Tag: CV

Inventions, should we even try?

Inventions, should we even try?

Inventions, should we even try?

inventions-ipad-660

It has been said that necessity is the mother of invention.  Having been down that road so many times in my life, I would have to say that is one of the truest statements ever said.

The problem with this is that the system is rigged against you (the inventor.)

Back during the days of VCR’s I was one of those that went to school to learn how they worked, and how to repair them.  Back in the day they were $1,200 for the cheapest, and it went up from there.

download (39)

End of tape sensors back in the early day were accomplished with visible light. Tape makers would have some clear leader spliced on to the tape so when light was visible the machine would know to stop, “whatever function it was doing.”

Later in the years infrared light was used instead of visible, which made troubleshooting much more difficult.  As the light was 950nm instead of the 850nm currently used in night vision cameras, there was not even the slight red glow.

950nm led
As seen through a CCD camera sensitive to 950nm light

m2CXJ_tx1KhmWQwO-Sgcv5w
850nm infrared LED visible glow to naked eye

Infrared light as soon through camera with no IR CUT function
Infrared light as soon through camera with no IR CUT function
I devised a portable infrared detector.  When the test button was pushed with the sensor in the path of the infrared light a green LED would illuminate thus telling me that the emitter was not the issue.  If no light was visible a red LED would illuminate thus telling me to check the voltages on the emitter “which was a job” and if present, replace the emitter, which was also a job as it was soldered in unlike the bulb which was plugged in.

vcrshrp

This was also handy for testing remote controls as they too were using, and still do use 950nm infrared LED’s so you would get a pulsing green LED if the batteries and or remote was functioning.

In short, this was the “cat’s ass” and it was my invention.

So, now that it was built I needed to downsize it into a more portable device, like a pen.

I started the process of downsizing the electronics and was trying to figure out how to get a “housing” created for it when a family member came to visit who is “was” handy and knew certain things that I did not.

Long story short I called it the B.I.R.D.  Battery operated Infrared Detector.

Before my “family member came for a visit” I wrote a letter to Sencor, which was a test instrument maker in the day.  I did not divulge anything of my idea other than I had one and a working prototype that I would like to discuss with them.

The response went something like this:

Dear Mr. Taylor,

I work in the mail room and it is my job to look for and intercept letters like this and send them back to the sender. 

We hire the brightest and best here at Sencor and therefor do not need input from the public as we have the best.  If it is a new device that is needed, our engineers will think of it and create it and we will market it. If we don’t create it, it is not needed.  “Damn what hubris!”

Thank you for your time, good day!

It was about this time my “family member came” and I shared my frustration with him.  He was very interested and sympathetic.  Looked over my invention as well as the schematics etc. and told me he knew some folks and would get back with me.

Of course you know the rest of the story without me typing it but….

Two months to the date of his visit in the back of one of my electronic magazines that I took, was the BIRD complete in a pen enclosure with my wording verbatim!

This family member came into copious amounts of money, and never spoke to me about the invention.  Because I could not prove what happened, I did nothing but learned, never share any more inventions with even family as when money is concerned; blood means nothing. 

Some of my ideas over the years were too grandiose for me to create a prototype of, and some are as simple as the following:

I am a technician by trade, but an engineer at heart.  While working at many companies in my life, I have re-engineered their inventions. Many of those modifications have been incorporated into their products making them better.  Working for them however; you get your paycheck, and maybe a pat on the back, and maybe a $200 American Express Check thank you check!  Don’t spend it all at one place….

Dyson Vacuums’ is another company that I contacted because their product lacks in certain design areas, and I really thought that they could benefit from my ideas.  I am a nice guy, had they treated me with any respect I might have given them the damned ideas.

I wrote them a letter regarding some ideas I had for their product and not unlike the letter from Sencor, they too were rather insulting with their response.  They too hire the brightest and best and they certainly don’t need the input from someone who actually bought one and uses it!  Yes, they were about that truculent.

While I will not give the ideas for free, if at all, I would tell them that they should have their engineers and or technicians actually use their vacuums, and pay attention to all of the ways that it works.  I don’t mean throw some dust on the floor and suck it up, they all do that, actually take the damned thing home and use it!  I think I know the secret to why their product “sucks so well,” It starts with management…

The simple fact is that I have several ideas which some I can create myself, and some like the BIRD, I need others to add to the collective, to make it the best.

