The incompetent view

I’ll admit, there are other things to write about, yet this is a larger issue than anyone thinks it is. The previous writers did not ponder the questions that were adamant, and Stephanie Kirchgaessner follows suit (at https://www.theguardian.com/us-news/2020/jan/27/nsa-faces-questions-over-security-of-trump-officials-after-alleged-bezos-hack) when we consider that the focus here is the NSA in ‘NSA faces questions over security of Trump officials after alleged Bezos hack‘. You see, it is not merely the fact that they got the stage wrong, it is the fact that everyone is looking at the stage, whilst the orchestra is missing, so how about that part of the equation and that leads to very uncomfortable question towards WHY the US is tailing on 5G and why it is trying to tailgate into the 5G room. They forgot what real innovation is and Saudi Arabia is seemingly passing them by, a nation that has forever been seen as a technological third world is surpassing the US and it is upsetting more and more people.

The US National Security Agency is facing questions about the security of top Trump administration officials’ communications following last week’s allegations that the Saudi crown prince may have had a hand in the alleged hack of Jeff Bezos“, with this the article opens and basically nothing wrong is stated here, yet when seen in the light of the byline which was “Democratic lawmaker asks agency if it is confident the Saudi government has not sought to hack US officials“, as such it becomes an issue. first off, the question is not wrong, because the US administration has a duty to seek the safety of communications for its coworkers (senators and such), yet in all this, it does become a little more clear when we see “Ron Wyden, a senior Democratic lawmaker, asked the director of the NSA whether he was confident that the Saudi government had not also sought to hack senior US government officials“. You see in the first, Saudi intentional involvement was NEVER established, moreover, the report (I looked at that last week) has several hiatus of a rather large kind, as such the formulation by this 70 year old person is quite the other issue. 

It is my personal conviction that a Fortune 100 company should consider the danger they open themselves up to when letting cyber issues be investigated by FTI Consulting. The entire matter of how infection was obtained (if it was infection), and that the entire matter was instigated by any third party who had gained access to the phone of Jeff Bezos, and in all this enough doubt was raised who got access and more importantly that there was no evidence that this was ANY Saudi official, as such the short sighted “whether he was confident that the Saudi government had not also sought to hack senior US government officials” by a 70 year old who shows issues of lack of critical thinking, no matter what which school he went to when he was half a century younger.

And again we see the reference towards “The senator from Oregon is separately seeking to force the Trump administration to officially release the intelligence it collected on the murder of Jamal Khashoggi, the Washington Post journalist who was killed in a state-sponsored murder in October 2018“, which is another flaw as there was never any clear evidence that anyone in Turkey was “killed in a state-sponsored murder in October 2018“, more importantly, the French UN Essay writer who was seemingly involved in both reports is showing a lack of critical thinking all by herself.

All this whilst Paul Nakasone (director NSA) is confronted with “was believed to have been the victim of a hack that was instigated after he allegedly received a WhatsApp message from the account of Crown Prince Mohammed bin Salman“, the problem is twofold, in the first I personally see the report by FTI Consulting as a hack job, not a job on a hack. There are several sides that give doubt on infection source and moreover there is additional lack of evidence that the source was a Saudi one. More importantly other sources gave away issues on WhatsApp some time overlapping the event, exploits that made it into the press from all sides giving the weakness that any unnamed party could have played to be a Saudi delivery whilst the file was not from that delivery point. Issues that were out in the open and the report gives that FTI Consulting ignored them. It could read that a certain French Essay writer stated ‘I Have a Saudi official and an American phone, find me a link, any link‘, I am not stating that this happened, but it feels like that was the FTI Consulting case. When was the last time you saw an intentional perversion of justice and truth?

And when we see: “The issue is now the subject of an investigation by two independent UN investigators“, we see an almost completed path. When we see all this lets take a step back and consider. 

  1. An American Civilian had his mobile allegedly (and optionally proven) hacked.
  2. The hacker is not found, the one accused cannot be proven (at present) to be the hacker.
  3. This ends up with the UN?

