A Nation-State Revenue Engine, Not a Struggling Regime

Gigabit Systems

May 3, 2026

•

20 min read

Share this post

A Nation-State Revenue Engine, Not a Struggling Regime

North Korea is having a strong quarter.

U.S. intelligence reports show foreign currency earnings at their highest level in years, driven by two pillars:

Cybercrime
Weapons sales to Russia

Estimates point to over $1 billion annually from hacking and up to $14 billion tied to arms transfers.

This is not a cash-strapped state.

This is a diversified operation.

The Cyber Division You’re Competing Against

North Korea runs a workforce of thousands of cyber operators.

Roughly 7,000 hackers
Organized, trained, and funded
Focused on financial theft, espionage, and access

But the more concerning shift is not just hacking.

It is infiltration.

The Fake IT Worker Problem

North Korean operatives are now embedding themselves inside Western companies.

They apply for remote IT roles.
They pass interviews.
They get hired.
They get paid.

From there, they:

Access internal systems
Exfiltrate data
Create persistent access points
Funnel income back to the regime

No malware required.

No breach alert.

Just a legitimate employee.

Sanctions Didn’t Stop It

Sanctions were designed to cut off funding.

Instead, North Korea adapted.

They built around restrictions using:

Cyber theft
Remote workforce exploitation
Global freelance platforms
Arms trade

This is what modern evasion looks like.

Why This Matters to Your Business

This is not a geopolitical issue. It is an operational risk.

SMBs hiring remote developers
Law firms outsourcing IT support
Healthcare organizations using contractors
Schools bringing in external vendors

If you hire remotely, you are in scope.

If you trust resumes and interviews alone, you are exposed.

The Real Risk Layer: Human Access

Most organizations focus on:

Firewalls
Endpoint protection
Network monitoring

All necessary.

None of them stop a trusted user with valid credentials.

That is the blind spot.

What You Should Be Doing Now

Implement strict identity verification for all hires
Use video verification and identity matching
Validate geographic consistency of candidates
Monitor for abnormal login behavior and access patterns
Limit access based on role, not convenience
Audit third-party vendors and contractors

Trust should not be granted at hire. It should be continuously verified.

The Bigger Reality

Human risk is not a talking point.

It is a funding mechanism.

Nation-state actors are not waiting for your defenses to fail.

They are getting hired.

And they are billing your payroll while doing it.

The Question Your Board Should Be Asking

How many of your users are who they claim to be?

70% of all cyber attacks target small businesses, I can help protect yours.

#CyberSecurity #InsiderThreat #NationalSecurity #SMBSecurity #DataProtection

Share this post

See some more of our most recent posts...

Cybersecurity

Your Browser Might Be Installing AI Without Asking

May 7, 2026

•

20 min read

Your Browser Might Be Installing AI Without Asking

The Allegation Raising Serious Questions

Reports are circulating that Google Chrome may be downloading large AI models locally on user devices.

The claim:

A ~4GB AI model (Gemini Nano) is installed
No clear user prompt
No meaningful notification
Re-download occurs if removed

If true, this is not a feature.

It is a consent problem.

What This Actually Means

Modern browsers are no longer just browsers.

They are becoming:

AI platforms
Execution environments
Local compute layers

That means software can:

Store large models
Run AI locally
Modify your device behavior

All without obvious visibility.

The Real Issue Is Not Storage

4GB is not the problem.

The problem is who controls your device.

If software can:

Install components silently
Reinstall them after removal
Require technical steps to disable

That crosses from convenience into control.

Why This Matters for Cybersecurity

This is a shift most people are missing.

Your endpoint is no longer static.

It is:

Continuously updated
Remotely influenced
Expanding in capability

That creates new risks:

Hidden processes
Increased attack surface
Unknown dependencies
Reduced user awareness

The Compliance Question

Privacy frameworks are built on one principle:

Informed consent

If software is storing large components locally without:

Clear disclosure
Explicit permission
Easy removal

That raises serious compliance questions.

Especially in regulated environments.

What This Means for SMBs, Healthcare, Law Firms, and Schools

If Chrome is part of your environment:

You may not fully control what is installed
You may not know what is running locally
You may not have visibility into changes

That is a governance issue.

Not just a technical one.

The Bigger Trend

This is not just about Chrome.

It is about where software is going:

AI models embedded locally
Continuous silent updates
Reduced user control
Increased vendor control

We are moving toward systems that operate first, explain later.

What You Should Do Right Now

Audit installed applications and storage usage
Review browser flags and experimental features
Limit unmanaged software installations
Monitor endpoint changes where possible

Because what you do not see is what creates risk.

Bottom Line

Your device is not just yours anymore.

It is part of a larger ecosystem controlled by the software you install.

And if that software can change your system without asking, the real question is not what it installed.

It is what else it can do next.

70% of all cyber attacks target small businesses, I can help protect yours.

#CyberSecurity #Privacy #EndpointSecurity #SMBSecurity #DataProtection

Cybersecurity

Technology

Must-Read

Google Isn’t a Tech Company. It’s Infrastructure.

