North Korea-The Newest Cyber Threat in Town

Certainly by now, the world has heard about the infamous cyberattack against Sony purportedly carried out by North Korea.  Although numerous denials have been given, the attack appears to have been perpetrated by a despotic regime in retaliation for the simple act of making a satirical movie.  I’ll let the ridiculousness of that statement sink in for a minute.  Now onto the practical matter at hand; how can the world’s most isolated nation pull off such a technologically advanced attack?  To put this in perspective, consider the following.  If you do a web search for “North Korea at night”, you can plainly see the lack of electricity or at least visible lighting as compared to its southern neighbor.  I remember standing on the DMZ looking into North Korea.  The normally wooded area was clear cut by the residents and soldiers not to provide a defensive line of sight, but for a fuel source....because there was nothing else.  Despite these limitations, North Korea actually has a fairly well developed cyber warfare capability. 

According to a 2014 report published by Hewlett-Packard researchers North Korea is seriously committed to the cyber aspect of their national defense.  The hermit kingdom’s Unit 121 is considered to be one of the world’s premier cyber organizations, third in size only behind the United States and Russia.  South Korea estimates this team is comprised of anywhere between 3000 and 6000 staff.  According to the HP report, some of the more notable hacks North Korea has managed to pull off include:

(2004) Gained access to 33 of 80 South Korean military wireless communication networks. 

(2004) Hacked into the US State Department, US Defense Department, and South Korean defense networks during discussions over nuclear missile testing.

(2007)  Tested a logic bomb which led to the UN ban of certain pieces of hardware to North Korea.

(2009)  DarkSeoul DDoS targeted South Korean and U.S. government, media outlets, and financial websites.

(2011) North Korea disrupted South Korean GPS signals, attempted a DDoS attack against Incheon airport and Nonghyup bank.

(2013)  DarkSeoul DDoS attacked South Korean government’s DNS server and South Korean financial institutions. (Osborne, 2014)

The Sony attack however appears to be the metaphorical straw.  Shortly after the hack and Sony’s subsequent decision to pull “The Interview” from release, North Korea’s limited access to the Internet was cut off for approximately 10 hours.  It is unknown whether this was a deliberate cyberattack against the regime or simply technical difficulties with the nation’s four official networks (Robertson & Strohm. 2014).  Researchers point out however that this occurrence is definitely out of the norm.  And while the U.S. State Department won’t comment on the reports, there appears to be no lack of likely actors willing to target the regime.  Anonymous made headlines in 2013 for its #OpNorthKorea campaign which targeted various North Korean websites.  In the end, the Sony hack illustrates the larger issue at hand; the next battlefield will undoubtedly occur in cyberspace.

References

HP Security Research. (2014). Profiling an enigma: The mystery of North Korea’s cyber threat landscape. Retrieved from http://h30499.www3.hp.com/hpeb/attachments/hpeb/off-by-on-software-security-blog/388/2/HPSR%20SecurityBriefing_Episode16_NorthKorea.pdf

Osborne, C. (2014). North Korea cyber warfare capabilities exposed. ZD Net. Retrieved from http://www.zdnet.com/article/north-korea-cyber-warfare-capabilities-exposed/

Robertson, J. & Strohm, C. (2014). North Korean internet access restored after hours long outage. Bloomberg. Retrieved from http://www.bloomberg.com/news/2014-12-22/north-korea-undergoing-internet-outage-network-researcher-says.html

China and the Cybersecurity Myth

In the wake of emerging cyberattacks against the National Oceanic and Atmospheric Administration (NOAA) and the U.S. Postal Service (USPS), China yet again emerges as the prime suspect.  Given this latest round of hacks against the United States, it should come as no surprise then that “the U.S.–China cybersecurity talks at the Asia–Pacific Economic Cooperation (APEC) largely failed” (Inserra, 2014).  The failure could also have something to do with the United States’ indictment of five Chinese PLA military members; which further chilled the relationship between the two super-powers. 

