No Bot
From 2011 until 2013, I worked for Moscow-based Kaspersky Labs and spent a lot of time in Russia. In Russia, I learned a lot about the Russian hacking “scene.” I left Russia in a hurry, and after settling into my everyday American life, I became “mildly” paranoid. I learned a lot of things that no one else seemed to know (I don’t think we have as many secret agents in Russia as one would imagine).
In Russia, I saw a lot of interest in small computing devices. I recognized the potential for giant Bot networks made up of devices not typically considered “computers.” I decided to start a company that sold hardware to defend against these future threats. I called the product “Nobot.”
I built Nobot and brought it to Boston’s first IOT (Internet of Things) security conference. I had hoped to meet a venture capitalist interested in bringing Nobot to market. After his talk, I approached a VC and told him about Nobot. His response was surprising as it had nothing to do with Nobot. He said, “We like to invest in YOUNG entrepreneurs.” He had no problem telling me I was too old to invest (I was about 50).
I spoke to another VC who said “People don’t care about Bot networks because they use little bandwidth. Americans will not pay for a security device”.
Dan Geer (a brilliant and famous information security guy) spoke at the conference. He worked for In-Q-Tell, the CIA company that funds private ventures. Dan seemed interested and at least was kind enough to listen to me. He set up a few conversations with others in his organization. I provided them with many details about Nobot, but it was just a dead end. No one ever got back to me.
The massive Internet outage caused by DYN attack came four years later, exactly as I had predicted. At the very least, I would’ve hoped that the CIA stole my design, and there would be Nobots protecting the network. But no sign of Nobot.
One other conversation stands out in my mind. After rejecting my ideas, I argued that I was one of the original hackers that launched the PC industry. And that I later joined the original group of people dedicated to information security as a full-time job. Surely I should have some credibility? The response was, “engineers over 50 are irrelevant. No matter what you did in the past, you had your 15 minutes of fame. Maybe you should learn to play golf”.
Immediately after that, I began working on the CISOware project. There was not any existing framework to build upon; I was going to architect my solution “from scratch.” Building the platform was a monumental task. I found a few people that said they would help me build it. But I knew that of the two or three people who had promised to help, at least one would not keep his promise. In under six months, I was alone.
Addendum 12/25/2023
Though I’m no dummy, designing hardware was outside my comfort zone. I did build a few prototypes, including a device I called “The Trojan Thermostat”, a proof-of-concept device that would blast your room temperature when no one was around. Thus, demonstrating how these IOT things were a bad idea and how the oil company could profit.
After some thought I concluded that since no one believed me, no one would buy it. There were at least two companies that tried to build a Nobot-like device years later. Nobody bought them.