Last week, an international group of law enforcement agencies took down one of the biggest criminal operators of a spoofing-as-a-service enterprise. Called iSpoof, it collected more than $120M from victims across Europe, Australia, Ukraine, Canada, and the United States. During the 16 months of the site’s operation, the group took in more than $3.8M in fees from its victims. In my blog for Avast, I summarize what happened, why this gang was so significant, and how spoofing has gotten more advanced over the years since those early days when Paris Hilton spoofed her friend’s cellphone.
When we first thought about the plausible future of a real Skynet, many of us assumed it would take the form of a mainframe or room-sized computer that would be firing death rays to eliminate us puny humans. But now the concept has taken a much more insidious form as — a chatbot?
Don’t laugh. It could happen. AI-based chatbots have gotten so good, they are being used in clever ways: to write poems, songs, and TV scripts, to answering trivia questions and even writing computer code. An earlier version was great at penning Twitter-ready misinformation.
The latest version is called ChatGPT which is created by OpenAI and based on its autocomplete text generator GPT-3.5. One author turned it loose on trying to write a story pitch.Yikes!
The first skirmish happened recently over at Stack Overflow, a website that is used by coders to find answers to common programming problems. Trouble is, ChatGPT’s answers are so good that they at first blush seem right, but upon further analysis, they are wrong. Conspiracy theories abound. But for now, Stack Overflow has banned the bot from its forums. “ChatGPT makes it too easy for users to generate responses and flood the site with answers that seem correct at first glance but are often wrong on close examination,” according to this post over on The Verge. The site has been flooded by thousands of bot-generated answers, making it difficult for moderators to sift through them.
It may be time to welcome our new AI-based overlords.
With the reinstatement of previously banned Twitter luminaries including Donald Trump and Kathy Griffin, this is a good time to do further research into the role of social media in our public discourse. The recent book by Max Fisher, The Chaos Machine: The Inside Story of How Social Media Rewired Our Minds and Our World, should be on everyone’s reading list. His book documents the rise of social networking for the past decade and shows its highly influential role in society. Fisher is a reporter for the New York Times who has covered its effects for many years.
I review his book for my blog for Avast here. I highly recommend it, even if you think you have been following along the evolution — some would say the devolution — of social media.
One solution is from Google’s Jigsaw unit, who has a couple of experimental tools freely available, such as the Tune browser extension that can be used to filter the most toxic discussions.
If you are just tuning in to my series highlighting some of my long-time IT manager sources, see part 1 where I introduce them and part 2 where I talk about some of their more memorable purchases. In this edition, I want to talk about the people behind all the gear.
Erica Wilson has had many career transitions “but I’d have to say taking on a CISO role was certainly a good experience. I learned a LOT about myself and why having a people-first mindset – supporting their wellbeing and growth — needs to be critical for all organizations. By doing so, with a small but mighty team we were able to accomplish some amazing things.”
Adam Kuhn told me that looking at all his career transitions, “My biggest failure was staying in positions too long.” Like many of my sources, he considers himself a lifelong learner and likes to learn about new technology. When you stop learning, it is time to find new challenges
Gayle Barton told me, “It’s fun to look back at the great projects and fun tools I’ve used, but it’s the people that I remember more often, and especially the people I had the opportunity to help, hire, mentor, or promote. I get the most pleasure from the opportunities I’ve had to hire people I think someone else might have overlooked, to move people forward on their career path, or to mentor students and help them see new possibilities. For the most part, I made some pretty great hires.” When she was at Springfield College she remembers: “They had never had a person designated to help faculty with using technology in teaching, and you can imagine the state of technology use in the classroom. I was able to create a position for an instructional technologist but the pay was low and the pool of applicants was very small. We ended up with a experienced high school teacher who had taught Microsoft Word to hundreds or thousands of students, and was looking for a career change, and I thought that if she could answer the same Word questions over and over, she could teach our faculty to use a new learning management system. She turned out to be great.”
She mentioned several other people who were special to her:
- The English professor who was finally able to publish his life’s work with the help of a custom database.
- The 18 year-old administrative assistant who is now her university’s Director of Campus Services and Outreach.
- The former copier repair technician who is on his way to becoming a great network engineer.
