The Prodigal Sheep

I'm in San Diego for six days, attending a professional development course and then a security conference. The course, on the use of open source data mining and intelligence, is fascinating. Two young terrorism experts are sharing research techniques and case studies with the class.

While the background material is radical Islamic terrorism post-9/11, the foreground methodological lessons are what really interest me. They can be applied to the study of (and defense against) other types of threat.

Two examples that come to mind are organized internet fraud (something that concerns me from time to time in my daytime employment) and American fundamentalist theocrats (a threat that increasingly keeps me awake at night).

It's also interesting and sobering to learn that think-tanks, independent media and individual bloggers are probably more adept at this type of intelligence gathering than the FBI or CIA. The two experts leading the class, for example, are wunderkind hardly out of college.

It's not that it involves rocket science — anyone with a laptop and an internet connection can become a terrorist (or terrorist hunter) these days. It seems to have more to do with passion and freedom to experiment, the latter apparently not being a trait that is either much cultivated or supported with resources in parts of the classified intelligence community. At least that's the impression I get.

Looking forward to day two. 

Posted by Mark Poole at 9:35 PM in Security
Permalink | Comments (0) | TrackBacks (0)

According to USA Today, the so-called 'homeland security' business (aka the military-industrial-security complex) is now worth $59 billion a year. That's how much governments and businesses spend to 'thwart terrorosts', whatever that term means in practice. Homeland security is bigger than the motion picture and music industries.

The big winners?

• The usual lineup of military contractors: Lockheed Martin, Raytheon, Boeing, Northrop Grumman, Ericsson, etc.
  
• Accenture, a $15 billion a year services company headquartered in Bermuda.
• The biometric industry and other whiz-bang technologies with limited or unproven effectivess.
  

Are we getting any value for all these billions?

Consultant Doug Laird, who worked for the U.S. Secret Service and was Northwest Airlines' security director, criticizes the Department of Homeland Security for awarding so many contracts to large corporations.

In general, he says, the contractors oversell the security value of their goods and services. Further, he says, the government exercises inadequate oversight.

"The DHS has pretty much given them an open check to supply products and services," he says.

Often, the large corporations "have no idea about" the work that needs to be done, Laird says. "In my opinion, it's a total rip-off."

The question on everybody's lips: Has the world become any safer? 

Posted by Mark Poole at 12:27 PM in Business, Politics, Security, Technology
Permalink | Comments (0) | TrackBacks (0)

And in news related to my prior post, Homeland Security's Chertoff defends the government's plans to snoop ever more closely on the personal communications of its citizens. He says that increased intelligence gathering and sharing doesn't equal less privacy.

As we have broadened information sharing, we have made sure that there are strict rules in effect...that prevent people from misusing that information or putting it out improperly [...] That's built into the DNA of this and all of our intelligence-sharing capabilities.

That's right... unrestrained and highly secret intelligence gathering programs by their very nature are respectful of citizen privacy. The same government that has accidental data breaches every other day is totally capable of respecting sensitive personal information.

And while we're at it let's throw in a few other nuggets from the Ministry of Truth: War is peace. Freedom is slavery, and ignorance is strength.

Posted by Mark Poole at 3:55 PM in Politics, Privacy, Security
Permalink | Comments (0) | TrackBacks (0)

I'm chuffed — I guess I've now had my five seconds of fame on the real Internet, i.e. somewhere other than this blog.

In the workaday world I'm a security director for an education company that, among other things, delivers IT certification exams. I was recently quoted in InfoWorld's Notes From The Field column on the issue of cheating in certification exams:

A few days after my blurb on the bogus certification site appeared, it was shut down by testing service Pearson VUE. Hotexam and its ilk are related to a Taiwan-based "braindumping" gang, four of whose members were arrested back in 2004, says Mark Poole, VUE security wonk.

Poole says anybody who signs up with one of these "no-study" cert services should have their skulls probed for signs of intelligent life. "Why would you give your personal information and credit card info to a scammer in China?" he asks. "Some people are so stupid it must hurt."

;-p 

Posted by Mark Poole at 4:26 PM in Humor, Personal, Security
Permalink | Comments (0) | TrackBacks (0)