Israeli Software

I want to challenge the effectiveness of top-down, monolithic security frameworks (ISO 27001/PCI DSS) – I submit that rapidly changing threats – social networking, cyberstalking, social engineering, cyber-stalking and custom spyware are threats that exploit people and system vulnerabilities but are not readily mitigated by a top down set of security countermeasures.

The recent case of the Opsec security violation on Facebook in Israel reported by the Jerusalem Post, is a good example of how a hierarchical organization (Army) is threatened by a flat social network. The good news was that the security countermeasure was found the social network itself – herein lies the lesson.

The IDF was forced to cancel a recent arrest operation in the West Bank after a soldier posted information about the upcoming raid on his Facebook page.The operation was scheduled to take place several weeks ago in the Binyamin region. The soldier, from an elite unit of the Artillery Corps, posted on his Facebook page: “On Wednesday, we are cleaning out [the name of the village] – today an arrest operation, tomorrow an arrest operation and then, please God, home by Thursday.”

The status update on the soldier’s page was revealed by other members of the soldier’s unit. His commanders then updated Judea and Samaria Division commander Brig.-Gen. Nitzan Alon, who decided to cancel the operation out of concern that the mission had been compromised.

Organizations need to leave the static top down control frameworks a few times a year and look outside the organization for links and interdependencies – and talk to the soldiers in the trenches in customer service, field sales and field service.

The information you will get from people outside your firm and from people with dirty hands is far more valuable than rehashing the ISO27001 check list in an audit.

The most valuable data is from questions you haven’t asked yet – not from a checklist in an Excel spreadsheet in the hands of a junior auditor from KPMG.

In music, dissonance is  sound quality which seems “unstable”, and has an aural “need” to “resolve” to a “stable” consonance.

Leading up to the Al Quaeda attack on the US in 9/11, the FBI investigated, the CIA analyzed but no one bothered to discuss the impact of Saudis learning to fly but not land airplanes.

Dissonance in organizations is often resolved  by building separate silos of roles and responsibilities.

However, it is impossible to take wise decisions on risk management in the business when the risk intelligence is in separate silos.

We help protect customer data and intellectual property from fraud and breaches of confidentiality.  We’re always looking for interesting projects – call or text me at  +972 54 447 1114 at  any time.

Martin Hellman (of Diffie Hellman) fame maintains the Nuclear Risk web site and has written a very insightful piece on risk analysis of nuclear war entitled Soaring, cryptography and nuclear weapons

Hellman proposes that we need a  third state scenario (instead current state – > nuclear war) where the risk of nuclear holocaust has been reduced by several orders of magnitude from today to an acceptable level.

This makes sense and it’s an intriguing idea as an exercise in risk analysis of information security and data protection to see if there is a third state of reduced risk that where the risk of data breach and major data loss events is reduced to acceptable levels.

That’s one thing that got me thinking.

The second thing is the quote from Fyodr Burlatsky, one of Khrushchev’s speechwriters and close advisors, as well as a man who was in the forefront of the Soviet reform movement:

In Krushchev’s eyes [America insisting on getting its way on certain issues] was not only an example of Americans’ traditional strong arm policy, but also an underestimation of Soviet might. … Khrushchev was infuriated by the Americans’ … continuing to behave as if the Soviet Union was still trailing far behind.

So here we are – 2009 and President Obama is insisting on getting his way on certain issues with the  Iranians, who pose a serious nuclear threat to the world.  But no only Ahmadenijad – the Russians and the North Koreans are also  infuriated by the Americans’ … continuing to behave as if they are still trailing far behind.

If you thought that working in high-tech  is  rough – just consider how tough it is to be a musician in Afghanistan.

JALALABAD, Afghanistan (Reuters) – Taliban fighters beat musicians, shaved their heads and left them tied to trees overnight because they performed at an Afghan wedding, a village tribal chief said Monday, a sign of the fighters’ growing influence. While in power from 1996-2001, the Taliban banned music as un-Islamic.

The militants have returned to areas in the east and south of the country, where violence has sharply spiked in recent years. They attack government officials, Afghan police, foreign troops and schools that teach girls, another practice they forbid.

