Keith Alexander Wants $1 Million Per Month For 'Cybersecurity' Consulting

from the hence-the-FUD dept

In May, we wrote about how ridiculous it was that former NSA boss Keith "collect it all" Alexander was now launching a cybersecurity consulting firm. After all, it's difficult to think of anyone who has done so much to undermine cybersecurity as Keith Alexander. Now Bloomberg is reporting that he's offering his "services" for the cut-rate price of $1 million per month. Yes, I'll repeat that:

Keith Alexander wants banks and other companies to pay him $1 million per month to help them with their "cybersecurity." At that price, I'd hope that he's just selling them the location of the backdoors he ordered to be placed in all of their hardware and software. And idiotic banks are apparently willing to pay, rather than going with the much, much cheaper option of hiring an actual security expert:
Joining a crowded field of cyber-consultants, the former National Security Agency chief is pitching his services for as much as $1 million a month. The audience is receptive: Under pressure from regulators, lawmakers and their customers, financial firms are pouring hundreds of millions of dollars into barriers against digital assaults.
Either way, given that Alexander stands to profit quite nicely from his own undermining of cybersecurity, it's obviously no wonder at all that he's spent the past month exaggerating the "threat" of what's out there, often taking it to ridiculous levels.

While Alexander is doing the exact same thing as his predecessors, pay attention to the various media coverage of Alexander in the coming months and years. He's going to appear on TV and in newspapers and magazines a lot. And he will frequently be quoted spewing FUD about threats and how dangerous it is out there. And in almost none of those cases will any of the press covering him highlight the fact that Alexander stands to profit massively from keeping big banks and other companies scared shitless, so they hire him for $1 million a month to "protect" them from this threat that he both helped to create... and is now overhyping.

Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    Violynne (profile), Jun 23rd, 2014 @ 6:56am

    Iron Knee(tm*) alert.

    Snowden is often accused of taking documents he's holding for the "highest bidder" willing to grant him asylum, most notably from Alexander.

    Yet, now that Alexander is free-lance, what better way to capitalize by selling that same information for $1 million per month.

    Want to bet Alexander won't be deemed a traitor for giving out the same exact information? It's a sucker's bet, so please help me get rich off a scam, too.
    ;)

    * not really trademarked.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Jun 23rd, 2014 @ 7:48am

    Snake Oil

    Great to see the revolving door so alive with snake oil sales now-a-days.

    This pretty much summarizes our government - and what they're best at.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Rich Kulawiec, Jun 23rd, 2014 @ 7:56am

    The security approach taken by banks

    I've observed that most banks are willing to spend incredible amounts of money on consultants and software and hardware and audits and all kinds of stuff...while failing to do the simplest, easiest, cheapest, most fundamental things that would actually yield the biggest security wins.

    One example out of hundreds: does your bank train its customers to be phish victims? Look at the most recent email message that they've sent you. Does it have any URLs in it?

    If yes, then they're idiots. If no, then congratulations: you're a customer of the precious few banks with at least a modest clue about security.

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    Anon E. Mous (profile), Jun 23rd, 2014 @ 8:01am

    Tell him to say Hello to Tattoo and Mr.Rourke for me while he is at Fantasy Island.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Jun 23rd, 2014 @ 8:04am

    I knew global spying was really about economic espionage and getting dirt on politicians in order to influence their political policies.

    Whoever controls the global spying machine, stands to profit handsomely from it. Just like Keith Alexander is about to profit from it. He knows the ins and outs of how the global spying machine works.

    Global spying has always been about profits. Terrorism is just the "pretext" used to hide the global spying machines true purpose.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Jun 23rd, 2014 @ 8:07am

    It's the 12 million dollar snake oil man.

    We can rebuild him

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    John Fenderson (profile), Jun 23rd, 2014 @ 8:08am

    Re: The security approach taken by banks

    Things I learned when doing software development for a major bank:

    1) Banking is all about the customers trusting the bank. As a result, banks will spend a lot of money doing things that make it appear to customers that they are safe and secure.

    2) Banks don't care as much about hardening their systems against attacks as people think they do. It's actually not that hard to rip off a bank through their computer systems.

    3) The one thing that is hard is getting away with ripping off a bank. It's certainly possible, but takes more brains and effort than most thieves have at their disposal.