The problems with inventing are many and they start with “protecting your idea.”  You can see that if a family member that you trust will screw you and then pretend that they don’t know you when the money comes in, what would others do?

A couple of years ago I wrote Apple because they needed to re-design their app so one could re-design the app layout on your phone through the Itunes app on your computer.  I wrote them a nice long letter telling them what I needed, why, how it would benefit their customers and ask them to do it. Three months to the date it was done.  Do you think I even got a thank you from them?  Some employee at apple I am certain read the letter and said, wow, what a great idea and submitted it from him or herself.

I needed it done so it was the most expedient way to get it done. I have written them since on this blog with ideas because let’s face it, they hire the brightest and best and don’t need you or I telling them anything…..  Did I mention that I actually met Steve Jobs years ago when I was working on NEXT computers, I wonder if he was British at heart?

Now, let’s revisit the BIRD and let’s say, I wanted to protect the idea.

You go downtown wherever and find a patent attorney, have them sign a non-disclosure so you can talk with him or her and then basically tell them what you are up to.

They either listen intently or they pretend to listen waiting to see if you can fork over a check to retain them.  Back when I first checked on this for an idea I had for a security device for all of the world’s airports and government buildings, this is the way it went down.

“I will need a check for $10,000 to start the process.”  For any country that you want it protected in other than the US; that is another $3,000. For arguments sake that is 196 countries. So for another $588,000 we stand a pretty good chance of protecting your idea but, we have to catch them stealing your idea and then we have to take them to court and with luck before they saturate the place with a knock off of your idea, maybe we can get the courts to get an injunction and stop them from creating any more widgets (in that country) while they drag it through the courts for years all the while selling the widgets that they have already created or are having created in other countries that you have not caught them doing so yet.  You might be able to do your own patent search these days but I would suspect that the attorney will have to do it officially via some flunky intern and charge you as if they personally did it.

Now, maybe you have some appreciation why I have been known to give ideas away, just to get the damned thing out there as the world needs it.  I have actually tweeted ideas to the whole Effing world just to get the thing done!

Much like the artist that creates a masterpiece does not get the accolades or the dollars that it is worth, I think the same is true of the inventors.  Someone somewhere at some time in the future may benefit from it, but not you, so the question that has to be asked, why?

Farnsworth was screwed by RCA on the Television / video camera and while he had an ok life, RCA got the patent and profited through licensing such inventions.  Tesla was a genius but had no business acumen; he too was screwed by the greedy bastards of the world including Edison, and died poor and somewhat nuts!

Philo Farnsworth
Farnsworth the guy who invented TV

TeslaPortrait
This out of the box thinker is a personal hero of mine…
I hesitate to even mention the vultures that want you to buy their easy patent guide.  The simple facts are that a lot of inventions go nowhere.  Some might end up on those late night commercials with “but wait” as the tag line but, some people just need to be told the truth.  The folks that will take your money to “help you” are in business to “take your money.”  Much like the companies that are in business for those that want to write a book.  No publisher will touch them “because they suck, or are too much of a risk, or an unknown,” so people spend thousands to self-publish!  Some actually promote their books through enough different outlets to break even; but not really.  They have failed to include their time and efforts into selling the 500 copies that they had to buy in the first place.  The simple facts are inventors, artist and authors are seldom objective when it comes to their project.  Much like a mother with the ugliest hair covered baby you ever saw.. She will think how great the baby looks, and the husband and family will cringe and say oh yes, that is the best looking one around.   (PS one of the few times it is OK to lie, not only OK but advised! another is “does this dress make me look fat!?  Oh Hell No! )

Am I telling you all this to quash your dreams?  Hell no!  I am telling you this to give you the reader, a dose of reality,the naked truth! 

Guess what, this is at no charge!

If you truly want to write there are some great books at Barns and Nobles that walk you through the process.  Bottom line, start with short stories and submit them to magazines.  After you get paid your $500 per story, and get published a dozen times or so; on your cover page of your manuscript you simply say published in …….

If you get that far by all means purchase the book and follow all of the guidelines including how the manuscript should look. Different publishers have different ideas of how the manuscript should look and how it should be submitted so do your research and edit edit edit…..

Does that guarantee you will get published, shit no.  What it does; if the person who opens your manuscript sees “published in and the format looks acceptable…. they might read more than the cover page.   Much like writing a good resume or CV, you got about 15 seconds to grab their attention and that includes the time it takes to get it out of the envelope!

