tag:blogger.com,1999:blog-4045535749334653152024-03-28T12:51:48.202-04:00TerebratePiercing the fog of the opaque world for my own edificationRickhttp://www.blogger.com/profile/11140485584379281758noreply@blogger.comBlogger49125tag:blogger.com,1999:blog-404553574933465315.post-24138511505961104852020-04-12T09:45:00.000-04:002020-04-12T09:45:31.009-04:00Book Review: In A Sunburned Country by Bill Brysoon<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOHKflDw8SBFhKdo77DXHcr2ZpNZtbyDMXMQZKZZqkuN5aWC46sPyEK6t5AdfPhWTtwkZ6ZJoB6I3M2n9KshjRhGpLYI9MNRYKZmowsxTTtzGMkn8JzuxNFmZU8ODJJ2KnpJHaOm56w0U/s1600/Screen+Shot+2020-04-12+at+09.41.26.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="390" data-original-width="256" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOHKflDw8SBFhKdo77DXHcr2ZpNZtbyDMXMQZKZZqkuN5aWC46sPyEK6t5AdfPhWTtwkZ6ZJoB6I3M2n9KshjRhGpLYI9MNRYKZmowsxTTtzGMkn8JzuxNFmZU8ODJJ2KnpJHaOm56w0U/s320/Screen+Shot+2020-04-12+at+09.41.26.png" width="210" /></a></div>
<span style="font-size: x-large;">**** Recommend it</span><br /><span style="font-size: large;">Highly recommend if you are a Bill Bryson fan. <br />Highly recommend if you are considering a trip to Australia. <br />Recommend if you are interested in Australia.</span><span style="font-size: x-large;"> </span><div>
<span style="font-size: x-large;"><br /></span></div>
<div>
<span style="font-size: x-large;">I have read a number of Bryson books over the years. My wife and I started many years ago by jointly reading "A Walk in the Woods." It was the book we were consuming before going to sleep for the night. That communal experience of smiling and laughing out loud to the observations of Mr. Bryson as he stumbled down the Appalachian Trail made us fans for life. This book, "In a Sunburned Country,” , about his experiences as he stumbled through Australia, just adds to my fondness of him.</span></div>
<div>
<span style="font-size: x-large;"><br /></span></div>
<div>
<span style="font-size: x-large;">He seems to have found a real niche for himself. He is genuinely interested in the world around him; things big and small. He picks something that he doesn’t know anything about, travels to the key places in the world where that the thing exists, and writes about his experiences doing it. His writing is a pleasure, beautiful really, and funny and he is able to condense large ideas into small bite-sized chunks that are easy to understand. And with Australia, that topic aligns with his talents nicely. </span></div>
<div>
<span style="font-size: x-large;"><br /></span></div>
<div>
<span style="font-size: x-large;">What I learned</span></div>
<div>
<ul style="text-align: left;">
<li><span style="font-size: x-large;">The Australian native animal population is exponentially more likely to kill you than anywhere else in the world.</span></li>
<li><span style="font-size: x-large;">It is so large and hostile, that most of the country is unexplored.</span></li>
<li><span style="font-size: x-large;">The people are lovely. </span></li>
<li><span style="font-size: x-large;">Even in this modern day, with comfortable airline travel, most non-Australians consider traveling there to be too remote. </span></li>
<li><span style="font-size: x-large;">Even the locals don’t travel to the outskirts. They are too far and too hostile. </span></li>
<li><span style="font-size: x-large;">Australia has a dark history like most countries and Bryson doesn’t shy away from any of it. </span></li>
</ul>
<span style="font-size: x-large;">In the end, Bryson loves the country and especially the people, and more especially, the remote people. I listened to the book as Bryson narrated it and that adds its own charm. This is his last paragraph: </span></div>
<div>
<span style="font-size: x-large;"><br /></span></div>
<div style="text-align: left;">
<blockquote class="tr_bq">
<span style="font-size: x-large;">"Australia is mostly empty and a long way away. Its population is small and its role in the world consequently peripheral. It doesn’t have coups, recklessly overfish, arm disagreeable despots, grow coca in provocative quantities, or throw its weight around in a brash and unseemly manner. It is stable and peaceful and good. It doesn’t need watching, and so we don’t. But I will tell you this: the loss is entirely ours. You see, Australia is an interesting place. It truly is. And that really is all I’m saying."</span></blockquote>
<br /><h2>
Bill Bryson Books I have Read</h2>
<span style="font-size: x-large;">"A Walk in the Woods: Rediscovering America on the Appalachian Trail” <br />"A Short History of Nearly Everything” <br />"At Home: A Short History of Private Life” <br />"Neither Here nor There: Travels in Europe <br />"In a Sunburned Country” </span><br /><h2 style="text-align: left;">
References</h2>
<span style="font-size: x-large;">"In a Sunburned Country,” by Bill Bryson, Published by Broadway Books 18 June 2000, Last Visited 30 April 2020, <br /><a href="https://www.goodreads.com/book/show/24.In_a_Sunburned_Country">https://www.goodreads.com/book/show/24.In_a_Sunburned_Country</a></span></div>
<div style="text-align: left;">
<span style="font-size: x-large;"><br /></span></div>
<div style="text-align: left;">
<span style="font-size: x-large;">"How to Speak Australian” By ANNETTE KOBAK, NYTs, 20 August 2000, Last Visited 30 April 2020, <br /><a href="https://archive.nytimes.com/www.nytimes.com/books/00/08/20/reviews/000820.20kobakt.html">https://archive.nytimes.com/www.nytimes.com/books/00/08/20/reviews/000820.20kobakt.html</a></span></div>
<div style="text-align: left;">
<span style="font-size: x-large;"><br /></span></div>
<div style="text-align: left;">
<span style="font-size: x-large;">"AUDIO BOOK REVIEW: 'In a Sunburned Country' by Bill Bryson” By Susan Rife , Herald-Tribune/ Friday, 3 April 2015, Last Visited 30 April 2020, </span></div>
<div style="text-align: left;">
<a href="http://ticket.heraldtribune.com/2015/04/03/audio-book-review-in-a-sunburned-country-by-bill-bryson/"><span style="font-size: x-large;">http://ticket.heraldtribune.com/2015/04/03/audio-book-review-in-a-sunburned-country-by-bill-bryson/</span></a></div>
</div>
Rickhttp://www.blogger.com/profile/11140485584379281758noreply@blogger.com0tag:blogger.com,1999:blog-404553574933465315.post-89019539581983831672020-04-11T10:27:00.000-04:002020-04-11T10:34:46.468-04:00Book Review - Andrew Jackson and the Miracle of New Orleans by Brian Kilmeade and Don Yaege,<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfBxtg_8ngRnQY9BvAjX40Dj2C4pxOSmI6kg6MnFwM6IL-V94dtQT1ezY1MJG3J8dr_irammhEvE04g1bWn5hz_2Nr81Dzh2tyoLWG4XvYWsJyiCKWsmwQLjwSPUhRxwQ0YndiVMzr8xk/s1600/Screen+Shot+2020-04-11+at+10.24.19.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="1074" data-original-width="778" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfBxtg_8ngRnQY9BvAjX40Dj2C4pxOSmI6kg6MnFwM6IL-V94dtQT1ezY1MJG3J8dr_irammhEvE04g1bWn5hz_2Nr81Dzh2tyoLWG4XvYWsJyiCKWsmwQLjwSPUhRxwQ0YndiVMzr8xk/s320/Screen+Shot+2020-04-11+at+10.24.19.png" width="231" /></a></div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">*** Liked it</span><br />
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">Recommend if you like historical battles.</span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">Recommend if you have no clue about the War of 1812.</span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">Recommend if you don't know much about President Andrew Jackson. <br /><br />I picked up this book because I really couldn’t remember a damn thing about the War of 1812. I knew that we got the Star Spangled Banner national anthem from this war but didn’t remember why. I knew that I thought President Andrew Jackson was a racist son-of-bitch with his treatment of the American Indians and the Trail of Tears. I also knew that Col Andrew Jackson had a victory in New Orleans from Johnny Horton’s song, "The Battle Of New Orleans.” Lastly, I somehow knew that Davy Crocket served with Jackson in New Orleans before he died at the Alamo. But I didn’t know the details. So, I thought I would try to remedy all of that. <br /><br />Here is the setup. <br /><br />Just 20 years after George Washington defeated the British in the U.S. revolutionary war, the British had impressed some 10,000 American sailors to support the British war with Napoleon. Two years later, the British Navy set a blockade against American vessels delivering cargoes to France. In 1807, the British fired upon the American ship Chesapeake because she would not give up her cargo. The current President Thomas Jefferson enacted an embargo on Great Britain which resulted in a disaster for the American economy. After President James Madison took office (1809), the first battle of the the War of 1812 happened in 1811: the Battle of Tippecanoe. In June 1812, America declared war on Great Britain. The war goes back and forth with victories and defeats on both sides. In August 1814, both sides start negotiating the Peace Treaty of Ghent. That same month, the British captured Washington D.C. and burned it to the ground. Things were not looking good. <br /><br />President Monroe began to worry about the defense of New Orleans. If the British captured the town before the Ghent treaty was signed, the U.S. would be bottled up in the west and would not be able to expand. He tasked Col Andrew Jackson to defend it. <br /><br />Spoiler Alert: "General Jackson and his multiethnic, multigenerational army made up of people from every American social class and occupation had come together to do what Napoleon had failed to do: destroy the finest fighting force in the world.” [1] <br /><br />Jackson crept up on the British bivouac site in the middle of the night to deliver a sneak attack that caught the British by complete surprise. It was a fierce battle and the British lost many soldiers. And then, just as sneakily, Jackson escaped back to his defensive positions before the sunrise. When the British finally regrouped to start their attack, they ran into a withering display of firepower and marksmanship. During the day, the Americans lost some 15 casualties. The British numbers are hard to pin down but some say as high as 2,000. The “Davey Crocket” types in Jackson's Army didn’t miss with their long rifles. Every shot fired resulted in a British casualty. At the end of the day, the British called for a truce to bury their dead comrades and slipped away from New Orleans on their British naval vessels. </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<h2 style="text-align: left;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">Timeline </span></h2>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">1783 - The Revolutionary War ended </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">1803: British begin to impress American sailors and force them to work on British Ships. Nearly 10,000 American sailors were forcibly made by the British navy to work in their ships. This enforcement was made under the British Impressment that was authorized under the Orders-in-Council of the British Monarchy. </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">July 1805: British naval forces started to enforce blockade and the seizure of commercial shipments on American vessels delivering commercial cargoes to France. This measure was enforced by the British government due to their on-going war with the forces of Bonaparte. </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">October 1805: At sea, the British severely defeated the joint Franco-Spanish navy in the Battle of Trafalgar. </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">June 1807: The American ship Chesapeake is fired upon by the British ship Leopard causing an international incident. </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">December 1807: Thomas Jefferson imposes an embargo on Great Britain but it results in economic disaster for American merchants and is discontinued in 1809. </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">March 1809: James Madison is inaugurated President of the United States. </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">November 1811: The Battle of Tippecanoe (in present-day Indiana), considered the first battle of the War of 1812, takes place between Tecumseh's brother, The Prophet, and William Henry Harrison's army.</span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">June 1812: America declares war on Great Britain. </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">July 1812: General William Hull enters Canada. This is the first of three failed attempts made by the U.S. to invade Canada. The British force the surrender of Fort Michilimackinac (in present-day Michigan). </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">August 1812: General William Hull surrenders to General Isaac Brock at Detroit. </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">January 1813: British and Indian allies repel American troops at the Battle of Frenchtown (present-day Michigan). American survivors are killed the following day in the Raisin River Massacre (present-day Michigan). </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">April 1813: U.S. troops capture and burn the city of York (present-day Toronto). </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">May 1813: The siege of Fort Meigs (present-day Ohio). </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">September 1813: Captain Perry defeats the British at the Battle of Lake Erie. </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">October 1813: The warrior Tecumseh is killed at the Battle of the Thames (Canada). </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">November 1813: The Battle of Crysler's Farm (Canada). </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">July 1814: The Battle of Chippawa (Canada). The Battle of Lundy's Lane (present-day Niagara Falls, Ontario, Canada). </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">August 1814: Peace negotiations begin in Ghent. </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">August 24-25, 1814: The British burn Washington, DC in retaliation for the burning of York. President James Madison flees the Capital. </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">September 1814: The Battle of Plattsburg on Lake Champlain is a major American victory, securing its northern border. The Battle of Baltimore takes place at Fort McHenry, where Francis Scott Key wrote The Star Spangled Banner. </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">December 1814: The Treaty of Ghent: Americans and British diplomats agree to the terms of a treaty and return to the status quo from before the war. </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">January 1815: Andrew Jackson defeats the British at the Battle of New Orleans. </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">February 1815: The Peace Treaty is ratified and President Madison declares the war over. </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span>
<h2 style="text-align: left;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">Notes from the book and other sources </span></h2>
</div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">The end of the war and its best moments—a handful of sea battles won by U.S. warships, the rocket’s red glare that illuminated a giant flag in Baltimore (memorialized by the barrister Francis Scott Key), and, most of all, the Battle of New Orleans—provided Americans with a new sense of nationhood. In Europe, particularly among the inhabitants of Great Britain, a new recognition emerged that their American cousins couldn’t be regarded merely as poor relations; one had to respect a people who stood up and defended themselves against the British Empire. Once dismissed by George Gleig as “an enemy unworthy of serious regard,”24 the American military—whether regular or militia, army or navy or marines—had become a force to be reckoned with. </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">General Andrew Jackson had melded a largely amateur force into an army, one that had vanquished a sophisticated force perhaps twice its size. His attack on December 23 had been a masterstroke, one that stunned the British and bought Jackson and the defenders of New Orleans essential time. The general had marshaled his limited naval resources to harry the British from the Mississippi. He had improvised a brilliant defensive strategy. He had exercised restraint and discipline. He deployed his men in a way that took advantage of their strengths as riflemen and minimized their weaknesses. His tactics forced General Pakenham’s well-drilled force to confront American strengths on U.S. terms.</span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">His orientations were the essential verities: duty to country (at first that meant region but, with the life-changing events in Louisiana, it became nation); duty to God; and duty to family, not only, in the narrow sense, to his relations but also to his neighbors, whom he regarded as his brothers and his sisters, and to his men and those who voted for him, whom he regarded as children given unto his care. </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">But in 1818, pursuing the Seminoles at President Monroe’s orders, he wrested Florida from Spain, and then served as its territorial governor. </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">The 1828 election ended differently when changes in voter eligibility (property requirements for suffrage were eliminated in most states, quadrupling the electorate) helped Jackson prevail. </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">Davy Crockett became a U.S. congressman and later died at the Alamo, but not before writing his colorful, if rather folkloric, A Narrative of the Life of David Crockett, of the State of Tennessee (1834). </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">On the other side of the line, Sir John Lambert and John Keane—unlike the deceased generals Pakenham and Gibbs—made it back to Europe alive. Both joined the Duke of Wellington in defeating Napoleon once more, this time at the Battle of Waterloo, on June 18, 1815. </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">Jackson’s failure to properly defend the west bank raises another what-if. Many military historians believe that, given only slightly altered circumstances, the capture of Patterson’s position could have been catastrophic to the American cause. </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">He made a series of decisions that have come to be seen as wise, even profound, in the eyes of most commentators: his double-time march on Pensacola; his flexible approach to defending the city of New Orleans; his surprise attack on December 23; his choice to shift from offense to defense; his decision before the big day to make his stand at the Rodriguez Canal and then to remain safely behind his ramparts after January 8, 1815. </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">On reading the accounts in most textbooks, the student comes away with the sense that the War of 1812 ended in a draw. </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">Rachel, but the stresses of the 1828 election Just days after the close of the hard-fought electoral battle, Rachel Jackson was indeed summoned by her Lord, stricken with an intense pain in her left arm, shoulder, and chest. Suddenly, the president-elect was in mourning for the love of his life.</span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">Andrew Jackson had long been an advocate of what he called “Indian removal.” As an Army general, he had spent years leading brutal campaigns against the Creeks in Georgia and Alabama and the Seminoles in Florida–campaigns that resulted in the transfer of hundreds of thousands of acres of land from Indian nations to white farmers. As president, he continued this crusade. In 1830, he signed the Indian Removal Act, which gave the federal government the power to exchange Native-held land in the cotton kingdom east of the Mississippi for land to the west, in the “Indian colonization zone” that the United States had acquired as part of the Louisiana Purchase. (This “Indian territory” was located in present-day Oklahoma.) [2] </span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span>
<br />
<br />
<br />
<h2 style="text-align: left;">
<span style="font-size: x-large;">Lyrics to the Battle of New Orleans </span></h2>
<br />
<br />
<span style="font-size: x-large;">In 1814 we took a little trip</span><br />
<span style="font-size: x-large;">Along with Colonel Jackson down the mighty Mississip.</span><br />
<span style="font-size: x-large;">We took a little bacon and we took a little beans</span><br />
<span style="font-size: x-large;">And we caught the bloody British in the town of New Orleans.</span><br />
<span style="font-size: x-large;"><br /></span>
<span style="font-size: x-large;">[Chorus:]</span><br />
<span style="font-size: x-large;"><br /></span>
<span style="font-size: x-large;">We fired our guns and the British kept a'comin.</span><br />
<span style="font-size: x-large;">There wasn't nigh as many as there was a while ago.</span><br />
<span style="font-size: x-large;">We fired once more and they began to runnin' on</span><br />
<span style="font-size: x-large;">Down the Mississippi to the Gulf of Mexico.</span><br />
<div>
<span style="font-size: x-large;"><br /></span></div>
<span style="font-size: x-large;">We looked down the river and we see'd the British come.</span></div>
<div>
<span style="font-size: x-large;">And there must have been a hundred of'em beatin' on the drum.</span></div>
<div>
<span style="font-size: x-large;">They stepped so high and they made the bugles ring.</span></div>
<div>
<span style="font-size: x-large;">We stood by our cotton bales and didn't say a thing.</span></div>
<div>
<span style="font-size: x-large;"><br /></span></div>
<div>
<span style="font-size: x-large;">[Chorus]</span></div>
<div>
<span style="font-size: x-large;"><br /></span></div>
<div>
<span style="font-size: x-large;">Old Hickory said we could take 'em by surprise</span></div>
<div>
<span style="font-size: x-large;">If we didn't fire our muskets 'til we looked 'em in the eye</span></div>
<div>
<span style="font-size: x-large;">We held our fire 'til we see'd their faces well.</span></div>
<div>
<span style="font-size: x-large;">Then we opened up with squirrel guns and really gave 'em ... well</span></div>
<div>
<span style="font-size: x-large;"><br /></span></div>
<div>
<span style="font-size: x-large;">[Chorus]</span></div>
<div>
<span style="font-size: x-large;"><br /></span></div>
<div>
<span style="font-size: x-large;">Yeah, they ran through the briars and they ran through the brambles</span></div>
<div>
<span style="font-size: x-large;">And they ran through the bushes where a rabbit couldn't go.</span></div>
<div>
<span style="font-size: x-large;">They ran so fast that the hounds couldn't catch 'em</span></div>
<div>
<span style="font-size: x-large;">Down the Mississippi to the Gulf of Mexico.</span></div>
<div>
<span style="font-size: x-large;"><br /></span></div>
<div>
<span style="font-size: x-large;">We fired our cannon 'til the barrel melted down.</span></div>
<div>
<span style="font-size: x-large;">So we grabbed an alligator and we fought another round.</span></div>
<div>
<span style="font-size: x-large;">We filled his head with cannon balls, and powdered his behind</span></div>
<div>
<span style="font-size: x-large;">And when we touched the powder off, the gator lost his mind.</span></div>
<div>
<span style="font-size: x-large;"><br /></span></div>
<div>
<span style="font-size: x-large;">[Chorus]<br /></span></div>
<div>
<span style="font-size: x-large;">Yeah, they ran through the briars and they ran through the brambles</span></div>
<div>
<span style="font-size: x-large;">And they ran through the bushes where a rabbit couldn't go.</span></div>
<div>
<span style="font-size: x-large;">They ran so fast that the hounds couldn't catch 'em</span></div>
<div>
<span style="font-size: x-large;">Down the Mississippi to the Gulf of Mexico.</span></div>
<div>
<br /></div>
<div>
<h2 style="text-align: left;">
<span style="font-size: x-large;">Sources</span></h2>
<span style="font-size: x-large;">[1] "Andrew Jackson and the Miracle of New Orleans: The Battle That Shaped America's Destiny,” by Brian Kilmeade and Don Yaege, Sentinel, 24 October 2017, Last Visited 7 April 2019,</span></div>
<div>
<a href="https://www.goodreads.com/book/show/34350212-andrew-jackson-and-the-miracle-of-new-orleans"><span style="font-size: x-large;">https://www.goodreads.com/book/show/34350212-andrew-jackson-and-the-miracle-of-new-orleans</span></a></div>
<div>
<span style="font-size: x-large;"><br /></span></div>
<div>
<span style="font-size: x-large;">[2] "Trail of Tears,” by History, Last Visited 7 April 2019,</span></div>
<div>
<a href="https://www.history.com/topics/native-american-history/trail-of-tears"><span style="font-size: x-large;">https://www.history.com/topics/native-american-history/trail-of-tears</span></a></div>
<div>
<span style="font-size: x-large;"><br /></span></div>
<div>
<span style="font-size: x-large;">[3] "Johnny Horton - The Battle Of New Orleans Lyrics,” by MetroLyrics, Last Visited 7 April 2019,</span></div>
<div>
<a href="http://www.metrolyrics.com/the-battle-of-new-orleans-lyrics-johnny-horton.html"><span style="font-size: x-large;">http://www.metrolyrics.com/the-battle-of-new-orleans-lyrics-johnny-horton.html</span></a><br /><br /></div>
</div>
Rickhttp://www.blogger.com/profile/11140485584379281758noreply@blogger.com0tag:blogger.com,1999:blog-404553574933465315.post-42155631724621362442020-04-11T09:48:00.001-04:002020-04-11T09:49:22.274-04:00Book Review: The Burning: Massacre, Destruction, and the Tulsa Race Riot of 1921 by Tim Madigan<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPyyKxoLKNm10Szv0vt2BP50dChNyfu43HwMxkPrrxg3CclllIe_DyalVQCk4anqND4k30xQtiSpvXyoxh61cRkNLUfxAQCgbECVEOcq6_e_HkVGrAM8HbHwZy8xUx9-g4GBOIJD1EKwM/s1600/Screen+Shot+2020-04-11+at+09.44.27.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="487" data-original-width="334" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPyyKxoLKNm10Szv0vt2BP50dChNyfu43HwMxkPrrxg3CclllIe_DyalVQCk4anqND4k30xQtiSpvXyoxh61cRkNLUfxAQCgbECVEOcq6_e_HkVGrAM8HbHwZy8xUx9-g4GBOIJD1EKwM/s320/Screen+Shot+2020-04-11+at+09.44.27.png" width="217" /></a></div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">I hate the the KKK. </span><br />
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">I know, saying that out loud is not that brave. How can anybody disagree with the notion that, according to the Equal Justice Initiative, this American domestic terrorist organization was either directly or indirectly responsible for the murder of over 4,400 American citizens between the end of the Civil War and the end of WWII by the particularly gruesome method of racial terror lynchings? Just to put that number into perspective. If we counted the dead for these racial terror lynchings the same way we counted the dead for American war efforts, The KKK would be responsible for the 5th largest American body count far exceeding the dead in the Spanish-American War (2,446) and the civilians killed on 9/11 (2,997) but coming in just behind the dead in the Revolutionary War (4,435.) And yet, most non-black Americans don’t know this or if they do, don’t care. It is definitely not taught in our schools. Even last year, I was definitely in that category of white Americans who knew that the KKK was bad but didn’t understand the extent. And then I watched the excellent HBO show called “Watchman.” </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">The opening scene depicts the 1921 race riots in Tulsa Oklahoma that wiped out the thriving black community there and killed, according to the City of Tulsa's Report of the Race Riot Commission in the year 2000, between 100 and 300 people and made homeless of some 8,000 people more. In the HBO show, the whites used three WWI bi-planes to drop bombs on the black side of town. When I saw that, I said to myself, "that must be an exaggeration to give the episode some pop. That can’t be true." </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">It is totally true. </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">In the commentary, the HBO producers mentioned that they lifted the idea of the bi-plane bombings from this book: "The Burning: Massacre, Destruction, and the Tulsa Race Riot of 1921.” Madigan did extensive research on the survivors in order to tell the stories of the lead up to the event, the actual race riot, the efforts of the city to cover it up after, and finally, the efforts to excavate the event from secrecy in the 70s and 80s. When another domestic terrorist organization bombed the Oklahoma City courthouse in 1995 that killed 195 people, local papers reported the event as the biggest singular death count from domestic terrorism ever. No state media outlet reported the Tulsa Race riot numbers. </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">And Tulsa wasn’t isolated either. During the same period, there were 17 other race riots with similar death counts from big cities like New York, Detroit, and New Orleans but also smaller towns like Memphis (Tennessee), Clinton (Mississippi), and Virden (Illinois). In most, tensions between the races were tense and something small ignited the conflagration. But in Wilmington (Delaware) race riot, the whites organized a coup of the city government in conjunction with the violence they orchestrated. After it was over, the U.S. national government looked the other way. </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">The one idea coming out of the City of Tulsa's Report of the Race Riot Commission in the year 2000 is the idea of reparations paid to the riot's victims. Nothing more than symbolic nods has been done in that direction since the report came out, but the idea of reparations sets up the HBO show: “Watchman." </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">But, as I said, I hate the KKK. </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-size: x-large;"><span style="font-family: "arial" , "helvetica" , sans-serif;">So, I recommend this book for no other reason than Madigan tells the stories of the survivors before they all passed away. Their stories deserve to be heard. </span><br /></span><br />
<h2 style="text-align: left;">
<span style="font-size: x-large;"><span style="font-family: "verdana" , sans-serif;">American War Dead </span></span></h2>
<span style="font-size: x-large;"><span style="font-family: "arial" , "helvetica" , sans-serif;">1,000 Soldiers: </span></span><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">Indian War (1775 - 1924)</span><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"> </span></div>
<div>
<span style="font-size: x-large;"><br /><br /><span style="font-family: "arial" , "helvetica" , sans-serif;">1,565: Persian Gulf War </span><br /><span style="font-family: "arial" , "helvetica" , sans-serif;">2,260: War of 1812 </span><br /><span style="font-family: "arial" , "helvetica" , sans-serif;">2,446: Spanish-American War </span><br /><span style="font-family: "arial" , "helvetica" , sans-serif;">2,977: 9/11 </span><br /><br /><br /><span style="font-family: "arial" , "helvetica" , sans-serif;">4,400: Racial Terror Lynchings between Reconstruction and WWII </span></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">4,435: Revolutionary War </span></div>
<div>
<span style="font-size: x-large;"><br /><br /><span style="font-family: "arial" , "helvetica" , sans-serif;">6,959: "War on Terrorism" </span><br /><br /><br /><span style="font-family: "arial" , "helvetica" , sans-serif;">13,283: Mexican War </span><br /><br /><br /><span style="font-family: "arial" , "helvetica" , sans-serif;">54, 246; Korean War </span><br /><span style="font-family: "arial" , "helvetica" , sans-serif;">90,220: Vietnam War </span><br /><span style="font-family: "arial" , "helvetica" , sans-serif;">116,516: WWI </span><br /><br /><br /><span style="font-family: "arial" , "helvetica" , sans-serif;">405,399: WWII </span><br /><br /><br /><span style="font-family: "arial" , "helvetica" , sans-serif;">498,332: Civil War </span><br /><br /><br /></span><br />
<h2 style="text-align: left;">
<span style="font-size: x-large;"><span style="font-family: "verdana" , sans-serif;">References </span></span></h2>
<span style="font-size: x-large;"><br /><br /><span style="font-family: "arial" , "helvetica" , sans-serif;">"Even more black people were lynched in the U.S. than previously thought, study finds,” by Mark Berman, The Washington Post, 10 February 2015, Last Visited 30 April 2020, </span><br /><a href="https://www.washingtonpost.com/news/post-nation/wp/2015/02/10/even-more-black-people-were-lynched-in-the-u-s-than-previously-thought-study-finds/" style="font-family: Arial, Helvetica, sans-serif;">https://www.washingtonpost.com/news/post-nation/wp/2015/02/10/even-more-black-people-were-lynched-in-the-u-s-than-previously-thought-study-finds/</a></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">"LYNCHING IN AMERICA Confronting the Legacy of Racial Terror,” by the Equal Justice Initiative Third Edition, Last Visited 30 April 2020, <br /><a href="https://eji.org/wp-content/uploads/2019/10/lynching-in-america-3d-ed-080219.pdf">https://eji.org/wp-content/uploads/2019/10/lynching-in-america-3d-ed-080219.pdf</a></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">"RACIAL VIOLENCE IN THE UNITED STATES SINCE 1660,” By Black Past, Last Visited 30 April 2020, </span></div>
<div>
<a href="https://www.blackpast.org/special-features/racial-violence-united-states-1660/"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">https://www.blackpast.org/special-features/racial-violence-united-states-1660/</span></a></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">"Terror in the Streets,” By Thomas J. Sugrue, NYTs, Last Visited 30 April 2020, <br /><a href="https://www.washingtonpost.com/archive/entertainment/books/2002/03/10/terror-in-the-streets/499f11e8-b7ef-45af-ae4f-3163748991b6/">https://www.washingtonpost.com/archive/entertainment/books/2002/03/10/terror-in-the-streets/499f11e8-b7ef-45af-ae4f-3163748991b6/</a></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">"The Burning: Massacre, Destruction, and the Tulsa Race Riot of 1921,” by Tim Madigan, Published by Thomas Dunne Books, 9 July 2013, Last Visited 30 April 2020, <br /><a href="https://www.goodreads.com/book/show/18878569-the-burning">https://www.goodreads.com/book/show/18878569-the-burning</a></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: x-large;">"Tulsa Race Massacre,” by <a href="http://history.com/">History.com</a> editors, 21 October 2019, Last Visited 30 April 2020, <br /><a href="https://www.history.com/topics/roaring-twenties/tulsa-race-massacre">https://www.history.com/topics/roaring-twenties/tulsa-race-massacre</a></span></div>
</div>
Rickhttp://www.blogger.com/profile/11140485584379281758noreply@blogger.com0tag:blogger.com,1999:blog-404553574933465315.post-59470567958921776052020-04-11T09:36:00.000-04:002020-04-11T09:36:09.378-04:00Book Review: Zealot: The Life and Times of Jesus of Nazareth by Reza Aslan<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZLdiXMt5ljyc6WiLrSuqdPXYiH4F99zXJHy1t1E2XiYbzmkiXpHK1mZKgRTMhd2DVym7fwEEO70GGaA7_23SxCptQiRS8a9f7yAs94G_qZ9FcxtCU7Fi-9ea8wm1GAO0Zzvfi5QX7e-k/s1600/Screen+Shot+2020-04-11+at+09.32.51.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="1132" data-original-width="732" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZLdiXMt5ljyc6WiLrSuqdPXYiH4F99zXJHy1t1E2XiYbzmkiXpHK1mZKgRTMhd2DVym7fwEEO70GGaA7_23SxCptQiRS8a9f7yAs94G_qZ9FcxtCU7Fi-9ea8wm1GAO0Zzvfi5QX7e-k/s320/Screen+Shot+2020-04-11+at+09.32.51.png" width="206" /></a></div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">**** Recommend it</span><div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;"><br />When it first came out in 2013, this book took a lot of heat from religious scholars that did not agree with Reza Aslan’s point of view. I think there were some sour greats too because it shot to the top of the NYTs best seller's list and the the many works of these scholars' on the same material did not. One of their main points was that since Reza Aslan was not saying something new about the material, somehow the book had no value. It is the same reaction that scholars give Malcom Gladwell too. These two authors synthesize deep research on complex subjects outside their field and try to make it readable and entertaining for the masses. When you do that, you are going to explain some of the deep-level details wrong or at least with not enough nuance to be completely correct. In other words, instead of writing an entire book on the subject or a chapter, the idea might get a sentence. For a non-scholar like me, I find that valuable. </span><div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">From my side, the big hit on Aslan’s “research” is that he clearly states in numerous examples that the accepted gospels of the New Testament— Mark, Matthew, Luke and John— and other religious documents written at the same time are pure fiction, but then he cites them routinely to make his points. From his point of view, he would probably say that he was trying to get at the historical meaning of the Gospels by analyzing what they said not as historical truths but by analyzing what they were trying to say. He also states in the foreword that biblical scholars unanimously agree that if a fact is present in all four of the Gospels, then it is likely a historical truth. I find that ludicrous. </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">But I did find the book fascinating. Aslan gave me some things to think about in areas that I had not considered before.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">Here is what I learned: </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;"><br /></span></div>
<div>
<ul style="text-align: left;">
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">The bulk of Aslan's ideas came from a 1967 book called “Jesus and the Zealots” written by S.G.F. Brandon</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">During Jesus’ ministry (28-30 CE), there were 72 disciples. Some were women and named in the Gospels. But the inner circle, The Twelve, were the principal bearers of Jesus’s message—the apostoloi, or “ambassadors”—apostles sent off to neighboring towns and villages to preach independently and without supervision. They would not be the leaders of Jesus’s movement, but rather its chief missionaries. Yet the Twelve had another more symbolic function, one that would manifest itself later in Jesus’s ministry. For they will come to represent the restoration of the twelve tribes of Israel, long since destroyed and scattered. </span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">The texts used by scholars to research the historical Jesus were not written by historians. In fact the idea of a historian who checks and triple checks every fact was unknown to these writers. They were trying to craft a consistent message, dogma, or doctrine. They weren’t interested in historical facts. </span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">Jesus was not the only messiah running around Jerusalem. Before and after his death, there were boatloads of them. Rome considered all of them seditionists and when they caused enough trouble, Roman leaders would have them crucified. </span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">Jesus was not the only miracle worker running around Jerusalem either. There were tons. Magic was a thing back in the day and showmen and miracle workers not associated with religion were legitimate ways to make a living. </span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">The two other men crucified with Jesus had a sign on their cross labeled “lestai” which meant bandit or Thief. But these words meant seditionist back in the day, not just simple thievery. Rome reserved crucifixion for revolting slaves as an example to deter. Jesus’s sign reads “ ‘titulus' meaning KING OF THE JEWS. His crime: striving for kingly rule; sedition. And so, like every bandit and revolutionary, every rabble-rousing zealot and apocalyptic prophet who came before or after him—like Hezekiah and Judas, Theudas and Athronges, the Egyptian and the Samaritan, Simon son of Giora and Simon son of Kochba—Jesus of Nazareth is killed for daring to claim the mantle of king and messiah.” </span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">The famous biblical story of Pontious Pilate, washing his hands of the entire matter, is likely pure fiction. He signed the death orders of many jews during his reign and likely didn’t give Jesus a second thought. </span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">The biblical story of Mary and Joseph traveling to Bethlehem for the census is likely pure fiction too. Jesus was born in Nazareth, a small backwater. Mary was also likely an unwed mother. </span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">The biblical story of Jesus on a rampage inside the Jerusalem Temple represents what Jesus was about compared to the other Messiahs. Rome’s playbook after conquering a land was to appoint local leaders to run things and to collect taxes. They let the conquered people keep their religions. In Jerusalem priests worked for the Romans, not the Jewish people. The poor had no way to even access the temple. You had to pay big money even to get close and most of that went to the local Jewish priests (plus taxes off the top for the Romans.) Jesus thought that anybody in the religion could have access to God without having to pay money. He thought the the Jewish priests were corrupt. The Jewish priests wanted Jesus crucified, not the Jewish people. </span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">Jesus’ reign lasted only two years from the time he came into Jerusalem until his death. </span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">"Jesus was part of a large family that included at least four brothers who are named in the gospels—James, Joseph, Simon, and Judas—and an unknown number of sisters who, while mentioned in the gospels, are unfortunately not named.” </span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">James, Jesus’ brother, became the leader of the movement after Jesus’ death. He was well respected by the Jewish people and devout to the Tora. He followed all the rules as well as preached about Jesus’ way of bringing God to everybody. </span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">Paul was a rebel. He preached Jesus’ way but said you didn’t have to follow the Tora Rules. </span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">Team James mostly stayed in Jerusalem. They hated what Paul was doing outside of Jerusalem and brought him back a couple of times to chew his ass. When the Romans razed Jerusalem in 70 CE, they destroyed all of the writings of Team James. After the destruction, the bulk of the writings that survived came from Paul as he wrote letters to Jewish leaders outside Jerusalem. His promise that you could be close to God without having to follow the Torah appealed to gentiles especially in Rome and thus became the incipient split of Christianity and Jewish faith. </span></li>
</ul>
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="font-size: x-large;">I enjoyed this book. I never understood why the Jews wanted to crucify one of their own until I read this. I never understood how Christianity split from the Jewish faith. I never understood the relationships between Jesus, John the Baptist, and Paul and I defiantly didn’t know about the significance of Jesus’ brother, James. I recommend it. </span><br /><br /><br /><span style="font-size: x-large;">References </span><br /><br /><br /><span style="font-size: x-large;">"Zealot: The Life and Times of Jesus of Nazareth,” by Reza Aslan, Read by Reza Aslan, Published by Random House (NY), 16 July 2013, Last Visited 30 April 2020, </span><br /><br /><a href="https://www.goodreads.com/book/show/17568801-zealot"><span style="font-size: xx-small;">https://www.goodreads.com/book/show/17568801-zealot</span></a></span> </div>
</div>
</div>
Rickhttp://www.blogger.com/profile/11140485584379281758noreply@blogger.com0tag:blogger.com,1999:blog-404553574933465315.post-40213081647024227682018-08-23T22:49:00.000-04:002018-08-23T22:49:09.800-04:00Book Review: Black Hills by Dan Simmons<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">I put “Black Hills” into my reading queue a while back because I actually grew up in the Black hills and thought it would be an interesting lark to read a novel about my home town. But because I was disappointed by another book of the same name, "Black Hills” by Nora Roberts, I stayed away.</span><div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Aside: Really, it was clear to me that Mrs. Roberts had never been in South Dakota. Why she set her romance novel there I will never know. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Later, I read other Dan Simmons' books like “Hyperion,” “Summer of Night,” and “The Terror” and was blown away by his writing skill and his story telling. I cried my eyes out during “Hyperion,” sat up up in bed petrified reading “Summer of Night,” and was gobsmacked about what British sailors had to endure as their officers tried to find the Northwest Passage in “The Terror." </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">But Simmons’ “Black Hills” is off the charts in terms of level of difficulty compared to these other three. I can’t even describe the skill required to pull off this crazy and complicated story. He chooses just one life span of a Lakota Sioux Indian named Paha Sapa (means Black Hill in Lakota) from just before the Battle of the Little Big Horn in 1876 to just after World War II (Late 1950s?). In between, Paha Sapa manages to touch such grand events as the Chicago World’s Fair, the construction of the Brooklyn Bridge, the Dust Bowl, the Buffalo Bill Wild West Show, and the construction of Mount Rushmore. Along the way, he meets General Armstrong Custer, Armstrong's wife Libby, Sitting Bull, Wild Bill Cody, Crazy Horse, and Gutzon Borglum (Mount Rushmore’s sculptor). And the writing skill that Simmons demonstrates by weaving a story around all of these events and historical figures to tell the tale of the Lakota Sioux as a people, the 7th Cavalry and the encroachment of the Wasichu, the White Man with his technology of steam engines, electricity and grand design, is nothing short of amazing.</span></div>
<div>
<br /></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Things I learned: </span><br /></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">1: General Customer was neither a military genius who sacrificed his life for his country nor a moronic blowhard who sacrificed his men needlessly. According to Simmons, Custer had two things going against him. First, he had bad intel about the size of the Indian force (as many as 11,000 Indians were in the area.) Custer only had 600 men and he split them into three smaller groups for the attack in order to make it seem that large cavalry forces were attacking from many sides. The other impacting factor was that the Indian warriors did something they had never done before. For every battle in Custer’s experience, in the face of the cavalry, the Indian warriors would fight a bit but run away to save the tribe. At the Little Big Horn, they stood and fought. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">2: Most American Indians hate the Mount Rushmore Monument and probably hate the Crazy Horse Monument more. Crazy Horse certainly would have hated it. He would not let anybody take his picture or make a portrait. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">3: Gutzon Borglum had grand plans for Mount Rushmore. His designs included extending the monument into something called the Hall of Records where he planned an inside-the-mountain museum of sorts designed to hold the country’s important documents. He even started work on it in the late 1930s and 1940s. But, during the run up to WWII, the country had no appetite to spend resources on a mountain top in the middle of nowhere. In 1998, the Borglum Family and the National Park System installed a titanium vault into the unfinished hall and placed 16 porcelain enamel panels of the United States Constitution and other important historical documents. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">4: The sex life of General Customer and his wife Libby was … forward thinking. <br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">5: The Wasichu were not the only people to blame for the eradication of the great buffalo herds and the war on the Indian tribes. The Indians had a part to play too. They were just as wasteful with the Buffalo as the White Man were and they were constantly at war with some other tribe. Don’t get me wrong, the Wasichu have plenty to answer for in terms of innocent slaughter, broken promises, and just plain villainy. But it was not all one-sided. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Simmons included a lot of Lakota language throughout the story. Because I listened to the book through Audible as opposed to reading it from a dead tree book, I unintentionally enriched my experience. The narrators, Erik Davies and Michael McConnohie, went to great pains to pronounce the words correctly and to speak the proper cadence and emphasis of the language. I think if I was reading the book, I would have skipped right over that material. Because they spoke it out loud, I got a sense of authenticity from it. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">If you are from South Dakota or Montana, you will thoroughly enjoy this book. Simmons walks you all over those two states and provides excellent descriptions of the site where the Battle of Little Bighorn happened, Mount Rushmore, the Homestake Gold Mine in Lead (my hometown), Deadwood, and the land of the Black Hills. If you are not from South Dakota but are simply a Simmons fan, you will marvel at his continued ability to excel within many different genres. if you are new to Simmons, strap in. You will be amazed.</span></div>
<div>
<br /></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Sources </span></div>
<div>
<br /></div>
<div>
<span style="font-family: Times, Times New Roman, serif;"><span style="font-size: x-large;">[1] "Black Hills,” by Dan Simmons, Reagan Arthur Books, narrated by Erik Davies and Michael McConnohie, Published 2010, Last Visited 21 August 2018</span><br /><a href="https://www.goodreads.com/book/show/6505519-black-hills"><span style="font-size: xx-small;">https://www.goodreads.com/book/show/6505519-black-hills</span></a></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[2] "Hall Of Records - Tunnel beside Mt.Rushmore with a titanium vault <br />Curionic. (2014). Hall Of Records - Tunnel beside Mt.Rushmore with a titanium vault. [online] Available at: </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: xx-small;"><a href="https://curionic.com/blog/hall-of-records-tunnel-beside-mt-rushmore-with-a-titanium-vault">https://curionic.com/blog/hall-of-records-tunnel-beside-mt-rushmore-with-a-titanium-vault</a> [Accessed 24 Aug. 2018]. </span><br /><br /><span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">References</span><br /><span style="font-family: Times, Times New Roman, serif;"><span style="font-size: x-large;">"Black Hills,” by Dan Simmons, Reagan Arthur Books, Published 2010, Last Visited 21 August 2018</span><br /><a href="https://www.goodreads.com/book/show/6505519-black-hills"><span style="font-size: xx-small;">https://www.goodreads.com/book/show/6505519-black-hills</span></a></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif;"><span style="font-size: x-large;">Publisher’s Weekly Review of "Black Hills,” by Dan Simmons, 21 December 2009, Last Visited 21 August 2018 </span><br /><a href="https://www.publishersweekly.com/978-0-316-00698-9"><span style="font-size: xx-small;">https://www.publishersweekly.com/978-0-316-00698-9</span></a></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif;"><span style="font-size: x-large;">Book World Review of "Black Hills,” author Dan Simmons, Reviewer Barbara Ehrenreich, Washington Post, 16 March 2010, Last Visited 21 August 2018 </span><br /><a href="http://www.washingtonpost.com/wp-dyn/content/article/2010/03/15/AR2010031502855.html"><span style="font-size: xx-small;">http://www.washingtonpost.com/wp-dyn/content/article/2010/03/15/AR2010031502855.html</span></a></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif;"><span style="font-size: x-large;">"Dan Simmons discusses his new book: "Black Hills,” by Dan Simmons, 5 January 2010, Last Visited 21 August 2018 </span><br /><a href="https://www.youtube.com/watch?v=srBGLGI3D7g"><span style="font-size: xx-small;">https://www.youtube.com/watch?v=srBGLGI3D7g</span></a></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif;"><span style="font-size: x-large;">"THE TRUTH ABOUT GEORGE ARMSTRONG CUSTER,” by Frederick J. Chiaventone, Cowboys and Indians, June 2016, Last Visited 21 August 2018 </span><br /><a href="http://www.cowboysindians.com/2016/04/the-truth-about-george-armstrong-custer/"><span style="font-size: xx-small;">http://www.cowboysindians.com/2016/04/the-truth-about-george-armstrong-custer/</span></a></span><br /><br /><br /><span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Other Books that I have read by Simmons and Recommend</span><br /><br /><span style="font-family: Times, Times New Roman, serif;"><span style="font-size: x-large;">"Hyperion (Hyperion Cantos #1)" by Dan Simmons, Published 26 May 1989 by Bantam Spectra, Last Visited 21 August 2018 </span><br /><a href="https://www.goodreads.com/book/show/77566.Hyperion"><span style="font-size: xx-small;">https://www.goodreads.com/book/show/77566.Hyperion</span></a></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif;"><span style="font-size: x-large;">"The Terror,” by Dan Simmons, Published 8 January 2007 by Little, Brown and Company, Last Visited 21 August 2018 </span><br /><a href="https://www.goodreads.com/book/show/3974.The_Terror"><span style="font-size: xx-small;">https://www.goodreads.com/book/show/3974.The_Terror</span></a></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif;"><span style="font-size: x-large;">"Summer of Night (Seasons of Horror #1),” by Dan Simmons, Published 1991 by Warner Books, , Last Visited 21 August 2018</span><br /><a href="https://www.goodreads.com/book/show/11279.Summer_of_Night"><span style="font-size: xx-small;">https://www.goodreads.com/book/show/11279.Summer_of_Night</span></a></span></div>
</div>
