Keith Alexander Wants $1 Million Per Month For 'Cybersecurity' Consulting

from the hence-the-FUD dept

Mon, Jun 23rd 2014 7:45am — Mike Masnick

In May, we wrote about how ridiculous it was that former NSA boss Keith "collect it all" Alexander was now launching a cybersecurity consulting firm. After all, it's difficult to think of anyone who has done so much to undermine cybersecurity as Keith Alexander. Now Bloomberg is reporting that he's offering his "services" for the cut-rate price of $1 million per month. Yes, I'll repeat that:

Keith Alexander wants banks and other companies to pay him $1 million per month to help them with their "cybersecurity." At that price, I'd hope that he's just selling them the location of the backdoors he ordered to be placed in all of their hardware and software. And idiotic banks are apparently willing to pay, rather than going with the much, much cheaper option of hiring an actual security expert:

Joining a crowded field of cyber-consultants, the former National Security Agency chief is pitching his services for as much as $1 million a month. The audience is receptive: Under pressure from regulators, lawmakers and their customers, financial firms are pouring hundreds of millions of dollars into barriers against digital assaults.

Either way, given that Alexander stands to profit quite nicely from his own undermining of cybersecurity, it's obviously no wonder at all that he's spent the past month exaggerating the "threat" of what's out there, often taking it to ridiculous levels.

While Alexander is doing the exact same thing as his predecessors, pay attention to the various media coverage of Alexander in the coming months and years. He's going to appear on TV and in newspapers and magazines a lot. And he will frequently be quoted spewing FUD about threats and how dangerous it is out there. And in almost none of those cases will any of the press covering him highlight the fact that Alexander stands to profit massively from keeping big banks and other companies scared shitless, so they hire him for $1 million a month to "protect" them from this threat that he both helped to create... and is now overhyping.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: banks, consulting, cybersecurity, fud, keith alexander, nsa, surveillance

54 Comments

If you liked this post, you may also be interested in...

Reader Comments

The First Word

“

The security approach taken by banks

I've observed that most banks are willing to spend incredible amounts of money on consultants and software and hardware and audits and all kinds of stuff...while failing to do the simplest, easiest, cheapest, most fundamental things that would actually yield the biggest security wins.

One example out of hundreds: does your bank train its customers to be phish victims? Look at the most recent email message that they've sent you. Does it have any URLs in it?

If yes, then they're idiots. If no, then congratulations: you're a customer of the precious few banks with at least a modest clue about security.

—Rich Kulawiec

”

Subscribe: RSS

View by: Time | Thread

Violynne (profile), 23 Jun 2014 @ 6:56am

Iron Knee(tm*) alert.

Snowden is often accused of taking documents he's holding for the "highest bidder" willing to grant him asylum, most notably from Alexander.

Yet, now that Alexander is free-lance, what better way to capitalize by selling that same information for $1 million per month.

Want to bet Alexander won't be deemed a traitor for giving out the same exact information? It's a sucker's bet, so please help me get rich off a scam, too.
;)

* not really trademarked.
[ link to this | view in chronology ]
- Anonymous Coward, 23 Jun 2014 @ 8:56am
  
  Re:
  If Snowden paid the market-value for the documents he took it would have been all fine. The damage to USA that NSA has been talking about is primarily the value of these informations on the markets. Hell, this is what liberalism is all about: Everything has a price and people not willing or able to pay up has to live without.
  
  Snowden didn't pay up so he is a thief of the multibillion dollar league. A damn communist and therefore a traitor!
  [ link to this | view in chronology ]
Anonymous Coward, 23 Jun 2014 @ 7:48am

Snake Oil
Great to see the revolving door so alive with snake oil sales now-a-days.

This pretty much summarizes our government - and what they're best at.
[ link to this | view in chronology ]
- David, 23 Jun 2014 @ 8:19am
  
  Re: Snake Oil
  It is not snake oil the snake sells. Rather it is tears from the Constitution he raped for fun and now profit.
  [ link to this | view in chronology ]
- observer, 23 Jun 2014 @ 2:18pm
  
  Re: Snake Oil
  He's trying to sell himself as a security expert because of his NSA connections, but think about it. The NSA let an ordinary (albeit highly intelligent) systems administrator get the better of them so comprehensively that they're not even sure to what extent he got the better of them! I wouldn't trust anyone connected with them to secure my garden shed. They might have the best tech (and if they don't, you've got to wonder where their budget is going) and might even have some competent people working there, but overall? Not so much.
  [ link to this | view in chronology ]
Rich Kulawiec, 23 Jun 2014 @ 7:56am

The security approach taken by banks
I've observed that most banks are willing to spend incredible amounts of money on consultants and software and hardware and audits and all kinds of stuff...while failing to do the simplest, easiest, cheapest, most fundamental things that would actually yield the biggest security wins.

