- What the specific test was
- What it was intended to demonstrate and to whom
- Why he felt it necessary to perform
- What the final goal of the test was.
Monday, July 05, 2010
Byron Sonne and G20 Security
Byron Sonne's bail hearing was finished today and a decision will be made on Bail on July 20.
Sonne, a CyberSecurity expert and licensed Private Investigator claims that he was simply testing the G20 security.
However, thanks to a publication ban invoked by his own lawyer, we still have no idea:
We only know that according to friends, he was trying to find weaknesses in the G20 security and was publicizing those weaknesses online (Twitter, YouTube, and possibly other places).
There are indications from these same friends that he objected to the high cost and wanted to show that it was unjustified or some such thing.
However, the reality is that the methodology he employed would have ultimately undermined the security precautions taken, had he succeeded.
Was that his intent? What did he hope to gain by doing that? Was he trying to demonstrate that it could be undermined easily and the billion dollars was a waste of money?
The billion dollars was a waste of money but not because the security could be undermined (and it seems that it couldn't be - congrats go to the Toronto Police Service for that one).
It was a waste of money because it was based on, what I believe was a false "terrorist" threat (Ottawa RBC Firebombing) intended to incite fear, create an overreaction, and motivate a large amount of spending on security to the benefit of certain unethical private security companies.
A process, Byron Sonne, a CyberSecurity expert and licensed private investigator, would also have contributed to, had he been successful.
Here's another possible motivation, did his company attempt to get one of the very lucrative G20 private security contracts and fail?
And another possibility that I'm sure the Police are considering because if they weren't he'd have been released a long time ago.
Maybe he really did want to commit a terrorist act and his goal was to probe the security in order to find an opening which would allow him to do it.
The point that I'm making is that there are very good reasons to perform black box tests on security measures but there are also very insidious reasons including revenge and political extremism.
Perhaps I'm missing something, and I admit I don't have much in the way of facts, mainly because Byron Sonne's own lawyer had a publication ban placed on the Bail Hearing proceedings.
It just seems to me that the way that Sonne went about his testing would appear to indicate bad intent and not good intent. I suppose he could argue that he wanted it to appear that way and perhaps he did too good a job of it. On the other hand, so did the TPS when they caught him.
Depending on what he was purportedly testing and that still isn't clear, we really have no way of knowing whether this test was even a success or a failure.
If his only intention was to demonstrate the weaknesses in G20 Security through black box testing, all he had to do was hand the information over to the ISU instead of publicizing it.
If part of his testing was to see if he could get away with publicizing this type of information without getting caught he could have posted false but true-sounding information.
There were lots of ways of performing this type of black box testing without doing any harm to the G20 security apparatus.
Instead, he was revealing actual security information on Twitter and YouTube.
It also seems rather odd to me that a CyberSecurity expert and licensed Private Investigator would be naive enough to think that after spending a billion dollars on Security, the ISU wouldn't at the very least pick up on the basics.
Again, perhaps I'm missing something that more brilliant minds than mine can see but I'm also quite curious about what "Intimidating a Justice System Participant" has to do with testing G20 Security? That's a charge which involves threatening a Judge, Prosecutor or Juror.
If the test was to demonstrate that one could get away with making extremist and threatening statements, exposing sensitive security information and committing terrorist acts as long as one was seen as a nice guy and popular in ones circles with lots of people to come forward and speak well of one, then it remains to be seen whether that test has failed or succeeded in his case.
Although, I would agree that such a test has a strong potential of succeeding. I've seen it happen, often to my detriment. However, it usually also requires substantial amounts of cash and/or the connections to grant lucrative favors to back up that nice guy image. If one wants to stay out of jail, that is. It is also quite dependent on how much natural charisma a person has.
How many people thought Colonel Russell Williams was a great guy? I suspect many would have come forward to speak well of him and deny any claims that he could possibly be a serial killer and rapist. One doesn't become a Colonel by being unpopular.
Those claims would likely never have been believed if the police hadn't come up with solid evidence to support them.
Just a thought ....