    4) Thefts happen all the time, and most of them are never reported to the public (by design). Banks just take the insurance money and make the affected customers whole, often without the customers ever knowing that they'd been ripped off in the first place.

    Banks actually are a very safe place to put your money, but for different reasons than people imagine. It might get stolen, but the bank will replace it. The end effect of all of this is to make banking more expensive than it has to be.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Michael, Jun 23rd, 2014 @ 8:10am

    Re:

    He will easily get companies to pay that much.

    The executives that can make a decision to spend $1m/mo on a cyber-security consultant are a relatively small group, but many of them are highly divorced from technology. Just think of how many stories of them having their emails printed and read to them you have heard.

    I worked for one of the largest media companies in the world and the CEO never touched a keyboard. He did, however, go to the country club with other crazy rich CEO's and they would go into the locker room and measure. Getting the bragging rights of "my systems are protected by the former head of the NSA" - right up their alley.

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    sorrykb (profile), Jun 23rd, 2014 @ 8:10am

    If Keith Alexander was really smart...

    He'd be giving this pitch to local government agencies. Then they could apply for Homeland Security grants to pay his company to teach them how to protect themselves from cyberterrorists... And all of us could continue to pay his bills.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    David, Jun 23rd, 2014 @ 8:10am

    The deal is real

    If the local Mafia offers your shop fire insurance at a premium, you take it. Or you leave town.

    Personally, I prefer the message it would send if every business left the U.S.A., a whole country run by an organized crime syndicate calling itself "government" and considering itself above the law.

    But that does not actually happen. A few people leave, a few people have their shops burn down. Most pay.

    I have little doubt that Alexander will provide excellent foresight regarding just which shops will happen to burn down next.

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    That Anonymous Coward (profile), Jun 23rd, 2014 @ 8:14am

    Merika, where we use our positions to create the problem we will benefit from in the private sector.

    Imagine if they did the hard thing and focused on solving the problems rather than creating job security.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    David, Jun 23rd, 2014 @ 8:19am

    Re: Snake Oil

    It is not snake oil the snake sells. Rather it is tears from the Constitution he raped for fun and now profit.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Jun 23rd, 2014 @ 8:27am

    Re: Re: The security approach taken by banks

    I agree, $12 mil a years is nothing, even for a small bank, $1Mil a months sounds actually cheap!

    I guess it depends on how you want to spin it.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Jun 23rd, 2014 @ 8:27am

    This sort of action should be considered to be on the same level as insider trading.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Jun 23rd, 2014 @ 8:34am

    It will be interesting to see just how (un)tainted Alexander's reputation is. I'd like to think that no-one would trust him anywhere near enough to use his services but I expect he will be quite successful.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    seal, Jun 23rd, 2014 @ 8:38am

    Re: The deal is real

    That's a nice little bank you got here. Wouldn't want anything to happen to it, would you?

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    Mike Masnick (profile), Jun 23rd, 2014 @ 8:46am

    Re: Re: Re: The security approach taken by banks

    I agree, $12 mil a years is nothing, even for a small bank, $1Mil a months sounds actually cheap!

    I guess it depends on how you want to spin it.


    But what value are they actually getting for that $12 million? Perhaps if it were a known computer security expert, then, sure. But what value do you think Alexander really provides to a bank?

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    John Fenderson (profile), Jun 23rd, 2014 @ 8:47am

    Re:

    Just because they're hiring him doesn't mean that they trust him or actually make use of his advice. It's all for show.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Anonymous Coward, Jun 23rd, 2014 @ 8:55am

    Re: Re: Re: Re: The security approach taken by banks

    But what value do you think Alexander really provides to a bank?

    He tells the bad guys that a particular bank paid its dues.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, Jun 23rd, 2014 @ 8:56am

    Re:

    If Snowden paid the market-value for the documents he took it would have been all fine. The damage to USA that NSA has been talking about is primarily the value of these informations on the markets. Hell, this is what liberalism is all about: Everything has a price and people not willing or able to pay up has to live without.

    Snowden didn't pay up so he is a thief of the multibillion dollar league. A damn communist and therefore a traitor!

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    David, Jun 23rd, 2014 @ 9:00am

    Re:

    Sabotaging a nation's infrastructure, then profiting from it by extorting the victims? Sorry, that's not on the same level as insider trading. It is cyberterrorism and treason.