One example out of hundreds: does your bank train its customers to be phish victims? Look at the most recent email message that they've sent you. Does it have any URLs in it?

If yes, then they're idiots. If no, then congratulations: you're a customer of the precious few banks with at least a modest clue about security.
[ link to this | view in chronology ]
- John Fenderson (profile), 23 Jun 2014 @ 8:08am
  
  Re: The security approach taken by banks
  Things I learned when doing software development for a major bank:
  
  1) Banking is all about the customers trusting the bank. As a result, banks will spend a lot of money doing things that make it appear to customers that they are safe and secure.
  
  2) Banks don't care as much about hardening their systems against attacks as people think they do. It's actually not that hard to rip off a bank through their computer systems.
  
  3) The one thing that is hard is getting away with ripping off a bank. It's certainly possible, but takes more brains and effort than most thieves have at their disposal.
  
  4) Thefts happen all the time, and most of them are never reported to the public (by design). Banks just take the insurance money and make the affected customers whole, often without the customers ever knowing that they'd been ripped off in the first place.
  
  Banks actually are a very safe place to put your money, but for different reasons than people imagine. It might get stolen, but the bank will replace it. The end effect of all of this is to make banking more expensive than it has to be.
  [ link to this | view in chronology ]
  - Anonymous Coward, 23 Jun 2014 @ 8:27am
    
    Re: Re: The security approach taken by banks
    I agree, $12 mil a years is nothing, even for a small bank, $1Mil a months sounds actually cheap!
    
    I guess it depends on how you want to spin it.
    [ link to this | view in chronology ]
    - Mike Masnick (profile), 23 Jun 2014 @ 8:46am
      
      Re: Re: Re: The security approach taken by banks
      I agree, $12 mil a years is nothing, even for a small bank, $1Mil a months sounds actually cheap!
      
      I guess it depends on how you want to spin it.
      
      But what value are they actually getting for that $12 million? Perhaps if it were a known computer security expert, then, sure. But what value do you think Alexander really provides to a bank?
      [ link to this | view in chronology ]
      - Anonymous Coward, 23 Jun 2014 @ 8:55am
        
        Re: Re: Re: Re: The security approach taken by banks
        But what value do you think Alexander really provides to a bank?
        
        He tells the bad guys that a particular bank paid its dues.
        [ link to this | view in chronology ]
        
        Anonymous Coward, 23 Jun 2014 @ 1:53pm
        
        Re: Re: Re: Re: Re: The security approach taken by banks
        So what you're saying is that banks have to pay certain people off in order to get the government not to attempt to hack their security?
        [ link to this | view in chronology ]
        
        David, 23 Jun 2014 @ 3:22pm
        
        Re: Re: Re: Re: Re: Re: The security approach taken by banks
        Oh, they are hacking security anyway. It's just the difference between bad things happening or not.
        
        Just like with that global surveillance thing where they are collecting everything anyway, never mind a warrant.
        [ link to this | view in chronology ]
        
        Anonymous Coward, 23 Jun 2014 @ 4:05pm
        
        Re: Re: Re: Re: Re: Re: Re: The security approach taken by banks
        So it's kinda like the government demanding money in exchange for not doing either a DOS or a DDOS attack? Nice website you have here ...
        [ link to this | view in chronology ]
      - Anonymous Coward, 23 Jun 2014 @ 9:33am
        
        Re: Re: Re: Re: The security approach taken by banks
        But what value do you think Alexander really provides to a bank?
        
        Assistance in implementing a real time backups to Blufdale.
        [ link to this | view in chronology ]
      - Anonymous Coward, 23 Jun 2014 @ 11:45am
        
        Re: Re: Re: Re: The security approach taken by banks
        "But what value are they actually getting for that $12 million?"
        
        They've probably already gotten it. They're not actually paying for what they say they are.
        [ link to this | view in chronology ]
  - DannyB (profile), 23 Jun 2014 @ 9:03am
    
    Re: Re: The security approach taken by banks
    > Banking is all about the customers trusting the bank.
    