Rickhttp://www.blogger.com/profile/11140485584379281758noreply@blogger.com0tag:blogger.com,1999:blog-404553574933465315.post-66003770410560251362018-08-12T22:14:00.000-04:002018-08-12T22:14:54.037-04:00Book Review: "How Great Science Fiction Works,” by Gary K. Wolfe, Course Review by Rick Howard <div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivsKCop4IVKLTQ0oEXg75tmWrkJbA32WQMOzIgO0ONA4zKdRLzHpmYS3znNJCttWAKuQPLbzihyIjrZ9LaF3iEvbXl0wCcoIGsjoOCAgK9H3UgVTvIj2Vp7Gv1GRexOzjUuyIHGEBEHTA/s1600/Screen+Shot+2018-08-12+at+10.12.52+PM.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="653" data-original-width="888" height="235" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivsKCop4IVKLTQ0oEXg75tmWrkJbA32WQMOzIgO0ONA4zKdRLzHpmYS3znNJCttWAKuQPLbzihyIjrZ9LaF3iEvbXl0wCcoIGsjoOCAgK9H3UgVTvIj2Vp7Gv1GRexOzjUuyIHGEBEHTA/s320/Screen+Shot+2018-08-12+at+10.12.52+PM.png" width="320" /></a></div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">I very much enjoyed Dr. Wolfe’s Great Courses lecture. I have always considered myself to be a science fiction fan, but after listening to these lectures, I learned that there are numerous holes in my science fiction education that I will have to get busy filling. </span><div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">To my great surprise, I learned that the mother of science fiction is Mary Shelly, the author of ‘Frankenstein; or The Modern Prometheus,” published in 1818. She was the first author to tell a fictional tale where the catalyst of the entire story arc was a bit of science that was tantalizingly just out of modern reach. Electricity might be able to reanimate dead tissue. What a great idea. The fact that a woman created an entire genre of writing is fascinating by itself but when you consider that she did it when, at the time, respectable women didn’t write novels and especially didn’t write horror/gothic novels, Shelly’s accomplishment is extraordinary. And she wasn’t done there. Some scholars say she is the first author to create a post-apocalyptic novel too when she published, "The Last Man” in 1826. </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">On the other end of the spectrum, I was saddened to discover that men treated women and minorities just as badly in the science fiction family as they did everywhere else. Although Shelly’s Frankenstein was fabulous start, science fiction has largely been, until recently, an American and British tradition and mostly written by white people. That is slowly changing now, but since Shelly’s beginning to Ursula K. Le Guin’s "The Left Hand of Darkness" in 1969, the story authors and pulp magazine editors that published these stories were not diverse. There were exceptions of course, but the bulk of the writers were white and American or British. </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">What I found the most interesting about Dr. Wolf’s explanation of science fiction though was my realization that there isn’t much difference between science fiction and other genres. They all tell fictional stories. Literature scholars rate good literature higher than the other forms because authors tell good stories that are realistic but also illuminate some piece of the human condition: love, sadness, life, death, etc. Authors who can write at multiple levels like that are very good at their craft.</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">Other genres are normally frowned on by literature scholars because the authors usually tell fantastical stories; stories that would never happen in the real world. Science Fiction authors use not-yet-existing-but plausible science to explain visionary possibilities. Fantasy authors uses magic and/or the supernatural to explain their whimsical, imaginary, and even grotesque tales. Horror writers uses the supernatural to explain their stories of the macabre. But even these lesser forms of storytelling, as judged by the literature scholars, could be literature too if they illuminated the human condition somehow as many of the great science fiction books do. The difference between literature fans and science fiction fans though is that, sometimes, science fiction fans just want a rip-roaring story that doesn’t make us think too much; stories like space operas and space westerns where there are lots of spaceships and robots and flying cities and the heroes save the day and they don’t give a hoot about the human condition. Science fiction fans will take some illumination of the human condition but it is not a prerequisite. </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">I recommend Dr. Wolfe’s Great Course. I learned a lot and because of it, I have a deep stack of great science fiction to discover. </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">References</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">“Frankenstein; or The Modern Prometheus,” by Mary Shelly, published by Lackington, Huges, Harding, Mavor, and Jones, 1818, Last Visited 10 August 2018,</span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: xx-small;">https://www.thegreatcoursesdaily.com/mary-shelley-science-fiction/</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">"FRANKENSTEIN PUBLISHED,” History.com Staff, 2009, A+E Networks, Last Visited 8 August 2018, </span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: xx-small;">http://www.history.com/this-day-in-history/frankenstein-published</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">"How Great Science Fiction Works,” by Gary K. Wolfe, Audible Audio, The Great Courses, #2984, Published 8 January 2016 by The Teaching Company, Last Visited 8 August 2018,</span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: xx-small;">https://www.goodreads.com/book/show/29338161-how-great-science-fiction-works</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">"How Great Science Fiction Works: Course Guidebook” by Professor Gary K. Wolfe, Roosevelt University, Published by The Great Courses, 2016. </span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">“This Day in History, 11 Mar 1818, Frankenstein Published,” History, Last Visited 8 August 2018,</span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: xx-small;">https://www.history.com/this-day-in-history/frankenstein-published</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">"The Last Man,” by Mary Wollstonecraft Shelley, published by Galignani, 1826, Last Visited 10 August 2018, </span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: xx-small;">https://books.google.com/booksid=l78NAAAAQAAJ&printsec=frontcover&source=gbs_ge_summary_r&cad=0#v=onepage&q&f=false</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">"Mary Shelley: Meet The Teenage Girl Who Invented Science Fiction,” by Whitney Milam, Digital Communications at National Security Action, 11 July 2015, Last Visited 10 August 2018,</span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: xx-small;">https://amysmartgirls.com/mary-shelley-meet-the-teenage-girl-who-invented-science-fiction-3735d785411c</span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;">"Mary Shelley, Frankenstein and the Villa Diodati,” by Greg Buzwell, Discovering Literature: Romantics and Victorians, British Library, 15 May 2014, Last Visited 8 August 2018,</span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: xx-small;">https://www.bl.uk/romantics-and-victorians/articles/mary-shelley-frankenstein-and-the-villa-diodati</span></div>
</div>
Rickhttp://www.blogger.com/profile/11140485584379281758noreply@blogger.com0tag:blogger.com,1999:blog-404553574933465315.post-26783600791421549692018-02-15T20:42:00.001-05:002018-02-15T20:42:53.059-05:00Cryptocurrency, Blockchain and Bitcoin: It All Seems So Mysterious<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijZiORCf20IoEsClI-2VkRw1CZaCa1YDihoNe1fhQsFDus2mDzCUF3kE3PMj07uYUz9efeAuHYbu5-L9nucwnYVzbaDXrj69CorSLnSHgSaKSD1RXKuzbJNqe9POCboa2HvdP41EW0c2g/s1600/shutterstock_1025514778.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="1067" data-original-width="1600" height="213" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijZiORCf20IoEsClI-2VkRw1CZaCa1YDihoNe1fhQsFDus2mDzCUF3kE3PMj07uYUz9efeAuHYbu5-L9nucwnYVzbaDXrj69CorSLnSHgSaKSD1RXKuzbJNqe9POCboa2HvdP41EW0c2g/s320/shutterstock_1025514778.jpg" width="320" /></a></div>
<span style="font-family: Verdana, sans-serif; font-size: x-large;">Executive Summary</span><div>
<br /></div>
<div>
When Satoshi Nakamoto published his seminal paper called Bitcoin: A Peer-to-Peer Electronic Cash System in October 2008, he started what is arguably the first viable cryptocurrency. Bitcoins have steadily increased in value from its inception to today where one bitcoin is worth some $6,500 and its success has encouraged the development of some thousand other cryptocurrencies. But it begs the question, how does an electronic string of digits contain any value at all and why do the 22 million Bitcoin practitioners in the world today think this is so special? To answer the value question, you have to remember why any currency system has value. The U.S. dollar has value because we all agree that it does. Bitcoins have value because 22 million Bitcoin practitioners have faith that it does too. Bitcoins are also scarce meaning that there is a finite number in the world. This has a contributing affect to why bitcoins have increased in value. To answer why Bitcoin is special, you have to consider how current monetary systems work. They are mostly managed by a central authority whom practitioners have to trust will do the right thing in terms of processing transactions, exposing fraud and keeping the privacy of their customers secret. Cryptocurrencies decentralize this process in a peer-to-peer electronic distributed system that uses transparent math to establish trust. Two underlying technologies make this work: public key encryption and blockchain. Public key encryption allows the system to guarantee that a transaction between two parties is legitimate and cannot be forged. Blockchain is a transparent ledger that everybody can view but is so computationally expensive to alter that fraud is practically impossible. The blockchain technology has worked for digital currency but this evolution in decentralized consensus systems might have other applications like decentralized cloud storage systems, smart contracts, voting systems, and loyalty programs. Developers can apply the blockchain technology to really anything that involves electronic transactions and investors are pouring money into companies that are pursuing these ideas.</div>
<div>
<br /></div>
<div style="text-align: left;">
<span style="font-family: Verdana, sans-serif; font-size: x-large;">A String of Digits is worth $6,500?</span></div>
<div>
<br /></div>
<div>
Cryptocurrency in general, and Bitcoin specifically, have been in the news for over a decade. But since all Cryptocurrencies including Bitcoin reside on the internet, and the underlying blockchain technology uses a lot of math, and cyber criminals adopted it early, many of us feel like the entire thing is a bit of a mystery and, perhaps, might be a tad illegal. I barely understand how the internet works in the first place and now I am expected to get my head around a viable alternative money system that has no central authority, doesn’t really exist in the physical world, and yet has the unique property that one digital coin, a long sequence of electronic digits, is worth well over $6,500? [1] I decided to see if I could open this internet-currency-black-box to see if could shed some light on it. </div>
<div>
<br /></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: x-large;">The Rise of Digital Currencies</span></div>
<div>
<br /></div>
<div>
Lets begin with why a bitcoin has value. In order to understand that, you have to understand why any money has value. If you want to engage in a dash of existential crisis fun, try this on for size. Money has value because we all agree that it has value. Let that sink in for a while. The reason that a U.S. hundred-dollar bill is worth a hundred-dollar’s worth of goods and services is that everybody in the world believes that it does. On face value, it is kind of silly. A piece of paper with the number “$100” printed on it allows me to exchange that piece of paper for a giant steak dinner at a fancy restaurant in Las Vegas. It is kind of ludicrous when you say it out loud like that. If tomorrow the entire world decided that paper money wasn’t worth anything and instead, giant cremini mushrooms had all the value, we would all be toting around bags of tasty mushrooms to exchange for our steak dinners. Thank goodness we all agreed on paper as the way to go. There are lots of economic reasons why this works though and I will not get into them here, but the bottom line is that we all agree that paper money is worth something and that makes the world go around. </div>
<div>
<br /></div>
<div>
Back in 2008, when the U.S. housing crisis started to threaten the world economic situation, some libertarian, free-thinking, privacy advocating, crypto-heads, created the first viable digital money: Bitcoin. According to New York Times journalist Nathaniel Popper, these scientists had been working on the technology for decades, were concerned about government surveillance and didn’t trust big banks backed by those same governments to adequately protect the monetary system. What they created was a decentralized and practically anonymous monetary system that would survive if big institutions failed and wouldn’t allow big governments to spy on its citizens. Unlike the online financial systems that we are all familiar with today, there are no middlemen in this digital currency system who you have to trust with your money and your personal information. [2] </div>
<div>
<br /></div>
<div>
As with paper money, Bitcoin has value because everybody that is a member of the Bitcoin network believes that it does. There are currently some 22 million libertarian, free-thinking, privacy advocating, crypto-heads that do. But Bitcoin is just one example of a digital currency. It is arguably the most successful but there are literally over a thousand digital currencies trying to become popular. All of them though rely on two underlying technologies: public key encryption and something called the blockchain. </div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: x-large;">Public Key Encryption for the Technically Challenged</span></div>
<div>
<br /></div>
<div>
Public key cryptography sounds scary but let me try to simplify it. Back in 1976, Whitfield Diffie and Martin Hellman proved that they could use “math" to generate two long strings of digits called public and private keys or key pairs. The interesting property about the key pairs is that you can’t derive one key from the other. In other words, if you have one, you can’t use “math" to derive the other. It is mathematically impossible. With the key pairs though, you can perform two powerful tasks: encryption and signing. For encryption, your mom can encrypt a message to you using your public key that only you can decrypt with your private key. In practice, you can broadcast your public key to everybody in the world. Anybody can use it to encrypt messages that only you can decrypt. You may have seen one or two public keys in your email and didn’t realize what they were. If you have ever noticed a bunch of random letters appended to an email message that starts with ——BEGIN PGP PUBLIC KEY, that is somebody sending you their public key. </div>
<div>
<br /></div>
<div>
For signing, the idea is similar only in reverse. Your mom can sign a message to you using her private key and you can use her public key to verify it is from your mom. In other words, you can be absolutely certain that the message you received is from your mom and not some internet scammer trying to bilk you out of some money. </div>
<div>
<br /></div>
<div>
With the Bitcoin system, when I want to send a bitcoin to my mom, I use my iPhone app to send one bitcoin to her by using her public key, verifying the recipient of the transaction, and signing the transaction with my private key, verifying that I authorized the transaction. There is a lot more going on under the hood, but that is the general idea. </div>
<div>
<br /></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: x-large;">Blockchain for the Technically Challenged</span></div>
<div>
<br /></div>
<div>
At a high level, blockchain is not that hard to understand. It is essentially a transparent ledger that all users of the digital currency can review. The technical specifics on how this is done is a little different for every digital currency but the general idea is the same. With the Bitcoin system, every Bitcoin practitioner has a copy of the ledger for every bitcoin transaction that has ever occurred. The system has complete transparency. It is also almost completely anonymous. Members of the Bitcoin practitioners network do not know exactly who did each transaction. They do know that two unique parties made the transaction, the value of the transaction, and when the system completed the transaction. </div>
<div>
<br /></div>
<div>
If I want to send a Bitcoin to my mom, I use an app on my phone to start the transaction. In the mean time, all the other Bitcoin practitioners are doing the same, initiating transactions to move bitcoins from one member to another. The system collects all of these transactions into a transaction block roughly every 10 minutes. The system wraps the transaction bloc into a computationally intensive math problem and hands it over to a collection of Bitcoin “miners.” The miners collectively agree that the problem is complex enough to be fair to all miners and begin working on solving the math problem. The miners then compete to solve the math problem quickly. When a miner solves the problem and allows the other miners to check her work, the block of transactions becomes official and the system adds the block to the chain of previous blocks and distributes the chain to the Bitcoin practitioner network. </div>
<div>
<br /></div>
<div>
The blockchain process seems convoluted but there is a purpose. To prevent fraud, the complex math problem that the system generates is dependent on the data from the previous block.The math problem for that block is based on the block before it; on and on to the beginning. If a Bitcoin practitioner wanted to secretly subvert the values in the transaction chain without anybody knowing it, say instead of receiving 1 bitcoin from a transaction they wanted to receive 1,000 bitcoin, they would have to solve all of the math problems from the block they want to change up to the current block in the time it takes the miners to solve the current math problem. If they fail, the resulting blockchain the fraudsters would have at the end would be different than the chain that all other Bitcoin members are working with. It would be worthless. I know that sounds like a lot of computer mumbo jumbo but trust me, there is not enough computational power in the universe to accomplish this feat. </div>
<div>
<br /></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: x-large;">Why Does Bitcoin have Value?</span></div>
<div>
<br /></div>
<div>
Like I said before, Bitcoins have value because the members of the Bitcoin practitioner network have faith that they do. The network has faith that these little collections of digital digits can be used to exchange for goods and services in the real world. One contributing factor to that faith, and perhaps why the value of a single bitcoin has steadily increased since the system’s creation in 2008, is that bitcoins are scarce. </div>
<div>
<br /></div>
<div>
Like other rare items in the real world that have value— diamonds, copies of the first Superman comic, white truffles, Iranian Beluga Caviar, Rhino Horns, and Heroin — they are not easy to get. The father of the blockchain idea, Satoshi Nakamoto, declared that there should not be an endless supply of digital currency. That would make the system worthless. </div>
<div>
<br /></div>
<div>
Think in terms of the paper money supply in the U.S. The leaders of the the U.S. Federal Reserve control the money supply. They try to control for interests rates and inflation. If their actions created an endless supply of paper money, they would be feeding inflation. Digital currencies are not immune to these inflationary forces. </div>
<div>
<br /></div>
<div>
By design, the Bitcoin system will only create a total of 21 million bitcoins ever and it only creates a handful of new bitcoin every time a new block is added to the chain. When the Bitcoin system came on line back in 2008, it added 50 new bitcoins to the market for every new block added. For every 210,000 blocks added since inception, or roughly every 4 years, the system will decrease the number of bitcoins added by half. As of July 2017, the bitcoin system released 12.5 bitcoin for every block added to the chain. The system is expected to reduce that number to 6.25 coins by 2020. </div>
<div>
<br /></div>
<div>
The bottom line is that things that are scarce have value and bitcoins are scarce. </div>
<div>
<br /></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: x-large;">Why do Bitcoin Miners Do the Work?</span></div>
<div>
<br /></div>
<div>
When the system produces new bitcoins for new blocks added to the chain, who gets them? The miners do. As an incentive to do the computational work, the miners that solve the math problem for a particular block gets the bitcoin that the system produces. In the early days, mining was comparatively easy. Early miners had enough horsepower on their home computers to solve the mathematically complex problems themselves. When they did, they each received 50 bitcoin. Back then though, bitcoins were not worth that much. Today, no single user can hope to have enough computational power to solve a particular block in enough time to compete with the other miners. These days, mining is done by mining pools, collections of users working on the same problem, or big conglomerates. Mining pools and companies use specialty hardware specifically designed to use less power and to solve these kinds of math problems. At least some of these conglomerates are making money. A handful made between $70 Million and $100 million annually. [5] This is a good thing. The more miners we have, the more organizations we have checking the work of all the other miners. It keeps everybody honest and it goes to the notion of how trustworthy is the system.</div>
<div>
<br /></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: x-large;">Blockchain Establishes Trust between Two Untrustworthy Partners</span></div>
<div>
<br /></div>
<div>
Blockchain solves the problem that if you have no central authority keeping everybody honest and knowing who everybody is, how do you trust the other side of the transaction when you are most likely transacting with people whom you don’t trust? How do you have faith that if you give a bitcoin directly to another person or system that you will get an equal value returned to you? Satoshi Nakamoto invented what many scientists feel is the next evolution in distributed computing: consensus. In the early 1980s, early attempts at consensus computing needed all members of the network to be in allegiance with each other. Nakamoto’s system assumes that they are not and guards against it. According to Morgan Peck, Nakamoto replaced the allegiance system with mathematical confidence. [4] It is no wonder that cyber criminals adopted it early as a form of payment. In her Ted Talk about blockchains in 2016, Bettina Warburg said, "As humans, we find ways to lower uncertainty about one another so that we can exchange value.” [3] The blockchain is how we lower uncertainty with digital currency. </div>
<div>
<br /></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: x-large;">Bitcoin Problem: Scalability</span></div>
<div>
<br /></div>
<div>
The big problem with Bitcoin is scalability. As more and more people join the network and start initiating transactions, the time it takes to complete a transaction has gone up; sometimes taking days or weeks instead of minutes. In July 2017, some members of the bitcoin network forked off their own version of Bitcoin, called Bitcoin Cash, because they wanted a faster system and disagreed with the Bitcoin community on how to fix it. Their version has larger blocks in the blockchain in attempt to create faster transaction speeds. Another group forked off their version on 24 October 2017. Their version is called Bitcoin Gold and it attempts to lower the math complexity required to solve for each block so that miners do not have to belong to large miner pools or be owned by a large consortiums.</div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: x-large;">Blockchain Technology: What Else Can It Do?</span></div>
<div>
<br /></div>
<div>
Whether or not Bitcoin succeeds, or any other digital currency that uses blockchain as the underlying technology, remains to be seen. It is still early in the game. But you can see where a technology like blockchain might be useful in all kinds of arenas where people and corporations and governments have to officially transact with each other. Venture capitalists are pouring money into startups that are trying to build decentralized cloud storage systems, smart contracts, voting systems, and loyalty programs to name a few. </div>
<div>
<br /></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: x-large;">Wrapping Up</span></div>
<div>
<br /></div>
<div>
When Satoshi Nakamoto published his seminal paper in October 2008, he changed the world in the domain of consensus building in distributed systems. Instead of insisting on mutually agreeable allegiance to keep the distributed system going, he assumed that nobody would trust each other and kept all members honest by inventing a system of mathematical confidence. The result was a cornucopia of cryptocurrency digital systems, over a thousand online today, that use two underlying technologies: public key encryption and blockchain. At a high level, they are not too difficult to understand. With Bitcoin specifically, the system uses public key encryption to guarantee that a transaction between two parties is legitimate and uses blockchain as a transparent ledger so that all members can independently check that the system has not been tampered with. Nakamoto specifically designed scarcity into the system. In other words, bitcoins are hard to come by and that design principle may be one of the reasons that the value of bitcoins have generally increased since the inception. As with all monetary systems though, bitcoins ultimately have value because there are people who have faith that they do and are willing to invest their own money to reap the rewards. One offshoot of the cryptocurrency evolution though is that there may be other uses of the blockchain technology for other kinds of transaction systems and many investors are pouring money into these potential uses. </div>
<div>
<br /></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: x-large;">One More Thing: Who is Satoshi Nakamoto</span></div>
<div>
<br /></div>
<div>
In the original white paper that explained the underlying technology to most modern-day cryptocurrencies but especially Bitcoin, Satoshi Nakamoto is listed as the author. The white paper is titled Bitcoin: A Peer-to-Peer Electronic Cash System. The thing is, nobody knows who the researcher is. He or she has never appeared in public and only communicates via email or in public forums. The last time anybody has heard from Nakamoto is in April 2011. As far as anybody can tell, “Satoshi Nakamoto” is a pseudonym. It may represent one person or a collective. Wired magazine quotes one Bitcoin developer named Laszlo Hanyecz, "Bitcoin seems awfully well designed for one person to crank out." In 2014, Newsweek wrongly pointed to a 64-year-old Japanese American named Dorian Prentice Satoshi Nakamoto who has denied the attribution. An Australian named Craig Steven Wright claimed the name but researchers have since shown that Wright submitted false evidence to back his claim. Researchers from Aston University attribute the author to be Nick Szabo based on writing style comparisons (Stylometry) from the original paper and Szabo’s public writing. Nakamoto gives credit to Szabo in the original paper for a precursor cryptocurrency to Bitcoin called Bit Gold. It is rumored that the NSA has done their own writing analysis and knows who the author is but they are not saying. Nakamoto may be the person who completed the first Bitcoin transaction, a guy by the name of Hal Finney. But he died in 2014 so he is not telling. It is a giant internet mystery. Whomever Nakamoto is, he is worth about $4.3 billion because of all the bitcoins he has. </div>
<div>
<br /></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: x-large;">Sources</span></div>
<div>
<br /></div>
<div>
[1] "Bitcoin (USD) Price Closing Price." by coindesk, 11 November 2017, Last Visited 11 November 2017, </div>
<div>
https://www.coindesk.com/price/</div>
<div>
<br /></div>
<div>
[2] "Once An Underground Currency, Bitcoin Emerges As 'A New Way To Track Information,'" Terry Gross Interview with Nathaniel Popper, Fresh Air Podcast, 9 November 2017, Last Visited 11 November 2017, </div>
<div>
https://www.npr.org/2017/11/09/563050434/once-an-underground-currency-bitcoin-emerges-as-a-new-way-to-track-information</div>
<div>
<br /></div>
<div>
[3] "How the blockchain will radically transform the economy," by Bettina Warburg, Ted Talks, 8 December 2016, Last Visited 11 November 2017, </div>
<div>
https://www.youtube.com/watch?v=RplnSVTzvnU</div>
<div>
<br /></div>
<div>
[4] "The Future of the Web Looks a Lot Like the Bitcoin Blockchain,” by MORGEN E. PECK, IEEE SPECTRUM, 1 July 2015, Last Visited 13 November 2017,</div>
<div>
https://spectrum.ieee.org/computing/networks/the-future-of-the-web-looks-a-lot-like-bitcoin</div>
<div>
<br /></div>
<div>
[5] "Top 10 Bitcoin miners 2017," by AtoZ, 25 January 2017, Last Visited 25/01/2017,</div>
<div>
https://atozforex.com/news/top-10-bitcoin-miners-2017/</div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: x-large;">References</span></div>
<div>
<br /></div>
<div>
"Bitcoin Rich List," BitInfoCharts, Last Visited 14 November 2017,</div>
<div>
https://bitinfocharts.com/top-100-richest-bitcoin-addresses.html</div>
<div>
<br /></div>
<div>
<div>
"Bitcoin splits again, creating a new cryptocurrency called bitcoin gold that then plunged 66%," by Arjun Kharpal, CNBC, 25 October 2017, Last Visited 14 November</div>
<div>
https://www.cnbc.com/2017/10/25/bitcoin-gold-price-plunges-what-is-hard-fork.html</div>
</div>
<div>
<br /></div>
<div>
"Digital Gold: Bitcoin and the Inside Story of the Misfits and Millionaires Trying to Reinvent Money," by Nathaniel Popper, Harper, 19 May 2015, Last Visited 11 November 2017,</div>
<div>
https://www.goodreads.com/book/show/23546676-digital-gold?ac=1&from_search=true</div>
<div>
<br /></div>
<div>
"Life Inside a Secret Chinese Bitcoin Mine," by Motherboard, 6 February 2017, Last Visited 11 November 2017, </div>
<div>
https://www.youtube.com/watch?v=K8kua5B5K3I</div>
<div>
<br /></div>
<div>
"The Baroque Cycle Collection," by Neal Stephenson, Harper Collins, Published 12 August 2014,</div>
<div>
https://www.goodreads.com/book/show/22535547-the-baroque-cycle-collection?ac=1&from_search=true</div>
<div>
<br /></div>
<div>
"What Is Bitcoin, and How Does It Work?" By NATHANIEL POPPER, NYT, 1 October 2017, Last Visited 11 November 2017, </div>
<div>
https://www.nytimes.com/2017/10/01/technology/what-is-bitcoin-price.html</div>
<div>
<br /></div>
<div>
"Bitcoin Mining," by INVESTOPEDIA, Last Visited 20171112,</div>
<div>
https://www.investopedia.com/terms/b/bitcoin-mining.asp</div>
<div>
<br /></div>
<div>
"Bitcoin: A Peer-to-Peer Electronic Cash System," by Satoshi Nakamoto, October 2008, Last Visited 12 November 2017, </div>
<div>
https://bitcoin.org/bitcoin.pdf</div>
<div>
<br /></div>
<div>
"19 Of The Most Expensive Substances In The World," by Akin Oyedele, Business Insider, 22 September 2014, Last Visited 12 November 2017, </div>
<div>
http://www.businessinsider.com/most-valuable-substances-by-weight-2014-9/#19-white-truffles-1</div>
<div>
<br /></div>
<div>
"Who decides when to print money in the US?" by Investopedia, 25 August 2015, Last Visited 17 November 2017, </div>
<div>
https://www.investopedia.com/ask/answers/082515/who-decides-when-print-money-us.asp#ixzz4yEwV1QXk</div>
<div>
<br /></div>
<div>
"The 21 companies that control bitcoin," by Rob Price, Business Insider, 13 August 2015, Last Visited 12 November 2017, </div>
<div>
http://www.businessinsider.com/bitcoin-pools-miners-ranked-2015-7?r=UK&IR=T/#20-unknown-entity-028-2</div>
<div>
<br /></div>
<div>
"List of top virtual currencies in 2017 and what differentiates them," by Divya Joshi, Business Insider, 19 October 2017, Last Visited 11 November 2017, </div>
<div>
http://www.businessinsider.com/list-top-cryptocurrencies-analysis-comparison-2017-10</div>
<div>
<br /></div>
<div>
"Understanding Public Key Cryptography," by Microsoft, 19 May 2005, Last Visited 14 November 2017, </div>
<div>
https://technet.microsoft.com/en-us/library/aa998077(v=exchg.65).aspx</div>
<div>
<br /></div>
<div>
"Bitcoin: Transaction records," by Zulfikar Ramzan, Kahn Academy, Last Visited 14 November 2017, </div>
<div>
https://www.khanacademy.org/economics-finance-domain/core-finance/money-and-banking/bitcoin/v/bitcoin-transaction-records</div>
<div>
<br /></div>
<div>
"Bitcoin Gold: What to Know About the Blockchain's Next Split," by Alyssa Hertig, coindesk, 23 October 2017, Last Visited 14 November 2017, </div>
<div>
https://www.coindesk.com/bitcoin-gold-know-blockchains-next-split/</div>
<div>
<br /></div>
<div>
"We just got a super smart and simple explanation of what a bitcoin fork actually is," Interview of Nolan Bauerle, the director of research at CoinDesk, by Jacqui Frank, Kara Chin and Trevor N. Cadigan, Business Insider, 1 November 2017, Last Visited 14 November 2017,</div>
<div>
http://www.businessinsider.com/bitcoin-fork-explained-gold-segwit-segwit2x-cash-the-bit-3-2017-10</div>
<div>
<br /></div>
<div>
"15 Unusual Facts & Theories About Mysterious Bitcoin Founder Satoshi Nakamoto Will the real Satoshi Nakamoto please stand up?" By Larry Kim, INC., 18 August 2017, Last Visited 15 November 2017, </div>
<div>
https://www.inc.com/larry-kim/15-unusual-facts-amp-theories-about-mysterious-b.html</div>
</div>
Rickhttp://www.blogger.com/profile/11140485584379281758noreply@blogger.com0tag:blogger.com,1999:blog-404553574933465315.post-89140690727272541752017-10-28T11:33:00.000-04:002017-10-28T10:35:03.491-04:00Why I Vote<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgikVIj7LMZsDeRVFFfDdAiYvJJc_lHCUtD7VGHU4bC7B3e2O3M96S9VsHyytNLWnYlLN2A0cSjAlGYHhkIzdveAgHUubPisROgg9FmUJiPNo-iQyF2gb5bHVmhfkg2-4mQuiXpI9HXVhA/s1600/shutterstock_91273547.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="1067" data-original-width="1600" height="213" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgikVIj7LMZsDeRVFFfDdAiYvJJc_lHCUtD7VGHU4bC7B3e2O3M96S9VsHyytNLWnYlLN2A0cSjAlGYHhkIzdveAgHUubPisROgg9FmUJiPNo-iQyF2gb5bHVmhfkg2-4mQuiXpI9HXVhA/s320/shutterstock_91273547.jpg" width="320" /></a></div>
<div>
<br /><span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Executive Summary</span></div>
<div>
<br /></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">New Jersey and Virginia are holding state elections on 7 November. Some of my friends, family and colleagues tell me they don’t vote. They have lots of reasons. They say that their vote does not count. They say that the system is, at best, a poorly designed system and, at worst, completely corrupt system. They say that they do not follow politics. They say that they don’t have time. This got me to thinking about why I am so on the polar opposite end of those thoughts. I always vote. I began to wonder why that was the case. This essay is my attempt to work that out. What I discovered was that voting for me is about being a man and the example I set for my own children. It is about being an appreciative citizen and not taking for granted the privileges won by the spilt blood of our ancestors. It is about giving back to the community, in some small measure, in order to preserve these rights that men and women thought were so important in our country’s history that they were willing to lay down their lives for it. I vote because the idea of one person, one vote is perhaps the cornerstone to our participative democratic republic, a thing we can point to in our aspiration to the American Exceptionalism ideal, and I don’t want to take it for granted. I vote because of all of the contentious issues that lay before us as a nation, the act of voting is the one thing that we do together to address those issues. I vote because it took the country over 200 years to get the one-person-one-vote idea right through one awful war, five constitutional amendments, numerous national laws and continuous attacks to limit the franchise. I vote because the act is precious to me and I never want to lose the privilege.</span></div>
<div>
<br /></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">My World</span></div>
<div>
<br /></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">I am not a political junky. I don't spend endless hours consuming the philosophical blather from the likes of Rush Limbaugh, John Oliver, Shawn Hannity or Rachel Maddow. I don't have a burning issue; at least not one that I am so passionate about that I accost little old ladies on the street that do not agree with me in an effort to bend them to my will. What I do have is a deep-seated appreciation that many people around the world do not benefit from the same privilege of participative government that I have simply because I happened to be born in this country. </span></div>
<div>
<br /></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Privilege and Participative</span></div>
<div>
<br /></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">Those are two interesting words that describe the design of the U.S. Government system. And yet, I always run into friends, family, colleagues and strangers who don’t vote. They have lots of reasons. “My one vote does not count.” “The Electoral College is rigged.” “I don’t follow politics.” “I don’t like any of the candidates.” “I was too busy to register.” “I had to work that day.” I am always flabbergasted by that logic. For the Howard family, the idea of not voting is never on the table. We clear the day. We make it a Howard event. We don’t talk in terms of “if” we vote. We talk in terms of “when” we vote. And it got me thinking, why do we feel that way? Why does the act of “Not Voting” seem so wrong to us? </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">A few years ago, I took a taxi to the O’Hare Airport from my hotel in Chicago. I learned that my taxi driver, a delightful fellow by the name of Nicky, came from a small country on the east coast of Africa called Eritrea. When he was three years old back in 1993, his country declared independence from their current dictator. By the time he was eight, his family had moved to a refugee camp within the country because the succeeding dictator had dumped them into a war with the neighbors (Yemen and Ethiopia). The regime was so repressive that the lives of Nicky’s family were in danger. Nicky’s parents took the extraordinary step of shipping all three siblings, including Nicky, to America at the first opportunity. When Nicky told me that, I immediately thought about my own kids. How bad would it have to get in my country before I would decide to ship my kids to another country to preserve their safety and future? And how lucky am I that the chances of something like that ever happening in the USA are a million to one? </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">When I get in these moods, I often remind myself about America’s founding fathers. </span></div>
<div>
<br /></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">You Have to Earn the American Exceptionalism Title </span></div>
<div>
<br /></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">When these remarkable and flawed men signed the Declaration of Independence, they may as well have signed their own death warrants and they knew it. If the colonies had lost the war for independence against the British, the royal authorities would have executed them as traitors at the first opportunity. [1] When I think about this collective act of disobedience, this act of defiance in the face of especially low odds of winning the revolutionary war, I am humbled that these patriots were prepared to give their lives in support of a bigger idea; an idea that there could be a better way to govern. That is a high-bar-standard for American exceptionalism and it makes me consider if I have any beliefs within my own personal philosophy that are so strong that I would willingly give my life, and the fortunes of my family, to preserve them. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">When you think about it, you realize that America does not ask much of its citizens for the privilege of living here. Citizens pay taxes and follow the law. That is about it. The country does not compel service, does not compel silence against its policies and does not compel participation in the system. It does not even compel a respect for the system that was so hard fought and won against incredible odds. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">Because of that idea and admittedly other things, some American pundits think that the U.S. is the greatest country in the world. Others think that it is arrogant to claim that title when it clearly lacks in several key metrics that might be used to choose the winner of such a competition. In my mind, both sides misunderstand the implication of the exceptionalism label. When you compare America to the rest of the world, the idea of best has no meaning. Who cares if you are number one or ten or 50? What can you do with that knowledge? What is important is that when you do the comparison, out of the 195 [2] sovereign nations in the world, America has a good chance of being remarkable; of leading in a positive way; of acting as a force of good in the world; of setting an example of how things might be done. When opportunities arise to demonstrate that behavior and we intentionally decide to do something less than that, we do not live up to that potential. We do not live up to the American Exceptionalism ideal that the Founding Fathers gave us. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">For me, the act of voting is one of those opportunities. That simple act of civic duty is a way for me to step up; to give a little something back to this country that has given me and my family so much. However-flawed the voting system is, voting is our modern-day demonstration and one-data-point proof to the world and ourselves that we are worthy of the exceptionalism title. It seems the least I can do. What concerns me is that our right to vote is not guaranteed. If we are not careful and diligent, we may lose that opportunity altogether. </span></div>
<div>
<br /></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Universal Suffrage – A Relatively New Idea and an Idea that We Must Protect </span></div>
<div>
<br /></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">American Universal suffrage, the idea that every citizen gets an equal vote, has not been around that long. Even our well-respected Founding Fathers did not specify in the constitution that universal suffrage was even something they were worried about. From the very beginning, voters were citizens who owned land; a tradition that came over from the old country. This new red, white and blue government excluded Native Americans, Women, Blacks, the Poor and the Illiterate from the voting process. For some, this inconsistency rang falsely. Government leaders kept running into the paradox that if America is indeed a democratic republic, a government by the people, then the laws that govern that body should not exclude anybody from the process. But it was not until the mid-1960s, after five Constitutional Amendments, a Civil War and numerous federal Laws, that the Judicial Branch finally agreed that the constitution guarantees every person the right to vote. (See How the U.S got to Universal Suffrage below [3] </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">But for every step forward in achieving universal suffrage, the country seemed to take two steps back. Elected officials found ways to restrict voting rights from people they thought were unworthy even after passing constitutional amendments prohibiting that behavior. Read that last sentence again. Our elected officials, that same body that pushed for universal suffrage, fought against itself to limit the voting rights of certain citizens. Even after the Civil War when the government passed the 15th amendment in 1856 giving the right to vote to all male races including Blacks, southern state governments began passing local legislation that essentially made it so hard to vote in those states, that by 1900, the 15th amendment might as well have not been passed. [3] </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">But we kept chipping away at it and even though the judicial branch generally supports the universal suffrage idea today, the legislative branch still passes laws that try to limit the franchise. At the conclusion of each decade, the US government completes a constitutionally mandated census to ensure that the number of House of Representative seats reflects the population size within each state. [4][5] Within a tradition that has been going on since the beginning of the nation, the party in power takes the opportunity to redraw congressional district boundaries in a way that will best enable their party officials to get re-elected in the next election. This is called gerrymandering. [6] After the 2010 census and midterm elections, Republicans altered 210 congressional districts and Democrats altered 44 out of a total of 435 (58%). [7][2] For this 2016 presidential election, 14 states have passed restrictive voter ID Laws, inconvenient registration laws and early voting cutback laws. These restrictions tend to affect low income voters, people of color and very old people. [8] In 2016, the U.S. Supreme Court rejected a Texas law designed to fundamentally alter the one person, one vote idea. Texans wanted to change the country’s apportionment rules, the rules that determine the number of U.S. House of Representatives for each state, from total population to simply eligible voters. [9] The Supreme Court rejected the proposal out of hand but the legal action is indicative of our lawmaker’s continuous effort to reduce the franchise. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">In October 2017, the Supreme Court began hearing a case brought against Wisconsin regarding the state’s extreme gerrymandering operations. [10] At issue is the fact that with automation, gerrymandering has become so efficient that even if you were able to vote, even if you were able to surpass all the hurdles that legislatures put before you to prevent you from going to the polls, the state voting districts are so precise that if your party is not in power, your vote essentially does not matter. You can vote all you want but you have no chance to change the status quo. I realize that if the Supreme Court does not shut down the Wisconsin gerrymandering scheme, it proves the point my relatives and friends have been telling me all these years; that the voting system is rigged. Why bother? But that is the point, isn’t it? The only way that these things get turned around is when citizens make enough noise in the political system that their associated politicians think they have to do something about it. That starts with voting.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">The achievement of universal suffrage has been a long-fought battle over the course of the nation’s entire history. Even after the landmark Supreme Court decision in the 1960s, we cannot check this off our list and never think about it again. It is continually attacked by unscrupulous politicians to bend it to their advantage. Even though many Americans would accept that idea that every citizen deserves the right to vote, our elected officials tend to think they have the authority to shape the electorate to their advantage. That is why, when voting time comes around in my state, the idea that I would not cast a vote or exercise the privilege that was so hard-fought and won by our founding fathers (and mothers) does not occur to me. </span></div>
<div>
<br /></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: large;">The Joy of Community Citizenship </span></div>
<div>
<br /></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">Obligations back to the country and threats to universal suffrage are serious issues. Before I turn the reader off completely for being such a downer, let me take it up a notch by describing one of my true pleasures in life. The physical act of voting, for me anyway, is inspiring. I usually go early, before work, so that I can ensure that the normal chaos of the day does not interfere with the voting process. Elections in Virginia, my home state, generally occur in the spring and the fall. The early mornings are usually cool but sunny. When I arrive at the polling station, other like-minded people are doing the same thing. There is a sense of community and purpose; never said out loud but inferred as you say good morning and make small talk with the volunteers and voters that are there with you. My favorite part is standing in line waiting for my turn in the voting booth. I get a big kick out of watching the volunteers, mostly retired old folks, who ensure that the mechanics of the voting process go smoothly. When I get to the desk where the volunteer finds my name on the voter list and checks it off, I can’t help but get a sense of belonging; an inclusiveness within a larger idea that is good and something to care about. And finally, after I make my selections, and turn to walk out of the building, a volunteer always shakes your hand, slaps a “I voted” sticker on your chest and says thanks for voting. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">That is a good morning. </span></div>
<div>
<br /></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Final Thoughts</span></div>
<div>
<br /></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">Voting for me is about being a man and the example I set for my own children. It is about being an appreciative citizen and not taking for granted the privileges won by the spilt blood of our ancestors. It is about giving back to the community, in some small measure, in order to preserve these rights that men and women thought were so important in our country’s history that they were willing to lay down their lives for it. I vote because the idea of one person, one vote is perhaps the cornerstone to our participative democratic republic, a thing we can point to in our aspiration to the American Exceptionalism ideal, and I don’t want to take it for granted. I vote because of all of the contentious issues that lay before us as a nation, voting is the one thing that we do together to address those issues. It took the country over 200 years to get it right through one awful war, five constitutional amendments, numerous national laws and continuous attacks to limit the franchise. I vote because the act is precious to me and I never want to lose the privilege. I vote because I refuse to abdicate my only direct way to influence the process. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">On November 7 (Tuesday), two states are holding general elections: New Jersey and my home state of Virginia. New Jersey citizens are electing 80 delegates to the lower house of the New Jersey General Assembly, currently 52 (D) and 28 (R), 40 senators to the upper house, currently 24(D) and 16 (R), and their governor, currently Chris Christie (R). [11] [12] [13] Virginia citizens are electing 100 delegates to the lower house of the Virginia General Assembly, currently 34 (D) and 66 (R), and their governor, currently Terry McAuliffe (D). [14]</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">I hope that you will join me. </span></div>
<div>
<br /></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Sources</span></div>
<div>
<br /></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">[1] "What if America had lost the Revolution?" by PATRICK J. KIGER, HOWSTUFFWORKS: SCIENCE, 14 February 2012. </span></div>
<div>
<a href="http://science.howstuffworks.com/science-vs-myth/what-if/what-if-america-lost-revolution1.htm"><span style="font-family: Verdana, sans-serif; font-size: xx-small;">http://science.howstuffworks.com/science-vs-myth/what-if/what-if-america-lost-revolution1.htm</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">[2] "Independent States of the World: List of all Sovereign Nations and their Capital Cities," One World Nations Online, 2016, Last Visited 5 November 2016, </span></div>
<div>
<a href="http://www.nationsonline.org/oneworld/states.htm"><span style="font-family: Verdana, sans-serif; font-size: xx-small;">http://www.nationsonline.org/oneworld/states.htm</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">[3] "The Right To Vote: The Contested History Of Democracy In The United States," by Alexander Keyssar, Published August 15th 2000, Basic Books, </span></div>
<div>
<a href="https://www.goodreads.com/book/show/229412.The_Right_To_Vote_The_Contested_History_Of_Democracy_In_The_United_States"><span style="font-family: Verdana, sans-serif; font-size: xx-small;">https://www.goodreads.com/book/show/229412.The_Right_To_Vote_The_Contested_History_Of_Democracy_In_The_United_States</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">[4] "About What We Do," by The United States Census, Last Visited 3 November 2013,</span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: xx-small;">http://www.census.gov/aboutus/ </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">[5] "One Million-Scale Congressional Districts of the United States," by National Atlas, Last Visited 3 November 2013, </span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: xx-small;">http://nationalatlas.gov/mld/cgd113p.html</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">[6] "A modest proposal to neutralize gerrymandering," by David Brin, Salon, 20 October 2013, Last Visited 2 November 2013,</span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: xx-small;">http://www.salon.com/2013/10/20/a_modest_proposal_to_neutralize_gerrymandering/ </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">[7] "Tea Party's House Seats Might Not Be All That Safe," by Karen Weise, BloombergBusinessweek, 14 october 2013, Last Visited 31 October 2013,</span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: xx-small;">http://www.businessweek.com/articles/2013-10-14/tea-partys-house-seats-might-not-be-all-that-safe</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">[8] "New Voting Restrictions in Place for 2016 Presidential Election," by the Brennan Center for Justice, </span></div>
<div>
<a href="http://www.brennancenter.org/voting-restrictions-first-time-2016"><span style="font-family: Verdana, sans-serif; font-size: xx-small;">http://www.brennancenter.org/voting-restrictions-first-time-2016</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">[9] "Supreme Court rejects conservative challenge to ‘one person, one vote,’" By Robert Barnes, The Washington Post, 4 April 2016, Last Visited 5 November 2016,</span></div>
<div>
