In a recent interview discussing last year’s massive SolarWinds hack of multiple government agencies and major corporations, Phil Abraham, a cybersecurity and technology expert from Northville, warned that America’s infrastructure, public and private, was wide open for foreign hackers.
The cybercriminals slipped unnoticed into the Orion security software used by SolarWinds, a technology management company in Austin, Texas, and found a gateway into the computer systems of SolarWinds clients. Those included key government agencies such as the Pentagon and some 100 major companies, including Microsoft and Cisco.
Abraham, who consults with government agencies, including the National Security Agency and the National Reconnaissance Office, says the SolarWinds attack was much worse than has been publicly acknowledged.
“Every branch of the government and military has been hacked. We could try to launch a missile and it won’t launch,” Abraham says. “Any major law firm in the country is at risk. Hackers can hand documents from one law firm to lawyers on the other side of a case, or they can go into a firm’s documents and change the words. Banks can have their money stolen in a matter of less than a second, or hackers can go in and change ledgers and banks won’t know what happened.”
Particularly vulnerable, he points out, are municipal water supplies and the gas and oil industry. That particularly prescient observation came true in early May with the attack on the 5,500-mile Colonial Pipeline, the nation’s largest pipeline conveyor of fuel servicing the East Coast from Houston to New York. “All the technology we have now doesn’t work,” Abraham says. “Their (government and corporate entities) systems are controlled by hackers. It’s a hot mess.”
A week after the Colonial Pipeline hack was discovered, Abraham says the federal Government Services Administration recruited his partnership group to join the government’s efforts to sort out the Colonial hack and to prevent similar attacks in the future.
“They reached out to us because our DragonChain blockchain is the only one out there that’s quantum-safe,” Abraham says, referring to the quantum computer that experts fear will be the next space-age cyber threat.
Also piquing the fed’s interest in DragonChain, Abraham says, are its impenetrable algorithms created by his partner, Albert Carlson, a world-class mathematician and software developer.
Carlson’s complex algorithms and polymorphic codes are the basis of the security shield in the Digital Fortress security platform Abraham uses to protect the supply chains for clients in the health care industry.
In computing, a polymorphic code changes itself each time it’s used, making it difficult for hackers to penetrate. All known cybersecurity software is written with random number generators that will eventually allow patterns to develop, Abraham explains. “When patterns develop, hackers have software that zeroes in on those patterns and, boom, they hack you,” he says.
Carlson has perfected software to create an algorithm formula Abraham named the Polymorphic Random Number Generator, or Poly R&G for short, which eliminates patterns. Poly R&G produces streams of numbers so long they could circle the earth more than a billion times without ever developing a pattern for hackers to find.
That formula, coupled with DragonChain’s platform, could have prevented the Solarwinds hack by Russian intelligence officers and the attack on the Colonial Pipeline, Abraham says.
Blockchain is a digital record-keeping software platform that’s also the basis of the cryptocurrency craze that has catapulted bitcoin into the financial lexicon. Like the esoteric “cloud” that preceded it, the blockchain phenomenon remains little known to most of the public outside of the scientific and technology communities.
Ironically, cryptocurrency enabled the hackers, identified as a Russian cybercriminal group called DarkSide, to extract $5 million in ransom from Colonial Pipeline. Bloomberg News reported the amount of ransomware paid out in cryptocurrency by victims last year increased by 311 percent, topping $350 million. The average ransom paid by various organizations was $312,493.
After years of being lukewarm about the blockchain phenomenon, Abraham became a convert after he was introduced to DragonChain, a version of blockchain created by Abraham’s new partner, Joe Roets, a 25-year software architect from Bellevue, Wash.
Roets has an impressive list of former employers for whom he led or contributed to technology projects, including The Walt Disney Co., Lockheed Martin, Sprint Corp., the FBI, and the U.S. Department of Defense, among others. He spent three years with Disney, where he built the entertainment company’s blockchain system. Roets left Disney in 2017 and, with its blessing, started his own firm using the concepts he had developed while there to design and build DragonChain.
The blockchain has applications for everyday business activity for consumers, whether that’s transactions with companies like banks, law firms, or health care providers, or dabbling in investments in cryptocurrency.
Roets’ programs and platform allow DragonChain to integrate with other existing systems such as those deployed by Colonial Pipeline, Abraham says.
