Tag: fire

Root Cause Analysis

Why did it stop working, or why doesn’t it work?

Precocious doesn’t begin to define my childhood.

When my alarm clock stopped ticking, I carefully removed one screw at a time until all hell broke loose. Yes, gears and parts flew across the room, some lost forever in the dustbin of history. I never understood why the clock stopped working, as there was not much left to forensically examine.

The lesson learned was, don’t mess with clocks or things with springs. I didn’t understand that lesson as I have repaired more clocks than I can count.

Curiosity drove me to take more things apart that were discarded. I can admit now that I walked the alleys home from school on trash days to see what treasures were abandoned by our throwaway society.

TVs to Stereos, lawnmowers, edgers and a host of other things filled my storage shed with parts galore.

Why did they toss it out?
Why did it stop working?
What does it take to repair it?

I started a lawn service business using discarded lawn equipment I learned to repair. Knowing nothing about running a business, I cobbled together a plan. I made small advertisements to canvass the neighborhood using carbon paper, a ruler, and the best printing I could muster.

My teenage years were spent walking around the streets of my neighborhood, wagging a recycled lawn mower. My first car was paid for by my lawn-mowing efforts.

When I moved out of my parent’s home, they were delighted as my collection of treasures went with me. I found a modest place to live where I rented a mobile home.

Millennials today would not step foot in such a place as they don’t understand the value of doing it yourself. I digress… I tried many jobs, from press operator to managing a Radio Shack and TV repair. All self-taught. I learned how to spell autodidact, the personification of who I am.

The library was my home away from home. From history to how things worked, they knew me well.

For years I worked as a field service engineer. I met some of the most significant people during that time. Presidential candidates to high-profile attorneys and even rich villains who were later sent to prison for murder.

Befriending some of the pioneers in heart surgery was rather unique. I was intrigued enough to overcome my repulsion with blood and gooey things. Had I had the funds, I would have become a doctor. I witnessed surgeries, autopsies, and a host of other medical procedures.

I could name-drop, and many of you would know the names.

One of the doctors I knew was at Parkland working in the emergency room when Kennedy was brought in after ‘one loan bullet did so much damage to so many people.’ Pfft

I await the day that our leaders tell us the truth. I won’t hold my breath.

We have dumbed down society to the point that people willingly buy that story. We have stopped asking questions that are critical to the community. If we studied the rise and fall of the Roman Empire, we would see that we are headed down that same path. Instead of worshiping Athena or Mercury, we worship the dollar and cheap shit from China.

Since I funded everything in my life with a job of some kind, I had to settle for jobs where one didn’t need a license or certification.

With the invention of the throwaway razor, society has transformed into a disposable mindset which is as catastrophic to the climate as private jet travel.

We fill landfills with things that should be recycled. Apathy rules. Nobody calls anyone out on it.

Other than those idiots destroying artwork to vilify those who actually work and drive cars, the educated have taken a back seat to chaos and victimhood.

I was known as the guy who could fix anything at my church. I ended up with all kinds of home appliances from my extended family. I did this to assist those in my extended family and to keep shit out of the landfill.

While that is another story, I had to leave the church and find another and then claim ignorance so I could have time to myself. Ying and Yang…we need balance.

I made notes on why so much of this Chinese-made stuff was suddenly on my bench to repair for them.

Cheap stuff from China has taken me back to my days of digging through the trash. Metaphorically speaking, of course.

The Christmas tree this year has been adorned with the usual lights. Finding the one bulb that doesn’t work takes up more time than the tree is worth, but…why fill the landfill with a pre-lit tree for one 2-cent bulb?

We complicated the event with these little motors that twirl the ornaments around as if by magic.

Amazon delivered a package with these little plug-in devices, and guess what? They didn’t work or stopped working quickly.

The problem with this is equivalent to who I am. Most would take them back to where they would end up in the landfill. The makers of these things most probably have slave labor making them. The question was, are you smarter than a five-year-old Chinese kid?

Tiny clips held the front together, and this plastic thing on the back had the back together.

The root cause analysis of the failure is the gears on the lower part of the mechanism were assembled in a faulty shell. The pin that the gears spin on allows the axel to slide down to the motor.

Moving the gears to the other side, where the casing was in good shape, fixed the problem.

I found similar issues with the other motors, which surprised me.

If you look at some of my other blogs, you will find similar stories about cheap SHIT from China.

Why am I mentioning this?

I have examined many things from China that would not pass the Underwriter Laboratory or be UL-approved. They are not looking at things like this if they are still around.

Could this get hot enough to start a fire?

Maybe so on a real tree, which is a tinderbox in the making. The moral of the story is, don’t leave the tree unattended.

There are other devices that people should pay attention to, and those are what I call WALL WARTS.

Looking around your home, you will find many things powered by these square boxes that take up both outlets.

Many of them are not even fused. If your pet chews through the wire and it shorts, there could be a fire. Unplug those things that are not in use. They consume electricity even if they are not currently attached to an apparatus that is powered on.

Put down the video game and the remote control, and pick up a book.

Have a wonderful holiday season. Merry Christmas!

Scott

The CFL, Good idea or Bad

The CFL

The CFL Good idea or Bad

I have spoken about this bulb before and how we as Americans have been duped into paying for expensive bulbs to replace the .25bulb with one that cost several dollars. Today I had one of these bulbs fail and it was not a normal failure.

Seated inside base of the CFL bulb is this circuit board with a couple of dozen components on it. Fluorescent bulbs work by ionizing the gas inside the tube where it interacts with the phosphor coating the inside of the tube making light.

