The smokescreen of a Smartphone War

Yesterday’s news gives us ‘The secret smartphone war over the struggle for control of the user’ (at https://www.theguardian.com/technology/2016/sep/29/smartphone-war-operators-user-phone-service) held my initial interest for about 7.0 seconds. You see, it is an interesting story, but it is not the real battle that is being fought. As I personally see it, the secondary war is about the agreements that the Android phone makers seem to have with one another. That war we are kept in the dark about. In the end, the Telecom companies want you to be dependent on them, their products and their solutions. They give you some BS reasoning of ‘we weren’t offered that option‘, whilst their head office is all about containment. They only hold they have is by pushing you in a position where you need a new phone EVERY year. That is the service path we are all getting pushed into. Which is one reason why outright buy seems to be so overpriced in many cases. For the next bit we need to see GSMArena.com. There we find the following parts:

32/64 GB, 4 GB RAM
32/64 GB, 4 GB RAM
32 GB, 3 GB RAM (EVA-L19/EVA-L09)
64 GB, 4 GB RAM (EVA-L29)

You would think it is all the same, right? The last two are the same brand. I will get back to the list, but for now, what you would like to do is to check where you can get a 64GB edition, and for some that list is zero, you see, in Australian (not the only place) they are making sure that you cannot get the 64GB edition, in an age of consumerism, is that not weird? In that regard, Apple is the only one offering this, because of different reasons.

In all this, I have used my phone with a philosophy. It is a simple one and in my life of budgets an essential one. In the past, I learned the hard way early in life that chasing technology is a race that costs money and never leaves you with a true advantage, the gaming industry in the 90’s on PC were all about that. The mobile industry, like the PC industry learned this from the arms industry and they were really good students. So no matter what competitiveness they have, if they agree on a few ground rules, there will be enough space for exploitation for all of them. Now, in 2015, Huawei decided to rock the boat and as such they got a larger share than ever before, now that they are on par, they seem to go with the average lot of them. My hopes are that LG tries a same approach, which will cost Huawei et al dearly this year.

When you have been around your mobile for a little while, you will see that storage is (nearly) everything on a mobile and with marshmallow, a 32GB system will end up having about 22GB space left. There is the Android system and the mandatory apps, the amount leaves you with 10GB less. This is not a big deal you think, but over the year we will see an exponential growth of apps and they cost space too. Some people already learned this lesson with Pokémon Go and all the pics that were taken. They were realising how much space was lost. Now, we know that you can add a SD card and store pictures there, but apps must be run from the main storage and those apps are growing too. So over 2 years you would have run out of space. Meaning that you either clean up your system, or buy a mobile with more space. This you might have learned if you had an iPad or iPod. Storage was running low for some a lot faster than they bargained for.

So in this age, when the difference between 32GB and 64GB is one component which is in total a mere $32.87 more expensive, why would we even consider a 32GB system? Because at this point, the mobile warranty of 24 months could be served completely and we would not need another phone one year later! In addition, after 2 years we would have the freedom to choose a better and cheaper provider, so as I see it, neither Optus nor Telstra wants a 64GB phone in their arsenal and the only reason is that the iPhone is that size is because Apple has in general a global approach to their hardware.

Now let’s look again:

32/64 GB, 4 GB RAM – Samsung
32/64 GB, 4 GB RAM – LG
32 GB, 3 GB RAM (EVA-L19/EVA-L09) – Huawei P9
64 GB, 4 GB RAM (EVA-L29) – Huawei P9

Unless LG takes advantage of the option they have now, none of them offers the 64GB version in Australia! Is that not weird? Amazon UK offers both, and at times the 64GB is definitely more expensive, yet consider that at $100 more (for some a little more), you have peace of mind that this phone can last you 2 years without storage issues. That seems a pretty big deal to me. In addition, unless Android past Nougat (V7) grows a massive part, the user will have plenty of space to update their system, if the update would be offered. In addition, with all the other stuff we carry (photo’s music and so on), twice the size is pretty much the only way to go.

So why the mobile providers refuse their product to be on sale is just beyond me and the fact that none of them are offering a product in a place seems to be massively out of bounds. With Huawei the fact that there is a single slot and duo slot 32GB option makes even less sense to me. In my mind, this is all about control of the users, and controlling where the users go, which is a limitation on freedom devices have never offered before, so in my mind it was not with the consumers consent. The fact that Samuel Gibbs did not mention that part in their article is not as quoted “Fewer purchases mean the big smartphone players are now under pressure to extract more revenue from their existing user base, which is easier for Apple and its App Store than others reliant on Google’s Play Store, and to try to convince users that life is greener on their side of the smartphone divide“, it is to make sure that continuity prevails, to some extent for the smartphone makers, to the larger extent to mobile providers to keep them in their not seeking another providers place!

In addition the quote “At the same time, the mobile phone operators are in a similar competition. Switching between the major phone networks has always been an issue, whether it’s over price, customer service or the latest handset“, more important it is over bandwidth and facilitation, the more limits the hardware has, the less issues of competition the provider needs to deal with. So is Samuel Gibbs informing you on some ‘secret war’ or is he trying to keep your sight away from the options that matter? The fact that phone limitations is not part of his view (which could be because the UK offers both models) is equally disturbing that he did not look at this from a global point of view, when you are not made aware of what is by me expected and therefore implied is the limitation of hardware offered is as I see it, part of a secret war that they require you not to be aware of. If that is done intentionally, what do you think is in play?

So as the Samsung Note 7 is now an ISIS tool (when you install the 10 second countdown app) and only LG remains to go public with their new model, they now have an option to capture a much larger share of the audience as several of the participating parties refused to consider the consumers’ needs and seems to cater to the telecom request of limitation. LG has an option to grow much stronger in this market than ever before. Apple as IOS has a different situation and as seen on many fronts they have created their own walls of disturbance, so LG could even go after that lot, but we must respect that there is a huge offset between IOS and Android and as such, people are at times less willing to switch there. For now the latest rumours are that the V20 will start the pre-orders this Sunday in the US and European markets will be getting them, yet there is at present no confirmation for both the UK and Australia. So we will have to see about that part too.

The article had more. So consider my words and now see this quote: “Bibby says: “Imitation is the sincerest form of flattery. Flexibility like this is just the next stage of innovation so we’re not surprised to see others adopting it. Manufacturers are trying to ensure that more of their own handsets are sold in the market. They’re trying to clearly compete with each other.”” I disagree with Nina Bibby, marketing and consumer director for O2. The quote is not untrue, but incorrect. It is the presentation of what they want the issue to be, because is sets our mind at rest. I believe that the more correct quote is “They’re trying to clearly compete with each other within the agreed limits of the presented options“, which is not entirely the same! In that same view, the limitations due to the telecom agreements are equally in question. The fact that none offered the complete spectrum is just as much of a worry. Because it is like a corporation trying to make sure that its employees can never truly become independent, because that would be too dangerous for their own continuation. The second part in all this is the entire upgrade service program. It creates brand dependency, which is not essentially a bad thing, but guess what! I reckon that soon thereafter the 64GB option will come and there will be a churn for 12 and 24 months. At that point, the telecom providers would want a phone to last as long as possible. It could be in different ways. For example after 12 months 65% off and a $1 upgrade after 24 months. This is just speculation, so this is not a given, yet overall not that far-fetched.

The most interesting quote is at the end “For now, the battle for control of the phone in your hand is happening behind closed doors. Soon we’ll begin to see the phone-as-a-service idea pushed by one of the big manufacturers, but only once the operators are no longer crucial to sales“. The first part is that not all of the closed doors is about the phone, bandwidth has been a forever war between iiNet, Optus and Telstra in Australia, and the phone-as-a-service is not all in the hands of the manufacturers, that will come soon enough (in one case it already is) in hands of the Telecom companies, because that is a direct factor for customer loyalty, who does not see the $45 a month phone as the margin, it is the $90 a month subscription where their margin is and that part can be set to non-taxation a lot faster too. The phone is merely a hardware write-off, increasing their ROI.

So when you consider your new phone do not be fooled by the SD slot, wonder why the full version is out nearly everywhere else, except Australia? For Australians, consider one nice issue, the Kiwi’s do get the 64GB edition several stores have it available to order. So, do you feel special now, of just used by both the handset sales people and your telecom provider? More important, what other issues did that secret war of smart phones not inform you about? Perhaps you haven’t seen the implications of not having a choice in certain cases. People have been so busy bashing iPhone’s Apple that they forget that Android phones have their own collection of imposed limitations for the consumer.

 

Leave a comment

Filed under Finance, IT, Media

How about them budgets?

