Category Archives: Military

October 8, 2016 · 14:26

What did I say?

Last night I got a news push from the Washington Post. It took me more than a second to let the news sink in. You see, I have been advocating Common Cyber Sense for a while and apart from the odd General being ignorant beyond belief, I expected for the most that certain players in the SIGINT game would have their ducks in a row. Yet, the opposite seems to be true when we see ‘NSA contractor charged with stealing top secret data‘ (at https://www.washingtonpost.com/world/national-security/government-contractor-arrested-for-stealing-top-secret-data/2016/10/05/99eeb62a-8b19-11e6-875e-2c1bfe943b66_story.html), the evidence becomes blatantly obvious that matters in the SIGINT industry are nowhere near as acceptable as we think they are. The quote “Harold Thomas Martin III, 51, who did technology work for Booz Allen Hamilton, was charged with theft of government property and unauthorized removal and retention of classified materials, authorities said. According to two U.S. officials familiar with the case, he is suspected of “hoarding” classified materials going back as far as a decade in his house and car, and the recent leak of the hacking tools tipped investigators to what he was doing“, so between the lines we read that it took a mistake after a decade for the investigators to find out? No wonder the NSA is now afraid of the PLA Cyber Division!

In this light, not only do I get to tell you ‘I told you so‘, I need to show you a quote from July 1st 2013, where I wrote “So if we consider the digital version, and consider that most intelligence organisations use Security Enhanced Unix servers, then just accessing these documents without others knowing this is pretty much a ‘no no’. EVEN if he had access, there would be a log, and as such there is also a mention if that document was copied in any way. It is not impossible to get a hold of this, but with each document, his chance of getting caught grows quicker and quicker“, so I questioned elements of the Edward Snowden case, because my knowledge of Security Enhanced Unix servers, which is actually an NSA ‘invention’, now it seems to become more and more obvious that the NSA has no flipping clue what is going on their servers. They seem to be unaware of what gets moved and more important, if the NSA has any cloud coverage, there is with this new case enough doubt to voice the concern that the NSA has no quality control on its systems or who gets to see data, and with the involvement of a second Booz Allen Hamilton employee, the issue becomes, have they opened up the NSA systems for their opponents (the PLA Cyber division being the most likely candidate) to currently be in possession of a copy of all their data?

If you think I am exaggerating, then realise that two people syphoned off terabytes of data for the term of a decade, and even after Snowden became visible, Harold Thomas Martin III was able to continue this for an additional 3 years, giving ample worry that the NSA needs to be thoroughly sanitised. More important, the unique position the NSA had should now be considered a clear and present danger to the security of the United States. I think it is sad and not irony that the NSA became its own worst enemy.

This is seen not in just the fact that Harold Thomas Martin III moved top secret data home, whilst he was at work a mere FSB or PLA intern could just jimmy the front door and copy all the USB devices. So basically he was potentially giving away data on Extremely Low Frequency (ELF) systems, which would be nice for the PLA Cyber Unit(s), as they did not have the capacity to create this themselves. So whilst they were accused for allegedly trying to get a hold of data on the laptop of Commerce Secretary Carlos Gutierrez (2008), they possibly laughed as they were just climbing into a window and taking all day to copy all the sweet classified data in the land (presumption, not a given fact). So he in equal measure pissed off the US, India and Russia. What a lovely day that must have been. In that regard, the Affidavit of Special Agent Jeremy Bucalo almost reads like a ‘love story’. With statements like “knowingly converted to his own use, or the use of another, property of the United States valued in excess of $1,000“. Can we all agree that although essential and correct, the affidavit reads like a joke? I mean that with no disrespect to the FBI, or the Special agent. I meant that in regard to the required personal viewed text: “Harold Thomas Martin III, has knowingly and intentionally endangered the safety and security of the United States, by placing top secret information and its multi-billion dollar value in unmonitored locations“, I do feel that there is a truth in the quote “The FBI’s Behavioural Analysis Unit is working on a psychological assessment, officials said. “This definitely is different” from other leak cases, one U.S. official said. “That’s why it’s taking us awhile to figure it out.”“. It is my personal view that I agree with this, I agree because I think I speculatively figured out the puzzle. He was a reservist, Reserve Navy and a Lieutenant at 51. So the Navy might not see him as ‘full’ or ‘equal’, this might have been his way, to read these documents at night, knowing that they will never have this level of clearance for such an amount of Top Secret information. With every additional document he would feel more in par with Naval Captains and Admirals, he would feel above all the others and if there was ever a conversation with people who did know, he had the option to leave the slightest hint that he was on that level, perhaps stating that he was also an NSA contractor. He star would suddenly be high with Commanders and higher. It is a personal speculation into the mind of Harold Thomas Martin III.

When we look at 18 U.S. Code Chapter 115 – TREASON, SEDITION, AND SUBVERSIVE ACTIVITIES. We see at paragraph 2381 “Whoever, owing allegiance to the United States, levies war against them or adheres to their enemies, giving them aid and comfort within the United States or elsewhere, is guilty of treason and shall suffer death, or shall be imprisoned not less than five years and fined under this title but not less than $10,000; and shall be incapable of holding any office under the United States“, now if we see the following elements ‘giving them aid and comfort within the United States‘ and the other elements are clearly stated as ‘or’ a case of treason could be made. In my view a person like that was guilty of treason the moment Top Secret materials were removed or copied from there assigned location and without proper clearance moved to an unsecure location. As an IT person Harold Thomas Martin III should have known better, there is no case of presumption of innocence. The fact that I made a case that he might have a mental issues does not mitigate it in any way, to do this in excess of a decade and even more insidious to do this for years after Edward Snowden got found out is also matter of concern.

The NSA has a sizeable problem, not just because of these two individuals, but because their servers should have has a massive upgrade years ago, in addition, the fact that contractors got away with all this is in equal measure even more insulting to a failing NSA. I can only hope that GCHQ has its ducks properly in a row, because they have had 3 years to overhaul their system (so tempted to put an exclamation mark here). You see, we have all known that for pretty much all of us, our value is now data. No longer people, or technologies, but data and to see 2 cases at the NSA, what was once so secret that even the KGB remained clueless is now, what we should regard as a debatable place. This should really hurt in the hearts of those who have faithfully served its corridors in the past and even today. In addition, the issues raised around 2005 by the CIA and other agencies regarding the reliability of contractors is now a wide open field, because those opposing it and those blocking data integration are proven correctly.

This now gets us to a linked matter. You see, it is not just the fact that the government is trailing in this field, because that has been an eternal issue. The issue is that these systems, due to the likes of Harold Thomas Martin III and Edward Snowden could be in danger of intrusions by organised crime.

For those thinking that I am nuts (on the road to becoming a Mars bar), to them I need to raise the issue of USB security, an issue raised by Wired Magazine in 2014. The fact that the USB is not just used to get data out, if malware was added to the stick, if it was custom enough, many malware systems might not pick up on it and that means that whomever got into the house, they could have added software, so that on the next run to copy a project, the system might have been opened up to other events. There is no way to prove that this happened, yet the fact remains that this is possible and the additional fact that this was happening for over 10 years is equally disturbing, because it means that the NSA monitoring systems are inadequate to spot unauthorised activities. These elements have at present all been proven, so there.

I think it is time for TRUSIX to convene again and consider another path, a path where USB sticks get a very different formatting and that its embedded encryption require the user, the location and the hardware id to be encrypted within the stick, in addition the stocks need to work with a native encryption mode that does not allow off site usage. Perhaps this is already happening, yet it was possible for Judas tainted Highwayman Harold to walk away with the goods, so something is not working at present. I am amazed that a system like that was not in place for the longest of times. I certainly hope that Director Robert Hannigan at GCHQ has been convening with his technology directors. In addition that there are some from Oxford and some from Cambridge, so that their natural aversion to the other, will bring a more competitive product with higher quality, which would serve all of GCHQ. #JustSaying

The one part where this will have an impact is the election, because this has been happening during an entire Democratic administration, so that will look massively sloppy in the eyes of pretty much every one, too bad Benghazi emails were not left that much under the radar, because that could have helped the Clinton election campaign immensely. Still, there are technology and resource issues. The fact that Booz Allen Hamilton gets mentioned again is unfortunate, yet this should only be a partial focus as they have 22,000 employees, so statistically speaking the number of transgressions is in that regard insignificant. What is significant is how these two got vetted and passed all their clearances. In addition to this there is the issue of operation centres. You see, if there has been data breaches, have there been system breaches? The question derives directly from the fact that data was taken off site and there were no flags or alerts for a decade. So at this point the valid question becomes whether NSOC and NTOC have similar flaws, which now places US Homeland Security in speculated direct data dangers. My consideration in this regard came from earlier mentions in this article. If any US opponent has a clue in this regard, what would be the repercussions, in addition, the question (due to my admitted ignorance) would be, did Edward Snowden have any knowledge of Harold Thomas Martin III, if so, was this revealed in any conversation Snowden would have had with a member of the FSB (there is absolutely no doubt that they had a ‘conversation’ with Edward Snowden whilst he was in sunny Moscow. If so, what data dangers is Homeland Security facing? If data was copied, it is not impossible that data was moved. If that has happened, any data event with any specific flag?

Now the next example is purely fictional!

What if conditionally an <!important> (or whatever flag the NSA uses in their data sets) was added or removed? If it was used to give weight to certain data observations, like a cleaning pass, the pass would either be useless, or misdirecting. All possible just because Harold Thomas Martin III had to ‘satisfy’ his ego. This is not whether it happened or not, this is about whether it was possible, which would give added voice to the NSA issues in play and the reliability of data. This is a clear issue when we consider that false journalistic stories give way to doubt anything the journalist has written, any issue with a prosecutor and all those cases need reviewing, so do you think it is any different for IT people who have blatantly disregarded data security issues? This is not some Market Researcher who faked response data, this is collected data which would have been intervened with, endangering the people these systems should protect. As stated, this is speculative, but there is a reality in all this, so the NSA will need to sanitise data and sources from the last 10 years. There is no telling what they will dig up. For me it is interesting to see this regarding Snowden, because I had my issues with him and how he just got data away from there. Now there is a chance that the NSA gets to rename their servers to NSA_Siff_01 to NSA_Siff_nn, wouldn’t that be the rudest wake up call for them? I reckon they forgot the old rules, the one being that technology moves at the speed of your fastest employee + 1 and the human ego remain the most dangerous opponent when it involves security procedures.