Let me stop here for a moment and say that I am a large fan of folks who think outside the box. Huge fan! I like it when people don’t accept status quo and look for a better way to do something. The fluorescent bulb is one such invention. LED bulbs are another. I think we can do better and we should.

Having said that I have issues with the government forcing it down our throats by doing away with the incandescent bulb forcing us to adapt “pay for “much more expensive technology.

These CFL bulbs have mercury in them which is bad. These bulbs if broken have special cleanup procedures that just about require a hazmat suite.

CFL bulbs are expensive. Researching the issue I think that they have finally come out with models that work in dimmers but that was not the case with my failure, it was a simple on-off lamp.

The pluses are that these things are supposed to last much longer than a normal incandescent bulb.
They uses about a 4th the wattage of an incandescent.

When an incandescent bulb goes out there is typically a flash associated with the energizing current hitting the filament and poof, you are groping around in the dark looking for a flashlight or other lamp to find a new bulb and replace it.

CFL bulbs start out much dimmer than a normal bulb and while they may get to a brightness that is acceptable, most need that brightness when they flip the switch, not 10 minutes later after it warms up.

CFL bulbs should never be used in places where the light needed is just for a few moments i.e. closets or bathrooms. CFL bulbs should not be turned off before they are allowed to reach operating temperature as doing so shortens their life.

LED bulbs start out bright and as they age lose their intensity or luminance as they age so, a bright bulb will eventually turn into a very dim bulb.

The prices of the alternatives are still higher than they need to be to rationalize an ROI on the product. The average house does not use enough electricity on bulbs to generate an ROI to justify using expensive bulbs. Stores and office building do but, the average home does not.

Typical government thinking is that one house, no, two houses no, a neighborhood full of houses all using $6 bulbs vs .25 bulbs, and you save some energy and the bulb companies make a hell of a lot more money than on a few $0.25 bulbs.

The energy company then has to raise their rates to make up the difference in the losses of lower usage, so everybody wins! Everybody except you the consumer.

Because larger incandescent bulbs are being removed from the market, we are forced to buy an alternative whether we want to or not.

When a CFL bulb just stops working instead of dimly glowing or flickering before its time, why? What happens to it if it simply stops!

The circuit board which I alluded to earlier produces the voltages necessary to make the bulb work. As I have done with the Wall wart in an earlier post, I have also done with the bulb. In my job, I have to determine the “root cause analysis!” What failed and why. In this case it is a design flaw.

Scott's Bulb Look at the dark area on the board you can see where it has gotten plenty hot! — Scott’s Bulb
Look at the dark area on the board you can see where it has gotten plenty hot!

Scott 100 watt CFL that died prematurely. — I am not sure if you can tell but, the solder joints that hold on that three legged component which I think is an SCR of some sort (guess) has become much too hot and actually melted the solder away from the pins. This part should have a heat-sink on it. Using the rule of thumb method of engineering. If you cant put your thumb on it because of the heat, better re-engineer it. This is the 100 watt model of the CFL which uses 23 watts.

Here you will see the circuit board and its associated components. You can see where the board has gotten hot, so hot in fact that the solder connection to this part have come loose causing the failure of the bulb.

burned-bulb — Failed bulb found on the internet. There are many such stories out there but I am trying to determine why.

One cannot help but wonder how much of a fire hazard that these bulbs are.

I would not leave my house with these things on, as I don’t think that they are that trustworthy.

I would certainly make sure that my smoke detectors had good batteries as well.

-Best

www.timedok.com

www.guard-protect.com

Security

Happy Friday!

Today I want to talk about security. With the recent events involving our President, along with major companies data base’s of credit card holders being hacked, it seemed timely.

Companies either focus on cyber-security, physical security or both or neither. I realize that this statement seems ambiguous but, the simple facts are that few companies think about hiring a Security Officer, much less installing the systems to make certain that their physical plant is secure; not to mention their Data infrastructure. A security Officer is well rounded and incorporates all facets of security into their repertoire.

Part of a Disaster Recovery plan is an audit of security measures taken.

Thanks to recent hacks by various outside entities, companies are becoming more in tune with things like passwords that change, that the user sets, as well as administrative passwords that also are forced to change and be “strong in nature.”

Instead of vilifying some of my clients practices which; many would find audacious, some entertaining, and some down right stupid; allow me to pontificate about “security in a nutshell.”

Let’s start with the employee.

All employees (present and future) should have a background check completed. Are they who they say that they are and do they have any criminal history? What is their credit score and, can they pass a “drug test” now and at some future date?

What someone writes on their resume is not a legal document therefore; you must necessarily have them fill out an application for employment which “is a legal document.” You can buy these at Office Depot, so there is really no excuse not to do this.

The resume is an instrument to get a person in the door for an interview, not to hire them by. What one writes on the application are grounds for termination, if fabricated. I can write that I am King of the Emirates on my CV, if that gets me in the door, so be it. Once I write that on an application, I have committed fraud.. Some would argue that the CV should me more sacrosanct than it is. That would be nice but the truth is, that few do.

There is a complete art regarding your CV and making it stand out among others. Like English 101, it is subjective, research the company to whom you are sending it to. That is why one must have several different resumes. I will not belabor that point or this subject here, suffice it so say, if it gets me past the first cut that is all that I care about. Until you are sitting in front of a person who gets to know you personally and uniquely from the masses, your resume is one of tens of thousands languishing in a sea of anonymity.