In the most recent hacks, the USPS announced that “800,000 employees had their personal data stolen including names, addresses, and Social Security numbers while the NOAA reported that four websites were compromised, but it is unknown if any data was stolen.”  To further illustrate the situation Robert Anderson, executive assistant director of the Criminal, Cyber, Response, and Services Branch of the FBI told the Senate Homeland Security Committee in September 2014 that “it’s likely that every federal department has been hacked”  (Inserra, 2014).  In the wake of an apparently never-ending cyberattack most likely purported by China, it would seem direct negotiations would be the place to start.  Alas, the U.S. and China made little progress when President Obama and Chinese President Xi Jinping met at APEC this year.  While China emphasized the desire to coordinate on matters of cyberterrorism, the United States was more concerned with “the importance of protecting intellectual property as well as trade secrets, especially against cyber threats” (Bennett, 2014).  Unfortunately, as Assistant Secretary for Policy at the Department of Homeland Security Stewart A. Baker noted, “China has been unapologetic about its activities when confronted by U.S. officials” (Inserra, 2014).  I would take this diplomatic statement one step further to say that the theft of intellectual property, especially property involving defense related materials, is a national strategy for China.  Whether the target is the F-35 stealth fighter (Gertz 2014) or a myriad of other civilian and commercial technologies (Frizell, 2014), the outcome is the same.  China will not stop.  I have long held the belief that in a world where a cyberattack costing thousands can net technologies representing billions, why would any nation stop?

References

Bennett, C. (2014). US, China see little progress on cybersecurity. The Hill. Retrieved from http://thehill.com/policy/cybersecurity/223865-us-china-see-little-progress-on-cybersecurity

Frizell, S. (2014). Here’s what Chinese hackers actually stole from U.S. companies. Time. Retrieved from http://time.com/106319/heres-what-chinese-hackers-actually-stole-from-u-s-companies/

Gertz, B. (2014). Top Gun takeover: Stolen F-35 secrets showing up in China’s stealth fighter. The Washington Times. Retrieved from http://www.washingtontimes.com/news/2014/mar/13/f-35-secrets-now-showing-chinas-stealth-fighter/?page=all

Inserra, D. (2014). Cybersecurity: Time for the U.S. to Stop Negotiating with China and Start Acting. The Daily Signal. Retrieved from http://dailysignal.com/2014/11/24/cybersecurity-time-u-s-stop-negotiating-china-start-acting/

Anonabox and the Growing Demand for Privacy

I have a few colleagues that are aficionados of the crowd-funding site "Kickstarter." Fascinated by the concept for both its ability to fund new technologies as well as from a pure business standpoint, I was intrigued.  So I began looking for a project I could invest in and eventually came across the Anonabox. 

Billed as a “$45 router that would run all a user’s online traffic over the anonymity network Tor,” the project advertised an easy-to-use solution to today’s increasing privacy concerns (Greenberg, 2014).  With a modest funding goal of only $7,500, many were surprised that Anonabox raised over half a million dollars in less than a week.  The project’s founder August Germar seemed to have tapped into a growing desire for discretion in an increasingly prying world.  I took a look at the Kickstarter site and watched the fairly compelling sales video and I was intrigued.  Although I’ve spent 50 bucks on more frivalous purchases, my hesitation in automatically hitting the “back this project” button was the obvious lack of technical specs about the device.  After all Germar claimed the project would be open-sourced, where were the details? 

Apparently, I was not the only potential investor with these questions.  A few days after the project was launched, funders began to unravel Germar’s claims.  What started out as a custom hardware/software solution was eventually determined to be somewhat of  scam.  As it happens the hardware was actually an off-the-shelf Chinese router (roughly $20) and the open-source software was determined to be full of potential security vulnerabilities including a hardcoded root password and default settings.  The project was eventually scrapped with the following explanation provided by Germar:

“In an email to the project’s investors, Kickstarter told backers only that ‘a review of the project uncovered evidence that it broke Kickstarter’s rules.’  Those rules, the email continued, prohibit ‘offering purchased items and claiming to have made them yourself,’ ‘presenting someone else’s work as your own’ and ‘misrepresenting or failing to disclose relevant facts about the project or its creator’ (Greenberg, 2014).