-Best

© All rights Reserved 2015

www.timedok.com

www.guard-protect.com

Advertisements

Security

Happy Friday!

Today I want to talk about security.  With the recent events involving our President, along with major companies data base’s of credit card holders being hacked, it seemed timely.

Companies either focus on cyber-security, physical security or both or neither.  I realize that this statement seems ambiguous but, the simple facts are that few companies think about hiring a Security Officer, much less installing the systems to make certain that their physical plant is secure; not to mention their Data infrastructure. A security Officer is well rounded and incorporates all facets of security into their repertoire.

Part of a Disaster Recovery plan is an audit of security measures taken.

Thanks to recent hacks by various outside entities, companies are becoming more in tune with things like passwords that change, that the user sets, as well as administrative passwords that also are forced to change and be “strong in nature.”

Instead of vilifying some of my clients practices which; many would find audacious, some entertaining, and some down right stupid; allow me to pontificate about “security in a nutshell.”

Let’s start with the employee.

All employees (present and future) should have a background check completed.  Are they who they say that they are and do they have any criminal history?  What is their credit score and, can they pass a “drug test” now and at some future date?

What someone writes on their resume is not a legal document therefore; you must necessarily have them fill out an application for employment which “is a legal document.”  You can buy these at Office Depot, so there is really no excuse not to do this.

The resume is an instrument to get a person in the door for an interview, not to hire them by. What one writes on the application are grounds for termination, if fabricated.  I can write that I am King of the Emirates on my CV, if that gets me in the door, so be it.  Once I write that on an application, I have committed fraud..  Some would argue that the CV should me more sacrosanct than it is.  That would be nice but the truth is, that few do.

There is a complete art regarding your CV and making it stand out among others.  Like English 101, it is subjective, research the company to whom you are sending it to.  That is why one must have several different resumes.  I will not belabor that point or this subject here, suffice it so say, if it gets me past the first cut that is all that I care about.   Until you are sitting in front of a person who gets to know you personally and uniquely from the masses, your resume is one of tens of thousands languishing in a sea of anonymity.

Once your HR department is satisfied that this person is a viable candidate for the job at hand; then and only then, should the hiring manager start the interview process.

Q. What difference does it make if the person has a less than stellar history?

A.  If they have a track record for making bad decisions, there is nothing to stop them from doing so again. Once you hire them, they represent you and or your company.

Q.  What difference does it make regarding their credit score?

A.   If they have a lousy credit score that simply means that once again they have a higher probability of making poor decisions and even more germane, might be someone who has character issues.

One company I know of ran reports of how many coffee creamers, sugar and toilette paper their individual branches went through. They tied that data together with the branches that had “shorts.” (Shorts meaning the cash drawer did not balance, was missing money.)  The interesting thing was that the branches that used more supplies, had more shorts thus; the criminal element was behind the counter.

Q. Piss Quiz? What does a little pot, or drinking, have to do with a person being a good and faithful employee?

A. Once again we are looking at character traits. If a person plays loose with the rules, they too will have a proclivity to play loose with your rules. Good behavior should be rewarded. If someone plays by the rules, they should be first up for the job.

Q. What about pre-employment test?

A. Having total empathy for those of us who suffer from test anxiety, I am more interested in a person’s history and track record. The EU is really big on all sorts of pre-employment test to get the “brightest and best” however; as a hiring manager for most of my adult life, I am here to tell you that test are not the end all be all. If HR does their part, I trust that I can weed out the rest.  While a test may give you some idea of a person’s character, remember that if they are nervous or not feeling well that particular day, the results will be skewed. You may in fact be overlooking a diamond.  Get to know the person.

Once a long time ago I interviewed with Microsoft.  As it happened I was suffering from bronchitis, had not slept well but; I would have still gone to work as I could function so why not go on the interview.  There were several parts of the process including test of different parts.  Did I know the materiel?  In truth I was over qualified for the job in so many ways but I thought that working for Microsoft would be a good thing so I went through with the interview.  The last part of the interview some very attractive young lady brought me into an office and ask me “Why was a pothole cover round?”  In the haze of DayQuil and the anxiety of the entire process, the question threw me.  I chucked at her and looked at her like I was waiting for the real question like “what are the different layers of the OSI model and how are they relevant to data communications?”  That question I could have handled and was expecting; not why is a pothole cover round.