<a href="https://www.washingtonpost.com/politics/courts_law/supreme-court-rejects-conservative-bid-to-count-only-eligible-voters-for-districts/2016/04/04/67393e52-fa6f-11e5-9140-e61d062438bb_story.html"><span style="font-family: Verdana, sans-serif; font-size: xx-small;">https://www.washingtonpost.com/politics/courts_law/supreme-court-rejects-conservative-bid-to-count-only-eligible-voters-for-districts/2016/04/04/67393e52-fa6f-11e5-9140-e61d062438bb_story.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">[10] "Kennedy’s Vote Is in Play on Voting Maps Warped by Politics," By ADAM LIPTAK and MICHAEL D. SHEAROCT. 3 October 2017, Last Visited 28 October 2017,</span></div>
<div>
<a href="https://www.nytimes.com/2017/10/03/us/politics/gerrymandering-supreme-court-wisconsin.html"><span style="font-family: Verdana, sans-serif; font-size: xx-small;">https://www.nytimes.com/2017/10/03/us/politics/gerrymandering-supreme-court-wisconsin.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">[11] "New Jersey General Assembly," BALLOTPEDIA, Last Visited 26 October 2017</span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: xx-small;">https://ballotpedia.org/New_Jersey_General_Assembly</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">[12] "New Jersey State Senate," BALLOTPEDIA, Last Visited 26 October 2017</span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: xx-small;">https://ballotpedia.org/New_Jersey_State_Senate</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">[13]"New Jersey 2017 ballot measures" BALLOTPEDIA, Last Visited 26 October 2017</span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: xx-small;">https://ballotpedia.org/New_Jersey_2017_ballot_measures</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">[14] "Virginia House of Delegates" BALLOTPEDIA, Last Visited 26 October 2017</span></div>
<div>
<a href="https://ballotpedia.org/Virginia_House_of_Delegates"><span style="font-family: Verdana, sans-serif; font-size: xx-small;">https://ballotpedia.org/Virginia_House_of_Delegates</span></a></div>
<div>
<br /></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">References</span></div>
<div>
<br /></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">"Court Upends Voting Rights Act," by Jess Bravin, The Wall Street Journal, 25 June 2013, Last Visited 3 November 2013, </span></div>
<div>
<a href="http://online.wsj.com/news/articles/SB10001424127887323469804578521363840962032"><span style="font-family: Verdana, sans-serif; font-size: xx-small;">http://online.wsj.com/news/articles/SB10001424127887323469804578521363840962032</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">"Does your vote count? The Electoral College explained," by Christina Greer, 1 November 2012 </span></div>
<div>
<a href="https://www.youtube.com/watch?v=W9H3gvnN468"><span style="font-family: Verdana, sans-serif; font-size: xx-small;">https://www.youtube.com/watch?v=W9H3gvnN468</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">"Everything That’s Happened Since Supreme Court Ruled on Voting Rights Act," by Kara Brandeisky and Mike Tigas, ProPublica, 1 November 2013, Last Visited 3 November 2013,</span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: xx-small;">http://www.propublica.org/article/voting-rights-by-state-map </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">"Florida Defends New Effort to Clean Up Voter Rolls," By LIZETTE ALVAREZ 9 October 2013, New York Times, Last Visited 2 November 2013, </span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: xx-small;">http://www.nytimes.com/2013/10/10/us/florida-defends-new-effort-to-clean-up-voter-rolls.html </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">" 'Outrageous' or overdue?: Court strikes down part of historic voting rights law," by Bill Mears and Greg Botelho, CNN Politics, 26 June 2013, Last Visited 3 November 2013, </span></div>
<div>
<a href="http://www.cnn.com/2013/06/25/politics/scotus-voting-rights/"><span style="font-family: Verdana, sans-serif; font-size: xx-small;">http://www.cnn.com/2013/06/25/politics/scotus-voting-rights/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">“Poll Taxes,” by David F. Forte, Professor of Law, Cleveland-Marshall College of Law, The Heritage Guide to the Constitution, Last Visited 1 November 2014,</span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: xx-small;">http://www.heritage.org/constitution/#!/amendments/24/essays/186/poll-taxes </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">“States With New Voting Restrictions Since 2010 Election,” by Brennan Center for Justice, New York University of Law, Last Visited 1 November 2014, </span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: xx-small;"><a href="http://www.brennancenter.org/new-voting-restrictions-2010-election">http://www.brennancenter.org/new-voting-restrictions-2010-election</a></span></div>
<div>
<span style="font-family: Times, "Times New Roman", serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, "Times New Roman", serif; font-size: large;">“The 24th Amendment Ended the Poll Tax January 23, 1964,” by The Library of Congress, Last Visited 1 November 2014,</span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: xx-small;">http://www.americaslibrary.gov/jb/modern/jb_modern_polltax_1.html </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">“The Dangerous Legal Rule Behind The Supreme Court’s Latest Voter Suppression Decision,” By IAN MILLHISER POSTED, ThinkProgress, 18 OCTOBER 2014, Last Visited 1 November 2014,</span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: xx-small;">http://thinkprogress.org/justice/2014/10/18/3581589/the-dangerous-legal-rule-behind-the-supreme-courts-voter-id-order/ </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">“The State of Voting in 2014,” by Wendy R. Weiser and Erik Opsal, Brennan Center for Justice at New York University School of Law, June 17, 2014, Last Visited 1 November 2014,</span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: xx-small;">http://www.brennancenter.org/analysis/state-voting-2014 </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">"The Voting Rights Act Is in Peril on Its Forty-Eighth Anniversary," by Ari Berman, 6 August 2013, The Nation, Last Visited 3 November 2013, </span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: xx-small;">http://www.thenation.com/blog/175618/voting-rights-act-peril-its-forty-eighth-anniversary# </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">"Virginia election officials purging almost 40,000 voters," by Reid Wilson, 17 October 2013, Washington Post: Gov Beat, Last Visited 2 November 2013,</span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: xx-small;">http://www.washingtonpost.com/blogs/govbeat/wp/2013/10/17/virginia-election-officials-purging-almost-40000-voters/ </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">“Voter Suppression: How Bad? (Pretty Bad),” by Wendy R. Weiser, The American Prospect Longform, Fall 2014, Last Visited 1 November 2014, </span></div>
<div>
<a href="http://prospect.org/article/22-states-wave-new-voting-restrictions-threatens-shift-outcomes-tight-races"><span style="font-family: Verdana, sans-serif; font-size: xx-small;">http://prospect.org/article/22-states-wave-new-voting-restrictions-threatens-shift-outcomes-tight-races</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">“Voter Suppression Backfires in Texas and Wisconsin,” by Ari Berman, The Nation, 10 October 2014, Last Visited 1 November 2014, </span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: xx-small;">http://www.thenation.com/blog/181942/voter-suppression-backfires-texas-and-wisconsin </span></div>
<div>
<br /></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">How the U.S got to Universal Suffrage </span></div>
<div>
<br /></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">5 Constitutional Amendments <br />A Civlil War <br />7 Federal Laws <br />And we are not done yet </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="font-size: large;"><span style="color: blue; font-family: Verdana, sans-serif;">15th Amendment: </span><br /><span style="font-family: Times, Times New Roman, serif;">1869: The states ratified the 15th Amendment granting males of all races, especially former slaves, the right to vote. </span></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="color: blue; font-family: Verdana, sans-serif; font-size: large;">19th Amendment: </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">1920: The states ratified the 19th Amendment granting women the right to vote </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="color: blue; font-family: Verdana, sans-serif; font-size: large;">23rd Amendment: </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">1961: The states ratified the 23rd Amendment giving limited voting rights to the residents of Washington D.C. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="color: blue; font-family: Verdana, sans-serif; font-size: large;">24th Amendment: </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">1964: the states ratified the 24th Amendment banning poll taxes that hindered poor and minority citizens from voting </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="color: blue; font-family: Verdana, sans-serif; font-size: large;">26th Amendment: </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">1971: The states ratified the 26th Amendment lowering the voting age to 18 (because Vietnam vets could fight in a war but could not vote). </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="color: blue; font-family: Verdana, sans-serif; font-size: large;">1870: The Civil Rights Acts </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">Amended 1957, 1960, and 1964 </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">Protections against discrimination in voting </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="color: blue; font-family: Verdana, sans-serif; font-size: large;">1965: Voting Rights Act </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">Prohibits discriminating voting practices based on race, color, or membership in a language in a minority group. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="color: blue; font-family: Verdana, sans-serif; font-size: large;">1984: Voting Accessibility for the Elderly and Handicapped Act </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">Requires polling places to be accessible to people with disabilities. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="color: blue; font-family: Verdana, sans-serif; font-size: large;">1986: Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA): </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">Allows members of the U.S. Armed Forces and overseas voters to both register to vote and vote by mail. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="color: blue; font-family: Verdana, sans-serif; font-size: large;">1993: National Voter Registration Act (NVRA):</span><span style="font-family: Times, Times New Roman, serif; font-size: large;"> </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">Increases opportunities to register to vote and creates procedures for maintaining voter registration lists, making it easier for people to stay registered. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="color: blue; font-family: Verdana, sans-serif; font-size: large;">2002: Help America Vote Act (HAVA): </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">Authorizes federal funds for election administration and creates the U.S. Election Assistance Commission. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;"><br /></span></div>
<div>
<span style="color: blue; font-family: Verdana, sans-serif; font-size: large;">2009: Military and Overseas Voting Empowerment (MOVE) Act:</span><span style="font-family: Times, Times New Roman, serif; font-size: large;"> </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: large;">Amends the Uniformed and Overseas Citizens Absentee Voting Act to improve access to voting by military and overseas voters.</span></div>
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Times;
panose-1:2 0 5 0 0 0 0 0 0 0;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:3 0 0 0 1 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;
mso-font-charset:1;
mso-generic-font-family:roman;
mso-font-format:other;
mso-font-pitch:variable;
mso-font-signature:0 0 0 0 0 0;}
@font-face
{font-family:"Calibri Light";
panose-1:2 15 3 2 2 2 4 3 2 4;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:-1610611985 1073750139 0 0 415 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:-536870145 1073786111 1 0 415 0;}
@font-face
{font-family:"Helvetica Light";
panose-1:2 11 4 3 2 2 2 2 2 4;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:-2147483473 1073750090 0 0 1 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:Calibri;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:Calibri;
mso-fareast-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
h1
{mso-style-priority:9;
mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-link:"Heading 1 Char";
mso-style-next:Normal;
margin-top:12.0pt;
margin-right:0in;
margin-bottom:0in;
margin-left:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan lines-together;
page-break-after:avoid;
mso-outline-level:1;
font-size:16.0pt;
font-family:"Calibri Light";
mso-ascii-font-family:"Calibri Light";
mso-ascii-theme-font:major-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:major-fareast;
mso-hansi-font-family:"Calibri Light";
mso-hansi-theme-font:major-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:major-bidi;
color:#2F5496;
mso-themecolor:accent1;
mso-themeshade:191;
mso-font-kerning:0pt;
font-weight:normal;}
h2
{mso-style-priority:9;
mso-style-qformat:yes;
mso-style-link:"Heading 2 Char";
mso-style-next:Normal;
margin-top:2.0pt;
margin-right:0in;
margin-bottom:0in;
margin-left:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan lines-together;
page-break-after:avoid;
mso-outline-level:2;
font-size:13.0pt;
font-family:"Calibri Light";
mso-ascii-font-family:"Calibri Light";
mso-ascii-theme-font:major-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:major-fareast;
mso-hansi-font-family:"Calibri Light";
mso-hansi-theme-font:major-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:major-bidi;
color:#2F5496;
mso-themecolor:accent1;
mso-themeshade:191;
font-weight:normal;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
mso-themecolor:hyperlink;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-noshow:yes;
mso-style-priority:99;
color:#954F72;
mso-themecolor:followedhyperlink;
text-decoration:underline;
text-underline:single;}
p.MsoNoSpacing, li.MsoNoSpacing, div.MsoNoSpacing
{mso-style-priority:1;
mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:Calibri;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:Calibri;
mso-fareast-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
span.Heading1Char
{mso-style-name:"Heading 1 Char";
mso-style-priority:9;
mso-style-unhide:no;
mso-style-locked:yes;
mso-style-link:"Heading 1";
mso-ansi-font-size:16.0pt;
mso-bidi-font-size:16.0pt;
font-family:"Calibri Light";
mso-ascii-font-family:"Calibri Light";
mso-ascii-theme-font:major-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:major-fareast;
mso-hansi-font-family:"Calibri Light";
mso-hansi-theme-font:major-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:major-bidi;
color:#2F5496;
mso-themecolor:accent1;
mso-themeshade:191;}
span.Heading2Char
{mso-style-name:"Heading 2 Char";
mso-style-priority:9;
mso-style-unhide:no;
mso-style-locked:yes;
mso-style-link:"Heading 2";
mso-ansi-font-size:13.0pt;
mso-bidi-font-size:13.0pt;
font-family:"Calibri Light";
mso-ascii-font-family:"Calibri Light";
mso-ascii-theme-font:major-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:major-fareast;
mso-hansi-font-family:"Calibri Light";
mso-hansi-theme-font:major-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:major-bidi;
color:#2F5496;
mso-themecolor:accent1;
mso-themeshade:191;}
.MsoChpDefault
{mso-style-type:export-only;
mso-default-props:yes;
font-family:Calibri;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:Calibri;
mso-fareast-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.WordSection1
{page:WordSection1;}
-->
</style></div>
Rickhttp://www.blogger.com/profile/11140485584379281758noreply@blogger.com0tag:blogger.com,1999:blog-404553574933465315.post-67835917576340312912017-05-27T07:00:00.000-04:002017-05-27T08:38:47.297-04:00Reborn at Arlington: Memorial Day 2017<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div>
<span style="font-family: "trebuchet ms" , sans-serif; font-size: x-large;"></span></div>
<div>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuLyTmNBFiploo-6Ht8V8RzjOTzW1tISMn2zLjENMMt3PQUv5OEeK6gFepCy4xtvhc4U9DPZtc4vPXNVEeT4ufybV2BGSrGf2FCvQFYe7uyFAjCV9fDQKKt-VygRbMaQlXc5-ylpIVtk4/s1600/Memorial_Day_-_2017.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="416" data-original-width="624" height="212" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuLyTmNBFiploo-6Ht8V8RzjOTzW1tISMn2zLjENMMt3PQUv5OEeK6gFepCy4xtvhc4U9DPZtc4vPXNVEeT4ufybV2BGSrGf2FCvQFYe7uyFAjCV9fDQKKt-VygRbMaQlXc5-ylpIVtk4/s320/Memorial_Day_-_2017.png" width="320" /></a></div>
<div>
<span style="font-size: large;">1,500 US Army soldiers stood on the misty parade field at Fort Meyer waiting for the sun to rise. The leadership had scheduled another morale building yet mandated "fun run" where once a quarter, the entire unit comes together to do PT (Physical Training) in a show of Esprit de Corp and unit cohesion. Since we were all stationed at the Pentagon, many of us had been in the Army for a while. We were a little broken down in the body department and had seen our fair share of these types of events. There we were, at the twilight of our careers, huddled in small groups during the dawn of one more PT morning.</span></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<span style="font-size: large;">Of course, there was the usual grumbling between the older soldiers asking one another if we were motivated yet and if we had a cup of Esprit De Corps to spare. But there was a sprinkling of young soldiers among us too and their shiny new faces kept us old timers from getting too cynical and fussy.</span></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<span style="font-size: large;">As the sun poked up above the horizon, the Army's Command Sergeant Major called the gaggle to attention and the formation began to run. The Non-Commissioned Officers (NCOs) led the assemblage in rousing voice and extolled the virtues of Granny [1], My Girl [2] and the C-130 [3]. Below the roar of the singing, just in the background, you could hear the footsteps of the 1500 strong pounding the pavement in syncopated rhythm.</span></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<span style="font-size: large;">The formation crested the hill overlooking Arlington Cemetery and the vista of Washington DC opened up before us. The Army Colors, at the front of the formation, started their decent towards the Cemetery just as the sun had risen to about the same height as the Washington Monument several miles distant. And still the singing and the pounding drove the formation as it snaked down the hill towards the front gates.</span></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<span style="font-size: large;">As the colors passed into the Cemetery, like a line of dominoes falling, the singing faded away. One platoon after the other fell silent in mute honor of our fallen comrades-in-arms laid to rest in the National Cemetery. As the voices muted, the only sound you could hear was the constant beat, beat, beat of the run and the Army colors whipping in the slight breeze. Nobody spoke except for the occasional NCO keeping everybody in step with a solid, but quiet, 1 - 2 - 3 - 4, 1 -2 - 3 - 4. It was serene. It was sublime.</span></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<span style="font-size: large;">Midway through the run, the Command Sergeant Major called the formation to a halt and commanded us to execute a right-face towards the middle of the cemetery. The rising sun had burned off the last vestiges of mist from the manicured lawns. The breeze trickled through the formation’s silence and the Army Colors at the front. And then we all heard it; that mournful sound of a single bugler playing Taps. [4] He began the music low at first; almost whispering the sound through the horn. But slowly, his crescendo wrapped the listener into a cocoon of sadness, memory, and a sense of loss about the lives that could have been. On that misty morning, young and old soldiers alike shed mutual tears as the bugler played on.</span></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<span style="font-size: large;">When it was done and the silence greeted the end of the song, a chill went down my back. It occurred to me that we were not merely taking a morning jog anymore. We were actually passing in review. These fallen soldiers who performed the ultimate sacrifice for their country were watching us and sizing us up. I hoped that we could pass muster. I had this great desire to let them know that we had the guide-on now and it was in good hands. We would not let them down. I stood a little taller then. As we began to run home, the burden of running was a little lighter. As 1500 boarded the buses to head back to the Pentagon, I realized that this old soldier was less cynical today; less worn for wear. Although I may not have the shiny face of one of those new soldiers, I was reborn this morning. Together, both old and young, we will carry on.</span></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<br /></div>
<div>
<span style="color: blue; font-family: "verdana" , sans-serif; font-size: x-large;">Memorial Day Weekend</span></div>
<div>
<br /></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<span style="font-size: large;">This weekend is Memorial Day Weekend. It is a U.S. holiday that originally began in 1856 as a way for local communities to honor the Union soldiers who died in the U.S. Civil War. After WWI, the meaning of the holiday shifted to include all who have died in American wars. In 1971, the U.S. Congress made the remembrance a national holiday. [5]</span></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<span style="font-size: large;">I wrote the above essay, “Reborn at Arlington,” back in 2000 when I was stationed at the Pentagon and long before the madness of 9/11 kicked in and our Presidents committed our military to over 16 years of war across five different operations [8][16]. Since then, 6,926 U.S. Soldiers and DOD Civilians have been killed and 52,549 have been wounded in action in this everlasting “War on Terrorism.” [6][16] It is now six years older than the Vietnam War, the former longest U.S. War ever (10 years), and there seems to be no end in sight. [10][15] The U.S. still has some 12,457 troops deployed in the Middle East at a cost of $2.1 Million per soldier per year. [15]</span></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<span style="font-size: large;">And you have to ask yourself why? Can you point to one thing that the U.S. got by committing 16 years of blood and treasure to this cause? Can you even articulate what it is we are still fighting in the Middle East for? It is true that this past year, the U.S. has killed many ISIS leaders, taken back key ground in Iraq and has had some success limiting new recruits from streaming into Iraq and Syria. [17] Supporters of the “War on Terrorism” will point to the assassination of Osama Bin Laden and the execution of Saddam Hussein as two big wins. They will say that we are keeping ISIS at bay. But the data is confusing. ISIS has more fighters and recruits and is killing more people in more countries than ever before. [17] As the years go by and the cost of the effort continues to rise, we have to honestly ask ourselves if continuously throwing our military at the problem is the right approach. When is it over? Are we comfortable with the nation conducting a war indefinitely?</span></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<span style="font-size: large;">The U.S. has spent $1.7 Trillion dollars (That is Trillion with a T) on the global “War on Terrorism” since 2001. [11][15] To give you something to compare that to, 1.7 trillion seconds is ~60,000 years [12] Combine that with close to 60,000 killed and wounded to get a sense of the total cost to the nation. [6][12][16] The “War on Terrorism” is the sixth largest U.S. war in terms of military killed out of the 12 that the U.S. has fought. And we are not done. The clock is still ticking.</span></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<span style="font-size: large;">The United States has marked this weekend as a time to honor our fallen soldiers. As President Lincoln said in his Gettysburg Address, “It is altogether fitting and proper that we should do this.” [18] But it occurs to me that instead of taking a day to remember our fallen citizens, that we might make a grander gesture. We might consider demanding that our politicians articulate what we are trying to accomplish in the “War on Terrorism” with more precision. We might consider trying to find a way to bring our military home so that on next year’s Memorial Day, we will not have to add more numbers to the casualty list.</span></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<br /></div>
<div>
<span style="color: blue; font-family: "verdana" , sans-serif; font-size: x-large;">"War on Terrorism" by Operation</span></div>
<div>
<br /></div>
<div>
<span style="color: #38761d; font-family: "verdana" , sans-serif; font-size: large;"><br /></span></div>
<div>
<span style="color: #38761d; font-family: "verdana" , sans-serif; font-size: large;">Operation Enduring Freedom</span></div>
<div>
<br /></div>
<div>
<span style="font-size: large;">The Afghanistan War<br /> From 7 October 2001 to 28 December 2014 [8]<br /> 13 Years<br /> 2,349 U.S. Soldiers and DOD Civilians Killed [6][16]<br /> 20,071 U.S. Soldiers and DOD Civilians Wounded in Action [6][16]</span></div>
<div>
<br /></div>
<div>
<span style="color: #38761d; font-family: "verdana" , sans-serif; font-size: large;">Operation Iraqi Freedom</span></div>
<div>
<br /></div>
<div>
<span style="font-size: large;">The Iraq War<br /> From 19 Mar 2003 to 19 Aug 2010 [8]<br /> 7 Years.<br /> 4,424 U.S. Soldiers and DOD Civilians Killed [6][16]<br /> 31,954 U.S. Soldiers and DOD Civilians Wounded in Action [6][16]</span></div>
<div>
<br /></div>
<div>
<span style="color: #38761d; font-family: "verdana" , sans-serif; font-size: large;">Operation New Dawn</span></div>
<div>
<br /></div>
<div>
I<span style="font-size: large;">raq War Transition<br /> From 1 September 2010 to 15 December 2015 [8]<br /> 5 Years<br /> 73 U.S. Soldiers and DOD Civilians Killed [6][16]<br /> 295 U.S. Soldiers and DOD Civilians Wounded in Action [6][16]</span></div>
<div>
<br /></div>
<div>
<span style="color: #38761d; font-family: "verdana" , sans-serif; font-size: large;">Operation Inherent Resolve</span></div>
<div>
<br /></div>
<div>
<span style="font-size: large;">Military intervention against the Islamic State of Iraq and the Levant<br /> From 15 June 2014 to --- [8]<br /> 3 Years <br /> 42 U.S. Soldiers and DOD Civilians Killed [6][16]<br /> 39 U.S. Soldiers and DOD Civilians Wounded in Action [6][16]</span></div>
<div>
<br /></div>
<div>
<span style="color: #38761d; font-family: "verdana" , sans-serif; font-size: large;">Operation Freedom Sentinel</span></div>
<div>
<br /></div>
<div>
<span style="font-size: large;">The Afghanistan Support Mission<br /> From 1 January 2015 to -- [8]<br /> 2 Years + <br /> 37 U.S. Soldiers and DOD Civilians Killed [6] [16]<br /> 169 U.S. Soldiers and DOD Civilians Wounded in Action [6] [16]</span></div>
<div>
<br /></div>
<div>
<span style="color: #38761d; font-family: "verdana" , sans-serif; font-size: large;">Total "War on Terrorism"</span></div>
<div>
<br /></div>
<div>
<span style="font-size: large;">From 7 October 2001 to -- [8]<br /> 16 Years +<br /> 6,926 U.S. Soldiers and DOD Civilians Killed [6] [16]<br /> 52,549 U.S. Soldiers and DOD Civilians Wounded in Action [6] [16]<br /> Deployed troops in the Middle East: 12,457 [15]<br /> Cost: $2.1 Million per soldier per year [9]</span></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<br /></div>
<div>
<span style="color: blue; font-family: "verdana" , sans-serif; font-size: x-large;">American War Death Toll </span><span style="color: blue; font-family: "verdana" , sans-serif; font-size: xx-small;">[13]</span></div>
<div>
<br /></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<span style="font-size: large;">1,000 (Not including the Native Americans): Indian War<br /> 1,565: Persian Gulf War<br /> 2,260: War of 1812<br /> 2,446: Spanish-American War<br /> 4,435: Revolutionary War<br /><br /><span style="color: red;">6,926: "War on Terrorism"</span><br /><br />13,283: Mexican War<br /><br />54, 246; Korean War</span></div>
<div>
<span style="font-size: large;"> 90,220: Vietnam War<br />116,516: WWI</span></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<span style="font-size: large;">405,399: WWII</span></div>
<div>
<span style="font-size: large;">498,332: Civil War</span></div>
<div>
<br /></div>
<div>
<span style="color: blue; font-family: "verdana" , sans-serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: blue; font-family: "verdana" , sans-serif; font-size: x-large;">Sources:</span></div>
<div>
<span style="color: blue; font-family: "verdana" , sans-serif; font-size: x-large;"><br /></span><span style="font-size: large;"> [1] "Army Cadence - My Old Granny, She's 91," 19 September 2008, Last Visited 27 May 2017,</span></div>
<div>
<span style="font-size: xx-small;">https://www.youtube.com/watch?v=-rGOPJ890zA</span></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<span style="font-size: large;">[2] "C-130 Rollin' Down The Strip," Army Future Soldier Center, 22 October 2013, Last Visited 27 May 2017,</span></div>
<div>
<a href="http://www.youtube.com/watch?v=TjqC4Vdssx4&list=PL303EC8565AA8E7CB&index=31"><span style="font-size: xx-small;">https://www.youtube.com/watch?v=G_5FMn9Ftb0</span></a></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<span style="font-size: large;">[3] "U.S. Army Cadence My Girls A Pretty Girl," 23 October 2013, Last Visited 27 May 2017,</span></div>
<div>
<a href="https://www.youtube.com/watch?v=a80osb2GYBA"><span style="font-size: xx-small;">https://www.youtube.com/watch?v=Zzz_w2QUKTE</span></a></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<span style="font-size: large;">[4] “Montgomery clift trumpet,” From Here to Eternity, Posted 12 March 2007, Last Visited 27 May 2017,</span></div>
<div>
<a href="https://www.youtube.com/watch?v=9fxH-2LnRkc"><span style="font-size: xx-small;">https://www.youtube.com/watch?v=9fxH-2LnRkc</span></a></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<span style="font-size: large;">[5] "10 historical facts about Memorial Day," by Allison Sylte, KSDK-TV, St. Louis, Mo. May 23, 2015, Last Visited 27 May 2017,</span></div>
<div>
<span style="font-size: xx-small;">http://www.usatoday.com/story/news/nation/2015/05/22/historical-facts-memorial-day/27817017/ </span></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<span style="font-size: large;">[6] "A Guide to U.S. Military Casualty Statistics: Operation Freedom’s Sentinel, Operation Inherent Resolve, Operation New Dawn, Operation Iraqi Freedom, and Operation Enduring Freedom," by Hannah Fischer, Congressional Research Service, 7 August 7 2015, Last Visited 27 May 2017.</span></div>
<div>
<span style="font-size: xx-small;">https://fas.org/sgp/crs/natsec/RS22452.pdf</span></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<span style="font-size: large;">[8] "U.S. Periods of War and Dates of Recent Conflicts," by Barbara Salazar Torreon, Congressional Research Service, 27 February 2015, Last Visited 27 May 2017.</span></div>
<div>
<span style="font-size: xx-small;">https://fas.org/sgp/crs/natsec/RS21405.pdf</span></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<span style="font-size: large;">[9] "Where in the World Isn't the U.S. Military?" By Bonnie Kristian, U.S. News and World Report, 4 May 2016, Last Visited 27 May 2017,</span></div>
<div>
<span style="font-size: xx-small;">http://www.usnews.com/opinion/articles/2016-05-04/obamas-secret-troop-deployments-cost-taxpayers</span></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<span style="font-size: large;">[10] "These are America’s 9 longest foreign wars," by Adam Taylor, The Washington Post, 27 May 29 2017.</span></div>
<div>
<span style="font-size: xx-small;">https://www.washingtonpost.com/news/worldviews/wp/2014/05/29/these-are-americas-9-longest-foreign-wars/</span></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<span style="font-size: large;">[11] "The War On Terror Has Cost Taxpayers $1.7 Trillion [Infographic]," by Niall McCarthy, Forbes Magazine, 3 February 2015, Last Visited 27 May 2017,</span></div>
<div>
<span style="font-size: xx-small;">http://www.forbes.com/sites/niallmccarthy/2015/02/03/the-war-on-terror-has-cost-taxpayers-1-7-trillion-infographic/#42b001585cf0</span></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<span style="font-size: large;">[12] "How to Develop a Sense of Scale," by Kalid, Better Explained, 2008, Last Visited 27 May 2017,</span></div>
<div>
<a href="https://betterexplained.com/articles/how-to-develop-a-sense-of-scale/"><span style="font-size: xx-small;">https://betterexplained.com/articles/how-to-develop-a-sense-of-scale/</span></a></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<span style="font-size: large;">[13] "How many Americans have died in U.S. wars?" BY MEGAN CRIGGER AND LAURA SANTHANAM, PBS - WETA, 24 May 2015, Last Visited 27 May 2017,</span></div>
<div>
<a href="http://www.pbs.org/newshour/updates/many-americans-died-u-s-wars/"><span style="font-size: xx-small;">http://www.pbs.org/newshour/updates/many-americans-died-u-s-wars/</span></a></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<span style="font-size: large;">[15] "War on Terror Facts, Costs and Timeline: Whose Spent More on War? Bush, Obama or Trump?" By Kimberly Amadeo, the balance, 26 May 2017</span></div>
<div>
<a href="https://www.thebalance.com/war-on-terror-facts-costs-timeline-3306300"><span style="font-size: xx-small;">https://www.thebalance.com/war-on-terror-facts-costs-timeline-3306300</span></a></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<span style="font-size: large;">[16] OPERATION IRAQI FREEDOM (OIF) U.S. CASUALTY STATUS: FATALITIES AS OF: May 26, 2017, 10 a.m. EDT,</span></div>
<div>
<a href="https://www.defense.gov/casualty.pdf"><span style="font-size: xx-small;">https://www.defense.gov/casualty.pdf</span></a></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<span style="font-size: large;">[17] "Are we winning the war on ISIS & Radical Islam? The President says yes. The experts say no. Here’s a 9-page fact sheet laying out the data," by Joel C. Rosenberg, Joel C. Rosenberg 's Blog, 15 September 2016, Last Visited 27 May 2017,</span></div>
<div>
<a href="https://flashtrafficblog.wordpress.com/2016/09/15/are-we-winning-the-war-on-isis-radical-islam-the-president-says-yes-the-experts-say-no-here-are-the-facts/"><span style="font-size: xx-small;">https://flashtrafficblog.wordpress.com/2016/09/15/are-we-winning-the-war-on-isis-radical-islam-the-president-says-yes-the-experts-say-no-here-are-the-facts/</span></a></div>
<div>
<span style="font-size: large;"><br /></span></div>
<div>
<span style="font-size: large;">[18] "The Gettysburg Address," Abraham Lincoln Online, 19 November 1863, Last Visited 27 May 2017,</span></div>
<div>
<span style="font-size: xx-small;">http://www.abrahamlincolnonline.org/lincoln/speeches/gettysburg.htm</span><style>
<!--
/* Font Definitions */
@font-face
{font-family:Arial;
panose-1:2 11 6 4 2 2 2 2 2 4;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:-536859905 -1073711037 9 0 511 0;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:-1593833729 1073750107 16 0 415 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:-536870145 1107305727 0 0 415 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:-536870145 1073786111 1 0 415 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:Calibri;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:Calibri;
mso-fareast-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-noshow:yes;
mso-style-priority:99;
color:#954F72;
mso-themecolor:followedhyperlink;
text-decoration:underline;
text-underline:single;}
p.MsoNoSpacing, li.MsoNoSpacing, div.MsoNoSpacing
{mso-style-priority:1;
mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:Calibri;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:Calibri;
mso-fareast-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
.MsoChpDefault
{mso-style-type:export-only;
mso-default-props:yes;
font-family:Calibri;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:Calibri;
mso-fareast-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.WordSection1
{page:WordSection1;}
-->
</style></div>
</div>
Rickhttp://www.blogger.com/profile/11140485584379281758noreply@blogger.com0tag:blogger.com,1999:blog-404553574933465315.post-10615357058798710882016-12-27T11:57:00.000-05:002016-12-27T12:02:13.958-05:002016 Books<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicN06LdoNbvqpORL4TtcA4nDmLTOJF6flJdliLJTqR8nxm8kxOgvtd2YdjpVO29DCbWjwD43-vz1aaSniIZz9qNcclt_aQBAzZWDh49YNCXbiRJOxDhLOLlLonWAjCwBEszcMoVJfO4uw/s1600/Reading+shutterstock_307383305.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="213" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicN06LdoNbvqpORL4TtcA4nDmLTOJF6flJdliLJTqR8nxm8kxOgvtd2YdjpVO29DCbWjwD43-vz1aaSniIZz9qNcclt_aQBAzZWDh49YNCXbiRJOxDhLOLlLonWAjCwBEszcMoVJfO4uw/s320/Reading+shutterstock_307383305.jpg" width="320" /></a></div>
<span style="font-family: "times" , "times new roman" , serif; font-size: x-large;"><br /></span>
<span style="font-family: "times" , "times new roman" , serif; font-size: x-large;">I read 28 Books in 2016.</span><br />
<br />
<span style="color: orange; font-family: "verdana" , sans-serif; font-size: x-large;"><br /></span>
<span style="color: orange; font-family: "verdana" , sans-serif; font-size: x-large;">2016 favorite:</span><br />
<br />
<span style="font-size: x-large;">"Dead Wake: The Last Crossing of the Lusitania," by Erik Larson</span><br />
<br />
<br />
<br />
<span style="color: orange; font-family: "verdana" , sans-serif; font-size: x-large;">2016 Most Educational:</span><br />
<span style="font-size: x-large;">"The Right To Vote The Contested History Of Democracy In The United States," by Alexander Keyssar</span><br />
<br />
<br />
<span style="color: orange; font-family: "verdana" , sans-serif; font-size: x-large;">2016 Best Horror:</span><br />
<span style="font-size: x-large;">"A Head Full of Ghosts," by Paul Tremblay</span><br />
<span style="font-size: x-large;"><br /></span>
<span style="color: orange; font-family: "verdana" , sans-serif; font-size: x-large;">2016 Best Cybersecurity:</span><br />
<br />
<span style="font-size: x-large;">The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win," by Gene Kim</span><br />
<br />
<span style="color: orange; font-family: "verdana" , sans-serif; font-size: x-large;">I recommend:</span><br />
<span style="font-size: x-large;">"Anathem" by Neal Stephenson</span><br />
<span style="font-size: x-large;">"The Magicians" by Lev Grossman</span><br />
<span style="font-size: x-large;">"Steve Jobs" by Walter Isaacson</span><br />
<br />
<span style="color: orange; font-family: "verdana" , sans-serif; font-size: x-large;">Personal Challenge Complete:</span><br />
<span style="font-size: x-large;">All eight books of Stephen King's Dark Tower fantasy epic.</span><br />
<span style="font-size: x-large;"><br /></span>
<span style="color: orange; font-family: "verdana" , sans-serif; font-size: x-large;">Goodreads (Facebook for book Lovers):</span><br />
<span style="font-size: x-large;">Check out my bookshelves on Goodreads - where you can see what your friends are reading.</span><br />
<span style="font-size: xx-small;"><a href="https://www.goodreads.com/choiceawards/best-books-2016?cc=4f19e7eb">https://www.goodreads.com/choiceawards/best-books-2016?cc=4f19e7eb</a></span><br />
<span style="font-size: xx-small;"><br /></span>
<div>
<br /></div>
</div>
Rickhttp://www.blogger.com/profile/11140485584379281758noreply@blogger.com0tag:blogger.com,1999:blog-404553574933465315.post-70995511670414865022015-08-02T12:03:00.000-04:002015-08-02T13:35:52.177-04:00Book Review: " Go Set a Watchman (2011) by Harper Lee," Book Reviewed by Rick Howard, 1 August 2015<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEizLUHrm1eC7YKIOg_DEeSzcrNe1hdOQ5VKTxi3KWJofnLrVz5-W2ilpqAJVEUs0GSWE1ULPUbmr6u_jVgELWFao0WZ4fN8eVMnH9LuEgimjSkuGh8r242_MXEDFSC_nldWBKtuRRc2KGk/s1600/Go+tell+a+watchman+cover.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEizLUHrm1eC7YKIOg_DEeSzcrNe1hdOQ5VKTxi3KWJofnLrVz5-W2ilpqAJVEUs0GSWE1ULPUbmr6u_jVgELWFao0WZ4fN8eVMnH9LuEgimjSkuGh8r242_MXEDFSC_nldWBKtuRRc2KGk/s320/Go+tell+a+watchman+cover.jpg" width="212" /></a></div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Executive Summary</span><br />
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">In Harper Lee’s <i>Go Set a Watchman</i>, Jean Louise Finch as a young woman discovers that racial tensions in the south are not as black and white as she thought they were when she was a young girl, Scout, in <i>To Kill A Mockingbird.</i> Her father, Atticus Finch, is not the paragon of virtue she thought he was either and is in fact a “segregationist,” a “gentleman bigot,” and affiliates “with raving anti-integration, anti-black crazies.” The story pivots on Jean Louise’s discovery of her father’s flaws, her shock at that revelation and the process she goes through to reach a sort of acceptance around the dethroning of her father. Atticus Finch has been my hero since Gregory Peck played him in the 1962 movie. He has always been the literary example I aspired too whenever I encountered my own moral conundrums. This takedown of the character by Harper Lee is a shock for sure. But in the end, Atticus Finch is still my hero. It is kind of a relief to know that even our heroes are not perfect in every way; that you can still admire and emulate a person even though you might not agree with everything he or she believes. This novel makes him more human and I guess I can live with that.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Introduction</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Atticus Finch has been my hero since I first saw Gregory Peck portray the character in the famous movie, <i>To Kill a Mockingbird</i> released in 1962 [1] The scene in the courthouse where all the white people have left the room but the local black people are still in the balcony waiting on Mr. Finch to leave still brings tears to my eyes to this day even after numerous viewings. Atticus’ two kids, Scout (Jean Louise) and Jem, had snuck up to the balcony so as not to miss the show and sat next to the town’s black reverend during the festivities. When Atticus finally gets his things together and begins to walk out, he is oblivious to the black people in the balcony. He does not register that they have all stood up in quiet respect for what he is doing; defending a black man who is accused (wrongly) of raping a young white woman. Scout, Atticus’ daughter, is the only person in the balcony who did not stand as Atticus begins to walk out of the courtroom. The black reverend turns to her urgently and says, </span></div>
<blockquote class="tr_bq">
<span style="color: blue;"><span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><i><br /></i></span><span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><i>Miss Jean Louise. Miss Jean Louise, stand up. You’re father is passing. [1]</i></span></span></blockquote>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Bill Walker, the actor who played the reverend, captured completely in just 12 words and silent facial gestures the sentiment of the movie; that Atticus Finch was a great man, an honorable man and a man whose example we should all aspire to. Gregory Peck himself said that Bill Walker’s small but beautiful performance wrapped up the Academy Award for him. [2] </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">But it was not until I read Harper Lee’s book when I was much older that I understood the significance of Atticus Finch as a character and as a hero. [3] </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">One of my favorite scenes from the book captures his essence. The next-door lady, Miss Maudie, is talking to Atticus’s son about the significance of the court case to the town and to his father.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<blockquote class="tr_bq">
<i><span style="color: blue;"><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“I simply want to tell you that there are some men in this world who were born to do our unpleasant jobs for us. Your father’s one of them.”</span></span> </i></blockquote>
<blockquote class="tr_bq">
<i><span style="color: blue;"><span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“Oh,” said Jem. “Well.”</span></span> </i></blockquote>
<blockquote class="tr_bq">
<i><span style="color: blue;"><span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“Don’t you oh well me, sir,” Miss Maudie replied, recognizing Jem’s fatalistic noises, “you are not old enough to appreciate what I said.”</span></span> </i></blockquote>
<blockquote class="tr_bq">
<i><span style="color: blue;"><span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Jem was staring at his half-eaten cake. “It’s like bein’ a caterpillar in a cocoon, that’s what it is,” he said. “Like somethin’ asleep wrapped up in a warm place. I always thought Maycomb folks were the best folks in the world, least that’s what they seemed like.”</span></span> </i></blockquote>
<blockquote class="tr_bq">
<span style="color: blue;"><i><span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“We’re the safest folks in the world,” said Miss Maudie. “We’re so rarely called on to be Christians, but when we are, we’ve got men like Atticus to go for us.” [3]</span></i></span></blockquote>
<div>
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Atticus Finch has been my hero for as long as I can remember. When I run into moral decisions in my own personal life, I have always asked myself, “What would Atticus Finch do?” I don't always follow his advice, but after and without fail, I realize that I should have.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">When the word started to leak out that Harper Lee had written a sequel, <i>Go Set A Watchman</i>, [4] and that she reveals that Atticus Finch is really a closeted racist, I was floored. How could she? How could it be possible that the man she painted so vividly and so beautifully as the modern example of what a man should be -- what men should aspire to be – could become such a hated thing?</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Impressions</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The title of the book comes from the bible: Isaiah 21:6.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<blockquote class="tr_bq">
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><i>For thus hath the Lord said unto me, Go, set a watchman, let him declare what he seeth. [5]</i></span></blockquote>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">According to Wayne Flynt, a minister and one of Lee’s longtime friends,</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<blockquote class="tr_bq">
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><i>'Go Set a Watchman' means, somebody needs to be the moral compass of this town.” [6]</i></span></blockquote>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">In the original, <i>To Kill a Mockingbird</i>, Atticus is exactly that. Scout as a young girl admires everything about her father and only a few within the town -- Miss Maudie, the sheriff and the judge – understand the full ramifications of that. To a young Scout, he is a paragon of virtue in everything that he does and every moral question that he confronts is precisely black and white.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">In <i>Go Set a Watchman</i>, Atticus still sits at his post as a guardian of the town, but Jean Louise, now a young woman, discovers that he is not the perfect paragon that she had built him up to be. He is a not a god, he is a man; a really good and decent man but he is a man all the same with all the flaws that go with the territory and an understanding that there is a lot of grey area between those two black and white poles. Jean Louise discovers that her father does not actually believe that the black man is an equal to the white man, at least not in the negro’s current state at the time of book. Atticus is a “segregationist,” a “gentleman bigot,” and affiliates “with raving anti-integration, anti-black crazies,” [7]</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">During an interview with David Green on NPR, poet Natasha Trethewey said that Atticus believes</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<blockquote class="tr_bq">
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;">“… in a kind of limitation of African-Americans, that they are and were at that time a people in their infancy, the idea that we had to go slow because these people weren't really ready for it. They weren't really ready to vote. They weren't really ready to go to school with white children.” [8] </span></blockquote>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The plot of <i>Go Set a Watchman</i> pivots on Jean Louise’s discovery of that notion about her father, her shock at that revelation and the process she goes through to reach a sort of acceptance of that dethroning of her father.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Conclusion</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">I am not sure how I feel about the idea that Atticus Finch is not perfect. On the one hand, it was easy for me to point to his literary example as a barometer for what it means to be man. On the other, it is kind of a relief to know that even our heroes are not perfect in every way; that you can still admire and emulate a person even though you might not agree with everything he or she believes. In the end, Atticus Finch is still my hero. Harper Lee’s <i>Go Set a Watchman</i> makes him more human and I guess I can live with that.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Sources</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[1] "To Kill a Mockingbird (8/10) Movie CLIP - Your Father's Passing (1962) HD," Movieclips, posted 27 May 2011, Last Visited 1 August 2015,</span></div>
<div>
<a href="https://www.youtube.com/watch?v=q7CX_5D6y6E"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://www.youtube.com/watch?v=q7CX_5D6y6E</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[2] "Bill Walker Biography," IMDB, Last Visited 1 August 2015,</span></div>
<div>
<a href="http://www.imdb.com/name/nm0907553/bio?ref_=nm_dyk_trv_sm#trivia"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.imdb.com/name/nm0907553/bio?ref_=nm_dyk_trv_sm#trivia</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[3] "To Kill a Mockingbird," by Harper Lee, Published 1960 by Harper Perennial Modern Classics , Last Visited 1 August 2015</span></div>
<div>
<a href="https://www.goodreads.com/book/show/2654.To_Kill_a_Mockingbird"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://www.goodreads.com/book/show/2654.To_Kill_a_Mockingbird</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[4] "Go Set a Watchman (To Kill a Mockingbird)," by Harper Lee, Published July 14th 2015 by Harper, Last Visited 1 August 2015</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://www.goodreads.com/book/show/24818632-go-set-a-watchman </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[5] "King James Bible: Isaiah 21:6," The Official King James Bible Online, Last Visited 1 August 2015, </span></div>
<div>
<a href="http://www.kingjamesbibleonline.org/book.php?book=Isaiah&chapter=21&verse=6&t=1"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.kingjamesbibleonline.org/book.php?book=Isaiah&chapter=21&verse=6&t=1</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[6] "'Go Set a Watchman': What does Harper Lee's book title mean?," by By Greg Garrison, AL.COM, 5 February 2015, updated 13 July 13, Last Visited 1 August 2015,</span></div>
<div>
<a href="http://www.al.com/living/index.ssf/2015/02/go_set_a_watchman_whats_the_bi.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.al.com/living/index.ssf/2015/02/go_set_a_watchman_whats_the_bi.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[7] "Harper Lee, Atticus Finch and Go Set a Watchman: What the world is saying," by John Hammontree, AL.com, 20 July 2015, Last Visited 2 August 2015,</span></div>
<div>
<a href="http://www.al.com/opinion/index.ssf/2015/07/harper_lee_atticus_finch_and_g.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.al.com/opinion/index.ssf/2015/07/harper_lee_atticus_finch_and_g.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[8] "The Meaning Of A Hero Cast In Shadow, In Harper Lee's 'Go Set A Watchman,'" by DAVID GREENE, NPR, 14 July 2015, Last Visited 2 August 2015,</span></div>
<div>
<a href="http://www.npr.org/2015/07/14/422800617/the-meaning-of-a-hero-cast-in-shadow-in-harper-lees-go-set-a-watchman"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.npr.org/2015/07/14/422800617/the-meaning-of-a-hero-cast-in-shadow-in-harper-lees-go-set-a-watchman</span></a></div>
</div>
