their (the Pharisees’) thoughts, and said unto them.”
“Every kingdom divided against itself is brought to desolation; and every city or house divided against itself shall not stand.”
In today’s reality the definition of slavery is not by brute physical bondage as it was in those bygone eras but economic servitude. The controlling of wealth, politics and corruption to gain and directly influence the common man.

By our deeds in life, we reap what we sow, what goes around comes around but united in cause we fail miserably in a war against the Cybercriminal. Unfortunately, the failure is usually in the name of profit for the needs of the one, not the many, greed is a better word. In this article, I will discuss the blunders be it deliberate or not why information security as a whole is losing the war against the Cybercriminal.

Affecting the individual Information Security professional, this article will address the global big picture overview. It will demonstrate how this phenomenon directly affects the Information Security industry from its beginning to where it is today.

The areas of discussion for the reasons why we are behind the Cybercriminal would fill volumes of materials as if we have never learned from history. I am an optimist, and it is not all doom and gloom. We can conqueror as we possess the collective power to steer Information Security in the right direction and turn the tide against the Cybercriminal yet the will to do it is a formidable obstacle, a huge mountain to climb. Specifically, I will cover three areas as follows:

  1. The Collapse of the Soviet Union
  2. The Paralysis of the United States Government
  3. Corporate America Gone Wild

The Collapse of the Soviet Union



The collapse of the Soviet Union created a massive discharge of military personnel with no livelihoods. The former Soviet Russian military complex was corrupt where few upper military personnel had skills that paid well. Since the advent of the Internet and the involvement of the Russian Mafia, a ruthless monster was born that to this day causes enormous damage with highly sophisticated methods.


They became masters at money laundering, moving goods across borders and established connections with international crime rings. The Russian Mafia is terrifying, for example, when new hacking talent is needed, they will force hackers to work for them or kill them and/or their families.

It is without question the breadth and sophistication of services sold on Russian-language websites such as Forum.zloy.bz or Forum.evil offer a small window onto a Russian criminal underground. It costs Western corporations billions of dollars in credit card and online banking fraud as well as “phishing” attempts to lure people into downloading malware or disclosing passwords. We can point to the massive breach of the retailer Target yet the list is endless. Let us not only be mindful of the Russian Cybercriminal but the military adversaries of Russia and China.

Cybersecurity researchers in Moscow have publicly disclosed the highest quality of malware originates from Russia as compared to other known sources in countries such as China, Latin America, Eastern Europe, India, Pakistan and parts of Asia namely North Korea and Indonesia.
Russia still boasts high-quality personnel in both the hacking and cybersecurity areas. The Russian military has begun to heavily recruit the best computer programmers from top schools, including the prestigious Bauman Moscow State Technical University, the Moscow Institute of Physics and Technology (MFTI), and Moscow State University.

A particular area of concern is cybersecurity. As General Dempsey noted, “We are vulnerable.” China, Russia, and Iran would be happy to do harm to the U.S. without a single shot being fired. Currently, Russia has the most active cyber capability for harming the U.S. and has demonstrated that it does not hesitate to use it against small countries, with whose policies it disagrees. Estonia came under attack in 2007, and Georgia fell victim to a cyber attack originating from Russia in 2008 during the Five-Day War in Abkhazia and South Ossetia. Most recently the invasion and annexation of Crimea in Ukraine. U.S. cyber superiority over Russia is, by far, not as bright as is its (albeit diminishing) advantage in conventional forces.

The Paralysis of the United States Government

 “The government has failed us” were the words uttered from Richard Clarke former cybersecurity and cyberterrorism advisor for the White House in 2012. Today it is no different than it was two years ago with the divided constituencies of those do nothing Congressional yahoos, the skyrocketing multi-trillion dollar debt and sequesters, all have taken a toll paralyzing the government. Add to that the vast bureaucratic nonsense with the Office of Personnel Management (OPM) unable to attract, relocate and retain the very best security professionals with competitive compensation.

We are seeing them leave in droves to the private sector, in particular, the senior management people within the Department of Homeland Security (DHS) and in many other agencies.
To make matters far worse, privacy came to the forefront and was a considerable concern making the Information Security industry more complicated than it ever was. The considerable bombshell that rocked the globe was Edward Snowden who exposed secretive activities the NSA was conducting and the alleged treasure trove of classified intelligence he provided to our adversaries, Russia and China. The NSA admittedly had a failure in security to contain individuals who gained inappropriate access to detailed information.