May 5, 2026

•

20 min read

Google Isn’t a Tech Company. It’s Infrastructure.

The Scale Most People Underestimate

This is not just a business.

It is a system the world runs on.

Every single day:

13–14 billion searches
Android powering ~70% of global smartphones
YouTube with 2.5+ billion logged-in users

That is not market share.

That is global dependency.

The Part Nobody Sees: The Hidden Portfolio

Alphabet is not just operating products.

It is allocating capital like an investment firm.

Equity Stakes

Major position in Anthropic
Stake in SpaceX
$150B+ in unrealized value

This is not passive investing.

It is strategic positioning across the future of technology.

The Acquisitions That Changed Everything

Alphabet’s biggest wins were not built.

They were bought early.

YouTube → $1.65B → now $30B+ annual revenue
Android → $50M → global mobile dominance
DeepMind → now central to AI strategy

These were not lucky bets.

They were infrastructure plays.

The Quiet Machine Behind the Scenes

Through CapitalG and GV, Alphabet has exposure to:

Airbnb
Stripe
Databricks
UiPath
Duolingo

This is how influence compounds.

Not just through ownership.

Through ecosystem control.

The Moonshot Model

Alphabet operates like a lab at scale.

Waymo
Verily
Wing
Quantum
Fusion

Some fail.

Some become entirely new industries.

That is the model.

The Real Power: Capital + Scale

$85B in capital expenditures
$45B in R&D
$100B in cash

This is not a company optimizing for quarterly profit.

It is a machine designed to build the next wave.

The Cybersecurity Angle Most People Miss

When one company operates at this level:

It becomes a central point of dependency
It becomes a high-value target
It becomes part of national infrastructure

If systems like:

Search
Android
Cloud
AI models

Are disrupted, the impact is not isolated.

It is global.

What This Means for SMBs, Healthcare, Law Firms, and Schools

Your business likely depends on:

Google Workspace
Android devices
Cloud services
Search visibility

That means:

Your operations are tied into this ecosystem whether you realize it or not.

The Bigger Shift

Berkshire Hathaway built the industrial backbone.

Alphabet is building the intelligence layer.

Search is no longer just search.

Cloud is no longer just storage.

AI is being embedded into everything.

Bottom Line

Alphabet is not just scaling products.

It is shaping the infrastructure of the digital world.

And when infrastructure evolves, everything built on top of it changes with it.

70% of all cyber attacks target small businesses, I can help protect yours.

#CyberSecurity #AI #BigTech #SMBSecurity #DataProtection

Cybersecurity

Technology

That Party Invite Might Be Stealing Your Identity

April 29, 2026

•

20 min read

That Party Invite Might Be Stealing Your Identity

The Scam That Feels Good

Have you ever gotten a party invite that felt… unexpected?

That’s exactly the point.

Scammers are now using positive lures instead of fear. No “urgent warning.” No “your account is locked.”

Just:

A party
A hangout
An event
Something social

It works because people want connection.

Especially now.

Why This Works So Well

Most phishing training focuses on:

Urgency
Fear
Threats

So people are trained to spot:

“Your account is compromised”
“Act now or lose access”

But this scam flips it.

It offers something good.

And that’s why people miss it.

The Two Attack Paths

Once you click the link, the attack usually goes one of two ways:

1. Malware (Silent Theft)

You click the link
Malware downloads quietly
It runs in the background
It captures passwords, codes, and activity
It sends everything back to the attacker

No pop-ups.

No warnings.

Just silent data theft.

2. Credential Harvesting (Direct Access)

You click the link
You’re asked to log in to “view the invite”
You enter your email and password
The attacker now has your credentials

From there:

They access your inbox
Reset your accounts
Message your contacts
Spread the scam further

Why Your Email Is the Real Target

Your email is not just an inbox.

It is your control center.

It connects to:

Banking
Social media
Healthcare
Shopping
Business systems

If someone controls your email, they can reset almost everything else.

That is why attackers go after it first.

How to Catch This Before It Hits You

1. Be Politely Paranoid

Before clicking anything:

Text the person who sent it
Call them
Confirm it another way

This alone stops most attacks.

2. Stop Reusing Passwords

If one password is stolen, attackers try it everywhere:

Email
Bank
Apps
Work systems

Use a password manager.

Make every password unique.

3. Turn On MFA Everywhere

Even if your password is stolen:

MFA can stop the login

Use:

Authenticator apps (best balance)
Security keys (strongest)
SMS (better than nothing)

The Bigger Problem

This scam does not just affect you.

Once your account is compromised:

Your contacts are targeted
Your identity is used
The attack spreads

That’s how this scales.

Bottom Line

Not every scam tries to scare you.

Some try to invite you.

And the ones that feel harmless are often the most dangerous.

70% of all cyber attacks target small businesses, I can help protect yours.

#CyberSecurity #Phishing #SocialEngineering #SMBSecurity #DataProtection