Rickhttp://www.blogger.com/profile/11140485584379281758noreply@blogger.com2tag:blogger.com,1999:blog-404553574933465315.post-10825030996126231822015-07-17T17:52:00.000-04:002015-08-02T13:08:21.599-04:00Cybersecurity Canon Candidate Book Review: "Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats (2011)," by Will Gragido and John Pirc<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvIfGSvnCBmH8RRh7o6_Oh9PNeQvZo98Ot1fBkl7nDSR284_OwBxKf7Ee31cdzKq-vfhM0fdKk7rnr7YmpnyILGGr1_GDQukIdKopiXPv6WmLuHe7VEWFa3ivID4H6mZ76d2615KK1UvU/s1600/Cybercrime+and+Espionage+Book+Cover.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvIfGSvnCBmH8RRh7o6_Oh9PNeQvZo98Ot1fBkl7nDSR284_OwBxKf7Ee31cdzKq-vfhM0fdKk7rnr7YmpnyILGGr1_GDQukIdKopiXPv6WmLuHe7VEWFa3ivID4H6mZ76d2615KK1UvU/s200/Cybercrime+and+Espionage+Book+Cover.jpg" width="161" /></a></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Executive Summary</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><i>Cybercrime and Espionage</i>, published in 2011, is a book that was ahead of its time. The authors were pushing the envelope in terms of how the security community should think about advanced threats. However, almost five years later, there is not enough in here to make the book Canon material. Gragido and Pirc present some stimulating ideas, but in the end, the security community has not adopted many of them. My recommendation is to read this book if you are interested in how our community has evolved in terms of thinking about adversary campaigns. However, if you are looking for a state-of-the-art book about cybercrime and cyber espionage, this is not it.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Introduction</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Will Gragido and John Pirc published this book in February 2011 — the year after the commercial industry experienced its wake-up call in terms of cyber espionage: Operation Aurora. [1] Aurora refers to the adversary campaign launched at Google and other commercial organizations that was designed to steal intellectual property, collect information on human rights activists, and gather intelligence regarding on-going FBI wiretap operations. [2] What made Aurora notable was Google’s reaction to it. They went public and accused the Chinese government of being responsible for the attacks. Before Aurora, most commercial organizations would not admit that they had been breached, even though nation states had been targeting commercial organizations for at least a decade. Business leaders worried that admitting a breach would significantly affect the bottom line. After Aurora and Google’s public mea culpa, it became easier for other commercial entities to admit that they had been breached. Fast-forward to today, and public breach notifications are so common that it is difficult to keep up with them all.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">But this was the beginning. Before Aurora, the only significant cyberthreat to the commercial world at the time was crime. After, cyber espionage became something that we all had to worry about. This is the context for the book: defining cybercrime and cyber espionage as motivations — what makes them different and what makes them the same.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Impressions</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The two authors, Will Gragido and John Pirc, are experienced cybersecurity professionals, and it is clear that they know what they are talking about; but the book is a bit disorganized in terms of who the target audience is. The content is a mix of introductory and advanced material. However, I did not see that the book had a through line. The authors’ analysis of the cybercrime world is at the introductory level. If you want a more in-depth book on the same topic that was published around the same time, consider <i>Kingpin</i>, written by Kevin Poulsen. [3] If you are looking for something a little more recent, consider <i>Spam Nation</i> by Brian Krebs. [4] The espionage material is more advanced, but if you want to go deeper, consider Kim Zetter’s <i>Countdown to Zero Day</i> [5] or Richard Bejtlich’s <i>The Practice of Network Security Monitoring</i>. [6]</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">I do give the Gragido and Pirc credit though for covering some advanced ideas ahead of their time that have not really become popular until just recently. One idea that I really like is that commercial organizations should build their own intelligence teams to track adversary campaigns. They published the book almost five years ago, and this was not universally accepted at the time. It is not universally accepted today either, but more and more organizations are starting to understand the value of such teams. As an aside, this is one of the reasons I got hired at Palo Alto Networks: to build an intelligence team that we eventually called Unit 42.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Gragido and Pirc push their own intelligence model called MOSAIC: Motive, Awareness, Open Source Intelligence Collection, Study, Asymmetrical Intelligence Correlation, Intelligence Review and Interrogation and Confluence. It is a good framework for an intelligence analyst; unfortunately, the model has not really caught on. Most intelligence organizations — the CIA, the FBI, and the NSA, as well as Unit 42 — use a model called The Intelligence Cycle. [7][8] They are basically the same thing, but the MOSAIC model has more detail.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The authors introduce a new phrase called Subversive Multivector Threats (SMTs), a sort of superset to what the cybersecurity community used to call the Advanced Persistent Threat (APT). They even explain the origin of the APT phrase, a phrase the military had been using for almost a decade in an UNCLASSIFIED setting to mean anything that involved Chinese government-sanctioned cyber espionage. Gragido and Pirc were ahead of their time, understanding that the community needed another name to label similar attacks that did not originate from China. Thus, they came up with SMTs, but the community has not embraced that term. We have evolved the APT phrase to include everything instead. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Another advanced idea presented that I really liked was the concept that there are humans behind these attacks. Tools do not attack our systems. Humans — often organized into groups — attack our systems, and they use tools to accomplish some goal. These adversary groups can be rated in skill level from novice to expert and have motivations like cybercrime and cyber espionage; and it helps defenders do a better job by understanding that context, according to the authors. I wholeheartedly agree. But today, I think we can expand that motivation list to include hacktivism, cyberterrorism and cyberwarfare, and I thought their definitions of hackers’ maturity levels were not definitive enough to be useful. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Also, Gragido and Pirc introduce a two-tiered categorization scheme for adversary campaigns, where Tier – 1 campaigns target </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><i>… air-gapped networks or networks that would be considered highly secured, such as those of power companies (supervisory control and data acquisition or SCADA networks), governments, and defense organizations. [9]</i></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Tier – 2 adversary campaign plans are all other APT campaigns. This two-tiered system seems ill-conceived today. The security community considers SCADA networks in general, and power companies in particular, as being at least 10 years behind the rest of the community [10]. And government networks have proven to be even less secure than most commercial organizations, except for maybe the intelligence community’s networks and some select defense networks. [11] I do not see a need for this two-tiered system in today’s threat environment.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">One last advanced idea that I really liked was that threat prevention is possible. There has been a trend in the industry these past five years where security leaders have thrown their hands in the air saying they cannot possibly stop the APT, and that it is better to concentrate their precious resources solely on detection and mitigation. This is just plain wrong, and Gragido and Pirc do well to point that out. If I can prevent 90 percent of all attack campaigns because most adversaries use known techniques, why not do it? That lets me concentrate my resources on finding the unknown techniques. Detection and mitigation is important, but these activities should be balanced with a robust threat prevention program. Even in 2011, Gragido and Pirc asserted this philosophy.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Conclusion</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><i>Cybercrime and Espionage</i> is a book that was ahead of its time. I give the authors credit for pushing the envelope as to how the security community’s thinking around advanced threats should evolve. If you read it when it was published, it would have stimulated your thought process around your own security program. But almost five years later, there is not enough in here to make the book Canon material. Gragido and Pirc present some stimulating ideas, but in the end, the security community has not adopted many of them. My recommendation is to read this book if you are interested in how our community has evolved in terms of thinking about adversary campaigns. However, if you are looking for a state-of-the-art book about cybercrime and cyber espionage that will stand the test of time, this is not it.</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Note: </span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><i><br /></i></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><i>Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats, </i>is a Cybersecurity Canon Candidate. Please visit the official page sponsored by Palo Alto Networks to read all the books from the Canon project.</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><a href="https://paloaltonetworks.com/threat-research/cybercanon.html" target="_blank"><img border="0" height="224" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjL62TH0-virAaRl4pZr4MEe-zbgfka8hP5fF95-LEElvxKXz9OnMaQE4Gzn4N1UI-8pIUhiuz7dPU8tQpJYTPP-V9GrOf03vIv5l-YTEe7QzTc_Ij4YT8U69CeJxVGInssHlNeQhwnLfE/s640/Cybersecurity_Canon+logo.png" width="640" /></a></span></div>
<br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Sources</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[1] "Google Hack Attack Was Ultra Sophisticated, New Details Show," by KIM ZETTER, Wired Magazine, 14 January 2010, Last Visited 5 July 2015,</span></div>
<div>
<a href="http://www.wired.com/2010/01/operation-aurora/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.wired.com/2010/01/operation-aurora/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[2] "Google Aurora Hack Was Chinese Counterespionage Operation," by Mathew J. Schwartz, Information Week: Dark reading, 21 May 2013, Last Visited 5 July 2015</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: xx-small;"><a href="http://www.darkreading.com/attacks-and-breaches/google-aurora-hack-was-chinese-counterespionage-operation/d/d-id/1110060">http://www.darkreading.com/attacks-and-breaches/google-aurora-hack-was-chinese-counterespionage-operation/d/d-id/1110060</a>?</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[3] "The Cybersecurity Canon: Kingpin," by Rick Howard, Palo Alto Networks, 11 February 2014, Last Visited 9 July 2015,</span></div>
<div>
<a href="http://researchcenter.paloaltonetworks.com/2014/02/cybersecurity-canon-kingpin/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://researchcenter.paloaltonetworks.com/2014/02/cybersecurity-canon-kingpin/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[4] "The Cybersecurity Canon: Read Rick Howard’s First-Look Review of SPAM Nation by Brian Krebs," by Rick Howard, Palo Alto Networks, 17 November 2014, Last Visited 9 July 2015,</span></div>
<div>
<a href="http://researchcenter.paloaltonetworks.com/2014/11/cybersecurity-canon-rick-howard-reviews-brian-krebs-spam-nation/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://researchcenter.paloaltonetworks.com/2014/11/cybersecurity-canon-rick-howard-reviews-brian-krebs-spam-nation/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[5] "The Cybersecurity Canon: Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon," by Rick Howard, Palo Alto Networks, 28 January 2015, Last Visited 9 July 2015</span></div>
<div>
<a href="http://researchcenter.paloaltonetworks.com/2015/01/cybersecurity-canon-countdown-zero-day-stuxnet-launch-worlds-first-digital-weapon/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://researchcenter.paloaltonetworks.com/2015/01/cybersecurity-canon-countdown-zero-day-stuxnet-launch-worlds-first-digital-weapon/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[6] "The Cybersecurity Canon: The Practice of Network Security Monitoring," by Rick Howard, Palo Alto Networks, 10 November 2014, Last Visited 9 July 2015,</span></div>
<div>
<a href="http://researchcenter.paloaltonetworks.com/2014/11/cybersecurity-canon-practice-network-security-monitoring/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://researchcenter.paloaltonetworks.com/2014/11/cybersecurity-canon-practice-network-security-monitoring/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[7] "The Intelligence Cycle," Central Intelligence Agency: Kids Zone, Last Visited 9 July 2015,</span></div>
<div>
<a href="https://www.cia.gov/kids-page/6-12th-grade/who-we-are-what-we-do/the-intelligence-cycle.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://www.cia.gov/kids-page/6-12th-grade/who-we-are-what-we-do/the-intelligence-cycle.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[8] "The Intelligence Cycle," Federation of American Scientists, Last Visited 9 July 2015</span></div>
<div>
<a href="http://fas.org/irp/cia/product/facttell/intcycle.htm"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://fas.org/irp/cia/product/facttell/intcycle.htm</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[9] "Cyber Crime and Espionage: An Analysis of Subversive Multi-Vector Threats," by Will Gragido & John Pirc, Syngres Publishing, 7 January 2011, Last Visited 10 July 2015</span></div>
<div>
<a href="https://www.goodreads.com/book/show/10651366-cyber-crime-and-espionage?ac=1"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://www.goodreads.com/book/show/10651366-cyber-crime-and-espionage?ac=1</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[10] "SCADA systems: Riddled with vulnerabilities?" by Doug Drinkwater, SC Magazine, 26 August 2014, Last Visited 10 July 2015,</span></div>
<div>
<a href="http://www.scmagazineuk.com/scada-systems-riddled-with-vulnerabilities/article/368094/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.scmagazineuk.com/scada-systems-riddled-with-vulnerabilities/article/368094/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[11] "4 Worst Government Data Breaches Of 2014," by Jai Vijayan, InformationWeek: Government, 12 November 2014, Last Visited 10 July 2015</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.informationweek.com/government/cybersecurity/4-worst-government-data-breaches-of-2014/d/d-id/1318061</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">References</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">"APT1 Three Months Later – Significantly Impacted, Though Active & Rebuilding," by Dan Mcwhorter 21 May 21 2013, Last Visited 9 July 2015</span></div>
<div>
<a href="https://www.mandiant.com/blog/apt1-months-significantly-impacted-active-rebuilding/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://www.mandiant.com/blog/apt1-months-significantly-impacted-active-rebuilding/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">"EU Data Protection Directive (Directive 95/46/EC)," by TechTarget, Last Visited 10 July 2015,</span></div>
<div>
<a href="http://searchsecurity.techtarget.co.uk/definition/EU-Data-Protection-Directive"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://searchsecurity.techtarget.co.uk/definition/EU-Data-Protection-Directive</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">"Internet Crime Complaint Center (IC3)," The Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C), Last Visited 5 July 2015</span></div>
<div>
<a href="http://www.ic3.gov/media/annualreports.aspx"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.ic3.gov/media/annualreports.aspx</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">"SAFE HARBOR PRIVACY PRINCIPLES," by export.gov, Last Visited 10 July 2015,</span></div>
<div>
<a href="http://www.export.gov/safeharbor/eu/eg_main_018475.asp"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.export.gov/safeharbor/eu/eg_main_018475.asp</span></a></div>
</div>
Rickhttp://www.blogger.com/profile/11140485584379281758noreply@blogger.com2tag:blogger.com,1999:blog-404553574933465315.post-45467908275704350602015-07-14T00:39:00.000-04:002015-07-14T08:58:40.108-04:00Books You Should Have Read By Now<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
</div>
</div>
</div>
<div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6myoiRuDBiOYv1DAxpr_VDJY28Nbwf24dGlp_aCpMsfNWNbsLOA0RBM9sJs7icCV0LLroraGkTa2h5wZyHyp2B-LcrdIM0m2RCHD4n0I6EqFNbjdH67kBlREVLy2KgMSCaAaWAkwcMqA/s1600/Cybersecurity_Canon+logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="224" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6myoiRuDBiOYv1DAxpr_VDJY28Nbwf24dGlp_aCpMsfNWNbsLOA0RBM9sJs7icCV0LLroraGkTa2h5wZyHyp2B-LcrdIM0m2RCHD4n0I6EqFNbjdH67kBlREVLy2KgMSCaAaWAkwcMqA/s640/Cybersecurity_Canon+logo.png" width="640" /></a></div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">When I started Terebrate back in January 2010, I always intended it to be a place to put my book reviews on whatever I was reading. Since then, a lot has happened in my professional life. I changed jobs, twice. I presented my collection of cybersecurity book reviews at the annual RSA Conference and suggested that the cybersecurity community ought to have a list of books that we all should have read by now. My current employer, Palo Alto Networks, liked the idea so much that they decided to sponsor it. We ended up creating the the <i>Rock and Roll Hall of Fame</i> for cybersecurity books. We formed a committee of cybersecurity experts from journalists, CISOs, researchers and marketing people who were all passionate about reading. My collection became the the candidate list and for the past two years, the committee, with the help of community voting, has selected books from the candidate list to be inducted into something we are calling the Cybersecurity Canon. It has been very exciting.</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">This is all preamble to say that I have decided not to duplicate the Canon content on both the <a href="https://paloaltonetworks.com/threat-research/cybercanon.html" target="_blank">Palo Alto Network's Canon Page </a>and the Terebrate sight. I will still post the individual book reviews, but if you want to follow along with what is happening with the Canon Project, please read the <a href="https://paloaltonetworks.com/threat-research/cybercanon.html" target="_blank">Canon page</a>.</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEMoleDD8wJN9NzCX_5lBwKjJSkuqvebKcbHtAVWini4cSXGqkAbrxwDR_fXdUIBiEdPWmjhh5hwO3j-BKnhfra4cU5y_YXXGhv2a0SR-rLqY3L2o60Nepa-Q73ih1pOAWYFGaxpmSBck/s1600/Moving+Day+-+shutterstock_147902750.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEMoleDD8wJN9NzCX_5lBwKjJSkuqvebKcbHtAVWini4cSXGqkAbrxwDR_fXdUIBiEdPWmjhh5hwO3j-BKnhfra4cU5y_YXXGhv2a0SR-rLqY3L2o60Nepa-Q73ih1pOAWYFGaxpmSBck/s320/Moving+Day+-+shutterstock_147902750.jpg" width="320" /></a></div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
</div>
Rickhttp://www.blogger.com/profile/11140485584379281758noreply@blogger.com37tag:blogger.com,1999:blog-404553574933465315.post-73581197551539898312015-05-17T10:12:00.000-04:002015-05-17T10:12:20.993-04:00Should Lawmakers Vote to End the National Security Agency’s Bulk Collection of Phone Records?<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEief5pnZOZvlKTFZRcgL7gx8IVBN6pUMROhwQmu5jc9pJk8d0yOyGj4W8qH0S_rPYBA7Fu4MtXLNnQotrHmYpfrLHVHKyuzxWzxVJLbc51UUo-qtizXjAs649-88XxCSIxAAm36BohzTUs/s1600/Bill+of+Rights+shutterstock_70783081.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="212" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEief5pnZOZvlKTFZRcgL7gx8IVBN6pUMROhwQmu5jc9pJk8d0yOyGj4W8qH0S_rPYBA7Fu4MtXLNnQotrHmYpfrLHVHKyuzxWzxVJLbc51UUo-qtizXjAs649-88XxCSIxAAm36BohzTUs/s320/Bill+of+Rights+shutterstock_70783081.jpg" width="320" /></a></div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Yes — absolutely.</span><div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Section 215 of the Patriot Act is set to expire on June 1. That provision gives the NSA permission to collect metadata from communications mediums like phone calls. Metadata, in this case, refers to the phone number making the call, the called number, the date and time of a call, and the call’s duration. It does not give the NSA permission to collect any content, such as the actual voices on each end of the call.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">From an intelligence perspective, this kind of information is invaluable for finding the needle in the haystack. By drawing phone and email nodal analysis diagrams of suspects (link analysis), intelligence analysts can very quickly find key leaders of terrorist groups. The person using the phone involved in most of the calls, and connecting to the most people, is very likely a key leader in the organization.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">So, I get why the NSA wants the capability. However, the Fourth Amendment in the Bill of Rights says:</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<blockquote class="tr_bq">
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><i>"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."</i></span></blockquote>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Section 215 of the Patriot Act — the bulk collection of metadata — gives the NSA the authority to seize information from U.S. citizens without a warrant and without probable cause. To quote Hamlet, "Ay, there’s the rub."</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">This debate fundamentally comes down to our country's decision on this one issue: do we care more about liberty or security? The Snowden revelations clearly demonstrate what the country is willing to do to preserve our security. I worry about what we give up as a nation as we pursue this path. How far do we go down that rabbit hole if we commit to it? In the entire world history of governments using spy agencies to collect information on enemies and “frenemies,” without fail, when the state turns its intelligence apparatus on its own citizens, things get ugly quickly. People die. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">I am not suggesting that the U.S. is anywhere close to that extreme position, but Section 215 is a first step across the threshold of this unprecedented rabbit hole. This is how it starts. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">I am not alone in my thinking either. On May 7, the Second Circuit Court of Appeals of the United States (a three-judge panel) held that the Patriot Act's Section 215 "… cannot be legitimately interpreted to allow the bulk collection of domestic calling records." [1] Although the Second Circuit Court stops short of calling Section 215 unconstitutional, it clearly believes that the current interpretation of that section — put forth by the NSA and approved by the FISA Court in secret — does not justify the bulk collection of U.S. citizens’ meta-phone-data. The Christen Science Monitor's Passcode Influences poll agrees too:</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<blockquote class="tr_bq">
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;">"72 percent of Passcode's Influencers – a group of more than 90 security and privacy experts from across government, the private sector, academia, and the privacy community – are calling for Congress to break the standoff and make reforms."[2]</span></blockquote>
<div>
<br /></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: large;">Full Disclosure: I am one of the Passcode Influencers polled.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">We tell ourselves: it’s just metadata — what's the harm? But over time, as we keep chipping away parts of the Fourth Amendment, pretty soon we might find ourselves in an Orwellian novel and wondering how we got here.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">What's on the table is a chance to reform Section 215 into something we can all be more comfortable with. What that ends up being is anybody's guess. There are many options from both sides of the political aisle, and we have just now begun to discuss it. But, Senate Majority Leader Mitch McConnell introduced legislation on May 7 that would extend Section 215 through 2020, and he invoked a rule to let it go straight to the Senate floor without the usual committee vetting process. In other words, he proposes letting Section 2015 ride without any discussion. It is this kind of behavior that invokes a visceral reaction from lefty liberals like myself worried about liberty vs. security issues. It is one thing to extend the provision, but to extend it without any discussion? That’s Orwellian.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">What can you do? First, engage. This is such a complicated issue, regardless of how you think we should resolve it, that there are not many people in the country who possess the wherewithal to understand all the nuances. The security community does. When you get the chance, have an open and honest conversation about the issue. Let’s start a full-throated debate and get the ideas on the table. Second, contact your congressman. The June 1 deadline to let the Patriot Act’s Section 215 expire is rapidly approaching. If you feel strongly one way or another about this issue, now is the time to let your voice be heard.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">For myself, I think the smartest thing to do is to revoke the provision and start over. This way, we can jump-start that full-throated debate I was talking about regarding how far we want our intelligence agencies to go down the rabbit hole. The Section 215 deadline is a good impetus to start. US lawmakers should absolutely let Section 215 of the Patriot Act expire on June 1.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: x-large;">Sources</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<span style="font-family: Times, Times New Roman, serif;"><span style="font-size: x-large;">[1] "N.S.A. Collection of Bulk Call Data Is Ruled Illegal," by CHARLIE SAVAGE and JONATHAN WEISMAN, The New York Times,<br />7 MAY 2015, Last Updated 17 May 2015,</span><br /><span style="font-size: xx-small;">http://www.nytimes.com/2015/05/08/us/nsa-phone-records-collection-ruled-illegal-by-appeals-court.html</span></span><div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif;"><div>
<span style="font-size: x-large;">[2] "Influencers: Congress should end NSA bulk data collection," by SARA SORCHER, Passcode Influencer's Poll, Last Updated 17 May 2015,</span></div>
<div>
<span style="font-size: xx-small;">http://passcode.csmonitor.com/influencers-surveillance</span></div>
</span></div>
</div>
Rickhttp://www.blogger.com/profile/11140485584379281758noreply@blogger.com0tag:blogger.com,1999:blog-404553574933465315.post-79651582108259062272015-02-07T11:12:00.000-05:002015-03-01T12:20:37.069-05:00Book Review: Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon (2014) by Kim Zetter<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvowfvHsj_vOdSQCOkIOHMS5xUYfTEkJJLKsPPKz2FLg71km5f6oZWoXx2QRvhbdX_O1_5EanrvUqpks8pK0RlPELsBASjQGH14kWHQU8-9l6eq1Xqz7zuyHH6n0SD8gcIDNqOQ8KQ4Dg/s1600/Countdown+to+Zero+Logo.jpeg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvowfvHsj_vOdSQCOkIOHMS5xUYfTEkJJLKsPPKz2FLg71km5f6oZWoXx2QRvhbdX_O1_5EanrvUqpks8pK0RlPELsBASjQGH14kWHQU8-9l6eq1Xqz7zuyHH6n0SD8gcIDNqOQ8KQ4Dg/s1600/Countdown+to+Zero+Logo.jpeg" /></a></div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Executive Summary</span><br />
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Operation Olympic Games is the US military code name that refers to the first ever act of real cyber warfare. Many journalists have told bits and pieces of the story since the attacks became public in 2010, but none have come close to telling the complete story. In Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon, Kim Zetter changes that situation. She takes an extremely complicated subject in terms of technical detail, political fallout, and philosophical conundrums and makes it easy for the security practitioner to understand. It is a masterful bit of juggling and story telling. It is cyber-security-canon worthy, and you should have read it by now.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Introduction</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Kim Zetter has been at WIRED magazine since 2003 and has become one of the cyber security community’s go-to journalists to explain what is really happening within the space. When I heard that she was writing a book about the Stuxnet attacks, I was thrilled. I knew if anybody could take on this complicated subject, Zetter could. One of the annoying truisms of keeping up with cyber security events in the news is that journalists rarely go back and attempt to tell a complete story. When cyber security events occur —like the Target breach, the Sony breach, and the Home Depot breach to name three — news organization print the big headlines initially and then trickle out new information over the next days and weeks as it becomes available. For cyber security professionals trying to keep up to date on industry news, we rarely get the opportunity to see the big picture in one lump sum. We are not going to get that kind of story in a news article. You need a book to cover the detail, and there have been some good ones in the past. Mark Bowden’s Worm — about the Conficker worm and the cabal that tried to stop it — is one good example.[1] Another is The Cuckoo’s Egg, which is about the first publicly documented cyber espionage attack in the late 1980s.[2] Zetter’s book Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon is the latest in the line, and it is really good.[3]</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">The Story</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Operation Olympic Games is the US military code name that refers to the first ever act of real cyber warfare. Many journalists have told bits and pieces of the story since the attacks became public in 2010, but none have come close to telling the complete story. In June 2012, David E. Sanger published an article in The New York Times proclaiming for the first time that the United States, in conjunction with Israel, was indeed behind the infamous Stuxnet malware attacks that targeted the Iranian nuclear enrichment plant at Natanz.[4] Sanger followed that article, along with others, with his book Confront and Conceal: Obama’s Secret Wars and the Surprising Use of American Power.[5] In his articles and this book, he gave details about the cyber operation called Operation Olympic Games, which I consider to be the first act of cyber warfare in the world. Because the story was so new and so complicated, many of the technical details surrounding the attacks did not fully emerge until well after Sanger published his book. I have tried to keep up with the story myself over the years and even presented versions of it at DEF CON[6] and RSA,[7] but I do not have the journalistic chops to tell the complete story, and this is where Zetter’s book shines. Whereas Sanger’s book focused on the US foreign policy implications of offensive cyber warfare using government insiders as the main source, Zetter’s book fills in the technical story behind the attacks by interviewing everybody in the public space who was involved in unraveling the Stuxnet mystery. Zetter writes clearly and succinctly about the timing of key researchers discovering new facts, describes how the researchers determined when the attackers first used key pieces of the attack code, and then feathered those technical events with what was happening in the political arena at the same time. It is a masterful bit of juggling and storytelling.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">The Code</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Because of Countdown to Zero, we now have a complete picture of how the attack code worked. Zetter goes into great detail about how the malware proliferated within the Iranian power plant at Natanz and after it escaped into the wild. She puts to bed the question of how may zero-day exploits the attackers used in the complete code set, what they were, and how effective they all were. She covers all of the versions of the malware from Stuxnet, to DuQu, to Flame, and to Wiper. She even covers some of the tools of the trade that the researchers used to decipher the code base.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: x-large;">SCADA</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">In Countdown to Zero, Zetter explains the significance of the critical and mostly unsecured supervisory control and data acquisition (SCADA) environments deployed in the United States today. These systems automatically control the flow of all power, water, and gas systems used within the United States and throughout most of the world. According to Zetter, </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><i>“There are 2,800 power plants in the United States and 300,000 sites producing oil and natural gas. Another 170,000Bottom of Form facilities form the public water system in the United States, which includes reservoirs, dams, wells, treatment facilities, pumping stations, and pipelines. But 85 percent of these and other critical infrastructure facilities are in the hands of the private sector, which means that aside from a few government-regulated industries—such as the nuclear power industry—the government can do little to force companies to secure their systems.”[3]</i></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">In my experience, the SCADA industry has always been at least 10 to 15 years behind the rest of the commercial sector in adopting modern defensive techniques, and Zetter provides a possible explanation for this delay:</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><i>“Why spend money on security, they argued, when none of their competitors were doing it and no one was attacking them?”[3]</i></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The significance of that statement becomes obvious when you realize that the same kinds of programmable logic controllers, or PLCs, that the United States exploited to attack Iran are deployed in droves to support the world’s own SCADA environments. The point is that if the United States can leverage the security weaknesses of these systems, then it is only a matter of time before other nation-states do the same thing and the rest of the world is no better defended against them than the Iranians were.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">The Philosophical Conundrum</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">In a broader context, Countdown to Zero highlights some philosophical conundrums that the cyber security community is only now starting to wrestle with. We have known about these issues for years, but Zetter’s telling of the story makes us reconsider them. Operation Olympic Games proved to the world that cyber warfare is no longer just a theoretical construct. It is a living and breathing option in the utility belt for nation-states to use to exercise political power. With Operation Olympic Games, the United States proved to the world that it is possible to cause physical destruction of another nation-state’s critical infrastructure using nothing but a cyber weapon alone. With that comes a lot of baggage. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The first is the intelligence dilemma. At what point do network defenders stop watching adversaries misbehave within their networks before they act to stop them? By acting, we tip our hand that we know what they are doing and how they are doing it. This will most likely cause the adversary team to change its tactics. Intelligence organizations want to watch adversaries as long as possible. Network defenders only want to stop the pain. This is an example of classic information theory. I first learned about information theory when I read about the code breakers at Bletchley Park during WWII. Because the allies had broken the Enigma cipher, the Bletchley Park code breakers collected German war plans before the German commanders in the field received them, but the Allies couldn’t act on all of the information because the Germans would suspect that the cipher had been broken. The Allies had to pick and choose what to act on. This is similar to what the Stuxnet researchers were wrestling with too. Many of them had discovered this amazing and dangerous new piece of malware. When do they tell the world about it?</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The next conundrum involves the national government and vulnerability discovery. Zetter discusses the six zero-day exploits used by Operation Olympic Games in the attacks against Iran. That means that the US government knew about at least six high-impact vulnerabilities within common software that the entire nation depends upon and did nothing to warn the nation about them. If another attacker decided to leverage those vulnerabilities against the United States’ critical infrastructure in the same way that the United States leveraged them against Iran, the results could have been devastating. The nation’s ethical position here is murky at best and criminal at worst. Added to that is the well-known practice of the private sector selling zero-day exploits to the government. Should the government even be in the business of buying weapons-grade software from private parties? Zetter offers no solutions here, but she definitely gives us something to think about.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Conclusion</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Zetter fills in a lot of holes in the Stuxnet story. In a way, it is a shame that it has taken five years to get to a point that the security community feels like it understands what actually happened. On the other hand, without Zetter putting the pieces together for us, we might never have gotten there. I have said for years that the Stuxnet story marked the beginning of a new era for the cyber security community. In the coming years, when it becomes common practice for nations-states to lob cyber attacks across borders with the intent to destroy another nation’s critical infrastructure, we will remember fondly how simple defending the Internet was before Stuxnet. Zetter’s book helps us understand that change. She takes a complicated subject and makes it easy to understand. Her book Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon is cyber-security-canon worthy, and you should have read it by now.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Sources</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[1] “The Cybersecurity Canon: Worm,” by Rick Howard, Unit 42, 4 February 2014, last visited 25 January 2015,</span></div>
<div>
<a href="http://researchcenter.paloaltonetworks.com/2014/02/cybersecurity-canon-worm/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://researchcenter.paloaltonetworks.com/2014/02/cybersecurity-canon-worm/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[2] “The Cybersecurity Canon: The Cuckoo’s Egg,” by Rick Howard, Unit 42, 24 December 2013, last visited 25 January 2015,</span></div>
<div>
<a href="http://researchcenter.paloaltonetworks.com/2013/12/cybersecurity-canon-cuckoos-egg/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://researchcenter.paloaltonetworks.com/2013/12/cybersecurity-canon-cuckoos-egg/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[3] “Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon,” by Kim Zetter, Published by Crown, 11 November 2014, last visited 25 January 2015,</span></div>
<div>
<a href="https://www.goodreads.com/book/show/18465875-countdown-to-zero-day?ac=1"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://www.goodreads.com/book/show/18465875-countdown-to-zero-day?ac=1</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[4] “Obama Order Sped Up Wave of Cyberattacks Against Iran,” by David E. Sanger, The New York Times, 1 June 2012, last visited 25 January 2015,</span></div>
<div>
<a href="http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?pagewanted=all"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?pagewanted=all</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[5] “The Cybersecurity Canon: Confront and Conceal,” by Rick Howard, Unit 42, 7 January 2014, last visited 25 January 2015,</span></div>
<div>
<a href="http://researchcenter.paloaltonetworks.com/2014/02/cybersecurity-canon-worm/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://researchcenter.paloaltonetworks.com/2014/02/cybersecurity-canon-worm/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[6] “Defcon-19-an-insiders-look-at-international-cyber-security-threats-and-trends,” by Rick Howard, DEF CON 19, 6 August 2011, last visited 25 January 2015,</span></div>
<div>
<a href="http://hmongbot.com/VVBqaDVuZElSbVRN"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://hmongbot.com/VVBqaDVuZElSbVRN</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[7] “Operation Olympic Games Is the Tom Clancy Spy Story that Changed Everything,” by Richard Howard, RSA Conference 2014, 28 February 2014, last visited 25 January 2015,</span></div>
<div>
<a href="http://www.rsaconference.com/events/us14/agenda/sessions/966/operation-olympic-games-is-the-tom-clancy-spy-story"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.rsaconference.com/events/us14/agenda/sessions/966/operation-olympic-games-is-the-tom-clancy-spy-story</span></a></div>
</div>
Rickhttp://www.blogger.com/profile/11140485584379281758noreply@blogger.com0tag:blogger.com,1999:blog-404553574933465315.post-6892821916416062772015-01-13T09:25:00.000-05:002015-01-13T09:25:18.919-05:00Book Review: Winning as a CISO (2005) by Rich Baich<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYPiCmnasfwNz2nTarzkTI2aQLkR3F1kOz-VUQ5tjFdr7J71pQ3s7s91SyEq7fF9QbdQULuQcmIH7OLq719gtouObv4HM3Wxz5tKH21GOUaxOQ0U7OATRmzK4Au1XDKlyYAToe2mZra6M/s1600/Winning+as+a+CISO+Cover.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYPiCmnasfwNz2nTarzkTI2aQLkR3F1kOz-VUQ5tjFdr7J71pQ3s7s91SyEq7fF9QbdQULuQcmIH7OLq719gtouObv4HM3Wxz5tKH21GOUaxOQ0U7OATRmzK4Au1XDKlyYAToe2mZra6M/s1600/Winning+as+a+CISO+Cover.jpg" height="320" width="224" /></a></div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Executive Summary</span><div>
<br /></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The latest candidate for the cyber security canon is Rich Baich’s <i>Winning as a CISO</i>. The roles of the chief information officer (CIO), the chief security officer (CSO), and the chief information security officer (CISO) in the modern enterprise have been constantly changing since we invented the need for such roles in the 1980s and 1990s. By the mid-2000s, the industry had settled on tucking the security function for an organization under the IT function of an organization. In other words, the CISO works for the CIO. But Baich is an innovative thinker. He has looked at how the CISO role has evolved over the years and makes a pretty good case for where it needs to go next. By asking questions about the appropriate supervisor for a CISO, a CISO’s needed skill set, and ways to approach the CISO job function, Baich breaks new ground on how the industry should views these topics. Our industry will be slow to adopt these new ideas, but with the rash of highly publicized and impactful data breaches to the retail sector in 2014, perhaps the industry is ready to start making a change. Reviewing Baich’s book is a good place to start. It is cyber-security-canon worthy, and you should have read it by now.</span></div>
<div>
<br /></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Introduction</span></div>
<div>
<br /></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The roles of the CIO, the CSO, and the CISO in the modern enterprise have been constantly changing since we invented the need for such roles in the 1980s and 1990s. I picked up Winning as a CISO because my boss handed it to me after he met the author, Rich Baich, at a security event. He said that Baich was a smart guy and had some interesting ideas about the modern CISO’s role in today’s environments. In this book, Baich explains some innovative thinking about what today’s CISOs should be responsible for, how they should fit into the organization, and how they might accomplish their tasks once they are established. In order to understand where Baich is coming from, it is useful to review the history of the CIO, CSO, and CISO roles in modern business.</span></div>
<div>
<span style="font-size: x-large;"><br /><span style="color: orange; font-family: Verdana, sans-serif;">CIO, CSO, and CISO History</span></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The idea of the C-suite did not really materialize until the 1920s when Alfred Sloan, the hugely successful chief executive officer (CEO) of General Motors, decided to distribute profit and loss (P&L) responsibility across his division managers in response to shareholder and regulator demand for more accountability.[1] </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Because of General Motors’ success with this new P&L model, business leaders across the world adopted it for their own organizations. That model lasted some 60 years until the 1980s when CEOs realized that in order to drive organizational change, they needed executives with technical and functional specialties.[1] CEOs began creating new C-level executive positions like chief marketing officers (CMOs), chief financial officers (CFOs), and, yes, CIOs. The idea of a C-level executive dedicated to security did not really emerge until the late 1990s, 10 years after the CIO position had become firmly established in modern business.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Steve Katz became the first CISO in 1995 when Citigroup created the role to respond to a highly publicized Russian malware incident.[2][3] Since then, the security industry specifically and business leadership in general have been thinking and rethinking the need and the responsibilities for such a person. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The first practitioners came out of the technical ranks. Vendor solutions to mitigate the cyber threat ran on networks and workstations. In order to manage those solutions, it was helpful to have people who understood that world, but this was a new thing for the techies; trying to translate technical risk to a business leader did not always go very well. Security techies have always been, and still are, passionate about their responsibilities. The early trailblazers tended to say “no” to any new project because of the potential security risk. The business leaders did not want to deal with these people who wanted to make organizational decisions with no thought about the bottom line. It became convenient to tuck these kinds of people underneath the CIO organization. CISOs began working for the CIO because, from the C-suite perspective, all of that technical stuff belonged in one basket, and the security people did not know how to talk to the business people.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">As business leaders began applying resources to mitigate cyber risk, other areas of security risk started to emerge: physical security, compliance, fraud prevention, business continuity, safety, ethics, privacy, brand protection, etc. The idea of the CSO role began to gain popularity with business leaders because they needed someone to look at the entire business, not just cyber security risk to the business, but general security risk to the business. CSO Magazine launched in 2002 to cater to that crowd.[4]. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">By the mid-2000s, the industry had settled on tucking the security function for an organization under the IT function for an organization. In other words, the CISO works for the CIO. This is not bad per se, and this arrangement works in many organizations. The IT folks generally handle the daily automation functions while the security teams have more of an oversight role in terms of security architecture, policy, risk assessment, and security operations. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Since then, the industry has been in flux. Not every company is organized the same way. While the CIO role has made its way to the senior executive suite in some companies (Intel Corp. and McAfee to name two), that is by no means the norm. The CSO role is likewise lagging. Both tend to be lodged at the second tier of executives in many companies. And while it is not universal, the CISO tends to work for the CIO.</span></div>
<div>
<br /></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">The Story</span></div>
<div>
<br /></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">All of this history is essential background to the key messages in Baich’s book <i>Winning as a CISO</i>. He published it in 2005 and was quite rightly taking a look at where the CISO role was heading next. He organized the book as a fictional story about an established company in which the CEO had decided to hire his first CISO. His executive leadership team – the CIO, the general counsel, and the chief operating officer (COO) – had to decide what the new CISO’s responsibilities were and where this individual would fit in the organizational structure. Once the CEO made those decisions, the newly hired CISO had to decide how to execute this new role.</span></div>
<div>
<br /></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">The Tech</span></div>
<div>
<br /></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The book is a quick read, with only 115 pages including the end credits, but it is a primer on what a CISO should do for any organization. In essence, any organization could use Baich’s book as a basic job description for a new CISO hire.</span></div>
<div>
<br /></div>
<div>
<span style="color: #e69138; font-family: Verdana, sans-serif; font-size: large;">What Are a CISO’s Responsibilities?</span></div>
<div>
<br /></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">When the story’s CEO brought his executive staff together to discuss the new position, he had them develop a list of responsibilities for the new hire. Here is the list:</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<ul style="text-align: left;">
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Security Architecture</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Incident Response</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Security Awareness</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Identity Management</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Security Policy Development and Compliance</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Due Diligence for Acquisitions and Mergers</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Risk Management[5]</span></li>
</ul>
</div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">I think this is a pretty good list of high-level responsibilities. Anything that comes up later that we might want the CISO to do can be easily shoehorned into one of these broad categories. Once the staff agreed to the responsibilities, the next step was to determine which senior executive should own them. In other words, which senior executive should the CISO work for? </span></div>
<div>
<br /></div>
<div>
<span style="color: #e69138; font-family: Verdana, sans-serif; font-size: large;">To Whom Does the CISO Report?</span></div>
<div>
<br /></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">All of the senior staff members had their perspectives. The CIO said, <i>“The CISO should report to the IT Department because the focus of information security is related to technology. Information security solves technology related risks.”</i>[5] The general counsel said, <i>“The CISO should report through the legal structure. [The] focus can be placed on compliance.”</i>[5] The COO said, <i>“The CISO will have to collaborate with all departments, and everyone, including the sales team will benefit, but the team member who will need to utilize the resulting information the most will be the COO. A clear understanding of the operational risk factors will enable the successful CISO to present to the COO with a rubric of important options.”</i>[5]</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The CEO weighed each of these perspectives and had a few of his own. He said that he did not want the new CISO to have to wrestle with any artificial organizational conflicts because he chose to put the position under one senior executive as opposed to another.[5] He said that putting the CISO under the CIO had a number of problems, but the most important one was that it created a conflict of interest. <i>“Reporting to the CIO would be like putting your boss on report.”</i>[5] The CISO’s job is to make things more secure, and sometimes that job may be in direct conflict with the CIO’s job of making things more efficient. With the CISO under the CIO, the organization automatically weights efficiency needs over security needs, and that obviates the reason to hire the CISO in the first place.[5]</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">An opposing view comes from Forbes reporter Howard Baldwin. He complained in March 2014 that he did not like recent changes he was seeing within organizations that had broken out the security function to be a peer to the CIO. He says that these CIOs are highly paid executives who can handle competing priorities.[6] In other words, the CIO can handle making decisions between security and efficiency. That is what we pay a person in this position to do.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">But that is not the point. In an interview by Jack Rosenberger, Eric Cole -- founder and chief scientist at Secure Anchor Consulting -- speculated on one of the reasons that may have contributed to the Target breach in 2014.[7] Cole said, <i>“It is almost a guarantee that Target had an amazing security team, and they were screaming and yelling about all of the security issues, but there was no advocate who was listening to them and fighting for their cause with the executives.”</i>[8] Cole is pointing out that of all the priorities the Target CIO had to juggle, security lost out. As Brian Krebs reported in the Guardian, <i>“Virtually all aspects of retail operations are connected to the Internet these days: when the security breaks down, the technology breaks down – and if the technology breaks down, the business grinds to a halt.”</i>[9] Before the breach, the pressure to keep the IT infrastructure up and running must have been immense for both the now-resigned CIO and the now-fired CEO. Krebs suggests that in hindsight, because of the breach’s devastating impact to the business, the Target CISO should not have worked for the CIO. It should have been the other way around.[9]</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">In Baich’s story, the CEO had reservations about putting the CISO under other staff organizations too. He said that putting the CISO under the general counsel <i>“would potentially position the Information Security department as an arm of the audit department.”</i>[5] According to Baich, auditing support is something the new CISO should help with, but based on the responsibilities the executive staff developed, the CISO’s role is much bigger.[5]</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The CEO ultimately put the CISO under the COO. To him, it made sense that the CISO position be perfectly positioned to support the entire organization and not one specific staff element. I think this makes sense. If loss associated with security is something that will potentially materially affect the business, it makes total sense to raise the platform of the person in charge of it to have a view of the entire organization and the power to affect change. If that is the case, then what skill sets are needed for the person who takes on that responsibility?</span></div>