Once your HR department is satisfied that this person is a viable candidate for the job at hand; then and only then, should the hiring manager start the interview process.

Q. What difference does it make if the person has a less than stellar history?

A. If they have a track record for making bad decisions, there is nothing to stop them from doing so again. Once you hire them, they represent you and or your company.

Q. What difference does it make regarding their credit score?

A. If they have a lousy credit score that simply means that once again they have a higher probability of making poor decisions and even more germane, might be someone who has character issues.

One company I know of ran reports of how many coffee creamers, sugar and toilette paper their individual branches went through. They tied that data together with the branches that had “shorts.” (Shorts meaning the cash drawer did not balance, was missing money.) The interesting thing was that the branches that used more supplies, had more shorts thus; the criminal element was behind the counter.

Q. Piss Quiz? What does a little pot, or drinking, have to do with a person being a good and faithful employee?

A. Once again we are looking at character traits. If a person plays loose with the rules, they too will have a proclivity to play loose with your rules. Good behavior should be rewarded. If someone plays by the rules, they should be first up for the job.

Q. What about pre-employment test?

A. Having total empathy for those of us who suffer from test anxiety, I am more interested in a person’s history and track record. The EU is really big on all sorts of pre-employment test to get the “brightest and best” however; as a hiring manager for most of my adult life, I am here to tell you that test are not the end all be all. If HR does their part, I trust that I can weed out the rest. While a test may give you some idea of a person’s character, remember that if they are nervous or not feeling well that particular day, the results will be skewed. You may in fact be overlooking a diamond. Get to know the person.

Once a long time ago I interviewed with Microsoft. As it happened I was suffering from bronchitis, had not slept well but; I would have still gone to work as I could function so why not go on the interview. There were several parts of the process including test of different parts. Did I know the materiel? In truth I was over qualified for the job in so many ways but I thought that working for Microsoft would be a good thing so I went through with the interview. The last part of the interview some very attractive young lady brought me into an office and ask me “Why was a pothole cover round?” In the haze of DayQuil and the anxiety of the entire process, the question threw me. I chucked at her and looked at her like I was waiting for the real question like “what are the different layers of the OSI model and how are they relevant to data communications?” That question I could have handled and was expecting; not why is a pothole cover round.

After a short period of silence which seemed like an eternity I realized that she was quite serious. “I had never thought about before.” i said, “I suppose that it might have something to do with the fact that if it were any other geometric shape, it could fall in.”

That answer was met with a dis-approving look, which again threw me; as I could not think of any other reason why.

She then started asking me another question about a farmer, and a boat, and grain, and chickens, and a fox, and a river..

At this point in the process I ended the interview. I was not feeling well and this to me seemed like games that one might play with someone who had never worked in the industry before; not someone who had the years doing this that I had.

My next job was that of an IT Director (instead of working at Microsoft) , where I would be the one in charge of purchasing tens of thousands of dollars at at time of software from “Microsoft.” Microsoft has a tendency to hire a lot of young pretty girls to do their bidding, much like the drug industry does to push their pharmaceuticals to doctors. It is good to be a customer.

Physical Security

Physical security should be well thought out. I know of some companies that think this is too-expensive or don’t want to invest in this. They have a key pad entry that they change once a quarter or so, if they think about it. I have seen others who simply use a lock and key and they don’t even change them out when they have employee turnover.

Q. What should my building security look like?

A. Depending upon your business, let’s take a typical office environment.

The reception area has your normal door locks for after hours as well as video surveillance. Today we have technology that allows surveillance to be somewhat obscure but not so much so that the people who come into the lobby don’t notice it. Today’s casinos for instance have tons of cameras and you know that if you scratch yourself someone somewhere watched you do it. My point is that they are barely noticeable. They are there and you know that they are there but you quickly might forget. Your lobby should not be intimidating because your customers come through there too however; it should be obvious that you have security.

Each entrance to areas past the reception area should be hard keyed with electronic pass devices that respond to individual key cards. Piggy backing of employees traversing these doors should be discouraged however; video surveillance of these doors from both the inside and outside will allow you to track employee movement should the need arise.

Electronic time clocks which use RFID or even bio metrics are not only good for payroll but, once again a good way to track employee movement. Again the clock(s) should have video cameras in them and pointed at them so there is no way someone could be clocking in someone other than themselves. The more secure the area is, the more visible you should make your security.

Depending upon your organization doors, controlling access to certain areas aka HR, development, data center etc should be keyed to allow only people with a need for entrance to that area. Again these doors are also under video surveillance from both the inside and outside.

Employee cards should have a picture of the employee on them and should be visible at all times when the employee is on campus.

With unique employee key cards and programmed entrance to the areas that each unique employee will need, the only changes to the system will be when that employee leaves and it only has to change with that one person.

Not only does this give your physical building / plant a security that this day and time calls for but, it allows you to track your employees movements if the need arises.

Q. Why would I need to track an employee?

A. Lets say you have an area of production that is suffering and you don’t know why. What if you pulled a report and found that your manager of that area was spending a lot of time in places other than where he or she should be? This actually happened at one of my clients. They had several thefts one night and found that by tracking the people that came and went and correlating those times with security footage were able to actually see the person perpetrating the crime. This person spent some time behind bars and the company was quickly able to remove undesirable elements from their work staff.

Q: Is there any other physical security measures that I should look at?

