Thursday, September 22, 2016

Crushing Force as a Change Agent (or The Bullshit Luxury of 10,000 Failed Attempts)

"I have not failed 10,000 times. I have successfully found 
10,000 ways that will not work." 
- (Thomas Edison)

I’m the founder of a failed cybersecurity startup. Or, to use Edison’s perspective, I’ve successfully found multiple ways for my startup not to make a profit. But Edison’s positive spin on failure is bullshit. Only a scientist or an tenured academic on a salary has the luxury of failing so many times. When you’re an entrepreneur over 50, like I am, the stakes are much higher. When you have others depending on you, the pressure doubles with every failed attempt to turn things around. Energy is sapped. Resources, already limited, are further drained. Pretty soon, exhausted, you may find yourself contemplating options that you can’t put words to.

I decided, instead, to put words to my experience of crushing force as a change agent in the hope that I can find a solution for myself, my company, and help others who may be in similar circumstances. In other words, I’d love to hear from you if anything in this article resonates.

(Read the full article at or Linkedin)

Monday, July 11, 2016

Faith-Based Attribution

"Faith-Based Attribution" is my latest article on the challenges of attributing attacks to the person or entity responsible. Check it out at

Sunday, June 19, 2016

The DNC Breach and the Hijacking of Common Sense

"When you need something to be true, you will look for patterns; you connect the dots like the stars of a constellation. Your brain abhors disorder. You see faces in clouds and demons in bonfires. Those who claim the powers of divination hijack these natural human tendencies. They know they can depend on you to use subjective validation in the moment and confirmation bias afterward."
Author: David McRaney
This article is about the DNC breach and its attribution to the Russian government. But first, imagine that the DNC breach wasn’t a network breach but a shooting (no one was injured). No one knows who the shooter was but he left behind his weapon, a Kalishnikov AKM made in Russia.

The unknown shooter used a Russian-made weapon. Does that mean that the shooter is Russian? Or that the shooter works for the company, Kalishnikov Concern? Or even more likely in the crazy world of cyber investigations, that the designer of the AKM is also the shooter?

Police would certainly explore the possibility that the shooter may have been Russian but they wouldn’t exclude other suspects. And no investigator in his right mind would arrest the CEO of Remington Arms, Sig Sauer, Kalishnikov Concern or any other arms manufacturer because a gun they made was used in a crime.

In the physical world of crime investigation, common sense dictates that the perpetrator of a crime may use any weapon and not just one made in the country of his birth, and that the developer or manufacturer of the weapon most likely isn’t the perpetrator of the crime.

And yet, those seemingly crazy assumptions are made every day by cybersecurity companies involved in incident response and threat intelligence. 

The malware was written in Russian? It was a Russian who attacked you. 

Chinese characters in the code? You've been hacked by the Peoples Liberation Army.

Wednesday, June 15, 2016

The DNC Hack: Dangers of Playing the Nation State Blame Game

UPDATE: Someone claiming to be responsible for the DNC breach has released the Trump opposition file to Gawker and mocked CrowdStrike according to the Salted Hash blog:

"The main part of the papers, thousands of files and mails, I gave to WikiLeaks. They will publish them soon. I guess CrowdStrike customers should think twice about company’s competence," they wrote."

CrowdStrike's response to Salted Hash included mention of a "Russian Intelligence Disinformation Campaign", and that they stand by their findings of Russian government involvement.

On June 14, the Washington Post reported that the Democratic National Committee had suffered a breach of their network by Russian hacker groups who stole the DNC's opposition research on Donald Trump. The Post's headline read "Russian Government Hackers penetrated DNC ..."

I trust CrowdStrike's judgment that the hackers were Russian-speaking, but were they employed by competing Russian intelligence services as CrowdStrike maintains? The truth is - no one knows for sure. CrowdStrike merely believes that they are. Here's the essential argument that Dmitri made in his blog post:

  1. Fancy Bear and Cozy Bear appeared to work separately from each other in the DNC network without being aware of the other's presence. 
  2. Russian intelligence services (GRU, SVR, FSB) compete with each other.
  3. The group Fancy Bear "may be affiliated" with the GRU.
  4. Therefore Cozy Bear must be affiliated with the FSB or SVR.
I'm embarrassed to say that that kind of logic is par for the course in the crazy world of cyber threat intelligence. When it comes from a company with the size and reputation of CrowdStrike, it isn't questioned in national policy circles. It's accepted as fact. Soon it will appear as a footnote in some academic's article about "nation state cyber war". The FBI's database will be updated without any critical examination of the data. 