The Anonabox Kickstarter campaign illustrated a number of interesting facts.  With increasingly intrusive governments across the globe, people are craving privacy more than ever.  This desire can even transcend to the dillusional in some cases.  Even after the project was shown to be riddled with inconsistencies, a lot of people still sought to fund the technology.  The one positive take-away from this is that even if you’re not paranoid about your government, securing your web traffic is just plain smart.  Whether you’re shopping online while sitting in a Starbucks or connecting to your hotel’s Wi-Fi while on the road, you should never feel digitally secure.  As the need and demand for this type of security will only increase in the digital future, rest assured more projects like this will arise.

And I’m still on the lookout for my first Kickstarter investment. 

References

Greenberg, A. (2014). Kickstarter Freezes Anonabox Privacy Router Project For Misleading Funders. Wired. Retrieved from http://www.wired.com/2014/10/kickstarter-suspends-anonabox/

Raspberry Pi for the Beginner

In some of my initial posts I talked about the growing movement to teach kids how to program.  As my own children get older I’ve begun considering how to introduce this skillset.  While researching possibilities, I came across the Raspberry Pi.  Small and inexpensive, credit-card sized computers like the Pi provide users with a powerful and versatile platform to tinker and explore.

Although there are a number of microcomputers on the market these days, arguable one of the most well known is the Raspberry Pi.  Created by University of Cambridge’s Eben Upton, the Pi was developed to help individuals (and more specifically kids) to learn about the basics of computing.  “The problem, they found, wasn't the curriculum but the computers themselves, which had become too advanced and too expensive to experiment with. Upton didn't want a computer programmed to work straight out of the box but, instead, a computer begging to be programmed” (Arndt, 2013).  As home PCs became more popular and replaced Amigas and Commodores, the need to understand programming and even basic computer skills was no longer a requirement.

While price is a definite selling point for the Pi, one of the greatest strengths of this device is it’s near limitless flexibility.  The micro-PC can be used for general purpose computing, learning how to program, or as a powerful project platform.  “Whether you just want to watch videos and surf the web, or you want to hack, learn, and make with the board, the Raspberry Pi is a flexible platform for fun, utility and experimentation” (Richardson & Wallace, 2012).  Given this wide array of possible uses, it was difficult to decide where to begin.  In the end I chose to simply hook up the board to a monitor and explore.  

Given the memory limitations inherent to a device of this size, Upton opted for a streamlined Linux distribution to run the system called Raspbian (Raspberry Pi + Debian Linux = Raspbian).  This decision meant the Pi Foundation could keep their prices low while maximizing the hackability of the platform.  It also meant I needed to dust off my Linux knowledge.  Luckily, Raspbian comes with the Lightweight X11 Desktop Environment (LXDE) GUI installed which meant an easy transition back into Linux.

With the system up and running, peripherals recognized and drivers loaded, my next stop was Python.  One of the preloaded features of Raspbian is an entry-level programming language created by Guido van Rossum.  Rossum is a kindred spirit of the Raspberry Pi creators in that he designed Python to be used as a gateway language for kids.  “In 1999, van Rossum put together a widely read proposal called ‘Computer Programming for Everybody’ that laid out a vision for an ambitious program to teach programming in the elementary and secondary grade schools using Python.”  Because Python is an interpreted language, users can write a program or script directly (sans any machine code compiling).  “The Python interpreter can be run in two ways; as an interactive shell to execute individual commands, or as a command line program to execute standalone scripts.  The integrated development environment (IDE) bundled with Python and the Raspberry Pi is called IDLE” (Richardson & Wallace, 2012).  