- The people who Gayle nudged out of management positions, who were more successful and happier in new roles and actually thanked her later.
- The man who wanted to get home from the Middle East and who rebuilt a campus’ dying infrastructure. She said, “He has skills that I don’t, but I could sell the vision, ask hard questions, and remove obstacles. Together we put that university on a solid path forward, and it was a wonderful way to end my professional career.”
Gayle told me that “it was mostly great fun, but I am happy to be retired and to let someone else have a turn!”
David Goodman came to the CIO for the International Rescue Committee to create a functional and more business-oriented IT organization. “It was both the high and low points of my career and I doubled the headquarters department during my tenure. But when it came time to develop and implement a longer-term plan, my CEO just didn’t trust me. He rejected my plan and I had to leave. I realized I wasn’t the right guy to implement this plan. My core strength was as a turnaround guy to fix things.” That job helped him understand that “Work doesn’t define who I am. I found out that I had lots of value outside of work. And I was able to have a lot healthier attitude about work later on.”
David continues: “You were an enormous mentor and helped me early on in my career. You believed in me before I understood what I could do and taught me to take what the tech vendors said with lots of grains of salt. You have touched a lot of people and had a front-row seat to the industry and significant historical moments.”
Thanks David, and thanks to all of my sources for making my job so much fun and so rewarding. It has been a great 30 years, and I am glad to have played such a role for so many people, and hope you have enjoyed reading their stories.
My celebration of longevity in the IT industry continues. See part 1 where I introduce my cast of OG characters. In this post, they speak about some of their memorable first purchases.
Back in the early days of the PC pioneers, we had to work a lot harder to make everything work together. Mark Lillie created Connecticut Blue Cross’ first internet connections, first web server and built the first set of web pages and installed the first LAN at an HMO that connected an HP minicomputer to a Novell Netware server, both running Oracle databases. “Yes, it actually worked and allowed our clients to easily query the HMO membership data base using PC tools they were already familiar with,” he remembered. Mark also remembers in those pre-internet times when he set up a 1.5M bps T1 lines between three of his offices and impressed his bosses with network links that allocated chunks of 56k bps bandwidth. That’s kilobytes for all of you that are reading quickly. “It was our very own wide-area network.”
Gayle Barton remembers the first time she wrote a purchase order for $75,000 worth of desktop computers when she was at St. Lawrence University. “It was probably three times my annual salary at the time and was quite exciting.” She got a handle on things since then: “For several jobs I changed the desktop purchasing process from ‘everybody gets what they want,’ with all the attendant complications of ordering, configuring, delivering, and training, to a standardized system. People got four choices: laptop or desktop, Mac or PC, with exceptions for people who genuinely needed something else. We saved hundreds of person-hours and much angst every year.” She developed the first web pages at one university “at a time when the dining hall menu, the bus schedule, the weather and the campus directory were the most popular pages. We gradually moved into helping with digital storytelling for both faculty and students and marrying databases to the web.” Gayle also remembered picking her university’s domain name with the director of operations. “We knew we weren’t the right people to choose this but no one else would understand or care, so we just had a laugh and went forward. Our first user was a math professor who messaged his family in Israel.”
Adam Kuhn recalls that mainframe that I helped power down. “It was an IBM 4381 model 13. It had, at the end of its lifetime, a whopping 16 MB of memory and 7.5 GB of disk storage.”
David Goodman said, “Lotus Agenda was the first personal information manager that was useful, it would categorize everything for you. I used it for years.” He contrasted it with Workday, “which was a great product but sadly the company didn’t care about the non-profit sector. Ultimately, we implemented it on a reduced scale. The head of HR and I were never on the same page about the technology, which impeded its deployment.”
When John Cronin was at a major telco company, he labored mightily to get Windows 95 to work with a team that was predisposed with OS/2: “they wanted us to fail and started sabotaging our work when they saw that Windows was a better bet.” Ah, those were the days: I labored to write a B2B book on OS/2 that went through numerous revisions, and was never published. He also designed that first Monsanto LAN (mentioned in part 1) to run DECNET protocols: this was prior to the internet but “once that took root, it was trivially easy to add TCP/IP protocols.“
Sometimes things didn’t always go according to plan. Jerry Hertzler went to their Bamako, Mali chapter in 1998. “I tried to connect their network and local email server to our global network but couldn’t complete the task.” Adam uses Microsoft Teams now, but “we bought some Teams desk phones that were both awful and unnecessary since the Teams PC client was excellent. We were lucky to sell them for a quarter of their purchase price!” Gayle bought a specialized academic software tool for $30,000 that was installed in just one classroom. “We never got any faculty on board and it never got used, but the students liked it.”
