Most brand conversations about reaching consumers on social media start with Facebook and Twitter, and stop after those two. But there’s another fast-growing platform brands should consider — Pinterest. With its simple and visual-driven interface, the platform has grown its active users by 111% in the past six months.
With all that growth, brands naturally want to be part of Pinterest, to reach those who use the platform as a mirror that reflects their aesthetic sensibilities and interests as they evolve. Pinterest is experimenting with products that help marketers tap into its audience, while racing against other social platforms, including the Facebook-owned Instagram. 2015 will be the year to see if Pinterest can develop into a must-have for brand marketers.
Imagine the cybercriminal and what comes to mind? Do you think of a disaffected hacker with an ax to grind? A tech geek with a sociopathic streak, getting a thrill from outsmarting unwitting victims with his computer exploits? You wouldn’t necessarily be wrong, according to cybercrime and criminal justice experts.
Now imagine the committed cyber terrorist, operating under the justification of a violent ideology or misbegotten crusade. This hypothetical person may look a lot like the first… with perhaps a black banner of jihad unfurled behind him.
The evidence for a link between cybercrime and cyber terrorism is growing. The common element is, in substantial part, the kind of technology skills required to plan, coordinate and launch a cyber attack; the techniques are similar no matter the intent, whether an attack is launched as part of a criminal enterprise or as an effort to bring down a key component of a nation’s critical infrastructure. Examples of cybercriminal / terrorist cross-pollination include (but are certainly not limited to):
Phishing (and spear fishing) attacks can be used to dupe an unwitting consumer into surrendering personally identifiable information, which in turn can be used to clean out a bank account … or to create an effective false identity to enable cross-border movement. According to identity fraud expert Judith Collins, “All acts of terrorism enacted against the United States have been facilitated with the use of a fake or stolen identity,” with 5% of all identity thieves connected to terrorism and 2% specifically to Al-Qaeda.
Malware can be used to siphon traffic and data for illicit internet advertising … or to affect a devastating attack on critical infrastructure like a power grid.
Bot-nets can be used to disseminate that malware … and/or for extortion, a Distributed Denial Of Service Attack (DDoS), or other destructive behavior.
Hacking into protected computer systems can serve multiple objectives from criminal to terroristic.
Nor is the issue limited to cyber terrorist exploits specifically: cybercrime can be used to generate financing for terrorist activity in the same way that drug smuggling or human trafficking does. And as detailed by the IMF, it offers terrorist organizations a means of transferring and laundering funds.
As the links between criminals driven by greed and terrorists driven by violent ideology grows, the question for those charged with fighting both – indeed, for all of us – is, how do we stop it? And the first step in stopping it is, do we even recognize that these links exist?
Does law enforcement recognize the link between cybercrime and cyber terrorism?
The general approach to policing and/or combating most forms of illicit activity has its roots in an earlier, pre-internet era. Indeed, much earlier: the modern police philosophy that we recognize today grew out of efforts in the 18th and 19th centuries to explicitly separate the spheres of military and law enforcement activity, concurrent with the evolution of Enlightenment notions of citizenship versus subject.* As a result of the evolution of modern criminal justice / law enforcement doctrine and philosophy, we entered the post-9/11 period with a fragmented approach to the cyber threat. Counter terrorism agencies were trained to look for and disrupt violent jihadist networks … not digital fraud. Agencies like the Federal Trade Commission or State Attorney Generals on the other hand were created to protect consumer rights … not to stop terrorism.
Unfortunately, today’s cyber bad guys do not necessarily observe the niceties of such boundaries between the realms of war, crime and fraud.
“The problems of organized crime and terrorism were often considered separate phenomena prior to the September 11th attacks,” writes lawyer and criminology researcher Frank Perri. “Security studies, military and law enforcement seminars discussed the emerging threat of transnational organized crime or terrorism, but the important links between the two were rarely made…” (Frank S. Perri and Richard G. Brody in the Journal of Money Laundering Control, emphasis added).
Cyber Broken Windows
Can a cyber “Broken Windows” approach help cope with the blurring line between cybercrime and cyber terrorism? Most people are familiar with the “Broken Windows” theory of criminology (James Q. Wilson and George L. Kelling). Greatly simplified, the theory suggests that by maintaining law and order and prosecuting minor offenses such as vandalism, more serious crime might be headed off or prevented entirely as a result.
In the cyber version of Broken Windows, the theory could be interpreted to mean that cyber fraud begets cybercrime, and cybercrime facilitates cyber (and real world) terrorism. From a security services and law enforcement perspective, this approach would only work if there is coordination of effort to combat this spectrum of illicit cyber activity.