A: Glass breakage detectors, motion detectors, smoke and gas detectors and I like to add water detection equipment. The later inclusion would have come in handy a couple of times in my career. We were in the middle of a remodel and one of the plumbers forgot to solder a fitting. They turned on the water and it held pressure so they left. Sometime over the weekend the fitting let loose and the entire building was flooded. Water detection sensors would have kept the damage to a minimum instead of flooding an entire high rise. Since most fire suppression system are water, this too would let you know if something failed with that system.

Note: there are several different fire suppression system and water is good for general purpose however; a data center needs a little more thought.

How about your computer systems? While the above is an abbreviated look at employee and physical security, what about your data?

Passwords that change
Cable infrastructure
Admin passwords that change and are strong
Firewalls with the appropriate updates and configurations
SNMP manageable devices that are updated and set to user specific user name and passwords
Physical cable plant that is locked down to only allow access from expected devices.
WiFi that is locked down
VLANS segregating departments and traffic
Servers with specific access to files and or data needed by departments and or users.
S.A.M. (Software Asset Management) in place and kept up to date
VPN encrypted access with security token
All outside connections to the network identified and locked down.
Roaming profiles up dated and checked for security
No remote control software on company computers either remote or host.
Admin access to user computer restricted or not at all.
Thumb drives and laptops encrypted.

You would be shocked if I told you how many times I find loose if not non-existent password policies. It is almost as if they are begging for industrial espionage or begging some disgruntled employee to have their way with them.

Much like having a PC without a locking screensaver is down right idiocy; these folks beg to be burned.

User passwords must change every 90 days at max and should be strong, meaning special characters, numbers and so forth. One company that I know of keeps a spreadsheet of everyone’s assigned password that never changes. That keeps the sys-admin from re-setting passwords but opens the company up to so many security violations it is unbelievable. This practice is in direct violation of policies set forth for publicly traded companies, and those that follow ISO standards.

Admin or super user passwords should also change on no particular date but often, more often than every 90 days but with no predictability. There might be some inventive programmer who could write an app that would randomly go off and invoke a password change for administrators and not let you continue on until you have done so.

Another ambiguity with our illustrious data folk is a lack of documentation with their data plant. Why is that important?

In the server room that contains the switches should be a map. This map should contain a map of each floor and the data drops. Not only should these drops be labeled as such they should be secured. How do you secure a data drop and why?

Let’s start with the Why? If I were a bad guy I might come in disguised as a janitor. I would have a small laptop and that would have on it some software to sleuth your network with my goal being to get into your servers. The first thing that I would do is find a data port that had nothing in it and plug right in “assuming that there was no wifi that I could get into.”

Now if you do your cable management correctly, that vacant port that I just plugged into is not hooked up via the patch panel. That forces me to go unplug a computer or printer and try it there as that is an active device so it is cabled.. In our switch we can have it only talk to the device if it is the MAC address that it is programmed to expect. The idea is to make it is difficult as possible for the would-be intruder to gain access to your data.

In most shops, we have no idea what drops are live, and where they are or what they are, much less what is plugged into them.

With VLAN’s we offer yet another layer of security in that if this guy plugs into some port that the secretary uses, he will not be able to get access to the engineers VLAN.

Many times I see networks where more ports were needed so a switch was just thrown into the drop, problem solved. This is poor on many levels. Anyone with any networking sense knows better but yet I see it every day. You take a multi-thousand dollar cable plant and install a $30 switch screwing up collision rates, security, traffic throughput and so forth rather than do it right.

Jumping down the list to S.A.M. While most things on this list are common sense S.A.M. might not be that intuitive.

Q. Why do I need to keep up with what is on each and every computer and how does that relate to security?

A. Really good question. In running an audit of all software on all computers within an organization you will quickly find that your organization has a lot of software that the business owner is responsible for. If some disgruntled employee calls the Business Software Alliance http://www.bsa.org/ and reports that you are using pirated software; it then becomes your responsibility to prove otherwise.

Can you show proof of purchase for all software within your organization?
Can you show the license keys for that software, if so, prove it to yourself.
Do you know what each and every executable is on each and every desktop?
Do you have software on computers that is not being used?

The long and the short of this exercise is that I do an inventory of software on PC’s as part of a DR. While this is a painful exhaustive process, it is important because you have to know what you have, if you want to re-create it in the case of a disaster.

I always find software that the company was unaware of.

I most always find Trojans, viruses, games and more importantly, I find remote control software.

While this is a real good reason why people should not have access to the administrative rights on their computers, it is also a real good reason to do this inventory.

The normal computer user does not need to modify their computer to use word, excel and power point. IT should be in charge of adding software and then the PC should stay fairly static.

Remote control software is used to either allow a user to take control of their computer from outside the building or control another PC outside the building or inside the building. Maybe that is perfectly legitimate or very possibly it is not. That Is why I insist that things like copy inhibit, and auditing, be enabled on the servers. If forensic investigations are needed down the road, we have the tools to do so, we simply must use them.

Industrial espionage is real and the business owner should take it real seriously. There are “certifications for data security experts” out there. What I know of this stems from over 30 years of doing this. It actually might be interesting to go through the class and see what I have not thought of.

A word about industrial espionage.

People often wonder if I struggle with paranoia. I assure you that I am purrrfectly normal, I don’t struggle, I submit to it; everyone has their children followed, and thinks that their cats are spying on them, right?

So I am not a comedian..