Sam Blumenstyk was involved in building various LANs and email systems at the Manhattan DA’s office and at multiple NY City agencies where he was one of the founders of an innovative interagency consulting group. He eventually became the Associate Commissioner of the organization. He was able to start with PC technology when it first came out and watch it evolve when he went to work for Prudential Bache Securities. He points to the longevity of Banyan Vines, which was one of the more innovative LAN operating systems, as standing the test of time. I was a fixture at many Banyan user group meetings for years because their users had so many great stories to tell.
Terry Evans said: “The IBM PC was one of the best decisions I ever made, because at the time there were several other contenders.” Despite his early IBM experience, he wasn’t a total fanboy: “Remember DISOSS and Displaywriters? All I can remember is the huge portion of my budget allocated to support them.” I do: I was an early DISOSS user, which combined electronic mail with centralized document storage when I worked in one of the early end user computing centers for a large insurance company.
Don Berliner remembers an early development project he did for the treasurer’s department of a major multi-national that was actually written in Fortran. Since then he has gotten more involved in building Salesforce applications. I was writing Fortran apps when I was in grad school. I am sure there are still apps running somewhere using it.
The IT purchase process
I asked my sources for some of the seminal moments where they made major tech purchases. Jerry recalls how they got involved with NetSuite. “We purchased it in 2017. It changed how we do our operations outside the US. We interviewed users in 23 countries and had reference calls with the UN and City of Orlando. It now runs in chapters in 150 countries.” Sam mentioned when he first got involved with VMware. “That had the biggest impact on my business, and still does,” he said.
For Terry, it was when they moved applications from mainframes to PCs. “There were many doubters that allowing people to do their own personal computing would be a waste of time and money. Plus the fear of losing control of what people were allowed to do and NOT allowed to do. I felt at the time that this was the future, but really had no idea how far PCs would advance.” He put in place the first PC purchase standards to make support and mass purchases easier.
Erica Wilson doesn’t regret any of her tech purchase decisions. “Because in cybersecurity, traditionally almost all purchases were truly necessary if not required.” She recalls purchasing either an automated patching solution or vulnerability scanning product in her first job.
It is hard to believe that I have been working in IT for close to 40 years. I got my start doing tech support connecting dedicated NBI word processors to room-sized Xerox printers when the first IBM PCs were coming into corporations. I have written about my first editorial job at PC Week (now eWeek), and it has been quite a ride since then. And no, I am not writing this post with any thought of retirement. I am still having far too much fun.
One of the best parts of my job is talking to my sources, IT managers who I have had the honor to know for decades through many job changes (both theirs and my own). It has been fun and rewarding to watch their careers and their responsibilities grow. Some are now retired or have moved on to non-IT fields and some are still running around fixing things for their companies. I wanted to celebrate the many men and women who have contributed to our industry and so here are some of their stories, and my thanks to having their contributions once again. Let the celebrations begin!
David Goodman is working for Build Consulting and has been in the non-profit field since we first met when I brought one of my test servers to the Guggenheim Museum in NYC 30 years ago. His first IT employer was working for a small object-oriented compiler vendor in the late 1980s.
Jerry Hertzler began his career as an engineer at McDonnell Douglas back in 1998. He left there and started in IT for the Campus Crusade for Christ as a network engineer, where he still works and has supported many of their local chapters around the world. We met when I was doing a column for Infoworld back in the mid-1990s where I would hook up a vendor with a new product with an organization that wanted to upgrade to the product. (Think of an HGTV makeover but for nerds.) The vendor agreed to provide the product for free as long as I could write about the experience. The resulting article can be found here: Campus Crusade gets VG’ed, “I guess that was our first major purchase, getting additional VG hubs.”
