Keith Alexander: I'm Worth $1 Million Per Month Because I'm Patenting A Way To Stop Hackers (Which I Didn't Tell The NSA)
from the say-what-now? dept
The Keith Alexander story just keeps getting more and more bizarre. Almost immediately after retiring from the top position at the NSA, where he oversaw the total failure of the NSA’s supposed “100% auditing” system, allowing Ed Snowden (and who knows how many others) to escape with all sorts of documents, Alexander announced that he had set up a cybersecurity firm — with the ridiculously Hollywood-ish name of IronNet Cybersecurity. A month ago, it was revealed that he’s going around asking banks to pay him $1 million per month for his “expertise.” That caused a few to wonder if he’s selling classified info, because really, what else could he offer?
Alexander has a new answer: Patents! Yes, Keith Alexander is claiming that he has an amazing new anti-hacker technique that is brilliant and wonderful and deserving of at least nine patents. According to Shane Harris over at Foreign Policy:
Alexander said he’ll file at least nine patents, and possibly more, for a system to detect so-called advanced persistent threats, or hackers who clandestinely burrow into a computer network in order to steal secrets or damage the network itself. It was those kinds of hackers who Alexander, when he was running the NSA, said were responsible for “the greatest transfer of wealth in American history” because they were routinely stealing trade secrets and competitive information from U.S. companies and giving it to their competitors, often in China.
Of course, this leads to all sorts of questions. If Alexander had such a brilliant, patentable solution for stopping hackers, why didn’t he, you know, use it while he was at the NSA. His response? He and an unnamed “partner” just came up with it in the last couple months after leaving office:
Asked why he didn’t share this new approach with the federal government when he was in charge of protecting its most important computer systems, Alexander said the key insight about using behavior models came from one of his business partners, whom he also declined to name, and that it takes an approach that the government hadn’t considered. It’s these methods that Alexander said he will seek to patent.
The report also notes that Alexander is a named inventor on seven patent applications filed while he was at the NSA (the US government keeps those), but that these new ones are totally separate.
Now, it is entirely possible that Alexander and his partner magically came up with some new way to deal with cybersecurity — though I’m skeptical. Cybersecurity work involves an awful lot of trial and error in the real world, and Alexander is insisting already that his “fundamentally new approach” will “jump” ahead of existing technology. That’s a bold claim for someone who hasn’t ever actually done work in the commercial field. One thing that we’ve pointed out for years, is that people who have no experience in actually building a technology business almost always overvalue the idea, and undervalue the execution. It certainly looks like Alexander is doing exactly that. He thinks that based on the idea alone — which is totally unproven — he’s worth $1 million per month. He claims three companies have already paid up, though he doesn’t say who (or how much they’re really paying). It seems likely that any actual payments are more because of Alexander’s connections, rather than his brilliant “idea.”
Harris spoke to another expert who notes that the approach Alexander is talking about (behavioral modeling) is one that’s been talked about and tried for years without success. In other words, it’s a perfect example of where ideas sound good, but execution matters. And yet, Alexander insists that his ideas alone — which haven’t been proven yet (and on which he hasn’t even filed these supposed patents) — are so amazing that they will change the nature of cybersecurity?
When Harris asks for more detail about the solution, Alexander wouldn’t tell him any more “given the sensitive nature of the work.” Except, of course, if he’s filing patents on it, the details are supposed to be revealed the public in fairly short order (18 months at most). And, really, if the solution is so great, they should be getting it out there and testing it. Security by obscurity is not the best proving ground. Actually having your solution tested is.
Filed Under: behavior modeling, cybersecurity, hackers, keith alexander, nsa, patents, surveillance
Companies: ironnet cybersecurity
Comments on “Keith Alexander: I'm Worth $1 Million Per Month Because I'm Patenting A Way To Stop Hackers (Which I Didn't Tell The NSA)”
Sure, I believe it.
In other news, I have some Ocean-Front property in Arizona for sale.
Act now and I’ll throw the Golden Gate Bridge in for free.
Re: Sure, I believe it.
Bah, it would be more impressive if you were patenting a method to slam a revolving door. (I love this one I admit it)
Easy to beat
I’ve got a one-step method to completely block hackers from important systems:
Step one: Don’t connect important and/or vital systems to the internet.
Re: Easy to beat
Step one: Don’t connect important and/or vital systems to the internet.
You should patent that.