There is evidence that this is precisely the approach that is being increasingly adopted by key government agencies – i.e., the development of a more sophisticated understanding of the nexus between cybercrime and terrorism. As a result, the patchwork of enforcement and prevention efforts is (slowly) being knitted together. In the U.S., this increasingly integrated approach is being spearheaded by the Departments of Justice and Homeland Security, leveraging organizational structures such as the National Cyber Investigative Joint Task Force and the National Counterterrorism Center.
In particular, the Federal Bureau of Investigation (FBI) stands as a powerful example of an agency that is working to reduce the “silo-effect”. I had the opportunity to see elements of this first hand, as part of a cybersecurity company called Online Intelligence that worked to combat cyber fraud. Facilitated by a colleague who is a former FBI Special Agent and cybercrime specialist – as well as my own anti-terrorism background in the U.S. Navy – we first met with the FBI about five years ago, providing an opportunity to observe an inter agency and public-private approach, one that better takes a holistic approach to the multi-headed cyber threat. FBI Director Robert Mueller pioneered this revolutionary shift in strategy and operations at the nation’s leading law enforcement agency shortly after the 9/11 attacks, and Director James Comely has continued it. Under their leadership, the FBI has transformed from a nearly exclusive crime fighting footing into an integrated counter-terrorism agency which also facilitates cyber attack prevention – no matter the intent.
This concept of preventing attacks and safeguarding people and assets has required the adoption of a different mind-set, a substantial paradigm and cultural shift at the Agency: one that looks to disrupt and interdict attacks as well as to solve crimes that have already occurred. And today, after over a decade of effort to reorient itself, the FBI is perhaps the best positioned federal agency in the United States to break down the silos and connect the dots between cyber fraud, cybercrime and terrorism.
The cyber realm: borderless opportunity for good … and evil
The cyber realm is characterized by a perceived sense of statelessness, of few or no rules regulating a growing transnational digital society. There are clear benefits that flow from the openness and borderless nature of the Internet. But there are costs as well; the cyber world is one where criminals and terrorists can interact more easily than in the physical world, sharing techniques and exploits. Like an unlit alley in a dangerous urban landscape, black hat forums and dark internet meeting hubs provide effective environments for the bad guys to “meet” and learn from each other, often with impunity.
The increasing prevalence of cybercrime should raise red flags around the risks of cyber terrorism. According to Peter W. Singer of the Brookings Institution, 97% of the Fortune 500 companies having been hacked. FBI Director James Comey has said, “there are two kinds of big companies in America: those who have been hacked…and those who don’t know they’ve been hacked.” And as the United Nations put it in its report Cybersecurity: A global issue demanding a global approach: “cybercrime has now become a business which exceeds a trillion dollars a year in online fraud, identity theft, and lost intellectual property, affecting millions of people around the world, as well as countless businesses and the Governments of every nation.”
This phenomenon will become more, not less pronounced over time: the motivation for both terror and crime are not going away, and the opportunity to exploit a common tool set to engage in both increases as technology (exponentially) develops. Our best and most effective defense is recognizing the convergence of cybercrime and terrorism; protecting ourselves from its effects; and interdicting it where we can. Policing systems developed over generations must continue to evolve to effectively meet the threat. A collective, integrated and coordinated approach is required across a range of players, public and private – one that involves collaborative efforts at the law enforcement and counter terrorism level, and one that involves the private sector stepping up to safeguard our systems and networks from attack.
Recognizing this growing and converging threat is unsettling. Mitigating it will be costly in terms of effort and resources. But the consequences if we fail to do so will be far worse.
Don Mathis is a Cybersecurity Specialist and Naval Officer in the reserve. He is also the CEO and Co-Founder of Kinetic, a social data and technology company.
* The topic of policing theory and development is a separate one, worthy of much more attention than can be provided by the scope of this blog. I had the extraordinary opportunity to write my thesis with Hsi-Huey Liang, Professor at Vassar College, shortly before his retirement; Dr. Liang was the author of The Rise of Modern Police and the European State System, and his historical analysis of the subject is an excellent treatment among other things of the connection between domestic order, security, the concept of citizenship and social progress.
It’s hard to vacation. Yes, I realize that this is a ‘first-world problem’ (laughably so), but I was struck on a recent vacation myself how it can be difficult to truly disconnect from work in a real way.
While we’re having fun with family, friends, and maybe even the occasional exotic locale, there can be a creeping sense of guilt for missing work. Emails are piling up. Clients are calling. Colleagues need me.
The overwhelmed brain can take a while to wind down.