“Protecting data is paramount, whether it’s customers’ data, business data, financial data, or health data. Proving data or reproducing, protecting, and retrieving it in its original form is the heart of blockchain,” Roets says. “If I have information like health data, I must make sure it’s not purposely or accidentally corrupted, given it could affect dosage, it could affect treatment, or it could affect insurance claims. We can decentralize that proof on DragonChain in such a way that the information is never exposed, but allows the customer or doctor to retrieve and see the original information.”
The blockchain platform protects data or any material by digitally reproducing it millions of times in blocks, to protect the originals.
“Any documents you want to preserve, or maybe it’s just your favorite picture of your dog, they get date-stamped and notarized, and then distributed digitally out to millions of locations on the chain, all with the notarized date-stamp,” Roets says. “If your computer is hacked and your documents are messed up by hackers, you can prove the authenticity of those documents — or the dog’s picture — as they would be preserved on the chain 50 million times.”
William J. Kraus, an attorney and shareholder in Butzel Long’s Ann Arbor office who specializes in legal and regulatory issues related to digital assets such as bitcoin and blockchain technology,
“If your computer is hacked and your documents are messed up by hackers, you can prove the authenticity of those documents — or the dog’s picture — as they would be preserved on the chain 50 million times.” – Joe Roets
says he couldn’t speak to the capability of DragonChain, but he says the growing hype surrounding blockchain is real.
“You can think of blockchain as a chain of records in its simplest construction. It has one record layered on top of another record, in perpetuity,” Kraus says. “There (are) a lot of interesting business applications, and there are businesses in Michigan that are doing this already.”
Supply chains for manufacturers can also benefit from blockchain’s record-keeping, Kraus says.
“You could have a hypothetical in which somebody builds a component of a car, an engine, or a transmission, and you could have a blockchain generate records automatically of the history, manufacture, and life cycle of that component that, (years later), can instantly be reproduced,” he says,
Health care records are another ideal adaptation, Kraus adds.
“You could have a blockchain that could be in the cloud or fit into a device in your hand and it would have every medical record associated with you for your entire life — sequential, secure, searchable, all there,” he says. “You could check your blood pressure today and look back on the chain and see what it was 32 years ago. That’s the kind of efficiency blockchain represents.”
Another futuristic blockchain concept now taking hold in business is the smart contract — the digital version of a written document that allows parties to immortalize a final agreement, as well as include all the information or data that went into the agreement.
“The interesting part of it is that the result of that smart contract can be anticipated, can be predicted based on inputs, and you can see the most efficient path and what benefits you the most. For business it’s a massive value add,” Roets says.
Kraus says another beneficial application of a smart blockchain contract is that it can police itself, making sure all parties comply with the terms of an agreement.
“All that really means is when someone enters into an agreement and says, I’m going to sell you 20 widgets and will deliver them no later than May 1, if those widgets aren’t entered into the blockchain saying they’ve arrived on May 1, a smart contract might automatically disburse damages,” Kraus says. “It might say for every day that it’s late, starting on May 1, $5,000 is paid to you.”
Or a smart contract might avoid lawyers entirely, Kraus says. If the conditions of the contract aren’t met and records on the blockchain prove it, the $5,000 daily late fee could be automatically disbursed.
“That’s really a smart contract,” Kraus says. “It provides efficiency, record-keeping, enforcement, and an audit trail. There (are) a lot of other applications that go beyond the auto industry or health care.”
Abraham says that as he watched the blockchain emergence in recent years, he was impressed with its potential, but skeptical that it could interact with traditional operating systems already at work in public or private enterprises.
“I know pretty much everything there is about technology, but this is the best I’ve ever seen. Most technologies are sloppy; they don’t work right. This one is flawless,” adds Abraham, who launched the world’s first supply chain management software, called Manugistics, in 1980. It was sold to JDA Software in 2006.
In turn, Abraham says he was impressed to find there are five levels of security within DragonChain, all registered with U.S. patents.
“When Joe (Roets) was building this out, he said he thought he would apply for the very best patents he could think of,” Abraham says. “He’s writing all this code, he’s building out what’s going to be the best blockchain ever, and he thinks he should get the best patents. His patent lawyer submits them, and normally that would take about a year. He got approval in four months. The patent office said this is so new, we’re going to grant you your patents’ wish list and give you even more. And now blockchain is so hot, and he’s got all the best patents.”
DragonChain also solved an issue that Abraham says stumped him for decades, even as he built a national reputation as a supply chain whisperer for hospitals and the medical industry. Most had disparate networks that made it difficult to coordinate information by connecting one department with others in the organization. The DragonChain platform, however, can seamlessly integrate siloed systems that normally can’t interact with each other. According to the company’s fact sheet, the platform consists of an interoperable network of 2,000 traditional blockchain systems and databases. In other words, any blockchain or conventional system can be integrated with DragonChain.