After a short period of silence which seemed like an eternity I realized that she was quite serious. “I had never thought about before.” i said, “I suppose that it might have something to do with the fact that if it were any other geometric shape, it could fall in.”

That answer was met with a dis-approving  look, which again threw me; as I could not think of any other reason why.

She then started asking me another question about a farmer, and a boat, and grain, and chickens, and a fox, and a river..

At this point in the process I ended the interview.  I was not feeling well and this to me seemed like games that one might play with someone who had never worked in the industry before; not someone who had the years doing this that I had.

My next job was that of an IT Director (instead of working at Microsoft) , where I would be the one in charge of purchasing tens of thousands of dollars at at time of software from “Microsoft.”   Microsoft has a tendency to hire a lot of young pretty girls to do their bidding, much like the drug industry does to push their pharmaceuticals  to doctors.  It is good to be a customer.

Physical Security

Physical security should be well thought out. I know of some companies that think this is too-expensive or don’t want to invest in this.  They have a key pad entry that they change once a quarter or so, if they think about it.  I have seen others who simply use a lock and key and they don’t even change them out when they have employee turnover.

Q. What should my building security look like?

A. Depending upon your business, let’s take a typical office environment.

The reception area has your normal door locks for after hours as well as video surveillance. Today we have technology that allows surveillance to be somewhat obscure but not so much so that the people who come into the lobby don’t notice it.  Today’s casinos for instance have tons of cameras and you know that if you scratch yourself someone somewhere watched you do it.  My point is that they are barely noticeable.  They are there and you know that they are there but you quickly might forget.  Your lobby should not be intimidating because your customers come through there too however; it should be obvious that you have security.

Each entrance to areas past the reception area should be hard keyed with electronic pass devices that respond to individual key cards.  Piggy backing of employees traversing these doors should be discouraged however; video surveillance of these doors from both the inside and outside will allow you to track employee movement should the need arise.

Electronic time clocks which use RFID or even bio metrics are not only good for payroll but, once again a good way to track employee movement.  Again the clock(s) should have video cameras in them and pointed at them so there is no way someone could be clocking in someone other than themselves.  The more secure the area is, the more visible you should make your security.

Depending upon your organization doors, controlling access to certain areas aka HR, development, data center etc should be keyed to allow only people with a need for entrance to that area.  Again these doors are also under video surveillance from both the inside and outside.

Employee cards should have a picture of the employee on them and should be visible at all times when the employee is on campus.

With unique employee key cards and programmed entrance to the areas that each unique employee will need, the only changes to the system will be when that employee leaves and it only has to change with that one person.

Not only does this give your physical building / plant a security that this day and time calls for but, it allows you to track your employees movements if the need arises.

Q. Why would I need to track an employee?

A. Lets say you have an area of production that is suffering and you don’t know why. What if you pulled a report and found that your manager of that area was spending a lot of time in places other than where he or she should be? This actually happened at one of my clients. They had several thefts one night and found that by tracking the people that came and went and correlating those times with security footage were able to actually see the person perpetrating the crime.   This person spent some time behind bars and the company was quickly able to remove undesirable elements from their work staff.

Q: Is there any other physical security measures that I should look at?

A:  Glass breakage detectors, motion detectors, smoke and gas detectors and I like to add water detection equipment.  The later inclusion would have come in handy a couple of times in my career.  We were in the middle of a remodel and one of the plumbers forgot to solder a fitting.  They turned on the water and it held pressure so they left.  Sometime over the weekend the fitting let loose and the entire building was flooded.  Water detection sensors would have kept the damage to a minimum instead of flooding an entire high rise.  Since most fire suppression system are water, this too would let you know if something failed with that system.

Note: there are several different fire suppression system and water is good for general purpose however; a data center needs a little more thought.

How about your computer systems?  While the above is an abbreviated look at employee and physical security, what about your data?

  • Passwords that change
  • Cable infrastructure
  • Admin passwords that change and are strong
  • Firewalls with the appropriate updates and configurations
  • SNMP manageable devices that are updated and set to user specific user name and passwords
  • Physical cable plant that is locked down to only allow access from expected devices.
  • WiFi that is locked down
  • VLANS segregating departments and traffic
  • Servers with specific access to files and or data needed by departments and or users.
  • S.A.M.  (Software Asset Management) in place and kept up to date
  • VPN encrypted access with security token
  • All outside connections to the network identified and locked down.
  • Roaming profiles up dated and checked for security
  • No remote control software on company computers either remote or host.
  • Admin access to user computer restricted or not at all.
  • Thumb drives and laptops encrypted.