Today it starts with the Wall Street Journal (at http://www.wsj.com/articles/italy-cuts-growth-forecast-for-2016-and-2017-1475014871), where we just got the news that Italy is downgrading the forecasts, from “1.2% for this year and 1.4% in 2017″ to “0.8% this year and 1% in 2017“, an offset of 0.4%. So, even as we consider how small this is, on a number 2.22 trillion, this still affects 8 billion dollar. Now, I would agree that the numbers are small, but when analysts are talking in millions, getting it wrong by 8000 million, the error is a little larger than should be allowed for. Italy is not the only one in this predicament, and the fact that this prediction is only reported approaching the final quarter of the initial reporting year, should give clear indication that something should have been known at least a quarter ago.

Italy is not the only one, France is reported on by Reuters that the deficit target will not be met. In this case, France has one part in favour of them, with the refugee issues going through their nations, certain places and departments have been unable to meet any budget, which under the unpredictability of that escalation makes perfect sense. We can overanalyse it, but without the proper raw data, it remains a speculation and not a very accurate one.

Germany has an entirely new issue to deal with, it is now dealing with a surplus and a growing one. Another prediction I got right, but not by the amount I thought it would. Germany exceeded expectations by growing the surplus past a quarter of a trillion dollars. So apart from the surveillance investments, Germany can look forward to (as doomsayers would state), to an interestingly larger EU donation voucher (read: invoice), one that is (according to Reuters) about 4.5 billion higher. The funny people did mention that post Brexit this was the consequence and as such, that response is funny, because it is only angering the German population, where a growing group is calling for a German referendum. Now, there is no official one planned, but that might not be for very long at present. With Alternative für Deutschland (AfD) on the rise, which according to Euro news is at an all-time high of 16%, this makes them a contender, with Chancellor Merkel now in a tough spot as the hard work Germany did achieve is now to some extent syphoned to the EU and Brexit will add to their worries. Now that Brexit is not showing to be the financial disaster so many experts claimed it to be, the threshold for leaving the EU is being lowered by a fair bit. AfD party leader, Frauke Petry stated: “And I think this is why many citizens don’t believe in the established parties and politicians anymore, because they simply don’t feel being taken seriously by the politicians firstly, and secondly because they feel basically betrayed by these politicians because they do not tell the truth”, which is an issue that many people have with the ‘status quo approach that those on the gravy train of EU incomes have been voicing‘, adding to the unrest in several nations. The issue now being pushed by France and Germany is an EU army solution, which seems odd in the light of NATO and it is detrimental on national policies all over Europe, giving another iteration of commissions and conceptual time wasting, as well as resources, especially financial ones.

Yet several news cycles are giving the implied worry (a worry from my side) that the Netherlands hasn’t learned its lesson yet and it is now playing a dangerous game. The initial consequences of Brexit are not realised and there are still worries that are undealt with. With a big smile Dutch Finance minister Jeroen Dijsselbloem stated last week in the national budget day which has forever been the 3rd Tuesday of September that the message is ‘focus on investing in opportunities‘, yet he also admitted that ‘many people have still not benefited from the economic recovery‘. I personally believe that ‘recovery’ is too optimistic. You see, for too long, the EU deficit had been too high, the debt is close to out of control and the Dutch have, due to serious budget restraints gotten the upper hand over the debt to some extent. What is interesting is the way we see it in the NL Times (at http://www.nltimes.nl/2016/09/26/netherlands-0-5-pct-budget-surplus-2nd-quarter-2016/). The quote at the very end “Statistics Netherlands expects that the budget deficit will mount to 1.1 percent this year and 0.7 percent next year“, gives us clearly that there is no budget surplus, the deficit is finally being turned over, meaning that the deficit is still 0.7% in a years’ time. That means that the debts are for now still going up! I am willing to make the hazardous statement “Mark my words, by April 2017 there will be a bad news cycle that the deficit will alas not make it, due to <insert meaningless reason here> and is expected to be 1.6% in 2016, whilst the forecast for 2017 predicts the deficit to decline sharper to 0.9%“. I’ll keep an eye on this, because I want to know how it all goes. One of the reasons here is that whilst certain scaremongers, set to undo Brexit are still playing their games and placing the pawns in the field. The reality is that unless the Netherlands sets out a much stronger partnership with the UK, the UK fishers who saw the benefit of quickly unloading in places like Stellendam and Breskens so that they can do one additional load, that list will drop to zero (the number was never really high). But that is only one part of several issues that we see. The Dutch Harbour of Rotterdam, could also feel the pinch to some degree. The degree cannot be predicted, but it will happen, meaning that the blind billion to expect will lower by an indecent amount of millions. It is important to realise that the impact will not be large, but two or three of these impacts, like containers via Belgium and a few more of these changes and the impact will change the numbers. So the Netherlands is not out of the woods and we see ‘investment’ statements. Not to mention the German need to make a few changes, which means that containers to a larger extent will not go through Rotterdam, but straight to the end location via Hamburg. This is not a given, not a certainty, but a risk! All these issues are not considered and there is still for well over a year a deficit to content with. The NRC (at https://www.nrc.nl/nieuws/2016/09/21/kabinet-geef-geen-cadeautjes-maar-investeer-4373438-a1522535) gave us last week “Daarnaast zondigt het kabinet door het totale uitgavenplafond te verhogen met 2,2 miljard euro; de Zalmnorm wordt rücksichtslos terzijde geschoven“, which paraphrased gives us “The sinful deed of this government, through the raising of the maximum budget by 2.2 billion, the budgeting norm is blindly pushed aside“, meaning that as elections come close, the government is trying to give a fake ‘all is well’ view that will be discarded soon thereafter when the numbers show that nothing was achieved and Dutch spending will again go beyond acceptable levels.

In all these factions, the reasoning of Brexit holds firm and this whilst Mario Draghi (at http://www.bbc.com/news/live/uk-politics-parliaments-37473075), starts his political ‘career’ in the trend, of ‘I am looking for a new position, preferably before the reality hits you all‘, by stating “the initial impact of the Brexit vote on the Eurozone has been “contained”“, which is utterly untrue. The impact is not contained, the results are not known because spin doctors are still trying to turn this around via any political means available. In addition “resilience after the vote was thanks in part to “adequate preparation” by both the ECB and the Bank of England“, which we know was not entirely true because someone decided to leak the required need for investigation by the Bank of England in the first place, which meant that the armour of EVERY party went up, so there was a large level of speculated bad news in there, the news clearly showed how disastrous it would be and it failed to happen. In addition, we see “Draghi ‘doesn’t have answer’ on future of Euro clearing in London“, which is interesting when we see “the issue of the UK’s departure from the EU and its implications for the executing – or “clearing” – of euro-denominated transactions in the City of London“. Why would that change? Why would people want to make those changes, because pre of post brexit, there was no impact for the US Dollar, so why is that suddenly an issue? The fact that the ECB took that path and that the result was that it was successfully challenged at the European Court of Justice by the UK government last year, makes me wonder why Neena Gill (Labour MEP for West Midlands) opened her mouth in the first place (regarding THAT questions that is). The fact that Jill Seymour of UKIP got a much larger support in her district gives me the idea that she has other problems to deal with, playing ‘ban-she’ (pun intended) to a question that the UK does not want to raise again for now, whilst staying silent over Draghi’s Trillion Plus Euro stimulus and now the rephrased additional overspending via the what is referred to as the ‘Juncker Expansion wallet’ is one that should have been on her lips. As I see it, she would have been better off staying at home (or in her office) and send someone else to actually grill Mario Draghi. In addition, when French Liberal MEP Sylvie Goulard asked the question, it seems clear to me, that she was setting up the essential discussion to try and move some of the City of London’s expertise towards Paris, which is a proud nationalistic tactic to have and as she is French, I would applaud her attempt with the response: ‘well played milady, but at present not the best idea!‘, as I see it, Neena Gill didn’t have to add to this! The question is not completely unsound, yet the path of Euro based Derivatives is a key market and London does not really want to move it for obvious reasons, yet the size of it has everyone on the edge. The issue has happened before, yet the considered impact will be beyond believe, the stakeholders could lose quick access to Trillions when the clusters get upset and the Euro Clearing moves to Paris (or even Germany). The plain issue is that the shift could very well happen when Frexit is in full gear, what happens after that? Another move? If you want to learn more, look at the Bloomberg interview (at http://www.bloomberg.com/news/articles/2016-09-21/global-banks-said-to-plan-for-loss-of-euro-clearing-after-brexit), which gives a decent picture, even if economy is not your field.

