The "January Effect" - An Annual Phenomenon Since 2009

I was recently interviewed for a feature in Discover magazine's Top 100 Stories of 2012 (January 2013 issue - on newsstands now). I'm #62 "Defender of the Digital Domain". During the interview, I was asked about a future forecast for 2013. I mentioned a phenomenon that I've noticed each year since 2009 - a major breach or act of cyber warfare that kicks off the New Year. It may start in December and then get publicized in January, or happen in January and get publicized a bit later but it has happened four years in a row now so I fully expect it to occur once again.

December 2008 - January 2009: Operation Cast Lead (a land war w/ thousands of simultaneous cyber attacks between Israel and Hamas)
December 2009 - January 2010: Google and 20+ companies are breached
January 2011 (approximate) - March 2011: RSA was breached sometime early in 2011 with the announcement being made on March 17, 2011.
January 2012: A hacker announces that he has Symantec's source code for Norton and other products.

What will occur or be announced in December 2012 - January 2013? I have no idea but I'm confident that it'll be something impressive.

Add to Cart View detail

2012: Blood in the Water

2011 was the year that our perceived security was stripped away. EMC’s RSA division was breached and soon afterward so were some of its customers. The world’s largest anti-virus companies have been taken to task for selling snake oil (also known as anti-virus) to gullible CEOs. Local police departments were unable to protect their own officers’ personal and confidential information. The FBI’s Infraguard program was repeatedly hacked. And the directors of DARPA and NSA have recently both agreed that after many years of trying they’ve failed to come up with a security model that works.

We’ll be entering 2012 more vulnerable than ever before because at least part of our security relied upon the perception by bad guys that those charged with our security, both public and private, could do the job. Well, that myth has been busted which gives rise to opportunity. Conversely, over 28 nations and counting are developing offensive cyber capabilities, and the really malicious actors of the world like drug cartels and extremist groups (both domestic and foreign) are rapidly learning what’s possible vis-a-vie attacks through cyberspace. In other words, those with the means to act are growing quickly.

Finally, the anger and frustration of the expanding Occupy movement combined with the onset of hate-fueled politics that accompanies a Presidential election year - especially against this President - will engender widespread motivation for people to take action. With means, motive, and opportunity solidly represented, I fully expect 2012 to produce one or more multi-modal cyber attacks against a U.S. target which will result in serious harm if not loss of life. By multi-modal, I mean an offensive operation where a cyber attack represents one component. Once there's blood in the water, you can expect more of the same to quickly follow.

The very worst part of this prediction is that its inevitable. CEOs typically refuse to act to protect their own companies if it cuts into profit. The U.S. government has refused to do what’s necessary to protect our nation’s critical infrastructure because it's 90% privately owned, and our laws and system of government has enabled this massive malfeasance so that everyone responsible can claim absence of malice. In the words of Upton Sinclair and the movie based upon his book Oil! - "there will be blood". It's just a matter of time.

Add to Cart View detail