    This is why banks need to spend money on good graphic designers that can make their web page give a good impression of safety and security.
    
    Green checkmarked bullet points and green/gold safety shields go a long way. (This also works for anti-malware products -- even if they do nothing. Example: many phony Android security anti-malware apps. In practice, android, iOS and linux malware is rare, and thus news. Windows malware is greeted with a yawn.)
    [ link to this | view in chronology ]
    - John Fenderson (profile), 23 Jun 2014 @ 9:50am
      
      Re: Re: Re: The security approach taken by banks
      Exactly. Perception is more important than reality (the TSA didn't invent this concept!). Banks are likely betting that hiring Alexander will bolster the perception. In that view, it might be money well spent.
      
      It's unlikely that banks thing that hiring Alexander will actually let them increase security.
      [ link to this | view in chronology ]
      - Anonymous Coward, 23 Jun 2014 @ 11:49am
        
        Re: Re: Re: Re: The security approach taken by banks
        Banks are cooperating with law enforcement and undoubtably NSA. In that context he may be able to lower those costs in a sustainable manner. I don't think banks will use as divisive a character as Alexander in a commercial context. At least not with common customers.
        
        When it comes to security I don't think he is worth much. Just because you can split a car into pieces, doesn't mean you can repair one. And that is assuming he has learned a lot from his department. It is not easy for a military type to accept inferiority on any subject and especially not to a subordinate. Usually leadership skills in these positions entail avoiding technical subjects and trusting the person is somewhat capable of his craft, while the leader learns to translate from geek to language, military or language, legal or language, political.
        [ link to this | view in chronology ]
        
        John Fenderson (profile), 23 Jun 2014 @ 12:26pm
        
        Re: Re: Re: Re: Re: The security approach taken by banks
        "In that context he may be able to lower those costs in a sustainable manner."
        
        The costs to who? The banks already charge law enforcement for their expenses, so they have no costs to lower.
        [ link to this | view in chronology ]
- Rikuo (profile), 23 Jun 2014 @ 2:00pm
  
  Re: The security approach taken by banks
  My bank doesn't have any of my email addresses. I've been pretty careful not to give one to them.
  [ link to this | view in chronology ]
- Anonymous Coward, 24 Jun 2014 @ 2:38am
  
  The security approach taken by my credit union
  If no, then congratulations: you're a customer of the precious few banks with at least a modest clue about security.
  
  No, I'm not a mere customer for a for-profit bank; I'm a member of a non-profit credit union with an immodest clue about security (Strict Transport Security (i.e., forced TLS), multi-factor authentication, no unsolicited emails (and no URLs in solicited emails)).
  
  Why should I want to help pay for some asshole bankster's/CxO's next yacht? Instead, the credit union president (whom I voted for) receives reasonable compensation (no multi-millions), and I benefit from greater interest in my checking account than in any banks' saving accounts (and no fucking fees).
  
  Banks are for suckers (especially post-2008) and capitalists' whores. The only non-suckers/whores in a bank are its owners � at a credit union, every member is an owner.
  [ link to this | view in chronology ]
Anon E. Mous (profile), 23 Jun 2014 @ 8:01am

Tell him to say Hello to Tattoo and Mr.Rourke for me while he is at Fantasy Island.
[ link to this | view in chronology ]
- Michael, 23 Jun 2014 @ 8:10am
  
  Re:
  He will easily get companies to pay that much.
  
  The executives that can make a decision to spend $1m/mo on a cyber-security consultant are a relatively small group, but many of them are highly divorced from technology. Just think of how many stories of them having their emails printed and read to them you have heard.
  
  I worked for one of the largest media companies in the world and the CEO never touched a keyboard. He did, however, go to the country club with other crazy rich CEO's and they would go into the locker room and measure. Getting the bragging rights of "my systems are protected by the former head of the NSA" - right up their alley.
  [ link to this | view in chronology ]
Anonymous Coward, 23 Jun 2014 @ 8:04am

I knew global spying was really about economic espionage and getting dirt on politicians in order to influence their political policies.

Whoever controls the global spying machine, stands to profit handsomely from it. Just like Keith Alexander is about to profit from it. He knows the ins and outs of how the global spying machine works.

Global spying has always been about profits. Terrorism is just the "pretext" used to hide the global spying machines true purpose.
[ link to this | view in chronology ]
Anonymous Coward, 23 Jun 2014 @ 8:07am

It's the 12 million dollar snake oil man.