The other major program included with Raspbian is Scratch.  Developed by the MIT Media Lab’s Lifelong Kindergarten group, Scratch is billed as a “new way of teaching programming to young people.  Programs are constructed from colorful blocks, each of which performs an operation.  The self-contained blocks eliminate the syntax problems that stymie many first timers using text-based programming languages” (Richardson & Wallace, 2012).  This creates an interactive and fun programming environment where young programmers (and the young at heart) can see the effects from coding in real time.

Given the potential of this system I’m looking forward to seeing what my kids can do with it.  With the oldest only being 4, luckily I may have another year or two to learn it myself before they take over.

References

Arndt, R. Z. (2013). The $35 computer. Popular Mechanics. Retrieved from http://www.popularmechanics.com/technology/how-to/tips/35-computer-the-vast-possibilities-of-raspberry-pi-15294806

Richardson, M. & Wallace, S. (2012). Getting started with Raspberry Pi. Maker Media: Sebastopol, CA.

USB Vulnerabilities: Not a New Concept

A couple weeks ago, Las Vegas hosted the annual Black Hat hacker convention.  One of the more publicized presentations that came out of this event was the disclosure that USB devices have security flaws (gasp).  Researchers Karsten Nohl and Jacob Lell from SR Labs hosted a discussion entitled “BadUSB-On accessories that turn evil.”  In the presentation, Nohl and Lell demonstrated “a collection of proof-of-concept malicious software that highlights how the security of USB devices has long been fundamentally broken.”  They accomplished this exploit with a homemade piece of malware which they call BadUSB.  Once installed on a USB device, BadUSB has the ability to “completely take over a PC, invisibly alter files installed from the memory stick, or even redirect the user’s internet traffic” (Greenberg, 2014).  Perhaps the most damaging aspect of this exploit is that the program resides in the firmware of a device not the flash memory storage.  This allows BadUSB to remain virtually undetectable to traditional antivirus programs.  Nohl and Lell were able to accomplish this feat over the course of a couple months by reverse engineering USB device firmware.  Using this technique, the SR Lab researchers were able to affect a proof of concept attack which could be applied to any number of devices from USB drives to mice and keyboards. Nohl and Lell have personally carried out this attack on USB memory sticks and an Android handset.  BadUSB has the potential to allow an attacker to replace software, impersonate a USB keyboard, change a computer’s DNS settings, or even act as a covert listening device.

Interestingly enough, firmware attacks against USB devices is not a new concept.  Sean Kalinich (2014) from the website Decrypted Tech mused about the lack of memory in the technical press.  In 2009 an exploit was discovered which infected the firmware of Mac keyboards and in 2011, Mac Hacker Charlie Miller carried out a similar attack against Macintosh batteries.  Miller’s attack, which was carried out through the firmware update process, could actually physically damage a Mac by maliciously altering a computer's charging system.  Given Kalinich’s comments about the lifespan of the tech industry I decided to do a little more research and found an even earlier example of firmware attacks from Black Hat 2005.  At this earlier convention, Darrin Barrall and David Dewey from SPI Dynamics gave a demo entitled “Plug and Root, the USB key to the kingdom.”  Ten years ago Barrall and Dewey illustrated the dangers of hardware Trojans by re-flashing USB devices.  

Although this concept isn’t new, the one constant that has existed since 2005 is the threat this exploit represents and the challenge to defend against it.  When editors from Wired contacted the USB Implementers Forum about this vulnerability, a spokesperson for the organization told the magazine that “consumers should always ensure their devices are from a trusted source and that only trusted sources interact with their devices” (Greenberg, 2014).  Given the lack of a more permanent fix, this short-term solution seems to be the most popular consensus.  Rather than hardening firmware or hardware, the easiest solution is a fundamental shift in how USB devices are employed.  Individuals and organizations alike must change their mindset to increase awareness of the dangers malware like BadUSB represents.  USB drives that touch an untrusted computer should never be plugged back into a trusted one.  Similarly, system administrators must enforce stricter USB policies to eliminate the use of outside peripherals on their networks.  Perhaps the most disturbing part of this entire story is the realization that this exploit may have been a flaw exploited by the NSA and other international spy agencies.  University of Pennsylvania computer science professor Matt Blaze theorized this after reading information disclosed in the Edward Snowden Leaks.  An internal document from the NSA details a device known as Cottonmouth, which hid inside a USB peripheral plug and surreptitiously installed malware on a target’s machine (Greenberg, 2014). 