“A party was going on when a group of Taliban grabbed five musicians and started beating them and smashing their musical instruments,” said Rahmatullah Khan, a head of Merke Khel village in the east of the country.

“The musicians were tied up with rope to trees last night and villagers found them in the morning when going out for prayers,” Khan said.

Khan said Taliban fighters shaved the heads of the musicians and made them take oaths in the presence of villagers that they would not sing or play music at weddings again.

Afghan weddings and engagement parties in rural areas are traditionally celebrated with hundreds of guests, music and singing that often continues until late at night.

(Reporting by Rafiq Sherzad; Writing by Hamid Shalizi)

It seems that the GFC is creating a movement of migratory hi-tech workers from Silicon Valley to the Beltway. I’m not sure that an unemployed IT security analyst turned hacker is the best choice for a defense contractor – the really good guys and gals are always in demand – and those DC summers are the pits. The weather in Mountain View is a lot nicer.

Daniel D. Allen, who works for Northrop Grumman, claims that federal spending on computer security now totals USD 10 billion annually, including classified programs. So there is a lot of lard in the pork barrel for cyberninjas who don’t mind the 95% humidity.  And with the recently publicized data breach of sensitive design and electronic systems data  from the $300BN F-35 Lightning II fighter project – there’s plenty of asses to be covered. Then again – with peace in our time looking to arrive by end of year from President Obama, we will not need all that hardware – I hear the beer is pretty good in Munich.

Here is the article on Presstv -

Military giants including Northrop Grumman, General Dynamics, Lockheed Martin and Raytheon are now busy with recruiting “hacker soldiers” to address the new demand for an unconventional cyberwar and in a way to blend the new capabilities into the nation’s war planning.

My friend Jacob Richman wrote a page on his web site explaining why he will vote Ichud Leumi (NUP). As a person who has traditionally voted for religious/Zionist parties – I feel compelled to answer Jacob in public.

There are a number of flaws in his argumentations regarding the National Union Party (NUP)

1. The NUP doesn’t have a national agenda – i.e. they don’t have positions on economics, industry, trade, energy, environment, transportation and healthcare in their platform.  They are a “one trick pony”
The country runs on taxes  – without a strong economy the entire question is moot.   I believe that our future is at stake on the economic issues and since the NUP doesn’t even have an economic platform – they are non-starters in my book.

2. The NUP has neither  electoral power nor post-elections political power – which brings me to my third point

3. They are politically weak (and whatever political clout they have is generally wasted on the usual internecine politics endemic to the right and religious parties).  As a result – they will never be able to keep their promise of preserving Erez Israel to their voters.  It’s like me promising you that I’ll go to the supermarket and shop for you without having enough money to  pay for the groceries at the checkout counter.

4. The country is better served with 2 large parties with clear national agendas that represent large portions of the electorate. By supporting the continued existence of small parties like the NUP we weaken the democratic process not strenghten it. Crucial national  decisions must be decided on the basis of a majority vote not on the basis of coalition in-fighting and log-rolling.

The one-sided UN resolution that didn’t even mention Hamas was not surprising. It’s 14 days into the war on Hamas in Gaza and it appears a good time to share  a few brief facts on the Israeli-Palestinian conflict -

1. Nationhood and Jerusalem.  Israel  became a nation in 1312 B.C.E. Two thousand years before the rise of Islam.

2. Arab refugees in Israel began identifying themselves as part of a Palestinian people in 1967, two decades after the establishment of the modern State of Israel .

3. Since the Jewish conquest in 1272 B.C.E., the Jews have had dominion over the land for one thousand years with a continuous presence in the land for the past 3,300 years.

4. The only Arab dominion since the conquest in 635 C.E. Lasted no more than 22 years.

5. For over 3,300 years, Jerusalem has been the Jewish capital.  Jerusalem has never been the capital of any Arab or Muslim entity.  Even when the Jordanians occupied Jerusalem, they never sought to make it their capital, and Arab leaders did not come to visit.