 

 

Leave a comment

Filed under IT, Law, Media, Military, Politics

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , ,

October 5, 2016 · 14:32

Viewpoint to a point of view

It all started at 04:00, Google started their announcement of Google Home (which blew me away and that is a rare thing) and Google Pixel, which instantly proved my telecom issues of mobile phones and memory. Shortly after that George Monbiot gave me ‘Lies, fearmongering and fables: that’s our democracy‘ (at https://www.theguardian.com/commentisfree/2016/oct/04/democracy-people-power-governments-policy). It is an excellent piece, because it made me ask questions of myself and how I saw things. I have never proclaimed to have all the answers, I give insights and I oppose other views without personally attacking them. You see, many disagreements are not always on the facts, but on the points of view, usually that view is laced in a perceived (non-)factual interpretation of what we observe. So let’s take a look.

You see, when we get to “Democracy for Realists, published earlier this year by the social science professors Christopher Achen and Larry Bartels, argues that the “folk theory of democracy” – the idea that citizens make coherent and intelligible policy decisions, on which governments then act – bears no relationship to how it really works. Or could ever work“, now, we can accept that, or we can consider another option without stating that this view was wrong, because it isn’t.

You see, this is what happens ‘citizens make coherent and intelligible policy decisions‘, which leads to ‘on which governments then act‘, yet the reality is that ‘coherent and intelligible policy decisions‘ tend to be made through the information given to us by the news and by the newspapers, yet too often they do not completely inform, they voice too often the point of view that a government (or benefiting party) wants us to see (or obscure). For example, the previous government of the Netherlands with their approach to ‘managed bad news‘. I wrote about those events in 2013 and 2014. Why what this happening? Well, I was clearly aware of a non-reality of their overly positive news on how commerce would improve, pretty much all the Dutch shared that sentiment and a real revelation would have meant harsh cutbacks, yet that government did not want to do that, so the Dutch were informed of overly positive news, and after the spending date, the NOS started to ‘release’ (read: voice) news regarding setbacks. Not all at once, but step by step by step. So what we perceive to be ‘intelligible’ is nothing more but a reaction to what should be regarded as ‘misinformation’. My defence here was that I foresaw the not so good economy. I (with no economic education) was off by 0.4% (too negative) and the economic experts on high incomes were off by 0.9% (too positive). I’ll let you decide this one!

The next quote is even better “In reality, the research summarised by Achen and Bartels suggests, most people possess almost no useful information about policies and their implications, have little desire to improve their state of knowledge, and have a deep aversion to political disagreement“, now, there is one part that is an absolute given in most occasions ‘most people possess almost no useful information about the implications of policies‘, that is one truth that is undeniable, even the more alert and aware people tend to miss things there, because, unless you are not part of it, you tend not to be fully in the know. It is almost a non-issue, yet the other part of policies is because getting a politician to sit down and explain it all is usually and equally a non-option, the more relevant info the politician has, the less likely it will be to find him available to explain it all. The best example would be the global collection of ministers of defence. Now, I am not talking about the hush hush stuff, because it would be a low and simple blow to get towards the classified stuff. No, I am talking about the large open things. So let’s state a NATO member, its Minister of Defence and Raytheon agreements. Some news now only 14 hours old (at http://www.army-technology.com/news/newsraytheon-to-upgrade-antpy-2-radars-with-gan-technology-5021950), seems to give NATO (initially just the US) with an advantage. So the quote from Dave Gulla who said: “GaN components have significant, proven advantages when compared to the previous generation GaAs technology“. Yet, when we take a look Patent US 6586778 B2, (at https://www.google.ch/patents/US6586778), we see “A gallium nitride layer is pendeoepitaxially grown on weak posts on a substrate that are configured to crack due to a thermal expansion coefficient mismatch between the substrate and the gallium nitride layer on the weak posts. Thus, upon cooling, at least some of the weak posts crack, to thereby relieve stress in the gallium nitride semiconductor layer. Accordingly, low defect density gallium nitride semiconductor layers may be produced. Moreover, the weak posts can allow relatively easy separation of the substrate from the gallium nitride semiconductor layer to provide a freestanding gallium nitride layer“. At this point I would initially state ‘Oops!’, yet that is not the issue, because there is a patent, means that there is a solution. The issue is not the fact that there is a solution, but that the solution is patented, in addition, we see an august article (at https://www.sciencedaily.com/releases/2016/08/160801093236.htm), which gives us the summary of “From 2020 the 5G mobile standard is aiming to transmit data rapidly and energy-efficiently. For that purpose researchers are developing new power amplifiers based on the semiconductor gallium nitride“. So now we have an old fashioned horse race, because did that Minister of Defence realise that Raytheon is relying on parts that will drive the costs through 5G needs sky high? So, we are a looking at something that has an optional growth opportunity of close to 50,000% (blatantly extremely speculative by yours truly), so how will that drive the prices? In the UK who will get the sharp component deal, those servicing 68 million mobile users, or that one ministry of Defence? #JustAsking

So here you see information in action. Moreover, from my point of view, it is speculative as well. My speculation is that the Gallium Nitride (GaN) will grow so fast in demand that it will drive up prices fast and near exponentially (and with that the margins they had). Is that speculation so far out of bounds? You only need to remember the 4G rush to know that I am right. And if the patent has any real impact until 2023 as conditional initial end date, then North Carolina State University could end up with both the Angels share and the Devils Cut, which is a nice deal to begin with (for them that is), yet for the rest, it will drive prices up fast and by a large amount. Was this considered and is my view right or wrong?

So this technology war is not over, not by a long shot.

Now this is just one instance, for one nation. And when we ignore classified materials, how many issues play in this alone and where have we not looked? Now, we cannot expect that all issues were dealt with in the initial approach, but when we see that these issues are now undertaken and there is no direct solution, how much higher will the cost be in the end? So, without these facts, would the other NATO members dump the Raytheon upgrade? Is the upgrade mandatory, or even perhaps, my point of view is wrong. The last one is still valid, yet in my defence, what happens when there is suddenly a shortage of something? Show me one instance when the price of the goods were not spiralling upwards. I remember the chip war and the memory bank war. In those days, those critters were on a day price, it was like buying a lobster for Pete’s sake (not the other Pete, because he is a Vegan).

Yet part of my views are seen in “Direct democracy – referendums and citizens’ initiatives – seems to produce even worse results. In the US initiatives are repeatedly used by multimillion-dollar lobby groups to achieve results that state legislatures won’t grant them. They tend to replace taxes with user fees, stymie the redistribution of wealth and degrade public services. Whether representative or direct, democracy comes to be owned by the elites“, Geoff deals with lobby groups, which is what I raised too, yet in my view, I looked at the (miss)-presented side and in the past, just a few days ago, I raised the incapability of tax reforms, all over Europe for that matter. It seems that taxation is a pox on both houses, this whilst both sides know it is essential, yet from 2013 onwards the US has done so much to utterly stop the essential overhaul from happening.

So, I loved the article because it showed for the most my point of view (as I have stated it for many months), from another viewpoint, which is always nice. An article that should wake us up not to the lack of Democracy, but to the realisation how democracy is shaping us all to no longer seek it and spearhead the presented needs straight into the direction that helps big business the most (for now). So did we elect the wrong politicians, or were we only given the media that made us choose the individual currently in charge? Here I now look towards the dozens of morning shows that ‘do’ the news on a local level, but sugar coat a massive part outside of those few minutes on the whole and half hour to push opinions and interpretation of events, ‘guiding’ us towards a choice we could have avoided. As media changed so fast, whilst we did not keep up, we saw our fenced pasture change into a maze of fences and no way to see where the exit is.

This democratic world reminds me of the wisdom seen on a card: “and God promised men that good and obedient wives would be found in all corners of the world…then he made the Earth round…and he laughed and laughed“, which reverberates here too, ‘as democracy reached all corners of the earth’, you get the idea!

 

Leave a comment

Filed under Finance, IT, Media, Military, Politics, Science

Tagged as , , , , , , , , , , , , , , ,

September 26, 2016 · 13:14

The name of the sponsor

The article that was in the Guardian on Friday, gives us a few issues. You see, I have been looking at several issues in the tech world and I overlooked this one (there is only so much reading that can be done in a 24 hour range and it is a big planet). You see the article ‘Yahoo faces questions after hack of half a billion accounts’ (at https://www.theguardian.com/technology/2016/sep/23/yahoo-questinos-hack-researchers) gives us the goods from the very beginning. The quote “Yahoo’s admission that the personal data of half a billion users has been stolen by “state-sponsored” hackers leaves pressing questions unanswered, according to security researchers“, is one I would go with ‘and the evidence?‘, which gives us all kinds of related connections. The quote “Jeremiah Grossman, head of security strategy at infosec firm SentinelOne, said: “While we know the information was stolen in late 2014, we don’t have any indication as to when Yahoo first learned about this breach. This is an important detail in the story.”” is only one of a few issues at the heart of the matter. You see, when we look at the issues that are the plague of these start-up firms (Yahoo and Sony), we should think that they are start-up firms or they are massively negligent. In both cases their routers allowed for the transfer of massive amounts of data. As they are the same size in start-up (sorry, sarcasm prevails), we need to wonder how a few hundred million packages fall between the cracks of vision of whatever security element their IT has. We could wait until someone states that there is no security on that level and the race is truly on then!

This whilst additional support as seen stated by Chris Hodson, EMEA chief information security officer at enterprise security firm Zscaler, when we read: ““With no technical details included in Yahoo’s report about how the data was exfiltrated, just that it was, it’s impossible to assess credibility of the ‘state sponsored’ claim“, a statement I agree, but in addition, I also wonder why we aren’t seeing any reference or initial response from the FBI that this was from North Korea. It fits the time frame doesn’t it? First a dry run on Yahoo and the actual heist was Sony. Or perhaps some players are figuring out that North Korea was never an element and that someone clever enough found a flaw and hit both Yahoo and Sony. The quote “both from the date of the hack, almost two years ago, and from the first appearance of the dumped data on the dark web almost two months ago where it was being sold by a user named “Peace of Mind””, the speculation comes to mind: ‘perhaps this person is the second owner and this person is reselling acquired data’, which would make sense in several capitalisic ways. The article also enlightens what I believe to be a callous approach to security: “The breach also highlights a strong problem with “security questions”, the common practice of letting users reset passwords by answering questions about their first house or mother’s maiden name. Yahoo did not encrypt all the security questions it stored, and so some are readable in plaintext. While it may be irritating to have to change a stolen password, it is somewhat worse to have to change a stolen mother’s maiden name.” The insensitive disregard is clear when the security question is not encrypted and mum’s maiden name is given in plain text, adding to the personal data the thieves borrowed (long-term). Now, we know that there are in these situations several questions, and not all are really about privacy sensitive based data (like a favourite pet), but consider the 2013 movie ‘Now You See Me‘ Consider the dialogue in the New Orleans Show scene:

Jack Wilder: How could we, Art? We don’t have your password.
Henley Reeves: We’d need access to information we could never get our hands on.
Daniel Atlas: Yes, security questions, for instance, like, I don’t know, your mother’s maiden name or the name of your first pet.
Merritt McKinney: Where would we get that information, Art? You certainly would never tell us.