The idea that I wanted to mention here is really from WWII. “Loose lips sink ships.” The idiom means “beware of unguarded talk.” No, I am not that old but; I am a student of history among other things. We live in a high-tech world and we live in a social world. We have several areas of town where there are high tech industries and where employees of those industries gather for lunch, or to have a beer and shoot pool after work. Too many times I am in ear shot of engineers talking shop, in public. If you own or manage a company that has “secrets” I would caution your employees about talking shop in public. There are most likely posters that someone sells that you could hang on the wall as a subtle reminder about this subject.

The above picture proves that this concept is not lost on today’s companies.

If I worked at company Y who had company X as a competitor, I might very well have someone go down to the area where company X was and scope out restaurants where there were known hangouts for their engineers or technical guys. I might also; if I were unscrupulous, have someone go stake out the place and make certain that I had them there when their folks had lunch. In this day and age where there is a complete science behind “blending in,” it would be rather easy to go eaves drop. In this day of technology, bugging someone would not be out of the realm of possibility. When fountain pens that are a self-contained Digital Video Camera / Recorder which can record up to an hour per charge are less than $20; you had best beware that your cats may very well be spying on you. Ok, not your cats, but certainly your employees or strangers.

Thinking back to Mission Impossible, where the tape recorder would start spewing smoke out ten seconds after the message had been listened to, devices are worth mentioning here.

Devices that leave the confines of the building; in this case laptops and thumb drives need to be secure. Folks it is downright foolish not to have these things encrypted. We have so many different types of encryption techniques available today. Encrypting your data should it fall into the wrong hands will still make it useless to those who take it. Even the smart phone has a failsafe built into it.

Because we store so many things on our Smartphone’s, they are more than just a phone. The courts recently rules that police can no longer take your phone and access it to see what you have been up to as the phone is so much more than a simple phone. My iPhone for example after X attempts to guess my password will wipe itself. Can we write such security programs for thumb drives and laptops? Not a programmer; well since COBOL, but I am guessing that it is do-able.

Is the Cloud safe?

At this point in time, I would say no. As much as we hear how safe that it is, each and every day we also hear about how it was violated, or how some major organization was hacked.

Back up your data and send a copy to your safe deposit box at the bank. Make certain that your safe deposit box is a few miles from your office or residence so that if a tornado or other type disaster takes out your business or residence, your data stored in that safe deposit box and is still there. Utilize a service to take your data off site if you like, or set up your own “cloud” via a secure tunnel over the internet to another location.

Hard drives are cheap and UNIX or Linux is not all that difficult to use to set up an FTP server. While anything is better than nothing, have a strategy and test it; even if you do use the cloud.

With the White House being violated by a crazy person, the president in an elevator with a known criminal with a gun, not to mention the secret service allowing him to go to Mandela’s Funeral and speak just a few feet away from the translator who was not who he said he was, we must question everything.

The only way to really trust that your data is safe and for that matter your business or residence; is to test your plan once you implement it. There are people you can hire “good guys” that will test your security from different angles as well as your disaster recovery plan.

The framework above is an excellent starting point. Trust me when I say this, many CEO’s have no idea how vulnerable they are as they trust that their CIO or SysAdmins know this stuff. Each and every DR that I do, I find that most do not. The more that I dig; the more truculent these folks become and are really happy when I leave. They don’t want their boss’s to know the truth. While I would happily work with them to fix these things and offer as much, they would rather hide the facts from those that should know their vulnerabilities.

If you are a CIO or head of a company that is interested in this, read my blog “attention CIO CEO ….

-Best to you and those that you care about!

Good Luck Jim

The below is an addendum to this article which really puts things into perspective…

FOR IMMEDIATE RELEASE

Tuesday, September 30, 2014

Four Members of International Computer Hacking Ring Indicted for Stealing Gaming Technology, Apache Helicopter Training Software

Four members of an international computer hacking ring have been charged with breaking into computer networks of prominent technology companies and the U.S. Army and stealing more than $100 million in intellectual property and other proprietary data. Two of the charged members have already pleaded guilty. The alleged cyber theft included software and data related to the Xbox One gaming console and Xbox Live online gaming system; popular games such as “Call of Duty: Modern Warfare 3” and “Gears of War 3”; and proprietary software used to train military helicopter pilots.

Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, U.S. Attorney Charles M. Oberly III of the District of Delaware and Special Agent in Charge Stephen E. Vogt of the FBI’s Baltimore Field Office made the announcement.

“As the indictment charges, the members of this international hacking ring stole trade secret data used in high-tech American products, ranging from software that trains U.S. soldiers to fly Apache helicopters to Xbox games that entertain millions around the world,” said Assistant Attorney General Caldwell. “The American economy is driven by innovation. But American innovation is only valuable when it can be protected. Today’s guilty pleas show that we will protect America’s intellectual property from hackers, whether they hack from here or from abroad.”

“Electronic breaking and entering of computer networks and the digital looting of identities and intellectual property have become much too common,” said U.S. Attorney Oberly. “These are not harmless crimes, and those who commit them should not believe they are safely beyond our reach.”

Nathan Leroux, 20, of Bowie, Maryland; Sanadodeh Nesheiwat, 28, of Washington, New Jersey; David Pokora, 22, of Mississauga, Ontario, Canada; and Austin Alcala, 18, of McCordsville, Indiana, were charged in an 18-count superseding indictment returned by a federal grand jury in the District of Delaware on April 23, 2014, and unsealed earlier today. The charges in the indictment include conspiracies to commit computer fraud, copyright infringement, wire fraud, mail fraud, identity theft and theft of trade secrets. The defendants are also charged with individual counts of aggravated identity theft, unauthorized computer access, copyright infringement and wire fraud.