Richard Clarke warned the government:

“Our supply chain of chips, routers, and hardware we import from Chinese and other foreign suppliers and what may be implanted in the — ‘logic bombs,’ trapdoors and ‘Trojan horses,’ all ready to be activated on command, so we won’t know what hit us. Or what’s already hitting us.”
The sophistication these Cybercriminals possess with undetectable stealth malware will never if ever abate. In other words, as we look at government policies and with corporations which I will be discussing next, they all favor low cost “cheap” network equipment and applications. Add to that the continuing de-industrialization of the country to namely China and other nations for cheap labor.
Richard Clarke again spoke out when he said:

“My greatest fear, is that, rather than having a cyber-Pearl Harbor event, we will instead have this death of a thousand cuts. Where we lose our competitiveness by having all of our research and development stolen by the Chinese. And we never really see the single event that makes us do something about it. That it’s always just below our pain threshold. That company after company in the United States spends millions, hundreds of millions, in some cases billions of dollars on R&D and that information goes free to China….After a while you can’t compete.”
I may also add to Richard Clarke’s argument that our capacity for innovation the research and development so vitally strategic is deliberately outsourced and subsequently used against us.
Former FBI Cybercop Shawn Henry told the Wall Street Journal:
“I don’t see how we ever come out of this without changes in technology or changes in behavior, because with the status quo, it’s an unsustainable model. Unsustainable in that you never get ahead, never become secure, never have a reasonable expectation of privacy or security.”
Yet another Cybersecurity top hand James A. Lewis, a senior fellow on cybersecurity at the Center for Strategic and International Studies didn’t believe there was a single secure, unclassified computer network in the U.S. and he was spot on as the example of Edward Snowden clearly illustrates.
More exact words were never spoken, and yet the government continues down that same road with the Congress and the President bickering. Moreover, the powerful lobby that directly influences Congressional members with their troves of campaign funds lining their pockets to enact legislation in their favor is the basis of corruption in government.

Corporate America Gone Wild



 The vision and wisdom of our 32nd President Franklin Delano Roosevelt said it best:
“The liberty of a democracy is not safe if the people tolerate the growth of private power to a point where it becomes stronger than their democratic state itself.”
Indeed, look at us now smack in the middle of a predicament he warned us not to go. A deep hole that appears insurmountable unless we dig ourselves out by the change from within.

Corporate America has an insatiable appetite to cut costs and outsource squeezing the lemon to the point the lemon becomes the turnip in the name of profits. Rampant mergers and acquisitions have produced these gargantuan sized corporations that are just too big to secure. To gain market share growth and political power on a planet that has finite resources, this is what they do.
I can point to several CEOs who have lobbied Congress for massive outsourcing and the importation of cheap foreign labor that has hit the Information Security industry severely. I will point out the founder and former CEO of Microsoft Bill Gates.

Gates made these comments in 2008 at the height of the Great Recession when we had millions of unemployed skilled technology workers with many in the security industry.


In Gates words to a gullible Congressional committee:
“It makes no sense to educate people in our universities, often subsidized by U.S. taxpayers, and then insist they return home.”

Gates is advocating opening up the immigration floodgates to the foreign worker guest program, the H-1B when the talent is all around him, and our most significant human asset of all is our children studying at American Universities. Why is Gates doing it a time Americans are finding themselves without livelihoods? Such an insult is beyond any words can say! Many of these H-1Bs are not vetted and become adversaries using what they have learned how we secure our data when they leave, the consequences of that need no further explanation.
While Bill Gates harangue was heard in that Congressional hearing, I was collaborating with Bloomberg Businessweek Magazine to produce this article detailing the plight of the H-1B worker enslaved in economic servitude, where is the wisdom of Abraham Lincoln and FDR?
Simply put, CEOs see commoditization of labor as a practical vehicle to drive wages down and improve the profit margins. With information security when you outsource it you lose control of your infrastructure, what is secure in one country may not be in another. In a Cyberwar, all bets are off, and corporations do not have any legal jurisdiction if their data is breached which has occurred many times over. They call upon the federal government for assistance as we have seen to many breaches today.

I have seen corporations in action as they weigh the enormous risk factors such as:

  • The promised benefits of outsourced security are attractive. The potential to significantly increase network security without hiring half a dozen people or spending a fortune is impossible to ignore.
  • The potential risks of outsourcing are considerable. Stories of managed security companies going out of business, and bad experiences with outsourcing other areas of IT, show that selecting the wrong outsourcer can be a costly mistake. So many times we have seen third parties lack adequate security being the vector to a breach.
Throughout mankind’s history we have always known that history repeats itself and here we are witnessing the inevitable. It is ironic, others may not see it that way and are in denial with the real world examples that lay before us and that I have seen with my own eyes unfold.

Mankind has the power to reverse the damage but never the will to collectively change the direction of the political forces that drive the Information Security industry. For only that change will we gain the upper hand and the overwhelming superiority over the Cybercriminal.