Re: Re: Easy to beat
Is common sense patentable?
Re: Re: Re: Easy to beat
According to some of the patents recently approved… yes… common sense is patentable.
Re: Re: Re:2 Easy to beat
Exhibit A: Amazon 1 click buying.
Re: Re: Re:2 Easy to beat
then damnit, Patent it!
Re: Re: Re: Easy to beat
No need to patent that. The purpose of a patent artificially create scarcity. Common sense is already a scarce resource.
Re: Re: Re: Easy to beat
As long as no one ever bothered to write it down, then yeah.
Re: Re: Re: Easy to beat
Uh – due to Government intervention in education, common sense isn’t.
What we used to call common sense is uncommon these days as our population’s average intelligence goes swirly-ala-idiocracy.
Re: Re: Easy to beat
I’ve got to get to the patent office! When I get the patent, anyone who uses anything not on the internet owes me money!
Re: Re: Easy to beat
You actually made me laugh for once
Re: Re: Easy to beat
Ooh… a new variant of patents… patents for NOT doing things in a certain way.
Maybe one for not running unverified code on a production system?
That said, what makes some information important or vital is its ability to be communicated to the appropriate people. If not the internet, then it’ll be by some other communications medium that is just as subject to advanced persistent threats.
Re: Re: Easy to beat
Then put it on the internet and get another patent!
Re: Easy to beat
Didn’t we have some news stories on how that’s failed to stop the NSA from getting into some stuff?
Re: Easy to beat
Yeah, and that’s easy to say, right up until you have a legitimate use case for remotely logging in to said important/vital systems. Then things get a lot tricker.
Re: Re: Easy to beat
If control of a remote system is needed the choices in order of preference are:-
1) a private network.
2) Ring back over POTS.
3) Remote site connects to a control room over the Internet after a port knock or similar.
Option three is to be avoided for actual control operations, but can be useful for status reporting, including triggering a status report.
The main point being the system should connect to a known control room before accepting any sort of command.
Often a remote sight only needs reporting to a control room, and any problem fixing outside the capabilities of its control system probably needs men on site.
The main system with need for remote control of systems, the railways, electricity distribution, gas and oil pipelines have an existing right of way for access to their kit, and so could, and should have installed the necessary network connections. Companies have have engaged in a false economy if they decided to save costs by using the Internet. An alternative would have been a private wire off of the phone companies, or ring back for occasional low bandwidth connections. A remote site should always have a land-line telephone for safety of of personnel when they have to visit the site, if this is not possible a fixed link radio.
A remote site should never, under any circumstances, accept any form of incoming connection. If needed it should have several alternative control room that it tries to connect to. Any engineer that needs to connect to it from outside a control room can do so via the control room system.
Re: Easy to beat
Or you could use strategically placed magnets.
Re: Easy to beat
“Step one: Don’t connect important and/or vital systems to the internet.”
yeah… wont work. NSA got a fix for that aka Quantum.Google it or
http://www.ibtimes.com/nsa-quantum-program-leaked-edward-snowden-reveals-how-us-government-spies-offline-computers-1541438
Re: Re: Easy to beat
Two things required for Quantum to work.
1) The target computer has to have wireless capabilities
2) There has to be some sort of code running on the computer that knows to listen through your wireless device in order to accept fresh commands.
Neither of my two computers have wireless capabilities. They are connected by ethernet cable to my modem. If I yank out that cable, they’re completely off the grid. There is no device in them to listen to wireless traffic (I’d know best, since I’ve built one from scratch and heavily modified the other).
Re: Easy to beat
A patent to make a system unhackable.
Patent number: xxx,xxx,xx4
Independent Claim 1)
Obtain radiation sensing equipment that can detect radiation in the 380nm to 750nm (400THz to 789THz) range, hereafter to be referred to as the MIOS (Mark I Ocular Sensor) (related patent xxx,xxx,xx1).
Independent Claim 2)
Obtain the Intergrated Ephemeral Externally Encumbered (IEEE) database that classifies all Critical Access By eLEctricity (CABLE) devices (related patent xxx,xxx,xx2).
Dependent Claim 1)
Use the MIOS to catalog all attached CABLEs to the Classified Obscure Material Plus Unnecessary Terrestrial Extraneous Resources (COMPUTER) device.
Dependent Claim 2)
In conjunction with the MIOS and IEEE database, classify the CABLEs as to their purpose.