     

    reply to this | link to this | view in thread ]

  22.  
    icon
    DannyB (profile), Jun 23rd, 2014 @ 9:03am

    Re: Re: The security approach taken by banks

    > Banking is all about the customers trusting the bank.

    This is why banks need to spend money on good graphic designers that can make their web page give a good impression of safety and security.

    Green checkmarked bullet points and green/gold safety shields go a long way. (This also works for anti-malware products -- even if they do nothing. Example: many phony Android security anti-malware apps. In practice, android, iOS and linux malware is rare, and thus news. Windows malware is greeted with a yawn.)

     

    reply to this | link to this | view in thread ]

  23.  
    icon
    Spaceman Spiff (profile), Jun 23rd, 2014 @ 9:13am

    $ value of Alexander's offering == $0

    Anybody who pays this dickhead for "cybersecurity" services get what they deserve - absolutely nothing! Unfortunately, their stockholders and employees will be the ones who ultimately pay for this crud... :-(

     

    reply to this | link to this | view in thread ]

  24.  
    icon
    SolkeshNaranek (profile), Jun 23rd, 2014 @ 9:22am

    Douchebags that serve the Kool-Aid, and the dochebags that drink it

    It is too bad taxpayers and citizens ultimately foot the bill for banks that listen to bullshit spewed by idiots like Alexander.

    I seem to recall during the financial crisis banks "needed" to pay their high ranking officers exorbitant salaries to keep the best and brightest working for them.

    If these best and brightest are listening to the likes of Alexander, then someone at the helm (of those banks) has failed to noticed all the burnt out bulbs in upper management.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Anonymous Coward, Jun 23rd, 2014 @ 9:33am

    Re: Re: Re: Re: The security approach taken by banks

    But what value do you think Alexander really provides to a bank?

    Assistance in implementing a real time backups to Blufdale.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Annonimus, Jun 23rd, 2014 @ 9:44am

    This is a racket

    Even if the banks pay the 1 million a month to Keith Alexander to keep their systems safe there is no guarantee that he will keep them safe from every NSA backdoor he knows, the same way there is no guarantee the if you pay a gangster protection money that he won't come in to wreck your store later if he feels like it.

     

    reply to this | link to this | view in thread ]

  27.  
    icon
    John Fenderson (profile), Jun 23rd, 2014 @ 9:50am

    Re: Re: Re: The security approach taken by banks

    Exactly. Perception is more important than reality (the TSA didn't invent this concept!). Banks are likely betting that hiring Alexander will bolster the perception. In that view, it might be money well spent.

    It's unlikely that banks thing that hiring Alexander will actually let them increase security.

     

    reply to this | link to this | view in thread ]

  28.  
    icon
    Coyne Tibbets (profile), Jun 23rd, 2014 @ 9:54am

    Way overpriced

    I wouldn't pay him a bent nickle a year.

    Pay him to "cybersecure" your facility and it will become an NSA facility. Might as well just move your servers into the NSA's Utah data center.

    Well, that's just me; there's a sucker born every minute; I'm sure he'll find someone to pay his outrageous fee.

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Anonymous Coward, Jun 23rd, 2014 @ 10:21am

    like Joe Morganelli, profiting from both ends

    This is a lot like Joe Morganelli. He was once the biggest and wealthiest usenet pirate on the planet. Then he got busted and switched sides. Now he goes around screaming from every rooftop about how pervasive usenet piracy is and how it's going to destroy every copyright-dependent business. Unless, of course, everyone hires him to defeat the scourge he helped create.

    A very lucrative business plan indeed.

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    Anonymous Coward, Jun 23rd, 2014 @ 11:01am

    Who is surprised?

    Its almost like he planned it that way.

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    Anonymous Coward, Jun 23rd, 2014 @ 11:42am

    Not Idiotic. Just Corrupt.

    " And idiotic banks are apparently willing to pay, rather than going with the much, much cheaper option of hiring an actual security expert"

    No, they're not idiotic. They know who and what Alexander is. An actual security expert he is not. A former high ranking government official ready for his payout he is. The banks pull the stings of a lot of the government. The government responds and the banks make it worth while. One hand washes the other. Alexander knows how it works.