You would be shocked if I told you how many times I find loose if not non-existent password policies.  It is almost as if they are begging for industrial espionage or begging  some disgruntled employee to have their way with them.

Much like having a PC without a locking screensaver is down right idiocy; these folks beg to be burned.

User passwords must change every 90 days at max and should be strong, meaning special characters, numbers and so forth.  One company that I know of keeps a spreadsheet of everyone’s assigned password that never changes. That keeps the sys-admin from re-setting passwords but opens the company up to so many security violations it is unbelievable.  This practice is in direct violation of policies set forth for publicly traded companies, and those that follow ISO standards. 

Admin or super user passwords should also change on no particular date but often, more often than every 90 days but with no predictability.  There might be some inventive programmer who could write an app that would randomly go off and invoke a password change for administrators and not let you continue on until you have done so.

Another ambiguity with our illustrious data folk is a lack of documentation with their data plant.  Why is that important?

In the server room that contains the switches should be a map.  This map should contain a map of each floor and the data drops.  Not only should these drops be labeled as such they should be secured.  How do you secure a data drop and why?

Let’s start with the Why?  If I were a bad guy I might come in disguised as a janitor.   I would have a small laptop and that would have on it some software to sleuth your network with my goal being to get into your servers.  The first thing that I would do is find a data port that had nothing in it and plug right in “assuming that there was no wifi that I could get into.”

Now if you do your cable management correctly, that vacant port that I just plugged into is not hooked up via the patch panel.  That forces me to go unplug a computer or printer and try it there as that is an active device so it is cabled..  In our switch we can have it only talk to the device if it is the MAC address that it is programmed to expect.  The idea is to make it is difficult as possible for the would-be intruder to gain access to your data.

In most shops, we have no idea what drops are live, and where they are or what they are, much less what is plugged into them.

With VLAN’s we offer yet another layer of security in that if this guy plugs into some port that the secretary uses, he will not be able to get access to the engineers VLAN.

Many times I see networks where more ports were needed so a switch was just thrown into the drop, problem solved.  This is poor on many levels.  Anyone with any networking sense knows better but yet I see it every day.  You take a multi-thousand dollar cable plant and install a $30 switch screwing up collision rates, security, traffic throughput and so forth rather than do it right.

Jumping down the list to S.A.M.  While most things on this list are common sense S.A.M. might not be that intuitive.

Q. Why do I need to keep up with what is on each and every computer and how does that relate to security?

A. Really good question. In running an audit of all software on all computers within an organization you will quickly find that your organization has a lot of software that the business owner is responsible for. If some disgruntled employee calls the Business Software Alliance http://www.bsa.org/ and reports that you are using pirated software; it then becomes your responsibility to prove otherwise.

  • Can you show proof of purchase for all software within your organization?
  • Can you show the license keys for that software, if so, prove it to yourself.
  • Do you know what each and every executable is on each and every desktop?
  • Do you have software on computers that is not being used?

The long and the short of this exercise is that I do an inventory of software on PC’s as part of a DR.  While this is a painful exhaustive process, it is important because you have to know what you have, if you want to re-create it in the case of a disaster.

I always find software that the company was unaware of.

I most always find Trojans, viruses, games and more importantly, I find remote control software.

While this is a real good reason why people should not have access to the administrative rights on their computers, it is also a real good reason to do this inventory.

The normal computer user does not need to modify their computer to use word, excel and power point.  IT should be in charge of adding software and then the PC should stay fairly static.

Remote control software is used to either allow a user to take control of their computer from outside the building or control another PC outside the building or inside the building.  Maybe that is perfectly legitimate or very possibly it is not.  That Is why I insist that things like copy inhibit, and auditing, be enabled on the servers. If forensic investigations are needed down the road, we have the tools to do so, we simply must use them.

Industrial espionage is real and the business owner should take it real seriously.  There are “certifications for data security experts” out there.  What I know of this stems from over 30 years of doing this. It actually might be interesting to go through the class and see what I have not thought of.

A word about industrial espionage.

People often wonder if I struggle with paranoia.  I assure you that I am purrrfectly normal, I don’t struggle, I submit to it; everyone has their children followed, and thinks that their cats are spying on them, right?

So I am not a comedian..