We can rebuild him
[ link to this | view in chronology ]
sorrykb (profile), 23 Jun 2014 @ 8:10am

If Keith Alexander was really smart...
He'd be giving this pitch to local government agencies. Then they could apply for Homeland Security grants to pay his company to teach them how to protect themselves from cyberterrorists... And all of us could continue to pay his bills.
[ link to this | view in chronology ]
David, 23 Jun 2014 @ 8:10am

The deal is real
If the local Mafia offers your shop fire insurance at a premium, you take it. Or you leave town.

Personally, I prefer the message it would send if every business left the U.S.A., a whole country run by an organized crime syndicate calling itself "government" and considering itself above the law.

But that does not actually happen. A few people leave, a few people have their shops burn down. Most pay.

I have little doubt that Alexander will provide excellent foresight regarding just which shops will happen to burn down next.
[ link to this | view in chronology ]
- seal, 23 Jun 2014 @ 8:38am
  
  Re: The deal is real
  That's a nice little bank you got here. Wouldn't want anything to happen to it, would you?
  [ link to this | view in chronology ]
That Anonymous Coward (profile), 23 Jun 2014 @ 8:14am

Merika, where we use our positions to create the problem we will benefit from in the private sector.

Imagine if they did the hard thing and focused on solving the problems rather than creating job security.
[ link to this | view in chronology ]
Anonymous Coward, 23 Jun 2014 @ 8:27am

This sort of action should be considered to be on the same level as insider trading.
[ link to this | view in chronology ]
- David, 23 Jun 2014 @ 9:00am
  
  Re:
  Sabotaging a nation's infrastructure, then profiting from it by extorting the victims? Sorry, that's not on the same level as insider trading. It is cyberterrorism and treason.
  [ link to this | view in chronology ]
  - That One Guy (profile), 23 Jun 2014 @ 12:10pm
    
    Re: Re:
    Now now, nothing says it can't be both.
    [ link to this | view in chronology ]
  - Anonymous Coward, 23 Jun 2014 @ 2:35pm
    
    Re: Re:
    Didn't the banks and wall street sabotage the nation's financial infrastructure then profit massively from it by extorting the government into bailing them out with the taxpayer's money in the 90's?
    [ link to this | view in chronology ]
Anonymous Coward, 23 Jun 2014 @ 8:34am

It will be interesting to see just how (un)tainted Alexander's reputation is. I'd like to think that no-one would trust him anywhere near enough to use his services but I expect he will be quite successful.
[ link to this | view in chronology ]
- John Fenderson (profile), 23 Jun 2014 @ 8:47am
  
  Re:
  Just because they're hiring him doesn't mean that they trust him or actually make use of his advice. It's all for show.
  [ link to this | view in chronology ]
Spaceman Spiff (profile), 23 Jun 2014 @ 9:13am

$ value of Alexander's offering == $0
Anybody who pays this dickhead for "cybersecurity" services get what they deserve - absolutely nothing! Unfortunately, their stockholders and employees will be the ones who ultimately pay for this crud... :-(
[ link to this | view in chronology ]
SolkeshNaranek (profile), 23 Jun 2014 @ 9:22am

Douchebags that serve the Kool-Aid, and the dochebags that drink it
It is too bad taxpayers and citizens ultimately foot the bill for banks that listen to bullshit spewed by idiots like Alexander.

I seem to recall during the financial crisis banks "needed" to pay their high ranking officers exorbitant salaries to keep the best and brightest working for them.

If these best and brightest are listening to the likes of Alexander, then someone at the helm (of those banks) has failed to noticed all the burnt out bulbs in upper management.
[ link to this | view in chronology ]
Annonimus, 23 Jun 2014 @ 9:44am

This is a racket
Even if the banks pay the 1 million a month to Keith Alexander to keep their systems safe there is no guarantee that he will keep them safe from every NSA backdoor he knows, the same way there is no guarantee the if you pay a gangster protection money that he won't come in to wreck your store later if he feels like it.
[ link to this | view in chronology ]
Coyne Tibbets (profile), 23 Jun 2014 @ 9:54am

Way overpriced
I wouldn't pay him a bent nickle a year.

Pay him to "cybersecure" your facility and it will become an NSA facility. Might as well just move your servers into the NSA's Utah data center.

