It’s very interesting that when the presidents of the United States of America and the People’s Republic of China recently met in California, we were told that on the agenda will be a discussion about China using cyber attacks on US companies and infrastructure.

It’s interesting because in the same news cycle we were told that the US has a permanent process in place to take phone records and run them through a data mining tool caused Prism to determine who talks to who and when and for how long.

Whether through cyber attack or surveillance, in both cases it is clear the owners of the data are having it taken from them by means other than surrendering it willingly. Hacker shadow

So my question here is when is an attack an attack?  I believe that it must be when there is a determined attempt to get into infrastructure to navigate and otherwise delve into whatever is there.  What happens if the door is, so to speak, left open? What happens when a machine is not protected and is left so that it can be logged into? Cyber laws are closely modeled after the “real” world and even if a door is not locked, it is still trespass to enter.  But what if you were just able to discover it?  Is that “finders keepers”?….humm!

Far more focus should be directed by organizations and individuals as to what is out there and readily available. As people seemingly without thought and, therefore with the appearance of being willing, are spewing their personal information out via social media and email.  Although there are periodic discussions when a government somewhere gets upset with Google, Microsoft or Facebook and slaps on the wrist follow, we all need to understand that nothing really changes.

What I don’t understand is why people and organizations will take such poor security postures and then get outraged when organizations collect their data, often with nothing more sophisticated than a Google search.  In fact, here at netlogx when we carry out Penetration Testing, the first thing we do is to carry out what is termed “Google Hacking” where we use the search engines to turn up as much openly available information about a company as we can.  It is truly amazing what is out there.

So here’s my take on the conversation between the presidents.  I don’t care.

But what does annoy me intensely is the outrage being expressed by Silicon Valley at the Federal Government’s actions.  Can you say, “hypocrites”?  These are people who have been greatly enriched by mining the personal data and interactions that make up the internet.  If you don’t like it, give back all the money you made selling your Facebook shares.

So here’s my take on the whining.  You don’t fool me, you don’t care and you want people to be lax with securing their information.

Quote: There’s a danger in the internet and social media. The notion that information is enough, that more and more information is enough, that you don’t have to think, you just have to get more information – gets very dangerous. – Eduard de Bono.