A movie gives us the danger to our goods a year before this data is stolen and nobody presses the alarm bell? The only part that would be even funnier if this was a Sony movie, but no, it was Summit Entertainment who brought this gemstone! Now, we know that life is not a movie, yet the fact that this part is stored as plain text, perhaps not the best solution! In addition as IT developers tend to be lazy, how many other firms, especially those who are a lot smaller, how are they storing this data? Also in plain text?

You see, I have seen parts of this issue too often. Too many firms have no real grasp of non-repudiation and go through the motions so that they seem (read: present themselves) to be about security, yet not really security driven. Because if the client doesn’t want it (many are too lazy), they have opted for it and they are in the clear. Yet when we see that the security questions are in plain text, questions should be asked, very serious questions I might add!

There is one more side to all this, the Guardian raises it with: “what happens to the company’s multi-billion dollar merger with Verizon now? Kevin Cunningham, president and founder at identity company SailPoint, argues that the breach should already be priced in“, we then see the issues of thoroughness raised from Verizon, but in all this, the data theft does not makes sense. You see, if my speculation is true and “Peace of Mind” is the first sales iteration, was this ID the only customer? If so, how come that the sale took this long, the timeout between the event in 2014 and the optional sale a few months ago is weird, as accounts change so quickly, the power and value is in quick sales. To put it in perspective, selling the data to 10 people for a total of 5% of the value is safer then awaiting for one person getting 70% of the value 90 days later. This is a movers and shakers world, the 90 day person is a perhaps and these people are about the ‘cash now’. The market stall people! So in this an 800 day customer implies that there might have been ulterior reasons. Which one(s) I can only speculate on, and I prefer not to do that at present. Now, in that side, it is of course possible that this was ‘state-sponsored’ and it was sold on to keep the wolves at bay, but that too is speculation with absolutely no data to back the speculation up.

Verizon might have taken a calculated level of risk in acquiring Yahoo, yet if the data transgression was never divulged, would this be a case of fraud? The US has the “benefit of bargain” rule, so there could be a decent case of represented and actual value. In addition if we allow for Special damages from a legally recognizable injury to be held to be the cause of that injury, with the damage amounts to specificity. If the data theft would have been known, the value of the firm would have been a lot lower.

Unless this was clearly disclosed to Verizon (I actually do not know), Verizon might have a case, which would be disastrous for Yahoo.

If we consider the news from July at NBC (at http://www.cnbc.com/2016/07/25/verizon-to-acquire-yahoo.html), the setting is not just “Microsoft, Yahoo and AOL lag far behind and have lost market share“, there is no guarantee that those hit by the hack will remain in their Yahoo setting. Google has made it far too easy for people to switch over. The effort made in the past to transfer towards Google could inspire those people to switch to Google, import their mails and start with little or no loss at all. Which means that it is not impossible that Verizon after the merger remains a one digit digital marketing group, something I feel certain Verizon never counted on.

So where is this going?

There are two sides to this, not only is this about cyber security, or the lack thereof. The fact that Verizon has no unlimited data and those with Yahoo accounts who had them will now see their prices go up by a lot (when is this not about money?). Verizon has a 100GB shared option at $450 a month, which is beyond ridiculous. In Australia, iiNet (an excellent provider) offers 250GB for $60 a month and in the UK British Telecom offers a similar plan for no more than £21 a month (which is about $35), considering that BT is not the cheapest on the block, I have to wonder how Verizon will continue, when people have to switch, because their music apps (radio and so on) drain their data account at 6-8GB per day (a harsh lesson a friend of mine learned). Meaning that Verizon is actually a disservice to open internet and free speech. As I see it, free speech is only free if the listener isn’t charged for listening, or better stated, when certain solutions are locked to be not via Wi-Fi, meaning charged via bandwidth. So the accounts were one side, the amount of data breeches that we are seeing now (on both the Verizon and Yahoo side) imply that not only are they too expensive, they aren’t as secure as they are supposed to be and in addition, cyber laws are blatantly failing its victims. Having your data in plain text at $450 a month seems a little too unacceptable, merely because the odds to keep your fortune in Las Vegas tend to be better than this.

So now consider the sponsor, the people behind the screens on both the corporate and hacking side. So let’s take a look

Corporate

Here the need for security is essential, yet there is clear indication that those aware of spreadsheets (read: Board of Directors) are in equal measure naive and blatantly unaware that data security is essential and not the $99 version in this case. The cost of secure data is ignored and in many cases blatantly disregarded. The Yahoo case is inferior to the Verizon data transgressions that have been reported in this year alone. It is so nice to read on how the health industry is hit by organised crime, yet the amount of theft from their own systems is a lot less reported on. I find most amusing the text that the Verizon Data Breach Investigation Report shows: “Yes. Our vulnerability management solutions identify and fix architectural flaws in POS and other patientfacing systems“, “Yes. Our identity and access management solutions prevent the use of weak passwords, the main cause of data breaches in the healthcare industry” and “Yes. Our intrusion detection and threat-management solutions help detect and mitigate breaches more quickly, limiting the damage caused” (at http://www.verizonenterprise.com/resources/factsheet/fs_organized-crime-drives-data-theft-in-the-healthcare-industry_en_xg2.pdf), I reckon that a massive overhaul of their own systems has a slightly higher priority at present. In addition there is no information on how secure the Verizon Data Cloud is. It doesn’t matter who provides it (as I see it), and I reckon we see that iteration hit the news the moment we learn that the UK Ministry of Defence Cloud gets tweaked to another server that is not under their control. It is important to realise that I am NOT scaremongering, the issue is that too many players have kept the people and corporations in the dark regarding monitoring options, intrusion detection and countermeasures, with the cloud, any successful intrusion has the real danger that the data hack is more complete and a lot larger in data loss. Moreover, Microsoft and Microsoft employees have one priority, Microsoft! Consider that any Microsoft employee might not be as forthcoming with Cyber transgressions, no matter what agreed upon. After the agreement, any internal memo could sidestep a reportable transgression. It is a reality of corporate life. In this, until the proper military staff members get trained, the Ministry of Defence (read: as well as GCHQ to some extent) will be catching up through near inhumane levels of required training, which gets the Ministry burnout issues soon enough.

Hackers

No matter how small, these attacks (yes plural) required serious hardware and access to tools that are not readily available. So whomever involved, they are either organised crime, or people connected to people with serious cash. This all gets us a different picture. I am not stating that some hackers work for reasons other than ideological. The rent in mum’s basement and hardware needs to be paid for, if not that, than the electricity bill that will be in excess of $130 a month. It might be trivial to mention, yet these little things add up. Hardware, electricity, storage, it gives the rising need of a sponsor for these hackers. There is no way to tell whether this is ideological (to show it can be done), technological (selling the flaws back to the makers of the solution), or criminal (to sell the acquired data to a competitor or exploiter). We can assume or speculate, but in reality, without additional evidence it is merely a waste of words.

So even if we know the name of the sponsor, this hopefully shows that the need to divulging information on data transgression has been way too light. In the past there was a ‘clarity’ that it was onto the firm to give out, but as they seemingly see it as a hazard to their wealth, too many victims are kept in the dark and as such, the financial danger to those victims is rising in an unbalanced way. If you would doubt my words, consider the article at http://www.geek.com/games/sony-psn-hack-is-only-the-4th-largest-data-breach-of-all-time-1390855/, which was set in June 2009. Geek is not the news cycle you might desire, but the summary is fine and confirmable. The hack to the Heartland Payment Systems January 20th, 2009 might be one of the more serious ones, the 130 million records was more complete and could have a more devastating effect on the US population then most others. From my point of view, a massive shift to proactive data security should have been law no later than 2010, I think that we can safely say that this never happened to the extent required, which is another nice failure of the political parties at large and as such, this could get a lot uglier soon enough. The article also shows a massive Sony failing as there have been 6 large breaches in 2011 alone, so the Sony hack of 2012 shows to be a continuing story of a digital firm who cannot get their act together. That was never in question, in combination with the latest revelations, there is the added pressures that this cannot be allowed to continue and these firms need to start being held criminally negligible for transgressions on their systems. Just like in torts regarding trespass, it should be actionable perse. In addition, the hackers should be held in that same way, with the bounty changed to no less than double digit jail with no option for parole. The mere realisation that there is a high price for these transgressions might be the only way to stop this and in this age should not be a distinguishing factor, so any teenager hoping for an adventure with a nice pay package could end up not getting laid until they turn 30. The last part is unlikely to be a reality ever, but the fact that this is where we should have been going needs to be stated, for the mere reason that a shown failure of nearly a decade is no longer an option to ignore, not when the stakes are getting to be this high.

Leave a comment

Filed under IT, Law, Military, Politics

Tagged as , , , , , , , , , , , , , , , , , , , ,

September 24, 2016 · 14:51

Room for Requirement

I looked at a few issues 3 days ago. I voiced them in my blog ‘The Right Tone‘ (at https://lawlordtobe.com/2016/09/21/the-right-tone/), one day later we see ‘MI6 to recruit hundreds more staff in response to digital technology‘ (at https://www.theguardian.com/uk-news/2016/sep/21/mi6-recruit-digital-internet-social-media), what is interesting here is the quote “The information revolution fundamentally changes our operating environment. In five years’ time there will be two sorts of intelligence services: those that understand this fact and have prospered, and those that don’t and haven’t. And I’m determined that MI6 will be in the former category“, now compare it to the statement I had made one day earlier “The intelligence community needs a new kind of technological solution that is set on a different premise. Not just who is possibly guilty, but the ability of aggregation of data flags, where not to waste resources“, which is just one of many sides needed. Alex Younger also said: “Our opponents, who are unconstrained by conditions of lawfulness or proportionality, can use these capabilities to gain increasing visibility of our activities which means that we have to completely change the way that we do stuff”, I reckon the American expression: ‘He ain’t whistling Dixie‘ applies.

You see, the issue goes deeper than mere approach, the issue at hand is technology. The technology needs to change and the way data is handled requires evolution. I have been in the data field since the late 80’s and this field hasn’t changed too much. Let’s face it, parsing data is not a field that has seen too much evolving, for the mere reason that parsing is parsing and that is all about speed. So to put it on a different vehicle. We are entering an age where the intelligence community is about the haulage of data, yet in all this, it is the container itself that grows whilst the haulage is on route. So we need to find alternative matters to deal with the container content whilst on route.