6.  Jerusalem is mentioned over 700 times in the Old Testament.   Jerusalem  is not mentioned once in the Koran.

7. King David founded the city of Jerusalem.  Mohammed never came to Jerusalem.

8. Jews pray facing Jerusalem.  Muslims pray with their backs toward Jerusalem.

9. Arab and Jewish Refugees: In 1948 the Arab refugees were encouraged to leave Israel by Arab leaders promising to purge the land of Jews.  Sixty-eight percent left without ever seeing an Israeli soldier.

10. The Jewish refugees were forced to flee from Arab lands due to Arab brutality, persecution and pogroms.

11. The number of Arab refugees who left Israel in 1948 is estimated to be around 630,000.  The number of Jewish refugees from Arab lands is estimated to be the same.

12. Arab refugees were INTENTIONALLY not absorbed or integrated into the Arab lands to which they fled, despite the vast Arab territory. Out of the 100,000,000 refugees since World War II, theirs is the only refugee group in the world that has never been absorbed or integrated into their own peoples’ lands.  Jewish refugees were completely absorbed into Israel, a country no larger than the state of New Jersey.

13. The Arab – Israeli Conflict: The Arabs are represented by eight separate nations, not including the Palestinians. There is only one Jewish nation.  The Arab nations initiated all five wars and lost.   Israel defended itself each time and won.

14. The P.L.O.’s Charter still calls for the destruction of the State of Israel.  Israel has given the Palestinians most of the West Bank land, autonomy under the Palestinian Authority, and has supplied them.

15. Under Jordanian rule, Jewish holy sites were desecrated and the Jews were denied access to places of worship. Under Israeli rule, all Muslim and Christian sites have been preserved and made accessible to people of all faiths.

16. The U.N. Record on Israel and the Arabs: of the 175 Security Council resolutions passed before 1990, 97 were directed against Israel.

17. Of the 690 General Assembly resolutions voted on before 1990, 429 were directed against  Israel.

18. The U.N was silent while 58 Jerusalem Synagogues were destroyed by the Jordanians.

19. The U.N. Was silent while the Jordanians systematically desecrated the ancient Jewish cemetery on the Mount of Olives.

20. The U.N. Was silent while the Jordanians enforced an apartheid-like a policy of preventing Jews from visiting the Temple Mount  and the Western Wall.

Danny Lieberman

Software Associates

Expert security consultants, providing internal security solutions:  investigating  and preventing data theft and fraud for telecommunications, manufacturing and pharmaceutical companies in Eastern Europe and the Middle East.

Would someone explain the difference between Militants and Terrorist Organizations?

Do definitions matter?

The PCI DSS 1.2 standard confusingly labels anti-virus “threat management” and security folks often confuse a vulnerability (a state of weakness of an asset) with a threat (something or someone that exploits the vulnerability to cause damage to the asset). I guess it’s ok – after all, information security is not life and death like the war against Palestinian terror.

The US State Department appears to be confused – are we fighting “militants” or “terrorists”?

Here’s what I mean.

The American Embassy in Tel Aviv came out with a travel warning for US Citizens in Israel December 30, 2008:

U.S. Government Employee Travel Restrictions Due to IDF’s Gaza Operation and Longer Range-Rocket Attacks against Israel by Militants and Terrorist Organizations in Gaza

A common definition of terrorists are people who attack civilians.   It seems that makes all of the Palestinian organizations terrorists ne’st-ce pas? Here’s the full announcement:

It is crucial to ask how we can adopt and execute a sustainable long-term strategy to combat and win the war against Islamic terror.

I’m an Israeli and we have seen a series of Israeli governments attempt to combat terror. In most cases, the strategy to combat Palestinian terror centers on worrying what the US and EU think of us. Not surprisingly, the focus on PR, image and relations with third parties rather than a root cause analysis of what the Palestinian terrorists really want   has failed. In this post, I will explain why Israel is losing the war on terror, basing my analysis on empirical observations rather than political imagery and spin.

First of all where are we today?  The so-called Oslo Peace process (and similarly-architected roadmaps of various sorts from the US or Saudi) are not only failures but significant contributors to continued violence; empirical evidence shows  many more victims of terror violence after Oslo than before Oslo.