Today, Pokora and Nesheiwat pleaded guilty to conspiracy to commit computer fraud and copyright infringement and are scheduled for sentencing on Jan. 13, 2015. Pokora was arrested on March 28, 2014, while attempting to enter the United States at the Lewiston, New York, Port of Entry. Pokora’s plea is believed to be the first conviction of a foreign-based individual for hacking into U.S. businesses to steal trade secret information.

According to the superseding indictment and other court records, from January 2011 to March 2014, the four men and others located in the United States and abroad allegedly hacked into the computer networks of Microsoft Corporation, Epic Games Inc., Valve Corporation, Zombie Studios and the U.S. Army. The defendants and others allegedly obtained access to the victims’ computer networks through methods including SQL injection and the use of stolen usernames and passwords of company employees and their software development partners. Once inside the victims’ computer networks, the conspirators accessed and stole unreleased software, software source code, trade secrets, copyrighted and pre-release works and other confidential and proprietary information. Members of the conspiracy also allegedly stole financial and other sensitive information relating to the companies – but not their customers – and certain employees of such companies.

Specifically, the data cyber-theft allegedly included source code, technical specifications and related information for Microsoft’s then-unreleased Xbox One gaming console; intellectual property and proprietary data related to Xbox Live, Microsoft’s online multi-player gaming and media-delivery system; Apache helicopter simulator software developed by Zombie Studios for the U.S. Army; a pre-release version of Epic’s video game, “Gears of War 3;” and a pre-release version of Activision’s video game, “Call of Duty: Modern Warfare 3.” The defendants also allegedly conspired to use, share and sell the stolen information.

The value of the intellectual property and other data that the defendants stole, as well as the costs associated with the victims’ responses to the conduct, is estimated to range between $100 million and $200 million. To date, the United States has seized over $620,000 in cash and other proceeds related to the charged conduct.

In addition to those charged in the United States, an Australian citizen has been charged under Australian law for his alleged role in the conspiracy.

An indictment is merely an allegation, and the defendants are presumed innocent unless and until proven guilty in a court of law.

This case is being investigated by the FBI, with assistance from the Criminal Division’s Office of International Affairs, the U.S. Department of Homeland Security’s Homeland Security Investigations and Customs and Border Patrol, and the U.S. Postal Inspection Service. The investigation also has been coordinated with the Western Australia Police and the Peel Regional Police of Ontario, Canada.

The case is being prosecuted by Trial Attorney James Silver of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Edward J. McAndrew of the District of Delaware.

The Ubiquitous Wall Wart

For those of you who are unfamiliar with the term “wall wart” it is simply a slang term for external power supply’s that hang out of the outlet. The power supply has evolved over the years from being something external to the apparatus to be powered, cabled to same with large cables.

As technology “evolved” the power supply was integrated into the apparatus and a simple cord connecting it to the AC line was all that was needed.

After even more “evolution” the power supply went external again on some apparatus’s in the form of a wall wart.

It was during this time the wall wart was blamed for starting fires. Many firefighters attributed the source of combustion to the wall wart.

Early wall warts were not fused or if they were the fuses were defective. I still vividly remember smelling something “like hot plastic,” finding a wall wart going to a radio was melted, very hot and still pumping out energy into a short length of cable that the cat had chewed on causing a short.

These power supplies still use energy even if the apparatus is powered off. Those “green” people will tell you to unplug them when not in use as they waste energy. I would tell you to unplug them simply because “in my opinion” they are still a fire hazard.

Unplugging them can be a pain in the rear as often times they are buried behind something etc. To this I would encourage you to get a power strip that you could turn off the whole thing when not in use rather than trying to plug and unplug every time you wanted to use the device.

Case in point. My phone stopped working. When I did my “electronic technician thing” I discovered that the wall wart was dead.

Finding a similar wall wart today has not been successful. It is a 7.5 volt with a current rating of a 1000ma. The real trick is finding one with a 90 degree bend in the plug as to fit into the bottom of the base.

Looking at the wall wart “I dissected it,” the failure was a capacitor that failed. This should not be any surprise to those of us who work with electronics as there is a raft of faulty capacitors in the marketplace which are responsible for the early demise of many many things! From computer power supplies to flat screen TV’s to just about any electrical device made in China. Read all about that subject here. http://www.badcaps.net/

This too made a smell which alerted me to the fact that something was awry. The interesting part of this is the internal fuse did not blow. Had I not been home and smelled the “hot smell,” would my house still be here?

Because it is in an airtight container one has to think that any flame would have not had the oxygen to burn and eventually the fuse might have blown or the circuit breaker to the receptacle might have tripped. The short answer is “we just don’t know.”

Looking at the device you can see that they have dropped the 120V to 12V with a large 10ohm resistor. From there they have rectified it, regulated it and I would guess cleaned up the dc and even the AC with a few small components. You will note the top of the capacitor is puffed up which is a clear sign that it is defective. You will also note that the board is discolored where the devices got hot when the capacitor failed.

All Wall Warts are not the same!

I frequently am asked by different people to repair some small appliance. I enjoy doing it so it is not much of a burden. More often than not I am brought the device that no longer works with a wall wart that is not the correct wall wart for the device!

Looking at the back of the apparatus you will notice that there is just about always a picture or depiction of the place that the wall wart plugs into the unit. That depiction will usually have the voltage and current required as well as the polarity of the plug.

