Twenty years ago, most North American hackers you met were kids trying to impress their friends. Their older brothers had watched War Games and Hackers and were totally let down when they learned that you couldn’t exactly hack into government installations using a 56K baud modem, no matter how good your script was, but 2001 was a strange new world with better tech, and they felt anything was possible.
It wasn’t.
They had either stumbled into some programming knowledge or they bought some scripts off the internet, and got their older brother to show them how to use them. Flash forward to today, and the advent of SMART technology, cloud-computing, and the general advancement of computer technologies have made the far flung ridiculousness associated with late-80’s and early-90’s era hacker movies a real possibility, and a real threat.
Granted, there’s nobody hacking NORAD and taking control of nuclear launch codes like in War Games, but the prospect of someone hacking a major government or corporate installation and stealing vital information isn’t just a probability—it happens regularly.
That’s why President Joe Biden included certain dispensations in an executive order to increase America’s cybersecurity last week. It’s primarily because hacking is no longer the purview of bored teenagers poking passive aggressive fun at their parents lack of technical savvy. Now it’s very much the province of adults and should be treated as the threat it is.
Here’s Ian L. Paterson, CEO of Plurilock Security (PLUR.V) to bring home the gravity of the situation:
“Following the latest sophisticated cyberattacks on U.S. private companies and federal government networks, the executive order is an important step for the U.S. Federal Government to take a more aggressive approach in preventing data breaches, most notably through the adoption of a zero-trust policy and MFA solutions. Plurilock’s team is focused on securing new contracts, and government organizations are a key vertical in our strategy. The distribution channels from our recent acquisition of Aurora position us well to deliver solutions to government customers, and grow our client base within the public sector.”
What is Plurilock?
Plurilock Security’s primary gig is cybersecurity and what they offer isn’t exactly Avaste Security Suite.
They use identity-centric cybersecurity paired with artificial-intelligence, cloud friendly security technologies that handle identity assurance that’s easy to use. No long, ridiculous and ultimately weak passwords. No more easy-to-guess identity questions. They use something called continuous authentication to verify the identity of the user working remotely. For example, it analyzes the subject’s unique keystroke patterns and compares them to patterns previously collected by the system.
That’s some serious innovation right there, and it has to be, especially now that the hacker bottom feeder is the goofy Ghanian prince catfishing his way into the lives and wallets of the single and horny. What this guy does is drop a trojan onto Jim (or Karen) from accounting’s computer when they open the attachment of whatever pornstar being used in the scam—and then use the trojan in an exortion scam.
If this happens at work, then said Ghanian prince has access to the network and vital files can go mysteriously missing. It’s high end chaos for low-end profit, because most of these clowns don’t know how to monetize. The high end hacker, though, is a different breed altogether. Often, a remote operating government official, paid and trained to infiltrate both government installations and corporations from enemy countries.
There’s not much Plurilock’s going to be able to do about the Jim and Karen’s of the world. Social engineering is
the stock and trade—the baseline skillset if you will—of any good con artist, be they digital or the three-card monte hustler on the corner. Where companies like Plurilock are going to make their name (and their money) are with the big clients.
New threats
SolarWinds (SWI.NYSE) is an American software developer for networks, systems and information technology infrastructure based out of Austin, Texas. Late last year, The Washington Post reported that multiple government agencies had been hacked courtesy of SolarWinds’s Orion software, wherein hackers later tied back to Russia, acquired superuser access and started printed tokens giving hackers trusted and highly privileged access, which they then used to access peripheral networks to the Orion software.
Victims include the cybersecurity firm FireEye (FEYE.Q), the US Treasury Department, the US Department of Commerce’s National Telecommunications and Information Administration, as well as the US Department of Homeland Security.
It was later discovered that the hackers who carried out the intrusion were in the company’s system as early as January 2019.
“The tradecraft that the attackers used was extremely well done and extremely sophisticated, where they did everything possible to hide in plain sight, so to speak,” said Sudhakar Ramakrishna, CEO for SolarWinds.
Not exactly script kiddies.
What’s being done about it?
The executive order we mentioned earlier was created to help U.S. federal government organizations with their cybersecurity to help confront the malicious wave of cyberattacks. The implementation of zero-trust architecture and use of multi-factor authentication (MFA) were among the suggested steps and protocols in the executive order.
According to Charlie Gero, CTO of Enterprise and Advanced Projects Group at Akamai Technologies (AKAM.Q) Zero Trust is:
“The strategy around Zero Trust boils down to don’t trust anyone. We’re talking about, ‘Let’s cut off all access until the network knows who you are. Don’t allow access to IP addresses, machines, etc. until you know who that user is and whether they’re authorized.”
Before President Biden announced the executive order, he released a fiscal 2022 budget blueprint wherein his intention is to allocate $2.1 billion for the country’s federal cybersecurity agency. Normally, given the recent surveillance-state debacles of the National Security Agency, listening in on our e-mails, it would be a terrifying possibility, but the time to sneak this one through is definitely now. Biden also signed the American Rescue Plan in March of this year to give an addition $1.65 billion to advance cyber defense initiatives.
Too little too late for Solar Winds, but there’s hot government contracts in the offering. That can’t be a bad thing for PLUR or for you, if you’ve got some of their paper.
—Joseph Morton
Full disclosure: Plurilock Security is an equity guru marketing client.