Dependent Claim 3)
Using the classifications from Dependent Claim 2, identify all CABLE devices that are electrically connected to a Switching With Incoherent Technology Can’t Hypothesize (SWITCH) device.
Dependent Claim 4)
Use the Hard Analytical No-nonsense Dextrous (HAND) device (related patent xxx,xxx,xx3) to remove the CABLEs’ ability to relay electricity between the COMPUTER and the SWITCH identified in Dependent Claim 3.
Re: Easy to beat
Except that there are high-end tools to jump air-gapped machines. Stuxnet and the Equation Group’s, for example. Sorry, that won’t work either.
Maybe if you turn it off and put it in your basement unpowered?
IronNet sounds a lot like IronCurtain.
Re: Re:
Sounds more like IronSkirtUpWhichSmokeIsBlown
Reality
Smoke and mirrors, shell game, and a side of snake oil.
Same old crap he has been peddling for years.
All talk and bluster, No substance.
Skeptical
Me too. Over the years, I’ve frequently heard people (inevitably new to the field) proclaim revolutionary discoveries in computer security and crypto. Every single time, their ideas were new only to them and had, in fact, been investigated and developed or discarded by others — often decades (sometimes dozens of decades) earlier. All of the real advances I’ve seen have come from years of hard work, and usually from mathematicians.
That’s not to say he hasn’t found something revolutionary, but the odds of it are really very small.
Re: Skeptical
Oh he’s ‘discovered’ something alright, how to scam gullible companies out of ridiculous amounts by promising them vaporware ‘solutions’ to their problems.
Re: Re: Skeptical
Oh he’s ‘discovered’ something alright, how to scam gullible companies out of ridiculous amounts by promising them vaporware ‘solutions’ to their problems.
Also not new. 😉
Re: Re: Skeptical
Yeah. Who knew that our Keith was a scam artist?
The only patent Alexander should be applying for is his method of making himself comfortable in the 6×6 cell that he belongs in.
Re: 6x6?!
Oh come on! That’s not nearly enough for him.
He needs at least a 6.1/6.1 cell.
Gotta add an extra .1 for his ego after all.
Re: Re: 6x6?!
You’re off by a factor of infinity on this maggot-slime’s ego.
The known multiverse would die a heat death before we could build a cell large enough to encompass this corporeal entity’s ego.
I wonder if it will become a sport of sorts to prove to his customers that his advice isn’t worth much.
Considering the love he gets from that community it doesn’t seem that unlikely.
Re: Re:
It’ll be hard to do: he’s targeting Advanced Persistent Threats. For those not familiar with that buzzphrase, he’s basically defending against crocodiles with his magic rock. Sure, crocodiles exist, and they may even find bankers to be tasty, but most of what he’ll be doing has absolutely nothing to do with the security issues banks really have to worry about. If he were peddling this to government organizations or government protest organizations, or even large tech/aerospace companies, that’d be a different story. But he’s not. And banks have to deal with insider data leakage, straightforward in-and-out 0-day attacks and fraud — not APT (where the attack is set up in stages in order to fully compromise the target). There’s virtually no reason to hit a bank with an APT when there are so many less visible, more legal, simple and effective ways to make a profit off a bank. Just look at POS terminal skimming, for one example.
Also, there’s a reason he has experience with APTs — that’s exactly the method intelligence agencies use to do their dirty work; Stuxnet being a prime example.
Re: Re: Re:
Or possibly selling you “Yellow paint detector” to catch the elephants hiding upside down in your custard?
I've got a patented solution to stop hackers!
Put them in jail.
Oh, wait. That only works after the fact. Nevermind.
Technology companies tend to over-promise and under-deliver. You’ll read complaints from customers concerning soft/hardware where certain promised features were never included. My answer to that problem is to only buy what’s sold, not what is promised to be sold.
And here’s Keith proving my point. He wants to be paid a million a month, for a total of 18 million dollars for a product he promises to patent in 18 months.
I don’t think customers would be getting much value for their money. Can you imagine if Nvidia sold a graphics card with the promise of patented technology a year and a half from now? Good luck with that.
Re: Re:
At least Nvidia has a history of actually inventing stuff.
perhaps a bit of ‘Alexander Hacking’ is called for? maybe it would stop him making such rash statements?
Him and his partner “created a GUI interface using visual basic to see if he can track an IP address”.
Prior art! CSI did it first.