And should a more serious cyber event occur at any point in the future that even smells like Fancy Bear or Cozy Bear, it'll be declared an attack by the Russian government and a diplomatic incident could occur, even though the Kremlin may have had nothing to do with it. 

The truth is that there's no way using digital forensics to differentiate between a skillful and well-paid Russian-speaking mercenary hacker group working on their own, and equally skilled Russian hackers employed by the FSB. And something as simple as responsible attribution would go a long way towards avoiding unnecessary diplomatic tensions between governments.

Monday, June 6, 2016

The Next Evolution of Suits and Spooks: Entertainment

Farnborough International Airshow 2014
I founded Suits and Spooks in 2011 in an effort to make it easier for startup technology companies to engage with the Intelligence Community; a problem based largely back then on an antiquated acquisition system. A lot has changed in five years, and so has Suits and Spooks.

Today, I'm pleased to announce the next evolution of this event. Delivering security training to executives by combining it with a hugely entertaining event like the world's largest military airshow in Farnborough, U.K.

Espionage @ Farnborough International Airshow will give our guests VIP treatment, hands-on time with the world's most advanced aircraft, space, and unmanned aerial systems while former British Intelligence officers and Special Operations Forces operators act as their guides with information on how espionage is conducted at shows like Farnborough and how to counter same.

Later that evening, back in London, former and current British Intelligence officers will review the tradecraft and the counterespionage techniques that our guests should know to keep their IP and R&D safe from bad actors (both in the cyber and physical domains).

While we are making this trip available to individuals, we can customize it for a company as a team-building, security-training, client entertainment, or client acquisition event. Please contact me if you'd like to discuss this further.

In the meantime, please check out and follow our brand new @SuitsandSpooks Instagram account for some incredible pictures related to our upcoming Farnborough / London trip, and to stay current about our future trips. You can also follow us on Twitter, or just visit the website.

Monday, May 30, 2016

How Common Is It To Underestimate Customer Acquisition Costs?

I'm not a marketing guy. I always figured that if you build a solution that solves a hard problem, the customers will come. Right now, every marketing guy reading this is falling down laughing, but I really did believe that.

In 2011 and 2012, after participating in dozens of post-breach consultations with multi-nationals, I learned about a problem with no viable solution (how can a company with millions of files determine which are most valuable to a potential adversary).

From 2013-2015, I devised a solution, recruited a team to build it, and found angel investors to finance it. The solution was so simple, so based in common sense, and so easy to implement, that I was certain that our customers would embrace it the moment that we presented it to them. Boy, was I wrong.

I underestimated customer acquisition, and I overestimated product adoption. As I speak with some peers in the industry about it, I'm learning that I'm not alone in making this mistake. I'm working on some ways to remedy that problem for my company, and in the process I've put together a plan to help other startups avoid that same mistake. I'm kicking that plan off today with this post.

Our sixth annual Suits and Spooks DC event (Jan 11-12, 2017) will be all about cyber espionage, APT actors, and the cybersecurity companies and startups that can help companies and government agencies defend against it.

Day one will explore and identify the high value technologies that are being targeted, and by whom.

Day two will give 12 cyber security startups fifteen minutes to demo their product or service to our attendees; at least 50% of whom will be decision-makers from our startups' list of target customers. They'll be attending free of charge.

Sound good? Sign your startup or company up as a sponsor today and we'll spend the next six months working with you to identify, connect with, and invite as many executives at the director level or higher at your target companies that we can - free of charge. By letting my team help you win new customers, you'll help us generate income for our own marketing efforts. I think it's a win-win. If you agree, please connect with me on LinkedIn and ask for a sponsorship package.