Gayle Barton got first job in tech with Xerox in 1973, learning how to program in COBOL and being part of an early in-house training program there after getting a BA in economics. Her last job before retiring in 2019 was the interim CIO at Springfield (Mass.) College. Along the way she held other collegiate IT and CIO positions. We met when I spoke at a collegiate IT conference at my alma mater Union College.
Mark Lillie started his career as a salesman at ComputerLand. Back then he sold Texas Instruments PCs, the Xerox Star and the Osborne. “Those turned out to be less than ideal choices,” he recalled. He went on to have a career in healthcare IT, ending up as Director of Customer Services for a software company. We met at a conference, and I came to speak when he was at Blue Cross/Blue Shield of Connecticut’s IT department. “The mainframe guys were incredulous that I knew you personally!”
Adam Kuhn got his start in selling copiers and memory typewriters. He realized early on that he wasn’t the greatest salesman but recognized his love of tech. He got his first IT job working in a trade association in DC and has risen through the ranks where today he is Director of IT for a financial services-related trade association. “You met me early in my career and saw my potential,” he said. My favorite story was when his company removed their IBM mainframe back in 1995.
Don Berliner’s first employer was an early IT consultancy and he continues to help a local non-profit to better manage the services they provide their clients. We met in person a few years ago after corresponding for decades and found that we both got the same graduate degree in Operations Research, along with other similarities in our career paths.
John Cronin got his start as an engineer at Monsanto, where he led a team that implemented the company’s first large-scale LAN and got Windows to run reliably across it. Later on, he worked as an IT architect for IBM even though his time there was unsatisfactory. “My biggest financial decisions were during my engineering days. Our “small” projects were $10 to 20M, which by comparison many people had $1M IT projects. My approach was from my engineering days where you developed a deep understanding of the technology you were using and knew whether it would really work or not. In engineering, failure is never an option but in IT, project failures are quite common and I actually killed my first three IT projects because the tech wouldn’t work.” While we didn’t meet until later in his career, he served as one of Infoworld’s IT advisory board members when I was writing for them.
Terry Evans operated an IBM 402 accounting machine that used punch cards way back at Barden’s Pest Control, eventually moving into the PC era, and retired from the City of Long Beach as the Manager of the Data Center and Network Services. “The PC changed my professional life and has certainly withstood the test of time.” While at the city, he put in ESRI’s Geographical Information System, which was their first installation for a SoCal government.
Sam Blumenstyk started out with Arthur Anderson back in 1974 and just recently retired as the Technology Operations Manager for the NYC-based law firm Schulte Roth & Zabel, where he worked for many years. I wrote about his exploits several times, including this 1993 article for Computerworld. A mutual favorite of both of ours was a series I did for VAR Business called “Sam’s SAN Diary,” where he kept track of the first SAN put in at his law firm around 2003. “This gave me a lot of vendor visibility.” I wrote another article for Infoworld in 1995 which chronicled his work for one of his client agencies for the NYC government and his early exposure to the multiuser Citrix product.
Erica Wilson began as an IT Analyst at Anheuser-Busch and now is the VP of Global Security & Privacy Risk Management at the Reinsurance Group of America. We met many years ago when we both served on the advisory board for the cybersecurity program at Fontbonne University. She counts her greatest accomplishment being recognized for her career by the St. Louis Business Journal’s 40 under 40. “It is great to see how authentication has evolved. Long ago, we had hardware key fobs for MFA. At one company, we had a full-time staffer who was dedicated to managing these tokens. This would never happen today!”
In my next post, my OG crew talks about some of their more memorable early IT purchases.
Network security starts with having a well-protected network. This means keeping intruders out, and continuously scanning for potential breaches, malware and flagging those attempted compromises. One of the biggest threats increasing in popularity is a very specific type of attack called distributed denial of service (DDoS) attacks. These attacks are targeted at your internet servers, including web and database servers, and are designed to flood random traffic so that the servers can’t respond to legitimate users’ queries. They are very easy to mount, and without the right tools, very hard to prevent.