In late 2008, Yossi Beilin – one of the architects of the Oslo Accords, and one of the leaders of the left-wing Meretz party, has announced his resignation from public life. That says something – Oslo is universally declared by both Palestinians and Israelis (across the political spectrum) to be a colossal failure that resulted in loss of thousands of Jewish and Arab lives.

In the wake of the Barack Obama’s election to US President, and his team of policy advisors that came out of the Clinton and Carter administrations – it is time to examine the root causes of the failure of the international community to combat Palestinian terror. Max Abrahams writes in his article “What Terrorists Want”, that “the international community cannot expect to make terrism unprofitable and thus scarce without knowing the incentive structure of its practioners”.

The Carter administration brought us the fall of the Shah in Iran and the rise of Houmeini and now Ahmadinijad. The Clinton adminstration brought us 9/11.

Over the past 30 years, Israeli governments employed a variety of strategies to battle terror: a strict no concessions policy (during the 60s and 70s), promoting democracy (the Oslo agreement that created the PA and resulted in several elections for Palestinian self-determination) and land-for-peace appeasement (the disengagement from Gush Katif). None of the strategies have succeeded and if anything have resulted in more attacks on Israeli citizens, more Palestinian fatalities and economic hardship and higher costs for Israel with building of the security fence that carries a steep economic and domestic and international political cost.

The dominant assumption by Israeli governments (and prevailing model in academic terror studies) is that terrorists attack civilians in order to achieve their political objectivess. According to this model – terrorists act rationally to maximize their political benefit, choosing terror when the expected political gain less the estimated cost is greater than expected benefit of the alternatives.

However – Hamas and it’s competing terror organization Fatah both act irrationally – preferring continued violence to peace. More importantly – Israel and the West are acting irrationally in the war against Islamic terror, consistently taking steps that never work.

The reason for this is fairly simple – although the solution itself requires a very basic change in the way we behave.

Israel, Europe and the US consider this a political conflict with political solutions; in fact this is a religious conflict with military and religious solutions.

Islam values land and does not value human life. Islam’s strategic objective is to convert all non-Muslims to Islam by the sword.

Israel values life and is willing to compromise on land. Judaism’s strategic objective is to bring light to the world.

The religious part of the solution is for Jews all over the world and in Israel to execute their Jewish strategic objective – just as the Muslims as exercising their strategic objective:  bring light to the world  through personal example, strengthening personal belief in God, performing mitzvot and learning Torah.

The military part of the solution must be zero tolerance to Arab violence – one rocket fired against Israel – decimation of an entire city. I am sorry that it must be this way – but the path of fulfilling and living Jewish values with a strong hand against terror is the only way to win this religious war being waged by Islam.

I got this from my sister in-law Judith Bedichi this morning – it was written by Dr. Guy Bechor and describes an escalation of security threats to the Jewish State of Israel.  The Israeli Supreme Court is highly-regarded yet clearly preferential to Israeli Arabs, with liberal rulings allowing operations of radical Islamic groups in the name of democracy and human rights.  Dr. Bechor submits that the Supreme Court is a  vulnerability that has been systematically exploited by false claims of groups like Adallah, aiding and abetting security threats to Israel. If you know Hebrew it’s an interesting read.

מסמך “החזון” שחיברה הנהגת ערביי ישראל - לאור מה שקרה בעכו.

מאת דר‘ גיא בכור

בחדשים האחרונים פרסמו ‘ועדת המעקב העליונה של ערביי ישראל‘, ‘וועד ראשי הרשויות הערביות‘ וארגון ‘עדאלה‘ את “מסמך החזון” ! שלהם, כיצד צריכה להיראות מדינת ישראל, ועל מה הם נאבקים. מעניין לציין שאת הארגונים הללו מממנים או מדינת ישראל או יהודים ליברלים מארצות הברית, החושבים שככה הם עוזרים לישראל.

בקצרה, אם לסכם את המסמך הגזעני הזה, הקובע ש “ישראל היא תולדה של פעולה קולוניאליסטית שיזמו האליטות היהודיות-ציוניות באירופה ובמערב“, אילו הם דרישות הערבים, הרואים ביהודים “רוב מהגר“:

Read more…