Friday, June 29, 2018

The #Cybersecurity Illusion

Since World War II, we have eagerly bought devices that have made our lives easier.

Everything was innocuous until those devices started tracking us, memorizing us, and even anticipating our thoughts.

Today we have phones that can pretty much replace computers.

Soon we will have cars that will be able to drive themselves because we are too lazy and feckless to do it ourselves.

In a very real sense, we are the street Johns in a world of prostitution that fall for the whore of convenience.

Yet, rather foolishly, we ignore possible cyberthreats to our lives that this encroaching seduction by convenience brings with it.

Many of us also mistakenly believe that the likelihood we will be a victim of a cyber incursion is statistically low.

Heck, some even make it easy to be victimized by rolling out a red carpet of convenient information that can be used against us.

Think about it. Have you inadvertently and willingly given up information?

Do you post your real location on Facebook? Age? Family members? Place of work? Schooling?

Do you telegraph your exact location and what you're doing through Snapchat?

Do you respond to the asinine “so where’s everyone from?” posts in discussion groups on social media?

Do you post identifying pictures and reveal all sorts of information contained in them?

And then, do you engage in idle chit chat with online friends that creates a text record of said details?

It's astounding how much information we give away for free.

But it just isn't online.

Do you post pictures with your car’s license plate in full view?

“Running” a plate is easy.

Do you have a stick-figure family on the rear window of your vehicle with names of your children?

What I'm getting at has nothing to do with paranoia and everything to do with being circumspect.

In social media, I live 5,000 miles from where I say I live, for example. My hometown isn't accurate nor is where I work.

But anyone who knows me in person would know it's me.

Yes, sophisticates who don't know me can still pinpoint my location, but there are a lot of imbeciles engaging in cyber crimes because all of us make it so easy for them to get at us.

I'm just trying to muddy the waters.

So, what should you do?  

I's advise to at least try to make it more difficult for someone to get your information.

1.  Disable location in any social media platform and turn it on only when needed.

2.  Delete your home location, birth date, and personal info where possible in social media.

3.  Or obfuscate such information by changing the location, birth date, and personal info so that people do not catch on to the idea that you're being circumspect.

4.  Delete "friends" in social media that you don't actually know in real life, or if not, stop being forthcoming about the details of your life. Even if you think you've been careful, you haven't been.

5.  Shred all hard copies of anything that can identify you because criminals will sift through trash and can often get enough info on you to pretend to be you. Conduct as many transactions offline as you can.

You may think that you've not let any information out, but your trail is really more like what you see above: a graffiti-covered goldmine.

It is true that once you put something on the internet, it's always there.

But it is also true that if you dial way back the available information you put out, the criminals looking for easy pickings, are less likely to go after you.

Even more importantly, if you delete things and go quiet, it reduces the number of hits someone can find out about you on an initial search. 

Reducing the potential for hits causes analytics not to pay as much attention to information that is not frequently accessed.

And you become more invisible.

Be careful.

Prepare well, my friends.

Monday, June 25, 2018

Adversarial Surveillance: How Should I Prep?

We all imagine that in order for terrorists to formulate a strike, they surely gather intelligence.

To do otherwise would be counterintuitive.

FEMA calls this gathering of information for the purpose of committing crime or carrying out terrorism “adversarial surveillance”.

The premise of people doing it is that by paying attention to what and how a target conducts business, weaknesses can be identified and exploited.

But this is nothing new given that interpersonally we size-up our opponents and strike at weaknesses.

This clandestine surveillance gathers information about people, their places of work, and infrastructure in order to commit crime.

Terrorism is crime.

One obvious goal of individuals who conduct adversarial surveillance involves the documentation of security routines.

How should you prepare?

Clearly, being able to detect that surveillance is taking place is the first step.

Stop saying “It must me nothing.”

Start asking if it might be something.

Take a picture on your smart phone.

Notify the authorities.

It’s better to have an innocent be accused than for a terrorist to be noticed and unreported.

Take a moment to formulate the works that can convey your understanding of precisely how what you’re seeing is adversarial—apart from a lone person’s “should” sense of what is right.

Finally, reporting it to the correct authority who can respond appropriately helps curtail the threat.

Situational awareness improves your ability to detect adversarial surveillance.

By paying attention to your milieu, you will have a better idea of what is normal or unusual for that environment.

Just pay attention.

Practicing observational skills in every situation you enter helps you to develop a baseline for what is normal.

Identifying what seems unusual or suspicious about a person’s activities and why—objectively—they or their actions are so, sharpens your data gathering.

Documenting your observations improves the clarity of what you report. Do not rely on recollection.

One challenge is that an operative conducting adversarial surveillance will often go into the character of someone you’d expect to see.

Look; it’s a package delivery person with a parcel in hand.

Over there is a guy with a briefcase, but that seems normal.

It is idiotic, however, to assume that the people who pose as characters in order to surveil a situation are well trained.

In fact, they may be run-of-the mill people pressed into service. 

The behavior and actions of persons who are not well trained and who are conducting surveillance often appears to be unusual.

Sometimes, an operative will purposefully fail so they can observe the security response.

Sure, the ability to detect surveillance activities is best when trained personnel are looking, but we have to be their eyes and ears.

We have to be alert.

We must be present.

Prepare well, my friends.

Saturday, June 16, 2018

Then Reddy Kilowatt Lets You Down

The other evening, the power went out in the middle of the night causing the ceiling fans to stop their circulation of air.

That’s what woke me up.

The juice came back on and the answering machine on the land line called out for me to set the time.

That’s how I knew it was back on.

The power again went out that morning around 5:15 am just after I had gotten my first cup of coffee.

With her ceiling fans off—yet again—my daughter got up for summer school an hour early.

That night, my cable company had a massive system outage that affected a large portion of the entire nation.

That got me thinking about disruption.

We say  we realize how addicted to power we are, but are we really aware of the immediate impact we will feel?

After World War II, electricity was promoted as an amazing cure all.

A character named Reddy Kilowatt extolled the virtues of an electrified tomorrow.

He sold Americans on electrification largely by promoting appliances that were marketed toward women to reduce their work load. 

Washers, dryers, refrigerator/freezers, electric mixers, dishwashers, trash compactors, can openers, and so on revolutionized the home.

Now we are being sold the notion of EVs to replace our conventional cars because EVs run on clean energy.

Sure they do (!), but that's not my debate.

Although Teslas are in no way any more technologically advanced than their competition, the company has sparked tremendous interest in EVs to the point that a barrage of EVs of all stripes is headed to market.

The only problem is that they will make us even more dependent on electricity.

My state (California), will not permit new conventional power plants to be built and instead they want so-called green energy that is woefully inefficient for producing electricity and ridiculously expensive to use.

So, what if the power goes out?

Sure, we can have generators and get by for a short amount of time.

But the reality is that loss of electricity will be a major #SHTF event.

I'm not talking about loss as a result of an EMP (highly unlikely), or terrorist attack (highly likely), but from system overload that literally sets a power plant on fire.

A system-overload fire and loss of a power plant is very likely because we are increasing our electrical draw, but we are not increasing our electrical supply.

That imbalance causes system heat which an lead to failure.

Now factor in how old power plants are and this becomes quite a concern.

And we must prepare.

I don't have a magic elixir cure, but I have some suggestions.

Learn to use far less electricity by doing things by hand like washing dishes, laundering clothes, drying garments on a line, mixing foods with a whisk, and so on.

Of course, get a generator.

Of course, get some solar panels that charge batteries.

Consider converting electric appliances to gas where possible.

We have to be ready.

Prepare well, my friends.