Consider the data premise: ‘If data that needs processing grows by 500 man years of work on a daily basis‘, we have to either process smarter, create a more solutions to process, be smarter on what and how to process, or change the premise of time. Now let’s take another look. For this let’s take a look at a game, the game ‘No Man’s Sky’. This is not about gaming, but about the design. For decades games were drawn and loaded. A map, with its data map (quite literally so). Usually the largest part of the entire game. 11 people decided to use a formula to procedurally generate 18 quintillion planets. They created a formula to map the universe with planets, planet sized. This has never been done before! This is an important part. He turned it all around and moreover, he is sitting on a solution that is worth millions, it could even be worth billions. The reason to use this example is because games are usually the first field where the edge of hardware options are surpassed, broken and redesigned (and there is more at the end of this article). Issues that require addressing in the data field too.

Yet what approach would work?

That is pretty much the ‎£1 billion question. Consider the following situation: Data is being collected non-stop, minute by minute. Set into all kinds of data repositories. Now let’s have a fictive case. The chatter gives that in 72 hours an attack will take place, somewhere in the UK. It gives us the premise:

  1. Who
  2. Where
  3. How

Now consider the data. If we have all the phone records, who has been contacting who, through what methods and when? You see, it isn’t about the data, it is about linking collections from different sources and finding the right needle, that whilst the location, shape and size of the haystack are an unknown. Now, let’s say that the terrorist was really stupid and that number is known. So now we have to get a list of all the numbers that this phone had dialled. Then we get the task of linking the information on these people (when they are not pre-paid or burner phones). Next is the task of getting a profile, contacts, places, and other information. The list goes on and the complexity isn’t just the data, the fact that actual terrorists are not dumb and usually massively paranoid, so there is a limit to the data available.

Now what if this was not reactive, but proactive?

What if the data from all the sources could be linked? Social media, e-mail, connections, forums and that is just the directly stored data. When we add mobile devices, Smartphones, tablets and laptops, there is a massive amount of additional data that becomes available and the amount of data from those sources are growing at an alarming rate. The challenge is to correctly link the data from sources, with added data sources that contain aggregated data. So, how do you connect these different sources? I am not talking about the usage, it is about the impaired data on different foundations with no way to tell whether pairing leads to anything. For this I need to head towards a 2012 article by Hsinchun Chen (attached at end), Apart from the clarity that we see in the BI&A overview (Evolution, Application and Emerging Research), the interesting part that even when we just look at it from a BI point of view, we see two paths missing. That is, they seem to be missing now, if we look back to 2010-2011, the fact that Google and Apple grew a market in excess of 100% quarter on quarter was not to be anticipated to that degree. The image on page 1167 has Big Data Analytics and Mobile Analytics, yet Predictive Interactivity and Mobile Predictive Analytics were not part of the map, even though the growth of Predictive Analytics have been part of BI from 2005 onwards. Just in case you were wondering, I did not change subject, the software need that part of the Intelligence world uses comes from the business part. A company usually sees a lot more business from 23 million global companies than it gets from 23 intelligence agencies. The BI part is often much easier to see and track whilst both needs are served. We see a shift of it all when we look at the table on page 1169. BI&A 3.0 now gets us the Gartner Hype Cycle with the Key Characteristics:

  1. Location-aware analysis
  2. Person-centred analysis
  3. Context-relevant analysis
  4. Mobile visualization & HCI

This is where we see the jump when we relate to places like Palantir that is now in the weeds prepping for war. Tech Crunch (at https://techcrunch.com/2016/06/24/why-a-palantir-ipo-might-not-be-far-off/) mentioned in June that it had taken certain steps and had been preparing for an IPO. I cannot say how deep that part was, yet when we line up a few parts we see an incomplete story. The headline in July was: ‘Palantir sues investor Marc Abramowitz for allegedly stealing company secrets‘, I think the story goes a little further than that. It is my personal belief that Palantir has figured something out. That part was seen 3 days ago (at http://www.defensenews.com/articles/dcgs-commentary), the two quotes that matter are “The Army’s Distributed Common Ground System (DCGS) is proof of this fact. For the better part of the last decade, the Army has struggled to build DCGS from the ground up as the primary intelligence tool for soldiers on the battlefield. As an overarching enterprise, DCGS is a legitimate and worthwhile endeavour, intended to compute and store massive amounts of data and deliver information in real time“, which gives us (actually just you the reader) the background, whilst “What the Army has created, although well-intentioned, is a sluggish system that is difficult to use, layered with complications and unable to sustain the constant demands of intelligence analysts and soldiers in combat. The cost to taxpayers has been approximated at $4 billion“, gives us the realistic scope and that all links back to the Intelligence Community. I think that someone at Palantir has worked out a few complications making their product the one winning solution. When I started to look into the matter, some parts did not make sense, even if we take the third statement (which I was already aware of long before this year “In legal testimony, an Army official acknowledged giving a reporter a “negative” and “not scientific” document about Palantir’s capabilities that was written by a staff member but formatted to appear like a report from the International Security Assistance Force. That same official stated that the document was not based on scientific data“, it would not have added up. What does add up (remember, the next part is speculative), the data links required in the beginning of the article, have to a larger extent been resolved by the Palantir engineers. In its foundation, what the journal refers to as BI&A 3.0 has been resolved by Palantir (top some extent). If true, we will get a massive market shift. To make a comparison, Google Analytics might be regarded as MSDOS and this new solution makes Palantir the new SE-Linux edition, the difference on this element could be that big. The difference would be that great. And I can tell you that Google Analytics is big. Palantir got the puzzle piece making its value go up with billions. They could raise their value from 20 billion to 60-80 billion, because IBM has never worked out that part of analytics (whatever they claim to have is utterly inferior) and Google does have a mobile analytics part, but limited merely as it is for a very different market. There have always been issues with the DCGS-A system (apart from it being as cumbersome as a 1990 SAS mainframe edition), so it seems to me that Palantir could not make the deeper jump into government contracts until it got the proper references and showing it was intentionally kept out of the loop is also evidence that could help. That part was recently confirmed by US Defense News.

In addition there is the acceptance of Palantir Gotham, which offered 30% more work with the same staff levels and Palantir apparantly delivered, which is a massive point that the Intelligence groups are dealing with, the lack of resources. The job has allowed NY City to crack down on illegal AirBnB rentals. A task that requires to connect multiple systems and data that was never designed to link together. This now gets us to the part that matters, the implication is that the Gotham Core would allow for dealing with the Digital data groups like Tablet, mobile and streaming data from internet sites.

When we combine the information (still making it highly speculative) the fact that one Congressman crossed the bridge (Duncan Hunter R-CA), many could follow. That part matters as Palantir can only grow the solution if it is seen as the serious solution within the US government. The alleged false statements the army made (as seen in Defence News at http://www.defensenews.com/articles/dcgs-commentary) with I personally believe was done to keep in the shadows that DCGS-A was not the big success some claimed it to be, will impact it all.

And this now links to the mentions I made with the Academic paper when we look at page 1174, regarding the Emerging Research for Mobile Analytics. The options:

  1. Mobile Pervasive Apps
  2. Mobile Sensing Apps
  3. Mobile Social Networking
  4. Mobile Visualization/HCI
  5. Personalization and Behavioural Modelling

Parts that are a given, and the big players have some sort of top line reporting, but if I am correct and it is indeed the case that Palantir has figured a few things out, they are now sitting on the mother lode, because there is currently nothing that can do any of it anywhere close to real-time. Should this be true, Palantir would end being the only player in town in that field, an advantage corporations haven’t had to this extent since the late 80’s. The approach SPSS used to have before they decided to cater to the smallest iteration of ‘acceptable’ and now as IBM Statistics, they really haven’t moved forward that much.

Now let’s face it, these are all consumer solutions, yet Palantir has a finance option which is now interesting as Intelligence Online reported a little over a week ago: “The joint venture between Palantir and Credit Suisse has hired a number of former interception and financial intelligence officials“, meaning that the financial intelligence industry is getting its own hunters to deal with, if any of those greedy jackals have been getting there deals via their iPhone, they will be lighting up like a Christmas tree on those data sets. So in 2017, the finance/business section of newspapers should be fun to watch!

The fact that those other players are now getting a new threat with actual working solutions should hurt plenty too, especially in the lost revenue section of their spreadsheet.

In final part, why did I make the No Man’s Sky reference? You see, that is part of it all. As stated earlier, it used a formula to create a planet sized planet. Which is one side of the equation. Yet, the algorithm could be reversed. There is nothing stopping the makers to scan a map and get us a formula that creates that map. For the gaming industry it would be forth a fortune. However, that application could go a lot further. What if the Geospatial Data is not a fictive map, but an actual one? What if one of the trees are not trees but mobile users and the other type of trees are networking nodes? It would be the first move of setting Geospatial Data in a framework of personalised behavioural modelling against a predictive framework. Now, there is no way that we know where the person would go, yet this would be a massive first step in answering ‘who not to look for‘ and ‘where not to look‘, diminishing a resource drain to say the least.

It would be a game changer for non-gamers!

special_issue_business_intelligence_rese

 

Leave a comment

Filed under Finance, IT, Military, Politics, Science

Tagged as , , , , , , , , , , , , , , , , , , , , , , ,

September 22, 2016 · 12:18

Targeting the FBI

Do not worry, the FBI is not under attack from any hostile force, in this particular case it is me who will be on the offensive regarding statements made in 2014. Let me explain why. To get to the start of this event, we need to take a step back, to be a little more precise we need to turn to the moment 645 days ago when we read that Sony got hacked, it got hacked by none other than North Korea. It took me around an hour to stop laughing, the stomach cramps from laughter are still on my mind when I think back to that day. By the way, apart from me having degrees in this field. People a lot more trustworthy in this field, like Kim Zetter for Wired Magazine and Kurt Stammberger from cyber security firm Norse. The list of sceptics as well as prominent names from the actual hacking world, they all had issues with the statements.

We had quotes from FBI Director James Comey on how tightly internet access is controlled there (which is actually true), and (at https://www.fbi.gov/news/pressrel/press-releases/update-on-sony-investigation) we see “the FBI now has enough information to conclude that the North Korean government is responsible for these actions“. I am pretty sure that the FBI did not expect that this would bite them down the track. This all whilst they rejected the alternate hack theory that Cyber Intelligence firm Norse gave (at http://www.politico.com/story/2014/12/fbi-rejects-alternate-sony-hack-theory-113893). Weirdly enough, the alternative option was no less than ten times more possible then the claim that some made. Another claim to have a giggle at came from Homeland Security, the quote was “The cyber-attack against Sony Pictures Entertainment was not just an attack against a company and its employees. It was also an attack on our freedom of expression and way of life“, which is a political statement that actually does not say much. The person making it at the time was Jeh Johnson.

