Your own worst enemy

When you wanna cry to your worst cyber-security enemy, hold up a mirror

In a July 20, 2017  interview with New York Times columnist Bret Stephens in a room full of very important people at the Aspen Institute, new CIA Director, Mike Pompeo, said, “WikiLeaks will take down America any way they can, and find any partner they can to help achieve that end.”

When I saw the quote, I wanted to barbecue him. Yet another Trump appointee who doesn’t know what he’s talking about with a knee-jerk reaction to cyber-security enemies.

Well, no, not this time.

This time, I had the knee-jerk reaction.  Pompeo is wrong about Wikileaks, but he’s right about lots of other things and I’m glad I listened to the whole conversation. I need to work on my own biases before I start barbecuing other people for theirs.

It’s an hour long conversation.  Go to the 26:01 mark to hear the quote out of context.  But invest the hour and listen to the whole conversation – you’ll be glad you did.

I did more homework on Pompeo. Here is what he said about cyber-security in this article, and he’s right.

“It is the next frontier of warfare. It’s not new in the sense that threat to America’s intellectual property has been out there for quite some time,” told the Wichita Eagle. “We now see hacking taking place by foreign governments and by private individuals all around the world. America has to invest more and be more prepared. And we all have an obligation to be more secure in the way that we handle our own private information. There is a role there for the government to play, but a lot of this is going to be done by private individuals and private entities in America taking upon themselves of keeping their information more secure.”

But he is wrong about Wikileaks. Unlike many people, I have first-hand experience with Wikileaks. It goes back to 2009 and the aftermath from the Norm Coleman for Senate campaign in Minnesota, when Coleman treated my personal information recklessly and got caught. Wikileaks emailed me with details and that was the only reason I found out about it. Although the Coleman camp didn’t like it, Wikileaks performed a service for me and the country that day. I wrote all about that episode, right here.

I will not defend what Wikileaks subsequently did with Bradley Manning (now Chelsea Manning), Edward Snowden, Reality Winner, or any of the other incidents where Wikileaks published classified information.  Those were mostly wrong.  But Wikileaks is a shade of grey, not black and white.

Wikileaks does not want to take down America.  Julian Assange might be a snake, but he’s not stupid.  If the United States falls, Julian will find himself in a world of hurt from other countries that don’t have the same view of justice as the United States.  No, Wikileaks does not want to destroy the United States, Wikileaks wants to enrich Wikileaks. Wikileaks is no friend of the United States, but it’s not a cyber-security enemy either.

Who are the United States’ real cyber-security enemies? For a hint, take a look at just a few headlines between July 19 and July 24, 2017:

5,300 University of Iowa Health Care records exposed for two years

Millions of SSN across 10 states leaked in Kansas Commerce Dept. breach

Chipotle data breach leads to illegal ATM withdrawal

Thieves find a new way to hack and steal Teslas

Inappropriate Access to Patient Records Spanned 14 Years

Sweden Grapples with Sensitive Data Leak Scandal

IoT Security Cameras Have a Major Security Flaw

Every one of these stories involves Americans exposing private information or losing it to potential attackers. Even the story from Sweden, which shows that Americans have plenty of sloppy company. I could have found many more.  And those five days are typical.

Beyond those headlines, the sorry list of recent cyber-attack victims reads like a who’s who in American industry. And, rubbing salt in the wound, too many of our leaders become unwitting partners with cyber-crooks because they’re embarrassed to be caught with their pants down.

Read about sloppy management and the sorry response at the United States Office of Personnel Management when it allowed the Chinese to steal details on everyone who applied for a security clearance, right here.   How many people died because of that fiasco? Read about hundreds of thousands of American identity theft victims because they filed their taxes electronically right here.  And here.  And here.  Read about Minnesota law enforcement officials abusing driver’s license records right here.

Closer to where Mike Pompeo works these days, how does the US Government justify at least a ten year history of questionable cyber-activity?  Read about Stuxnet, the cyber-attack against Iran to stop its nuclear program, right here, and think about what might happen when the Iranians turn that weapon against us.

To find our real cyber-threats, look in a mirror.  We are our own worst cyber-security enemies.  Not Russia. Not China. Not North Korea. Not the criminal underground. Not Wikileaks. Us. We, the people. The good guys.

But wait – maybe the examples I cited above are just sensational headlines and don’t reflect everyday reality.  Well, not so fast. Here is a taste of my everyday reality.

Consider the bank vice-president who refused to understand the difference between his bank’s website and the bank internal network. Or the dentist who told me he didn’t need computers to practice dentistry – but had no answer when I asked him what would happen when his antiquated Windows XP computer “server” finally died.  Or the business owner who didn’t want to listen to the Internet threats she was up against because the port-scan report I showed her was a bunch of numbers on a computer screen.  Or the medical clinic spewing data to who-knows-where that didn’t want to call law enforcement because the top managers didn’t want the publicity.  Or the nonprofit CFO who didn’t want to listen when I told him he needed an antivirus solution. Or the car dealer who insisted his antivirus solution was just fine, even though it crashed both computers where we tried it.

Just a few anecdotal stories I’ve been part of, first hand.

For busy people with no time to absorb details, here are six words that everyone who uses the Internet should take to heart.  This is everything you need to know about Internet security. It took me three years to come up with this. Here it is:

Care and share to be prepared.

Care enough about security to educate yourself.  Share what you learn and expect everyone to share with you.  I have plenty of mini-seminars that go deeper.  Here is one.

I wish Mike Pompeo the best in his tenure as United States CIA Director. I hope he helps all of us open our eyes.

Posted in Uncategorized.

Leave a Reply

Your email address will not be published. Required fields are marked *