AI is a double-edged sword. It has enabled the creation of software tools that have helped to automate tasks such as prediction, information retrieval, and media synthesis, which have been used to improve various cyber defensive measures. However, AI has also been used by attackers to improve their malicious campaigns. For example, AI can be used to poison ML models and thus target their datasets and steal login credentials (think keylogging, for example). I recently spent some time at a newly created Offensive AI Research Lab run by Dr. Yisroel Mirsky. The lab is part of one of the research efforts at the Ben Gurion University in Beersheva, Israel. Mirsky is part of a team that published a report entitled “The Threat of Offensive AI to Organizations”. The Offensive AI Research Lab’s report and survey show the broad range of activities (both negative and positive) that are made possible through offensive AI.
It isn’t a rhetorical question. We are certainly witnessing a unique moment in social media history and in the evolution or devolution of Twitter. I am gathering my thoughts for an interesting presentation that I have at the end of the week at a local high school entrepreneurship class.
For more than six years, I have been a guest lecturer at a class called Spark that meets at a local disused shopping mall. The topic of these lectures is how to use social media, and in particular Twitter, to promote your new business. I offer some of the spectacular Twit fails (remember Jonathan Schwartz’s resignation from being the CEO of Sun? Remember Sun?) and lessons learned by adults that can apply to the young business-owners-to-be The students are fascinating as they try to imitate the now iconic Shark Tank pitches. They are largely self-funded, low budget operations, but what they lack in venture funding they more than make up for tremendous passion and insight into their nascent businesses.
This year there were two different sections of students, a nod towards the growing popularity of student business owners. My first lecture was about a month ago, and I basically used the same set of slides that I have had, updated through the years as we made the transition from presidents using Blackberries to presidents using their own social media networks. That was the before times. We knew Elon was up to something, we just didn’t know the deets.
Now we do. And so far the Bird is not faring well. Thousands of layoffs. Whipsawing technical requirements that literally change by the hour. Troll Tweeting by your CEO is not a way to set corporate (or national) policy. In my Spark classes over the years I have been consistent that the students should avoid any mention of sex, politics and religion. The new Twitter CEO has adopted the opposite stand. I don’t think things are going to end well.
Remember Orkut, Friendster, SixDegrees or Myspace? They have all come and gone over the past 25 years. Twitter may soon enter that realm. I feel as though I am witnessing the breakup of my first marriage, or the collapse of the British Monarchy and the less that I say about either of them the better.
Twitter has evolved from being the world’s town square and the global media assignment story editor to the place for shaming. Those blue checkmarks that seemed so valuable back in 2012 or so have turned into Troll-a-rama. Someone impersonating Eli Lilly’s account brought the stock price down the next day. And as if that wasn’t enough, a reporter for the Washington Post was able to obtain two fake accounts within minutes, impersonating a comedian and a US Senator (with prior permissions from both).
Many of my tech journo colleagues have begun the migration to Mastodon. You can find me here. I am still Tweeting too, but leery of what will happen. It is interesting to set out to learn another social media network. Hindsight is great: I am glad that I didn’t invest much time in Google+.
While I was preparing the new presentation for my Spark class, I also watched the 2021 documentary 15 Minutes of Shame, which was co-produced by Monika Lewinsky. It was well done, and shows us how public shaming has evolved since her Clinton intern days. I think Twitter’s new model is more the town dump than the town square.
My session should be interesting. You can view my new slides here on Slideshare.
Qualys’ annual security conference returned to a live-only event this week at the Venetian Hotel in Las Vegas, and the keynote addresses started things off on a very practical note… about selling coconuts, toasters, and carbon monoxide detectors. The first two keynotes featured speeches from both Shark Tank celebrity businessman and CEO of Cyderes, Robert Herjavec, and Qualys’ President and CEO, Sumedh Thakar. Both spoke around the similar theme of qualifying and quantifying digital cyber risks.
I am doing near-time blogging of their show, and this was the first of a series of posts.
The second post was a recap of the first day’s events, and included highlights from some of their customers and product team as they took a deeper dive into TotalCloud.
The third post profiled the special launch of the Qualys Threat Research Unit, showing some of its research and how it compiles threat intel and works with various industry bodies to share this data.
The next post highlights some of Qualys’ customers who came to the event to tell some of their stories about how their companies have benefitted from their products.
My final post recaps the second day of the conference sessions and some of the more interesting aspects of various Qualys products.