You see, this is all coming to light now for the weirdest of reasons. The Guardian (at https://www.theguardian.com/world/2016/sep/21/north-korea-only-28-websites-leak-official-data). The subtitle gives us “Apparent error by a regime tech worker gave the world a rare glimpse into the few online sources of information available“, so one of these high profile worldly infamous hackers got a setting wrong and we get “But its own contribution to the world wide web is tiny, according to a leak that revealed the country has just 28 registered domains. The revelation came after one of North Korea’s top-level name servers was incorrectly configured to reveal a list of all the domain names under the domain .kp“, you see, here we see part of the fun that will now escalate.

In this I invite NSA director Admiral Michael Rogers and FBI Director James Comey to read this, take note, because it is a free lesson in IT (to some extent). It is also a note for these two to investigate what talents their agencies actually have and to get rid of those who are kissing your sitting area for political reasons (which is always good policy). When  the accused nation has 28 websites, it is, I agree not an indication of other internet elements, but let me add to this.

The need to prototype and test any kind of malware and the infrastructure that could actually be used against the likes of Sony might be routed via North-Korea, but could never originate there. The fact that your boffins can’t tell the difference is a clear given that the cyber branch of your organisations are not up to scrap. In that case it is now imperative that you both contact Major General Christopher P. Weggeman, who is the Commander, 24th Air Force and Commander, Air Forces Cyber (AFCYBER). He should most likely be at Lackland Air Force Base, and the phone number of the base is (210) 671-1110. I reckon setting up a lunch meeting and learn a thing or two is not entirely unneeded. This is not me being sarcastic, this is me telling you two that the case was mishandled, got botched and now that due to North Korean ‘expertise’, plenty of people will be asking questions. The time requirement to get the data that got taken was not something that happened overnight. For the simple reason that that much data would have lit up an internet backbone and ever log alarm would have been ringing. The statement that the FBI made “it was unlikely that a third party had hijacked these addresses without allowance from the North Korean government” was laughable because of those pictures where we saw the Korean high-command behind a desktop system with a North Korean President sitting behind what is a mere desktop that has the computation equivalent of a Cuisena Egg Beater ($19.95 at Kitchen Warehouse).

Now, in opposition, I sit myself against me. You see, this might just be a rant, especially without clarification. All those North Korean images could just be misdirection. You see, to pull of the Sony caper you need stimulation, like a student would get at places like MIT, Stanford, or UTS. Peers challenging his solutions and blocking success, making that person come up with smarter solutions. Plenty of nations have hardware and challenging people and equipment that could offer it, but North Korea does not have any of that. The entire visibility as you would see from those 28 domains would have required to be of much higher sophistication. You see, for a hacker, there needs to be a level of sophistication that is begotten from challenge and experience. North Korea has none of that. Evidence of that was seen a few years ago when in 2012 in Pyongyang I believe, a press bus took a wrong turn. When some reporters mentioned on how a North Korean (military I believe) had no clue on smartphones. I remember seeing it on the Dutch NOS News program. The level of interaction and ignorance within a military structure could not be maintained as such the military would have had a clue to a better extent. The ignorance shown was not feigned or played, meaning that a technological level was missing, the fact that a domain setting was missed also means that certain monitoring solutions were not in place, alerting those who needed to on the wrongful domain settings, which is essential in regards to the entire hacking side. The fact that Reddit and several others have screenshots to the degree they have is another question mark in all this last but not least to those who prototype hacking solutions, as they need serious bandwidth to test how invisible they are (especially regarding streaming of Terabytes of Sony data), all these issues are surfacing from this mere article that the Guardian might have placed for entertainment value to news, but it shows that December 2014 is a very different story. Not only does it have the ability to exonerate the

We see a final quote from Martyn Williams, who runs the North Korea Tech blog ““It’s important to note this isn’t the domain name system for the internal intranet,” Williams wrote. “That isn’t accessible from the internet in any way.”” which is true to some extent. In that case take a look to the PDF (at https://www.blackhat.com/presentations/bh-usa-07/Grossman/Whitepaper/bh-usa-07-grossman-WP.pdf) from WhiteHat security. On page 4 we get “By simply selecting common net-block, scans of an entire Class-C range can be completed in less than 60 seconds“, yes, I agree you do not get that much info from that, but it gives us to some extent usage, you see, if something as simple as a domain setting is wrong, there is a massive chance that more obscure essential settings on intranet level have been missed, giving the ‘visitor’ options to a lot more information than most would expect. Another matter that the press missed (a few times), no matter how Time stated that the world was watching (at http://time.com/3660757/nsa-michael-rogers-sony-hack/), data needs to get from point to point, usually via a router, so the routers before it gets to North Korea, what were those addresses, how much data got ported through?

You see, the overreaction from the FBI, Homeland Security, NSA et al was overly visible. The political statements were so out in the open, so strong, that I always wondered: what else? You see, as I see it, Sony was either not the only one who got hacked, or Sony lost something else. The fact that in January 2015 Sony gave the following statement “Sony Entertainment is unable to confirm that hackers have been eradicated from its computer systems more than a month after the film studio was hit by a debilitating cyber-attack, a report says“, I mentioned it in my article ‘Slander versus Speculation‘ (at https://lawlordtobe.com/2015/01/03/slander-versus-speculation/). I thought it was the weirdest of statements. Basically, they had almost 3 weeks to set up a new server, to monitor all data traffic, giving indication that not only a weird way was used to get to the data (I speculated on an option that required it to be an inside job), yet more important, the fact that access had not been identified, meaning it was secured gave way to the issue that the hackers could have had access to more than just what was published. That requires a little bit more explanation. You see, as I personally see it, to know a transgressor we need to look at an oversimplified equation: ‘access = valid people + valid systems + threats‘ if threats cannot be identified, the issue could be that more than one element is missing, so either you know all the access, you know all the people and you know the identity of valid systems. Now at a place like Sony it is not that simple, but the elements remain the same. Only when more than one element cannot be measured do you get the threats to be a true unknown. That is at play then and it is still now. So if servers were compromised, Sony would need a better monitoring system. It’s my personal belief (and highly speculative) that Sony, like many other large companies have been cutting corners so certain checks and balances are not there, which makes a little sense in case of Sony with all those new expansions corners were possibly cut and at that point it had an IT department missing a roadmap, meaning the issue is really more complex (especially for Sony) because systems are not aligned. Perhaps that is the issue Sony had (again this is me speculating on it)?

What is now an issue is that North Korea is showing exactly as incapable as I thought it was and there is a score of Cyber specialists, many of them a lot bigger then I will ever become stating the same. I am not convinced it was that simple to begin with, for one, the amount of questions the press and others should have been asking regarding cloud security is one that I missed reading about and certain governmental parts in the US and other nations have been pushing for this cheaper solution, the issue being that it was not as secure as it needed to be, yet the expert levels were not on par so plenty of data would have been in danger of breaching. The question I had then and have now a lot louder is: “Perhaps Sony showed that cloud server data is even less secure than imagined and the level required to get to it is not as high as important stakeholders would need it to be“. That is now truly a question that matters! Because if there is any truth to that speculation, than the question becomes how secure is your personal data an how unaware are the system controllers of those cloud servers? The question not asked and it might have been resolved over the last 645 days, yet if data was in danger, who has had access and should the people have been allowed to remain unaware, especially if it is not the government who gained access?

Questions all worthy of answers, but in light of ‘statements made’ who can be trusted to get the people properly informed? Over the next days as we see how one element (the 28 sites) give more and more credible views on how North Korea was never the culprit, the question then becomes: who was? I reckon that if the likely candidates (China, Russia, UK and France) are considered there might not be an issue at all, apart from the fact that Sony needs to up their Cyber game, but if organised crime got access, what else have they gotten access to?

It is a speculative question and a valid one, for the mere reason that there is at present no valid indication that the FBI cyber unit had a decent idea, especially in light of the official response towards cyber security firm Norse what was going on.

Could I be wrong?

That remains a valid question. Even when we accept that the number of websites are no indication of Intranet or cybersecurity skills, they are indicative, when a nation has less websites than some third world villages, or their schools have. It is time to ask a few very serious questions, because skills only remain so through training and the infrastructure to test and to train incursions on a WAN of a Fortune 500 company is not an option, even if that person has his or her own Cray system to crunch codes. It didn’t make sense then and with yesterday’s revelation, it makes even less sense.

Finally one more speculation for the giggle within us all. This entire exercise could have been done to prevent ‘the Interview’ to become a complete flop. You know that movie that ran in the US in 581 theatres and made globally $11,305,175 (source: Box Office Mojo), basically about 10% of what Wolf of Wall Street made domestically.

What do you think?

 

Leave a comment

Filed under IT, Media, Military, Politics, Science

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

September 21, 2016 · 11:17

The Right Tone

Today we do not look at Ahmad Khan Rahami, we look at the engine behind it. First of all, let’s get ugly for a second. If you are an American, if you think that Edward Snowden was a ‘righteous dude’, than you are just as guilty as Ahmad Khan Rahami injuring 29 people. Let’s explain that to those who did not get through life through logic. You see, the US (read: NSA) needed to find ways to find extremists. This is because 9/11 taught them the hard way that certain support mechanisms were already in place for these people in the United States. The US government needed a much better warning system. PRISM might have been one of these systems. You see, that part is seen in the Guardian (at https://www.theguardian.com/us-news/2016/sep/20/ahmad-khan-rahami-father-fbi-terrorism-bombing), the quote that is important here is “Some investigators believe the bombs resemble designs released on to the internet by al-Qaida’s Yemeni affiliate through its Inspire publication“, PRISM would be the expert tool to scan for anyone opening or accessing those files. Those who get certain messages and attachments from the uploading locations. To state it differently “the NSA can use these PRISM requests to target communications that were encrypted when they travelled across the internet backbone, to focus on stored data that telecommunication filtering systems discarded earlier“, so when a package is send through the internet and delivered, it gets ‘dropped’, meaning the file is no longer required. The important part is that it is not deleted, it is, if we use the old terms ‘erased’, this is not the same! When it is deleted it is removed, when it is erased, that space is set as ‘available’ and until something else gets placed there it is still there. An example you will understand is: ‘temporary internet files’. When you use your browser things get saved on your computer, smartphone, you name it. Until this is cleaned out, the system has that history and it can be recalled with the right tool at any given moment. PRISM allows to find the paths and the access, so this now relates to the bomber, because if correct, PRISM could see if he had actually gotten the information from Inspire magazine. If so, a possible lone wolf would have been found. Now, the system is more complex than that, so there are other path, but with PRISM in the open, criminals (especially terrorists) have gotten smarter and because PRISM is less effective, other means need to be found to find these people, which is a problem all by itself! This is why Edward Snowden is a traitor plain and simple! And every casualty is blood on his hands and on the hands of his supporters!