Sound familiar?

References

Barrall, D. and Dewey, D. (2005). “Plug and Root,” the USB key to the kingdom. 2005 Black Hat. Retrieved from https://www.blackhat.com/presentations/bh-usa-05/BH_US_05-Barrall-Dewey.pdf

Greenberg, A. (2014). Why the security of USB is fundamentally broken.  Wired.  Retrieved from http://www.wired.com/2014/07/usb-security/

Kalinich, S. (2014). BadUSB not really all that new, but still very bad indeed.  Decrypted Tech. Retrieved from http://www.decryptedtech.com/news/badusb-exploit-not-really-all-that-new-but-still-very-bad-indeed

The Rise of Encryption

Disclosures from Edward Snowden about NSA surveillance has had an interesting yet perhaps unsurprising consequence on the world of technology.  As the general public learns increasingly more about the capabilities of the US intelligence community, individuals from all walks of life have begun seeking methods to safeguard their online privacy.  And while the government would argue that only those with something to hide should be concerned, this has not stemmed the tide of encryption for everyone. 

When Edward Snowden attempted to set up an encrypted communication channel with journalist Glenn Greenwald, not even a 12-minute tutorial video that Snowden made helped Greenwald understand how to use PGP.   To help overcome the steep learning curve associated with cryptogrpahy,  Nadim Kobeissi  has developed an encryption program called miniLock which will be released later this year in beta version at the HOPE hacker conference in New York.  The program has been designed as “a free and open-source browser plugin designed to let even Luddites encrypt and decrypt files with practically uncrackable cryptographic protection in seconds” (Greenberg, 2014).  Utilizing public-key encryption, miniLock can be used to encrypt a variety of files from pictures on a thumb drive to documents uploaded to Dropbox or Google Drive.  According to Kobeissi, the usual complexity of employing public and private encryption keys has been simplified to provide a user-friendly privacy solution.  A more technical explanation of the cryptography behind this software is being saved for the beta release at the HOPE conference later this month. 

In addition to providing law-abiding citizens with a privacy tool, the development of miniLock and programs like it has also lead to an increase in the number of nefarious uses.  According to an annual report released by the US court system this year, the number of criminals employing encryption has steadily increased throughout the last ten years (Greenberg, 2014).

Even though the use of encryption by criminals represents a very small number (0.25%), the more interesting statistic is that law enforcement was defeated by strong encryption 9 times in 2013.  This represents over a 100% increase since 2012 (4 times) and before 2012, the number was 0 (Greenberg, 2014). 

So what’s a law enforcement or intelligence agency supposed to do?  In a recent UK case, a computer science student named Christopher Wilson was jailed for six months for failing to disclose his encryption passwords to authorities (Leyden, 2014).  As a security professional, I can see both sides of the argument.  If no other evidence exists implicating an individual in a crime should they be compelled to give up their digital privacy?  And on the flipside of that coin, just how many more criminal cases will be stymied in 2014 by increasingly easy to use yet secure encryption solutions? 

