Skip to Content

Threat Sheet—Saturday, October 17, 2015

So how about that Dell-EMC deal?

The pending $67 billion takeover, which could be one of the largest tech deals of all time, has received no shortage of press attention. (Fortune included.) This being the Cyber Saturday edition of our Data Sheet newsletter, let’s dive into a particular aspect of these companies that has, to an extent, been overlooked: the cybersecurity angle.

I caught up with John McClurg, vice president and chief security officer at Dell, by phone earlier this week. He admitted that his peers have told him they haven’t classically thought of Dell as a security business. His goal? To change that perception.

“Michael [Dell, the company’s founder and CEO,] came out of retirement some years ago to transform his firstborn,” McClurg said, referring to Dell (the company). “What a lot of my peers don’t know is that in that process, Michael woke up one night and had an epiphany.”

The epiphany, as McClurg described it, was that Dell not only had to transform the company from a traditional computer seller into an IT services company, but that security would play a key role in that metamorphosis. The two are “inextricably enmeshed,” as McClurg said. Without one, you cannot have the other.

McClurg, who served with the FBI before joining Lucent, then Honeywell, and now Dell, said he spends about half of his time (“at the request of Michael”) meeting with small-to-medium sized businesses and customers. Many of them express surprise that they might be considered attractive targets for cybercrime, he said. That’s when he delivers the bad news.

“To the extent anyone thought they could obscure themselves—achieving security by obscurity,” as he put it to me, “that aspiration is quixotic at best and delusional at worst.”

In the threat environment of today, he said, it doesn’t matter whether you’re a massive Fortune 500 company or a small mom and pop shop. All organizations—especially ones that don’t invest adequately in security—are appealing and potentially lucrative targets for electronic theft. Besides, in the networked world, hacking a smaller fish can always help one hack a bigger fish.

McClurg wouldn’t share too many specifics about Dell’s plans for its computer security business. He declined to comment about rumors that the company might spin off SecureWorks, its information security subsidiary, in an IPO that reportedly values the division at $1 billion plus. And he didn’t have anything to add on the subject of EMC-owned RSA, its encryption and network security firm, per its pending inclusion into the Dell family—at least nothing beyond the casual remark that it will be a “differentiator” for Dell, which is what the company’s execs said on a Monday call.

Both EMC and Dell have computer security businesses. Dell bought SecureWorks in 2011. Among other acquisitions, the company also picked up Sonic Wall for its firewall (2012), KACE for IT management (2010), and Quest for its digital ID management (2012). EMC has owned RSA since 2006. Will the disparate set of cybersecurity segments all hang together? Dell is certainly banking on it.

“Security used to be thought of as guns, gates, guards—and we put geeks in there, too,” McClurg said. “Now, it is an enabler.”

“At the end of the day,” he added, “it’s what enables your program to sell at all.”

Robert Hackett

@rhhackett

robert.hackett@fortune.com

Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach me via Twitter, Cryptocat, Jabber, PGP encrypted email, or however you (securely) prefer. Feedback welcome.

THREATS

How the U.S. assassinates targets by drone, revealed. A whistleblower has leaked documents uncovering, among other things, the chain of command by which the U.S. government orders hits on foreign targets through unmanned aerial vehicles. The groundbreaking report is chock full of revelations about the so-called drone wars in places like Afghanistan and Yemen. (Intercept)

Apple malware on the rise. The number of attacks on Mac OS X has been increasing. In fact, Apple’s operating system has faced more malware this year than in the past five years combined. (Fortune)

U.S. charges hacker for aiding the Islamic State. Federal prosecutors have charged a 20-year-old Kosovo citizen with hacking the personal data of more than 1,000 U.S. military and government workers and handing it over to the terror group. He targeted a server of an unnamed U.S. retailer, according to the FBI. (Wall Street Journal)

IBM lets China peek at source code. The tech giant has agreed to let Chinese authorities review some of its proprietary software source code, which raises questions about whether the firm is handing over trade secrets to future competitors. The sharing is set to take place in a special, secure room. (Wall Street Journal, Fortune)

U.S. apprehends “Dridex” botmaster. Law enforcement authorities indicted a 30-year-old Moldovan man for his alleged administration of a banking credential-stealing botnet. The malware program is responsible for looting at least $30 million from British banks, according to the National Crime Agency. (Department of Justice, National Crime Agency)

NSA may have broken some Diffie-Hellman crypto. A flaw in the way encryption keys are exchanged may have enabled the U.S. National Security Agency to crack supposedly secure Internet traffic. The capability is well within the agency’s $11 billion budget. (Lawfare, Ars Technica)

Russians allegedly hacked Dow Jones for stock tips. A hacking group allegedly infiltrated the publishing and financial data firm to obtain and trade on information before it went public. In a statement, the company said it was unaware of the investigation. (Bloomberg, Fortune)

BlackBerry Priv available for preorder. The former handset designer giant is debuting its first ever Google Android-powered phone. The device is available for pre-order it in the UK and pre-registration in the U.S. and Canada. (Fortune)

Yahoo wants to kill passwords. The tech and media giant released a new service, Yahoo Account Key, that eliminates the need for a password. It works by sending a login request straight to your phone. (Fortune)

Share today’s Data Sheet with a friend:
http://fortune.com/newsletter/datasheet/

Looking for previous Data Sheets? Click here.

ACCESS GRANTED

Fortune writer Jeff John Roberts argues that Federal prosecutors have gone way too far in the Matthew Keys “hacking” case.

“Matthew Keys is not a nice person—at least based on his recent track record. The former Reuters employee helped to vandalize the website of the Los Angeles Times, used a “Cancerman” alias to spam former colleagues, and has engaged in journalistic acts that could be considered mean and irresponsible. But that doesn’t mean he should face years in federal prison as a hacker.” Read the rest on Fortune.com.

TREATS

Make royalties! With a Spotify botnet. (Vice Motherboard)

Link rot. May destroy the web. (Atlantic)

“There is no Homeland.” So says this on-screen Arabic graffiti. (Fortune)

Ermahgerd. Okay, this has nothing to do with cyber or security… But still. (Vanity Fair)

Realtime face swaps. Talk about spoofing. (Kottke)

FORTUNE RECON

The smart home’s problem is its best product is terrible and made by a bankrupt company by Stacy Higginbotham

Microsoft is officially the quietest place on Earth by Jen Wieczner

Danny Meyer’s tip ban targets a pay problem that’s going to get worse by Claire Zillman

McDonald’s and franchisees don’t see eye-to-eye on all-day breakfast by Claire Groden

A lottery that doesn’t pay its winners and other tales of financially incompetent U.S. states by Chris Matthews

 

ONE MORE THING

Want to sabotage an organization from the inside? Follow these 8 simple steps, gleaned from a declassified WWII manual. FWIW, I like this one: “When possible, refer all matters to committees, for ‘further study and consideration.’ Attempt to make the committees as large as possible — never less than five.” (Fortune)

EXFIL

“Good job @twitter, @twittermoments innovation, @jack Ceo, leaner, more focused. Glad I bought 4% last few months. Like @alwaleedbinT move too”

Former Microsoft CEO and current owner of the Los Angeles Clippers Steve Ballmer, allegedly posting a Tweet on Friday that indicated that he is either a big fan of Twitter, or possibly the victim of an account hijacking. At the time the tweet went up, his account was not officially verified. Now it is. (Fortune)