The right tone is about more than this, it is also about Ahmad Khan Rahami. You see, he would be a likely recruit for Islamic State and Al-Qaida, but the issue is that his profile is not clean, it is not the target recruit. You see, apart from his dad dobbing him in in 2014, he stands out too much. Lone wolves are like cutthroats. Until the deed is done, they tend to remain invisible (often remain invisible after the deed too). There is still a chance he allowed himself to be used as a tool, but the man could be in effect a slightly radicalised mental health case. You see, this person resembles the Australian Martin Place extremist more than the actual terrorists like we saw in Paris. I reckon that this is why he was not charged at present. For now he is charges with attempted murder (3 hours ago), yet not all answers have been found. You see, the quote “they had linked Rahami to Saturday’s bombing in Chelsea, another unexploded device found nearby, both constructed in pressure cookers packed with metallic fragmentation material. They also said he was believed to be linked to a pipe bomb that blew up in Seaside Park, New Jersey, on Saturday and explosive devices found in the town of Elizabeth on Sunday“, the proper people need to ascertain whether he is just the set-up, or a loser with two left hands. The FBI cannot work from the premise that they got lucky with a possible radicalised person with a 60% fail rate. If he is the start of actual lone wolves, PRISM should have been at the centre of finding these people that is if Snowden had not betrayed his nation. Now there is the real danger of additional casualties. I have always and still belief that a lot of Snowden did not add up, in many ways, most people with actual SE-LINUX knowledge would know that the amount of data did not make sense, unless the NSA totally screwed up its own security (on multiple levels), and that is just the server and monitoring architecture, yet I digress (again).

The big picture is not just the US, it is a global problem as France found out the hard way and new methods are needed to find people like that. The right tone is about keeping the innocent safe and optional victims protected from harm. The truth here is that eggs will be broken, because an omelette like this needs a multitude of ingredients and not to mention a fair amount of eggs. The right tone is however a lot harder than many would guess. You see, even if Man Haron Monis (Martin Place Sydney) and Ahmad Khan Rahami both could be regarded as mental health cases (Man more than Ahmad), the issue of lone wolf support does not go away. Ahmad got to Inspire magazine in some way. Can that be tracked by the FBI cyber division? It might be a little easier after the fact, so it becomes about backtracking, but wouldn’t it have been great to do this proactively? It will be a while until this is resolved to the satisfaction of law enforcement and then still the question becomes, was he alone? Did he have support? You see a lone wolf, a radicalised person does not grow from within. Such a person requires coaching and ‘guidance’. Answers need to be found and a multitude of people will need to play the right tune, to the right rhythm. The right tone is not just a mere consideration, in matters like these it is like a red wire through it all. It is about interconnectivity and it is always messy. There is no clear package of events, with cash receipts and fingerprints. It is not even a legal question regarding what was more likely than not. The right tone is also in growing concern an issue of resources. It isn’t just prioritisation, it is the danger that mental health cases drain the resources required to go after the actual direct threats. With the pressures of Russia and the US growing, the stalemate of a new cold war front works in favour of Islamic state and the lone wolves who are linked to someone, but not usually know who. The workload on this surpasses the power of a google centre and those peanut places tend to be really expensive, so resource requirements cannot be meet, so it becomes for us about a commonwealth partnership of availability which now brings local culture in play. The intelligence community needs a new kind of technological solution that is set on a different premise. Not just who is possibly guilty, but the ability of aggregation of data flags, where not to waste resources. For example, I have seen a copy of Inspire in the past, I have seen radicalised video (for the articles). I don’t mind being looked at, yet I hope they do not waste their time on me. I am not alone. There are thousands who through no intentional act become a person of investigative interest. You see, that is where pro-activity always had to be, who is possibly a threat to the lives of others? The technical ability to scrap possible threats at the earliest opportunity. Consider something like Missing Value Analyses. It is a technique to consider patterns. SPSS (now IBM Statistics) wrote this in its manual “The Missing Value Analysis option extends this power by giving you tools for discovering patterns of missing data that occur frequently in survey and other types of data and for dealing with data that contain missing values. Often in survey data, patterns become evident that will affect analysis. For example, you might find that people living in certain areas are reluctant to give their annual incomes, thus creating missing values in your data. If you leave these values out, are your statistical conclusions valid?” (Source: M.A. Hill, ‘SPSS Missing Value Analysis 7.5’, 1997). This is more to the point then you think. consider that premise, that we replace ‘people living in certain areas are reluctant to give their annual incomes’ with ‘people reading certain magazines are reluctant to admit they read it’. It sounds innocent enough when it is Playboy or penthouse (denied to have been read by roughly 87.4% of the male teenage population), but what happens when it is a magazine like Inspire, or Stormfront? It is not just about the radicalised, long term it must be about the facilitators and the guides to that. Because the flock is in the long term not the problem, the herder is and data and intelligence will get us to that person. The method of getting us there is however a lot less clear and due to a few people not comprehending what they were doing with their short sightedness, the image only became more complex. You see, the complexity is not just the ‘missing data’, it is that this is data that is set in a path, this entire equation becomes a lot more unclear (not complex) when the data is the result of omission and evasion. How the data became missing is a core attribute here. Statisticians like Hackman and Allison might have looked at it for the method of Business Intelligence, yet consider the following: “What if our data is missing but not at random? We must specify a model for the probability of missing data, which can be pretty challenging as it requires a good understanding of the data generating process. The Sample Selection Bias Model, by James Heckman, is a widely used method that you can apply in SAS using PROC QLIM (Heckman et al., 1998)“, this is not a regression where we look at missing income. We need to find the people who are tiptoeing on the net in ways to not get logged, or to get logged as someone else. That is the tough cookie that requires solutions that are currently incomplete or no longer working. And yes, all these issues would require to be addressed for lone wolves and mental cases alike. A massive task that is growing at a speculated 500 work years each day, so as you can imagine, a guaranteed billion dollar future for whomever gets to solve it, I reckon massive wealth would be there for the person who could design the solution that shrinks the resource requirements by a mere 20%, so the market is still lucrative to say the least.

The right tone is an issue that can be achieved when the right people are handed the right tools for the job.

1 Comment

Filed under IT, Media, Military, Politics, Science

Tagged as , , , , , , , , , , , , ,

September 19, 2016 · 15:20

The Syrian Fuck Up

There are a few things playing, for one the Bremain group is trying to push again in some way to scare people and set uncertainty all over the place. To be quite honest, at what point are such people regarded as traitors? I know the term is much to harsh, yet the fact is that the vote has been passed, there is a direction and those people are actively trying to mislead left right and centre, like the roaches of the old ways of profit, profit for the few! How come that side is not placed into the limelight? The second issue is seen in NY and a few other places where bombs are exploding. We can speculate in several ways, but that is not my way and until solid intelligence is seen, only then can we form a view. The most likely being that the US is now seeing the direct consequence from lone wolf attacks. There is no likely answer immediately, it will take time, yet the numbers are on terrorism. Confirmation is outstanding for now, but the most likely scenario. We will see later, no matter what the answer is, for the US their issues have now become a lot more complex. It is my personal view that I still believe that Edward Snowden is to some extent a joke at best and a traitor at worst. By illuminating actual parts of projects like PRISM, the lone wolves are now taking other measures and what might have been prevented will now only be prevented after many casualties, so feel free to send him a card with the text “شكرا لمساعدتك” (source: Google Translate).

Where we are actually going is Syria. You see, there has been an issue for a long time, we can go with the idea that people have been lucky for too long and there is the idea that a truce was never an option in Syria. Yet when we read ‘Syria ceasefire on brink of collapse after raids on Aleppo, Syrian troops’ (at http://www.abc.net.au/news/2016-09-19/syria-ceasefire-teeters-after-raids-on-aleppo/7856670). You see, my view comes from the initial issue I had when President Obama claimed ‘No boots on the ground in Syria‘ (at http://www.usatoday.com/story/news/politics/onpolitics/2015/10/30/16-times-obama-said-there-would-no-boots-ground-syria/74869884/), shows that this statements goes back as far as ‘meeting with Baltic State leaders, August 30th, 2013‘. Here we see the quote “In no event are we considering any kind of military action that would involve boots on the ground that would involve a long-term campaign. But we are looking at the possibility of a limited, narrow act that would help make sure that not only Syria, but others around the world, understand that the international community cares about maintaining this chemical weapons ban and norm. So again, I repeat, we’re not considering any open-ended commitment. We’re not considering any boots-on-the-ground approach“. You see, my issue is that any air force strike needs quality intelligence. You see, as I personally see it, the Air force is meant to be force in support of the Army! That’s how it is supposed to be! This is not negativity, because the Air force is its own power in the sky, but when it is required to go after ground forces, it needs eyes on the ground, which implies boots on the ground. It is that simple. Of course they can try to rely on the INTEL that they get from third parties, but that tends to lead to wrong tagging, inaccurate intelligence and not to mention the wrong coordinates get to be transmitted. I reckon that this latest issue could be either one of those failures. And when we get to see this “Russia said the situation in Aleppo city was “especially tense” on Sunday, blaming the instability on rebels.” The amount of shelling by rebel groups against positions of the Syrian Government troops and of residential areas is increasing,” Defence Ministry spokesman Igor Konashenkov said“, so what ceasefire? If a ceasefire is one-sided, there is no ceasefire. It seems to me that the issues shown on the news is that there is inaccuracies on all sides, not just the military parts. That can be construed from the quote “Also on Sunday, a senior adviser to President Bashar al-Assad said Damascus believes Saturday’s strike that killed the Syrian soldiers was “intentional”.” None of the facts on the ground show that what happened was a mistake or a coincidence,” Buthaina Shaaban said.” This could be the case on one side, if there was no ceasefire. So what is the case? Al Jazeera gives us ‘Ceasefire terms pose major risks for Syrian rebels‘ (at http://www.aljazeera.com/indepth/opinion/2016/09/ceasefire-terms-pose-major-risks-syrian-rebels-160915092126740.html), there we see the agreement painted as a one-sided solution for the Syrian government. Sharif Nashashibi writes in this article “This is a clear indication that, to him, such ceasefires are stepping stones to achieving that aim, not to a negotiated political solution. Indeed, pro-Assad forces continue to besiege rebel-held areas during the current ceasefire“, so from all this we can speculate that that fingers can be pointed on more than one issue. When we look at the BBC (at http://www.bbc.com/news/world-middle-east-37398721) we see “The US said its planes had halted the attack in Deir al-Zour when informed of the Syrian presence. A spokesman for the US administration expressed “regret” for the “unintentional loss of life”.“, as I remember it, a meeting at the United Nations Security Council under these conditions tends to be not too boring, so my advice to the Honourable Matthew Rycroft and the Honourable Gerard van Bohemen would be to bring tea and cucumber sandwiches to the next meeting, it should be fun to watch the US and Russian incriminate back and forth!