Back not too long ago it was anyone’s guess if the center was positive or negative and, the information about the voltage, current or even if it were AC or DC was just not there.

Looking at this early wall wart “from the 70’s” you will note that it is small in size and has a plug on it that when inserted into the radio momentarily is greeted with a short. This type of plug should not be used for power. This charger is rated at 9volts dc with just a few mils of current. The reason for this is it was designed not to run the radio but to charge the batteries inside it. While the radio that this goes to is otherwise a good radio this is a poor design. Admiral would have been far better off to include the power supply inside the radio capable of running the radio as well as charging the batteries instead of using this, (which was a cheap alternative.) Also note that the plug is broken and should be repaired before use. Interesting to note: this supply is not regulated and in fact cranks out 21volts DC with no load.

With older devices I have to check before simply plugging in some sort of power source as some of the older radios that I mess with were made before any standards were envisioned.

Some manufactures made positive the ground, which makes an interesting troubleshooting exercise for those of us who are used to negative as the ground.

We all end up with a box of these wall warts before too long and often times they are not labeled as to what they went with. My guess would be that the manufacturer of the device purchased power supplies from some vendor that would work with their device and a host of others.

It is a good idea to label what device that wall wart came with if it is not so labeled on the power supply itself. I have seen some use a silver Sharpe to label them which is a great idea!

Things to note when looking at your apparatus and trying to match up the wall wart. Voltage required, Current required, size and type of connector, polarity if DC, or is it AC?

If you have cats you might want to examine the wires from time to time as some cats or other critters like chewing on cords. For people in this predicament wrap your wires in “spaghetti.” No not pasta but something called spaghetti which is a tough plastic coiled covering designed to keep all the wires together and neat. It also deters small critters from chewing on them. Larger critters may need better solutions like Panduit. I have found some of these things at IKEA. Electrical Supply houses are another good bet and of course there is always eBay.

I would be remiss not to mention your smoke alarm at this point as many of us loose some ability to smell as we age, or have a cold, or what have you.

Feel of your wall warts from time to time, warm is normal, hot is not! Some power supplies for laptops get too warm for my taste, but I think they would tell you it is normal. If in doubt, have it checked out. Safe rather than sorry is not a shabby way to live your life.

Look under the desk from time to time and examine your wires and cords to make sure that they have not been cut by the chair rolling over them or some other heavy object sitting on them. This is especially true of your children’s room. I was in a house doing some computer work when I noticed that there was probably 30 plus amps of current being taken out of one wall receptacle. The wires under the desk looked like a bowl of spaghetti “the eating kind” and there were heavy objects sitting on the wires along with them being under the rollers of the chair.

Wall receptacles in most houses are not made for this type of use. The bedroom may be on one 15 amp breaker and the outlets wired with number 14 wire; which is basically made for lighting. These are all things to look at when putting computers in bedrooms. The good news is that again technology is becoming more efficient and less current is used with newer devices than older. It is still something to talk with an electrician about if you have the slightest cause for concern. The simple fact that this kids breaker did not blow for his room really bothered me in that he had a gaming machine, three monitors and a plasma TV… Add to this the stereo, lights,fans, guitar amp and other electrical things other than this being one spoiled child there was simply too much in that room for what the circuit should have been able to provide.

Feel the outlet covers, are they warm? They should not be….

-Best to you and those that you care about!

Disasters Big and Small

As a Disaster Recovery Specialist, I walk into many companies that are one step away from disaster. Some of them have been living on a wing and a prayer for a long time and are absolutely oblivious to the precipice on which they are perched.

One of the largest challenges one faces in this line of work are people. By that I mean more specifically egos. People are threatened by someone that “knows more than they do.”

Let me tell you a secret. This is a Jack Palance type secret, (from City Slickers) “This is the one thing” that will save your keister as well as change your attitude.

I worked for a man who owned this business that was very successful. I was a young guy fresh out of school and this guy saw something in me that I remember to this day. As time passed he took me under his wing and helped me knock some of the rough edges off of my “perception” of the world as it was. He took me out one day to JC Penny and had some sales clerk measure me for a suite and then he picked out a couple of them. We went to the shirts and he purchased a few of them right down to the shoes. While these were not super expensive, they were not cheap and his generosity never escaped me. The only thing that he did not replace were my shorts! Some might have taken offence to this but I am no creature of fad or style and while I would not qualify for a candidate on “what not to wear,” I did know that style was not my strong suite. “Knowing your limitations” is good advice, but not the secret.

Later he had me take over the service manager position in one of his branches which came with a company car and credit card. This was before the tax laws changed. He told me to use the car as I wished and if I took it on vacation to at least “pay for some of the gas myself.” He took me over to the office which was a good drive from the Dallas office. He regaled me with stories of advertisement and marketing. He told me the story of the sign with the waterfall on it by downtown Dallas. Back then it was a Pearl Beer sign. This man was pretty close to deaf. He was from Georgia and his accent was still very thick. It turns out that he was a tank commander in WWII. He told me that the secret to survival is to “surround yourself with smart people.” That not only applies to war, but business and oh yes, life in general. If you want to be successful, surround yourself with people smarter than yourself and learn to humble yourself. It is only by this step of humbling yourself will you realize the advantage of being around these people. I have never forgotten this and to this day I still practice this.

