My name is Mark Hassall and as Director in the Identity & Security Business Group at Microsoft Corp, I am responsible for partner marketing for Microsoft’s Forefront and IDA family of products. After spending a lot of time with many of our partners last week at Microsoft’s Worldwide Partner Conference (WPC), I came away with a number of impressions. For starters, I was reminded how great it is to get face-to-face time with friends in the industry. Secondly, it is incredible to see how the identity and security market continues to evolve at a rapid rate. If our channel partners took at least one thing away from our time at WPC, I hope it is this: our partners have always been, and will always be, at the core of Microsoft’s identity and security strategy.  In fact, I feel there has never been a better time to have a partnership with Microsoft. For example: at WPC the newly established Microsoft Identity and Security Business Group announced a $75+ million investment in sales, marketing and readiness initiatives and a series of program enhancements designed to further aid channel partners in designing effective, profitable business models while working with their customers to stay on top of the ever-changing security landscape.

We also announced some great promotions at WPC.  We expanded the Security Software Advisor (SSA) program, which allows partners to earn fees of up to 30 percent of the price of a customer's security product order through Microsoft Volume Licensing, and will now pay advisor fees on Identity and Access products (Microsoft Identity Lifecycle Manager and Microsoft Active Directory Rights Management Services) in addition to Microsoft Forefront products. By enrolling in the Security Software Advisor program, partners will be able to claim up to 10% of the product list price as advisor fees, when they recommend and deploy these identity and access products and will be in an ideal position to capitalize on the rapidly converging market for identity and security solutions.

Another new feature in the SSA program is the ‘Jumpstart’ offer where partners filing their first SSA claim will receive a 50% bonus payment on top of the advisor fee as well as two Microsoft Learning exam vouchers to help partners get certified and qualify for the Security Solutions competency. This limited time promotion runs from July 1^st through September 30^th 2008.

This is exciting stuff for my team and I as these program enhancements will lead to more opportunities for our partners and will strengthen the current relationships. In fact; in a recent study commissioned by Microsoft, IDC found that Microsoft partners that have the Microsoft Security Solutions Competency and/or qualify for the Microsoft Security Software Advisor program outperformed other benchmarked companies offering security solutions in 12 of 15 of the Key Performance Indicators (KPIs) surveyed. Key performance metrics include:

• Bottom line profitability – operating profit margins are one third higher for Microsoft partners

• Business velocity – revenue growth is three times higher than benchmark companies

• Business execution – revenue per employee is over $45,000 more per employee for Microsoft partners

• Services fulfillment – services to product resale ratio is double the rate of benchmark companies.

The report found that these results can be attributed to a number of factors, including services opportunities, availability of qualified technical resources, process efficiencies and deeper relationships with customers.  The report can be found here: https://partner.microsoft.com/download/US/40030202  

If you’re a Microsoft partner or you’re thinking about joining the Microsoft partner program, I urge you to sign up for SSA now and attain the Security Solutions Competency. As many of our partner friends witnessed last week in Houston; it’s an exciting time for both of the Forefront and IDA product families and we want partners to join in and start thinking about how you can drive revenue by attaching to existing infrastructure solutions. As I said when I started this blog partners are at the core of our strategy and we want you to engage with us on joint identity and security opportunities.  You can find out more about these programs and opportunities at https://partner.microsoft.com/global/productssolutions/securityproducts.  

-Mark Hassall

Several of the characteristics of botnets are not only significant in and of themselves, but are emblematic of some of the unique challenges that cyberwarfare as a whole presents.

This is part of a series run by Stratfor with some additional commentary (and jokes) by me.

Analysis

Botnets are a conglomeration of thousands (or more) hijacked computers known as zombies. These networks can amass the processing power of many computers and servers from all across the globe and direct them at targets anywhere in the world. Botnets are used not only in massive spam campaigns on a daily basis but are also used in cyber-security attacks. 

In DDoS attacks, individual bots can direct their computers to repeatedly access a particular target network or Web site — with the entire network of zombies doing so at the same time. These kinds of attacks, depending on their scale and the target system’s ability to cope, can begin to degrade accessibility or completely overwhelm and shut down access to that network, Web site or server. They can also autonomously exploit a user’s address book and e-mail server to send out spam or infected e-mails or distribute other types of malicious software — including copies of itself to further expand the network.