The idea that I wanted to mention here is really from WWII.  “Loose lips sink ships.”  The idiom means “beware of unguarded talk.” No, I am not that old but; I am a student of history among other things.  We live in a high-tech world and we live in a social world.  We have several areas of town where there are high tech industries and where employees of those industries gather for lunch, or to have a beer and shoot pool after work.  Too many times I am in ear shot of engineers talking shop, in public.  If you own or manage a company that has “secrets” I would caution your employees about talking shop in public.  There are most likely posters that someone sells that you could hang on the wall as a subtle reminder about this subject.

someone-tweeted

The above picture proves that this concept is not lost on today’s companies.

 

If I worked at company Y who had company X as a competitor, I might very well have someone go down to the area where company X was and scope out restaurants where there were known hangouts for their engineers or technical guys.  I might also; if I were unscrupulous, have someone go stake out the place and make certain that I had them there when their folks had lunch.  In this day and age where there is a complete science behind “blending in,” it would be rather easy to go eaves drop.  In this day of technology, bugging someone would not be out of the realm of possibility.  When fountain pens that are a self-contained Digital Video Camera / Recorder which can record up to an hour per charge are less than $20; you had best beware that your cats may very well be spying on you.  Ok, not your cats, but certainly your employees or strangers.

Thinking back to Mission Impossible, where the tape recorder would start spewing smoke out ten seconds after the message had been listened to, devices are worth mentioning here.

Devices that leave the confines of the building; in this case laptops and thumb drives need to be secure.  Folks it is downright foolish not to have these things encrypted.  We have so many different types of encryption techniques available today.  Encrypting your data should it fall into the wrong hands will still make it useless to those who take it.  Even the smart phone has a failsafe built into it.

Because we store so many things on our Smartphone’s, they are more than just a phone. The courts recently rules that police can no longer take your phone and access it to see what you have been up to as the phone is so much more than a simple phone.  My iPhone for example after X attempts to guess my password will wipe itself.  Can we write such security programs for thumb drives and laptops?  Not a programmer; well since COBOL, but I am guessing that it is do-able.

Is the Cloud safe?

At this point in time, I would say no.  As much as we hear how safe that it is, each and every day we also hear about how it was violated, or how some major organization was hacked.

Back up your data and send a copy to your safe deposit box at the bank.  Make certain that your safe deposit box is a few miles from your office or residence so that if a tornado or other type disaster takes out your business or residence, your data stored in that safe deposit box and is still there.  Utilize a service to take your data off site if you like, or set up your own “cloud” via a secure tunnel over the internet to another location.

Hard drives are cheap and UNIX or Linux is not all that difficult to use to set up an FTP server.  While anything is better than nothing, have a strategy and test it; even if you do use the cloud.

With the White House being violated by a crazy person, the president in an elevator with a known criminal with a gun, not to mention the secret service allowing him to go to Mandela’s Funeral and speak just a few feet away from the translator who was not who he said he was, we must question everything.

The only way to really trust that your data is safe and for that matter your business or residence; is to test your plan once you implement it.  There are people you can hire “good guys” that will test your security from different angles as well as your disaster recovery plan.

The framework above is an excellent starting point. Trust me when I say this, many CEO’s have no idea how vulnerable they are as they trust that their CIO or SysAdmins know this stuff.  Each and every DR that I do, I find that most do not. The more that I dig; the more truculent these folks become and are really happy when I leave.  They don’t want their boss’s to know the truth. While I would happily work with them to fix these things and offer as much, they would rather hide the facts from those that should know their vulnerabilities.

If you are a CIO or head of a company that is interested in this, read my blog “attention CIO CEO ….

-Best to you and those that you care about!

Good Luck Jim

Copyright 2014 All rights reserved

The below is an addendum to this article which really puts things into perspective…

FOR IMMEDIATE RELEASE

Tuesday, September 30, 2014

Four Members of International Computer Hacking Ring Indicted for Stealing Gaming Technology, Apache Helicopter Training Software

Four members of an international computer hacking ring have been charged with breaking into computer networks of prominent technology companies and the U.S. Army and stealing more than $100 million in intellectual property and other proprietary data.  Two of the charged members have already pleaded guilty.  The alleged cyber theft included software and data related to the Xbox One gaming console and Xbox Live online gaming system; popular games such as “Call of Duty: Modern Warfare 3” and “Gears of War 3”;  and proprietary software used to train military helicopter pilots.

Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, U.S. Attorney Charles M. Oberly III of the District of Delaware and Special Agent in Charge Stephen E. Vogt of the FBI’s Baltimore Field Office made the announcement.

“As the indictment charges, the members of this international hacking ring stole trade secret data used in high-tech American products, ranging from software that trains U.S. soldiers to fly Apache helicopters to Xbox games that entertain millions around the world,” said Assistant Attorney General Caldwell.  “The American economy is driven by innovation.  But American innovation is only valuable when it can be protected.  Today’s guilty pleas show that we will protect America’s intellectual property from hackers, whether they hack from here or from abroad.”

“Electronic breaking and entering of computer networks and the digital looting of identities and intellectual property have become much too common,” said U.S. Attorney Oberly.  “These are not harmless crimes, and those who commit them should not believe they are safely beyond our reach.”

Nathan Leroux, 20, of Bowie, Maryland; Sanadodeh Nesheiwat, 28, of Washington, New Jersey; David Pokora, 22, of Mississauga, Ontario, Canada; and Austin Alcala, 18, of McCordsville, Indiana, were charged in an 18-count superseding indictment returned by a federal grand jury in the District of Delaware on April 23, 2014, and unsealed earlier today.  The charges in the indictment include conspiracies to commit computer fraud, copyright infringement, wire fraud, mail fraud, identity theft and theft of trade secrets.  The defendants are also charged with individual counts of aggravated identity theft, unauthorized computer access, copyright infringement and wire fraud.

Today, Pokora and Nesheiwat pleaded guilty to conspiracy to commit computer fraud and copyright infringement and are scheduled for sentencing on Jan. 13, 2015.  Pokora was arrested on March 28, 2014, while attempting to enter the United States at the Lewiston, New York, Port of Entry.  Pokora’s plea is believed to be the first conviction of a foreign-based individual for hacking into U.S. businesses to steal trade secret information.

According to the superseding indictment and other court records, from January 2011 to March 2014, the four men and others located in the United States and abroad allegedly hacked into the computer networks of Microsoft Corporation, Epic Games Inc., Valve Corporation, Zombie Studios and the U.S. Army.  The defendants and others allegedly obtained access to the victims’ computer networks through methods including SQL injection and the use of stolen usernames and passwords of company employees and their software development partners.  Once inside the victims’ computer networks, the conspirators accessed and stole unreleased software, software source code, trade secrets, copyrighted and pre-release works and other confidential and proprietary information.  Members of the conspiracy also allegedly stole financial and other sensitive information relating to the companies – but not their customers – and certain employees of such companies.

Specifically, the data cyber-theft allegedly included source code, technical specifications and related information for Microsoft’s then-unreleased Xbox One gaming console; intellectual property and proprietary data related to Xbox Live, Microsoft’s online multi-player gaming and media-delivery system; Apache helicopter simulator software developed by Zombie Studios for the U.S. Army; a pre-release version of Epic’s video game, “Gears of War 3;” and a pre-release version of Activision’s video game, “Call of Duty: Modern Warfare 3.”  The defendants also allegedly conspired to use, share and sell the stolen information.

The value of the intellectual property and other data that the defendants stole, as well as the costs associated with the victims’ responses to the conduct, is estimated to range between $100 million and $200 million.  To date, the United States has seized over $620,000 in cash and other proceeds related to the charged conduct.

In addition to those charged in the United States, an Australian citizen has been charged under Australian law for his alleged role in the conspiracy.

An indictment is merely an allegation, and the defendants are presumed innocent unless and until proven guilty in a court of law.

This case is being investigated by the FBI, with assistance from the Criminal Division’s Office of International Affairs, the U.S. Department of Homeland Security’s Homeland Security Investigations and Customs and Border Patrol, and the U.S. Postal Inspection Service.  The investigation also has been coordinated with the Western Australia Police and the Peel Regional Police of Ontario, Canada.

The case is being prosecuted by Trial Attorney James Silver of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Edward J. McAndrew of the District of Delaware.

Certifications a good idea or bad?

Certifications a good idea or bad?

 

Is the person with the most certifications the best hire?  Maybe yes, maybe no. 

 

The history of the certification for IT really started with Novell.  Novell used to charge computer manufacturers to “certify” that their equipment was compatible with their software.  This was no inexpensive proposition.  Somewhere around the release of V2.15 there was the invention of the CNE or Certified Netware Administrator.