Tuesday, May 17, 2016

Cyber Espionage's Three-Legged Stool Dilemma

Cyber espionage is a worldwide multi-billion dollar problem for every technologically advanced nation; even the ones that the U.S. traditionally considers its adversaries (Russia and China). 

Think of it as a stool with three legs: Targets (High Value Technologies), Actors (both State and non-State), and Defenses (ways that we can protect those HVTs). 

The reason why companies and government agencies continue to lose their expensive HVTs to their rivals and adversaries is that their three legged stool is missing one or more of its legs. It's really as simple as that.

At Suits and Spooks DC (January 11-12, 2017) we'll take a deep dive into how governments and corporations need to assess these three components by discovering answers to the following questions:

What are the most valuable technologies of 2017 and beyond?
Which threat actors are targeting those technologies, and how?
How can you best defend your technologies against those threat actors?

Day one will address the first two questions while day two will showcase about a dozen companies whose focus is defending against acts of cyber espionage.

Seats are limited to no more than 100 people. Register today and save 60%.

If you have a topic in mind that you think would be a good fit for our event, send over a title, abstract, and your bio. Our current speakers include Dr. David Bray (CIO at the FCC) and Lewis Shepherd (formerly with Microsoft and the Defense Intelligence Agency).

If you work for a cyber security company and would like to be considered for a 15 minute slot on day two to showcase your product for our government and corporate attendees, contact me at your earliest opportunity. We're only going to feature 12 companies.

Tuesday, March 22, 2016

Attend Our Counterterrorism Workshop on March 29 in Washington DC

ISIL, aka ISIS or The Daesh, has claimed responsibility for yesterdays suicide bomber attacks in Brussels which targeted transportation hubs. 

Government and corporate employees are invited to attend Taia Global's one­ day workshop on Terrorism, Technology and the Law in Washington D.C. on March 29th. 

You'll join a small group of government and military employees, information security professionals, and international lawyers at the Waterview Conference Center for a full day of briefings and discussions on how technology is a force­multiplier for terrorists, how the laws of warfare are being changed due to technology, and most importantly, how to weigh courses of action while bypassing cognitive and emotional traps. 

Use coupon code SAVE30 in the next 48 hours and save $30 on the $179 registration fee (only $149).  

Thursday, March 17, 2016

Do Your High Value Assets Match Russia or China's?

If you want to know what the Chinese and Russian governments consider valuable, just follow the R&D money.

Our linguist/researchers have been busy building the world's first and only commercial R&D database which up until now has been accessible only via our Redact™ search engine so that you can tell if your high value digital assets are at risk.

As of today, you can purchase our entire Russia and China catalog of R&D entities with descriptions of thousands of currently funded projects for your company or agency's internal use.
Download our Russia catalog and our China catalog for more details. Contact us for pricing.

Sunday, March 13, 2016

An Exclusive Opportunity To Look Inside China's Plan To Become A Tech Power

Whether we in the West like it or not, the People's Republic of China is continuing to achieve rapid technological growth in a growing number of areas thanks in part to its smart use of Five Year Plans, increased spending on research and development, and technology acquisition through a variety of means from foreign companies.

Reuters reports that China aims to boost its R&D spending for its 13th Five Year Plan to 2.5% of GDP compared to 2.1% during the period of 2011-2015. According to Indicators 2016"China is now the second-largest performer of R&D, accounting for 20 percent of global R&D as compared to the United States, which accounts for 27 percent."

The following are some of the overarching initiatives of China's 13th Five Year Plan and some of the Chinese research institutions and state key labs working on those issues.

If your company is working on parallel technologies to those being funded by the Chinese (or Russian) government as part of its strategic technology initiatives, it's not enough to just know the broad topics (even though some cyber security companies want you to think so). You need to know the specifics. Only Taia Global uses human linguist/researchers to discover what those specifics are and makes them searchable in a custom-built search engine.

We want as many companies as possible to try out our Redact™ R&D search engine for one month without any obligation. To that end we have lowered the price of a one month subscription from $499/mo to just $99.  Use discount code MAR2016 at checkout.