The good botnets has its software written and controlled by individuals; these botnets are often controlled by subnational actors — be they hackers, terrorist organizations or cybercriminals.  Less effective botnets can be created by downloading existing software from the Internet, but because they are widely available, systems with up-to-date security software are generally already protected against them.  In stock trading, it's kind of like trading the news -- there's no point because once it's widely distributed it is already priced in.

Ultimately, DDoS attacks can be a particularly crude method of challenging advanced systems. But while some technologies have been developed to help reduce their effectiveness, thus far this fairly simple technique has continued holding its ground against improvements in computer security, especially for short-duration disruptions and remains the most effective and unstoppable method of attack with large botnets. Even if the DDoS cease to be an effective tool, the capability to muster a massive pool of processing power will likely remain a key aspect of cyberwarfare for some time to come.

One of the other web sites I subscribe to is Stratfor.  It's a global intelligence website and doesn't really have much to do with spam.  But I like politics so I read it.  They have some articles which you can get for free, but the better stuff you have to pay for.

About two weeks ago, they ran a three-part series on Cyberwarfare.  The first article was the title of this post, which you can access here (requires registration... not sure if it's free).  In the article they described different types of cybercriminals and not-so-criminals which they referred to under the umbrella as "hackers."  I'm not going to reprint the entire article here but will quote some parts.

A hacker can be many things. For our purposes here, it is someone with sufficient understanding, skill and experience in the nuances and inner workings of computer systems and networks to be able to wield meaningful power and influence events in cyberspace — even if only in concert with others. Such a person must then actively choose to exercise that capability and act boldly on that stage (hacking is almost universally illegal).

This is a simplified definition but it works.

Black Hats

The most threatening hackers are known as black hats, or “dark side” hackers. These are hackers whose primary activities and intentions are malicious and often criminal. Black hats attempt to locate, identify and exploit security gaps or flaws within operating systems, computers and networks in order to gain control of them, steal information, destroy data or orchestrate other illicit activities.

White Hats

The antithesis of the black hat is the white-hat hacker, also known as an “ethical” or a “sneaker.” White hats are ethically opposed to the abuse or misuse of computer systems. Like their black-hat counterparts, white hats actively search for flaws within computer systems and networks. These efforts often occur with systems in which a white hat has a vested interest or of which they have substantial knowledge. They distinguish themselves by either repairing or patching these vulnerabilities or alerting the administrator of the system or the designer of the software. Basically, white hats attempt to maintain security within the Internet and its connected systems.

Other Hats

Other hackers “wear” colored or hybrid hats. Grey hats, for example, are a blend of the black hat and the white hat. Drawing on experience from both sides can make for a very robust skill set. Computer security professionals are often known as blue hats. Their activities are not unlike those of white hats but are more focused on the interests of paying customers. Hackers wear an assortment of other colored hats, and not all warrant definition here.

Using these basic definitions, let's attempt to classify the people in the spam industry.

• Spam fighters (who get paid for it, like me) are blue hats. 
• Spam fighters, who don't get paid for it (like some of the guys/girls in Spam Kings) are white hats or grey hats.
• Phishers are black hats.
• Spammers are tough to classify since they don't technically try to break into computer systems.  Maybe grey hats?

While these labels don't completely apply, in my next post we'll look at a few more definitions.

Why do hackers do what they do?  Are they motivated by something?  Altruism?  Greed?  Strafor examined this in one of their recent articles, parts of which I have below with some additional comments from me.

The personal motivations driving individual hackers are virtually infinite. But there are a handful of dominant ideologies that can offer insight into the mindsets and motivations of much of the larger hacker community. Not all hackers subscribe to or are driven by these beliefs, but most are shaped or affected by them in some fashion.

Any discussion of these ideologies must begin with the basic Hacker Ethic, the founding principle of the hacker community.