Well, that's just me; there's a sucker born every minute; I'm sure he'll find someone to pay his outrageous fee.
[ link to this | view in chronology ]
Anonymous Coward, 23 Jun 2014 @ 10:21am

like Joe Morganelli, profiting from both ends
This is a lot like Joe Morganelli. He was once the biggest and wealthiest usenet pirate on the planet. Then he got busted and switched sides. Now he goes around screaming from every rooftop about how pervasive usenet piracy is and how it's going to destroy every copyright-dependent business. Unless, of course, everyone hires him to defeat the scourge he helped create.

A very lucrative business plan indeed.
[ link to this | view in chronology ]
Anonymous Coward, 23 Jun 2014 @ 11:01am

Who is surprised?
Its almost like he planned it that way.
[ link to this | view in chronology ]
Anonymous Coward, 23 Jun 2014 @ 11:42am

Not Idiotic. Just Corrupt.
" And idiotic banks are apparently willing to pay, rather than going with the much, much cheaper option of hiring an actual security expert"

No, they're not idiotic. They know who and what Alexander is. An actual security expert he is not. A former high ranking government official ready for his payout he is. The banks pull the stings of a lot of the government. The government responds and the banks make it worth while. One hand washes the other. Alexander knows how it works.
[ link to this | view in chronology ]
That One Guy (profile), 23 Jun 2014 @ 12:20pm

Better title
'Fox steps down from official position, offers various chicken coops 'security' consulting for undisclosed amount per month'.
[ link to this | view in chronology ]
Anonymous Coward, 23 Jun 2014 @ 12:46pm

after reading all the reports on the man since the Snowden leeks, i was thinking he was a bit crazy. now i know he definitely must be! and if any person or company pays it, they are even worse than him!!
[ link to this | view in chronology ]
- Anonymous Coward, 23 Jun 2014 @ 6:55pm
  
  Re:
  I don't think the guy earning $12m per year from each bank is particularly crazy. Egomaniacal and sociopathic yes, crazy no.
  [ link to this | view in chronology ]
  - John Fenderson (profile), 24 Jun 2014 @ 8:51am
    
    Re: Re:
    That's not why the AC is calling him crazy.
    
    "Egomaniacal and sociopathic yes"
    
    That's why he's calling him crazy. "Egomaniacal and sociopathic" are kinds of crazy.
    [ link to this | view in chronology ]
Anonymous Coward, 23 Jun 2014 @ 3:02pm

well, shit. don't forget nsa systems are apparently so complex they can't conform to law. great idea consulting the guy who spearheaded that system.

...wait. actually, banks might profit from that after all.
[ link to this | view in chronology ]
Padpaw (profile), 23 Jun 2014 @ 3:10pm

He isn't getting paid by the government anymore to sell out the average American. So he is trying to do it in the private sector instead.
[ link to this | view in chronology ]
Big Bag Boy, 23 Jun 2014 @ 7:09pm

Oh boy, we're having fun now.
Meanwhile, back at Walmart.
[ link to this | view in chronology ]
Mark Noo, 23 Jun 2014 @ 7:14pm

I would pay him. He is the only person who might know something important.

Harry Angslinger had a scam something like this going on too. Scare the shit out of them and then extort money.
[ link to this | view in chronology ]
Anonymous Coward, 24 Jun 2014 @ 1:44am

One of his old friends will hire him and they will consult once in a while on the golf fields.
One of the oldest mafia tricks
[ link to this | view in chronology ]
Enlightend, 24 Jun 2014 @ 4:57am

Isn't he ...
just dealing in government secrets with this?
How is that legal? He's not selling expertise, he's selling classified information.
[ link to this | view in chronology ]
Anonymous Coward, 24 Jun 2014 @ 5:19am

Isn't a million dollars a small enough amount of money to keep this man from doing something worse to humanity?

Pay him a million bucks and pack him into a conference room to tell the janitor all his nonsense.
Just prevent him from uttering his blatant lies and fabrications to the media and public.
[ link to this | view in chronology ]
Anonymous Coward, 26 Jun 2014 @ 10:58pm

Well damn, finally, now we know approximately how much his cut of the NSA Blackmail programs' monthly take was, all we have to do is determine what his percentage was, to figure out the program's total monthly income. Thanks Keith.

I suppose once you start making a few million a year under the table, its pretty darn hard to take any legal job that pays less.
[ link to this | view in chronology ]