All issues linked to budgets and each of them having a larger impact on the EU as a whole. Now, I understand that Brexit makes France and Germany trying to take the Euro Clearing market, yet, as the growing voice of Frexit bolsters, moving the Euro seems to be a really bad move, even for stakeholders who hope to gain a short term advantage. Even if we see that the Netherlands is a lot less likely to follow this path at present, France is close to doing it and the number of people wanting this in France is still growing. I personally see that budgets have been at the core of this from the very beginning (starting with the Greek one that is),

For Greece this is not a nice time and it will stay as gloom as death for a long time to come. The new austerity measures will cut hard, especially with the retired population of Greece. There is something utterly unacceptable regarding the transfer of the assets, including major organizations such as the country’s power corporation and the water boards of Athens and Thessaloniki. My view goes back to ‘Cooking the books?‘ (at https://lawlordtobe.com/2014/01/22/cooking-the-books/) as well as ‘Feeding hungry wolves‘(at https://lawlordtobe.com/2015/07/28/feeding-hungry-wolves/). My issue is that Greece had to be held accountable, but a fire sale leaving Greece with nothing was never an option in my book. Partially, when team Tsipras-Varoufakis won the elections they had an idea and no other path but their pride, this was where they ended. The initial idea to open the bond markets again was even worse. Now we see a Greece that has Greeks, yet is no longer Greece, as I see it, for the first time in history, the bulk of a nation is owned by banks and creditors, a situation that has never happened before to this extent (as far as I can tell), even as there is an option, it will still remain ugly for Greece for a long time. However, if the change would be accepted Greece would have a first step in actually resolving things. Resolving up to a degree, because I do not expect that this can be solved within the next two generations (if that happens, it will be a miracle). In that regard the energy and utilities would remain completely Greek and a first step into an actual future would be made. Yet, this is not about Greece!

The issue seen that debts are mounting up and we get to see these academic speeches on how good it was. For me, I still remember the 2015 article in the economist (at http://www.economist.com/blogs/economist-explains/2015/03/economist-explains-5), where we saw “some worry that the flood of cash has encouraged reckless financial behaviour and directed a fire hose of money to emerging economies that cannot manage the cash. Others fear that when central banks sell the assets they have accumulated, interest rates will soar, choking off the recovery“, so no matter how you twist it, it is additional debt, the people get to pay in the end, and as the evidence has shown the last 10 years, proper budgeting is not the aim, the ability or the inclination of these EU governments, making the people anxiously running towards the nearest European Exit Compound.

 

 

Leave a comment

Filed under Finance, Media, Politics

What the Frack?

I have stated in several occasions that I am at heart a Conservative, I believe in the conservative plan and for the most, the damage Labour has achieved, on a near global base gives me the certainty that I will nearly never see eye to eye with labour. Yet, it is that nearly part that is today the issue. You see, the one part I do agree with is their opposition to Fracking.

I myself grew up in the Netherlands. My grandfather is British and served in WWI , my mother was British, so I am unofficial (for now) British too. I have seen the damage that Fracking has done in the Netherlands. The historic buildings that are now damaged, some beyond repair is just unacceptable. The North of the Netherlands (Groningen) has a unique historical architecture, which is now partially diminished and that is not a good thing. Consider the people who are losing their houses so that a little more gas can be obtained, and the expense that it had to go through to get it. In addition, the Dutch gas company NAM that was the instigator of this approach lost its case last year, which had as a consequence that loss of property value has to be repaired, with over 2000 claims in 2012 alone, the NAM is currently looking at claims totalling into the billions of Euro’s. The good part in this for British Barry Gardiner is that Common Law torts is actually stronger in protecting the home owners’ rights than Dutch law was, so the moment anything goes wrong (it will), the parties that will start fracking will end up paying a lot, possible even a lot more than the value of the gas obtained, so that story could go south fast and a lot faster than any administration would like it to be.

In addition, the UK has one additional issue the Dutch do not have. Fracking in the UK, because of the rocky foundation requires a higher pressure than the Dutch required, giving the UK a slightly larger issue with earthquakes and in addition to that, if the chemicals enter the groundwater in any way (a very likely issue), the damage to people’s health because of water pollution could have the realistic danger to hit water sources that people and farms rely on (being an island surrounded by salt water adds to that danger). That last is not a given, but if it happens, the UK would be in a perilous situation. You see, the Dutch have a collection of waterways and water sources that outdo the UK by a lot, considering they have larger (drink) water provision, with the Dutch at 17% of the size and only 25% of the population, if anything had gone seriously wrong (water wise), the Dutch have alternatives, the same is not clear and should be considered as doubtful for the UK.

In the Netherlands there is an issue, however, we need to clearly look at both sides. The anti-Fracking sites are giving the readers the ‘burning water‘ example, whilst the pro fracking people claimed that this was swamp gas that had found its way into the ground waters. There are issues here, but it was not a given that fracking caused this instance. Still, the county of Groningen has access to 45 billion litres of water, and that is one of the least populated areas of the Netherlands. The Technical University of Delft had this paper that was done for the Drinkwater cooperation in the Netherlands (at http://www.vewin.nl/SiteCollectionDocuments/Dossier_schaliegas/Schaliegas_gevolgen_voor_ons_grondwater.pdf), their site vewin.nl has an English version of the site.

An important conclusion is: “De overkoepelende conclusie van voorliggend rapport is, dat schaliegaswinning in principe veilig zal zijn voor het drinkwater, onder de voorwaarde dat maatregelen worden genomen die de zorgpunten van de sector adequaat wegnemen. Dat vergt in elk geval openheid over de gebruikte chemicaliën en monitoring die start voorafgaand aan het boren en wordt voortgezet tot en met de nazorgperiode (30 jaar na het voorgoed sluiten de putten)“.

The paraphrased translation “The conclusion of this report is that Fracking is in principle not hazardous for drinking water, with the clear condition that safeguards are set in place, with openness of disclosure of all chemicals used and monitoring starting before fracking commences with continued measuring of the chemicals for a period of 30 years after fracking stops“. There is a little paraphrasing here. Yet the foundation that monitoring for 30+ years will have a massive impact on the profitability, with the added situation that the Dutch, due to the soil, required an expected lower pressure. Also, the risk was still there, yet lower due to what I regard of vast water supplies. Elements the UK does not have to the extent the Dutch have, meaning that the risk here will be higher. This is one of the principle reasons I am on the side of Barry Gardiner. The interesting thing is that he is a lot more fearful than the Scottish are, which is also weird because should any water get a case of fracking chemical pollution, one of the main ingredients for making whiskey is gone, ending that market for a very long time. So, buying a 100 cases of Scotch, the day fracking is approved in Scotland, might be a very worthwhile investment indeed.

You see, my aversion to all this is that it requires openly revealing all chemicals used and monitoring. I have never ever seen any profit driven company adhere to these terms. Like the Dutch report shows the Halliburton side of it all and how spiffy their technology is. It is in the end an academic presentation to a set of requirements most large companies will ‘accidently’ ignore and when it goes to court a ‘fine’ will be advocated for that allows them still a degree of profits, whilst the elements in nearly all reports require a level of responsibility and adherence to issues that make profit a near non-issue as there will be no profit. This beckons me to think why any consideration to allow fracking is even considered to begin with. By the way, should any drilling organisation decide to go bankrupt, the aftercare of 30 years would not be possible, meaning that suddenly the government would be required to monitor all this, an expense no one is waiting for.

For the most, there are issues that cannot be guaranteed how deep it will impact the UK, yet the dangers, the risks and the long term consequences, whilst the profit is not even close to a guarantee makes me wonder why the UK Government on both sides of the isle have abstained to unite in banning Fracking on the grounds of risks and uncontrollable costs after the fact. That alone, whilst a trillion in debt should be enough to keep people away from Fracking. Only today, the Dutch NOS now reports that the Dutch NAM is going to appeal last year’s decision regarding the loss of value of houses. A Statement of Appeal, in Dutch named ‘memorie van grieven‘ has been submitted, at 16.5 Kilograms, or in a slightly more metrical definition: 3400 pages. The quote “The Company calls the verdict outdated and vague, saying it creates a huge administrative burden for the NAM“, which I find hilarious. There has been too much damage and clearly proven damage because of fracking, now that the NAM is finding the loss of profit too large, it drowns the court with a document that will take months to read. So as this case will now see another legal iteration that will not start until 2017, the people at NAM will get out fast with as much cash as possible and leave others to clean up the mess (speculation on my side). This is in my view another reason to support the view Barry Gardiner has. If not for the mere logic, then for the common legal sense that any mishap will bring with it.