You've got to be kidding
It is a foregone conclusion (*) that whatever methods he’s come up with are NSA-approved. Avoid.
Re: You've got to be kidding
Why do you think he would be continuing to do anything that would help the NSA?
Re: Re: You've got to be kidding
Because he knows how much NSA has on him, and he is no longer protected by being in charge there.
Re: Re: You've got to be kidding
Because on information and belief (okay, gossip on the internet if you must know) anyone claiming advances in ‘cybersecurity’ probably has visits or close interest paid in them to ensure they don’t invent something that is really new or that if they do either they are discouraged from continuing or encouraged to open things up a bit for selected friends.
can we tell who hires him?
Is there any way we can tell just who is dumb enough to hire Alexander? I want to make sure that any investments that I have are insulated from such incompetent management. Sure, staying away from a company that would hire Alexander is no guarantee of competent management, but being willing to hire him is a sure sign of incompetence.
Re: can we tell who hires him?
It’s easy: watch the news for data breaches.
A fraud?
In my opinion, Alexander has always been a fraud, and time will out him as the egotistic, misogynistic, fraudulent asshat that he is. He should be in prison, not free to charge enterprises $1M / month for non-existent abilities…
Crook
Crook (eom)
The hackers should beat him to the punch. Patent the best anti-hacking techniques, refuse to license them, and then sue if anyone tries to use them to protect their systems.
News flash
Fraud in office retires, becomes fraud in private sector. News at 11.
*Yawn*
I bet the government’s “investigation” into Alexander’s ethics has lasted less time than it takes me to roll my eyes…
100 years ago, Keith Alexander would have been traveling to small towns in an old truck selling snake oil to the locals.
Keith Alexander reminds me of the guy who comes up to you when you park your car on the street and says “If you give me $20, I’ll watch your car for you.”
Let Me Guess His Proposal
My amazing new anti-hacker technique works when I call my NSA buddies in Virginia to ask them to leave your business alone.
One million dollars per month for protection…
Protection
Sounds a lot like a protection racket shakedown to me. Give me a million and your data will be protected. Thought that was illegal.
BS
That’s a bold claim for someone who hasn’t ever actually done work in the commercial field.
He’s probably just used to being able to BS his way through everything.
Just another con man running a con game
I believe Keith Alexander’s business partner is a member of the ASC, and I bet this is what he will try to patent.
Skeptical
This article reminds me of a guy studying Comp. Sci. I met that swore he had come up with an algorithm to create an infinite compression drive, a secret he was going to patent. A while later, after he boasted about how rich this was going to make him, I asked him if he knew what one-way mapping was. He didn’t. I explained it to him and he blew up in anger. I had no only hit on his technique, but pointed out there was no way to get the information back.
Re: Skeptical
I have to be the one to ask…what is one-way mapping? Couldn’t find it on google, is there another term? Obviously you can’t compress infinitively (duh) but I’m curious as to what method he’d come up with.
Re: Re: Skeptical
I have to be the one to ask…what is one-way mapping? Couldn’t find it on google, is there another term? Obviously you can’t compress infinitively (duh) but I’m curious as to what method he’d come up with.
Probably one-way hashing: http://en.wikipedia.org/wiki/Cryptographic_hash_function
The output is typically a constant size regardless of the input, thus nearly infinite “compression”. Though just deleting the file is even more effective and just as useful.
Re: Re: Skeptical
hackers won’t be very happy with this new system but maybe they are looking forward to the challenge too…. one-way mapping is another way of playing connect the dots…
Why did he wait?
You do realize that while in the employ of the US government any and all patents that one files while so employed belong to the government, and all profits therein?
Ignore what he said. That’s the real reason why he waited until after he retired.
But that’s not to say he’s got anything really patentable..just that he wanted to make money.
One way or the other.
It's $1m a month now...
Or in ten years I will troll the hell out of anyone who actually executes something remotely resembling my putative “idea”, and you, if you use that system.
I don’t like the NSA. I don’t like Alexander. In fact, there’s little I like about the Executive Branch as currently realized. I’m fervently hoping that Alexander, in fact, is using and selling classified material. I regard him as foolish enough to do that. I hope I’m right. He, and his cronies, need a LOOOOOOONG vacation in Leavenworth, Ks or Florence, Co.
Stating the Obvious
Ed Snowden is a traitor because he copied a bunch of documents that show the NSA to be engaging in practices that very likely violate the Constitution of the United States, and gave those documents to the press.