Now, I am not going to give you the goods on those two, the upcoming cold war will be a fun job soon enough. What is essential is to realise that the Air force could possibly have acted on incorrect, inaccurate or incomplete data soon enough. This is however an issue on more than one level. If you recall the initial chemical attacks, the US was unable to give clear evidence on who did what, meaning that either the satellite lag is too great or lacking too much details. You see, this is not TV, this is not an episode of NCIS where we see that the satellite could be used to watch a topless girl sucking the sunshine. This is real life and even as we know that it can give clear mechanical movements, troop movements, especially in an urban environment like Aleppo could be an issue to some extent, this is corroborated in this event. There will be conspiracy minds giving the notion that the US is trying to win by striking Assad forces ‘accidently’, a scenario that is not impossible, but likely a lot more improbable. Without clear deniability President Obama would not got near this issue now, so close to the election with the possibility of wrecking the election chances of the Democratic Party. In addition, with minus 18 trillion and no exit strategy there, increasing actions and requirements in Syria is one part he cannot afford in any way shape or form. That leads back to the attacks on the US, if there is any possibility that this is indeed a lone wolf wave, the US will have dire need for many more resources soon. No matter how it looks in the news and how it is played. Syria has been an issue for too long and as politicians and ambassadors seem to try and find a solution that will make everyone winners, I have to look back at 1939 when the UK decided that Hitler had to be stopped. It would take 2 years and a large sacrifice of part of the US Navy until the US took that stance openly. The issue is that too many politicians are taking the Charlie Brown approach (Walk softly and carry a Beagle). I think that with so many political fires stating that you are the fireman and you are here to chop away flammable constructs is not the worst position to take. In all this there is a genuine issue of missing trust. The BBC stated “Russia’s defence ministry earlier said that if the US air strikes did turn out to be an error, it would be because of Washington’s refusal to co-ordinate military action with Moscow“, it is not that Russia has any level of record in creating trust. The Ukraine and the Crimea region both have visible scars regarding that issue, there is of course the MH-117 so I reckon that Sergey Shoygu should review his options and find a third solution all parties can work with. The simple truth is that during these election the US side (for now) will be flaccid and useless unless a clear and distinct order is given by the Obama administration. Russia might gain trust all over the field if an actual solution for Syrian battle intelligence is found.

The worst issue in all this is that this is a serious fuck up, because the intelligence as given, is now sitting on the premise of two sides. From the initial part we can go with the two possibly oversimplified sides. US Air force was either unable or unwilling to see the intel. This path is taken because it is a simple truth, when we cut away the sides these two give rise to the actions. If actions were taken whilst unable to see, they would be rash actions, showing that boots on the ground were essential to recon data. If they were unwilling to see the Intel, it becomes a very different discussion, one with large implications on the US military actions. This path is taken to show you that for the most the path was not that complex. The only complexity is the accountability of actions. Sometimes, especially in armed conflict the issue tends to remain simple, or better stated ‘lacking complexity’. So why was it a ‘fuck up’? Again, in my personal view, and standing aside human error, the air force relies on levels of quality intelligence. Whenever we add just one level of impurity, we see that actions become a risk or rash to say the least, the fact that there was no supporting recon team means that someone let US pilots enter a blind stage where identification is hard at best. That is not the fault of the pilot or his commander. In this arena where uniforms are very much alike, telling one party from another becomes nearly impossible. This explains why ‘no boots on the ground’ was close to idiotic from day zero. This would always happen and it is a near miracle that it did not happen more often. One could argue that the entire mission as set out as it was doomed to fail from the very beginning, which now makes us wonder if the current administration wanted a clear victory to begin with. If not, we have ample evidence that this American administrations wasted billions on posturing, which sounds odd too.

In the end, the reality around this will take years to clarify and even then messages, mails and documents will have been ‘accidently’ destroyed or classified for 2 generations at least. In the end, for the most it is easy to agree that the Syrian events were a fuck up, but to what extent and until which person and function (read: who’s desk) is a question not easily (if ever) answered.

 

Leave a comment

Filed under Media, Military, Politics

Tagged as , , , , , , , , , , , , , , , , , , , , , , , ,

September 8, 2016 · 13:13

Brilliance or Donkey mode?

The Guardian gives us two stories. One is of course all about the iPhone 7. At https://www.theguardian.com/technology/2016/sep/07/apple-iphone-no-headphone-jack-second-generation-watch we see the revolution of another iteration by Apple. The interesting side is that the head jack is no more, so no headset plugging into your phone. The quote “one that tech pundits predict could have consumers staying away in droves” is one that I find debatable. You see, the article goes on (via two sides) on how head jacks need to remain. Yet Apple decided on a model that is more waterproof. A statement that I find slightly debatable as there is still a lightning connector and speaker holes. Yet that could be an error on my side. What is striking is the quote “Apple announced another new product on Wednesday – AirPods, a pair of barely-larger-than-earplugs headphones that Schiller said use a new kind of chip to deliver a “magical experience” without the usual hassle of Bluetooth pairing and un-pairing“, which means a new era of listening technology. I will not go deeper into that side, especially as I have no idea on the Airpods, yet one side unmentioned is that these ways of transmitting ‘audio’ means that the battery will see a new level of draining. Whether this is better or worse than the head jack is one I can only speculate on. What is a given is that these moves are usually paired with the gravitas of cajones that tends to change the technological battlefield by a fair bit, so it might not be a donkey idea but a brilliant one. Time will tell which one it is. So far Apple remained quiet on the field of true technical innovation so the bar is open on the gamble, but the fallout could be one worth watching.

The other side gives us the consoles. The lacking brilliance of Sony has been evident for a little while and now that they have released batch 1 of the PlayStation Pro for this November, pre-orders are off the hook. Yet in my view, this is more definitely going to be the Donkey idea for a long time. Apart from the price which is not too bad, the massive issue now is that they are offering 4K gaming. Now apart from it not actually being 4K gaming (for now), those in charge of this were blatantly lacking brainpower when setting together this package. You see 1TB just does not cut it. Consider 4K.com (at http://4k.com/news/unsexy-hard-drive-technology-needs-to-keep-up-with-4k-4872/) gives us “Given that a single minute of full ultra HD 4K video in native resolution takes up a full 2 GB of storage memory, large amounts of drive space become more crucial than ever before“. Now, games and movies are not the same, but consider that cut scenes are still going to be large and the average game has at least 30 minutes of cut scenes. That’s 60GB, which exceeds the Blu-Ray disc, which is not an issue for 4K Blu-ray’s, but how about your storage? What happens when you run out of space? I warned about this with the initial PS4 and 500 GB, so I updated to 2TB immediately. Now, that does not worry me, because I am not the average player, yet let’s not forget that after 10 games, the 500 GB edition had run out of space, what do you think 4K gaming will do with a 1TB drive? To equip that system with anything less than 2TB was sheer stupidity!

Even Microsoft saw that one coming and gave all these new versions a 2TB drive. It is likely that the Scorpion will have more than 2TB, but we will have to see. So not only did Sony drop the ball on hardware, they did it TWICE in a row, the same mistake. It seems that someone there is not thinking things through!

By the way, do not take my word for it, Sony themselves announced the new Blu-ray standard with a 1TB disc in March 2014, so I reckon that they are creating their own slippery slope all by themselves. Microsoft only needs to release the original Mass Effect trilogy on 4K within 6 months of releasing Andromeda and Sony could lose a massive stake in the gaming population. EA has clearly said that this would not happen, yet Microsoft has an option it did not have ever before, it has a title both gaming sides revere and desire. If that becomes a XB1 exclusive, Sony would end up crying a river of losses.

 

Still there is now a given we have not seen until these new systems, Sony botched the ball a second time and this time, the Sony fans might not be as forgiving as before, not only because of the initial PS4 launch fiasco (most day one games were not ready and the big title was delayed by well over 40 weeks). The issues that some faced with HD space, an issue most had not experienced on the PS3 gave more stress than people bargained for and the clarity of drive space is a lot more obvious on the PSPro than it was on the PS4.

So even if we see Sony to be in the ‘not so bright mode’, where should we see Apple? As stated before, I am not certain as there is no way to expect how the people will react to the new requirement of Airpods, the fact that the phone will now be waterproof could be the quality band aid the iPhone fans will accept as a trade-off. However, at $229 they are not the cheapest solution, so that also counts against them. Anyway, with the lightning adapter the old solution remains operational and if that cable is included with the iPhone 7 (yea right!) Phone owners would not have anything to complain about. Time will tell how Apple is seen. I think that they took a bold step in another direction and that might not be a bad thing.

Another part I found debatable was the quote Julie Ask, VP and principal analyst at Forrester Research made. When we see “They’re not trying to win the race to the bottom like [competitors] Samsung or Huawei; they tend to go after the middle-class consumer that can afford the products“, we have to wonder what her data proves. Not unlike the claims she made on Bloomberg, there are a few sides that are actively ignored. For one, Huawei is NOT a bottom competitor (the quote was very peculiarly phrased), Huawei has shown to be an Android top runner and has been giving a stronger bang for the buck than the iPhone has been giving for the longest of time. My issue with Huawei is not the quality of hardware, but the limiting of availability of the higher models is an issue, one that seems to be due through agreements with the telecom companies, which is a big no no in my view. Which now also reflects back to the iPhone, which is now standard have larger sized phones, making Huawei trail. This is what the show from Apple revealed. Now for the fun part, I mentioned on my blog on July 28th 2016 how stupid this move was in the article ‘What we waste away‘ (at https://lawlordtobe.com/2016/07/28/what-we-waste-away/), so less than 8 weeks later I am proven correct in more than one way. So not only is Huawei not offering a decent storage driven system, it is likely to lose a lot of market share as the 32GB Huawei P9 is pretty much the same price as the iPhone 7 128 GB Jet Black. How did Huawei not see this coming? Let’s not forget that (rumour) their CEO would be able to ask PLA Unit 61398 (Chinese Cyber warfare) what Apple was planning to do, nobody in charge there considered calling the honourable Ren Zhengfei informing him on the actions that ‘Imperialistic America’ was planning (read: Apple CEO)?

Brilliance can be found in all levels of technology, yet many of the players here seem to have been asleep these last 8 weeks.

Anybody for pancakes?