Agricultural Modernization
Development Research Center of the State Council

Industrial Planning and Optimization
Development Research Center of the State Council
Department of Electrical Engineering, Tsinghua University

Development Research Center of the State Council
Guiyang University

State Key Laboratory of Software Development Environment
Institute of Information System and Engineering, School of Software, Tsinghua University
Aerospace Software Engineering Research Center, School of Computer Science and Technology, Harbin Institute of Technology
Information Security Technology, Institute of Computer Science & Technology, Peking University
Network Technology Research Center, Institute of Computing Technology, Chinese Academy of Sciences
Institute of Aerospace Information Technology, School of Aerospace Engineering, Tsinghua University
Information Security Research Centre, Southeast University

Economic Governance
Institute of Economics, Chinese Academy of Social Sciences (CASS)
Development Research Center of the State Council
State Key Laboratory of New Ceramics and Fine Processing
State Key Laboratory of Software Development Environment

Innovation-driven Development Strategy
Development Research Center of the State Council

Coordinated Regional Development
Development Research Center of the State Council
Institute of World Economics and Politics, Chinese Academy of Social Sciences (CASS)
Institute of Economics, Chinese Academy of Social Sciences (CASS)

Innovation Social Governance
Development Research Center of the State Council
University of Science and Technology of China: College of Computer Science and Technology

Economic and National Defense Construction
National Defense Technology, Key Laboratory of Shockwave and Detonation Physics (Laboratory of Shock and Detonation (LSD)), China Academy of Engineering Physics (CAEP)
Aerospace Software Engineering Research Center, School of Computer Science and Technology, Harbin Institute of Technology
Information Security Theory and Technology Research Laboratory, School of Computer Science and Technology, Southwest University of Science and Technology
China Academy of Engineering Physics (CAEP)
Jilin University
Guiyang University

Education and Health
Aerospace Software Engineering Research Center, School of Computer Science and Technology, Harbin Institute of Technology
China Academy of Engineering Physics (CAEP)
Guiyang University
Department Basic Medical, School of Medicine, Tsinghua University

Ecological Environment
Tianjin University
State Key Laboratory of Advanced Metals and Materials

Strategy and Security
State Key Laboratory of Software Development Environment
State Key Laboratory of ASIC and Systems
Department of Electrical Engineering, Tsinghua University
Institute of Information System and Engineering, School of Software, Tsinghua University
Information Security Technology, Institute of Computer Science & Technology, Peking University
National Research Center for Information Technology Security
Information Security Theory and Technology Research Laboratory, School of Computer Science and Technology, Southwest University of Science and Technology
Information Security Research Centre, Southeast University
University of Science and Technology of China: College of Computer Science and Technology
China Academy of Engineering Physics (CAEP)
Jilin University

Included in your trial subscription is the ability to search R&D projects not just in China but also in Russia, South Korea, and France. Learn more about Taia Global and our Redact™ and OverWatch™ products at our website.

Sunday, January 31, 2016

Two Rare Gifts For The Next 20 People Who Register for Suits and Spooks DC 2016

Suits and Spooks DC 2016 is now less than two weeks away and I'd like to make it our best attended event in the five years since I founded this security forum. To that end, I'm giving away two rare gifts for the next 20 people who register for a full two day pass ($599 for Industry; $499 for Gov't and Academia).

The first gift is an autographed and personalized 2nd edition copy of my book Inside Cyber Warfare (O'Reilly Media, 2011). The Russia section alone has been praised by Russia and China cyberwarfare expert Lt. Col. Timothy Thomas as containing unique material not found anywhere else.

The second gift is a 2011 Plank Holder Challenge Coin issued at our very first Suits and Spooks event at Facebook's old loft space in Palo Alto. The flip side of the coin says "PLANK HOLDER - SUITS AND SPOOKS 2011 - Palo Alto, CA".

This offer will end once we sell out so act today and pick up your book and challenge coin at the event on Feb 11-12 at the National Press Club.

Full details on the agenda and speakers as well as your registration options are at

Tuesday, January 26, 2016

Kung Fu Panda 3: A Collaboration Between Dreamworks and China's State Council

Kung Fu Panda 3 opens simultaneously in the U.S. and China on Jan 29th to high hopes by Dreamworks Animation and Oriental Dreamworks, which is a joint venture formed with China Media Capital and Shanghai Media Group. A test run of two screenings at various Chinese theaters last weekend yielded an impressive $6.5 million, and January 29th is a coveted opening date in China due to its proximity to the Chinese New Year and Valentines Day.

