Tag: Security

Reading: Blackwater : The Rise of the World’s Most Powerful Mercenary Army

Blackwater
Jeremy Scahill; Blackstone Audio, Inc. 2007

 

There is a significant amount of detail that I don’t know regarding nearly everything in the known universe. As Silent Bob once said:

“Bitch, what you don’t know about me I can just about squeeze in the Grand fucking Canyon. Did you know I always wanted to be a dancer in Vegas?”

That’s how I feel about Blackwater. How little I knew about them before this book.

My #1 takeaway from this book:

Military contractor is the media-embraced term for a mercenary. Mercenaries are real, they are not a fantasy or only found as guards for villains in a James Bond film. Whenever I hear the terms civilian contractor or military contractor when referring to a position in a hostile space, I will replace the term in my head with the term mercenary.

 

The Wikipedia definition:

A mercenary[1] is a person who takes part in an armed conflict who is not a national or a party to the conflict and is “motivated to take part in the hostilities by the desire for private gain”.[2][3] In other words, a mercenary is a person who fights for personal gains of money or other recompense instead of fighting for the ideological interests of a country, whether they be for or against the existing government. In the last century, and as reflected in the Geneva Convention, mercenaries have increasingly come to be seen as less entitled to protections by rules of war than non-mercenaries. However, whether or not a person is a mercenary may be a matter of degree, as financial and national interests may overlap.

https://en.wikipedia.org/wiki/Mercenary

 

Time to make the backups. It’s always time.

Photo of Ransomware on an Android Tablet

 

I ran through a quick pen & paper exercise and I came up with no fewer than 14 ways my data (aka my digital life… yours too) is constantly threatened. There are some protections available of course, number one strategy there is to always keep offsite and offline backup copies of everything important. Rotate the backups on a reasonable basis. Moving away from HDDs backup DVDs are also sensitive to heat, so don’t leave them in your car. And it turns out Solid State Drives lose their contents if not plugged into a computer every so often.

Even with the backup strategy in mind, I recognized that there are really two classifications of threats to a digital life.

A. Data Loss – An event without a malicious human initiator

B. Data Breach – Direct or indirect action taken by a human often with malicious intent

 

In what is likely not an exhaustive list, I decided there are only three of the fourteen items that actually fall in category A.

  1. House Fire
  2. Natural Disaster
  3. Mistakes

The issues in category A can be remedied by a good backup strategy, and of course actually executing that strategy. Saying you will backup isn’t the same as actually doing it.

Breaches on the other hand are myriad and growing. And the truth about the increased threat landscape has been taking a significant amount of time in my brain lately. I like most IT folks routinely spend more time talking about security than implementing new ideas and making change. I am worried that this list is only going to continue to grow.

  1. Botnet – Also just about any random run of the mill malware that will be picked up from being negligent.
  2. Pissed off hacker(s) – What they call “Advanced Persistent Threat (APT) in the biz. This can be either an individual, a group, even a government that wants to dox you or maybe steal or decimate your data.
  3. Random 3rd Party Service – This is generally what happens when an APT takes on a service or entity that also has your data. Last year over 5.6 million fingerprints were stolen from the OPM. Experian just got hacked. If you live or have visited the US, someone you have data stored with has been hacked. And therefore your data is compromised.
  4. Script kiddies – People like to stuff all sorts of garbage into Zip files and other archives. This is pretty close to the Botnet entry, but I think the initiator isn’t good enough to be an APT but likely some kid that is trying to break into your WiFi.
  5. Your employer – Similar to #3 but this hits much closer to home than if your Facebook account was hacked. Your employer knows everything about you. Even if your employer isn’t hacked, there’s always the mysterious “insider threat!” Be nice to everyone at your work.
  6. Petty theft – Sometimes people just steal stuff. I lost a brand new laptop and $1000 worth of tech when someone broke into a locked car. I made the original “mistake” as outlined above by leaving it outside of my control. But…. sometimes people just steal stuff anyway. If you are worried about people stealing your stuff, remember you need an OFFSITE backup. It’s pretty often that people leave their backup drives sitting on the desk plugged into their computer.  Do you have a passcode on your phone?
  7. Corruption – Drives have a Mean Time Between Failure. This is not particularly intentional, but I vote malicious simply because there are a lot of really crappy hard driveson the market. I have been burned by several drive manufacturers for drives that last less than a year.
  8. Piracy – What good is downloading the latest episode of whatever if that all lands you in court! If you are like every other person on the Internet, then you have pirated something somewhere on your computer. And that makes your whole drive something to be confiscated should you get to torrent happy.
  9. Family and friends – What? What do they have to do with this? Aside from their capacity to make mistakes, they are also compelling reasons to be paranoid about your data’s security. If your friends have pwned laptops and connect to your network and you’re not wearing your tin foil hat… so it’s not malicious on your friend’s part, but there’s definitely a person in the loop.
  10. Blanket Surveillance – It’s nothing personal, and if you have nothing to hide then you have nothing to be afraid of. The truth is all of us are connecting to the Internet for one reason or another, and those reasons are being monitored, tracked, analyzed, reported on, and many times sold. This may not be the same as my hard drive being compromised, but it is still a breach of the old digital self.

 

I welcome feedback. I’m sure there are other better ways to categorize this, and I’m not coming up with anything radically new here. But this may be good for just one of my friends or family members to know. Not everyone in my life is really tech savvy, but everyone is concerned about his or her computer and the data that makes up their digital lives.