<div>
<br /></div>
<div>
<span style="color: #e69138; font-family: Verdana, sans-serif; font-size: large;">What Skill Sets Does a CISO Need?</span></div>
<div>
<br /></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Once he decided whom the CISO should work for, the CEO turned again to his senior staff to determine what skill sets would be essential for success. Without fanfare, Baich lists these five attributes:</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<ul style="text-align: left;">
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Must have an MBA</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Prior budget or P&L experience</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">A proven ability to lead an effective information security organization</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Experience and skill as a change agent</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Ability to serve as an information security expert for the executive team[5]</span></li>
</ul>
</div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The last three skills are fairly standard for many senior job positions in any organization. The first two are where Baich is providing some innovative thinking. Requiring an MBA and P&L experience for a CISO, as a mandatory requirement, is not the common thinking in the industry, but it is spot on for where the industry needs to go. As I said earlier, most CISOs have come up through the technical ranks and have little if any business experience. This is probably the main reason that security teams and business teams have a hard time communicating with each other. By requiring a CISO to have business experience first, Baich flips the typical experience equation on its head. Instead of training highly technical employees to be proficient in business concerns at the mid- to latter parts of their careers, he is suggesting that we take traditional business people and train them to be proficient in managing security operations. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<blockquote class="tr_bq">
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><i>“If performing vulnerability assessments, configuring firewalls, and performing network forensics makes you happy then becoming Chief Information Security Officer may not be the right career choice for you.”[5]</i></span></blockquote>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Just like a traditional business person might find himself or herself as a general manager, product manager, finance officer, or marketing officer, Baich is suggesting we add security officer to the list, and I agree with him.</span></div>
<div>
<br /></div>
<div>
<span style="color: #e69138; font-family: Verdana, sans-serif; font-size: large;">How Do You Be a CISO?</span></div>
<div>
<br /></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">In Baich’s story, the CEO placed the CISO under the COO in order to give the position a matrixed view of the business. In that kind of environment, how does a CISO succeed? In spite of all the listed responsibilities this CISO has for the organization, Baich says that the most important implied responsibility for the CISO is running his or her organization like a business. The CISO needs to become the general manager of the security program.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<blockquote class="tr_bq">
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><i>“Ultimately, the success of any business, new or old, depends on a leader’s ability to build a team, market and sell the product, and run the business, still meeting the established measurements necessary to effectively operate the business.”[5]</i></span></blockquote>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Although the CISO in this story will bring in no revenue, this individual has to demonstrate to the business leadership the value of the position in other ways. The CISO must become a world-class internal marketing person for every aspect of the security program. It is not enough to make the organization more secure. The CISO’s efforts to do so must demonstrably show how the security program is helping the organization grow. </span></div>
<div>
<br /></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Conclusion</span></div>
<div>
<br /></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Baich is an innovative thinker. He has looked at how the CISO role has evolved over the years and makes a pretty good case for where it needs to go next. By asking questions about the appropriate supervisor for a CISO, a CISO’s needed skill set, and ways to approach the CISO job function, Baich breaks new ground on how to think about these topics. Baich published the book in 2005. Back then, there was not a lot of impetus to change the current situation, and I do not see the industry adopting these ideas any time soon. But with the rash of highly publicized and impactful data breaches to the retail sector in 2014, perhaps the industry is ready to make a change. It is obvious that the way we are doing it now is not working. Because of Baich’s innovative thinking about the next step in the evolution of the CISO role, Winning as a CISO is cyber-security-canon worthy, and you should have read it by now.</span></div>
<div>
<br /></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Sources</span></div>
<div>
<br /></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[1] “The C-suite: Time for version 3.0?” by Eamonn Kelly, Deloitte University Press, 31 March 31 2014, last visited 6 January 2014,</span></div>
<div>
<a href="http://dupress.com/articles/bus-trends-2014-c-suite-3-0/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://dupress.com/articles/bus-trends-2014-c-suite-3-0/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[2] “EVOLUTION OF THE CISO And the Confluence of IT Security & Audit,” by Thomas Borton, ISACA, 13 March 2014, last visited 30 May 2014,</span></div>
<div>
<a href="https://chapters.theiia.org/Orange%20County/IIA%20OC%20Presentation%20Downloads/2014%20Joint%20IIA%20ISACA%20Spring%20Conference/Tom%20Borton%20-%20Evolution%20of%20the%20CISO.pdf"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://chapters.theiia.org/Orange%20County/IIA%20OC%20Presentation%20Downloads/2014%20Joint%20IIA%20ISACA%20Spring%20Conference/Tom%20Borton%20-%20Evolution%20of%20the%20CISO.pdf</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[3] “Prominent Information Security Executives Steve Katz and Michael Barrett Join Fortscale's Advisory Board,” by Fortscale, PR Newswire: Market Watch, 8 January 2014, last visited 30 May 2014,</span></div>
<div>
<a href="http://www.marketwatch.com/story/prominent-information-security-executives-steve-katz-and-michael-barrett-join-fortscales-advisory-board-2014-01-08"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.marketwatch.com/story/prominent-information-security-executives-steve-katz-and-michael-barrett-join-fortscales-advisory-board-2014-01-08</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[4] “Decade of the CSO: Looking back at 10 years of change and progress - and forward to what lies ahead,” by Derek Slater, CSO Magazine, 1 October 2012, last visited 30 May 2014,</span></div>
<div>
<a href="http://www.csoonline.com/article/2132355/strategic-planning-erm/decade-of-the-cso.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.csoonline.com/article/2132355/strategic-planning-erm/decade-of-the-cso.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[5] “Winning as a CISO,” by Rich Baich, Published by Executive Alliance Publishing House, 2005, last visited 6 December 2014,</span></div>
<div>
<a href="https://www.goodreads.com/book/show/604622.Winning_As_a_Ciso?ac=1"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://www.goodreads.com/book/show/604622.Winning_As_a_Ciso?ac=1</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[6] “Point/Counterpoint: Who Should The CSO Report To?” by Howard Baldwin, Forbes, 25 March 2014, last visited 28 May 2014, </span></div>
<div>
<a href="http://www.forbes.com/sites/howardbaldwin/2014/03/25/pointcounterpoint-who-should-the-cso-report-to/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.forbes.com/sites/howardbaldwin/2014/03/25/pointcounterpoint-who-should-the-cso-report-to/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[7] “Reporting From the Web’s Underbelly,” by Nicole Perlroth, The New York Times, 16 February 2014, last visited 28 May 2014,</span></div>
<div>
<a href="http://www.nytimes.com/2014/02/17/technology/reporting-from-the-webs-underbelly.html?_r=0"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.nytimes.com/2014/02/17/technology/reporting-from-the-webs-underbelly.html?_r=0</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[8] “The Complicated Relationship Between CIOs and CSOs,” by Jack Rosenberger, CIO: Insight, 11 March 2014, last visited 28 May 2014,</span></div>
<div>
<a href="http://www.cioinsight.com/security/the-complicated-relationship-between-cios-and-csos.html/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.cioinsight.com/security/the-complicated-relationship-between-cios-and-csos.html/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[9] “What Target and Co aren't telling you: your credit card data is still out there,” by Brian Krebs, The Guardian, 6 May 2014, last visited 28 May 2014,</span></div>
<div>
<a href="http://www.theguardian.com/commentisfree/2014/may/06/target-credit-card-data-hackers-retail-industry"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.theguardian.com/commentisfree/2014/may/06/target-credit-card-data-hackers-retail-industry</span></a></div>
</div>
Rickhttp://www.blogger.com/profile/11140485584379281758noreply@blogger.com0tag:blogger.com,1999:blog-404553574933465315.post-1263879004278965392014-11-24T08:58:00.000-05:002015-08-02T13:14:32.106-04:00Book Review: Spam Nation: The Inside Story of Organized Cybercrime - from Global Epidemic to Your Front Door (2014) by Brian Krebs<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidSrD1CvYICdei8shJN93eHtGarwJK7l72Jyc1fRzRwdSzEfqSgSLAijuATqq1FlWBhYTpACfooioe5576PYkXaM24ijm-kr8zNOCxDrkloSX5E2NUFym_krefqO33l5bALltpIn0rSyQ/s1600/SPam+NAtion+Cover.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidSrD1CvYICdei8shJN93eHtGarwJK7l72Jyc1fRzRwdSzEfqSgSLAijuATqq1FlWBhYTpACfooioe5576PYkXaM24ijm-kr8zNOCxDrkloSX5E2NUFym_krefqO33l5bALltpIn0rSyQ/s1600/SPam+NAtion+Cover.jpg" width="212" /></a></div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Executive Summary</span><br />
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">In <i>Spam Nation</i>, Brian Krebs covers a key portion of our cyber security and cyber crime history: 2007–2013, that period when we started to learn about the Russian Business Network, bulletproof-hosting providers, fast-flux obfuscation, criminal best business practices, underground cyber crime forums, and strange-sounding botnet names like Conficker, Rustock, Storm, and Waledac. This period just happens to coincide with Krebs’s rise in popularity as one of the leading cyber security journalists in the industry. His relationship with two competitive pharmaceutical spammers—Pavel Vrublevsky and Dimitry Nechvolod—is a big bag of crazy and is the key storyline throughout the book. The competition between Vrublevsky and Nechvolod escalated into something that Krebs calls the Pharma Wars and Krebs gives us a bird’s-eye view into the details of that escalation that eventually destroyed both men and the industry they helped to create. Krebs’s weird symbiotic relationship with Vrublevsky is worth the read by itself. <i>Spam Nation</i> is definitely a cyber security canon candidate, and you should have read this by now.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Introduction</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">I have been a fan of Brian Krebs for many years. His blog, Krebs on Security, has been a mainstay of my recurring reading list since he started it in 2010 and even before when he was writing for The Washington Post. Since he struck out on his own, he has carved out a new kind of journalism that many reporters are watching to see how they might duplicate it themselves as journalism transitions from dead-tree printing to new media. Krebs’s beat is cyber security, and he is the leading journalistic authority on the underbelly of cyber crime. <i>Spam Nation </i>is a retelling— with more detail and more color—of some of the stories he covered from 2007 until about 2013 on a very specific sub-element of the cyber crime industry called pharmaceutical spam. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Many security practitioners will hear the phrase “pharmaceutical spam” and immediately start to nod off. Of all the problems they encounter on a daily basis, pharmaceutical spam is pretty low on the priority list. While that may be true, this subset of cyber crime is responsible for starting and maturing many of the trappings that we associate with cyber crime in general: botnet engines, fast-flux obfuscation, spamming, underground forums, cyber crime markets, good service as a distinguisher of criminal support services, and bulletproof-hosting providers.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">The Story</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The story really begins with Krebs’s weird symbiotic relationship with Vrublevsky (a.k.a. RedEye and Despduck). Vrublevsky was a Russian businessman and cofounder and former CEO of ChronoPay, the infamous credit card processing company that initially got started in the rogue anti-virus industry. I think it is safe to say that in his heyday, Vrublevsky was a bit of an extrovert. He followed Krebs’s blog religiously and would instigate long conversations with Krebs on stories that were fantastical, true, and everything in between. Vrublevsky would feed Krebs half-truths about what was going on in the industry and left it to Krebs to sort it out. Vrublevsky’s downfall was his deteriorating relationship with his former partner, Dimitry Nechvolod (a.k.a. Gugle). </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Vrublevsky and Nechvolod founded ChronoPay together in 2003, but by 2006, Nechvolod had left the company to pursue his own interests. He started two pharmacy spam operations called GlavMed and SpamIT. Because of the competition between these two men, the situation escalated out of control to something that Krebs calls the Pharma Wars, which ultimately scuttled the entire pharmaceutical spam industry, not just Vrublevsky and Nechvolod’s operations, but everybody else’s too. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Krebs’s main sources of information for this book came from leaked customer and operational databases from these two men. Although Vrublevsky and Nechvolod never admitted it, they both stole the other’s data and leaked it to Krebs. Krebs had many conversations with both Vrublevsky and Nechvolod about their side of the story, and Krebs even traveled to Moscow to interview Vrublevsky personally. From these conversations and other research done by Krebs, we get an inside view of how cyber crime operates in the real world. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Krebs set himself seven research questions:</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<ul style="text-align: left;">
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Who is buying the stuff advertised in spam and why?</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Are the drugs real or fake?</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Who profits?</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Why does the legitimate pharmaceutical industry seem powerless to stop it?</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Why is it easy to pay for the drugs with credit cards?</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Do customers have their credit card accounts hacked after buying?</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">What can consumers, policy makers, and law enforcement do [about this cybercrime]?</span></li>
</ul>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">For the most part, he answers all these questions. I will not spill the answers here, but I will tell you that I was surprised by every single one. I thought I knew this stuff, but Krebs provides the insight and research to make you re-evaluate what you think you know about illegal pharmaceutical spam operations.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><i>Spam Nation</i> is about the Brian Krebs’s story too. Traditional journalists reading this book are going to hate the fact the he plays a key role in most everything that he talks about in this book. His original reporting on bulletproof-hosting providers operating in the US and elsewhere—the Russian Business Network (RBN), Atrivo, and McColo—became that catalyst that eventually got them shut down. This got him noticed by Vrublevsky and started that weird relationship that ultimately led to Krebs receiving the databases from Vrublevsky and Nechvolod. It also led him to leave The Washington Post and to start his Krebs on Security blog.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">In the background, Krebs introduces us to the key players involved in the development and operations of some of the most infamous botnets that have hit the Internet community in recent history:</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<ul style="text-align: left;">
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Conficker worm (author: Severa; infected 9-15 million computers)</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Cutwail botnet (authors: Dimitry Nechvolod (Gugle) and Igor Vishnevsky; 125,000 infected computers; spewed 16 billion spam messages a day)</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Grum botnet (author: GeRA; spewed 18 billion e-mails a day)</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Festi botnet (operators: Artimovich brothers; delivered one-third of the total amount of worldwide spam)</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Rustock botnet (author: COSMA; infected 150,000 PCs; spewed 30 billion spam messages a day)</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Storm botnet (author: Severa).</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Waledac botnet (author: Severa; spewed 1.5 billion junk e-mails a day)</span></li>
</ul>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">From my reading, Krebs’s unintentional hero of his story is Microsoft. While Vrublevsky and Nechvolod were tearing each other apart and Krebs was trying to sift through what was true and what was not, Microsoft and other commercial, academic, and government organizations were quietly dismantling the infrastructure that these and other illicit operations depended on:</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<ul style="text-align: left;">
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">June 2009: 15,000 illicit websites go dark at 3FN after the Federal Trade Commission convinced a northern California judge that 3FN was a black-hat service provider. NASA did the forensics work.</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">November 2009: FireEye takes down the Mega-D botnet.</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">January 2010: Neustar takes control of the Lethic spam botnet.</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">March 2010: Microsoft takes down the Waledac botnet.</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">October 2010: Armenian authorities take down the Bredolab botnet.</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">March 2011: Microsoft takes down the Rustock botnet.</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">July 2011: Microsoft offers a $250,000 reward for information leading to the arrest and conviction of the Rustock botmaster.</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">July 2012: FireEye and Spamhaus take down the Grum botnet.</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">July 2013: Microsoft and the FBI take down 1,400 botnets using the Citadel malware to control infected PCs.</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">December 2013: Microsoft and the FBI take down the ZeroAccess botnet.</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">June 2014: The FBI takes down of the Gameover Zeus botnet.</span></li>
</ul>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">One takedown masterstroke came out of academia. George Mason University, the International Computer Science Institute, the University of California, San Diego, and Microsoft determined that 95 percent of all spam credit card processing was handled by three financial firms: one in Azerbaijan, one in Denmark, and one in Nevis (West Indies). They also pointed out that these financial firms were in violation of Visa’s own Global Brand Protection Program contract that required fines of $25,000 for transactions supporting the sale of Viagra, Cialis, and Levitra. Once Visa started levying fines, the financial firms stopped processing the transactions. The beauty of this takedown was that this was not a legal maneuver through the courts and law enforcement. It merely encouraged Visa to follow its own policy.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Cyber Crime Business Operations</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">For me, one of the most enjoyable parts of <i>Spam Nation</i> is the insight on how these criminal organizations operate. For example, Krebs highlights why pharmaceutical operations have great customer support: they want to avoid the penalty fees associated with a transaction when a buyer of illicit pills charges them with fraud. These are called chargebacks, and pharmaceutical customer support operations avoid them like the plague. These support operations require teams of software developers and technical support staff to be available 24/7.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Pharmaceutical operations have mature anti-fraud measures—equivalent to any legitimate bank’s anti-fraud measures—because they need to keep law enforcement and security researchers out of their business.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Most spammers do not make a lot of money. The top five do, but not everybody else. Krebs points out that it takes a multibillion dollar security industry to defend against a collection of criminals who are making a living wage.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">In terms of botnet management, operators rent out top-earning botnets to other operators who do not have the skill to build a botnet themselves. Renters purchase installs and seed a prearranged number of bots with an additional malicious program that sends spam for the affiliate. They pay the rent by diverting a portion of their commissions on each pill sale from spam. Sometimes, that commission is as high as 50 percent. That is why the small-timers do not make any money.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Operators launder their money in a process called factoring. They map their client transactions into accounts on behalf of previously established shell companies. They tell the banks that the shell companies are the true customers. Then the operators pay the clients out of their own pockets.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Russian law allows FSB agents (Federal Security Service, the successor to the Soviet Union’s KGB), while remaining in the service, to be assigned to work at enterprises and organizations at the consent of their directors. Twenty percent of FSB officers are engaged in this protection business called “Krusha" in Russian, which means “roof” and pharmaceutical spam operations use them as much as possible.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Partnerships, called partnerkas, between spammers and dodgy advertisers that act as an intermediary for potential sponsors are essential. In this way, sponsors keep their distance from the illicit aspects of the spam business and can unplug from one partnerka in favor of another whenever they want. Some refer to this as organized crime (think The Godfather), but it is more like a loosely affiliated network of independent operators.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">With all of these best business practices, you can see why the operators do not see themselves as criminals. They are just businesspeople trying to run a business.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">The Tech</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Cyber crime runs on technology. In the pharmaceutical spam business, some tech is unique, and other tech is shared with other kinds of cyber crime operations. Unique to pharmaceutical spam is a technique called black search engine optimization (Black SEO). Pharmaceutical spammers hack legitimate websites and insert hidden pages (IFrames) with loads of pharmaceutical websites links. The more links that the common search engines like Google and Bing index, the higher the pharmaceutical sites get in the priority list when normal users search for pills online.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Also unique to the pharmaceutical spam business is a good spam ecosystem. It must have the ability to keep track of how many e-mails the system delivered and how many recipients clicked the link. It must scrub e-mail addresses that are no longer active or are obvious decoys and harvest new e-mail addresses for future operations.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Not unique to pharmaceutical spam are the forums. Forums are the glue that allows the loosely affiliated network of independent operators to communicate with each other. Forums are a place that allows newbies an opportunity to establish a reputation and lowers the barriers to entry for a life of cyber crime. There are forums for every language, but most are in English. Members enforce a strict code of ethics so that members who are caught cheating other members are quickly banned. Social networking rankings give members a way to evaluate potential partners. A single negative post may cost an individual thousands of dollars. Because of that, most amicably resolve issues. Sometimes newbies get labeled as a “deer,” members who unintentionally break one of the forum’s rules. More-serious infractions might find a member in the blacklist subforum defending himself or herself from fraud allegations.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">New forums start all the time, but some have been in existence for more than a decade, indicating process maturity for self-policing, networking, and rapid information sharing. New forums allow open registration, but mature forums set up various hurdles for membership that are designed to screen out law enforcement and hangers-on. Most have sub-rooms for specialization such as the following:</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<ul style="text-align: left;">
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Spam</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Cyber banking fraud</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Bank account cash-out schemes</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Malicious software development</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">ID theft</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Credit card fraud</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Confidence scams</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Black SEO</span></li>
</ul>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Forums have many members (tens of thousands in some), but they exist to make money for the administrators. Admins offer additional services to improve the user experience. They offer escrow services—a small percentage of the transaction cost held until both sides agree that the other held up its end of the bargain—and stickies—ads that stay at the top of their sub-forums that range in price from $100 to $1,000 per month.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Conclusion</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">In <i>Spam Nation</i>, Brian Krebs covers a key portion of our cyber security and cyber crime history: 2007– 2013, that period when we started to learn about the Russian Business Network, bulletproof-hosting providers, fast-flux obfuscation, criminal best business practices, underground cyber crime forums, and strange-sounding botnet names like Conficker, Cutwail, Grum, Festi, Rustock, Storm, and Waledac. This period just happens to coincide with Krebs’s rise in popularity as one of the leading cyber security journalists in the industry. His story, and the story of two competitive pharmaceutical spammers who eventually destroyed the lucrative moneymaking scheme for all players, is a fascinating read. It is definitely a cyber security canon candidate, and you should have read this by now.</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Note: </span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"></span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><i>Spam Nation: The Inside Story of Organized Cybercrime - from Global Epidemic to Your Front Door </i>is a Cybersecurity Canon Inductee. Please visit the official page sponsored by Palo Alto Networks to read all the books from the Canon project.</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://paloaltonetworks.com/threat-research/cybercanon.html" target="_blank"><img border="0" height="224" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfkRoLce5gsnKaguJSswkwfzGE3CAf2sHwMdd0p3wce7lDNtgR8DZlYEFzva71XGMcB6fxgOGbwr2DDgosH9DYq4QJVPvVOqWiksMQhc-AtxxTIKmpn_-0fHm0UgkEFal23IRHFbKoAX4/s640/Cybersecurity_Canon+logo.png" width="640" /></a></div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Sources</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“Spam Nation: The Inside Story of Organized Cybercrime - from Global Epidemic to Your Front Door,” by Brian Krebs, published by Brilliance Audio, 18 November 2014, last visited 13 November 2014,</span></div>
<div>
<a href="https://www.goodreads.com/book/show/22839130-spam-nation?ac=1"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://www.goodreads.com/book/show/22839130-spam-nation?ac=1</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">References</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“Blue Security folds under spammer's wrath,” by Robert Lemos, Security Focus, 17 May 2006, last visited 13 November 2014,</span></div>
<div>
<a href="http://www.securityfocus.com/news/11392"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.securityfocus.com/news/11392</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“Click Trajectories: End-to-End Analysis of the Spam Value Chain,” by Kirill Levchenko, Andreas Pitsillidis, Neha Chachra, Brandon Enright, Mark Felegyhazi, Chris Grier, Tristan Halvorson, Chris Kanich, Christian Kreibich, He Liu, Damon McCoy, Nicholas Weaver, Vern Paxson, Geoffrey M. Voelker, and Stefan Savage, last visited 13 November 2014,</span></div>
<div>
<a href="http://cseweb.ucsd.edu/~savage/papers/Oakland11.pdf"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://cseweb.ucsd.edu/~savage/papers/Oakland11.pdf</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“Experts Warn of New Windows Shortcut Flaw,” by Brian Krebs, Krebs on Security, 10 July 2010, last visited 13 November 2014</span></div>
<div>
<a href="http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“Krebs on Security: In-depth security news and investigation,” by Brian Krebs, last visited 14 November 2014,</span></div>
<div>
<a href="http://krebsonsecurity.com/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://krebsonsecurity.com/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“PharmaLeaks: Understanding the Business of Online Pharmaceutical Affiliate Programs,” by Damon McCoy, Andreas Pitsillidis, Grant Jordan, Nicholas Weaver, Christian Kreibich, Brian Krebs, Geoffrey M. Voelker, Stefan Savage, and Kirill Levchenko, Usenix, August 2012, last visited 13 November 2014,</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: xx-small;"><a href="http://www.cs.gmu.edu/~mccoy/papers/pharmaleaks.pdf">http://www.cs.gmu.edu/~mccoy/papers/pharmaleaks.pdf</a> and</span></div>
<div>
<a href="https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/mccoy"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/mccoy</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“Russian Business Network Study,” by David Bizeul, 11 November 2007, last visited 12 November 2014,</span></div>
<div>
<a href="http://www.bizeul.org/files/RBN_study.pdf"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.bizeul.org/files/RBN_study.pdf</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“Shadowy Russian Firm Seen as Conduit for Cybercrime,” by Brian Krebs, The Washington Post, 13 October 2007, last visited 12 November 2014, </span></div>
<div>
<a href="http://www.washingtonpost.com/wp-dyn/content/article/2007/10/12/AR2007101202461.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.washingtonpost.com/wp-dyn/content/article/2007/10/12/AR2007101202461.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“The Partnerka – What Is It, and Why Should You Care?” by Dmitry Samosseiko, Sophos, Virus Bulletin, September 2009, last visited 13 November 2014,</span></div>
<div>
<a href="http://www.sophos.com/medialibrary/PDFs/technical%20papers/samosseikovb2009paper.pdf"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.sophos.com/medialibrary/PDFs/technical%20papers/samosseikovb2009paper.pdf</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“The Sleazy Life and Nasty Death of Russia’s Spam King,” by Brett Forrest, Wired Magazine, August 2006, last visited 13 November 2014,</span></div>
<div>
<a href="http://archive.wired.com/wired/archive/14.08/spamking.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://archive.wired.com/wired/archive/14.08/spamking.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“The Underground Economy of Spam: A Botmaster’s Perspective of Coordinating Large-Scale Spam Campaigns,” by Brett Stone-Gross, Thorsten Holz, Gianluca Stringhini, and Giovanni Vigna, last visited 13 November 2014,</span></div>
<div>
<a href="https://www.iseclab.org/papers/cutwail-LEET11.pdf"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://www.iseclab.org/papers/cutwail-LEET11.pdf</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“Top Spam Botnets Exposed,” by Joe Stewart, SecureWorks, 8 April 2008, last visited 13 November 2014,</span></div>
<div>
<a href="http://www.secureworks.com/cyber-threat-intelligence/threats/topbotnets/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.secureworks.com/cyber-threat-intelligence/threats/topbotnets/</span></a></div>
</div>
Rickhttp://www.blogger.com/profile/11140485584379281758noreply@blogger.com1tag:blogger.com,1999:blog-404553574933465315.post-4958052773626528402014-11-11T00:24:00.001-05:002014-11-11T00:35:53.548-05:00Book Review: The Practice of Network Security Monitoring: Understanding Incident Detection and Response (2013) by Richard Bejtlich<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnGtKnRryOmI6_ZRsT3UN4BCtgltAUw1wxoT0MD62YupbDLGlgANr0Ou7fj4fy_J9sZb5IV_QoktSIrRnzPCpr9yatsfRV9OjEnjcwlI3srvAGMJAQhBe5koBGQDHR53paOVmg_IC0_0E/s1600/The+Practice+of+Network+Security+Monitoring-+Understanding+Incident+Detection+and+Response++Cover.jpeg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnGtKnRryOmI6_ZRsT3UN4BCtgltAUw1wxoT0MD62YupbDLGlgANr0Ou7fj4fy_J9sZb5IV_QoktSIrRnzPCpr9yatsfRV9OjEnjcwlI3srvAGMJAQhBe5koBGQDHR53paOVmg_IC0_0E/s1600/The+Practice+of+Network+Security+Monitoring-+Understanding+Incident+Detection+and+Response++Cover.jpeg" height="320" width="241" /></a></div>
<span style="font-size: x-large;"><span style="color: red; font-family: Verdana, sans-serif;">Executive Summary</span><br /><br /><span style="font-family: Times, Times New Roman, serif;">Richard Bejtlich is one of the most respected security practitioners in the community. If he publishes something, we should all take notice. In <i>The Practice of Network Security Monitoring</i>, Bejtlich provides the theory and the hands-on tutorial on how to do network security monitoring the right way. The book is a primer on how to think about network security monitoring and incident response. </span></span><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">For seasoned security practitioners, working through the examples in this book will only increase your understanding of the subject. </span><span style="font-size: x-large;"><span style="font-family: Times, Times New Roman, serif;">For the beginners in the crowd, </span></span><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Bejtlich</span><span style="font-size: x-large;"><span style="font-family: Times, Times New Roman, serif;"> provides step-by-step instructions on how to install, configure, and use some of the best open-source tools available that will help any security program improve its network security monitoring capability. Newbies working through the examples in this book will demonstrate to themselves, once and for all, if they have what it takes to work in this field. This book is absolutely a Cybersecurity Canon Candidate and you should have read it by now.</span></span><br />
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: x-large;">Introduction</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">I have been a fan of Bejtlich for a long time. He has been a cyber security book reviewer for many years and he was the inspiration for me to start doing my own book reviews. He is a no-nonsense kind of guy and has been practicing and advancing the craft of network security monitoring and incident response since he started in the industry as a US Air Force officer in 1998. Since then, he has risen in the ranks at some prominent security-minded companies—Foundstone, ManTech, and GE—and today he is the chief security strategist for FireEye. He knows a thing or two about network security monitoring and response. I happen to agree with his general philosophy of cyber security defense, and this book provides an introduction to that philosophy as well as an in-depth, hands-on look at the best open-source tools available. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The book is a primer on how to think about network security monitoring and incident response, and for the beginners in the crowd, it provides step-by-step instructions on how to install, configure, and use some of the best open-source tools available that will help any security program improve its network security monitoring capability.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">I am often asked what skills a wannabe cyber security analyst needs to get into the cyber security industry. My glib go-to answer, and the first question I ask any candidates asking to work for me is, can you install a Linux distribution on your home computer? If a newbie cannot get through that basic exercise, he or she should probably seek employment somewhere else. After reading this book though, I plan to up my game. My new question is, can you work through all of the examples in this book and make sense of it all? If you can, you may have a future in the cyber security industry as a SOC analyst or an incident responder. If you struggle with this book, then cybersecurity might not be for you.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: x-large;">The Network Security Monitoring Story</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">In my own career, I have routinely seen organizations buy and deploy every shiny and new cybersecurity tool that they could get their hands on and deploy them within the enterprise. Their leadership’s grand strategy seemed to be that shiny equals good. In my early days, I may have even subscribed to that theory. Today, I do not have the energy to chase every bright light that appears on the cyber security market. I mostly just want to see what I have already deployed work the way that I thought it should when I originally bought it. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: x-large;">Network Security Monitoring Is More Than Just a Set Of Tools</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Buying and deploying new technology is relatively easy compared to training the people and developing the processes necessary to fully use it. Organizations tend to forget this. They think that if they just buy the latest tool—pick your tool, it does not matter which one—that it will miraculously configure itself, monitor itself, and forcefully eject any intruders by itself. In the real world, this does not happen. Bejtlich agrees: </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><i>“Products and technologies are not solutions. They are just tools. Defenders (and an organization’s management) need to understand this. No shiny silver bullet will solve the cybersecurity problem. Attacks have life cycles, and different phases of these life cycles leave different evidence in different data sources that are best exposed and understood using different analysis techniques. Building a team (even if it is just a team of one) that understands this and knows how to effectively position the team’s assets (including tools, people, and time) and how to move back and forth between the different data sources and tools is critical to creating an effective incident response capability.”[1] </i></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">In a previous job, I had all of the best toys pumping mountains of data to a 24/7 security operations center, but finding an advanced adversary in all of that data was way too hard. The SOC analysts performed Herculean tasks, but we did not have the processes in place, nor the people trained to develop the processes, to fully use all of that advanced technology. It was frustrating. The bottom line is that if you buy the tool, make sure you spend some resources training your people and developing a plan to incorporate the tool into your overall security program.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Bejtlich also says that your traditional tools are not going to help much with our brand new cloud environments.[1] Customers of cloud environments just do not have access to the networks that a network security monitoring team needs. As we move more and more to the cloud, this can be either a liability or a major opportunity for a young entrepreneur to solve the problem.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: x-large;">Operate Like You Are Compromised: Kill Chain Analysis</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">In a previous blog, I said that kill chain analysis is one of the three great innovations that have come down the pipe from the security community this past decade.[2] Bejtlich says that Lockheed Martin’s paper on kill chain analysis[3] is unique because followers of the philosophy align their security program along the same lines that adversaries must use to penetrate their victim’s network. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">He confirms the notion that I have had for a few years now that the very old “defense-in-depth” model—which we all adopted in the early 1990s to keep the adversary out of our networks—is dead. It is simply not possible. On the other hand, it does not necessarily mean that you have a disaster on your hands just because one or more adversaries manage to work their way down a couple of links of your kill chain.[3] The idea is to detect these adversaries before they can accomplish their ultimate goal: crime, espionage, hacktivism, warfare, mischief, or whatever. Bejtlich says, </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><i>“Prevention eventually fails … Rather than just trying to stop intruders, mature organizations now seek to rapidly detect attackers, efficiently respond by scoping the extent of incidents, and thoroughly contain intruders to limit the damage they might cause.”[1]</i></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">My own personal goal is early detection, quick eradication, and automatic prevention of those observed attacks going forward before these adversaries can claim victory. With the old defense-in-depth model, we were trying to prevent all penetrations into the network. Bejtlich says,</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><i>“It’s become smarter to operate as though your enterprise is always compromised.”[1]</i></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Kelly Jackson Higgins interviewed Steve Adegbite, the director of cyber security for Lockheed Martin (LM), in 2013 regarding how LM used kill chain analysis to discover that the company’s RSA token deployment had been compromised.[4] Adegbite said that</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><i>"The goal of the Kill Chain is to make sure [the adversaries] don't get to step 7 [of the Kill Chain] and exfiltrate.”[4]</i></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">In other words, it is acceptable for adversaries to penetrate your networks as long as you have installed the processes to contain the damage they might cause. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: x-large;">Network Security Monitoring as a Decision Tool, Not a Reaction Process</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Bejtlich’s take on network security monitoring is subtly different than what I would expect from most other security practitioners who have not had a lot of experience actually doing it. According to Bejtlich, these practitioners use network security monitoring for forensics and troubleshooting.[1] His take is to use the discipline as a decision tool for how to contain the detected adversary. He also believes you have to measure your team’s effectiveness by measuring things like </span></div>
<div>
<ul style="text-align: left;">
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">How long it takes to detect adversaries once they have entered your network</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">How long it takes to contain adversaries once you have detected them</span></li>
</ul>
</div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">In the 2014 Verizon Data Breach report,[5] researchers show that of the 1,367 known data breaches in 2013, security teams discovered less than 25 percent of them (341) within days of the initial compromise. Security teams discovered the rest (1,026) many days and weeks later. Bejtlich says that for a network security monitoring program do be effective, teams must measure how they reduce that time.[1]</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: x-large;">Incident Response and Threat Intelligence Go Together</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Bejtlich talks about the various approaches to handle a breach within your organization. Some incident response teams elect to identify the compromised asset, take it offline, maybe do some forensics on it, re-image it, and then put it back online so that they can wait for the next breach to happen. I call this the whack-a-mole approach to incident response. This process provides you no context about what the adversaries did and why. Other organizations engage their threat intelligence group and are able to understand the impact of what these adversaries are trying to accomplish. Bejtlich explains that incident response teams can frame the attacks from different perspectives: a threat-centric approach andBottom of Form an asset-centric approach.[1] He says that threat intelligence teams track adversaries by campaigns but that incident response teams respond to the adversary’s actions in waves.[1] He provides practical guidance about what kind of skills and capabilities an incident response team and intelligence team require.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">So that’s the story: build a network security monitoring program by deploying the right tool, training your people how to use the tool properly, and developing the processes necessary to incorporate the tool into the overall program. Assume that your network is already compromised, and aggressively track adversaries down the kill chain. Remember, the network security monitoring team’s goal is to prevent adversaries from accomplishing their goals. Use the program to make decisions about how to contain the adversary quickly and efficiently, and use your intelligence team to understand the context of how and why the adversary is attacking your network.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Let’s talk about the tech.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: x-large;">The Network Security Monitoring Tech</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">This is where it gets really good. The theory is one thing—and I like the theory part—but the actual doing is what really matters. Bejtlich provides a hands-on tutorial on how to deploy the best open-source tools to do network security monitoring. If you are a young person thinking that you want to be a cyber security professional or if you are transitioning careers and you think cyber security is something you can handle, get this book and work through the examples. If you can do them, then I want to talk to you about a job. If you can’t, then maybe consider a less technically demanding career.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Bejtlich says that there are two types of network security monitoring data: full content and extracted content. He says that network security monitoring tools help analysts review these different data types and make a decision about containment based on an organization’s network security process. [1] He points practitioners to Doug Burks’ Security Onion (SO) distribution to get three types of tools: data collection, data presentation, and packet analysis.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: x-large;">Data Collection Tool: </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<ul style="text-align: left;">
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Argus</span></li>
</ul>
</div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: x-large;">Data Presentation Tools:</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<ul style="text-align: left;">
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Tcpdump</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Tshark (the command line version of Wireshark)</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Argus’s Ra client</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Dumpcap in concert with Tshark</span></li>
</ul>
</div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif; font-size: x-large;">Packet Analysis Tools:</span></div>
<div>
<ul style="text-align: left;">
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Wireshark</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Xplico</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">NetworkMiner</span></li>
</ul>
</div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: x-large;">Conclusion</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Richard Bejtlich is one of the most respected security practitioners in the community. If he is speaking somewhere, take the time to hear what the man has to say. The same goes for his writing. If he publishes something, we should all take notice. In <i>The Practice of Network Security Monitoring</i>, Bejtlich provides the theory of and the hands-on tutorial on how to do network security monitoring the right way. He tells you why you should be doing it and how it should work together, and he gives you step-by-step instructions on how to deploy and use the best open-source tools available. If you are already a seasoned security practitioner, working through the examples in this book will only increase your understanding of the subject. If you are a newcomer to the subject, working through the examples will indicate once and for all if you have what it takes to work in this field. This book is absolutely a cyber security canon candidate, and you should have read it by now. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: x-large;">Sources</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[1] "The Practice of Network Security Monitoring: Understanding Incident Detection and Response, " by Richard Bejtlich, No Starch Press, 2 August 2013, last visited 29 September 2014,</span></div>
<div>
<a href="https://www.goodreads.com/book/show/17346927-the-practice-of-network-security-monitoring?ac=1"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://www.goodreads.com/book/show/17346927-the-practice-of-network-security-monitoring?ac=1</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[2] "Help Me Obi Wan – You’re My only Hope: Three Cyber Security Innovations to Give You Courage," by Rick Howard, Terebrate, 10 June 2013, last visited 30 September 2014,</span></div>
<div>
<a href="http://terebrate.blogspot.com/2013/06/help-me-obi-wan-youre-my-only-hope.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://terebrate.blogspot.com/2013/06/help-me-obi-wan-youre-my-only-hope.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[3] "Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains," by Hutchins, Cloppert & Amin, Lockheed Martin Corp., 2011, last visited 29 September 2014,</span></div>
<div>
<a href="http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[4] "How Lockheed Martin's 'Kill Chain' Stopped SecurID Attack," by Kelly Jackson Higgins, DarkReading, 12 February 2013, last visited 30 September 2014,</span></div>
<div>
<a href="http://www.darkreading.com/attacks-breaches/how-lockheed-martins-kill-chain-stopped-securid-attack/d/d-id/1139125?itc=edit_in_body_cross"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.darkreading.com/attacks-breaches/how-lockheed-martins-kill-chain-stopped-securid-attack/d/d-id/1139125?itc=edit_in_body_cross</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[5] "2014 DATA BREACH INVESTIGATIONS REPORT," by Verizon, 2014, last visited 1 October 2014,</span></div>
<div>
<a href="file:///C:/Users/rhoward/Downloads/rp_Verizon-DBIR-2014_en_xg.pdf"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.verizonenterprise.com/DBIR/2014/</span></a></div>
<div>
<br />
<br />
<br /></div>
</div>
Rickhttp://www.blogger.com/profile/11140485584379281758noreply@blogger.com1tag:blogger.com,1999:blog-404553574933465315.post-69663473290799010032014-08-20T00:19:00.000-04:002014-08-20T00:27:57.755-04:00Book Review: Lexicon (2013) by Max Barry<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIf6JoEMu09WGnURo6bW6B3c7HfA_yiuvkoVSjyIED0nWSYqYp3itU4XP2acpUYmtZ9bb9OdXnZcXbQawj_3fM5eETkG280ZDWIZ6G4veT0fUp8K2O3n9T3i4a_YpoQ7-6dEKG6QNkxYA/s1600/Lexicon.jpeg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIf6JoEMu09WGnURo6bW6B3c7HfA_yiuvkoVSjyIED0nWSYqYp3itU4XP2acpUYmtZ9bb9OdXnZcXbQawj_3fM5eETkG280ZDWIZ6G4veT0fUp8K2O3n9T3i4a_YpoQ7-6dEKG6QNkxYA/s1600/Lexicon.jpeg" height="320" width="211" /></a></div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: x-large;">Executive Summary</span><br />