     

    reply to this | link to this | view in thread ]

  32.  
    identicon
    Anonymous Coward, Jun 23rd, 2014 @ 11:45am

    Re: Re: Re: Re: The security approach taken by banks

    "But what value are they actually getting for that $12 million?"

    They've probably already gotten it. They're not actually paying for what they say they are.

     

    reply to this | link to this | view in thread ]

  33.  
    identicon
    Anonymous Coward, Jun 23rd, 2014 @ 11:49am

    Re: Re: Re: Re: The security approach taken by banks

    Banks are cooperating with law enforcement and undoubtably NSA. In that context he may be able to lower those costs in a sustainable manner. I don't think banks will use as divisive a character as Alexander in a commercial context. At least not with common customers.

    When it comes to security I don't think he is worth much. Just because you can split a car into pieces, doesn't mean you can repair one. And that is assuming he has learned a lot from his department. It is not easy for a military type to accept inferiority on any subject and especially not to a subordinate. Usually leadership skills in these positions entail avoiding technical subjects and trusting the person is somewhat capable of his craft, while the leader learns to translate from geek to language, military or language, legal or language, political.

     

    reply to this | link to this | view in thread ]

  34.  
    icon
    That One Guy (profile), Jun 23rd, 2014 @ 12:10pm

    Re: Re:

    Now now, nothing says it can't be both.

     

    reply to this | link to this | view in thread ]

  35.  
    icon
    That One Guy (profile), Jun 23rd, 2014 @ 12:20pm

    Better title

    'Fox steps down from official position, offers various chicken coops 'security' consulting for undisclosed amount per month'.

     

    reply to this | link to this | view in thread ]

  36.  
    icon
    John Fenderson (profile), Jun 23rd, 2014 @ 12:26pm

    Re: Re: Re: Re: Re: The security approach taken by banks

    "In that context he may be able to lower those costs in a sustainable manner."

    The costs to who? The banks already charge law enforcement for their expenses, so they have no costs to lower.

     

    reply to this | link to this | view in thread ]

  37.  
    identicon
    Anonymous Coward, Jun 23rd, 2014 @ 12:46pm

    after reading all the reports on the man since the Snowden leeks, i was thinking he was a bit crazy. now i know he definitely must be! and if any person or company pays it, they are even worse than him!!

     

    reply to this | link to this | view in thread ]

  38.  
    identicon
    Anonymous Coward, Jun 23rd, 2014 @ 1:53pm

    Re: Re: Re: Re: Re: The security approach taken by banks

    So what you're saying is that banks have to pay certain people off in order to get the government not to attempt to hack their security?

     

    reply to this | link to this | view in thread ]

  39.  
    icon
    Rikuo (profile), Jun 23rd, 2014 @ 2:00pm

    Re: The security approach taken by banks

    My bank doesn't have any of my email addresses. I've been pretty careful not to give one to them.

     

    reply to this | link to this | view in thread ]

  40.  
    identicon
    observer, Jun 23rd, 2014 @ 2:18pm

    Re: Snake Oil

    He's trying to sell himself as a security expert because of his NSA connections, but think about it. The NSA let an ordinary (albeit highly intelligent) systems administrator get the better of them so comprehensively that they're not even sure to what extent he got the better of them! I wouldn't trust anyone connected with them to secure my garden shed. They might have the best tech (and if they don't, you've got to wonder where their budget is going) and might even have some competent people working there, but overall? Not so much.

     

    reply to this | link to this | view in thread ]

  41.  
    identicon
    Anonymous Coward, Jun 23rd, 2014 @ 2:35pm

    Re: Re:

    Didn't the banks and wall street sabotage the nation's financial infrastructure then profit massively from it by extorting the government into bailing them out with the taxpayer's money in the 90's?

     

    reply to this | link to this | view in thread ]

  42.  
    identicon
    Anonymous Coward, Jun 23rd, 2014 @ 3:02pm

    well, shit. don't forget nsa systems are apparently so complex they can't conform to law. great idea consulting the guy who spearheaded that system.

    ...wait. actually, banks might profit from that after all.

     

    reply to this | link to this | view in thread ]

  43.  
    icon
    Padpaw (profile), Jun 23rd, 2014 @ 3:10pm

    He isn't getting paid by the government anymore to sell out the average American. So he is trying to do it in the private sector instead.