And I am not alone here. Three days ago (after my initial findings) I see (at https://edition.cnn.com/2020/01/24/tech/bezos-hacking-report-analysts/index.html) the headline ‘Bezos hacking report leaves cybersecurity experts with doubts‘, there we see “independent security experts, some of whom say the evidence isn’t strong enough to reach a firm conclusion” as well as “several high-profile and respected researchers, highlights the limits of a report produced by FTI Consulting, the company Bezos hired to investigate the matter“, so basically, the hair lacking CEO, who owns the Washington Post (where Khashoggi used to work) is allegedly hacked, he seemingly hires FTI Consulting on what I personally believe to be a hack job on hacking phones and the UN is using that biased piece of work to slam Saudi Arabia? Did I miss anything?

Yes, I did, the quote “The report suggested the incident bore hallmarks of sophisticated hacking software“, the problem here is that there is no way to see WHERE IT CAME FROM. Yet other sources give out several pieces on WhatsApp and how other sources could have a free go at infesting people. All whilst we also see “the paper revealed a lack of sophistication that could have been addressed by specialized mobile forensics experts, or law enforcement officials with access to premium tools“, all this whilst the entire setting went around the existence of cyber divisions. There is a link Jeff Bezos – Amazon – FTI Consulting – United Nations. At no point in this do we see any police department, or the FBI, why is that?

As such when we see “A key shortcoming of the analysis, Edwards said, was that it relied on a restricted set of content obtained from Bezos’s iTunes backup. A deeper analysis, she said, would have collected detailed records from the iPhone’s underlying operating and file systems. Other security experts characterized the evidence in the report as inconclusive“, I would state that this is merely the beginning.

Rob Graham (CEO Errata security) gives us “It contains much that says ‘anomalies we don’t understand,’ but lack of explanations point to incomplete forensics, not malicious APT actors” and Alex Stamos, the former chief information security officer at Facebook and a Stanford University professor gives us “Lots of odd circumstantial evidence, for sure, but no smoking gun“, in all this the extreme geriatric Ron Wyden (Oregon) is asking questions from the NSA with the text “asked the director of the NSA whether he was confident that the Saudi government had not also sought to hack senior US government officials” with the emphasis on ‘also‘, a stage that is not proven, and more importantly is almost redundant in the hack job we got to read about. As such I am not surprised to see “FTI Consulting declined to comment“, I wonder why?

It is even more fun to see the CNN article have the stage where we see “a research group at the University of Toronto, offered a suggestion that could allow investigators to gain access to encrypted information that FTI said it could not unlock“, as such we see that there are skill levels missing in FTI, for the simple reason that this report was allowed to leave the hands of FTI Consulting, a Firm that is proudly advertising that they have 49 of the Global 100 companies that are clients. If I had anything to say about it, those 49 companies might have more issues down the road than they are ready for, especially as they have over 530 senior managing directors and none of them stopeed that flimsy report making it to the outside world. I would personally set a question mark to the claim of them being advisor to 96 of the world’s top 100 law firms. I would not be surprised if I could punch holes in more cases that FTI Consulting set advice to, in light of the Bezos report, it might not be too hard a stage to do.

CNN also has a few critical points that cannot be ignored. With “The report’s limited results are a reminder that it can be extremely challenging to reconstruct the activities of a determined, well-resourced hacker, said Kenneth White, a security engineer and former adviser to the Defense Department and Department of Homeland Security“, I do not disagree with that, but the stage where WhatsApp had a much larger problem, is a given, and the report does not bring that up for one moment, that report was all about painting one party whilst the reality of the stage was that there was an open floor on how it was done, yet the report silenced all avenues there. In addition, Chris Vickery (Director UpGuard) gives us “other evidence provided by FTI increased his confidence that Bezos was being digitally surveilled“. that is not in question, core information directs that way, yet the fact that it was a Saudi event cannot be proven, not whilst Jeff Bezos is around hundreds of people in most moments of the day, that part is the larger setting and FTI Consulting knowingly skated around the subject, almost as it was instructed to do so.