The last side is the US, when we look at sourcewatch.org, we see the claim that go a lot further. There have been cases where the monitoring labs falsified data and ended up paying $150K fine with 5 years of probation, which was in East Syracuse New York. The EPA (Environmental Protection Agency) has shown and found water safety issues with residential drinking water wells in Texas, West Virginia and Wyoming. Cases of elevated levels of Arsenic and Selenium (not the healthiest in even minute traces), places where there were elevated amounts of Ammonium and Iodide, which would be devastating to environment and wildlife and in Wyoming they found Benzene at 50 times higher than safe levels advice. What was even more upsetting is that a June 2015 report (at http://www.bloomberg.com/news/articles/2015-06-04/u-s-epa-study-finds-only-limited-water-pollution-from-fracking) is reported by the news as ‘EPA Study of Fracking Finds ‘No Widespread, Systemic’ Pollution‘, there is no way to tell who to believe, but the reports stated in the past as well as some of the actions give way to the notion that big business has a hold over the EPA, not the other way around. What is also interesting in the Bloomberg article is ““Now the Obama administration, Congress, and state governments must act on that information to protect our drinking water, and stop perpetuating the oil and gas industry’s myth that fracking is safe,” said Lauren Pagel, Earthwork’s policy director, in an e-mail“, I myself would have gone a step further and make the children of the people behind the EPA report drink the water from these wells and watch how scared those parents would suddenly become. I wonder if we see any proclamations that their children are allergic to water. The crisis in Flint Michigan is another piece of evidence. Important that this is NOT about fracking, but about the mishandling of evidence regarding the quality of water. Water with heavy metals (lead) tends to be really unhealthy and the fact that one member of the EPA was involved only shows that big business finds a way to take the lead, or is that lead to profit.

As I personally see it. Fracking is nothing more than fake money. Some call it printing your own cash, which is one side, but consider that you are printing £100 that note would cost you £30 in paper and £85 in ink? How profitable is printing money then? Especially as the increased price of ink is one that both government ignore and corporations forget to mention. And the image of Balmoral Castle? Well, to cover the losses, that ‘piece de resistance’ could actually got on the market to cover the losses and that is not too far-fetched I reckon. So far there is not one place that can clearly show the benefit without the out of control risks, making this solution a non-option before it even starts.

Fracking? Get the Frack out of here!

 

Leave a comment

Filed under Finance, Law, Media, Politics, Science

The name of the sponsor

The article that was in the Guardian on Friday, gives us a few issues. You see, I have been looking at several issues in the tech world and I overlooked this one (there is only so much reading that can be done in a 24 hour range and it is a big planet). You see the article ‘Yahoo faces questions after hack of half a billion accounts’ (at https://www.theguardian.com/technology/2016/sep/23/yahoo-questinos-hack-researchers) gives us the goods from the very beginning. The quote “Yahoo’s admission that the personal data of half a billion users has been stolen by “state-sponsored” hackers leaves pressing questions unanswered, according to security researchers“, is one I would go with ‘and the evidence?‘, which gives us all kinds of related connections. The quote “Jeremiah Grossman, head of security strategy at infosec firm SentinelOne, said: “While we know the information was stolen in late 2014, we don’t have any indication as to when Yahoo first learned about this breach. This is an important detail in the story.”” is only one of a few issues at the heart of the matter. You see, when we look at the issues that are the plague of these start-up firms (Yahoo and Sony), we should think that they are start-up firms or they are massively negligent. In both cases their routers allowed for the transfer of massive amounts of data. As they are the same size in start-up (sorry, sarcasm prevails), we need to wonder how a few hundred million packages fall between the cracks of vision of whatever security element their IT has. We could wait until someone states that there is no security on that level and the race is truly on then!

This whilst additional support as seen stated by Chris Hodson, EMEA chief information security officer at enterprise security firm Zscaler, when we read: ““With no technical details included in Yahoo’s report about how the data was exfiltrated, just that it was, it’s impossible to assess credibility of the ‘state sponsored’ claim“, a statement I agree, but in addition, I also wonder why we aren’t seeing any reference or initial response from the FBI that this was from North Korea. It fits the time frame doesn’t it? First a dry run on Yahoo and the actual heist was Sony. Or perhaps some players are figuring out that North Korea was never an element and that someone clever enough found a flaw and hit both Yahoo and Sony. The quote “both from the date of the hack, almost two years ago, and from the first appearance of the dumped data on the dark web almost two months ago where it was being sold by a user named “Peace of Mind””, the speculation comes to mind: ‘perhaps this person is the second owner and this person is reselling acquired data’, which would make sense in several capitalisic ways. The article also enlightens what I believe to be a callous approach to security: “The breach also highlights a strong problem with “security questions”, the common practice of letting users reset passwords by answering questions about their first house or mother’s maiden name. Yahoo did not encrypt all the security questions it stored, and so some are readable in plaintext. While it may be irritating to have to change a stolen password, it is somewhat worse to have to change a stolen mother’s maiden name.” The insensitive disregard is clear when the security question is not encrypted and mum’s maiden name is given in plain text, adding to the personal data the thieves borrowed (long-term). Now, we know that there are in these situations several questions, and not all are really about privacy sensitive based data (like a favourite pet), but consider the 2013 movie ‘Now You See Me‘ Consider the dialogue in the New Orleans Show scene:

Jack Wilder: How could we, Art? We don’t have your password.
Henley Reeves: We’d need access to information we could never get our hands on.
Daniel Atlas: Yes, security questions, for instance, like, I don’t know, your mother’s maiden name or the name of your first pet.
Merritt McKinney: Where would we get that information, Art? You certainly would never tell us.

A movie gives us the danger to our goods a year before this data is stolen and nobody presses the alarm bell? The only part that would be even funnier if this was a Sony movie, but no, it was Summit Entertainment who brought this gemstone! Now, we know that life is not a movie, yet the fact that this part is stored as plain text, perhaps not the best solution! In addition as IT developers tend to be lazy, how many other firms, especially those who are a lot smaller, how are they storing this data? Also in plain text?

You see, I have seen parts of this issue too often. Too many firms have no real grasp of non-repudiation and go through the motions so that they seem (read: present themselves) to be about security, yet not really security driven. Because if the client doesn’t want it (many are too lazy), they have opted for it and they are in the clear. Yet when we see that the security questions are in plain text, questions should be asked, very serious questions I might add!

There is one more side to all this, the Guardian raises it with: “what happens to the company’s multi-billion dollar merger with Verizon now? Kevin Cunningham, president and founder at identity company SailPoint, argues that the breach should already be priced in“, we then see the issues of thoroughness raised from Verizon, but in all this, the data theft does not makes sense. You see, if my speculation is true and “Peace of Mind” is the first sales iteration, was this ID the only customer? If so, how come that the sale took this long, the timeout between the event in 2014 and the optional sale a few months ago is weird, as accounts change so quickly, the power and value is in quick sales. To put it in perspective, selling the data to 10 people for a total of 5% of the value is safer then awaiting for one person getting 70% of the value 90 days later. This is a movers and shakers world, the 90 day person is a perhaps and these people are about the ‘cash now’. The market stall people! So in this an 800 day customer implies that there might have been ulterior reasons. Which one(s) I can only speculate on, and I prefer not to do that at present. Now, in that side, it is of course possible that this was ‘state-sponsored’ and it was sold on to keep the wolves at bay, but that too is speculation with absolutely no data to back the speculation up.

Verizon might have taken a calculated level of risk in acquiring Yahoo, yet if the data transgression was never divulged, would this be a case of fraud? The US has the “benefit of bargain” rule, so there could be a decent case of represented and actual value. In addition if we allow for Special damages from a legally recognizable injury to be held to be the cause of that injury, with the damage amounts to specificity. If the data theft would have been known, the value of the firm would have been a lot lower.

Unless this was clearly disclosed to Verizon (I actually do not know), Verizon might have a case, which would be disastrous for Yahoo.

If we consider the news from July at NBC (at http://www.cnbc.com/2016/07/25/verizon-to-acquire-yahoo.html), the setting is not just “Microsoft, Yahoo and AOL lag far behind and have lost market share“, there is no guarantee that those hit by the hack will remain in their Yahoo setting. Google has made it far too easy for people to switch over. The effort made in the past to transfer towards Google could inspire those people to switch to Google, import their mails and start with little or no loss at all. Which means that it is not impossible that Verizon after the merger remains a one digit digital marketing group, something I feel certain Verizon never counted on.

So where is this going?