References

Greenberg, A. (2014). Rising use of encryption foiled the cops a record 9 times in 2013. Wired. Retrieved from http://www.wired.com/2014/07/rising-use-of-encryption-foiled-the-cops-a-record-9-times-in-2013/

Greenberg, A. (2014). The ultra-simple app that lets anyone encrypt anything. Wired. Retrieved from http://www.wired.com/2014/07/minilock-simple-encryption/

Leyden, J. (2014). Computing student jailed after failing to land over crypto keys. The Register. Retrieved from http://www.theregister.co.uk/2014/07/08/christopher_wilson_students_refusal

_to_give_up_crypto_keys_jail_sentence_ripa/

Telecommunications Security

Apparently the FCC’s ongoing battle with the telecommunications industry over cybersecurity is well, ongoing.  I read an article this week that discussed the agency’s never-ending battle to convince private telecommunications firms to do something (or rather anything) about improving their overall technical security posture.  FCC Chairman Tom Wheeler gave a speech at the American Enterprise Institute last week in which he discussed the ongoing challenge (and I’m paraphrasing here) to incentivize private companies to step up and enact some form of cyberdefense for their networks.  I say “some form” only half-jokingly because one of the key points of Wheeler’s speech is that “90% of the recent security breaches could have been thwarted with the implementation of basic or intermediate security measures” (Sandoval, 2014).  This shocking fact gave me déjà vu from a report I helped author last year for the capstone course of my Cybersecurity Masters Degree.  Coincidentally, my final project involved assessing how various aspects of industry and security affected a fictitious telecommunications firm named Avisitel.  My portion of this project (see excerpt below) revolved around how the nature of telecommunications competition in the United States has created a perfect storm of inactivity which surprisingly has not lead to a catastrophic attack on one of our most critical infrastructure components.

Nature of Competition

On the surface, the telecommunications industry in the United States is a varied mix of technologies and providers.  In 2012, the United States Telecom Association (US Telecom) identified 1,662 separate firms (US Telecom, 2013).  These companies provide the gamut of technologies with the vast majority offering digital subscriber line (DSL) and/or fixed wireless services. Avisitel falls into this category offering mobile and landline telephone services as well as broadband cable.  In addition, according to data provided by the National Telecommunications and Information Administration (NTIA), 95.4 percent of America’s population has access to at least three wireless carriers and 88 percent were presented with at least two wired broadband options (US Telecom, 2013).  Although these statistics lend credence to the theory that the telecommunications industry is a highly competitive field, many critics disagree. 

Susan Crawford, professor at the Benjamin N. Cardozo School of Law in New York argues that America’s telecommunications infrastructure has been taken over by monopolists (Carr, 2013).  This in turn has led to a situation characterized by limited oversight, underdeveloped innovation and widespread consumer fleecing.  Crawford explains that four main companies control the majority of wired and wireless telecom services in the United States.  In markets covering approximately 50 million Americans, Comcast and Time Warner have complete control over broadband while Verizon and AT&T own 64 percent of all wireless services.  This in effect creates a broadband duopoly between telephone companies and cable TV providers (Hazlett & Weisman, 2011).   Although the 1996 Telecommunications Act was designed to foster increased competition in this industry, Crawford argues this law instead allowed telecom firms “…to simply divide markets and merge their way to monopoly” (Carr, 2013).  Now or in the very near future, this market environment will mean that the majority of Americans in metropolitan areas will only have access to a single provider of high speed data (Crawford, 2011). 

The nature of this competition has become problematic for the federal government in attempting to implement a national cybersecurity strategy.  Although US Telecom recognizes the increasingly important role the telecommunications sector represents to the American infrastructure, this has not stopped the industry from pushing back against cybersecurity initiatives.  The telecom association and other industry representatives failed to ratify a list of cybersecurity suggestions put forth by the Federal Communications Commission (FCC) (Yadron, 2013).  Officials argue that generic cybersecurity guidelines cannot be applied to their complex industry.  Moreover, the FCC’s advisory panel insinuates that government mandated reform of the private sector makes firms nervous.  Unobstructed by competition and benefiting from an economy of scale, telecom firms like Avisitel do not have the same oversight as companies in other industries.  As a result, successful implementation of current cybersecurity standards has solely been a voluntary effort.