The Shanghai Media Group is a State-run organization, and animation is a strategic technology that has its own Five-Year Plan. The following is a high level overview from the 12th Five Year plan (2011-2015):
  • Guiding the production of original animation creation
  • Creating a system to make innovation profitable
  • Promoting the balanced development of the animation industry
  • Advancing the technical innovation ability of the animation industry
  • Implementing the strategy for key enterprises and major projects
  • Strengthening talent support
  • Facilitating the animation industry to “go global”
  • Enhancing the international cooperation of the animation industry
  • Encouraging the animation industry to “go global”
  • Safeguarding measures including increasing financial input to the industry, protecting intellectual property, and improving investing and financing policies
China's emphasis on improving its animation production facilities is a double-edged sword for foreign companies. On the one hand, it gives foreign animation companies like Dreamworks (NASDAQ: DWA) or Walt Disney (NYSE: DIS) hard-to-get access to China, which is arguably the most important market in the world. On the other hand, it gives China access to the foreign company's intellectual property through overt technology transfer that happens when foreign companies hire Chinese engineers who eventually leave the foreign company and take their newly found skills to a Chinese animation company. There is also covert technology acquisition which can occur through hacking and other secretive means.

One reason why the Chinese government is so enthusiastic about animation is that it serves the Chinese Communist Party's propaganda function. Song Lei, an expert in the subject and a former employee of China's Ministry of Culture wrote a blog post about Japan and America's use of animation as propaganda (machine translation):
"Of course. Japanese anime serve as propaganda in postwar Japan an important role in East Asian countries have large numbers of young people are fond of Japanese anime, there are tens of thousands of Chinese students learning Japanese because the Japanese anime away every year, the book in Japanese scholars Endo reputation , also devoted to the "knowledge-Japanese" and "Hari clan" generation. American animation also with its strong capital in the world to promote their liberty, equality of the world, the US-centered values, as well as a variety of American superheroes."
Later in the post Song writes that in comparison to Japan and America, China's animation propaganda has just started and the quality is relatively low. This is at least partly why foreign film and animation companies will find open arms in China, at least until China's ambitions in this area have been achieved. When that happens I predict that access to China's market will tighten considerably for those same foreign firms.

Thursday, January 7, 2016

7 Reasons Not To Miss Suits and Spooks DC This Year

#7: The Rise of Global Terrorism

Engage in a discussion about the evolution and expansion of terrorism by the Islamic State with CIA and DOD experts Mark Kelton and Dave Kilcullen.

#6:  Are Commercial Airlines Safe From Hacking

Should you be worried about hackers interfering with the control systems of commercial aircraft? What safety measures are in place to keep that from happening? Jim Vasatka, the Director of Aviation Security at Boeing will answer your questions in a special CLOSED TO THE PRESS briefing.

#5: Is The Cyber Security Industry Over-Valued

Should you invest in the cyber security industry or is the industry vastly over-valued? Niloo Howe, Elad Yoran, and other VCs will share their thoughts.

#4: How Do Adversaries Track U.S. Executives Overseas

Are you an executive who frequently travels overseas? Learn how foreign agents can target you through your mobile device's electronic signature and other means. A retired Navy SOF Chief will walk you through it.

#3: How Can Your Company Do Business In High Risk Countries Without Losing Its IP

If you work for a multinational corporation, learn how your company can do business in high risk nations and not lose your intellectual property to foreign governments or criminal hackers. Panelists: Jody Westby, Joel Brenner, and Jeffrey Carr

#2: How Are Criminals Using Digital Currencies

Hear Will Gragido explain what digital currencies are, how criminals are using them, and whether you should be concerned.

#1: What Legal Regimes Control Cyber Warfare, And How Are They Changing

Listen to NATO, DOD, and legal scholars (Eneken Tikk-Ringas, Gary Brown, and Catherine Lotrionte) debate the legal ramifications of digital attacks against civilian infrastructure and how that may change the way that warfare is conducted.

Only 30 seats remaining. Grab yours today.