Keith Alexander is a patriot because he has come up with revolutionary techniques that could virtually end the threat of cyber-terrorism in the USA, and he’s happy to share them — with anyone that pays him enough money.
(Please suspend disbelief re the idea that KA’s ideas have any merit.)
If his partner is Ronald J. Riley he’s got a long road of cocksucking ahead of him.
TOP TEN List...
TOP TEN List of Alexander’s super-secret anti-hacker tricks:
10: automatic power-down of computer when it detects any internet packets.
9. to be announced (put yours here)
8. tba
7. tba
6. tba
5. tba
4. tba
3. tba
2. tba
1. tba
Re: TOP TEN List...
Alexander’s behavior post Snowden only proves how dumb he really is.
Patents my ass. He did not even have a Plan B for Snowden type cases.
Where it came from...
You better listen to what he says, I know he got some of it from a DARPA research project and some from discussion but ultimately he has the expertise to make it work and I wouldn’t bet against it….The theory holds water in the hands of the right people… I think that there is a lack of accountability on the commercialization of DARPA ideas that permeates through universities, businesses alike and there are some people being exploited albeit indirectly definitely…. I want the assets of US companies protected on the same note however and maybe this is the only way to get there…. If I could patent it and sell it myself I would
pants on fire...
Lets see now. This is Keith Alexander that we’re talking about right. And we’re talking about his claims that he has a new-fangled, absolutely guaranteed method, to tag cyber bad guys, that he’s about to patent and install in your business for only one million dollars a month… that about sums it up eh.
Translation:
He’s lying again. That part is a certainty, as its just about the only thing he learned during his time with the NSA – how to lie with a straight face about almost everything to almost anyone. That, and of course, how to steal information from the world.
The planned patents on behavior modelling is simply the “look over there” trick he’s using to cover up his selling of NSA insider secrets to the highest bidders.
Since the companies he’s gonna sell to will not want anyone to know they’ve purchased government secrets to help them protect their information from spies and bad guys, they’re willing to claim that they are merely using Alexander’s patented behavior modelling software. It will part of the deal after all.
So yeah, he’s just another crook, selling what he’s stolen to other crooks… business as usual.
But the most important part of his statement is this:
“It was those kinds of hackers who Alexander, when he was running the NSA, said were responsible for “the greatest transfer of wealth in American history” because they were routinely stealing trade secrets and competitive information from U.S. companies and giving it to their competitors, often in China.”
This is a statement designed to lay the groundwork for a cover up of something that has yet to be disclosed – a huge multifaceted theft and resale of a various trade secrets by members of the NSA that will soon become world news and which will of course be blamed on these unknown mysterious (: and probably Chinese 🙂 “super-hackers”.
Like I’ve said from the outset, the NSA has been using its vast pseudo-legal spying apparatus to steal foreign and domestic trade secrets and to blackmail their enemies and competitors and to ruin the lives of Americans and others who they think might interfere with, or prevent their continued top secret, government approved and protected crime wave.
This massive theft – “”the greatest transfer of wealth in American history” – will obviously become breaking news very soon, and Alexander wants the public to already know in advance that it was the Chinese that done the deed.
Now that’s a slick bit of sleight of hand, and probably why the NSA is letting him sell trade secrets – in return for the pre-education of the US Public – about a crime that was pulled by the NSA, but will be blamed on the Chinese by the Truth Free Press and The Most Transparent Administration In American History, once the news actually breaks.
What a total dick head!
What patents?
You can do a patent search and all I find are things on welding and fishing lures. Nothing cyber security related.
Probably just a new Trolling Tactic
As swiss cheese our patent system is, he’ll probably patent the _idea_ of entering a system without the proper authorization. The business model is to sue you if you don’t log-in properly.
If he’s so rich have him send me a million or two…I don’t believe that he could find out who I am, my name and address never mind have that kind of money to give out to others! Ha! Ha!
What bank would really pay the guy millions of dollars just because he says he can keep hackers from banks? I’m sure new ways are found every day for hackers? How could he really prevent them? He can’t think ahead and no computer has the ability to truly think like a human brain does.
I am just wondering, does anyone actually know Keith Alexander? Everyone assumes that he does not have what it takes to get the job done. Just remember that there are always two sides to a coin. The media can always influence a group of people to get the torches and pitch forks going.
Just my opinion, and you don’t have to agree.