References

Carr, D. (2013). Telecom’s big players hold back the future. The New York Times. Retrieved

from http://www.nytimes.com/2013/05/20/business/media/telecoms-big-players-hold-back-the-future.html?pagewanted=all&_r=0

Crawford, S. P. (2011). The Communications Crisis in America. Harvard Law & Policy

Review, 5(2), 245-263. Retrieved from http://www.acslaw.org/publications/harvard-law-

and-policy-review

Hazlett, T., & Weisman, D. (2011). Market Power in US Broadband Services. Review Of

Industrial Organization, 38(2), 151-171. doi:10.1007/s11151-011-9289-5

Sandoval, L. (2014). FCC: Companies must step up to improve cybersecurity or else. Tech Times. Retrieved from http://www.techtimes.com/articles/8460/20140616/fcc-companies-must-step-up-to-improve-cyber-security-or-else.htm

US Telecom. (2013). Broadband industry stats. Retrieved from http://www.ustelecom.org

/broadband-industry/broadband-industry-stats

Yadron, D. (2013). Internet providers persuade FCC panel against cybersecurity

recommendations. The Wall Street Journal. Retrieved from http://online.wsj.com/news/articles/SB10001424127887323639604578368722811930666

FOSE

Last week in DC was FOSE, the annual government technology conference that covers a broad range of topics from cloud computing and cybersecurity to emerging technologies.  Held jointly with GovSec, these two events prove to be a wealth of information for anyone in the IT industry.  Held over three days usually at the Washington Convention Center, the conferences represent a great (and mostly free) opportunity to listen to IT leaders in both government and commercial sectors.  In addition to the lectures, I always try to attend if for nothing else to preview new technologies.  GovSec represents a forum where vendors often release their latest physical and technical security solutions.

The opening speaker for the conference was Thomas Donilon, former National Security Advisor for President Obama.  Donilon’s keynote address was aptly titled America’s Foreign, Defense, and Cyber Policy: An Insider’s Perspective.  Although this subject represents a suitable topic at any point in our current events, it was especially timely given just one week later the U.S. Justice Department indicted five members of the Chinese military for hacking (CNN, 2014).  The targets included American companies Alcoa, Westinghouse and U.S. Steel Corps just to name a few.  This incident is momentous in that for the first time, the United States is almost directly accusing the Chinese government of engaging in cyberespionage.  I say “almost” because given the sensitive geopolitical ramifications of this accusation, the Justice Department stopped short of indicting the entire Chinese military or government and instead singled out five individuals working for the Peoples Liberation Army (PLA).  So where does this leave the United States?  Unsurprisingly, the indictment appears to have had limited effect thus far.  True to form, the Chinese government vehemently denies the claims and characterizes the charges as “extremely absurd.”  It’s unclear what the Justice Department hoped to accomplish with this maneuver.  After all, it was only a year ago that Mandiant released their report on APT 1, in which they were able to identify a Chinese military unit in China responsible for similar cyberattacks against U.S. commercial and government entities.  Just like the most recent incident, China also denied their involvement and similarly nothing happened.

References

Fantz, A. (2014). Chinese hackers infiltrated U.S. companies, attorney general says. CNN.

Retrieved from http://www.cnn.com/2014/05/19/justice/china-hacking-charges/

Programming Not For Everyone?

As a follow-up to my last blog post, I came across a dissenting opinion on the programming push.  In addition to the technology and Hollywood elite lending their voices to this topic, evidently politicians got in on it as well.  In an unusual show of bipartisanship, both President Obama (Democrat) and House Majority Leader Eric Cantor (Republican) released statements demonstrating their support for the idea that everyone should learn how to code.  With even more heavyweights backing this concept, it is hard to imagine any opposition to the idea of programming skills for all.  An interesting voice of dissention comes from Jeff Atwood, a computer programmer of all things (NPR, 2014).  Atwood began creating computer games in the 80’s at the impressive age of 12.  He compares the recent push for programming education to wanting everyone to become auto mechanics.  Should every driver possess a basic knowledge of their automobile?  Absolutely.  Does everyone need to rebuild an engine?  Probably not. 