One expert who wanted to remain anonymous gave us all “There’s an absurd amount of Monday morning quarterbacking going on” as well as “This isn’t a movie — things don’t proceed in a perfect, clean way. It’s messy, and decisions are made the way they’re made“, that expert is not wrong, and he/she has a point, yet the foundation of the report shows a massive lack in critical thinking whilst the report relies in its text on footnotes (as one would) yet on page 3, the text is “Al Qahtani eventually purchased 20 percent ownership in Hacking Team, apparantly acquired on behalf of the Saudi government. 8

all whilst footnote 8 gives us “https://www.vice.com/en_us/article/8xvzyp/hacking-team-investor-saudi-arabia” so not only does the FTI Consulting Job rely on ‘apparantly‘, the article gives in the first paragraph “Hacking Team was thoroughly owned, with its once-secret list of customers, internal emails, and spyware source code leaked online for anyone to see” as such we see ‘spyware source code leaked online for anyone to see‘, how did FTI Consulting miss this? That and the WhatsApp issue in that same year opens up the optional pool of transgressors to all non state hackers with considerable knowledge, as such the amount of transgressors ups to thousands of hackers (globally speaking). 

FTI Consulting missed that! and it missed a lot more. The article also sets a link to David Vincenzetti and for some reason he is not even looked at, there is no stage in the FTI report that his input was sought out, which in light of all this is equally puzzling. He might not have had anything to report, or perhaps he had enough to report taking the focal point away from Saudi players, we will never know, the joke (read: report) is out in the open in all its glory on limitation. 

In light of all this, did the question by Ron Wyden to the NSA make sense? As far as I can see, I see several points of incompetance and that has nothing to do with the one expert stating that this is a messy, the entire setting was optionally incompetent and for certain massively incomplete. 

More importantly, the last paragraphs has more funny parts than a two hour show by Jimmy Carr. The quote is “Anyone who has had communication with either MBS or his brother Khaled should assume their phone is hacked. Congress needs to get answers from NSA on what it knew about the hack of Bezos phone, when it knew it, and what it has done to stop Saudi criminal hacking behavior” and it comes from CIA analyst Bruce Riedel. Now, the quote is fine, but the hilarious part is how it was phrased (expertly done). Lets go over it in my (super subtle) way: “Anyone who has had communication with either MBS or his brother Khaled should assume their phone is hacked by Saudi, US or Iranian officials. Congress needs to get answers from NSA for a change on a matter that they were never consulted on whilst the report ended up with the UN on what it knew about the hack of Bezos phone, a person who has a few billion and a lack of hair but beyond that has no meaning to the US economy, he keeps all his gotten gains, when it knew when the phone of a civilian was allegedly hacked and, and what it has done to stop Saudi criminal hacking behavior which is not proven at present other than by people who have something to gain from seeing the Saudi’s as the bad party (like Iran), all in a report that is lacking all levels of clarity and proper investigation“, this is an important setting here. Just like the disappearance of a Saudi columnist writing for the Washington Post (another Jeff Bezos affiliate), we do not proclaim Saudi Arabia being innocent, merely that the lack of evidence does not make them guilty, in the present the hacking issue does not make Saudi Arabia guilty, the irresponsible version of the FTI Consulting report shows a massive lack of evidence that makes any Saudi Arabian party more likely than not innocent of all this and as both reports have one UN Female French Essay writer in common, it is more and more like a smear campaign than an actual event to find out what actually happened. Who signed up for that? I wonder if the NSA did, I feel decently certain that until they get all the actual evidence that they do not want to get involved with political painting, their left foot is busy keeping them standing up in a world of hunkered and crouched idiots.

Yet that is just my simple personal view on the matter.

 

1 Comment

Filed under IT, Media, Military, Politics

One response to “The incompetent view

  1. Pingback: 6 simple questions | Lawrence van Rijn - Law Lord to be

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.