 

Leave a comment

Filed under IT, Media, Military

Tagged as , , , , , , , , , , , , , , , , , , , ,

July 24, 2016 · 18:37

Out of the two issues

There are two things bugging me. One is technology based and I will get to that one next (read: article). You see, it is not the most important one and it fades against the game that is now on rotation. The first one starts on a good note, which tends to be a little awkward as it involved George Brandis, the Attorney General. The headline ‘George Brandis warns against assuming all attacks are terrorism after Munich shooting‘. I actually agree here. There was an extremely graphical video that I discussed (at https://lawlordtobe.com/2016/05/01/homerun-by-ukip/), on May 1st 2016, yet the video is all about implying targets. Here we have the crux, what makes the implied target a real target? Well that is for the boffins in the intelligence world to resolve. Yet when he states “He was obsessed with mass killings, owned a book on US school shootings and played computer shooting games. Most of his victims were fellow teenagers, five of them under 16“, I am placing a few question marks at his quotes. Just as Pauline Hanson is eager to blame religion, Brandis mentions that the German gunman played computer shooting games, which in light of the statements made by Andrew Scipione recently is slightly too enthusiastically and way too easily spoken.

Last there is “One of the phenomena that we have seen develop more recently is the development of lone actors who self-radicalise, often very quickly, most commonly online,” he said. “Very frequently these are young men with psychological disturbances, they don’t fit into the conventional or traditional understanding of a terrorism network”, which is true and fair enough. There are plenty of other sources that make similar claims, which does not make them false or wrong. It beckons the thought on how a kid of 18 got the gun. You see, Germany has a much stricter handle on guns, as can be seen in the article ‘Germany and gun laws: a chequered history‘ (at https://www.theguardian.com/world/2016/jul/23/germany-guns-chequered-history-munich-shootings), the quote “three school massacres were instrumental in forcing through political reforms which are widely seen as making the country’s gun controls amongst the most stringent in the world“, even as many German’s have legally owned firearms. Germany is 4th on the world list of guns legally owned per capita. So, on one hand stealing one would be relatively easier (statistically speaking) in Germany, although that premise is an empty one without clear evidence on how the gun was obtained. So where did he get his gun from?

Now, this is not me stating that ISIS was involved, I am merely asking whether ISIS would eagerly use a tool like Ali Sonboly for instigating terror. Now consider the ‘news’ where we see the statement “Gunman Ali Sonboly used Facebook account to lure victim with offer of free food“, he apparently (according to the telegraph) used a fake Facebook account with the name ‘Selina Akim’ (other sources stated a hacked account), if that is true, than we have another iteration of issues. Not the fact whether or not he was a real mental health case, because this does not necessarily diminish that part. So when we consider the quote by George Brandis “when a search of the man’s home did not find any Islamist-related material, or any other political, religious or ideological material“, which we can consider in partial error. The ‘planning’ and creating a fake identity on Facebook (or hacking an account), trying to lure people of the same age group to McDonalds gives way to planning and to the act of contemplating. Contemplating because he viewed an approach with continued attention (aka tactical planning) and he observed or study thoughtfully (the use of a fake pretty girl profile). Now this does not make him any less of a mental case. Yet there is question on whether he himself came up with this or whether he was cautiously ‘coached’ by an outside source.

There is at present no way to tell, because even if no external evidence exist, until the origin of the firearm can be found, we all (me inclusive) will have a decent amount of speculations. So, I am not stating that George Brandis is wrong or incorrect. I am merely asking the questions that most have left untouched. The quote in the Telegraph (I know, not the best source to use) is “Police said the killings were not terrorist-related. They added that Sonboly was armed with an unlicensed Glock 9mm pistol and had 300 rounds of ammunition in his backpack“, the issue is regarding both the unlicensed Glock, where we do not wonder whether a Glock requires a license to exist, but the fact that the serial number could be traced back so quickly to an ‘unlicensed’ owner. In addition, the part of ‘300 rounds of ammunition’, so were these three boxes of 100? Six boxes of fifty? All issues, including the fact that ammunition outside of Canada and America tends to be a whole lot higher in price (I speak from experience here). In addition, German laws are stringent in this matter, so he would have needed to acquire/steal it somehow. There are more question marks rising now. These question marks are all linked to those proclaiming to have the facts, which makes it dangerous. In that regard, I am asking question, yet, am I asking the right questions? I feel that I am, because the actual answers might shine a more clear light on what allowed the events in Munich to happen. It still will not invalidate the views of George Brandis, yet questions need to be asked. When we know the following:

  • At almost 18:00 a shooting starts. Initially they think that there are three shooter (as there were three events), at the mall 300 rounds of ammo were found in a backpack.
  • At 20:30 gunman Ali Sonboly was found with a self-inflicted gunshot wound to the head. (the Guardian stated that he was found 21:30 local time, as well as the statement that a post-mortem examination would be needed to see if he died from officers’ gunfire).

Now we get statements as him being into violent video games, on how this is planned, with references to books. The Independent gives us “One book found was a German translation of Why Kids Kill: Inside the Minds of School Shooters, written by Peter Langman, an American psychologist. Mr De Maiziere said that Sonboly had researched a 2009 school shooting in Germany, as well as Breivik’s Utoya massacre“. I find it odd on how he went for such a specific book. Now we add another fact from the Guardian. ““It’s a little disturbing,” said Peter Langman, who was unaware that the Munich shooter had a copy of his book until the Guardian called him at his home in Pennsylvania on Saturday. “I don’t know quite what to make of it. I don’t know why he had it,” he said“, I share the concern of Peter Langman here. So less than a day after the event, the press seems to have all the facts, all the ‘goods’ of gossip, whilst a clear investigation takes longer. In addition, if there was a terrorist concern (which there was in the initial hours), the Press would not have gotten hold of anything ‘juicy’ and we would have seen at least one day of speculation.

The entire Munich event is calling for a lot more questions, question that have few answers. Now consider that the boy, obsessed with the extremist Anders Behring Breivik, on the day of the anniversary and he leaves his backpack with ammo behind? Now, we can argue on it and I am even willing to admit that under pressures our minds can go a little wonky, but with the essential need of ammunition leaving it behind seems a little too weird. In addition, we see the German website ‘the local (at http://www.thelocal.de/20160723/munich-attacker-was-shy-video-game-fan) state 16 hours after the event “Munich police chief Hubertus Andrae did acknowledge that Sonboly had extensively researched the theme of rampages and may have read about the lethal killing spree by white supremacist Anders Behring Breivik, saying there was an ‘obvious link’ between Breivik’s crimes and Friday’s shooting“. So, when this ‘conclusion’ is made after a mere 16 hours in public, how many hours were taken to investigate this? Was this one computer source? Several sources? Was Ali actually doing that research on his (or someone’s) computer?

When we consider the statements and the time line, I end up with a fair bunch of questions, questions that lead to even more question marks and no clear answers. So are we now being played or is this the German need to suss this quiet real fast? Let’s not forget that it could have been the solo act of Ali Sonboly, yet German security services do have an issue with escalations that involve refugees. It was only 4 days earlier that a 17 year old refugee started to play ‘me and my knife and axe‘ on a train in Wurzburg, also in Bavaria. So the police has every need to not see violence escalate, but at present what we are told and shown, I am not sure if the local population will accept the given as gospel truth. You see, the fact that both events are stated to not having any links to Islam extremism is not an issue, the fact becomes what pushed these two kids over the edge. There might not be a given answer to the first case as a knife and axe are readily available in nearly every hardware shop. A 9mm pistol with 300 rounds of ammunition is another issue entirely. As there are no links or clear indications where the gun came from and how he got his fingers on one. We become the people raising question marks whilst those who should be with answers are unable to provide any acceptable ones. This gives more and more weight to this issue being one with consequences.

It will take days before the dust settles and we have some chance of actually seeing the facts, yet the reality should sink in to many of my readers. There are iterations of cycled news, to some degree based on questionable data. Yet in this case it is less about the people and the fiction we see from the press, in this the press seems to be handed a less than sincere handshake from certain officials. Those officials have to push for agenda’s that make their live manageable, which is only partially fair enough.

The question we end with is: ‘Yet, was it good enough?’

I am not sure who has the answers, mainly because several of the released facts are too questionable.

Leave a comment

Filed under Media, Military, Politics

Tagged as , , , , , , , , , , , , ,

May 22, 2016 · 21:52

The tactical changes

Only 9 minutes ago, information reached me that takes a different turn to several events. On the 1st of May I wrote about the Homerun UKIP made (at https://lawlordtobe.com/2016/05/01/homerun-by-ukip/). In this I linked a video (containing extremely graphic executions), it was a presentation of sorts, and there were several ‘links’ that implied that ISIS was active in Germany. Now I see the following (at https://www.bellingcat.com/news/mena/2016/05/22/isis-had-a-social-media-campaign-so-we-tracked-them-all-down/), apart from the social media implication there are other implications too. The links to Munster, close to the Netherlands now give another scenario to consider. First of all, this could be a steeplechase, a red herring hunt. When you leave clues this open, with so many options to match images with the local population, the people involved are either massively stupid, or a little too clever. I have learned to always consider my enemies to be superior, so I will not make the mistake to consider them too stupid. There is of course a third side, this could be a hoax by anyone with Arabian language skills, the beginning of a steeple chase, to see if Americans/NATO people will take the bait.

One part that is a given is that in the past open source intelligence have (apart from verification) shown to have effective options. You see Americans (at times not the brightest collection of people) have worked from the ‘Americans only’ recruitment campaign, which makes perfect sense. Yet without local and language skills many details tend to go missing. Even as certain parties adjusted this view, there is a limit that hinders any intelligence investigation at times. In that same light we can see Bellingcat. It can be a great source for investigative journalists, that is, if they can successfully verify the intelligence obtained.

In an equal light, the information that I gave would require scrutiny too. Was German intentional for the locations, or is there another reason (like anti English reasoning). The other part was the language in the video. Their level of German was high, which leads to more questions, but are the questions relevant? That remains the issue.

So as I ponder the issues I saw, I also question the quote “However, these photographs revealed the exact locations of the ISIS supporters in their photographs, in some cases even exposing their home addresses. Numerous Twitter users crowdsourced the geolocation of these photographs throughout the day on Saturday, eventually pinpointing the locations of several photographs shared by ISIS supporters“, what if the trail is false? What if the locations lead to people, not pro ISIS, but the arrest that follow could turn family members more extreme, possibly even into the hands of ISIS?

It is a valid question, but for now, there is no way to see what is what, not on the information I currently have. Even when we see that some of the photographs seem to lead of Hoofddorp, a small town next to Amsterdam international and really close to Amsterdam, with plenty of possible targets. Yet, in equal measure, it could be a foxhunt whilst the fox remained intentionally absent. Without more clear intelligence there is no way for me to tell, but that does not mean that there is no way to find out.

There is one clear danger in all this, this is a move that UKIP can exploit. If ISIS sympathisers are this deep in France and the Netherlands, it will scare too many Brits into the Brexit field, no matter if Brexit is the best solution or not, moving to the Brexit field out of fear will never be the right reason or action for that matter.

 

Leave a comment

Filed under Media, Military

Tagged as , , , , , , , , , ,