The company says the system is simple to use regardless of a person’s technical knowledge, and it offers grandma (or grandpa) friendly interfaces. Near real-time processing of business transactions can be achieved in less than one second, and the system allows a business to store data of any size or type for future use.
Abraham points out that DragonChain is not only compliant with the 1984 U.S. Computer Act, which protects computer programs against illegal copying of other software, but it also meets the standard of data protection regulations set by the European Union.
“The supply chain is traditionally the most vulnerable link in cybersecurity,” Abraham says. “It’s also the most disparate and siloed. In DragonChain, I finally found the last piece of the puzzle that solved the interoperability dilemma that plagued me for 30 years, well before blockchain was a known term.”
Abraham’s supply chain expertise began when he was at Eastern Michigan University in Ypsilanti and working at the then-flourishing Kmart Corp. in Troy, at the time the nation’s second largest retailer behind Sears Roebuck and Co. Even back in the day, he says he was critical of off-the-shelf technology. His thesis, which attracted the technology industry’s attention, was that popular software technology was useless.
His success at Kmart led to expansive assignments as he developed major supply chain projects for General Motors, Ford, Wal-Mart, and Domino’s Pizza. Along the way, he created Covisint Inc., an information technology company for Detroit’s Big Three auto companies. Covisint was later purchased by Compuware and is now a publicly traded stand-alone entity.
At Ascension Health, he reworked their hospitals’ supply chains and, in the process, created The Resource Group, Ascension Health’s supply chain unit that now services hospitals, clinics, and the medical field in 2,500 locations nationwide.
Last November, Abraham accepted Roets’ invitation to join his group. Abraham traded a portion of his CloudFace for a similar stake in DragonChain, and became a member of Roets’ executive board of directors.
Two assets Abraham brought to DragonChain were Digital Fortress, his own security platform, and Carlson, whose wide range of academic achievements spans dedegrees from multiple universities and work experience varying from computer engineering to electronic circuit boards, encryption, cybersecurity, and set theory.
Carlson began his career 25 years ago as a military intelligence officer, before morphing into computer engineering, chip and network design, cellular phones, HD-TV, polymorphic technology, cybersecurity, encryption, nine years of university teaching stints, and research consulting with several universities.
Since Carlson and Abraham teamed up with Roets’ group, Abraham says his time has been devoted to folding the Digital Fortress platform and Carlson’s polymorphic codes into DragonChain, to further harden the blockchain’s defenses against even the most sophisticated hackers.
Although the SolarWinds attack originally began in spring 2020, it wasn’t discovered until December, when FireEye — a prominent cybersecurity company — produced evidence that showed hackers used a back door through SolarWinds to infiltrate nearly the entire country.
Hackers figured out a way to highjack a routine update for customers on SolarWinds’ Orion business management software. As the overnight update was sent out to customers’ computers, hackers pirated the update software and entered their own malicious codes into it, corrupting all the updates sent to government and corporate clients’ computers.
Sudhakar Ramakrishna, president and CEO of SolarWinds, told NPR News in December that 18,000 of its customers were affected between March and June last year. “If you then take 18,000 and start sifting through it, the actual number of impacted customers is far less. We don’t know the exact numbers. We’re still conducting the investigation,” he told the network.
Among the acknowledged 100 companies victimized are Microsoft, Intel, and Cisco. Federal agencies hacked include the U.S. Treasury, Justice, and Energy departments, and the Pentagon.
Even as these entities are excavating the corrupt information that could allow hackers or even foreign governments to control their systems, cybersecurity experts are gearing up to defend the next looming threat: the quantum computer.
Although these machines are a long way from home use, Google’s quantum computer, which it calls Sycamore, reportedly took 200 seconds to perform a mathematical calculation so complex that it would have taken an estimated 10,000 years for IBM’s most powerful supercomputer, Summit, to solve it, according to Predict, a monthly newsletter that focuses on futuristic scientific advances.
In a similar vein, Live Science magazine states quantum computers perform calculations using the rules of quantum mechanics — a branch of physics that involves photons, electrons, and atomic nuclei.
For a data scientist like Abraham, cybersecurity at its simplest form is numbers.
“Believe it or not, it’s a silly game of all those mathematical numbers that are going to save us from all those hackers,” he says, “not a guy with a construction outfit building walls. It’s these mathematical algorithms, just a bunch of numbers, that will do it. It’s just amazing and brilliant.”