If I understand Atwood’s opposition it’s that like any difficult or involved proficiency, programming is a perishable skill.  We already require students to learn a plethora of topics in school from reading and writing to increasingly progressive fields of math.  Like working on your car, everyone should have a basic understanding of computing, but perhaps not everyone needs to learn how to code.  Atwood does acknowledge that should a student demonstrate an interest for this arena, more and more resources are developed every day to help further one’s coding skills.  Combining these two viewpoints, I would argue that every student should be exposed to the basics of programming at an early age.  Much like language and musical abilities, I would venture a guess that developing a coding aptitude is easier at a younger age.  To further illustrate this point I recently heard about a 5 year old who managed to hack into his Dad’s Xbox Live account (Seppala, 2014).  Barely older than a toddler, the kid discovered a previously unknown vulnerability in Microsoft’s gaming platform.

Hacking at 5, programming at 12…I’m feeling old.

References

NPR Staff. (2014). Computers are the future, but does everyone need to code? NPR. Retrieved from http://www.npr.org/blogs/alltechconsidered/2014/01/25/266162832/computers-are-the-future-but-does-everyone-need-to-code

Seppala, T. J. (2014). Watch a 5-year-old spam the spacebar to access his dad's Xbox Live account. Engadget. Retrieved from http://www.engadget.com/2014/04/04/xbox-live-five-year-old-hacker/?utm_source=Feed_Classic_Full&utm_medium=feed&utm_campaign=Engadget&?ncid=rss_full

Learning to Code

The last few years I have noticed more and more public and private organizations starting STEM (Science, Technology, Engineering, and Mathematics) initiatives.  Similarly, the push for kids to learn programming languages and coding seems to have significantly increased.  Since I had kids a few years ago, these subjects have been in my periphery when it comes to skills I would like my children to adopt.  Personally, I have enjoyed the bit of coding I dabbled with (JavaScript and HTML).  Due to numerous excuses though, I have never followed through with any lengthy commitment to learning how to code.

I remembered last year seeing an ad campaign for a nonprofit organization called Code.org.  Founded by brothers Hadi and Ali Partovi, Code.org was started with the goal of making computer science and programming accessible to everyone. To launch this initiative, Code.org posted a video in February 2013 entitled “What Most Schools Don't Teach.”

 

The Partovi brothers began their organization with the aim of cultivating computer science in the U.S. school curricula.  Code.org claims that computer-programming jobs are growing at twice the U.S. national average while less than 2.4% of college students graduate with degrees in computer science. The five minute video which features such technology heavyweights as Bill Gates and Mark Zuckerberg makes a compelling argument that if kids in the modern era should learn only one skill, coding should be it.  I like the message and would like to inspire my kids to try this endeavor once they are a little older.  To expand my own personal and professional horizons and hopefully motivate my children I have decided to pick up coding yet again.

This realization led me to conduct a fair bit of research on how to approach this goal.  The last few years have seen a fascinating transformation of online educational opportunities.  A number of companies have begun offering Massive Online Open Courses (MOOC).  Websites like Udacity and Coursera advertise classes from some of the most prestigious universities around the world.  My research eventually led me to a Popular Mechanic’s article entitled “Hacking Your Education” (Chris Raymond, 2013).  In the article, Raymond presents a graduate from Canada’s University of Manitoba named Scott Young.  After earning his business degree, Young wanted to add computer science to his arsenal of skills.  Not wanting to pay for another degree however, Young instead used free online materials from MIT’s Open Courseware system.  Over the course of a year he was able to roughly duplicate a bachelor’s degree in computer science from MIT while only spending approximately $2,000 (mostly for books).  Looking at the website, the college appears to have put online a bounty of videotaped lectures, course notes, and reading materials entirely free of charge. 

I decided this is where I will begin my journey.  More to follow…