I offer this advice to all IT people in that “you are not the end all be all.” You cannot know it all even though you think that you do. We become focused on what interest us and then the rest of technology passes us by. Learn to control your ego for it is your enemy. No doubt you have heard the phrase “you are your own worst enemy.” Think of the truth of this statement and then marry it, own it and then change it. When someone starts talking to you about something which you think you know about and you feel that “anxiousness” start to well up inside, recognize this for what it is, you’re undoing. Squelch the feeling, take a deep breath and listen to what this person has to say. It may be worthy of hearing or it may be total crap. Before long this will be habit and you will have trained your ego to stand down.

One of the first steps in the DR process is an AUDIT. In order to prepare for a disaster one has to know what one has. This is done by an audit of the technology, how it is configured and of course managed. We look at policies and procedures and just really get into your business in a big way. The more you work with us the more you will get out of it. Conversely the more truculent or evasive that your staff is, the more it will cost. This is a “by the hour” service and time is money.

Audits are never fun but necessary, in that no one is perfect. Audits uncover the “dirt” so to speak and no one wants to acknowledge that they have dirt. Nobody wants to look bad so they are either un-helpful or become very defensive and blame the guy before them and so forth. No one in their right mind would welcome an IRS audit because of this. You know that you are playing by the rules but the rules are thousands of pages long. What if? Individuals should budget for an accountant for this reason. Companies should have more than one accountant “even if it is a small company” in that they can check one another. (another story for another blog)

While IT audits wont land you in front of a judge, it could have an effect on the bottom line in that deficiencies could be uncovered which could end up in with un-budgeted expenditures. Having an up to date DR and BC plan will not only prevent this but, will keep your IT department on their toes and up to date. A fresh set of eyes looking at how things are done contrasted against your business processes and needs, often bear fruit in that there may be a better way to do things. Personally I subscribe to “best practice” methodologies and policies.

Some companies don’t take IT seriously and look at it only as a necessary evil. An attitude which must be changed as IT is much more than a necessary Evil. IT is a resource which ties the entire company together. This department is the glue that binds most departments together as well as the interface between the customer and the company. In looking at the want ads occasionally one might notice ads for IT people with the following “PC Wizard” needed. Really? Does this person come from over the rainbow? The simple facts are that some HR people are totally bereft of any ability to interview for this position and the company as a whole does not take the department very seriously. I would liken this to the “audio visual club” at school. Know this all you who mock them, the nerds will inherit the earth. I digress..

If you really look at the way that your technical infrastructure touches every person in your company and your customers; your attitude on this matter might change.

During the process of a disaster recovery plan, this becomes very clear in that one of the pieces of this plan is a Business Impact analysis. It is during this process that the lights turn on in the CEO’s, or CFO’s head. I have heard the question posed to the CIO or CFO on many occasions “why hasn’t anyone told me this?” The simple facts are that the CEO’s job is to run the company, not the IT department. He or she depends upon the CIO to look out for the company on all things IT and a DR plan is simply one small part of it.

Simple programs like asset management and S.A.M. “software asset management” are not only not in play, but not even thought of. How can one budget for new stuff if one has no clue what one will need down the road? A complete Asset management program should be SOP in any company. This program accounts for hardware from the cradle to grave.

The same is true regarding software. Often time’s, companies pay way too much for software as it is installed by policy on computers with users who will never use it. Users may bring in their own software and install it, leaving a liability for the company to contend with should there be a software audit and it is done by the SBA.

While there are no good surprises in business there are certainly no good surprises after an event has been suffered by a company. A fire in the data center could take the entire company out of the marketplace for good.

Fire caused by poor cable management practices.

Human error accounts for a large percentage of the events which caused companies to fail. Doing a root cause analysis on failed companies who suffered a disaster you find that they did not value such a thing as “it will never happen to me.” You don’t have to suffer a Sandy or Katrina type event to bring your business to its knees. A simple mistake from some employee, working for a company without a business continuity or disaster recovery plan can ruin your day, if not your career.

It is at this time many companies wish that they had spent the money on such a plan. Too Late… If you fail to plan you plan to fail.

You can purchase insurance which will assist with the closing of the company but, that is not the way to go out of business, with a whimper, because you failed to plan.

Updated documentation of your infrastructure otherwise known as a “living document,” should also be SOP. IT folk absolutely do not like documentation, more specifically creating it. There are many schools of thought on this reason, but I suspect that laziness along with a “need” to have proprietary information so they are not expendable weighs somewhere in their decision. If the latter is your reason for not doing what is right for the company you need to re-examine your life.

If you are taking the paycheck you owe your employer the best that you can offer. If you managers feel like you have people in your department who are not expendable you need to address this post haste! One rule of preventing a disaster is avoiding single points of failure; and that means people as well.

Part of disaster recovery is averting disasters to begin with! Through solid best practices in policies and procedures, a large percentage of disasters can be negated.

One last topic on the subject that comes up from time to time. “Do I have a legal obligation to have a DR/BC plan?

The answer is not as clear cut as one would like. The interesting thing however from a legal perspective is that there is legal precedence whereby companies were held liable for failing to provide a more error tolerant system. They in fact were found to be negligent and case law purports to award large sums of cash to the plaintiff. These cases not only hold the owners of the company negligent but any and all officers of the company are liable. Think carefully about that promotion and VP title.

While companies are apathetic towards spending the money on such a plan, doing so is not only moral, it is strategic and most likely a legal obligation. As Billions of dollars are spent annually on technology to maintain a competitive edge “standards of care” and due diligence are required of all corporations both public and private. Not having such a plan violates the fiduciary standard of care.

-Best to you!

staylor@guard-protect.com