cybersecurity and cyberattack

"Hackers combine art with production, crafting beautiful results. Hackers Have Purpose. That purpose may be to learn, improve, create, teach, and ever more frequently: support human rights." Shawny Cycasin Sago, heroine of the 3rd act of cyberhug.me.

By historic definition; hackers investigate and create, crackers intrude and appropriate; both may use exploits to discover. By my preferred definition: an ethical-hacker is either -- if they are working to support or recover human rights.

Here is something cyberwar has learned from physical war: It is much harder to build something than to bypass, compromise, or destroy it.

The myth of cyberdefense is that it works. Even if your system has little value, it may still be turned into a slave for netbot attacks. If there is something of value on your system, it has already been penetrated. Static cyberdefense, installed once and upgraded only after new exploits are discovered, is of value only against amateurs. A more robust system of cyberdefense is not generally available because it would require a new approach. Suppliers do not want to acknowledge their legacy applications are easily defeated. CEOs and bureaucrats don't want to hear it.

The problem with more robust systems is a difficulty in justifying budget allotments if your work is successful. "We've had no problems, why do we need you?" How much penetration testing is required, how often do you need to engage outside penetration testers to apply unknown tests, how hard to work at shrinking the size of the target that your systems represent? These questions can be asked for dozens of styles in robust approaches. No approach to network security can maintain 100% effectiveness. All networked systems will be compromised, but we can influence by whom and why.

Executives and bureaucrats do not realize they are constantly vulnerable. They may shoot the messenger that tells them. Is it part of IT security's responsibility to train executives to avoid poorly examined actions and making statements that inflame hacker anger or expose the value of a cyber-attack?

A comparison may be made to governmental regulation, say of stock brokers. If everyone distrusted brokers, they would be far safer institutions. The average person considers regulated brokers safe, and discards any due diligence efforts. Fraud expands as loopholes are exploited, but the sheep still trust the sleeping sheepherder. Regulation, and in this comparison static anti-virus protection, actually increases the probability of large attacks by Bernie Madoff level crackers. Anti-virus software is a cybersecurity spider web that stops script-kiddie gnats while hungry birds fly through.

We won't be able to stop the largest cyber-espionage animals, ever. So what to do?

The realization that anything of value on a networked system will be compromised should be warning enough to remove data you value from such systems. Refer to your old floppy drive manuals for rotating backups, and apply the procedures to offline storage of critical data. Not just critical to you of course, but critical to all that have trusted you.

As a refresher, remove data before you leave for lunch, label and store it offline. Again, in a separate file, do it at the end of the day. create files for days, weeks and months - data storage is inexpensive. Of course it would be best to do it as each transaction is recorded, you can program that. This is just the start of a viable cyberdefense - had there been a real cyberattack you would have needed a far more robust system.

return to top of page.



Of first importance, have a plan to get your kids and yourself out of harms way. Remove the restrictions of being ordinary . . . there is an important anthology by Peter Travellian that reveals how to escape average, make money, and thrive in strange situations, anywhere - definitely a must read.

100% of direct income from my lenses goes to micro-finance solutions for world poverty provided by the Grameen Foundation. The Grameen Foundation is creating a rising tide of positive influence upon our world. Help decrease poverty, by enabling the poor to support themselves.

Will YOUR life be based on what you want to use it to accomplish, or by random urges of what you want to do?




"Bastiat Free University is not being built to segment and distribute information - BFU already exists as a catalyst to reignite your love of learning." - Allan R. Wallace

Integrity Matters
Real business people still honor a handshake.