There are two sides to this, not only is this about cyber security, or the lack thereof. The fact that Verizon has no unlimited data and those with Yahoo accounts who had them will now see their prices go up by a lot (when is this not about money?). Verizon has a 100GB shared option at $450 a month, which is beyond ridiculous. In Australia, iiNet (an excellent provider) offers 250GB for $60 a month and in the UK British Telecom offers a similar plan for no more than £21 a month (which is about $35), considering that BT is not the cheapest on the block, I have to wonder how Verizon will continue, when people have to switch, because their music apps (radio and so on) drain their data account at 6-8GB per day (a harsh lesson a friend of mine learned). Meaning that Verizon is actually a disservice to open internet and free speech. As I see it, free speech is only free if the listener isn’t charged for listening, or better stated, when certain solutions are locked to be not via Wi-Fi, meaning charged via bandwidth. So the accounts were one side, the amount of data breeches that we are seeing now (on both the Verizon and Yahoo side) imply that not only are they too expensive, they aren’t as secure as they are supposed to be and in addition, cyber laws are blatantly failing its victims. Having your data in plain text at $450 a month seems a little too unacceptable, merely because the odds to keep your fortune in Las Vegas tend to be better than this.

So now consider the sponsor, the people behind the screens on both the corporate and hacking side. So let’s take a look

Corporate

Here the need for security is essential, yet there is clear indication that those aware of spreadsheets (read: Board of Directors) are in equal measure naive and blatantly unaware that data security is essential and not the $99 version in this case. The cost of secure data is ignored and in many cases blatantly disregarded. The Yahoo case is inferior to the Verizon data transgressions that have been reported in this year alone. It is so nice to read on how the health industry is hit by organised crime, yet the amount of theft from their own systems is a lot less reported on. I find most amusing the text that the Verizon Data Breach Investigation Report shows: “Yes. Our vulnerability management solutions identify and fix architectural flaws in POS and other patientfacing systems“, “Yes. Our identity and access management solutions prevent the use of weak passwords, the main cause of data breaches in the healthcare industry” and “Yes. Our intrusion detection and threat-management solutions help detect and mitigate breaches more quickly, limiting the damage caused” (at http://www.verizonenterprise.com/resources/factsheet/fs_organized-crime-drives-data-theft-in-the-healthcare-industry_en_xg2.pdf), I reckon that a massive overhaul of their own systems has a slightly higher priority at present. In addition there is no information on how secure the Verizon Data Cloud is. It doesn’t matter who provides it (as I see it), and I reckon we see that iteration hit the news the moment we learn that the UK Ministry of Defence Cloud gets tweaked to another server that is not under their control. It is important to realise that I am NOT scaremongering, the issue is that too many players have kept the people and corporations in the dark regarding monitoring options, intrusion detection and countermeasures, with the cloud, any successful intrusion has the real danger that the data hack is more complete and a lot larger in data loss. Moreover, Microsoft and Microsoft employees have one priority, Microsoft! Consider that any Microsoft employee might not be as forthcoming with Cyber transgressions, no matter what agreed upon. After the agreement, any internal memo could sidestep a reportable transgression. It is a reality of corporate life. In this, until the proper military staff members get trained, the Ministry of Defence (read: as well as GCHQ to some extent) will be catching up through near inhumane levels of required training, which gets the Ministry burnout issues soon enough.

Hackers

No matter how small, these attacks (yes plural) required serious hardware and access to tools that are not readily available. So whomever involved, they are either organised crime, or people connected to people with serious cash. This all gets us a different picture. I am not stating that some hackers work for reasons other than ideological. The rent in mum’s basement and hardware needs to be paid for, if not that, than the electricity bill that will be in excess of $130 a month. It might be trivial to mention, yet these little things add up. Hardware, electricity, storage, it gives the rising need of a sponsor for these hackers. There is no way to tell whether this is ideological (to show it can be done), technological (selling the flaws back to the makers of the solution), or criminal (to sell the acquired data to a competitor or exploiter). We can assume or speculate, but in reality, without additional evidence it is merely a waste of words.

So even if we know the name of the sponsor, this hopefully shows that the need to divulging information on data transgression has been way too light. In the past there was a ‘clarity’ that it was onto the firm to give out, but as they seemingly see it as a hazard to their wealth, too many victims are kept in the dark and as such, the financial danger to those victims is rising in an unbalanced way. If you would doubt my words, consider the article at http://www.geek.com/games/sony-psn-hack-is-only-the-4th-largest-data-breach-of-all-time-1390855/, which was set in June 2009. Geek is not the news cycle you might desire, but the summary is fine and confirmable. The hack to the Heartland Payment Systems January 20th, 2009 might be one of the more serious ones, the 130 million records was more complete and could have a more devastating effect on the US population then most others. From my point of view, a massive shift to proactive data security should have been law no later than 2010, I think that we can safely say that this never happened to the extent required, which is another nice failure of the political parties at large and as such, this could get a lot uglier soon enough. The article also shows a massive Sony failing as there have been 6 large breaches in 2011 alone, so the Sony hack of 2012 shows to be a continuing story of a digital firm who cannot get their act together. That was never in question, in combination with the latest revelations, there is the added pressures that this cannot be allowed to continue and these firms need to start being held criminally negligible for transgressions on their systems. Just like in torts regarding trespass, it should be actionable perse. In addition, the hackers should be held in that same way, with the bounty changed to no less than double digit jail with no option for parole. The mere realisation that there is a high price for these transgressions might be the only way to stop this and in this age should not be a distinguishing factor, so any teenager hoping for an adventure with a nice pay package could end up not getting laid until they turn 30. The last part is unlikely to be a reality ever, but the fact that this is where we should have been going needs to be stated, for the mere reason that a shown failure of nearly a decade is no longer an option to ignore, not when the stakes are getting to be this high.

Leave a comment

Filed under IT, Law, Military, Politics

Room for Requirement

I looked at a few issues 3 days ago. I voiced them in my blog ‘The Right Tone‘ (at https://lawlordtobe.com/2016/09/21/the-right-tone/), one day later we see ‘MI6 to recruit hundreds more staff in response to digital technology‘ (at https://www.theguardian.com/uk-news/2016/sep/21/mi6-recruit-digital-internet-social-media), what is interesting here is the quote “The information revolution fundamentally changes our operating environment. In five years’ time there will be two sorts of intelligence services: those that understand this fact and have prospered, and those that don’t and haven’t. And I’m determined that MI6 will be in the former category“, now compare it to the statement I had made one day earlier “The intelligence community needs a new kind of technological solution that is set on a different premise. Not just who is possibly guilty, but the ability of aggregation of data flags, where not to waste resources“, which is just one of many sides needed. Alex Younger also said: “Our opponents, who are unconstrained by conditions of lawfulness or proportionality, can use these capabilities to gain increasing visibility of our activities which means that we have to completely change the way that we do stuff”, I reckon the American expression: ‘He ain’t whistling Dixie‘ applies.

You see, the issue goes deeper than mere approach, the issue at hand is technology. The technology needs to change and the way data is handled requires evolution. I have been in the data field since the late 80’s and this field hasn’t changed too much. Let’s face it, parsing data is not a field that has seen too much evolving, for the mere reason that parsing is parsing and that is all about speed. So to put it on a different vehicle. We are entering an age where the intelligence community is about the haulage of data, yet in all this, it is the container itself that grows whilst the haulage is on route. So we need to find alternative matters to deal with the container content whilst on route.

Consider the data premise: ‘If data that needs processing grows by 500 man years of work on a daily basis‘, we have to either process smarter, create a more solutions to process, be smarter on what and how to process, or change the premise of time. Now let’s take another look. For this let’s take a look at a game, the game ‘No Man’s Sky’. This is not about gaming, but about the design. For decades games were drawn and loaded. A map, with its data map (quite literally so). Usually the largest part of the entire game. 11 people decided to use a formula to procedurally generate 18 quintillion planets. They created a formula to map the universe with planets, planet sized. This has never been done before! This is an important part. He turned it all around and moreover, he is sitting on a solution that is worth millions, it could even be worth billions. The reason to use this example is because games are usually the first field where the edge of hardware options are surpassed, broken and redesigned (and there is more at the end of this article). Issues that require addressing in the data field too.

Yet what approach would work?

That is pretty much the ‎£1 billion question. Consider the following situation: Data is being collected non-stop, minute by minute. Set into all kinds of data repositories. Now let’s have a fictive case. The chatter gives that in 72 hours an attack will take place, somewhere in the UK. It gives us the premise:

  1. Who
  2. Where
  3. How

Now consider the data. If we have all the phone records, who has been contacting who, through what methods and when? You see, it isn’t about the data, it is about linking collections from different sources and finding the right needle, that whilst the location, shape and size of the haystack are an unknown. Now, let’s say that the terrorist was really stupid and that number is known. So now we have to get a list of all the numbers that this phone had dialled. Then we get the task of linking the information on these people (when they are not pre-paid or burner phones). Next is the task of getting a profile, contacts, places, and other information. The list goes on and the complexity isn’t just the data, the fact that actual terrorists are not dumb and usually massively paranoid, so there is a limit to the data available.