Hacker Ethic

Interpretation of this ethic can vary, but it essentially entails the following beliefs:

• Information should be free and accessible to all.
• Access to computers should be unlimited.
• Computers and the Internet can be a force for the betterment of humanity.
• Authority is not to be trusted.
• The principle of decentralization goes hand-in-hand with all of the above.

These fundamental principles, and variations thereof, are commonly held in the hacker community and have evolved over time into some of the ideologies described below.

Exploration

The basic principles of exploration — an outgrowth of the Hacker Ethic and the first ideology many hackers adopt — are to look into every corner of the Internet and bypass any security simply for the sake of improving skills and learning how to navigate cyberspace covertly.  As a side note, I've been known to do this when playing around trying to improve my Linux skills - play trying out new commands to see what they do.  That's how I acquired skill in awk and xargs.  Of course, I wasn't trying to break into anything at the time.

In the process, explorationists generally try to leave no trace and to avoid any damage to the system (which would, inherently, be evidence of their intrusion). The better an explorationist is, the better they are at hiding their steps.  Of course, sometimes ego can get in the way.  Not me, though.  I'm the least egotistical person I know.

Many of this ideology’s tenets originate from newer versions of the Hacker Ethic — especially the white-hat version, which emphasizes benevolent rather than malevolent actions.

Informationism

Another outgrowth of the original Hacker Ethic is informationism, which holds that information should be allowed to flow freely throughout the Internet and, by extension, throughout all human societies. Hackers who embrace this ideology often have specific areas of interest they monitor to identify developments and actors that they might perceive to be limiting the free flow of information. Once these hackers identify constraints, they attempt to remove them by a variety of means, from simply rerouting data to removing security protocols to staging comprehensive network attacks — essentially making that information free through force.

When I read the book "Spam Kings", there was a brand of informationism.  Whenever somebody would post a spammer's contact information, piles of more anti-spammers would mirror that data and repost it on their own sites.  Authorities might be able to shut down the original poster, but they couldn't catch them all (like Pokemon).  In effect, anti-spammers would ensure free access to information, namely the identity of known spammers, by sheer volume.

In my next post, I'll get to a few more motivations.

In my previous post, which is taken from a series that Stratfor has run recently, we looked at some of the motivations of hackers.  Let's take a look at some more.

Altruism

The tenets of altruism vary greatly, depending on the person subscribing to it, but often they are based on an individual’s beliefs regarding the Internet and are often associated with what are considered positive actions intended to serve a perceived public good. These tenets can include the free flow of information, security preservation and user protection. In some ways, altruism can be understood as a variation of the Hacker Ethic with a benevolent bent. But because it all comes down to a personal perception and world view, “altruistic” hackers may sometimes perform actions that seem quite malicious to others (e.g., shutting down Web sites that are believed to be blocking the free flow of information).

Hackers who believe in altruism either aren't fans of Ayn Rand or haven't read anything by Ayn Rand.

Hacktivism

Hacktivism promotes the use of hacking to accomplish political goals or advance political ideologies. Depending on the campaign, these actions may involve both white-hat hackers and black-hat hackers and can include Web site defacement, redirects, DoS attacks, virtual sit-ins and electronic sabotage. Many hacktivist actions often fall under the media radar but their political, economic, military and public impact can be significant.

An example of this is way back in the 1990's when some hackers broke into the CIA web site and changed the name on the main site to the "Central Stupidity Agency." I actually don't know if this actually happened because I never personally verified it... but I think it falls under the hacktivism mantle.

Nationalism

Although a rare hacker ideology, nationalism can envelop large portions of the community given the right cause or circumstance. By their very nature, hackers are individualists who rarely pledge allegiance to other hackers or groups, let alone countries. This is partially due to the fact that the Internet itself and the hacker community it supports have their own cultural elements — indeed, some of the other motivations discussed above often supersede or transcend national identity. There are situations, however, when hackers can be motivated to act in what they perceive to be the best interests of their respective nations.

Those are some of the motivations of hackers.  One day maybe I'll do a series on the motivations of spammers, but I think I can sum it up in one word: greed. 

Those types of spammers would have no disagreement with Gordon Gecko who asserted that "Greed is good."