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><i>Lexicon</i> is an exciting story that is really about social engineering taken to the nth degree. It is not a cyber security canon candidate, however, because it does not meet the criteria established last year,[3] but it does share some connective tissue with one of my favorite canon candidates, <i>Snow Crash</i>, and offers some practical advice about how modern media consumers can protect themselves from media manipulation. This is not a must-read for the cyber security professional, but it is wonderful beach read if you are looking for something fun to take with you on your next vacation.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: x-large;">Introduction</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><i>Lexicon</i>[1] is not a cyber security canon candidate because it really does not talk about anything specific to cyber security, but it shares its premise about the origination of human language with a candidate-favorite called <i>Snow Crash</i>.[2][3] It is a run-and-gun conspiracy thriller in which the evil cabal, called the Poets, has mastered the art of persuasion to such a degree that its members can manipulate individuals, groups, and the media to accomplish their goals. They do this by analyzing the target in terms of emotional, intellectual, and personality state to discover just the right “trigger words” that will completely destroy any resistance in the target’s mind. As the author, Max Barry, compels the reader to turn just one more page with this adventure, he also makes the reader think about the implications of manipulation attempts in our own society, the origins of languages in the human world and why there are so many, the more banal implications of the state collecting surveillance data on individual citizens, and the implications of our own bias as we consume information from the media.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: x-large;">The Story</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">After they receive extensive training on Poet techniques at an exclusive private school in Virginia, very similar to the <i>Harry Potter's</i> Hogwarts School of Witchcraft and Wizardry, newly graduated Poets receive their code names. The Poets’ leader is called W. B. Yeats. The main heroine is called Virginia Woolf, and her mentor is called T. S. Eliot.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The Poets did not start out as evil. At the beginning, they simply learned how to manipulate individuals by quickly assessing their target’s mental state and looking for weakness. One consequence of that practice is that they learned how to hide their own weaknesses from their fellow Poets to prevent manipulation from within. Because of that active suppression of sharing intimate details with their friends and loved ones, their ability to sympathize with the non-Poet population, and even their own members, eroded over the years to the point that the Poets’ leadership considered non-Poets to be nothing more than another form of cattle to be managed and experimented on in order to fulfill the Poets’ goals. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Before she became Woolf, Emily was a prodigy. Poet recruiters plucked her off the streets at a young age because of her con-man skills and sent her to the private school in Virginia. But she is a rebel. She fights the suppression of her personality and is eventually exiled to a small and remote Australian town called Willow Creek until she becomes mature enough to handle the discipline it takes to be a full-fledged Poet.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">There is the inevitable falling out between the Poets’ leadership and a group of Poets that feel the organization has gone too far. That confrontation is the catalyst to the entire story. Poet researchers discover something they call a “Bear Word”: a word so powerful that, when issued with a command, will compel any human to immediately comply. The Poets’ leader, Yeats, decides to experiment with the Bear Word at Willow Creek, which is now the home of the story’s prodigy, Emily. Yeats deploys the Bear Word with the command of “Kill” at the local hospital to see what will happen. Every person who sees the command immediately attempts to comply. The town becomes a bloodbath that is similar in scope to any modern-day zombie movie. Because of the actions taken at Willow Creek, the Poet organization fractures into two groups: supporters of Poets and disgruntled former members. Yeats begins to terminate any former colleagues who oppose him. How this manifests, and how Emily figures into the story, is the basis for the run-and-gun action.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: x-large;">The Tech</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The tech in this book is not Internet gadgetry. There are no computer hacks in the story, but the entire Poet skill set is really social engineering on a grand scale. Although the Poets’ ability to manipulate individuals and groups is purely the result of Barry’s wonderful imagination, some of the skill sets he portrays for defending against manipulation are more practical.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">One important skill in this defense is an understanding of how news organizations present information to the masses. Most news organizations try to present the facts as they currently know them. Many try to report objectively. The news consumer must remember, however, that the news people within the media are making choices about what to put into a story and what to leave out. News people also do not have to prove anything. They can imply. In most cases, the consumer will probably never hear anything more about a particular story. By choosing which facts to present and which facts to leave out, the news organization can lead consumers down the path for them to make their own conclusions about what happened without actually having to state it out loud.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">This leads to the second important skill in the defense against manipulation: getting out of your comfort zone and consuming information from media outlets that you do not agree with. Especially today, when every issue is so polarizing, it is easy to tune into your media outlet of choice—Bill O’Reilly on the right and John Stewart on the left to name two—and hear spoken back to you exactly what you want to hear because you already totally agree with it. By staying within their own political media information bubble, consumers get manipulated into thinking that their side is the only reasonable way to think about any particular issue, and that is simply just not the case.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: x-large;">Conclusion</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-size: x-large;"><span style="font-family: Times, Times New Roman, serif;"><i>Lexicon</i> is an exciting story about social engineering. It is not a cyber security canon candidate because it does not meet the criteria established last year,[3] but it does share some connective tissue with one of my favorite canon candidates, Snow Crash, and offers some practical advice about how modern media consumers can protect themselves from media manipulation. The story is really about social engineering taken to the nth degree. I personally loved the idea that an evil cabal could be run by a group of literature majors using their favorite poets’ names as code names. This is not a must-read for the cyber security professional, but it is wonderful beach read if you are looking for something fun to take with you on your next vacation.</span><br /><br /> <br /><span style="color: red; font-family: Verdana, sans-serif;">Sources</span></span></div>
<div>
<span style="font-size: x-large;"><span style="color: red; font-family: Verdana, sans-serif;"><br /></span></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[1] “Lexicon,” by Max Barry, published by Penguin Press, June 2013, last visited 1 August 2014,</span></div>
<div>
<a href="https://www.goodreads.com/book/show/16158596-lexicon?ac=1"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://www.goodreads.com/book/show/16158596-lexicon?ac=1</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[2] "Book Review: Snow Crash by Neal Stephenson (1992)," by Rick Howard, Terebrate, 10 November 2013, last visited 1 August 2014,</span></div>
<div>
<a href="http://terebrate.blogspot.com/2013/11/book-review-snow-crash-by-neal.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://terebrate.blogspot.com/2013/11/book-review-snow-crash-by-neal.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[3] "Books You Should Have Read by Now," by Rick Howard, Terebrate, 16 February 2014, last visited 1 August 2014,</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: xx-small;"><a href="http://terebrate.blogspot.com/2014/02/books-you-should-have-read-by-now.html">http://terebrate.blogspot.com/2014/02/books-you-should-have-read-by-now.html</a> </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: x-large;">References</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">"'Lexicon,' a Thriller by Max Barry," by Graham Sleight, The Washington Post, 15 July 2014, last visited 1 August 2014,</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.washingtonpost.com/entertainment/books/lexicon-a-thriller-by-max-barry/2013/07/15/409b5988-e8a7-11e2-a301-ea5a8116d211_story.html</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">"Lexicon Could Be Max Barry's Smartest Dystopia Yet," by Michael Ann Dobbs, Io9, 31 July 2014, last visited 1 August 2014,</span></div>
<div>
<a href="http://io9.com/lexicon-could-be-max-barrys-smartest-dystopia-yet-588289850"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://io9.com/lexicon-could-be-max-barrys-smartest-dystopia-yet-588289850</span></a></div>
</div>
Rickhttp://www.blogger.com/profile/11140485584379281758noreply@blogger.com0tag:blogger.com,1999:blog-404553574933465315.post-84791270463561542712014-06-30T14:58:00.000-04:002014-06-30T14:59:19.405-04:00Book Review: No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State (2014) by Glenn Greenwald<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipWveYR7EgX5vgpsFkeRuk2MyfmJpdpEfzXCS-NL0tW2xenikVWmLF1hkP0SJl8soXW1trbBWyXA-VKTZ2qsXfpTNcu16IPaTClIPKIK9l5ejKP42zIcJqltyc-F3ZDU92tAPO-Phg8qI/s1600/No+Place+to+Hide+Book+Cover.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipWveYR7EgX5vgpsFkeRuk2MyfmJpdpEfzXCS-NL0tW2xenikVWmLF1hkP0SJl8soXW1trbBWyXA-VKTZ2qsXfpTNcu16IPaTClIPKIK9l5ejKP42zIcJqltyc-F3ZDU92tAPO-Phg8qI/s1600/No+Place+to+Hide+Book+Cover.jpg" height="320" width="212" /></a></div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: x-large;">Executive Summary</span><br />
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">No Place to Hide is a strange concoction: part exposé, part autobiography, and part screed “against the man.” It is not what I would call an example of rigorous journalistic reporting. It is more like storytelling with commentary. The story part includes the details of when and where Edward Snowden stole a treasure trove of classified U.S. government documents regarding warrantless mass surveillance of U.S. citizens and released them to a select few journalists. It also includes the details of how the author, Glen Greenwald, corralled the story and how that has affected his life.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The commentary part includes what Greenwald feels about the impact of Snowden’s released documents. He discusses how the documents show just how deep the rabbit hole goes in terms of mass surveillance against U.S. citizens, U.S. allies, and potential enemies. He argues that Snowden is really a hero and not a traitor and highlights how the government’s response to the debate is to attack the messenger and not the issues. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Governments have a lot of opportunities to present their side to this debate. Greenwald is one voice on the other side that has grabbed center stage because of his relationship with Edward Snowden. Because of that, we should pay attention to what he has to say. Despite the less-than-stellar journalistic rigor, No Place to Hide is a cyber security canon candidate, and you should have read it by now. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: x-large;">Introduction</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Glenn Greenwald and other journalists began releasing a seemingly endless supply of classified U.S. government documents to the public in summer 2013. Those documents describe just how deep the rabbit hole goes in terms of U.S. government surveillance of its own citizens and allies and in terms of potential threats to the U.S. government.[1][2] Ever since, politicians, military leaders, and talk show pundits alike have attempted to characterize Edward Snowden—the man who stole the documents from the NSA and released them to the journalists—in an unfavorable light. They say he is a traitor.[3] They say he is a coward.[4] They say he is a spy.[5] They say he is a hacker.[6] They say he was just a low-level analyst with no understanding of the impact of what he did.[7] They say he was an insider threat.[8] But all of these characterizations, whether they turn out to be true or not, divert the conversation away from the main issue. None of these accusations address the most pressing question that we all, as American citizens, should be asking ourselves: Should the U.S. intelligence community be allowed to spy on U.S. citizens without the benefit of a warrant and without the benefit of a checks-and-balances system managed by a trusted third party? Glenn Greenwald does not think so and wrote No Place to Hide to make the case.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The book is a strange concoction: part expose, part autobiography, and part screed “against the man.” Greenwald tries to accomplish many tasks here, and I think because of that, the important messages within it are not as clear as they should be. He tries to set the record straight on the mechanics of how Snowden was able to position himself with two U.S. government contractors—Dell and Booze Allen Hamilton—and as an employee of the NSA and the CIA in order to steal secrets that exposed the U.S. government’s surveillance programs on U.S. citizens. But Greenwald does not provide enough detail to make sense of the story. Readers must seek other sources to fill in the gaps. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">He attempts to make the case that government-sponsored, unwarranted, and secret searches of American citizens is a trespass on the U.S. Constitution and America’s notions on privacy rights, but his argument is fuzzy. Everything Greenwald says is absolutely true, but the way he says it is not convincing. If you want a concise and elegant explanation why this is an issue that everyone should be concerned about, not just U.S. citizens but all citizens from around the world, watch Stephen Fry’s short video on the subject.[9]</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">He also launches an attack on the Fourth Estate, claiming that journalism has completely failed in its presumed adversarial role against the government and has not monitored and checked abuse of state power. He loses his credibility because instead of writing about the story, he is writing about himself in the story. It comes across as whiny.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">And I am disappointed. I was hoping for the same gladiatorial panache that Greenwald displayed in the “Munk Debate on State Surveillance” in May [10] in which he peppered former NSA Director Michael Hayden with questions, but this panache was absent in No Place to Hide.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">That said, this is an important book. Without Greenwald putting constant pressure on the American political establishment in order to challenge the need for such invasive programs, we would not be talking about it now a full year after the initial revelation in the Guardian newspaper in June 2013. And I believe we all must continue to talk about it. Just because No Place to Hide is not as clear as it could or should be does not mean that it does not have value.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">This debate about how intrusive the U.S. intelligence community can be on American citizens, on American allies, and on potential American threats and about what the American political leadership decides to do about it will impact the character of the country forever. We have to get this right.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<br /></div>
<div>
<span style="font-size: x-large;"><span style="color: red; font-family: Verdana, sans-serif;">The Law</span></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">In order to understand the significance of the situation, we have to start with the Founding Fathers. According to Greenwald, they passed the Fourth Amendment because of their experience with the British before and during the American Revolution.[1] The Founders agreed that it was acceptable for a government to search individual citizens if it had probable cause of wrongdoing and produced a warrant approved by a judge attesting to the fact, but they viewed the practice of a government using a general warrant to make the entire citizenry subject to indiscriminate searches as inherently unacceptable.[1] The language in the Fourth Amendment to the U.S. Constitution is simple, elegant and clear. It is part of our Bill of Rights, and we fought a revolution to get it: </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<blockquote class="tr_bq">
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><i>“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”[1]</i></span></blockquote>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">According to Greenwald, </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<blockquote class="tr_bq">
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><i>“It was intended, above all, to abolish forever in America the power of the government to subject its citizens to generalized, suspicionless surveillance.”[1] </i></span></blockquote>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Greenwald quotes U.S. Supreme Court Justice Louis Brandeis, in the seminal 1890 Harvard Law Review article “The Right to Privacy,” to make his point: </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<blockquote class="tr_bq">
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><i>“[R]obbing someone of their privacy was a crime of a deeply different nature than the theft of a material belonging.”[1]</i></span></blockquote>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">After 9/11, Americans were afraid and rightfully so. More than 3,200 citizens died in a scant two hours due to the results of a well-executed, surprise, terrorist attack the likes of which had never been seen before on American soil. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The US’s reaction was immediate. Not even a month later, President Bush signed a Presidential Directive called the Presidential Surveillance Program that granted an unprecedented amount of surveillance powers to the NSA, in pursuit of terrorist activities, that allowed bulk collection of metadata from U.S. citizens.[11][12] Shortly after, the U.S. Congress passed the Patriot Act that essentially made President Bush’s Directive the law of the land.[12][13] Section 215 of this act was the first legislation that authorized metadata collection.[12][14] The Patriot Act also authorized the FBI to compel Internet service providers, credit card companies, and phone companies via a national security letter (NSL) to provide information relevant to a counterterrorism or counterintelligence investigation. They could also impose gag orders to prohibit NSL recipients from disclosing that they received the NSL.[15] This change eliminated the former law enforcement restriction of collecting intelligence on only a foreign power without a warrant.[16]</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">According to Greenwald,</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<blockquote class="tr_bq">
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><i>“What made the Patriot Act so controversial when it was enacted in the wake of the 9/11 attack was that Section 215 lowered the standard the government needed to meet in order to obtain “business records,” from “probable cause” to “relevance.” This meant that the Federal Bureau of Investigation, in order to obtain highly sensitive and invasive documents—such as medical histories, banking transactions, or phone records—needed to demonstrate only that those documents were “relevant” to a pending investigation.”[1]</i></span></blockquote>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">In the mid-1970s, America clamped down on the intelligence community after scandals regarding CIA assassination plots and other abuses emerged in the public. As these things normally do over time though, the Patriot Act caused the pendulum to swing in the opposite direction in regard to how much leeway America wanted to give its intelligence community. We had taken almost all of the safeguards off of the intelligence community and told them to never let another 9/11 happen again. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: x-large;">What We Learned from the Leaks</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">According to Greenwald,</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<blockquote class="tr_bq">
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><i>“Snowden’s files indisputably laid bare a complex web of surveillance aimed at Americans (who are explicitly beyond the NSA’s mission) and non-Americans alike. …Taken in its entirety, the Snowden archive led to an ultimately simple conclusion: the US government had built a system that has as its goal the complete elimination of electronic privacy worldwide.”[1]</i></span></blockquote>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">I think the biggest revelation about the Snowden leaks was not that the NSA was spying on U.S. Citizens, although that was a big one, but that our assumed liberal minded Internet start-ups were in on the deception. [1] According to classified documents that Snowden stole, the NSA had deals with most of our favorite Internet companies to collect information directly from their servers pertaining to U.S. citizens, companies like the following:</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<ul style="text-align: left;">
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Apple Inc.</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">AOL Inc.</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Facebook</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Google Inc.</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Microsoft Corp.</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Yahoo! Inc.</span></li>
</ul>
</div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">According to the documents, Microsoft vigorously cooperated with the NSA to allow access to several of its most-used online services: SkyDrive, Skype, and Outlook.com.[1] Facebook and Google claim that they gave data only when the NSA presented a warrant. On the other hand, it is public record that Yahoo! fought the NSA in court against participating, but the company lost the case. Twitter declined to make it easier for the government to access Twitter data.[1]</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The next biggest revelation was that the NSA indiscriminately collects millions of phone records every day from Verizon without a warrant and from both within the United States and from other countries. [1] This is the so-called metadata collection process that has been in the news from the start.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">One revelation that the Fourth Estate has not talked about much is that President Obama signed a Presidential Directive in November 2012 authorizing the Pentagon to start planning for aggressive cyber attacks. He directed the military to draw-up potential overseas cyber targets.[1]</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The biggest hypocritical revelation came from the documents that showed that the NSA is involved in economic espionage. The NSA targeted the Brazilian oil giant Petrobras, as well as other companies from Venezuela, Mexico, Canada, Norway, and Sweden for economic purposes, not terrorism.[1] In light of the recent U.S. Department of Justice (DOJ) indictments against five military Chinese hackers for conducting cyber economic espionage against the US,[17] this seems to be a little two-faced.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: x-large;">The Pro-surveillance Response: Discredit the Messenger</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">One thing that comes out loud and clear in this book is that Greenwald is acutely aware of the way the pro-surveillance side attempts to redirect the attention from the issue at hand. Instead of debating the merits of the American intelligence community spying on its own citizens, it first wants to flog Edward Snowden for breaking the law. It wants to criticize Greenwald for not being a great journalist. It accuses Snowden of running off to Taiwan and then to Russia to avoid incarceration as if that motive somehow weakens the revelation that the NSA collects all electronic communication, or at least as much as possible, from within the United States without a warrant. The pro-surveillance side says that if Snowden’s whistleblower attentions were so honorable, he would come back to the states to face the authorities. None of that matters, or if it did, it is at least secondary and causes confusion within the citizenry when we debate the topic: Should we sacrifice the tenants of the Fourth Amendment for the sake of a little more security?</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: x-large;">The Pro-surveillance Response: If You Have Nothing to Hide, Then You Have Nothing to Worry about</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Personally, I hate this argument. It is another misdirection by the pro-surveillance side and does not address the issue. What the pro-surveillance side wants you to think is that if you are a law-abiding citizen, then the only people who will be negatively impacted by mass surveillance are the criminals and the terrorists and all the rest of the bad people. According to Greenwald, </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“Governments have long convinced populations to turn a blind eye to oppressive conduct by leading citizens to believe, rightly or wrongly, that only certain marginalized people are targeted, and everyone else can acquiesce to or even support that oppression without fear that it will be applied to them.”[1]</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">In other words, this argument really implies that if a U.S. citizen completely conforms to the way the U.S. government wants you to think, then you are not at risk. The danger though is when an individual citizen starts to think that the U.S. government may not be doing the right thing and decides that he or she may want to speak out against it. There are plenty of examples of the U.S. government collecting intelligence on its citizens when leadership felt threatened by a dissenting voice: The FBI’s surveillance on Martin Luther King Jr.[18] and President Nixon’s Watergate operation[19] are just two famous examples. There are so many divisive issues in our culture today—gun control, abortion, universal healthcare, etc.—that there is no way that an individual citizen won’t be on the wrong end of an argument depending on who wins the next election. If your side loses, then you are no longer in conformance. In today’s technology terms, it is so easy to collect intelligence and discover dissenting voices that entire swatches of the population could be affected. This “if you have nothing to hide” argument is really not an argument about protecting us from the criminals; it is about suppressing dissenting voices, and that is scary.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: x-large;">The Pro-surveillance Response: Terrorism Is Scary</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Greenwald makes the point that the U.S. government’s answer as to why it needs a mass surveillance program is that terrorism is scary.[1] I have worked for security vendors for the past decade, and I recognize this tactic. In the security space, we all recognize this as the fear, uncertainty, and doubt pitch. The idea is that we try to scare the hell out of you so that you buy our product. This is exactly what the U.S. government is doing here. When Greenwald asserts that the mass surveillance program has not stopped a single terrorist plot, the U.S. government has no answer other than that terrorism is scary.[1]</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: x-large;">U.S. Hypocrisy</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">On 19 May 2014, the U.S. DOJ indicted five Chinese nationals for the crimes of “computer hacking, economic espionage and other offenses directed at six American victims in the U.S. nuclear power, metals and solar products industries.”[20][21] I attended a dinner of government officials in Washington, DC, just after the DOJ made this announcement, and of course the subject came up for discussion. I was struck by the hypocrisy of the announcement in light of the Snowden revelations and said so, but the government officials present drew the distinction between national security espionage and economic espionage claiming that the United States engages in only national security espionage while China engages in both. According to Fred Kaplan at Slate magazine, President Obama pushed this negotiating point with Chinese President Xi Jinping at a Summit in Palm Springs in 2013.[20] According to Greenwald, NSA spokespeople claim that the agency</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<blockquote class="tr_bq">
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><i>“does engage in computer network exploitation but does ***not*** engage in economic espionage in any domain, including ‘cyber.’”[emphatic asterisks in the original][1]</i></span></blockquote>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">I was stunned that American officials would draw that very thin line there, but Greenwald points out that there really is no line at all and uses more Snowden documents to prove it. In No Place to Hide, Greenwald says that the NSA intercepted communications on the Brazilian oil giant Petrobras and routinely collected information from various economic summits.[1][22]</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">James Lewis, famous analyst for the Center for Strategic and International Studies, says there is a distinction between collecting intelligence regarding international economic questions and sharing that intelligence with U.S. companies to improve their bottom line.[23] He says there are many reasons why the state may want to know about the economic situation regarding a certain country, but that does not mean that the government collects it with any eye toward giving American companies an advantage.[23] He says that the U.S. law called the Economic Espionage Act specifically gives the United States permission to collect on bribery and non-proliferation issues but nothing else.[23]</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">However, as Glyn Moody from TechDirt opines regarding the Petrobras revelations,</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<blockquote class="tr_bq">
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><i>“Or, you know, it could provide US companies with insights about which were the best lots in the forthcoming auction of seabed areas for oil exploration, or about highly-specialized deep-sea oil extraction technology, in which Petrobas is a world leader. After all, why wouldn't the NSA drop some useful hints about such things to US companies as a way of justifying its huge budget?”[32]</i></span></blockquote>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">I am not a foreign policy expert by any means, but I don’t see how pushing an obvious double standard in negotiations with the Chinese can bear any fruit. It is one thing to agree on what is out of bounds and what is in bounds in terms of acceptable cyber espionage on the world stage, but to formally indict five Chinese citizens for a crime that you are also perpetrating seems disingenuous at best and absolute hubris at worst.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: x-large;">The Argument against Mass Surveillance for Anti-terrorism</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Greenwald cites five reasons why mass surveillance is a bad idea:</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<ol style="text-align: left;">
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The practice of mass surveillance is likely unconstitutional.[1][24]</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">President Obama’s own review panel said that the metadata program was not essential to preventing terrorist attacks.[1][25]</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Mass surveillance collection, as opposed to targeted collection, makes finding terrorists more difficult.[1]</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Mass surveillance is a draconian reaction when you consider the statistically small chances that you will die from a terrorist attack.[1][26][27][28]</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Even if mass surveillance were necessary, allowing the government to do it without transparency is counter to the Founding Fathers’ design of the country.[1]</span></li>
</ol>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: large;">Unconstitutional</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">On 16 December 2013, U.S. District Judge Richard J. Leon ruled that the government did not make its case concerning the need for mass surveillance in order to protect against terrorism in a timely manner. According to Leon, </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<blockquote class="tr_bq">
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><i>“The Government does not cite a single instance in which analysis of the NSA’s bulk metadata collection actually stopped an imminent attack, or otherwise aided the Government in achieving any objective that was time sensitive in nature… Thus, plaintiffs have a substantial likelihood of showing their privacy interests outweigh the Government’s interest in collecting and analyzing bulk telephony metadata and therefore the NSA’s bulk collection program is indeed unreasonable search under the Fourth Amendment.”[24]</i></span></blockquote>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: large;">Review Panel Conclusions</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">In the wake of the Snowden revelations, President Obama directed a review of the entire program on 27 August 2013. On 18 December 2013, the panel published its findings. [25] Panel members acknowledged that </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<blockquote class="tr_bq">
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><i>“In addressing these issues, the United States must pursue multiple and often competing goals at home and abroad.”[25]</i></span></blockquote>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The following are those goals:</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<ul style="text-align: left;">
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Protecting the nation against threats to its national security. [25]</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Promoting other national security and foreign policy interests. [25]</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Protecting the right to privacy. [25]</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Protecting democracy, civil liberties, and the rule of law. [25]</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Promoting prosperity, security, and openness in a networked world. [25]</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Protecting strategic alliances. [25]</span></li>
</ul>
</div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">With that said, the panel could not find any pressing need for the metadata collection program:</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<blockquote class="tr_bq">
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><i>“Our review suggests that the information contributed to terrorist investigations by the use of section 215 telephony meta-data was not essential to preventing attacks and could readily have been obtained in a timely manner using conventional section 215 orders.”[1][25]</i></span></blockquote>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: large;">Mass Surveillance Collection Makes Finding Terrorists More Difficult</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Greenwald points to the NSA’s less-than-stellar record at preventing any number of terrorist plots in recent history:</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<ul style="text-align: left;">
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">The 2012 Boston Marathon bombing. [1]</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">The attempted Christmas Day bombing of a jetliner over Detroit. [1]</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">The plan to blow up Times Square. [1]</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">The plot to attack the New York City subway system. [1]</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">The string of mass shootings from Aurora to Newtown. [1]</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Major international attacks from London to Mumbai to Madrid. [1]</span></li>
</ul>
</div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">He believes that the reason the record is so poor is that the actual collection of all of that data makes it harder to find and prevent terrorism activities compared to other more traditional law enforcement activities driven by warrants. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: large;">Is Mass Surveillance Necessary to Solve a Statistically Small Risk</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">This is the classic risk equation that all security people are used to evaluating. Anybody can come up with a terrorism scenario that would be devastating to the country. As security professionals, our job is to evaluate these scenarios across a two-dimensional risk matrix. On the x-axis, we plot how likely is it that this scenario will actually happen from “not very likely” on the left to “will absolutely happen” on the right. On the y-axis, we plot how impactful the scenario is if it were to happen from “no impact” on the bottom to “will materially impact the country” on the top. None of us has unlimited resources. Because of that, we focus on the risks that end up in the up-and-to-the-right section on our risk matrix. These are the scenarios that are likely to happen and that will have a meaningful impact if they do. The fact is that for most terrorism scenarios, they tend to sit in the up-and-to-the-left section on the risk matrix. The chances of them happening are not too likely, but if they do, they will have a medium to large impact. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">These terrorism scenarios are outliers because they are not that likely to happen. According to Greenwald, </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<blockquote class="tr_bq">
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><i>“The number of people worldwide who are killed by Muslim-type terrorists, Al Qaeda wannabes, is maybe a few hundred outside of war zones. It’s basically the same number of people who die drowning in the bathtub each year.”[1]</i></span></blockquote>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Greenwald’s point is that we should seriously consider if we want to deconstruct the Fourth Amendment to protect ourselves from such an event, an event that is scary for sure, but an event that is not likely to happen.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: large;">Mass Surveillance without Transparency Is Counter to the Founding Fathers’ Design of the Country</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">There has always been a tension between national security and government transparency. James Madison -- one of the Founding Fathers and a primary contributor to the American Constitution -- believed that </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<blockquote class="tr_bq">
<i style="color: blue; font-family: Times, 'Times New Roman', serif; font-size: xx-large;">“</i><span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><i>Transparency was an essential cornerstone of democratic governance.</i></span><i style="color: blue; font-family: Times, 'Times New Roman', serif; font-size: xx-large;">”</i><span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><i> [29]</i></span></blockquote>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">And Patrick Henry’s said that </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<blockquote class="tr_bq">
<i style="color: blue; font-family: Times, 'Times New Roman', serif; font-size: xx-large;">“</i><span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><i>The liberties of a people never were, nor ever will be, secure when the transactions of their rulers may be concealed from them.</i></span><i style="color: blue; font-family: Times, 'Times New Roman', serif; font-size: xx-large;">”</i><span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><i>[30]</i></span></blockquote>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Greenwald points out,</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<blockquote class="tr_bq">
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><i>“Democracy requires accountability and consent of the governed, which is only possible if citizens know what is being done in their name. The presumption is that, with rare exception, they will know everything their political officials are doing, which is why they are called public servants, working in the public sector, in public service, for public agencies.”[1] </i></span></blockquote>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The point is that whatever we as a nation decide is the legitimate use of the U.S. intelligence apparatus, we must also insist that the mechanical process of that apparatus be completely transparent to the American citizen.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: x-large;">Why the Leaks Were Good</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Putting aside the issue of whether Edward Snowden is a hero or a criminal, Greenwald contends that his release of the Snowden documents to the public has far more positive impact to the United States and to the world at large than any negative consequences that may have occurred to the U.S. intelligence apparatus because of it. Greenwald lists the following positive outcomes from the Snowden leaks:</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<ul style="text-align: left;">
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The entire world is debating the merits of the ubiquitous state surveillance, pervasive government secrecy, and the value of individual privacy.[1] </span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The world is challenging America’s hegemonic control over the Internet.[1]</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Journalists are reconsidering the proper role of journalism in relation to government power.[1]</span></li>
</ul>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span><span style="color: red; font-family: Verdana, sans-serif; font-size: x-large;">Thoughts on Snowden</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Throughout No Place to Hide, Greenwald presents a personality picture of Edward Snowden. Compared to Chelsey Manning,[31] the other notorious whistleblower in recent U.S. history, Snowden thought long and hard about what he was doing. He may have been naïve and uninformed, but Greenwald’s picture of him is of a person who has seen an egregious wrong, thought about what to do about it, considered the consequences for him and the nation, and executed a plan to try to create change. Greenwald quotes Snowden, </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<blockquote class="tr_bq">
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><i>“My sole motive is to inform the public as to that which is done in their name and that which is done against them. The U.S. government, in conspiracy with client states, chiefest among them the Five Eyes—the United Kingdom, Canada, Australia, and New Zealand—have inflicted upon the world a system of secret, pervasive surveillance from which there is no refuge. They protect their domestic systems from the oversight of citizenry through classification and lies, and shield themselves from outrage in the event of leaks by overemphasizing limited protections they choose to grant the governed.”[1]</i></span></blockquote>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<blockquote class="tr_bq">
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;"><i>“I’m not afraid of what will happen to me. I’ve accepted that my life will likely be over from my doing this. I’m at peace with that. I know it’s the right thing to do.”[1]</i></span></blockquote>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">For all of the things he may be—traitor,[3] coward,[4] spy,[5] hacker, [6] low-level analyst,[7] insider threat[8]—Snowden is definitely a man of his own conviction. You may not agree with what he did, and you can point to his naiveté about the impact of what he did to the intelligence establishment, but he stood up for what he thought was right and decided to do something about it regardless of how that affected his own personal life.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: x-large;">The Solution</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">In No Place to Hide, Greenwald would prefer not letting the U.S. government spy at all, but he recognizes that is probably a bridge too far. In the meantime, he offers these four intermediate solutions that are not that unreasonable:</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<ul style="text-align: left;">
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Enact legislation that will provide oversight, accountability and transparency for the entire intelligence community. [1]</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Convert the FISA court into a transparent judicial system so that there is an adversarial relationship to both sides of the argument. [1]</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Encourage international efforts to build new infrastructure so that all traffic does not go through the US. [1]</span></li>
<li><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Encourage individuals to adopt COMSEC tools and demand that vendors make them easy to use. [1]</span></li>
</ul>
</div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: x-large;">Conclusion</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">No Place to Hide is not what I would call rigorous reporting. Greenwald conveys what happened to him as he followed this story and thus became part of the story himself. As I sought to corroborate the details presented within, I found I had to go to other sources to fill in the gaps. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">That said, his telling of the story is important enough to the security community, the United States and to the world at large that I think it is required reading. He discusses everything from the Fourth Amendment and why it should be anathema to all American citizens to allow the government to spy on its communications without a warrant, to NSA programs and their scope, to the government’s justification of mass surveillance by attempting to discredit Snowden. He then lays out the arguments against mass surveillance without a warrant, describes why the world is better off today because of the Snowden leaks, and describes the detailed timeline from when Snowden initially contacted Greenwald to their meetings in Taiwan to Snowden’s eventual escape to Moscow. Finally, Greenwald describes his reasonable solution for the problem: better legislation to provide oversight, accountability and transparency for the entire intelligence community, convert the FISA court into a, adversarial judicial system, encourage international efforts to build new infrastructure so that all traffic does not go through the United States and finally, encourage individuals to adopt COMSEC tools so that all intelligence agencies have trouble intercepting communications.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Greenwald tries to present a lot of complicated material in No Place to Hide. He was not completely successful at doing so, but he is writing about the fundamental principles of how we want the United States to behave in the digital world. Governments have a lot of capability to present their side to this debate. Greenwald is one voice on the other side that has grabbed center stage because of his relationship with Edward Snowden. Because of that, we should pay attention to what he has to say. Despite the less–than-stellar prose, No Place to Hide is a cyber security canon candidate, and you should have read it by now. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Verdana, sans-serif; font-size: x-large;">Sources</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[1] “No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State,” by Glenn Greenwald, Published by Metropolitan Books, 13 May 2014, last visited 6 June 2014,</span></div>
<div>
<a href="https://www.goodreads.com/book/show/18213403-no-place-to-hide?ac=1"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://www.goodreads.com/book/show/18213403-no-place-to-hide?ac=1</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[2] “NSA collecting phone records of millions of Verizon customers daily,” by Glenn Greenwald, The Guardian, 6 June 2013, Last Visited 30 June 2014,</span></div>
<div>
<a href="http://www.theguardian.com/world/2013/jun/06/nsa-phone-records-verizon-court-order"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.theguardian.com/world/2013/jun/06/nsa-phone-records-verizon-court-order</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[3] “Congress Flips Out About 'Snowden The Traitor' As They Try To Pass Legislation To Stop The Program He Revealed,” by Mike Masnick, TechDirt, 5 Aug 2013, Last Visited 30 June 2014, </span></div>
<div>
<a href="https://www.techdirt.com/articles/20130802/16520224050/congress-flips-out-about-snowden-traitor-as-they-try-to-pass-legislation-to-stop-program-he-revealed.shtml"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://www.techdirt.com/articles/20130802/16520224050/congress-flips-out-about-snowden-traitor-as-they-try-to-pass-legislation-to-stop-program-he-revealed.shtml</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[4] “INSIDE THE MIND OF EDWARD SNOWDEN,” by Tracy Connor, NBC News, 28 May 2014, Last Visited 14 June 2014,</span></div>
<div>
<a href="http://www.nbcnews.com/feature/edward-snowden-interview/exclusive-edward-snowden-tells-brian-williams-u-s-stranded-him-n116096"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.nbcnews.com/feature/edward-snowden-interview/exclusive-edward-snowden-tells-brian-williams-u-s-stranded-him-n116096</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[5] “Snowden: 'no relationship' with Russian government,” by Peter Cooney and Warren Strobel, Reuters, 29 May 2014, last visited 14 June 2014,</span></div>
<div>
<a href="http://www.reuters.com/article/2014/05/29/us-usa-snowden-idUSKBN0E901720140529"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.reuters.com/article/2014/05/29/us-usa-snowden-idUSKBN0E901720140529</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[6] “Edward Snowden's interview: 10 things we learned,” by Catherine E. Shoichet, CNN, 29 May 29 2014, last visited 14 June 2014,</span></div>
<div>
<a href="http://edition.cnn.com/2014/05/29/us/edward-snowden-interview-10-things/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://edition.cnn.com/2014/05/29/us/edward-snowden-interview-10-things/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[7] “Defending His Actions, Snowden Says He’s a Patriot,” by Elena Schneider and Steve Kenny, The New York Times, 28 May 2014, last visited 14 June 2014,</span></div>
<div>
<a href="http://www.nytimes.com/2014/05/29/us/politics/snowden-says-he-was-a-spy-not-just-an-analyst.html?_r=0"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.nytimes.com/2014/05/29/us/politics/snowden-says-he-was-a-spy-not-just-an-analyst.html?_r=0</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[8] “Federal agencies embrace new technology and strategies to find the enemy within,” by Christian Davenport, The Washington Post, 7 March 2014, last visited 14 June 2014,</span></div>
<div>
<a href="http://www.washingtonpost.com/business/economy/federal-agencies-embrace-new-technology-and-strategies-to-find-the-enemy-within/2014/03/07/22ce335e-9d87-11e3-9ba6-800d1192d08b_story.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.washingtonpost.com/business/economy/federal-agencies-embrace-new-technology-and-strategies-to-find-the-enemy-within/2014/03/07/22ce335e-9d87-11e3-9ba6-800d1192d08b_story.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[9] “Stephen Fry on surveillance: there is something squalid and rancid about being spied on - video,” by Stephen Fry, The Guardian, 7 June 2014, last visited 14 June 2014,</span></div>
<div>
<a href="http://www.theguardian.com/world/video/2014/jun/07/stephan-fry-surveillance-squalid-rancid-video"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.theguardian.com/world/video/2014/jun/07/stephan-fry-surveillance-squalid-rancid-video</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[10] “Munk Debate on State Surveillance: Greenwald/Ohanian vs Hayden/Dershowitz,” Munk Debates, Moderated by Rudyard Griffiths, 3 May 2014, last visited 14 June 2014,</span></div>
<div>
<a href="https://www.youtube.com/watch?v=_d1tw3mEOoE"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://www.youtube.com/watch?v=_d1tw3mEOoE</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[11] "The Taming of the Spook," by William Saletan, Slate, 1 July 2013, last visited 20 August 2013,</span></div>