Now what if this was not reactive, but proactive?

What if the data from all the sources could be linked? Social media, e-mail, connections, forums and that is just the directly stored data. When we add mobile devices, Smartphones, tablets and laptops, there is a massive amount of additional data that becomes available and the amount of data from those sources are growing at an alarming rate. The challenge is to correctly link the data from sources, with added data sources that contain aggregated data. So, how do you connect these different sources? I am not talking about the usage, it is about the impaired data on different foundations with no way to tell whether pairing leads to anything. For this I need to head towards a 2012 article by Hsinchun Chen (attached at end), Apart from the clarity that we see in the BI&A overview (Evolution, Application and Emerging Research), the interesting part that even when we just look at it from a BI point of view, we see two paths missing. That is, they seem to be missing now, if we look back to 2010-2011, the fact that Google and Apple grew a market in excess of 100% quarter on quarter was not to be anticipated to that degree. The image on page 1167 has Big Data Analytics and Mobile Analytics, yet Predictive Interactivity and Mobile Predictive Analytics were not part of the map, even though the growth of Predictive Analytics have been part of BI from 2005 onwards. Just in case you were wondering, I did not change subject, the software need that part of the Intelligence world uses comes from the business part. A company usually sees a lot more business from 23 million global companies than it gets from 23 intelligence agencies. The BI part is often much easier to see and track whilst both needs are served. We see a shift of it all when we look at the table on page 1169. BI&A 3.0 now gets us the Gartner Hype Cycle with the Key Characteristics:

  1. Location-aware analysis
  2. Person-centred analysis
  3. Context-relevant analysis
  4. Mobile visualization & HCI

This is where we see the jump when we relate to places like Palantir that is now in the weeds prepping for war. Tech Crunch (at https://techcrunch.com/2016/06/24/why-a-palantir-ipo-might-not-be-far-off/) mentioned in June that it had taken certain steps and had been preparing for an IPO. I cannot say how deep that part was, yet when we line up a few parts we see an incomplete story. The headline in July was: ‘Palantir sues investor Marc Abramowitz for allegedly stealing company secrets‘, I think the story goes a little further than that. It is my personal belief that Palantir has figured something out. That part was seen 3 days ago (at http://www.defensenews.com/articles/dcgs-commentary), the two quotes that matter are “The Army’s Distributed Common Ground System (DCGS) is proof of this fact. For the better part of the last decade, the Army has struggled to build DCGS from the ground up as the primary intelligence tool for soldiers on the battlefield. As an overarching enterprise, DCGS is a legitimate and worthwhile endeavour, intended to compute and store massive amounts of data and deliver information in real time“, which gives us (actually just you the reader) the background, whilst “What the Army has created, although well-intentioned, is a sluggish system that is difficult to use, layered with complications and unable to sustain the constant demands of intelligence analysts and soldiers in combat. The cost to taxpayers has been approximated at $4 billion“, gives us the realistic scope and that all links back to the Intelligence Community. I think that someone at Palantir has worked out a few complications making their product the one winning solution. When I started to look into the matter, some parts did not make sense, even if we take the third statement (which I was already aware of long before this year “In legal testimony, an Army official acknowledged giving a reporter a “negative” and “not scientific” document about Palantir’s capabilities that was written by a staff member but formatted to appear like a report from the International Security Assistance Force. That same official stated that the document was not based on scientific data“, it would not have added up. What does add up (remember, the next part is speculative), the data links required in the beginning of the article, have to a larger extent been resolved by the Palantir engineers. In its foundation, what the journal refers to as BI&A 3.0 has been resolved by Palantir (top some extent). If true, we will get a massive market shift. To make a comparison, Google Analytics might be regarded as MSDOS and this new solution makes Palantir the new SE-Linux edition, the difference on this element could be that big. The difference would be that great. And I can tell you that Google Analytics is big. Palantir got the puzzle piece making its value go up with billions. They could raise their value from 20 billion to 60-80 billion, because IBM has never worked out that part of analytics (whatever they claim to have is utterly inferior) and Google does have a mobile analytics part, but limited merely as it is for a very different market. There have always been issues with the DCGS-A system (apart from it being as cumbersome as a 1990 SAS mainframe edition), so it seems to me that Palantir could not make the deeper jump into government contracts until it got the proper references and showing it was intentionally kept out of the loop is also evidence that could help. That part was recently confirmed by US Defense News.

In addition there is the acceptance of Palantir Gotham, which offered 30% more work with the same staff levels and Palantir apparantly delivered, which is a massive point that the Intelligence groups are dealing with, the lack of resources. The job has allowed NY City to crack down on illegal AirBnB rentals. A task that requires to connect multiple systems and data that was never designed to link together. This now gets us to the part that matters, the implication is that the Gotham Core would allow for dealing with the Digital data groups like Tablet, mobile and streaming data from internet sites.

When we combine the information (still making it highly speculative) the fact that one Congressman crossed the bridge (Duncan Hunter R-CA), many could follow. That part matters as Palantir can only grow the solution if it is seen as the serious solution within the US government. The alleged false statements the army made (as seen in Defence News at http://www.defensenews.com/articles/dcgs-commentary) with I personally believe was done to keep in the shadows that DCGS-A was not the big success some claimed it to be, will impact it all.

And this now links to the mentions I made with the Academic paper when we look at page 1174, regarding the Emerging Research for Mobile Analytics. The options:

  1. Mobile Pervasive Apps
  2. Mobile Sensing Apps
  3. Mobile Social Networking
  4. Mobile Visualization/HCI
  5. Personalization and Behavioural Modelling

Parts that are a given, and the big players have some sort of top line reporting, but if I am correct and it is indeed the case that Palantir has figured a few things out, they are now sitting on the mother lode, because there is currently nothing that can do any of it anywhere close to real-time. Should this be true, Palantir would end being the only player in town in that field, an advantage corporations haven’t had to this extent since the late 80’s. The approach SPSS used to have before they decided to cater to the smallest iteration of ‘acceptable’ and now as IBM Statistics, they really haven’t moved forward that much.

Now let’s face it, these are all consumer solutions, yet Palantir has a finance option which is now interesting as Intelligence Online reported a little over a week ago: “The joint venture between Palantir and Credit Suisse has hired a number of former interception and financial intelligence officials“, meaning that the financial intelligence industry is getting its own hunters to deal with, if any of those greedy jackals have been getting there deals via their iPhone, they will be lighting up like a Christmas tree on those data sets. So in 2017, the finance/business section of newspapers should be fun to watch!

The fact that those other players are now getting a new threat with actual working solutions should hurt plenty too, especially in the lost revenue section of their spreadsheet.

In final part, why did I make the No Man’s Sky reference? You see, that is part of it all. As stated earlier, it used a formula to create a planet sized planet. Which is one side of the equation. Yet, the algorithm could be reversed. There is nothing stopping the makers to scan a map and get us a formula that creates that map. For the gaming industry it would be forth a fortune. However, that application could go a lot further. What if the Geospatial Data is not a fictive map, but an actual one? What if one of the trees are not trees but mobile users and the other type of trees are networking nodes? It would be the first move of setting Geospatial Data in a framework of personalised behavioural modelling against a predictive framework. Now, there is no way that we know where the person would go, yet this would be a massive first step in answering ‘who not to look for‘ and ‘where not to look‘, diminishing a resource drain to say the least.

It would be a game changer for non-gamers!

special_issue_business_intelligence_rese

 

Leave a comment

Filed under Finance, IT, Military, Politics, Science

Targeting the FBI

Do not worry, the FBI is not under attack from any hostile force, in this particular case it is me who will be on the offensive regarding statements made in 2014. Let me explain why. To get to the start of this event, we need to take a step back, to be a little more precise we need to turn to the moment 645 days ago when we read that Sony got hacked, it got hacked by none other than North Korea. It took me around an hour to stop laughing, the stomach cramps from laughter are still on my mind when I think back to that day. By the way, apart from me having degrees in this field. People a lot more trustworthy in this field, like Kim Zetter for Wired Magazine and Kurt Stammberger from cyber security firm Norse. The list of sceptics as well as prominent names from the actual hacking world, they all had issues with the statements.

We had quotes from FBI Director James Comey on how tightly internet access is controlled there (which is actually true), and (at https://www.fbi.gov/news/pressrel/press-releases/update-on-sony-investigation) we see “the FBI now has enough information to conclude that the North Korean government is responsible for these actions“. I am pretty sure that the FBI did not expect that this would bite them down the track. This all whilst they rejected the alternate hack theory that Cyber Intelligence firm Norse gave (at http://www.politico.com/story/2014/12/fbi-rejects-alternate-sony-hack-theory-113893). Weirdly enough, the alternative option was no less than ten times more possible then the claim that some made. Another claim to have a giggle at came from Homeland Security, the quote was “The cyber-attack against Sony Pictures Entertainment was not just an attack against a company and its employees. It was also an attack on our freedom of expression and way of life“, which is a political statement that actually does not say much. The person making it at the time was Jeh Johnson.