Here’s the terrible truth about our minds: they’re limited. When it comes to attention, there are two ‘networks’ at play. The task-positive network (referred to as the Central Executive by neuroscientists) is your active engagement with a task. The task-negative network takes over when your mind wanders or is creative. When one of these two networks is active, the other is not.
Both the task-positive and the task-negative networks are very important to us humans. While we need that focused attention to accomplish tasks, the inspiration and ideas come from the daydreaming. It’s a two-part attention system, and it’s easy to abuse at work. Sometimes we force the employment of the task-positive network in order to be extra productive. Sometimes we vacillate back and forth too quickly, like when we allow social media to interrupt work.
Vacations can be enormously restorative, but not if we use our minds in the same way as we do when we’re working. Checking email, thinking about work, or using your Central Executive while on vacation means your mind doesn’t get that break.
So as you manage to eke out a couple days for yourself and your family this month, make sure you do your brain a favor and let it wander. Let your creative mind flow. When you need to concentrate on something, take your time.
Don’t worry, the Central Executive has gotten enough exercise, and will still be healthy when you return.
From time to time I check in on the latest from Harvard Business School Working Knowledge, an extremely insightful blog that features articles, research and commentary from the school’s faculty. If you haven’t yet visited the blog, I strongly recommend doing so. Whether you’re a newly-minted MBA or longtime executive, you can take more than a few worthwhile lessons from its generally fresh approach to market, policy, and management analysis.
Most recently, I read Carmen Nobel’s piece (“In Venture Capital, Birds of a Feather Lose Money Together”) on the disadvantages of friendship in venture capital investing and what can happen when otherwise affine VC investors fail in their joint endeavors. Based on the research and subsequent paper by HBS colleagues Paul Gompers, Yuhai Xuan and Vladimir Mukharlyamov, the article explores the perhaps-unexpected pitfalls of investing with others of similar socioeconomic backgrounds and vocational trajectories, especially when it concerns VCs who have known each other for many years.
To measure the performance of these investors, the team looked at a broad database of 3,510 VCs, along with the 12,000-plus investments conducted by these investors over a 30-year period, defining success by whether or not an investment in a private company led to an IPO down the road. Looking at the employment histories, educational backgrounds, ethnicities, and other fundamental criteria of these investors, the researchers found that success rates dropped by significant numbers when two VCs of similar backgrounds co-invested in companies. If co-investors previously worked at the same company, success rates dropped by 17 percent; alumni from the same undergraduate school, 19 percent; and those of the same ethnic minority, 20 percent.
The thrust of the article, more or less, seems to indicate that investors who bring different perspectives to a private business are more likely to challenge each other on key decisions, particularly in the early stages of the company’s development. Those challenges play crucial roles in everything from strategic management to the selection of board members and executive personnel. Food for thought!
Recently, numerous high profile leaders have gotten in trouble with the law. Dominique Strauss-Kahn, former head of the International Monetary Fund and a leading French politician, was arrested on charges of sexual assault. Before that, David Sokol, thought to be Warren Buffett’s soon successor, was forced to resign for trading in Lubrizol stock prior to recommending that Berkshire Hathaway purchase the company.
All of these incredibly talented leaders were successful and at the peak of their careers. So why destroy everything they have built by confusing acts and antics? The media has painted portraits of these leaders as evil, terrible people. However the question is raised what makes these thought to be “good” people lose their way?
These leaders did not necessarily become bad people, they rather lost sight of their morals and values. Few people find their way into positions of leadership by cheating or being evil, yet we all have the ability to lose sight of what’s important.
The important message is that people have a hard time staying grounded without some help. Leaders rely on people close to them to help them remain centered. Their spouse or partner can be a great person who knows them best and aren’t impressed by the wealth, prestige and titles.
As Senator Ensign told his fellow senators in a farewell speech in May, “When one takes a position of leadership, there is a very real danger of getting caught up in the hype surrounding that status … Surround yourselves with people who will be honest with you about how you really are and what you are becoming, and then make them promise to not hold back… from telling you the truth.”
Like most reservists I know, I lead a busy life. Kids and a working spouse, the constant juggle of obligations, the feeling that at some level you don’t have enough time, ever, to do all that needs to be done.
On the civilian-side, I have the fortune of being the CEO of a growing social media-related technology company. It is a stimulating and challenging environment, and I work with a truly outstanding team. It isn’t easy to find the caliber of commitment or intensity in the civilian world that is common in the service, but I believe that at my company, Kinetic Social, I have.
But the work is challenging. We are a small young company, not yet profitable and constantly scrambling to fund-raise. Issues must be resolved decisively and immediately; we don’t have the luxury of excess capital to offset poor decisions…