What if…

consider-the-following
Copyrigt FOX

What if Great Britain, Germany, Italy, Sweden,…  had WHS tamper-proofing technology?
Would the US be prevented from spying?  We are not in the business of getting our military technology by copy-cat and espionage of our allies, I hope. They need to prevent their secrets from leaking, both to their and to our enemies. However, any others who spy on the above countries would have less success if WHS technology would be in place.

What if China had our tamper-proofing technology?
Would we be prevented from spying?  Maybe.  I doubt that puts us back a lot, I think our technology is ahead.  It may put back some other countries. China may have slightly less motivation to speed up the arms race.  Good for the Chinese people, good for us.

What if Russia had our tamper-proofing technology?
Would we be prevented from spying?  Could be.  A small price to pay for other countries spying on Russia having a harder job. Russia may have slightly less motivation to speed up the arms race.  Good for the Russian people, good for us.

What if Iran, Iraq, ISIS…
I can’t see where that would cause real suffering for us, nor for anybody else, them included.

What if organized crime had our tamper-proofing technology?
We make code hard to reverse engineer, or to tamper with; we don’t make code easy to hide.  (The bad guys depend strongly on hiding their stuff.)

What if the US would use our tamper-proofing technology?
what-ifFewer secrets would be lost through reverse engineering. There would be less fear software sabotage.  Our defense technology wouldn’t really be more potent, but it would last longer until it is outdated.  Cyber-criminals would need to work harder on any software that has been protected with WHS technology.  Less profit for cyber-criminals will certainly not cause more crime.

What if software producers, movie producers had our technologies to protect their copyrights? There could be more revenue where it belongs, and less revenue for stolen copies.

Waging War on Hackers

For the 2015 State of the Union address, cyber security played an important role.  New laws go-to-jailwere proposed.  Such laws are not unproblematic however.  Rob Graham made some interesting comments in the “Wired Magazine” about what might happen with such laws.  That is how governments, ours included, seem to act.  I would never think the bad consequences were intentional.  I think this is nothing more than a simple over-reaction to a problem which seems to get out of hand.  Hacking is the new scare.  People are either totally unprepared, or deadly scared.  Neither is rational.  Enacting laws when scared is almost a guarantee for enacting bad laws.  I recommend punishing performing a crime, but don’t make the punishment depending on the technology and on how scared the victims are.

In our opinion, there are better solutions to cyber-space problems.  The essence of the best solutions lie probably both in the social and economical adjustments.  However, the part of the solution a startup company like ours can safely provide is on the technological site.  With some good technological solution there wouldn’t be a need for overreacting and society would by kinder and safer.
There rarely is a one technology which fixes all. However, there are several technologies which can make a difference.  Tamper proofing your software for example. It may still be overkill for simple problems like stealing from buggy websites.  But tamper proofing is ideal for critical software.  Maybe this method of protecwe_the_peopletion will become standard and thus can easily be affordable, so it can be implemented everywhere, but not yet.  Tamper proofing may not be the only solution, but it is a good one.

Compare your digital treasures to your nest egg of savings.  Do you pile your money on the front lawn, make tougher laws and blame the neighbors when the pile is gone in the morning?  No, you put your money in a safe box or into a bank.  Equally, commercial software users and producers just need to do their part of due diligence in protecting software.

Cost of cyber-crime $400 billion

An interesting report has been released from the Center for Strategic and International Studies and McAffe.

Net Losses: Estimating the Global Cost of Cybercrime
Economic impact of cybercrime II

[http://csis.org/files/attachments/140609_rp_economic_impact_cybercrime_report.pdf]

“We estimate that the likely annual cost to the global economy from cybercrime is more than $400 billion.”

Do you have a clue how much notes2money that is?
According to the report:  more than the national income of most countries

Like most bloggers I cannot judge whether this number is too high or too low.  Lots of arguments for either side might be made.  Given the title, I assume that these numbers are the losses only and do not include the cyber security costs implied for preventing the losses from becoming larger.  The report also states that a large fraction of damages are not reported and that statistics in different countries are quite different.

I found the following table interesting, putting the costs into some perspective:

Activity               Cost As % of GDP
 Maritime Piracy        0.02% (global)
 Transnational Crime    1.2% (global)
 Counterfeiting/Piracy  0.89% (global)
 Pilferage              1.5% (US)
 Car Crashes            1.0% (US)
 Narcotics              0.9% (global)
 Cybercrime             0.8% (global)

It would be interesting for White Hawk to know what part of these losses are considered caused by insufficient tamper-proofing.

For several reasons we cannot answer that question:

  • The report is not detailed enough.
  • Certain (probably more correct: most) losses could have been prevented by multiple solutions.
  • As classical security companies don’t do tamper proofing, there is no appropriate category in the report.

And even if we could answer the question… who would believe us?

Lastly, in protecting critical infrastructure, knowing the possible damage can be more of a driving factor then the past damage specially when the really bad things didn’t happen.

Hacker-Proof vs Tamper-Proof Software

DarkHand300Recently some people have asked us why we don’t call our software “hacker-proof tools” rather than tamper-proofing software tools. Both terminologies are correct of course, but we think the word “hacker” often has a connotation of “amateur” or at least not full time professional.

 

Yes, we want to protect your software from hackers, but we also want to protect it from professional code-breakers, competitors and virus developers.  Hence the stronger term tamper-proof.

(C) Copyright 2013 White Hawk Software

FBI Chief: Our New Enemies May Be Online

FBI_logo_SmallIn Washington on Thursday Nov 7th, FBI Director James Comey said that cyber attacks are increasingly representing the most serious threats to the homeland security and in the next decade will likely eclipse the risk posed by traditional terrorist threats.
He told a Senate committee that this cyber risk is a multi-layered threat posed by thieves, hackers and others who are able to travel the world via the internet at the “speed of light.’ His stern warning continued with “there are no safe neighborhoods.”

(C) Copyright 2013 White Hawk Software