You see, this is all coming to light now for the weirdest of reasons. The Guardian (at https://www.theguardian.com/world/2016/sep/21/north-korea-only-28-websites-leak-official-data). The subtitle gives us “Apparent error by a regime tech worker gave the world a rare glimpse into the few online sources of information available“, so one of these high profile worldly infamous hackers got a setting wrong and we get “But its own contribution to the world wide web is tiny, according to a leak that revealed the country has just 28 registered domains. The revelation came after one of North Korea’s top-level name servers was incorrectly configured to reveal a list of all the domain names under the domain .kp“, you see, here we see part of the fun that will now escalate.

In this I invite NSA director Admiral Michael Rogers and FBI Director James Comey to read this, take note, because it is a free lesson in IT (to some extent). It is also a note for these two to investigate what talents their agencies actually have and to get rid of those who are kissing your sitting area for political reasons (which is always good policy). When  the accused nation has 28 websites, it is, I agree not an indication of other internet elements, but let me add to this.

The need to prototype and test any kind of malware and the infrastructure that could actually be used against the likes of Sony might be routed via North-Korea, but could never originate there. The fact that your boffins can’t tell the difference is a clear given that the cyber branch of your organisations are not up to scrap. In that case it is now imperative that you both contact Major General Christopher P. Weggeman, who is the Commander, 24th Air Force and Commander, Air Forces Cyber (AFCYBER). He should most likely be at Lackland Air Force Base, and the phone number of the base is (210) 671-1110. I reckon setting up a lunch meeting and learn a thing or two is not entirely unneeded. This is not me being sarcastic, this is me telling you two that the case was mishandled, got botched and now that due to North Korean ‘expertise’, plenty of people will be asking questions. The time requirement to get the data that got taken was not something that happened overnight. For the simple reason that that much data would have lit up an internet backbone and ever log alarm would have been ringing. The statement that the FBI made “it was unlikely that a third party had hijacked these addresses without allowance from the North Korean government” was laughable because of those pictures where we saw the Korean high-command behind a desktop system with a North Korean President sitting behind what is a mere desktop that has the computation equivalent of a Cuisena Egg Beater ($19.95 at Kitchen Warehouse).

Now, in opposition, I sit myself against me. You see, this might just be a rant, especially without clarification. All those North Korean images could just be misdirection. You see, to pull of the Sony caper you need stimulation, like a student would get at places like MIT, Stanford, or UTS. Peers challenging his solutions and blocking success, making that person come up with smarter solutions. Plenty of nations have hardware and challenging people and equipment that could offer it, but North Korea does not have any of that. The entire visibility as you would see from those 28 domains would have required to be of much higher sophistication. You see, for a hacker, there needs to be a level of sophistication that is begotten from challenge and experience. North Korea has none of that. Evidence of that was seen a few years ago when in 2012 in Pyongyang I believe, a press bus took a wrong turn. When some reporters mentioned on how a North Korean (military I believe) had no clue on smartphones. I remember seeing it on the Dutch NOS News program. The level of interaction and ignorance within a military structure could not be maintained as such the military would have had a clue to a better extent. The ignorance shown was not feigned or played, meaning that a technological level was missing, the fact that a domain setting was missed also means that certain monitoring solutions were not in place, alerting those who needed to on the wrongful domain settings, which is essential in regards to the entire hacking side. The fact that Reddit and several others have screenshots to the degree they have is another question mark in all this last but not least to those who prototype hacking solutions, as they need serious bandwidth to test how invisible they are (especially regarding streaming of Terabytes of Sony data), all these issues are surfacing from this mere article that the Guardian might have placed for entertainment value to news, but it shows that December 2014 is a very different story. Not only does it have the ability to exonerate the

We see a final quote from Martyn Williams, who runs the North Korea Tech blog ““It’s important to note this isn’t the domain name system for the internal intranet,” Williams wrote. “That isn’t accessible from the internet in any way.”” which is true to some extent. In that case take a look to the PDF (at https://www.blackhat.com/presentations/bh-usa-07/Grossman/Whitepaper/bh-usa-07-grossman-WP.pdf) from WhiteHat security. On page 4 we get “By simply selecting common net-block, scans of an entire Class-C range can be completed in less than 60 seconds“, yes, I agree you do not get that much info from that, but it gives us to some extent usage, you see, if something as simple as a domain setting is wrong, there is a massive chance that more obscure essential settings on intranet level have been missed, giving the ‘visitor’ options to a lot more information than most would expect. Another matter that the press missed (a few times), no matter how Time stated that the world was watching (at http://time.com/3660757/nsa-michael-rogers-sony-hack/), data needs to get from point to point, usually via a router, so the routers before it gets to North Korea, what were those addresses, how much data got ported through?

You see, the overreaction from the FBI, Homeland Security, NSA et al was overly visible. The political statements were so out in the open, so strong, that I always wondered: what else? You see, as I see it, Sony was either not the only one who got hacked, or Sony lost something else. The fact that in January 2015 Sony gave the following statement “Sony Entertainment is unable to confirm that hackers have been eradicated from its computer systems more than a month after the film studio was hit by a debilitating cyber-attack, a report says“, I mentioned it in my article ‘Slander versus Speculation‘ (at https://lawlordtobe.com/2015/01/03/slander-versus-speculation/). I thought it was the weirdest of statements. Basically, they had almost 3 weeks to set up a new server, to monitor all data traffic, giving indication that not only a weird way was used to get to the data (I speculated on an option that required it to be an inside job), yet more important, the fact that access had not been identified, meaning it was secured gave way to the issue that the hackers could have had access to more than just what was published. That requires a little bit more explanation. You see, as I personally see it, to know a transgressor we need to look at an oversimplified equation: ‘access = valid people + valid systems + threats‘ if threats cannot be identified, the issue could be that more than one element is missing, so either you know all the access, you know all the people and you know the identity of valid systems. Now at a place like Sony it is not that simple, but the elements remain the same. Only when more than one element cannot be measured do you get the threats to be a true unknown. That is at play then and it is still now. So if servers were compromised, Sony would need a better monitoring system. It’s my personal belief (and highly speculative) that Sony, like many other large companies have been cutting corners so certain checks and balances are not there, which makes a little sense in case of Sony with all those new expansions corners were possibly cut and at that point it had an IT department missing a roadmap, meaning the issue is really more complex (especially for Sony) because systems are not aligned. Perhaps that is the issue Sony had (again this is me speculating on it)?

What is now an issue is that North Korea is showing exactly as incapable as I thought it was and there is a score of Cyber specialists, many of them a lot bigger then I will ever become stating the same. I am not convinced it was that simple to begin with, for one, the amount of questions the press and others should have been asking regarding cloud security is one that I missed reading about and certain governmental parts in the US and other nations have been pushing for this cheaper solution, the issue being that it was not as secure as it needed to be, yet the expert levels were not on par so plenty of data would have been in danger of breaching. The question I had then and have now a lot louder is: “Perhaps Sony showed that cloud server data is even less secure than imagined and the level required to get to it is not as high as important stakeholders would need it to be“. That is now truly a question that matters! Because if there is any truth to that speculation, than the question becomes how secure is your personal data an how unaware are the system controllers of those cloud servers? The question not asked and it might have been resolved over the last 645 days, yet if data was in danger, who has had access and should the people have been allowed to remain unaware, especially if it is not the government who gained access?

Questions all worthy of answers, but in light of ‘statements made’ who can be trusted to get the people properly informed? Over the next days as we see how one element (the 28 sites) give more and more credible views on how North Korea was never the culprit, the question then becomes: who was? I reckon that if the likely candidates (China, Russia, UK and France) are considered there might not be an issue at all, apart from the fact that Sony needs to up their Cyber game, but if organised crime got access, what else have they gotten access to?

It is a speculative question and a valid one, for the mere reason that there is at present no valid indication that the FBI cyber unit had a decent idea, especially in light of the official response towards cyber security firm Norse what was going on.

Could I be wrong?

That remains a valid question. Even when we accept that the number of websites are no indication of Intranet or cybersecurity skills, they are indicative, when a nation has less websites than some third world villages, or their schools have. It is time to ask a few very serious questions, because skills only remain so through training and the infrastructure to test and to train incursions on a WAN of a Fortune 500 company is not an option, even if that person has his or her own Cray system to crunch codes. It didn’t make sense then and with yesterday’s revelation, it makes even less sense.