     

    reply to this | link to this | view in thread ]

  44.  
    identicon
    David, Jun 23rd, 2014 @ 3:22pm

    Re: Re: Re: Re: Re: Re: The security approach taken by banks

    Oh, they are hacking security anyway. It's just the difference between bad things happening or not.

    Just like with that global surveillance thing where they are collecting everything anyway, never mind a warrant.

     

    reply to this | link to this | view in thread ]

  45.  
    identicon
    Anonymous Coward, Jun 23rd, 2014 @ 4:05pm

    Re: Re: Re: Re: Re: Re: Re: The security approach taken by banks

    So it's kinda like the government demanding money in exchange for not doing either a DOS or a DDOS attack? Nice website you have here ...

     

    reply to this | link to this | view in thread ]

  46.  
    identicon
    Anonymous Coward, Jun 23rd, 2014 @ 6:55pm

    Re:

    I don't think the guy earning $12m per year from each bank is particularly crazy. Egomaniacal and sociopathic yes, crazy no.

     

    reply to this | link to this | view in thread ]

  47.  
    identicon
    Big Bag Boy, Jun 23rd, 2014 @ 7:09pm

    Oh boy, we're having fun now.

    Meanwhile, back at Walmart.

     

    reply to this | link to this | view in thread ]

  48.  
    identicon
    Mark Noo, Jun 23rd, 2014 @ 7:14pm

    I would pay him. He is the only person who might know something important.

    Harry Angslinger had a scam something like this going on too. Scare the shit out of them and then extort money.

     

    reply to this | link to this | view in thread ]

  49.  
    identicon
    Anonymous Coward, Jun 24th, 2014 @ 1:44am

    One of his old friends will hire him and they will consult once in a while on the golf fields.
    One of the oldest mafia tricks

     

    reply to this | link to this | view in thread ]

  50.  
    identicon
    Anonymous Coward, Jun 24th, 2014 @ 2:38am

    The security approach taken by my credit union

    If no, then congratulations: you're a customer of the precious few banks with at least a modest clue about security.


    No, I'm not a mere customer for a for-profit bank; I'm a member of a non-profit credit union with an immodest clue about security (Strict Transport Security (i.e., forced TLS), multi-factor authentication, no unsolicited emails (and no URLs in solicited emails)).

    Why should I want to help pay for some asshole bankster's/CxO's next yacht? Instead, the credit union president (whom I voted for) receives reasonable compensation (no multi-millions), and I benefit from greater interest in my checking account than in any banks' saving accounts (and no fucking fees).

    Banks are for suckers (especially post-2008) and capitalists' whores. The only non-suckers/whores in a bank are its owners at a credit union, every member is an owner.

     

    reply to this | link to this | view in thread ]

  51.  
    identicon
    Enlightend, Jun 24th, 2014 @ 4:57am

    Isn't he ...

    just dealing in government secrets with this?
    How is that legal? He's not selling expertise, he's selling classified information.

     

    reply to this | link to this | view in thread ]

  52.  
    identicon
    Anonymous Coward, Jun 24th, 2014 @ 5:19am

    Isn't a million dollars a small enough amount of money to keep this man from doing something worse to humanity?

    Pay him a million bucks and pack him into a conference room to tell the janitor all his nonsense.
    Just prevent him from uttering his blatant lies and fabrications to the media and public.

     

    reply to this | link to this | view in thread ]

  53.  
    icon
    John Fenderson (profile), Jun 24th, 2014 @ 8:51am

    Re: Re:

    That's not why the AC is calling him crazy.

    "Egomaniacal and sociopathic yes"

    That's why he's calling him crazy. "Egomaniacal and sociopathic" are kinds of crazy.

     

    reply to this | link to this | view in thread ]

  54.  
    identicon
    Anonymous Coward, Jun 26th, 2014 @ 10:58pm

    Well damn, finally, now we know approximately how much his cut of the NSA Blackmail programs' monthly take was, all we have to do is determine what his percentage was, to figure out the program's total monthly income. Thanks Keith.

    I suppose once you start making a few million a year under the table, its pretty darn hard to take any legal job that pays less.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Advertisement
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
Advertisement
Recent Stories
Advertisement
Support Techdirt - Get Great Stuff!

Close

Email This

This feature is only available to registered users. Register or sign in to use it.