Cyber Sphere

US dependence on private Cybersecurity firms: New Salem witch trials in the making?

Opinion: United States dependence on private firms to apply attribution could lead to private security firms labeling other states and firms within target states as bad actors.

While reading an old article from (exact article escapes me at present), I was presented with a rather troubling reality. The United States, despite having a formidable Department dedicated to Cybersecurity, relies on private firms to apply what is called Attribution.

It is argued that the United States does this to conceal and obfuscate it’s cyber defensive and offensive capabilities. However, this presents a number of possibilities, most in my opinion are on a sliding scale of not good to bad to terrible.

The not good: during the 2016 election year, the DNC was hacked. Most likely a phishing turned whaling . The Special counsel investigation would go on to implicate the GRU, Which if you were to draw a direct comparison to the US, would be the US Defense Intelligence Agency .

The GRU’s involvement was assessed and attributed by several private Cybersecurity firms including (quoted directly from wiki)  CrowdStrikeFidelisCybersecurityFireEye‘s MandiantSecureWorks,ThreatConnectTrend Micro, and the security editor for Ars Technica.

It is my personal opinion that there was a little bit of insider complicity within the DNC in addition to and beyond the phishing, But the point is, private cybersecurity firm assessment were validated by the US federal government. How far can this actually go?

The bad: The vice article bought up an interesting point. In this increasingly growing industry, how far will cybersecurity firms go to get their klout (aka their name in lights)? Of course I’m paraphrasing, but it’s a legitimate concern. Hackers, private and state sponsored, are a mixed breed. White hats want the credit, black hats of course want to conceal their identities. Yet how easy would it be to create a piece of malware, distribute it and lay the blame on someone else?

The terrible: Nations will categorically deny all cyber attacks. There are notable exceptions like the Turkish nationalist hacker group AYYILDIZ TIM and the Syrian electronic army, Who clearly stand by their attacks. However, even Iran doesn’t claim APT33, and North korea continues to deny involvement in cyberattacks including the Sony Pictures hack.

If 2016 to 2020 has taught us anything, it taught us to affirmation our belief in the power of information, knowledge and to an extend the truly viral pandemic of public opinion, especially when cosigned by celebrity or people of influence. It is this recipe that has labelled an elderly billionaire as 2020 Cobra Commander. By that same token, United states’ freedom of information has allowed entire swaths of communities to be driven to division. People are being targeted individually, Their lives and livelihoods destroyed.

In my opinion, if the world has the misfortune of seeing a 3rd world war, Cyber warfare will have had a hand in causing it as well as an essential part in the ongoing of it. More close to immediate however, what would stop a less than honest cyber security firm from creating a scenario where a rival firm is made to be the perpetrator of a malware distribution, DDOS attack or even a high profile phishing campaign?

If the federal government and news media get behind such a frame up, the dishonest firm is validated and legitimized while the victim firm is reduced to cinder. Ergo, Salem witch trials, but for cyberfirms.

Do I truly believe that cybersecurity firms are going to resort to throwing each other to the wolves for recognition and career advancement? The answer would be Not really, with a touch of cautious maybe. At the end of the day, 90 percent of the IT men and women I personally know are good people with decent lives. Granted, I do know a few weirdos with some rather screwy squirrelly blackhat ideas. However, these aren’t programmers, these are script kiddies confined to low level griefing attacks on secondlife and other local server gaming environments. All of whom I keep around to remind myself to not be an idiot.

Real skill, the skill that truly makes headlines, call for a mind mature enough to know when they’re in over their head. And you’re not going to run a Cybersecurity firm as a moron. The political and media environment, however makes a state sponsored frame up easier than ever. A viral tweet or Facebook live of an event, staged or authentic, can destroy decades of a well built life in minutes.

The battlefield is your mind, Arm yourself.

DuBois Daily Uncategorized

Don’t allow yourself to care about criticism

One thing I made a point of doing was making it my purpose to exert as much control over my reality as possible. Everything from my emotional control to financial freedom.

I sought not to watch life go by, as if I in a cliff hanger action movie or a sullen documentary. One of the things I do is eliminate your ability to throw shade upon anything in my reality.

Here’s a bit of an anecdote, once upon a time I was a social broadcaster on a site. I came under a more idealistic, emotionally altruistic and naive form of myself. I figured that if bought the truth of my personality and positivity to my broadcast,

It would radiate and permeate throughout the chatroom and everyone would be compelled to just chill out.
This formula worked for a while, that is until people who were preexisting enemies came in my room and saw each other. They fought in my room and I tended to take the neutral route. Which usually resulted in them either threatening to not return to my room, thus leveraging their net-ship and room patronage in attempts to force me to their side.

Or they both proclaim to never return to the room, thus losing both. Before I knew it, my chatroom was labelled a drama room, though I was far from a drama person.

I’m going off on a tangent here, anyway…Limiting your negativity is done a number of ways. For one, youtube comments are disabled on my videos, My chatrooms are heavily moderated, I only accept certain people on facebook, my tweets are protected and my instagram is private. I have public accounts like the RSC youtube, facebook and twitter, But it’s seldom I read those anyway.

Basically, the take away from this entry is to not let criticism dissuade you from a goal. Constructive and helpful criticism should always be given guarded consideration.

Guarded because you can’t be absolutely clear on what the motivation for such criticism comes from. Is it helpful from an honest place in their heart, or is it a manipulation tactic?

In closing, always throw negative criticism where it belongs, in the trash. Sometimes however, negs can be helpful. Look at it somewhat like reverse engineering a piece of malware. Figure out how and why it got past your defenses. A lot can be learned by what is said about you.


All moved in.

Here we are…
The blog is back, same location as always but with a new flavor. It feels good when you finally find your purpose. Even if that purpose took a great many years to manifest, fact that it’s here is good. Anyway, there’s a lot of stuff going on out there and there, everyone will be affected to some degree. However, stay true to yourself and what you believe and you’ll come out the other side.