Finally one more speculation for the giggle within us all. This entire exercise could have been done to prevent ‘the Interview’ to become a complete flop. You know that movie that ran in the US in 581 theatres and made globally $11,305,175 (source: Box Office Mojo), basically about 10% of what Wolf of Wall Street made domestically.

What do you think?

 

Leave a comment

Filed under IT, Media, Military, Politics, Science

The Right Tone

Today we do not look at Ahmad Khan Rahami, we look at the engine behind it. First of all, let’s get ugly for a second. If you are an American, if you think that Edward Snowden was a ‘righteous dude’, than you are just as guilty as Ahmad Khan Rahami injuring 29 people. Let’s explain that to those who did not get through life through logic. You see, the US (read: NSA) needed to find ways to find extremists. This is because 9/11 taught them the hard way that certain support mechanisms were already in place for these people in the United States. The US government needed a much better warning system. PRISM might have been one of these systems. You see, that part is seen in the Guardian (at https://www.theguardian.com/us-news/2016/sep/20/ahmad-khan-rahami-father-fbi-terrorism-bombing), the quote that is important here is “Some investigators believe the bombs resemble designs released on to the internet by al-Qaida’s Yemeni affiliate through its Inspire publication“, PRISM would be the expert tool to scan for anyone opening or accessing those files. Those who get certain messages and attachments from the uploading locations. To state it differently “the NSA can use these PRISM requests to target communications that were encrypted when they travelled across the internet backbone, to focus on stored data that telecommunication filtering systems discarded earlier“, so when a package is send through the internet and delivered, it gets ‘dropped’, meaning the file is no longer required. The important part is that it is not deleted, it is, if we use the old terms ‘erased’, this is not the same! When it is deleted it is removed, when it is erased, that space is set as ‘available’ and until something else gets placed there it is still there. An example you will understand is: ‘temporary internet files’. When you use your browser things get saved on your computer, smartphone, you name it. Until this is cleaned out, the system has that history and it can be recalled with the right tool at any given moment. PRISM allows to find the paths and the access, so this now relates to the bomber, because if correct, PRISM could see if he had actually gotten the information from Inspire magazine. If so, a possible lone wolf would have been found. Now, the system is more complex than that, so there are other path, but with PRISM in the open, criminals (especially terrorists) have gotten smarter and because PRISM is less effective, other means need to be found to find these people, which is a problem all by itself! This is why Edward Snowden is a traitor plain and simple! And every casualty is blood on his hands and on the hands of his supporters!

The right tone is about more than this, it is also about Ahmad Khan Rahami. You see, he would be a likely recruit for Islamic State and Al-Qaida, but the issue is that his profile is not clean, it is not the target recruit. You see, apart from his dad dobbing him in in 2014, he stands out too much. Lone wolves are like cutthroats. Until the deed is done, they tend to remain invisible (often remain invisible after the deed too). There is still a chance he allowed himself to be used as a tool, but the man could be in effect a slightly radicalised mental health case. You see, this person resembles the Australian Martin Place extremist more than the actual terrorists like we saw in Paris. I reckon that this is why he was not charged at present. For now he is charges with attempted murder (3 hours ago), yet not all answers have been found. You see, the quote “they had linked Rahami to Saturday’s bombing in Chelsea, another unexploded device found nearby, both constructed in pressure cookers packed with metallic fragmentation material. They also said he was believed to be linked to a pipe bomb that blew up in Seaside Park, New Jersey, on Saturday and explosive devices found in the town of Elizabeth on Sunday“, the proper people need to ascertain whether he is just the set-up, or a loser with two left hands. The FBI cannot work from the premise that they got lucky with a possible radicalised person with a 60% fail rate. If he is the start of actual lone wolves, PRISM should have been at the centre of finding these people that is if Snowden had not betrayed his nation. Now there is the real danger of additional casualties. I have always and still belief that a lot of Snowden did not add up, in many ways, most people with actual SE-LINUX knowledge would know that the amount of data did not make sense, unless the NSA totally screwed up its own security (on multiple levels), and that is just the server and monitoring architecture, yet I digress (again).

The big picture is not just the US, it is a global problem as France found out the hard way and new methods are needed to find people like that. The right tone is about keeping the innocent safe and optional victims protected from harm. The truth here is that eggs will be broken, because an omelette like this needs a multitude of ingredients and not to mention a fair amount of eggs. The right tone is however a lot harder than many would guess. You see, even if Man Haron Monis (Martin Place Sydney) and Ahmad Khan Rahami both could be regarded as mental health cases (Man more than Ahmad), the issue of lone wolf support does not go away. Ahmad got to Inspire magazine in some way. Can that be tracked by the FBI cyber division? It might be a little easier after the fact, so it becomes about backtracking, but wouldn’t it have been great to do this proactively? It will be a while until this is resolved to the satisfaction of law enforcement and then still the question becomes, was he alone? Did he have support? You see a lone wolf, a radicalised person does not grow from within. Such a person requires coaching and ‘guidance’. Answers need to be found and a multitude of people will need to play the right tune, to the right rhythm. The right tone is not just a mere consideration, in matters like these it is like a red wire through it all. It is about interconnectivity and it is always messy. There is no clear package of events, with cash receipts and fingerprints. It is not even a legal question regarding what was more likely than not. The right tone is also in growing concern an issue of resources. It isn’t just prioritisation, it is the danger that mental health cases drain the resources required to go after the actual direct threats. With the pressures of Russia and the US growing, the stalemate of a new cold war front works in favour of Islamic state and the lone wolves who are linked to someone, but not usually know who. The workload on this surpasses the power of a google centre and those peanut places tend to be really expensive, so resource requirements cannot be meet, so it becomes for us about a commonwealth partnership of availability which now brings local culture in play. The intelligence community needs a new kind of technological solution that is set on a different premise. Not just who is possibly guilty, but the ability of aggregation of data flags, where not to waste resources. For example, I have seen a copy of Inspire in the past, I have seen radicalised video (for the articles). I don’t mind being looked at, yet I hope they do not waste their time on me. I am not alone. There are thousands who through no intentional act become a person of investigative interest. You see, that is where pro-activity always had to be, who is possibly a threat to the lives of others? The technical ability to scrap possible threats at the earliest opportunity. Consider something like Missing Value Analyses. It is a technique to consider patterns. SPSS (now IBM Statistics) wrote this in its manual “The Missing Value Analysis option extends this power by giving you tools for discovering patterns of missing data that occur frequently in survey and other types of data and for dealing with data that contain missing values. Often in survey data, patterns become evident that will affect analysis. For example, you might find that people living in certain areas are reluctant to give their annual incomes, thus creating missing values in your data. If you leave these values out, are your statistical conclusions valid?” (Source: M.A. Hill, ‘SPSS Missing Value Analysis 7.5’, 1997). This is more to the point then you think. consider that premise, that we replace ‘people living in certain areas are reluctant to give their annual incomes’ with ‘people reading certain magazines are reluctant to admit they read it’. It sounds innocent enough when it is Playboy or penthouse (denied to have been read by roughly 87.4% of the male teenage population), but what happens when it is a magazine like Inspire, or Stormfront? It is not just about the radicalised, long term it must be about the facilitators and the guides to that. Because the flock is in the long term not the problem, the herder is and data and intelligence will get us to that person. The method of getting us there is however a lot less clear and due to a few people not comprehending what they were doing with their short sightedness, the image only became more complex. You see, the complexity is not just the ‘missing data’, it is that this is data that is set in a path, this entire equation becomes a lot more unclear (not complex) when the data is the result of omission and evasion. How the data became missing is a core attribute here. Statisticians like Hackman and Allison might have looked at it for the method of Business Intelligence, yet consider the following: “What if our data is missing but not at random? We must specify a model for the probability of missing data, which can be pretty challenging as it requires a good understanding of the data generating process. The Sample Selection Bias Model, by James Heckman, is a widely used method that you can apply in SAS using PROC QLIM (Heckman et al., 1998)“, this is not a regression where we look at missing income. We need to find the people who are tiptoeing on the net in ways to not get logged, or to get logged as someone else. That is the tough cookie that requires solutions that are currently incomplete or no longer working. And yes, all these issues would require to be addressed for lone wolves and mental cases alike. A massive task that is growing at a speculated 500 work years each day, so as you can imagine, a guaranteed billion dollar future for whomever gets to solve it, I reckon massive wealth would be there for the person who could design the solution that shrinks the resource requirements by a mere 20%, so the market is still lucrative to say the least.

The right tone is an issue that can be achieved when the right people are handed the right tools for the job.

1 Comment

Filed under IT, Media, Military, Politics, Science