 

Back at this time this was no easy certification to obtain.  Proficiency in hardware, DOS, NetWare, Networking equipment and topologies, datagram’s, IPX XPS, NetBIOS and the list went on. 

 

As the certification idea took off, adaptive test were created.  If the test found a weakness, it would give you more questions around that weakness which may very well be your doom.  These tests were not inexpensive.  The study material was not cheap and when you boiled it all down, unless you are really good at taking test; you had to have the experience and knowledge the back it up.

 

So in theory this was a good idea and should have given employers an excellent way to gauge someone’s level of expertise. 

 

What changed?

 

It is human nature to cheat.  I am beginning to think that making ones way through college was in part, how good you were at gaming the system.

 

This is true of the certifications today for the most part.  There are too many websites and groups dedicated to giving out information to the applicant, that we really have no idea how much the person knows.  That is why it is paramount that you, the hiring manager know the technology and not just look at his or her pedigree.

 

We don’t like to take test and I appreciate that.  As a professional I want to know that I know the material.  Would you want your doctor or Pilot to “game the system?”  Why would we hold them to a higher standard; other than the obvious of the life and death thing?

 

Do we not put the company at risk if we are not qualified?   The people that you hire absolutely can make bad decisions and as one who sells disaster recovery, that is one of the things to consider, “an oops.”  I have seen this happen more times than I would like to say and it is never pretty. (No, it never happened on my watch.)

 

After my company hired a person on their credentials alone, I soon learned that you had better know more or at least as much about the subject as that person who you are looking to hire.  The person was a paper certified pro meaning he could take test, not actually do it.

 

I look for someone with a good track record in the field that they want to pursue, a solid work history and lastly I consider their certifications.  I need to know if they can do the job and not just take a test.  I also check their references and backgrounds if they make it past the first few hurdles.

 

Technology is an extremely liquid entity. The books and materials that you buy today may not be salient tomorrow.  Spending thousands of dollars on classes, books and test is only good for such a short time, before you have to hit the books again.  

 Your “technologist” the CIO in most cases should understand technology better than anyone else in the company.  He or She should have a very in depth background and not only understand the nuts and bolts of things but, should possess enough business acumen to know what products or services are relevant for their company; and those that would have a poor ROI or high TCO not to mention poor application. 

 

All purchases and changes to the architecture should make sense.  Anyone that you hire to administer that equipment should not only grasp the equipment or technology, but also the company’s vision.   

 

In short, I am not given to looking solely at certifications.  Can they do the job and how did they do it before?  Were they successful? Are they willing to go to classes if the job requires it?

 

The trick to committing to obtaining a certification is to determine the viability of the company or product, and if that product will take off or die on the vine?  That is the rub in that I have seen technology come and go.  Xerox had the best of the best, 30 years ago and had their marketing been better, and they not try to recover their total development cost with the first few sales, Bill gates might still be working out of his garage.

 

Xerox had the GUI and the Mouse before Steve and Bill.  That is another story.

 

If you are looking to the information technology field as a career I can tell you from experience that the length of your job at that company will only take you until you have maxed out on the salary that they want to pay; or they find a way to outsource what you do.  There are fewer and fewer indispensible employees any more as most CEO’s or owners have figured out that everyone should be replaceable.  If you are one of the people who have stayed in one place for a long time you are either underpaid, or the company does not have the guts to replace you with a less expensive alternative.  Keep doing what you are doing as it is working for you and for the boss, get real; nobody is indispensable.

 

It is therefore paramount for you the job seeker to keep your resume up and current, analyze trends in the market to see what company is doing what, and who is using them.  Most of us will get into the rhythm of our jobs and get comfortable.  This can no longer be the case, as very few companies have any loyalty to their employee’s . Employee should empower themselves to become even more marketable.  Accomplishments are a great thing to put on your CV especially projects with dollar figures or some other quantifiable metric.  “saved the company $13 million dollars a year by changing the way that they did business.”

 It is up to you the worker to maintain your marketability through skills, career choices, education and even personal appearance plays a role.  I cringe when I see these young people today with piercings and tattoos.  I personally see this as not a real bright decision and a possible impediment to getting a good job as I know that most serious business people feel the same way.  You now will have to go with some young company that is really out there like Google or Microsoft or, find a way to cover up your decisions…  I don’t mean to sound critical but, it is a shame that youth is wasted on the young.  

These are pearls from me to you…

 -Best to you and those that you care about!