<div>
<a href="http://www.slate.com/articles/news_and_politics/frame_game/2013/07/nsa_history_how_bureaucrats_leaks_and_courts_tamed_government_surveillance.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.slate.com/articles/news_and_politics/frame_game/2013/07/nsa_history_how_bureaucrats_leaks_and_courts_tamed_government_surveillance.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[12] “General Alexander at Black Hat 2013: Privacy vs. Security vs. Transparency,” by Rick Howard, Terebrate, 20 August 2013, last visited 11 June 2014,</span></div>
<div>
<a href="http://terebrate.blogspot.jp/2013/08/general-alexander-at-black-hat-2013.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://terebrate.blogspot.jp/2013/08/general-alexander-at-black-hat-2013.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[13] “Timeline of NSA Domestic Spying,” by the Electronic Frontier Foundation, last visited 20 August 2013,</span></div>
<div>
<a href="https://www.eff.org/nsa-spying/timeline%23"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://www.eff.org/nsa-spying/timeline#</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[14] "Transcript: Newseum Special Program - NSA Surveillance Leaks: Facts and Fiction," by Harvey Rishik, Robert Litt, M.E (Spike) Bowman, Kate Martin, Gene Policinski, Ellen Shearer, Joel Brenner, and Stewart Baker, 26 June 2013, last visited 20 August 2013,</span></div>
<div>
<a href="http://www.dni.gov/index.php/newsroom/speeches-and-interviews/195-speeches-interviews-2013/887-transcript-newseum-pecial-program-nsa-surveillance-leaks-facts-and-fiction"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.dni.gov/index.php/newsroom/speeches-and-interviews/195-speeches-interviews-2013/887-transcript-newseum-pecial-program-nsa-surveillance-leaks-facts-and-fiction</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[15] "National Security Letters: A Little Less Secret?" by Alex Abdo (Staff Attorney, ACLU National Security Project) and Hannah Mercuris, Free Future: Protecting Civil Liberties in the Digital Age, 9 May 2012, last visited 20 August 2013,</span></div>
<div>
<a href="http://www.aclu.org/blog/national-security/national-security-letters-little-less-secret"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.aclu.org/blog/national-security/national-security-letters-little-less-secret</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[16] "A Review of the Federal Bureau of Investigation’s Use of National Security Letters," by the U.S. Department of Justice, Office of the Inspector General, March 2007, last visited 20 August 2013,</span></div>
<div>
<a href="http://www.justice.gov/oig/special/s0703b/final.pdf"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.justice.gov/oig/special/s0703b/final.pdf</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[17] “U.S. Charges Five Chinese Military Hackers for Cyber Espionage Against U.S. Corporations and a Labor Organization for Commercial Advantage,” the Department of Justice, 19 May 2014, last visited 18 June 2014,</span></div>
<div>
<a href="http://www.justice.gov/opa/pr/2014/May/14-ag-528.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.justice.gov/opa/pr/2014/May/14-ag-528.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[18] “FBI tracked King's every move,” by Jen Christensen, CNN, 29 December 2008, last visited 16 June 2014,</span></div>
<div>
<a href="http://www.cnn.com/2008/US/03/31/mlk.fbi.conspiracy/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.cnn.com/2008/US/03/31/mlk.fbi.conspiracy/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[19] “The Watergate Story,” by The Washington Post, last visited 16 June 2014,</span></div>
<div>
<a href="http://www.washingtonpost.com/wp-srv/politics/special/watergate/timeline.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.washingtonpost.com/wp-srv/politics/special/watergate/timeline.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[20] “Why Did the Justice Department Indict Five Chinese Military Officers?” by Fred Kaplan, Slate magazine, 21 May 2014, last visited 16 June 2014,</span></div>
<div>
<a href="http://www.slate.com/articles/news_and_politics/war_stories/2014/05/justice_department_indicts_five_chinese_military_officers_can_the_obama.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.slate.com/articles/news_and_politics/war_stories/2014/05/justice_department_indicts_five_chinese_military_officers_can_the_obama.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[21] “U.S. Charges Five Chinese Military Hackers for Cyber Espionage Against U.S. Corporations and a Labor Organization for Commercial Advantage,” by the Office of Public Affairs, the United States Department of Justice, 19 May 2014, last visited 16 June 2014,</span></div>
<div>
<a href="http://www.justice.gov/opa/pr/2014/May/14-ag-528.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.justice.gov/opa/pr/2014/May/14-ag-528.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[22] “NSA accused of spying on Brazilian oil company Petrobras,” by Jonathan Watts, The Guardian, 9 September 2013, last visited 16 June 2014,</span></div>
<div>
<a href="http://www.theguardian.com/world/2013/sep/09/nsa-spying-brazil-oil-petrobras"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.theguardian.com/world/2013/sep/09/nsa-spying-brazil-oil-petrobras</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[23] “U.S. Policy on Economic Espionage,” by James Andrew Lewis, Center for Strategic and International Studies, 7 December 2011, last visited 18 June 2014,</span></div>
<div>
<a href="http://csis.org/publication/us-policy-economic-espionage"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://csis.org/publication/us-policy-economic-espionage</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[24] “Civil Action No. 13-0851,” by U.S. District Judge Richard J. Leon, U.S. District Court for the District of Colombia, 16 December 2013, last visited 17 June 2014,</span></div>
<div>
<a href="http://online.wsj.com/public/resources/documents/JudgeLeonNSAopinion12162013.pdf"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://online.wsj.com/public/resources/documents/JudgeLeonNSAopinion12162013.pdf</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[25] “LIBERTY AND SECURITY IN A CHANGING WORLD: Report and Recommendations of The President’s Review Group on Intelligence and Communications Technologies,” by Richard A. Clarke, Michael J. Morell, Geoffrey R. Stone, Cass R. Sunstein, and Peter Swire, the White House, 12 December 2013, last visited 17 June 2014,</span></div>
<div>
<a href="http://www.whitehouse.gov/sites/default/files/docs/2013-12-12_rg_final_report.pdf"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.whitehouse.gov/sites/default/files/docs/2013-12-12_rg_final_report.pdf</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[26] “The Black Swan: The Impact of the Highly Improbable,” by Nassim Nicholas Taleb, Random House, 22 April 2007, last visited 17 June 2014, </span></div>
<div>
<a href="https://www.goodreads.com/book/show/242472.The_Black_Swan?ac=1"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://www.goodreads.com/book/show/242472.The_Black_Swan?ac=1</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[27] “Terrorism Deaths, Injuries, Kidnappings of Private U.S. Citizens, 2011,” by the U.S. Department of State, 31 July 2012, last visited 17 June 2012,</span></div>
<div>
<a href="http://www.state.gov/j/ct/rls/crt/2011/195556.htm"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.state.gov/j/ct/rls/crt/2011/195556.htm</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[28] “You’re More Likely to be Killed by a Toddler than a Terrorist,” by Washington’s Blog, 12 June 2013, last visited 17 June 2014,</span></div>
<div>
<a href="http://www.washingtonsblog.com/2013/06/youre-more-likely-to-be-killed-by-a-toddler-than-a-terrorist.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.washingtonsblog.com/2013/06/youre-more-likely-to-be-killed-by-a-toddler-than-a-terrorist.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[29] “Government Transparency and Secrecy: An Examination of Meaning and Its Use in the Executive Branch,” by Wendy Ginsberg, Maeve P. Carey, L. Elaine Halchin, and Natalie Keegan, Congressional Research Service, 14 November 2012, last visited 18 June 2014,</span></div>
<div>
<a href="http://www.fas.org/sgp/crs/secrecy/R42817.pdf"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.fas.org/sgp/crs/secrecy/R42817.pdf</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[30] “Government transparency directly related to our liberty,” by James Zachary, transparency project of georgia, 16 April 2014, last visited 18 June 2014,</span></div>
<div>
<a href="http://transparencyprojectofgeorgia.com/2014/04/16/government-transparency-directly-related-to-our-liberty/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://transparencyprojectofgeorgia.com/2014/04/16/government-transparency-directly-related-to-our-liberty/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[31] “Bradley Manning Uncovered U.S. Torture, Abuse, Soldiers Laughing As They Killed Innocent Civilians,” by Matt Sledge, The Huffington Post, 21 August 2013, last visited 18 June 2014,</span></div>
<div>
<a href="http://www.huffingtonpost.com/2013/08/21/bradley-manning-leaks_n_3788126.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.huffingtonpost.com/2013/08/21/bradley-manning-leaks_n_3788126.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[32] “Latest Leak Shows NSA Engaging In Economic Espionage -- Not Fighting Terrorism,” by Glyn Moody, TechDirt, 9 September 2013, last visited 18 June 2014,</span></div>
<div>
<a href="https://www.techdirt.com/articles/20130909/04383424450/latest-leak-shows-nsa-engaging-economic-espionage-not-fighting-terrorism.shtml"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://www.techdirt.com/articles/20130909/04383424450/latest-leak-shows-nsa-engaging-economic-espionage-not-fighting-terrorism.shtml</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-size: x-large;"><span style="color: red; font-family: Verdana, sans-serif;">References</span><br /><br /><span style="font-family: Times, Times New Roman, serif;">“A Guide To The Career Of Edward Snowden,” by Eric Lach, TPM, 20 June 2013, last visited 14 June 2014,</span></span></div>
<div>
<a href="http://talkingpointsmemo.com/muckraker/a-guide-to-the-career-of-edward-snowden"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://talkingpointsmemo.com/muckraker/a-guide-to-the-career-of-edward-snowden</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“Cryptocat,” by Arlo Breault, Dmitry Chestnykh, David Dahl, Daniel "koolfy" Faucon, Andreas "Gordin" Guth, Frederic Jacobs, Nadim Kobeissi, last visited 18 June 2014,</span></div>
<div>
<a href="https://crypto.cat/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://crypto.cat/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“Edward Snowden: A Timeline,” by Matthew Cole And Mike Brunker, NBC News, May 2014, last visited 14 June 2014,</span></div>
<div>
<a href="http://www.nbcnews.com/feature/edward-snowden-interview/edward-snowden-timeline-n114871"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.nbcnews.com/feature/edward-snowden-interview/edward-snowden-timeline-n114871</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“Edward Snowden timeline of events,” by the Associated Press, Politico, 1 August 2013, last visited 14 June 2014,</span></div>
<div>
<a href="http://www.politico.com/story/2013/08/edward-snowden-timeline-of-events-95057.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.politico.com/story/2013/08/edward-snowden-timeline-of-events-95057.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“Espionage and Covert Operations: A Global History” (24 lectures recorded course), Chantilly, VA: The Great Courses, 2011. </span></div>
<div>
<a href="http://www.thegreatcourses.com/tgc/Courses/course_detail.aspx?cid=8922"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.thegreatcourses.com/tgc/Courses/course_detail.aspx?cid=8922</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“NSA collecting phone records of millions of Verizon customers daily,” by Glenn Greenwald, The Guardian, 5 June 2013, last visited 14 June 2014,</span></div>
<div>
<a href="http://www.theguardian.com/world/2013/jun/06/nsa-phone-records-verizon-court-order"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.theguardian.com/world/2013/jun/06/nsa-phone-records-verizon-court-order</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“Officials’ defenses of NSA phone program may be unraveling,” by Greg Miller and Ellen Nakashima, The Washington Post, 19 December 2013, last visited 16 June 2014,</span></div>
<div>
<a href="http://www.washingtonpost.com/world/national-security/officials-defenses-of-nsa-phone-program-may-be-unraveling/2013/12/19/6927d8a2-68d3-11e3-ae56-22de072140a2_story.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.washingtonpost.com/world/national-security/officials-defenses-of-nsa-phone-program-may-be-unraveling/2013/12/19/6927d8a2-68d3-11e3-ae56-22de072140a2_story.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“Off-the-Record Messaging,” by Ian Goldberg, OTR Development Team, Last Updated 28 September 2013, last visited 18 June 2014,</span></div>
<div>
<a href="https://otr.cypherpunks.ca/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://otr.cypherpunks.ca/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“September 11 Anniversary Fast Facts,” by CNN Library, CNN, 11 September 2013, last visited 11 June 2014,</span></div>
<div>
<a href="http://edition.cnn.com/2013/07/27/us/september-11-anniversary-fast-facts/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://edition.cnn.com/2013/07/27/us/september-11-anniversary-fast-facts/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“Snowden's Army record: short,” by Tom Vanden Brook, USA TODAY, 10 June 2013, last visited 14 June 2014,</span></div>
<div>
<a href="http://www.usatoday.com/story/news/nation/2013/06/10/snowdens-army-career-lasted-only-five-months/2407855/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.usatoday.com/story/news/nation/2013/06/10/snowdens-army-career-lasted-only-five-months/2407855/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“Snowden's Instruction PGP video to GGreenwald,” by TheDigitalfolklore, YouTube, 14 May 2014, last visited 18 June 2014,</span></div>
<div>
<a href="https://www.youtube.com/watch?v=9mvf8VwVjJY"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://www.youtube.com/watch?v=9mvf8VwVjJY</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“The Newsroom finale 1x10 - The Greater Fool speech,” by Sloan Sabbath (Olivia Munn), written by Aaron Sorkin, HBO, 26 August 2012, last visited 7 June 2014,</span></div>
<div>
<a href="https://www.youtube.com/watch?v=4KDSyLT9qKc"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://www.youtube.com/watch?v=4KDSyLT9qKc</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“Timeline of Edward Snowden's revelations,” by Joshua Eaton, Aljazeera America, last visited 14 June 2014,</span></div>
<div>
<a href="http://america.aljazeera.com/articles/multimedia/timeline-edward-snowden-revelations.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://america.aljazeera.com/articles/multimedia/timeline-edward-snowden-revelations.html</span></a></div>
</div>
Rickhttp://www.blogger.com/profile/11140485584379281758noreply@blogger.com2tag:blogger.com,1999:blog-404553574933465315.post-55546331369820678482014-05-05T09:01:00.000-04:002015-08-02T13:16:25.717-04:00Book Review: Secrets and Lies: Digital Security in a Networked World (2000) by Bruce Schneier<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEic7vvdp6tKkEFBswOBvxvpLl0qkyFdMjAE8h9d4dLi-QcLaBiuL37UfHttsq3cfA5cLX8mN_Naz3H5itII6ZouCqkW2mFauWQm9YbUAzyBKGs_9lRiB5GFWq9VB4H0oUW83EjToALJVB0/s1600/Secrets+and+lies+cover.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEic7vvdp6tKkEFBswOBvxvpLl0qkyFdMjAE8h9d4dLi-QcLaBiuL37UfHttsq3cfA5cLX8mN_Naz3H5itII6ZouCqkW2mFauWQm9YbUAzyBKGs_9lRiB5GFWq9VB4H0oUW83EjToALJVB0/s1600/Secrets+and+lies+cover.jpg" width="209" /></a></div>
<span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-large;">Executive Summary</span><br />
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><i>Secrets and Lies: Digital Security in a Networked World</i> is the perfect book to hand to new bosses or new employees coming in the door who have not been exposed to cyber security in their past lives. It is also the perfect book for seasoned security practitioners who want an overview of the key issues facing our community today. Schneier wrote it more than a decade ago, but its ideas still resonate. He talks about the idea that “security is a process, not a product.” With that one line, Schneier captures the essence of what our cyber security community should be about. He explains that even though we have advanced technology designed to specifically find cyber break-ins, people are the still the weakest link. He describes how cyber risk is not a special category. It is just another risk to the business. He highlights the ludicrous idea that software vendors have no liability or selling buggy code, and he was one of the first thought leaders to characterize the adversary as something more than just a hacker. He makes the case for things that the cyber security community still needs in order to make the Internet more secure, things like strengthening confidentiality, integrity, and availability (CIA); improving Internet privacy and Internet anonymity; and challenging the idea that security practitioners must make the Sophie’s Choice between better security or more privacy in terms of government surveillance. Finally, he anticipates the need for a Bitcoin-like capability long before Bitcoin became popular. The content within <i>Secrets and Lies</i> is a good introduction to the cyber security community, and Schneier tells the story well. Because of that, <i>Secrets and Lies</i> is candidate for the cyber security canon, and you should have read it by now.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-large;">Introduction</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Full disclosure: The first civilian job I took after I retired from the US Army was with the company that Bruce Schneier founded called Counterpane. I may be a little biased. One of the main reasons I took that job was his book <i>Secrets and Lies.</i>[1] When I read it (2003), it was a revelation to me. His quote “security is a process, not a product” was like manna from the gods. At that point in my security career, I had not considered that. And from what I have seen in the cyber security community, many of us have not yet leaned that point. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">When I started putting the cyber security canon series[2] together this past year, I always intended to include Schneier’s book, but as the year progressed, I did not have time to reread it in time for the presentation I gave at the RSA conference in February.[3] The first question I got after giving the presentation was, why isn’t <i>Secrets and Lies</i> in the candidate list? Sheepishly, I admitted that it should be and resolved to get it on the list as soon as possible.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-large;">The Story</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><i>Secrets and Lies </i>demonstrates Schneier’s evolution as an early thought leader in the cyber security community and outlines some key concepts that are still valid today.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: #3d85c6; font-family: Verdana, sans-serif; font-size: x-large;">Security Is A Process</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">In the preface, Schneier freely admits to thinking in his earlier life that cryptology would solve all of our Internet security problems.[1] He even wrote a book about it in 1995 called <i>Applied Cryptography: Protocols, Algorithms, and Source Code in C</i>.[4] In <i>Secrets and Lies</i>, however, he is forced to acknowledge upfront that technology by itself does not even come close to solving these problems.[1] You do not get security out of a box. You get security by applying people, process, and technology to a problem set,[1] and the more complex we make things, the more likely it is that we are going to screw up the process.[1] </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: #6fa8dc; font-family: Verdana, sans-serif; font-size: x-large;">People Are the Weakest Link</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The weak link in all of this is the people.[1] You can have the best tools on the planet configured to defend your enterprise, but if you do not have the qualified people to maintain them and to understand what the tools are telling you, you have probably wasted your money. This goes hand in hand with the user community too. It does not matter that I spent a gazillion dollars on Internet security this year if the least-security-savvy people on your staff take their laptops home and unwittingly install malcode on their machines.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: #3d85c6; font-family: Verdana, sans-serif; font-size: x-large;">Risk</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Cyber security is not special in terms of the overall business need. You do not have cyber risk. You have risk.[1] What I have noticed in my career is that many security -practitioners and senior-level company leaders do not understand this concept. Many organizations treat “cyber risk” as a thing unto itself and throw the responsibility for it over to the “IT guys” or to the “security dorks.” Company leaders tend not to consider “cyber risk” like other risks to the business, or if they do, they do not give it a lot of thought. In my mind, this is one of our community’s great failures. It is up to all of us to convey that essential idea to senior leadership in our organizations. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: #6fa8dc; font-family: Verdana, sans-serif; font-size: x-large;">Software Liability</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Every new piece of software deployed has the likely potential to expose additional threats to the enterprise in terms of new vulnerabilities, and vendors have no liability for this.[1] In other industries, if a vendor were to produce a defective product that causes monetary damage to a company, that company would most likely sue that vendor with a high probability of success in court. It is not like that in the commercial software business or even in the open-source movement. Vendors will patch their systems for sure, but they accept no responsibility for, let’s say, hackers stealing 400 million credit cards from the Target retail chain.[5] Schneier is aghast at this development that the user community has let vendors get away with this stance.[1] </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: #6fa8dc; font-family: Verdana, sans-serif; font-size: x-large;">Adversary Motivations</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><i>Secrets and Lies </i>was the first time that I had seen an author characterize the adversary as a person or a group with motives and aspirations.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<blockquote class="tr_bq">
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;">“Adversaries have varying objectives: raw damage, financial gain, information, and so on. This is important. The objectives of an industrial spy are different from the objectives of an organized-crime syndicate, and the countermeasures that stop the former might not even faze the latter. Understanding the objectives of likely attackers is the first step toward figuring out what countermeasures are going to be effective.”[1]</span></blockquote>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">This was another revelation to me. At this point in my career when I first read the book, I did not put much thought into the adversaries at all except that they were “hackers” and were trying to steal my stuff. This is Schneier’s first cut of a complete adversary list:</span></div>
<div>
<ul style="text-align: left;">
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Hackers</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Lone Criminals</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Malicious Insiders</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Industrial Espionage Actors</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Press</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Organized Criminals</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Police</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Terrorists</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">National Intelligence Organizations</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Info warriors</span></li>
</ul>
</div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">In my work, I have found it useful to refine Schneier’s list of people into the following adversary motivations:</span></div>
<div>
<ul style="text-align: left;">
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Cyber Crime</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Cyber Espionage</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Cyber Warfare</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Cyber Hactivism</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Cyber Terrorism</span></li>
<li><span style="font-family: Times, 'Times New Roman', serif; font-size: x-large;">Cyber Mischief</span></li>
</ul>
</div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The bottom line is that these adversaries have a purpose, and it helps network defenders if they understand what kind of adversaries are likely to attack the defender’s assets.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: #6fa8dc; font-family: Verdana, sans-serif; font-size: x-large;">Things Stay the Same</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Sadly, even though Schneier published <i>Secrets and Lies</i> in 2000, all of these things are still true, and there is no real solution is sight. Many organizations still think that installing the latest shiny security toy to hit the market will make their networks more secure. They don’t stop to think that they might be better off if they just made sure that the toys they already have installed on their network worked correctly. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">People are still the weak link both in the security operations center (SOC) and in the general user community. As I have written elsewhere, talented SOC people are hard to come by,[6] and many organizations still spend resources on robust employee-training programs, but the results are mixed at best.[7][8][9] </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">CISOs are still struggling to convey the security risk message to the C-Suite.[10][11] Most of us came up through the technical ranks and think colorful bar charts about the numbers of systems that have been patched are pretty cool. The CEO couldn’t care less about those charts and instead wants to know what the charts mean in terms of material risk to the business. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Finally, software vendors still have no liability when it comes to deploying faulty software that results in monetary loss to a customer. This just seems to be something we have all accepted, that it is much better to build a working piece of code first and then worry how to secure it later. I know the entrepreneurs in the crowd prefer this method because the alternative slows the economic engine down if developers spend time adding security features to a new product that derives no immediate revenue opportunities. But this is the great embarrassment to the computer science field: we have not eradicated bugs like buffer overflows in modern code. How is it possible that we can send people to the moon but we cannot eliminate buffer overflows in code development? Don’t get me wrong; the industry has made great strides in developing tools and techniques in these areas—just look at the Building Security in Maturity Model (BSIMM) project to see for yourself[12]— but the fact that, as a cyber security community, we have not made it mandatory to use these techniques is one of the reasons we are just a field of study and not a profession like, say, civil engineering. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: #6fa8dc; font-family: Verdana, sans-serif; font-size: x-large;">What We Need</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">In the end, Schneier makes the case for things that the cyber security community needs in order to make the Internet more secure. Long before the acronym became a staple on Certified Information Systems Security Professional (CISSP) exams, he advocated the need to strengthen confidentiality, integrity, and availability (CIA). He does not call it CIA in the book, but he talks at length about the concepts. He was prescient in his emphasis on the need for Internet privacy and Internet anonymity and was one of the first thought leaders to start asking the question about security versus privacy in terms of government surveillance. He also anticipated the need for a Bitcoin-like capability[13] long before Bitcoin became popular.[1] </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-large;">The Tech</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Unfortunately, when you begin to write a technology book about the current state of the art surrounding cyber security, much of what you write about is already outdated as you go to press. As I was rereading Schneier’s book, I chuckled to myself when he referenced his blindingly fast Pentium III machines[14] running Windows NT.[15] Today, the Pentium III S 1400MHz scores a whopping .311 on the PassMark CPU benchmark scale compared to 13.304 for the latest Intel-Core I-7 4930K @ 3.40 GHz. That is MHz compared to GHz.[16] The world has indeed changed.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: #6fa8dc; font-family: Verdana, sans-serif; font-size: x-large;">Firewalls Are Not Enough</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Schneier wrote <i>Secrets and Lies</i> at the time when the industry had just accepted that a stateful inspection firewall was not sufficient to secure the enterprise. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<blockquote class="tr_bq">
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;">“Today’s firewalls have to deal with multimedia traffic, downloadable programs, Java Applets, and all sorts of weird things. A Firewall has to make decisions with only partial information: It might have to decide whether or not to let a packet through before seeing all the packets in transmission.”[1]</span></blockquote>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Besides firewalls, he describes other controls that the cyber security community has decided are necessary to secure the perimeter, such as demilitarized zones (DMZs),[17] virtual private networks (VPNs),[18] application gateways,[19] intrusion detection systems,[20] honeypots,[21] vulnerability scanners,[22] and email security.[23][1] Since the book’s publication, security vendors have added even more tools to this conga line, tools like URL filters,[24] Domain Name System (DNS) monitoring,[25] sandboxing technology,[26] security incident and event management systems (SIEMS),[27] and protocol capture and analysis tools.[28]</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">As of right now, May 2014, the cyber security community is mounting a bit of a backlash against the vendor community’s conga line strategy. Practitioners simply can’t manage it all. The best and most recent example of this is the Target data breach.[5] Like the rest of us, the Target security team installed the conga line of security products and even had a dedicated SOC to monitor them. The controls dutifully alerted the SOC that a breach was in progress but there was so much noise in the system (and perhaps Target’s process was not as efficient as it could be) that nobody in the organization reacted to the breach until it was too late.[5] Because of this kind of situation, many organizations are looking for simpler solutions rather than continuing to add new tools to the security stack.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: #6fa8dc; font-family: Verdana, sans-serif; font-size: x-large;">Cryptology</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">According to Schneier, underlying everything is cryptology. As you would expect from a cryptologist, Schneier believes that his field of study is the linchpin of the entire idea of Internet security.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<blockquote class="tr_bq">
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;">“Cryptography is pretty amazing. On one level, it’s a bunch of complicated mathematics. On another level, cryptography is a core technology of cyberspace. In order to understand security in cyberspace, you need to understand cryptography. You don’t have to understand the math, but you have to understand its ramifications. You need to know what cryptography can do, and more importantly, what cryptography cannot do.”[1] </span></blockquote>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">I agree. (Note: The difference between the terms cryptography, cryptanalysis, cryptology, and cryptologist is left as an exercise for the reader.[29]) I would say that the cyber security community has failed in this regard since Schneier published <i>Secrets and Lies</i>. While it is true that cryptography is the underlying technology that makes it possible to secure the Internet, it is still too complicated for the general user to leverage. In light of the Edward Snowden revelations[30]—that we not only have to worry about foreign governments spying on our electronic transmissions, but we also have to worry about our own government doing it—the fact that most people do not know how to encrypt their own email messages as a matter of course is a testament to our industry’s failure.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: #6fa8dc; font-family: Verdana, sans-serif; font-size: x-large;">Kill Chain</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Schneier makes a distinction between computer and network security,[1] that the conga line of security tools that make up the security stack at the network perimeter is not the same as the set of tools you need to secure the endpoint. While this is still true today, the cyber security community has merged these two ideas together since Schneier’s book was published. The thought is that it does not make sense to consider network and endpoint security separately; it makes more sense to think of everything as a system. As organizations develop indicators of compromise at both the network layer and the endpoint layer, essentially the Kill Chain model,[31] the cyber security community can develop advanced adversary profiles about the attacker’s campaign plan.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-large;">Conclusion</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">I have always considered <i>Secrets and Lies</i> the perfect book to hand to new bosses or new employees coming in the door who have not been exposed to cyber security in their past lives. However, when I decided to reread this book for possible inclusion in the candidate list for the cyber security canon, I was worried that it would be dated, that the ideas I was so enamored with more than a decade ago would look a little long in the tooth today. That could not be further from the truth. Schneier explains, in easy-to-understand language, just exactly what the cyber security landscape looked like more than 10 years ago. Remarkably, the landscape is still consistent with this view, and we are still struggling with many of the same issues today. The subtitle to his book should be, “Security is a process, not a product.” With that one line, Schneier captures the essence of what our cyber security community should be about. The content within Secrets and Lies is a good introduction to the cyber security community, and Schneier tells the story well. It is a candidate for the cybersecurity canon, and you should have read it by now.</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="color: orange; font-family: Verdana, sans-serif; font-size: x-large;">Note: </span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"></span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><i>Secrets and Lies: Digital Security in a Networked World </i>is a Cybersecurity Canon Candidate. Please visit the official page sponsored by Palo Alto Networks to read all the books from the Canon project.</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://paloaltonetworks.com/threat-research/cybercanon.html" target="_blank"><img border="0" height="224" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfkRoLce5gsnKaguJSswkwfzGE3CAf2sHwMdd0p3wce7lDNtgR8DZlYEFzva71XGMcB6fxgOGbwr2DDgosH9DYq4QJVPvVOqWiksMQhc-AtxxTIKmpn_-0fHm0UgkEFal23IRHFbKoAX4/s640/Cybersecurity_Canon+logo.png" width="640" /></a></div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-large;">Sources</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[1] “Secrets and Lies: Digital Security in a Networked World,” by Bruce Schneier, John Wiley & Sons, 2000, last visited 7 April 2014,</span></div>
<div>
<a href="https://www.goodreads.com/book/show/304482.Secrets_and_Lies?ac=1"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://www.goodreads.com/book/show/304482.Secrets_and_Lies?ac=1</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[2] “Books You Should Have Read by Now,” by Rick Howard, Terebrate, 16 February 2014, last visited 7 April 2014, </span></div>
<div>
<a href="http://terebrate.blogspot.com/2014/02/books-you-should-have-read-by-now.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://terebrate.blogspot.com/2014/02/books-you-should-have-read-by-now.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[3] “Cyber Security Canon: You Should Have Read These Books by Now,” by Rick Howard, RSA Conference, 24 February 2014, last visited 26 April 2014, </span></div>
<div>
<a href="https://www.youtube.com/watch?v=_ZRq4A22jpg#t=239"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://www.youtube.com/watch?v=_ZRq4A22jpg#t=239</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[4] “Applied Cryptography: Protocols, Algorithms, and Source Code in C,” by Bruce Schneier, John Wiley & Sons, 1993, last visited 24 April 2014,</span></div>
<div>
<a href="https://www.goodreads.com/book/show/2522907.Applied_Cryptography"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://www.goodreads.com/book/show/2522907.Applied_Cryptography</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[5] “A First Look at the Target Intrusion, Malware,” by Brian Krebs, KrebsOnSecurity, 14 January 2014, last visited 25 April 2014,</span></div>
<div>
<a href="http://krebsonsecurity.com/2014/01/a-first-look-at-the-target-intrusion-malware/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://krebsonsecurity.com/2014/01/a-first-look-at-the-target-intrusion-malware/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[6] “Top 5 skills needed for a SOC analyst,” by Rick Howard, CSO Online, 10 March 2014, last visited 25 April 2014,</span></div>
<div>
<a href="http://www.csoonline.com/article/2134470/security-awareness/top-5-skills-needed-for-a-soc-analyst.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.csoonline.com/article/2134470/security-awareness/top-5-skills-needed-for-a-soc-analyst.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[7] “Why you shouldn't train employees for security awareness,” by Dave Aitel, CSO Online, 18 July 2012, last visited 25 April 2014,</span></div>
<div>
<a href="http://www.csoonline.com/article/2131941/security-awareness/why-you-shouldn-t-train-employees-for-security-awareness.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.csoonline.com/article/2131941/security-awareness/why-you-shouldn-t-train-employees-for-security-awareness.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[8] “Is Data Security Awareness Training Effective?” by Daniel Solove, LinkedIn, 18 February 2014, last visited 25 April 2014,</span></div>
<div>
<a href="https://www.linkedin.com/today/post/article/20140218074822-2259773-is-data-security-awareness-training-effective"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://www.linkedin.com/today/post/article/20140218074822-2259773-is-data-security-awareness-training-effective</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[9] “Measuring the Effectiveness of Your Security Awareness Program,” by John Schroeter, CIO, 12 February 2014, last visited 25 April 2014,</span></div>
<div>
<a href="http://www.cio.com/article/748172/Measuring_the_Effectiveness_of_Your_Security_Awareness_Program?page=1&taxonomyId=3089"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.cio.com/article/748172/Measuring_the_Effectiveness_of_Your_Security_Awareness_Program?page=1&taxonomyId=3089</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[10] “Cybersecurity is for the C-suite, 'not just the IT crowd,’” by Clay Dillow, CNNMoney, 6 January 2014, last visited 25 April 2014,</span></div>
<div>
<a href="http://tech.fortune.cnn.com/2014/01/06/cybersecurity-and-cyberwar/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://tech.fortune.cnn.com/2014/01/06/cybersecurity-and-cyberwar/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[11] “Using Cyber-Attacks for C-Suite Buy-In,” by Jeffrey Roman, BankInfoSecurity, 29 March 2013, last visited 25 April 2014,</span></div>
<div>
<a href="http://www.bankinfosecurity.com/using-cyberattacks-for-c-suite-buy-in-a-5646/op-1"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.bankinfosecurity.com/using-cyberattacks-for-c-suite-buy-in-a-5646/op-1</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[12] “BSIMM Advancing Software Security,” by Ann All, eSecurityPlanet, 20 October 2013, last visited 25 April 2014, </span></div>
<div>
<a href="http://www.esecurityplanet.com/network-security/bsimm-advancing-software-security.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.esecurityplanet.com/network-security/bsimm-advancing-software-security.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[13] “What is Bitcoin?” by Tal Yellin, Dominic Aratari, and Jose Pagliery, CNNMoney, last visited 26 April 2014,</span></div>
<div>
<a href="http://money.cnn.com/infographic/technology/what-is-bitcoin/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://money.cnn.com/infographic/technology/what-is-bitcoin/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[14] “Intel Pentium III processor families,” by CPU World, 28 March 2014, last visited 10 April 2014,</span></div>
<div>
<a href="http://www.cpu-world.com/CPUs/Pentium-III/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.cpu-world.com/CPUs/Pentium-III/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[15] “Windows NT: Remember Microsoft's almost perfect 20-year-old?” by Andrew Orlowski, The Register, 20 August 2013, last visited 10 April 2014, </span></div>
<div>
<a href="http://www.theregister.co.uk/2013/08/20/nt_at_20/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.theregister.co.uk/2013/08/20/nt_at_20/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[16] “CPU Benchmarks: Over 600,000 CPUs Benchmarked,” by Passmark Software, 2014, last visited 10 April 2014,</span></div>
<div>
<a href="http://www.cpubenchmark.net/cpu.php?cpu=Intel+Pentium+III+-+S+1400MHz"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.cpubenchmark.net/cpu.php?cpu=Intel+Pentium+III+-+S+1400MHz</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[17] “DMZ - Demilitarized Zone,” by Bradley Mitchell, About.com, last visited 25 April 2014,</span></div>
<div>
<a href="http://compnetworking.about.com/cs/networksecurity/g/bldef_dmz.htm"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://compnetworking.about.com/cs/networksecurity/g/bldef_dmz.htm</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[18] “What Is a VPN: VPN Solutions and Key Features?” by Bradley Mitchell About.com, last visited 25 April 2014,</span></div>
<div>
<a href="http://compnetworking.about.com/od/vpn/a/what_is_a_vpn.htm"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://compnetworking.about.com/od/vpn/a/what_is_a_vpn.htm</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[19] “Application Gateway,” by Cory Janssen, technopedia, last visited 25 April 2014,</span></div>
<div>
<a href="http://www.techopedia.com/definition/4189/application-gateway"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.techopedia.com/definition/4189/application-gateway</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[20] “Intrusion Detection System - IDS Technology and Deployment,” by Palo Alto Networks, last visited 25 April 2014,</span></div>
<div>
<a href="https://www.paloaltonetworks.com/resources/learning-center/what-is-an-intrusion-detection-system-ids.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://www.paloaltonetworks.com/resources/learning-center/what-is-an-intrusion-detection-system-ids.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[21] “Intrusion Detection FAQ: What is a Honeypot: Honey Pot Systems Explained?” by Loras R. Even, SANS, 12 July 2000, last visited 25 April 2014,</span></div>
<div>
<a href="http://www.sans.org/security-resources/idfaq/honeypot3.php"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.sans.org/security-resources/idfaq/honeypot3.php</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[22] “Vulnerability Scanning for Business,” by Brian Robinson, ITSecurity, last visited 25 April 2014,</span></div>
<div>
<a href="http://www.itsecurity.com/interviews/amer-deeba-interview-qualsys-040507/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.itsecurity.com/interviews/amer-deeba-interview-qualsys-040507/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[23] “Email security – Essential Guide,” by Arif Mohamed, ComputerWeekly.com, last visited 25 April 2014,</span></div>
<div>
<a href="http://www.computerweekly.com/feature/Email-security-Essential-Guide"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.computerweekly.com/feature/Email-security-Essential-Guide</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[24] “Control Web Activity with URL Filtering,” by Palo Alto Networks, last visited 25 April 2014,</span></div>
<div>
<a href="https://www.paloaltonetworks.com/products/features/url-filtering.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://www.paloaltonetworks.com/products/features/url-filtering.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[25] “APT Prevention: WildFire: Protection from targeted and unknown threats,” by Palo Alto Networks, last visited 25 April 2014,</span></div>
<div>
<a href="https://www.paloaltonetworks.com/products/features/apt-prevention.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://www.paloaltonetworks.com/products/features/apt-prevention.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[26] “Malware-detecting 'sandboxing' technology no silver bullet,” by Ellen Messmer, Network World, 26 March 2013, last visited 25 April 2014,</span></div>
<div>
<a href="http://www.networkworld.com/news/2013/032613-sandboxing-268108.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.networkworld.com/news/2013/032613-sandboxing-268108.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[27] “Security Incident and Event Management (SIEM),” by technopedia, last visited 25 April 2014,</span></div>
<div>
<a href="http://www.techopedia.com/definition/4097/security-incident-and-event-management-siem"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.techopedia.com/definition/4097/security-incident-and-event-management-siem</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[28] “Hackers Techniques, Tools, and Incident Handling: Lab 4,” by poplynnsho, StudyMode, July 2013, last visited 25 April 2014,</span></div>
<div>
<a href="http://www.studymode.com/essays/Hackers-Techniques-Tools-And-Incident-Handling-1851403.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.studymode.com/essays/Hackers-Techniques-Tools-And-Incident-Handling-1851403.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[29] “Cryptography vs Cryptanalysis vs Cryptology…” by Nick Pelling, Cipher Mysteries, 3 February 2009, last visited 26 April 2014,</span></div>
<div>
<a href="http://www.ciphermysteries.com/2009/02/03/cryptography-vs-cryptanalysis-vs-cryptology"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.ciphermysteries.com/2009/02/03/cryptography-vs-cryptanalysis-vs-cryptology</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[30] “Edward Snowden: the whistleblower behind the NSA surveillance revelations,” by Glenn Greenwald, Ewen MacAskill, and Laura Poitras, The Guardian, 9 June 2013, last visited 26 April 2014,</span></div>
<div>
<a href="http://www.theguardian.com/world/2013/jun/09/edward-snowden-nsa-whistleblower-surveillance"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.theguardian.com/world/2013/jun/09/edward-snowden-nsa-whistleblower-surveillance</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[31] “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains,” by Eric M. Hutchins, Michael J. Cloppert and Rohan M. Amin, Lockheed Martin Corporation, Presented at the 6th International Conference on Information Warfare and Security, The George Washington University, Washington, DC, 17-18 March 2011. Last visited 26 April 2014,</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://academic-conferences.org/pdfs/ICIW_2011-book.pdf</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-large;">References</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“Book Review - Secrets and Lies: Digital Security in a Networked World,” by Elaine Ah Chin Kow, Xceed, 8 November 2013, last visited 7 April 2014,</span></div>
<div>
<a href="http://www.xceedgroup.com/xceed-blog/book-review-secrets-and-lies-digital-security-in-a-networked-world"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.xceedgroup.com/xceed-blog/book-review-secrets-and-lies-digital-security-in-a-networked-world</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“Secrets and Lies: Digital Security in a Networked World Bruce - Schneier - John Wiley 2000 - A book review,” by Danny Yee, Danny Yee's Book Reviews, 2000, last visited 7 April 2014,</span></div>
<div>
<a href="http://dannyreviews.com/h/Secrets_Lies.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://dannyreviews.com/h/Secrets_Lies.html</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“Secrets and Lies: Digital Security in a Networked World by Bruce Schneier - 430 pages, ISBN 0-471-25311-1, Wiley, New York, 2000 - www.wiley.com,” by J. M. Haile, Macatea Productions, 12 October 2006, last visited 7 April 2014,</span></div>
<div>
<a href="http://www.macatea.com/atc/bookreviews/schneier_review.php"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.macatea.com/atc/bookreviews/schneier_review.php</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“Secrets & Lies: Digital Security In A Networked World,” by Jeff "hemos" Bates, Slashdot, 19 September 2000, last visited 7 April 2014</span></div>
<div>
<a href="http://news.slashdot.org/story/00/09/17/1311241/secrets-lies-digital-security-in-a-networked-world"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://news.slashdot.org/story/00/09/17/1311241/secrets-lies-digital-security-in-a-networked-world</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“Title: Secrets and Lies: Digital Security in a Networked World- Author: Bruce Schneier - Publisher: Wiley - Publication Date: August 2000 - Pages: 412,” by Shuang-lin Lee, Information Security (INLS187), last visited 7 April 2014,</span></div>
<div>
<a href="http://www.unc.edu/~leesl/inls187/bookreview.htm"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.unc.edu/~leesl/inls187/bookreview.htm</span></a></div>
</div>
