Wednesday, June 27, 2007

Dog of War or McGriff the Crime Dog?

So, solider or cop? War or Crime? Or both?

I ask this question of my own self after reading (and enjoying) Michael C. W. Research's recent posts on security framed in the context of Clauswitz. Thinking it through, though, I began to wonder if war is the context information security should frame itself. After all, as an info security practitioner, you are denied both first strike and retaliation with like force. Hampered by a bureaucracy, limited by budget and laden with metrics of questionable value, you perform awareness and outreach to a resistant, often resentful community that harbors potential adversaries. When the adversary attacks, your response is defensive, forensic, and heavily regulated. In the initial analysis, it sounds more like a cop than a soldier.

Like Mr. Peterson, I recently finished reading Robb's Brave New War. Robb describes the decline of wars between states or their proxies and the rise of the global guerrilla. The global guerrilla uses system disruption and open source warfare to break down the brittle security systems of organized and highly interdependent states. Mobile and rapidly adapting to changing tactics, this adversary is usually hidden in the state it is trying to hollow it out, cooperating with or participating in transnational organized crime. Now that threat sounds more familiar; Robb describes the phishing marketplace as a example of open source warfare.

Is War now Crime? Is the infosec defense model Clear Hold Build or Broken Windows?

Tuesday, June 19, 2007

New Concepts in Data, Compliance and Marketing or The Overly Dramatic Truth

Like the rest of the world, I read J. Cline's article on the upcoming data eclipse while listening to El P's I'll Sleep When You're Dead, which is the best way to read it.

J. Cline is prophesyin' the impending darkness where all corporations will crumble 'neath the cleated boot of data governance.

Mr. Cline identifies the signs of the data eclipse endtimes: Ford has abandoned autos to focus on quality improvement. Wal Mart has unburdened themselves of the lucrative Chinese tube sock trade for supply chain management. In the post-eclipse world, we must surrender control of our enterprises to the wanton desires of regulators, lawyers and audit chimps such as myself. We no longer make the decisions, but wait for them to be passed down from these distant parties who ponder our fate far from the red meat and hot breath of corporate operations. It's not the moon, after all, but the pointing finger of compliance and legality we should focus on.

I may have been born yesterday, sir, but I've been up all night. Like a diamond bullet between the eyes, I was struck with an aces-on Notion (with a little backing I think I could turn it into an Idea) which will make me the fortune I frankly deserve. A methodology that will empower the document generating wherewithal of ten thousand legions of certified information control professionals.

I will call it the Compliance Legal Object Audit Client Architecture: CLOACA. Look for my booth at a tradeshow near you.

CLOACA: You'll Be Surprised What Can Come Out Of It!

Tuesday, June 12, 2007

Vulnerabilty v. Threat

Jeremiah Grossman's analysis of the MSNBC stock contest cheat.

It seems to me that this sort of flaw would rise to the surface quickly from a threat perspective, but slower from a vulnerability perspective. I'm not sure why though.

Monday, June 11, 2007

The Italian Job

Odd ball kidnapping heist documented at MCN and Roadracing World illustrates the danger of the insider beyond the pilfered laptop or unexpired system credentials.

Apparently the Alto Evolution World Superbike team "reduced the responsibilities" of Sergio Bertocchi, their erstwhile manager, after the race at Monza a while back.

On the way back to Italy from the most recent race at Silverstone, UK, the Alto truck gets hijacked at a border crossing. According to the Alto Evolution press release:

The driver was kidnapped for more than six hours and the truck diverted. The driver was able to escape in Bruxelles - Belgium, where he alerted the police and confirmed the names of the people of the gang which had kidnapped him and stolen the truck. Amongst the members of the gang have been recognised four people: one of them was Mr. Sergio Bertocchi.
Policemen from Belgium have immediately started investigations and, at the same time, Carabinieri in Italy have been alerted. Investigations have gone on strenuously and with outmost secrecy. On the 6th a van of ours was sent to Trieste to recover other spare parts and accessories still in Trieste's warehouse. On the way back, in the first rest/service area out of Trieste, the same criminals have stolen the van and its content. Unluckily for them, following a great effort of electronic interception and lots of their's tailing, law-enforcement personnel has had the opportunity to see the criminals in action in first person. Carabinieri have been on the van's tail for a couple of hours and at last they have recovered the vehicle and its content and put them under sequestration.

Meanwhile the subject liable for theft have been blocked.
On Friday the 8th Carabinieri have given us communication that the truck has been found and is now in a safe place in Trieste, again judges have disposed sequestration of the goods.

Although it reads as if they got Alto's rider Muggas to do the translating directly from Italian to Tweed Headsian blindfolded, at first blush appears to be a story of justice served. The former manager plays the archetypical role of the disgruntled employee who turns against his employer by hacking, vandalizing, stealing office supplies, truck hijacking and/or kidnapping. His fiendish plot is foiled due to surveillance and electronic tracking. Chalk one up to the gallant carabinieri and their high tech tracking equipment!

And interesting question regarding identity, though. Did former manager Sergio use his identity to gain confidence and access to the truck? Seems that would be an enormously boneheaded maneuver for a hijacker. I've got issues trying to correlate the motivation of the attacker with his techniques.

Maybe it was just a denial of service attack. Check that word "sequestration" in the above quote, on which the Alto Evolution team elaborates:
This, and only this, is the reason for which we will not be able to partecipate to the race in Misano on the 17th of June.
Not too difficult to imagine Sergio in his Italian jail cell rubbing his hands together, mumbling about how they'll never race in Misano...never in Misano..

Thursday, June 7, 2007

Sufficiency, Competence, Relevance

I returned to work after a refreshing and invigorating vacation in Wisconsin and greater Chicagoland. After marking random e-mails as "Read," I look over some notes I took in a prefreshed state, most particularly this line:

"Reality vs. ????"

I figure I was on track to bust my epistemological crisis wide open, and instead I caved into some ontological audit chasm. Not quite a zombie, but brains are starting to smell real good.

"Reality vs. ????" I think I was getting into a Rashomon fugue state, with folks skating around conflicting stories, but nodding in agreement. I wanted to know: When evaluating perception, what evidence is more reliable than testimonial evidence? Is the written as as important as the thought which drives the action? Can or should the common testimony of a dozen individuals be sufficient to assert a common perception, and be used to predict a likely action?

I searched the Red Book and Yellow Book for the answer. To make sure I didn't miss anything, I checked the Blue Book, too. (Man, that Mazdaspeed3 looks SWEET!) Their answers rang as hollow as a Sturtevant kringle, just not as tasty. "Sufficient and appropriate," "competent and relevant," "better if supported by documentary evidence," "yada yada yada." Not helping me out.

I was looking in the wrong places, of course. In my backpack was the unfinished beach reading: King of the Jews by Nick Tosches. I dig Tosches in a serious way; he is a relentless researcher with a full appreciation of the negative case. From the Book of Esther to Abe Lincoln to Mayor Bloomberg, Tosches makes clear that evidence - competent, appropriate, sufficient or otherwise - winds up as whatever is said most often, and what is said most often is often enough wrong. Still not much of an answer. Really sort of grim.

Nonetheless, with that cryptic fugue out of my system, I'll go back to work. Less episteme, more hax0rme.