Month: December 2016

Applying Statistics to Hacking and Cyberattacks

Hypothesis testing is the use of statistics to determine the probability that a given hypothesis is true. The usual process of hypothesis testing consists of four steps.

  1. Formulate the null hypothesis  (commonly, that the observations are the result of pure chance) and the alternative hypothesis (commonly, that the observations show a real effect combined with a component of chance variation).

from http://mathworld.wolfram.com/HypothesisTesting.html

261188751_1280x944

Now let us take this way of thinking to the recent elections. Multiple scenarios can be tested.

  1. Clinton Campaign was bad in cyber security and cyber activist/ hackers breached both them as security of state and as candidate to highlight lack of cyber security
  2. Clinton as wife of ex President was not suitable to the ultra liberal cyber activists as conducive to democracy (ie. Bush,Clinton,Clinton,Bush,Bush,Obama,Obama,Clinton– would have been the Presidential roll call)
  3. Sustained hacking by cyber activists is also true for certain opponents ( Clinton had been a key opponent of Manning, Snowden et al)
  4. State players including intelligence agencies usually keep an arm’s length distance to maintain plausible deniability
  5. The CIA and NYTimes were able to firmly pinpoint the Russian Govt backed hackers only a few days after elections even though these activities seemed to have gone over a few years
  6. The FBI was investigating the Clinton (not the Trumps) for irresponsible  cyber security and publicly said BEFORE elections
  7. Both FBI and CIA will see drastic personnel and leadership changes in a new adminsitration
  8. Where is the log data for breach of networks by Russian IP addresses (which does not mean they are in Russia- remember Tor)? Why cant it be shown publicly? Why cant charges be filed in a US court for illegal activity
  9. Quis custodiet ipsos custodes? Who guards the guardians of American cyber space. Even though the US has the largest conventional and nuclear military- do the recent incidents show a colossal underinvestment in cyber warfare and cyber defence by the Pentagon
  10. In God, We trust. Every one else must bring data. Currently the whole hacking, server debate is more like an episode of Big Bang Theory combined with Hackers. Data can and should be published ( just like Enron data was published)
  11. A better statistician /hacker than me can then formulate the hypothesis on who was responsible for breaching and releasing the information from DNC

The inevitable rise in transnational cyberactivism

There are four kinds of hackers

  1. Kickass- working for NSA, and apparently China in hacking Google, and Russia in hacking Clintonian Dynasty from Castle Rock. Not to forget Israelis who did Stuxnet
  2. Dumbass- FBI paying a lot to decrypt an iPhone and using Wikileaks data to make statements a week BEFORE elections
  3. Smartass-Wikileaks
  4. Wiseass- CIA describing Russian hack efforts AFTER elections

Meanwhile in Moscow and St Petersburg and Romania, old friends are meeting over glasses of vodka and asking each other whether they did the “Trump” hack and if they got paid in gold, diamonds or casino chips

123