Rickhttp://www.blogger.com/profile/11140485584379281758noreply@blogger.com0tag:blogger.com,1999:blog-404553574933465315.post-45315395373674413742014-04-15T08:03:00.001-04:002014-04-15T08:03:57.022-04:008 Tips For Dealing With Heartbleed Right Now<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirCgY1Ea7GQs-VGHuEUE-oNCRzfP-i5dRpv16jmNzckm69SmgO4Muxf_kGXmeA3WHllIqh31JDrl04MAQgVzx28GzhIaMsYYOUszpbPD47mg4A-6zh_x0X8Z34T8T2cGXpNA75RmEmcsc/s1600/Heartbleed+Icon+cropped.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirCgY1Ea7GQs-VGHuEUE-oNCRzfP-i5dRpv16jmNzckm69SmgO4Muxf_kGXmeA3WHllIqh31JDrl04MAQgVzx28GzhIaMsYYOUszpbPD47mg4A-6zh_x0X8Z34T8T2cGXpNA75RmEmcsc/s1600/Heartbleed+Icon+cropped.png" height="200" width="184" /></a></div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">This has been a fun two weeks. We have not had a significant cyber event like this, an event that affects just about everybody on the Internet, since the Kaminsky DNS vulnerability of 2008. [1] Everybody I know has been scrambling to understand what it means to their organization, to their business and to their immediate family. Yes, I said family. I am sure I am not the only one who has answered a question or two from their mother-in-law about how the Internet is melting down based on what she’s been reading in the press.. I am not going to explain how the vulnerability might make a hacker’s day. If you need that, here are two posts that do that quite well: one by Scott Simpkin at Palo Alto Networks [2] and another by Dan Gooden over at ars technica [3]. What I want to do is talk about the Top Eight things I am doing right now to protect Palo Alto Networks and my home (and mother-in-law).</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">#1: <b>Don’t Panic</b>: Yes, this is a serious issue and it that has been available for exploitation for over two years. But the chances that hackers have successfully exploited you or your organization are pretty small. Check your trap lines for sure but let’s get on with the business of cleaning up on isle nine.</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">#2: <b>Monitor Palo Alto Networks IPS vulnerability Signature ID 36416, 36417, 36418, 40039</b>: For Palo Alto Networks customers, monitor IPS vulnerability signature ID 36416, 36417, 36418, 40039 for signs of activity. We released those signatures on April 9 and April 10 and they can automatically detect and block attempted exploitation of the vulnerability. If you’re a Palo Alto Networks customer with an up-to-date subscription, you’re covered.[4]</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">#3: <b>Identify and Patch Your Affected Systems</b>: I know that this sounds obvious but don’t assume you know. Run your local scanners across your network to discover any Open SSL instances that might have popped up without your knowledge. I know that both Tripwire and Qualys say their tools find the vulnerability. I am sure most commercial scanners also do at this point. Use them.</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">#4: <b>Ping your cloud application providers to see where they are in the cleanup process</b>: Salesforce.com has already announced that their systems are unaffected by this vulnerability. But you are probably using a handful of other cloud providers for other tasks like HR, Payroll, ERP, etc. Make sure you know who they are and ensure they are cleaning up the same way that you are. If you are curious, Brian Krebs recommends using Filippo Valsorda’s site -- http://filippo.io/Heartbleed/ -- to check for vulnerable systems. [5] You can also use these two locations:</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">LastPass: <a href="https://lastpass.com/heartbleed/">https://lastpass.com/heartbleed/</a></span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Qualys: https://www.ssllabs.com/ssltest/</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">#5: <b>New Keys</b>: For all affected systems, acquire new key certificates, revoke your old ones and install the new ones. Because of the way the vulnerability works, hackers who have compromised your servers with this Heartbleed weakness may have stolen your private keys. Even after you patch your systems, these guys would still have your private keys. Get a new set of keys.</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">#6: <b>Inform Your Customers if you Found Vulnerable Systems</b>: This is key. Your customers should already be asking you if you have been affected (See #3), but there will be some that do not. As a matter of trust, you should be very public about your cleanup efforts. Do not shy away form this. Since this vulnerability is widespread, you will not be alone in your efforts and maybe you can help some other organization who is not as clear thinking as you are about how to do this cleanup.</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">#7: <b>Change Passwords</b>: Once you have patched your systems, changed your keys, ensured that your cloud providers also accomplished those tasks, then it is time to change the passwords for all users on those systems. Do not do this until everything else is done though because if you do, hackers who are hanging out on systems that have not been patched or systems where the keys have not been changed can still read your new password. It does not make sense to change your password until the other tasks are done.</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">#8: <b>Beware of the inevitable phishing campaign</b>: Soon you will start to see phishing email messages telling you that you must immediately change your password in order to protect yourself from the Heartbleed vulnerability. They will most likely have a link embedded in the message pointing you to a sight that looks very much like your ERP, HR or payroll site, but in fact, it will be a site cleverly designed to collect your credentials. Don’t do that. </span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">In the long, consider Installing Perfect Forwarding Secrecy (PFS), as Twitter did last year [6], in order to ensure that a session key derived from a stolen private key and a collected public key in the future will not be compromised. PFS solves the very problem that we are changing our keys now to prevent.</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-large;">Note</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">I published a version of this essay on the Palo Alto Networks research blog but I thought I would post it here also to reach the widest audience possible. [7]</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-large;">Sources</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[1] “Understanding Kaminsky's DNS Bug,” By Cory Wright, Linux Journal, 25 July 2008, Last Visited 11 April 2014,</span><br />
<a href="http://www.linuxjournal.com/content/understanding-kaminskys-dns-bug"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.linuxjournal.com/content/understanding-kaminskys-dns-bug</span></a><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[2] “Real-world Impact of Heartbleed (CVE-2014-0160): The Web is Just the Start,” by Scott Simpkin, Palo Alto Networks Research Blog, 10 April 2014, Last Visited 11 April 2014</span><br />
<a href="http://researchcenter.paloaltonetworks.com/2014/04/real-world-impact-heartbleed-cve-2014-0160-web-just-start/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://researchcenter.paloaltonetworks.com/2014/04/real-world-impact-heartbleed-cve-2014-0160-web-just-start/</span></a><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[3] “Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping: Exploits allow attackers to obtain private keys used to decrypt sensitive data.” by Dan Goodin, arstechnica, 7 April 2014, Last Visited 11 April 2014.</span><br />
<a href="http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/</span></a><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[4] “Palo Alto Networks Addresses Heartbleed Vulnerability (CVE-2014-0160),” by Scott Simpkin, Palo Alto Networks, 9 April 2014, Last Visited 11 April 2014,</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://researchcenter.paloaltonetworks.com/2014/04/palo-alto-networks-addresses-heartbleed-vulnerability-cve-2014-0160/</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[5] “‘Heartbleed’ Bug Exposes Passwords, Web Site Encryption Keys,” by Brian Krebs, Krebs on Security, 8 April 2014, Last Visited 11 April 2014,</span><br />
<a href="http://krebsonsecurity.com/2014/04/heartbleed-bug-exposes-passwords-web-site-encryption-keys/comment-page-2/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://krebsonsecurity.com/2014/04/heartbleed-bug-exposes-passwords-web-site-encryption-keys/comment-page-2/</span></a><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[6] “Explaining perfect forward secrecy,” by Richard Mortier, Phys.Org, The Conversation, 2 Dec 2013, Last Visited 11 April 2014,</span><br />
<a href="http://phys.org/news/2013-12-secrecy.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://phys.org/news/2013-12-secrecy.html</span></a><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[7] “8 Tips For Dealing With Heartbleed Right Now,” by Rick Howard, Palo Alto Networks Research Blog, 12 April 2014, Last Visited 15 April 2014,</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://researchcenter.paloaltonetworks.com/2014/04/8-tips-dealing-heartbleed/</span><br />
<div class="separator" style="clear: both; text-align: center;">
</div>
</div>
Rickhttp://www.blogger.com/profile/11140485584379281758noreply@blogger.com0tag:blogger.com,1999:blog-404553574933465315.post-91883308520810832822014-03-24T04:27:00.000-04:002014-03-24T04:27:10.299-04:00Book Review: The Girl with the Dragon Tattoo (2005) by Stieg Larsson<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3Oa12CdvFoLpKaHWc6A0JfZq_CHAmDtBQoYDm5E9CuW_ZO2yr9QNfCHbYbxsQsY39gaFyzOffWSOjG-bUQsblNzWPCf1exv1Lv855KQtFU9ueH_AsnIyGl6eo55Z0cFitbvI6-bwsS1o/s1600/The+Girl+with+the+Dragon+Tatoo.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3Oa12CdvFoLpKaHWc6A0JfZq_CHAmDtBQoYDm5E9CuW_ZO2yr9QNfCHbYbxsQsY39gaFyzOffWSOjG-bUQsblNzWPCf1exv1Lv855KQtFU9ueH_AsnIyGl6eo55Z0cFitbvI6-bwsS1o/s200/The+Girl+with+the+Dragon+Tatoo.jpg" height="200" width="136" /></a></div>
<span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-large;">Executive Summary</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">You have heard of this book from watching one or both of the movies that have sprung from it, but do yourself a favor: take the time to read through this one. It is a fantastic story involving a complex mystery and engaging real-world characters. The overarching theme though is the spotlight that the author, Stieg Larsson, places on Swedish culture’s egregious acceptance of violence against women. Lisbeth Salander is the tattooed girl referred to in the book’s title. She is an orphan, a ward of the state, a hacker with a photographic memory who works for a private investigation firm, and a young woman who refuses to be a victim. She is an amazing character, a real woman with strengths and flaws but who can be held up to us all as an example to admire and to aspire to in regard to her drive, intelligence, and agency. It is written well, despite being translated into English from Swedish, and because the hacking described within is not exaggerated and could actually work, it is worthy of consideration for the cyber security canon. You should have read this by now.</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-large;">Introduction</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">When I read <i>The Girl with the Dragon Tattoo</i> the first time a few years ago, I got the idea that there must be a lot of books published involving hackers and how they hack. I started to seek them out to see if any of them were any good. What I discovered was that you could categorize these hacker books into two broad categories. In one category, the author does not really understand hacking at all and does not even attempt to describe how anything is done. I call this the Harry Potter School of Hacking; the hackers do a lot of hand-waving and say a lot of magic words like “Sending spike now!” or “Breaking encryption, this will just take a couple of seconds,” but you never really see how they accomplish those tasks. A good example of this kind of hacker storytelling is <i>The Zenith Angle</i> by Bruce Sterling.[1] I loved the story, but Harry Potter might as well have been the main character because the hacking accomplished is magically done. In the other category, the author has spent some time trying to understand hacking culture and to describe exactly how the hacker did what he or she did. A good example of this kind of storytelling is <i>The Blue Nowhere by Jeffery Deaver</i>.[2] Deaver gets the technical details right by describing real-world and fictional tools that the two main hackers use against each other. <i>The Girl with the Dragon Tattoo</i> falls into this latter bucket. It is fantastic story, and Larsson gets the technical details right.</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-large;">The Story</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><i>The Girl with the Dragon Tattoo </i>is a ripping-good detective story set in the vicinity of Stockholm, Sweden, during a time when the only way to connect to the Internet from your home was with inexpensive modem lines or expensive ADSL lines. Once an English reader like me gets past the strange-sounding Swedish names, like Dragan Armansky, Hans-Erik Wennerström, Mikael Blomkvist, Lisbeth Salander, and Henrik Vanger, the story moves along quite nicely. </span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">It revolves around a disgraced journalist, Blomkvist, who agrees to take a research case from a very old family patriarch, Vanger. The case involves the disappearance of Vanger’s favorite niece, Harriet, some forty years prior. At a family gathering on their private island, Harriet disappeared without a trace. The local law enforcement officials suspected a runaway, then suicide, then murder but were unable to find any meaningful clues one way or the other. Vanger suspects murder and is convinced that someone in his own family was behind the crime, but because the family members all vehemently hate each other and have a long list of fetishes and prejudices, any one of them could have had the motive to do it. For the seven years before Harriet disappeared, she gave Vanger a framed exotic flower to hang on his wall for his birthday. For the next thirty-seven years after Harriet’s disappearance, he anonymously received another framed exotic flower in the mail on his birthday. Each flower is a reminder that Harriet is gone, that Vanger has no clue what happened, and that the person sending the flower may be the killer. Before he dies, which could be very soon, Vanger wants resolution and hires Blomkvist to solve the case. </span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">With the mystery laid out, Larsson walks the reader through what he really wants to talk about: the egregious acceptance in Swedish culture of violence against women. The working title to the book before he published it was Men Who Hate Women, so you know what Larsson had in mind. Lisbeth Salander is the tattooed girl referred to in the book’s title. She is an orphan, a ward of the state, a hacker with a photographic memory who works for a private investigation firm, and a young woman who refuses to be a victim. She is an amazing character, a real woman with strengths and flaws but who can be held up to us all as an example to admire and to aspire to in regard to her drive, intelligence, and agency. Blomkvist hires her to help him with the Vanger mystery, and although the story is told from Blomkvist’s perspective, the story is really about Salander.</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-large;">The Tech</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The story is so engulfing that when I read it for the first time, I got through about 75 percent of it and realized that I had not seen a lot of hacking by the Tattoo Girl. All that Larsson did describe was a lot of innuendo. Phrases like “The Tattoo Girl hacked my password and looked at my hard drive” pepper the narrative. He would never explain how she hacked it. I was ready to chalk the entire thing up to a good read, but put it squarely in the Harry Potter School of Hacking stories, when I arrived at the second climax of the story. There are two parallel plots running through the book, and the final climax is where the hacking comes in. Larsson describes in fairly good detail how the Tattoo Girl was able to defeat Hans-Erik Wennerström’s email encryption scheme, install a piece of stealthy malcode over time, remotely control the bad guy’s Dell laptop with her Apple MacBook (I think there is a political statement in there somewhere), and reroute his money stored in numerous bank accounts around the world to her equally numerous anonymous accounts that she had sole control over. Wennerström is the source of Blomkvist’s disgrace that started the book. The hacking description is realistic and could have worked in the real world.</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-large;">Conclusion</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">If you like mysteries and if you like stories about hackers, you have to read this book. Be warned though, there are a number of scenes that Larsson describes in gory detail regarding the sexual abuse of women. If you can’t stand that kind of thing, stay away. Don’t say that I didn’t warn you. And do yourself a favor; watch both movie versions of the book: the original 2009 Swedish version with Noomi Rapace as Salander and the American 2011 remake with Rooney Mara as Salander. Both actresses provide a compelling and completely different take on Salander, and it is fascinating to watch. Because the book is a very good, well-written story, despite being translated into English from Swedish, and because the hacking described within is not exaggerated and could actually work, it is worthy of consideration for the cyber security canon.[3] You should have read this by now.</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-large;">Note</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">I worked for iDefense (a VeriSign Inc. business unit) the first time that I wrote about <i>The Girl with the Dragon Tattoo</i>. Jason Greenwood, the current general manager and an old friend of mine, has graciously allowed me to reuse some of the original content from that essay for this updated blog post. iDefense is still one of the best commercial cyber security intelligence outfits out there. If you have cyber intelligence needs, you should consider calling them.</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-large;">Sources</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[1] “The Zenith Angle,” by Bruce Sterling, Goodreads, published January 2004 by Del Ray, last visited 21 March 2014,</span><br />
<a href="https://www.goodreads.com/book/show/218568.The_Zenith_Angle?ac=1"><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">https://www.goodreads.com/book/show/218568.The_Zenith_Angle?ac=1</span></a><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[2] “Book Review: The Blue Nowhere by Jeffery Deaver (2001),” by Rick Howard, Terebrate, 11 January 2014, last visited 21 March 2014,</span><br />
<a href="http://terebrate.blogspot.jp/2012/11/book-review-blue-nowhere-by-jeffery.html"><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">http://terebrate.blogspot.jp/2012/11/book-review-blue-nowhere-by-jeffery.html</span></a><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[3] “Books You Should Have Read By Now,” by Rick Howard, Terebrate, 16 February 2014, last visited 21 March 2014,</span><br />
<a href="http://terebrate.blogspot.jp/2014/02/books-you-should-have-read-by-now.html"><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">http://terebrate.blogspot.jp/2014/02/books-you-should-have-read-by-now.html</span></a><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-large;">References</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“Let's play corpse and robbers,” by Peter Guttridge, The Observer, 5 January 2008, last visited 15 March 2014,</span><br />
<a href="http://www.theguardian.com/books/2008/jan/06/fiction.features"><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">http://www.theguardian.com/books/2008/jan/06/fiction.features</span></a><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“Vanished,” by Alex Berenson, The New York Times, 14 September 2008, last visited 15 March 2014,</span><br />
<a href="http://www.nytimes.com/2008/09/14/books/review/Berenson-t.html?_r=0"><span style="font-family: Times, Times New Roman, serif; font-size: x-large;">http://www.nytimes.com/2008/09/14/books/review/Berenson-t.html?_r=0</span></a><br />
<br /> <br /><br /> <br /><br /> <br /><br /> <br /></div>
Rickhttp://www.blogger.com/profile/11140485584379281758noreply@blogger.com2tag:blogger.com,1999:blog-404553574933465315.post-79620177132472288402014-02-19T06:18:00.000-05:002015-08-02T13:17:53.201-04:00Book Review: Fatal System Error: The Hunt for the New Crime Lords Who Are Bringing Down the Internet by Joseph Menn (2010)<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhE9x9VA2yauyxLwyn3YqLcwOfnF9C0LhaPUnWPZ8sXTrsn6lJnjGO3cj6Csnj25fNSv3lcrTN5y_FxsmAiH0jOsGKlI56kvAX9694BShv0TrdCiDF4WSCJzkXu9ygnIPwmztGov2wmCUo/s1600/fatal_system_error_book.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><span style="font-family: Helvetica Neue, Arial, Helvetica, sans-serif;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhE9x9VA2yauyxLwyn3YqLcwOfnF9C0LhaPUnWPZ8sXTrsn6lJnjGO3cj6Csnj25fNSv3lcrTN5y_FxsmAiH0jOsGKlI56kvAX9694BShv0TrdCiDF4WSCJzkXu9ygnIPwmztGov2wmCUo/s1600/fatal_system_error_book.jpg" /></span></a></div>
<span style="font-size: x-large;"><span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif;">Executive Summary</span><br /><br /><span style="font-family: Times, Times New Roman, serif;">If you are interested in the evolution of cyber crime, Fatal System Error is a good first reference. The author, Joseph Menn, is able to capture the early years as the cyber criminal community was just beginning to productize its cyber business, to professionalize it so that it ran more like a business. He tells the story through two early cyber security practitioners: a very young Barrett Lyon—a cyber security services businessman who built one of the first denial of service protection companies called Prolexic Technologies—and Andy Cocker—at the time, an agent for the UK's National Hi-Tech Crime Unit. Lyon gets sucked into protecting organized crime operations that dabbled in offshore gambling and pornography, and Cocker used old-fashioned police work to arrest some of the early cyber criminals when the FBI seemed completely impotent at the prospect. Menn also manages to sprinkle in a discussion of some of the most significant cyber security milestones between 1995 and 2009, such as the emergence of the Russian Business Network and the identification of the Chinese Network Crack Program Hacker group. Fatal System Error is a vital historical reference for the cyber security community regarding the evolution of cyber crime. It is worthy of being a part of the cyber security canon, and you should have read it by now. </span></span><br />
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-large;">Introduction</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Most of this book is about the incipient history of cyber crime. Menn[1] tells the story through two early cyber security practitioners: a very young Barrett Lyon—an early cyber security services businessman who built one of the first denial of service protection companies called Prolexic Technologies—and Andy Cocker—at the time, an agent for the UK's National Hi-Tech Crime Unit. Menn also manages to sprinkle in a discussion of some of the significant cyber security milestones from around 1995 to about 2009. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">He talks about the rise of cyber espionage and one of the first public discoveries of a state-sponsored amateur hacker group called the Chinese Network Crack Program Hacker (NCPH) group.[2] Any first tier country on the world’s political stage has the ability to conduct cyber espionage. The Chinese method is different though. Where other countries try to maintain as low a profile as they can, the Chinese effort does not really worry about getting caught. Besides their own internal cyber espionage capabilities, the Chinese have no problem outsourcing some of their low-level collection efforts to in-country amateur hacker groups. The NCPH group was one of the first groups to get noticed by the cyber security community.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Menn also describes one of the first and most notorious known organized cyber crime syndicates called the Russian Business Network (RBN),[3] which was virtually untouchable by law enforcement during this period. The owner of the syndicate was the son of a high-placed political official, so even if a Russian police officer felt the urge to arrest this cyber criminal, there were powerful forces within the Kremlin that made it a good idea not to.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Menn also covers the familiar ground of Estonia,[4][5][6] Georgia,[6] and Kyrgyzstan[7] where attackers first proved that cyber warfare was possible, and he documents some of the first uses of distributed denial of service (DDoS) attacks as an extortion tool. He explains the rise of bulletproof-hosting providers (essentially criminal Internet service providers) and the impotence of US law enforcement when tracking Russian cyber criminals during this period. In fact, Menn almost takes relish in describing the complete lack of respect for the FBI from the cyber security community during this time.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-large;">The Story</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">These details are side stories. The bulk of the book is about the rise of cyber crime. Lyon’s story is how he was sucked into protecting some less-than-savory companies that dabbled in offshore gambling and porn. Organized crime rings ran most of these operations, and the criminals involved were not above trying to sabotage their competitors’ efforts. Offshore gambling became popular about the same time that hackers discovered that it was possible to launch DDoS attacks that could take a website or a data center offline by simply bombarding it with random data streams from thousands of computers – a botnet – around the Internet. These new cyber criminals used those kinds of tools against their competitors in an effort to drive them out of business. Lyon’s company owned the technology that could mitigate these kinds of attacks, and the organized crime operators came calling to get his help. Lyon’s story is about how he naively gets involved with these cyber criminals and subsequently tries to get himself out of the situation. It was not easy.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Cocker’s story is a bit different. He was an old-school British police officer frustrated with the inability of law enforcement to break down jurisdictional lines across international borders to arrest known cyber criminals. He and his National Hi-Tech Crime Unit decided to do something about it. Instead of waiting for Russian law enforcement to be compelled by political leaders to cooperate, Cocker went into the Eastern Bloc countries to build relationships with local law enforcement officials who were just as eager to bring these new cyber criminals to justice as he was. He had one tried-and-true method to accomplish this task: drink lots of vodka together. Over time, he built trust and friendships with his Russian counterparts and had amazing success arresting cyber criminals in the Eastern Bloc.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Menn got a lot of help writing this book from various prominent cyber security researchers and journalists at the time. He singles out important commercial cyber security intelligence organizations like iDefense,[8] Team Cymru,[9] and SecureWorks.[10] He pointedly casts disdain on anti-virus vendors as being ineffective, and he specifically is astonished at Kaspersky's view of the world regarding how the Russians were not behind the attacks against Estonia,[4][5][6] Georgia,[6] and Kyrgyzstan.[7] At the time, Kaspersky thought the Russians were falsely persecuted by the rest of the world in terms of who was responsible for cyber crime, cyber hacktivism, and cyber warfare.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Menn praises respected independent security researchers like Kimberly Zenz (iDefense), Joe Stewart (SecureWorks), Rafal Rohozinski (SecDev), Don Jackson (SecureWorks), Jart Amin (independent researcher), Paul Ferguson (independent researcher), Avivah Litan (Gartner), and Dmitri Alperovich (Secure Computing). He also points to cyber security journalists like Brian Krebs, John Markoff, Jon Swartz, Byron Acohido, Kevin Poulsen, Kim Zetter, John Leyden, and Robert McMillan as being the cream of the crop.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">I do have a couple of quibbles with his story though. Menn claims that RBN was the main force responsible for the DDoS attacks against Estonia and Georgia. While it may be true that computers within the RBN botnet system participated in those offensive attacks, I do not find Menn’s evidence compelling that RBN leaders orchestrated the attack on their own. Both attacks had too much precision—some would say military precision—to be run from a civilian organization. I also do not like the way that Menn jumps back and forth in the timeline. For example, in one chapter, he will talk about events in 2008, jump to events in 2002, and then jump ahead to significant events in 2006. He makes it tough for the reader to understand the narrative arc. I would have appreciated a straight-up timeline to keep everything straight. But these are small quibbles. I do not have any compelling evidence either about who is responsible for the Estonia and Georgia attacks, and who am I to criticize the way that Menn tells this complicated story?</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="color: red; font-family: Verdana, sans-serif; font-size: x-large;">Note: </span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"></span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><i>Fatal System Error: The Hunt for the New Crime Lords Who Are Bringing Down the Internet</i> is a Cybersecurity Canon Candidate. Please visit the official page sponsored by Palo Alto Networks to read all the books from the Canon project.</span><br />
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://paloaltonetworks.com/threat-research/cybercanon.html" target="_blank"><img border="0" height="224" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfkRoLce5gsnKaguJSswkwfzGE3CAf2sHwMdd0p3wce7lDNtgR8DZlYEFzva71XGMcB6fxgOGbwr2DDgosH9DYq4QJVPvVOqWiksMQhc-AtxxTIKmpn_-0fHm0UgkEFal23IRHFbKoAX4/s640/Cybersecurity_Canon+logo.png" width="640" /></a></div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-large;">Conclusion</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">If you are interested in the evolution of cyber crime, Fatal System Error is a good first reference. Menn is able to capture the early years as the cyber criminal community was just beginning to productize its cyber business, to professionalize it so that it ran more like a business. Fatal System Error is a wonderful historical reference that illuminates this transformation. If you read this book and another that I just recently reviewed called Kingpin,[11] you will have a fairly thorough understanding of the cyber criminal world. Fatal System Error is a vital historical reference for the cyber security community. It is worthy of being a part of the cyber security canon, and you should have read it by now.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-large;">Note</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">I worked for iDefense (a VeriSign Inc. business unit) the first time that I wrote about Fatal System Error. Jason Greenwood, the current iDefense general manager and an old friend of mine, has graciously allowed me to reuse some of the original content from that essay for this updated blog post. iDefense is still one of the best commercial cyber security intelligence outfits out there. If you have cyber intelligence needs, you should consider calling them.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-large;">Sources</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[1] “JosephMenn.com,” last visited 13 February 2014,</span></div>
<div>
<a href="http://www.josephmenn.com/index.php"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.josephmenn.com/index.php</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[2] “Infamous Hacker Heading Chinese Antivirus Firm?” by Brian Krebs, Krebs on Security, 14 November 2012, last visited 13 February 2014,</span></div>
<div>
<a href="http://krebsonsecurity.com/2012/11/infamous-hacker-heading-chinese-antivirus-firm/#more-17501"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://krebsonsecurity.com/2012/11/infamous-hacker-heading-chinese-antivirus-firm/#more-17501</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[3] “Hunt for Russia's web criminals,” by Peter Warren, The Guardian, 15 November 2007, last visited 13 February 2014,</span></div>
<div>
<a href="http://www.theguardian.com/technology/2007/nov/15/news.crime"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.theguardian.com/technology/2007/nov/15/news.crime</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[4] “Cyberwar Timeline,” by Mark Clayton, The Christian Science Monitor, 7 March 2011, last visited 13 February 2014, </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: xx-small;"><a href="http://www.csmonitor.com/USA/2011/0307/Cyberwar-timeline">http://www.csmonitor.com/USA/2011/0307/Cyberwar-timeline</a> </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[5] “Massive DDoS attacks target Estonia; Russia accused,” by Nate Anderson, Ars Technica, 14 May 2007, last visited 13 February 2014, </span></div>
<div>
<a href="http://arstechnica.com/security/2007/05/massive-ddos-attacks-target-estonia-russia-accused/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://arstechnica.com/security/2007/05/massive-ddos-attacks-target-estonia-russia-accused/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[6] “Establishing a Cyber Warfare Doctrine,” by Adrew Colarik and Lech Janczewski, Journal of Strategic Security, Volume 5, Issue 1, pp. 31-48, 2012, last visited 13 February 2014, </span></div>
<div>
<a href="http://scholarcommons.usf.edu/cgi/viewcontent.cgi?article=1123&context=jss"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://scholarcommons.usf.edu/cgi/viewcontent.cgi?article=1123&context=jss</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[7] “Kyrgyzstan Under DDoS Attack From Russia,” by Dell SecureWorks, last visited 13 February 2014,</span></div>
<div>
<a href="http://www.secureworks.com/resources/blog/research/research-20957/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.secureworks.com/resources/blog/research/research-20957/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[8] “Security Intelligence,” by Verisign, last visited 13 February 2014,</span></div>
<div>
<a href="http://www.verisigninc.com/en_US/cyber-security/security-intelligence/threat-intelligence/index.xhtml"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.verisigninc.com/en_US/cyber-security/security-intelligence/threat-intelligence/index.xhtml</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[9] “Team CYMRU Community Services,” by the Dragon Research Group, last visited 13 February 2014,</span></div>
<div>
<a href="http://www.team-cymru.org/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.team-cymru.org/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[10] “SecureWorks,” by Dell, last visited 13 February 2014,</span></div>
<div>
<a href="http://www.secureworks.com/"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.secureworks.com/</span></a></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[11] “Book Review: Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Kevin Poulsen (2011),” by Rick Howard, Terebrate, 8 February 2014, last visited 13 February 2014 , </span></div>
<div>
<a href="http://terebrate.blogspot.com/2014/02/book-review-kingpin-how-one-hacker-took.html"><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://terebrate.blogspot.com/2014/02/book-review-kingpin-how-one-hacker-took.html</span></a></div>
</div>
Rickhttp://www.blogger.com/profile/11140485584379281758noreply@blogger.com0tag:blogger.com,1999:blog-404553574933465315.post-68333932890929554392014-02-15T06:35:00.000-05:002014-02-15T06:35:12.054-05:00Book Review: Daemon (2006) and Freedom™ (2010) by Daniel Suarez<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgd5N8HebyFVsMppIHfezvOyviCiLcaq3SCXAENBfcJRsERmgNAE8FDRaTzAZ6KwJ6jOjQhpsVSzd2iyxbvcYt9voQylYiVE_dBXVG7vy5htIfXDuqHjK9vxeNE7WTBBpyt3T_n7Lu7Ans/s1600/Daemon+and+Freedom+2.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgd5N8HebyFVsMppIHfezvOyviCiLcaq3SCXAENBfcJRsERmgNAE8FDRaTzAZ6KwJ6jOjQhpsVSzd2iyxbvcYt9voQylYiVE_dBXVG7vy5htIfXDuqHjK9vxeNE7WTBBpyt3T_n7Lu7Ans/s1600/Daemon+and+Freedom+2.png" /></a></div>
<span style="font-size: x-large;"><span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif;">Executive Summary</span><br /><br /><span style="font-family: Times, Times New Roman, serif;">If you appreciate hacking stories like <i>The Girl with the Dragon Tattoo</i> or gaming stories like <i>Ready Player One</i> or stories that combine both like <i>Reamde</i>, you will love Daniel Suarez’s <i>Daemon and Freedom™</i> like I did. If you similarly like Michael Crichton books like <i>Jurassic Park,</i> <i>State of Fear</i>, <i>Prey</i>, and <i>Disclosure</i>, you will think that the always-intriguing author has returned from the grave. Suarez’s two books tell one long story and are loaded with seemingly futuristic ideas that are just years away form general deployment. Suarez introduces these new ideas from an old-school hacker perspective in an effort to reboot the world order. He and his key protagonist, the designer of the Daemon, think that all governments and their corporate overlords are too corrupt and that the only way to resolve the matter is to burn the world order to the ground and start over. The Daemon and its disciples infiltrate everything through the direct application of hacking, assassination, and intimidation. The old-world order fights back and results in an epic confrontation of brute force versus technical force. I recommend both books strongly. Suarez demonstrates quality writing that gets the technical details right. The two books combine into one story that is cyber-security-canon worthy. You should have read them by now.</span></span><div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-large;">Introduction</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Published in 2006 by Verdugo Press, but self-published first by the author and his wife in 2006,[1] <i>Daemon</i> is a story about hackers who begin a revolution using near-future technology as catalysts to change the world. The sequel, <i>Freedom™</i>, published in 2010, is really the second half of the story. <i>Daemon and Freedom™</i> describe a world that is rebuilt from the ground up if hackers were to seat themselves comfortably at the design controls.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-large;">The Story</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The premise is fascinating. Matt Sobol is the long-time CTO and founder of a gaming company that built and maintains a hugely successful World of Warcraft-like massively multiplayer online role playing game (MMORPG). With that experience, he learned a little something about artificial intelligence and how it interacts with real humans. In the first few pages though, Sobol dies of cancer. In his place, he leaves behind a software daemon that, in interviews, Suarez has said is a “transmedia news-reading, human-manipulation engine.”[2] </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">For the uninitiated, the word daemon is </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<blockquote class="tr_bq">
<span style="color: blue; font-family: Times, Times New Roman, serif; font-size: x-large;">"an acronym for Disc and Execution Monitor [used in UNIX environments] and is pronounced {dee-mon}. Essentially it is a program that runs in the background, fully automated, and usually handles mundane activities such as log in requests, initiating transactions, etc.”[3] </span></blockquote>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Sobol’s daemon is a little more sophisticated. As the mad genius of the story, Sobol anticipates his death, designs a complex logic tree of potential outcomes, and configures the Daemon to watch for those outcomes. His purpose is to inject catalysts into the old-world system to cause revolution, a reboot if you will, and he is not against burning the entire world down to get it.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Suarez tells the story in two parts. The first book, <i>Daemon</i>, revolves around the rise of the Daemon, its disciples in the Darknet community, and how the US government and its corporate partners plan to defeat them. The good guys in the story, the ones organizing against the Daemon, consist of an NSA code breaker, a local California cop, an FBI SWAT team commander, a CIA special operator, and a software security consultant/gamer/hacker. The second book, <i>Freedom™</i>, focuses on the Darknet reboot aftermath, how society changes for the better after the reboot, and the cataclysmic showdown between Darknet forces and the commercial and government forces attempting to hang onto the past. Some of the good guy forces from the first book eventually switch over to the Darknet side, realizing that there is no going back and that the reboot result is way better then the old system.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-large;">The Tech</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Some of the hype around Suarez is that he is a legitimate heir to the Michael Crichton throne of storytelling: fiction such as <i>Jurassic Park</i>, <i>State of Fear</i>, <i>Prey</i>, and <i>Disclosure</i> that is about the societal impact of technologies that are just a few years away from reality. I concede the comparison. Both of Suarez’s books are loaded with some fantastic ideas that already exist and could be in common use within the next decade. Things like “sound production without speakers [that] can make voices appear in mid-air,” autonomous vehicles (in 2006, this was four years before military drones became the operational centerpiece to President Obama’s foreign policy decisions in the Middle East), advanced voice-recognition systems, desktop manufacturing, and augmented reality are just some of the technologies that drive the Darknet.[4] </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Of course, because Sobol is dead, he needs living surrogates to do his bidding. One of the things his Daemon does is recruit, initially from his game. For the non-gamers in the crowd, people who excel in MMORPGs have a lot more skills than simply pressing the Enter Key really fast in order to kill monsters. As they progress in the game and gain experience, they learn how to organize large groups of people from around the world, function within a team to accomplish team goals, assess strengths and weaknesses within the team and of potential adversaries, and plan and execute operations that leverage those strengths and weaknesses for success. If you think I am kidding, read Rick McCormick’s article on The Verge that describes the epic space battle that occurred in January of this year. In an MMORPG called Eve Online, McCormick estimates that more than 5,000 players joined the fray on both sides of a conflict that ultimately resulted in the loss of more than $200,000 of real US dollars because of the resulting virtual spacecraft damage. Building up fleets of that size takes years of planning and effort. The skillsets involved are quite extraordinary. These people have no lives in the real world per se, but in the game world, they are the centers of power and manipulation.[5]</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Sobol knows this and recruits the best players in his game by giving them special missions to test their individual skill sets. He eventually sends the best of the best out of the game to accomplish real-world missions, and this is where the hacking comes in.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">One of the main recruits is Brian Gragg (hacker name: Loki). Sobol tests Loki by having him break into a remote facility using nothing but his hacking skills. Loki uses a software tool called “Netstumbler”[6] to locate a wireless access point that is using Wi-Fi protected access (WPA) for authentication. He uses another software tool called “Air-Jack”[7] to force key exchanges from the Wi-Fi router and uses a third tool called “Asleap”[8] to collect the wireless key exchanges. (By the way, Wi-Fi is not an acronym. It is a brand name chosen by a committee to represent interoperability efforts between vendors for over-the-air Internet access.[9] Who knew?)</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Loki cracks the WPA key by using an off-line phase-shift keying (PSK) dictionary, basically a collection of words that he can test (brute force) against the acquired keys. Once on the network, he usesa fourth tool called “Superscan”[10] to ping sweep and port scan the entire network. He telnets to the one Unix machine (OpenBSD) that he can see and uses a simple network management protocol (SNMP) buffer overflow attack[11] to compromise it. Once in, he finds that the Unix box is connected to a Web server that is tightly locked down. He uses an SQL injection attack[12] to break in, and Sobol rewards Loki by making him a key operative in the Daemon’s quest. That sequence is a real-world hack using legitimate hacker tools that could have worked in 2006 (when Suarez wrote the book), and most likely, a hacker could use a variation of it to break into some systems today. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Sobol collects people like Loki, black-hat hacker types, who have no moral problems with killing bystanders and intermediaries for the greater goal. But he also collects people with more socially acceptable skills to round out his new world order called the Darknet. The purpose of the Darknet is all-out destruction of the status quo: corrupt governments and the international corporations that pull the strings in the background. The Daemon infiltrates as many corporations as it can (the good ones and the corrupt ones) via the Internet and through Sobol’s Darknet operatives in the real world. But the Daemon does not destroy these companies; it creates a symbiotic relationship with them. It tells the organizational leadership of these now-infiltrated organizations that if they accept the relationship and some basic behavior rules, they can still function. If they don’t, the Daemon will destroy them. Many do not comply, and the Daemon vaporizes them by erasing all of their corporate data (and whatever backups they had). Those that comply donate a small percent of their revenue to the Darknet cause but are allowed to stay in business. The money the Daemon collects from the thousands of companies it infiltrates funds the growing Darknet.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Darknet operatives wear specially designed sunglasses that act as a direct connection to Darknet operations. The glasses provide the wearer with an augmented Darknet reality, broadcasting video as an overlay to the world directly to the inside lens. The augmented reality allows Darknet operatives to recognize other members and to manipulate Darknet objects, initially Daemon programs but eventually programs and data sets created by other Darknet members. The Darknet glasses are eerily similar to the Google Glass experiment that we started reading about in 2012.[13] Because Suarez first published his book in 2006, that is a nice prediction to get right six years before the technology became available.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">Darknet operatives plan and communicate through this interface, this D-Space. Their opponents desperately try to crack and infiltrate the D-Space network in order to collect intelligence that will help them defeat the Darknet forces. I found this idea intriguing and realized how closely it mirrors some thinking from the intelligence community in the last decade. US intelligence organizations have considered the prospect that these MMORPGS could be used for terrorist planning purposes.[14] You can log in from all over the world, your avatar is for the most part anonymous, you have access to voice and message communication services within the game, and the language of the game suits itself to planning and destroying military and civilian targets. Players of the game use the same language to actually play the game.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-large;">Conclusion</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">I loved these two books. They fit nicely into two separate categories that I like to track: hacker novels that do not exaggerate the genre and the combination of gaming and future intelligence collection. It is not a perfect story by any means. You have to suspend disbelief a bit to accept that notion that Sobol could anticipate every major response to his Daemon over a three-year period. With Sobol’s great insight, he develops a viable plan to do something about each and every response from his opponents and programs the Daemon to execute that plan, and everything happens without a glitch. Personally, I can’t get my browser to work correctly unless I reboot the computer on a regular basis. But I am fine with that little conceit. Sobol is the mad genius after all, and I have suspended my disbelief for other novels with similar characters. Also, Suarez presents a love story between the good guy hacker and the NSA code breaker that seems a little forced. But these are minor quibbles. <i>Daemon</i> and <i>Freedom™</i> together represent an engaging story. Along the way, Suarez introduces the reader to some new tech that will be available to the general population in the near future, describes what it takes to be a real hacker, and highlights how the lessons learned through MMORPG development might be beneficial in the real world. </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">The bigger notion that Suarez gives the reader, one that can be lost with all the other amazing things going on, is that Suarez does not like the direction the country, and indeed the world, is going. He believes that most people do not realize it, but that we are all slaves to some severe controls that our governments and their corporate sponsors place upon us, that we all depend too much on these handlers and give away too many liberties to them in the name of security and fear. The title of his second book, <i>Freedom™</i>, is no accident. He does not believe that we can unshackle ourselves without some sort of major cataclysm. In this exciting story, the Daemon causes that cataclysm.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">If you appreciate hacking stories like <i>The Girl with the Dragon Tattoo</i>[15] or gaming stories like <i>Ready Player One</i>[16] or or stories that combine both like <i>Reamde</i>,[17] you will love Suarez’s books like I did. I can say the same thing if you are a Michael Crichton fan too. This story is a worthy successor to some of Crichton’s best efforts. I recommend both books strongly. They represent some quality writing that gets the technical details correct. They are cyber-security-canon worthy, and you should have read them by now.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-large;">Note</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">I worked for iDefense (a VeriSign Inc. business unit) the first time that I wrote about Daemon and Freedom™. Jason Greenwood, the current iDefense general manager and an old friend of mine, has graciously allowed me to reuse some of the original content from that essay for this updated blog post. iDefense is still one of the best commercial cyber security intelligence outfits out there. If you have cyber intelligence needs, you should consider calling them.</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-large;">Sources:</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"> [1] “How the Self Published Debut Daemon Earned Serious Geek Cred,” by Josh McHugh, Wired, 21 April 2008, last visited 9 February 2014,</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.wired.com/culture/culturereviews/magazine/16-05/pl_print</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[2] “Understanding the Daemon,” by Frank Rieger, Frankfurter Allgemeine, 5 January 2011, last visited 9 February 2014,</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.faz.net/aktuell/feuilleton/medien/english-version-understanding-the-daemon-1621404.html</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[3] “Don’t be a Cog in the Wheel,” by Tyler DFC, PAJIBA, May 2010, last visited 9 February 2014,</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.pajiba.com/book_reviews/book-review-daemon-by-daniel-suarez.php</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[4] “The technology depicted in Daemon and FreedomTM may seem like science fiction, but it actually exists . . .” by Daniel Suarez, last visited 9 February 2014,</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://thedaemon.com/daemontech.html</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[5] “Spaceships worth more than $200,000 destroyed in biggest virtual space battle ever,” by Rich McCormick, The Verge, 29 January 2014, last visited 9 February 2014,</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.theverge.com/2014/1/29/5356498/eve-online-battle-sees-200000-dollars-worth-of-spaceships-destroyed </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[6] “Netstumbler Downloads,” Netstumbler.com, last visited 9 February 2014, </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.netstumbler.com/downloads/</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[7] “Airjack,” by abadd0n & XX25, Sourceforge, 9 April 2013, last visited 9 February 2014, </span><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://sourceforge.net/projects/airjack/</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[8] “asleap,” by joswr1ght, Sourceforge, 8 August 2013, last visited 9 February 2014, </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://sourceforge.net/projects/asleap/</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[9] “WiFi isn’t Short for Wireless Fidelity,” by Cory Doctorow, boing boing, 8 November 2005 at 5:43 a.m., last visited 9 February 2014, </span><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://boingboing.net/2005/11/08/wifi-isnt-short-for.html</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[10] “SuperScan V4.1,” by McAfee, last visited 9 February 2014, </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.mcafee.com/us/downloads/free-tools/superscan.aspx</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[11] “017: RELIABILITY FIX,” by OpenBSD, 14 February 2004, last visited 9 February 2014, </span><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.openbsd.org/errata33.html</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[12] “SQL injection Basic Tutorial,” by ZSL, GovernmentSecurity, last visited 9 February 2014, </span><span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.governmentsecurity.org/articles/sql-injection-basic-tutorial.html</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[13] “I, Glasshole: My Year With Google Glass,” by Mat Honan, 30 December 2013, last visited 9 February 2014, </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://www.wired.com/gadgetlab/2013/12/glasshole/</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[14] “MetaTerror: The Potential Use of MMORPGs by Terrorists,” by Roderick Jones and Andrew Cochran, 1 March 2007, last visited 9 February 2014, </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://counterterrorismblog.org/2007/03/metaterror_the_potential_use_o.php </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[15] “The Girl with the Dragon Tattoo (Millennium #1),” by by Stieg Larsson, Reg Keeland (Translator), published 16 September 2008 by Knopf, last visited 9 February 2014,</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://www.goodreads.com/book/show/2429135.The_Girl_with_the_Dragon_Tattoo?ac=1</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[16] “Ready Player One,” by Ernest Cline, published 16 August 2011 by Random House, last visited 9 February 2014,</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">https://www.goodreads.com/book/show/9969571-ready-player-one?ac=1</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">[17] “Book Review: "Reamde" by Neil Stephenson (2011),” by Rick Howard, Terebrate, 4 January 2014, last visited 9 February 2014,</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://terebrate.blogspot.sg/2014/01/book-review-reamde-by-neil-stephenson.html </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="color: red; font-family: Helvetica Neue, Arial, Helvetica, sans-serif; font-size: x-large;">References</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;">“Daemon and Project Glass,” by Doug Johnson, The Blue Skunk Blog, 26 April 2012, last visited 9 February 2014, </span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: xx-small;">http://doug-johnson.squarespace.com/blue-skunk-blog/2012/4/26/daemon-and-project-glass.html</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif; font-size: x-large;"><br /></span><br /><br /></div>
</div>
Rickhttp://www.blogger.com/profile/11140485584379281758noreply@blogger.com0