Tag Archives: Attorney General

False Bloated Information?

As we look at all kinds of news, trying to figure out what is going on, the Guardian gives us “An investigation by the FBI has concluded that Russian hackers were responsible for sending out fake messages from the Qatari government, sparking the Gulf’s biggest diplomatic crisis in decades“. It comes from ‘Russian hackers to blame for sparking Qatar crisis, FBI inquiry finds‘ (at https://www.theguardian.com/world/2017/jun/07/russian-hackers-qatar-crisis-fbi-inquiry-saudi-arabia-uae). It seems like the Russians are behind nearly everything. The issue I have here is that clear intelligence is not found, there is a lack of information giving correct information. You see, if that was the case, if there was a situation with ‘sending out fake messages from the Qatari government‘, there would be a battery of messages, showing those messages and with the clear statement on how they were spread. You see, hacking was not needed. When we see: “The UAE wants Qatar to sever its ties with Egypt’s Muslim Brotherhood, the Palestinian Islamist group Hamas, and Iran. It also wants news outlets seen to be critical of the Gulf monarchies, such as the Qatari-funded al-Jazeera, to be closed down. Hamas and Muslim Brotherhood leaders live in Doha, and Qatar has shown a willingness to retain diplomatic contacts with Iran, partly due to joint economic interests, including a large underwater gas field“, so as we see that the Muslim Brotherhood is in Qatar, that would be enough to make Egypt angry, the rest is just gravy. Is the term ‘An investigation by the FBI has concluded that Russian hackers were responsible’ is that a new way for the FBI to state that they are in the dark? #JustAsking

Now, is there a chance that hackers have been busy all over the place? That is probably true; it could even be true that some of these hackers have a Russian nationality. Yet the implied newscasts are all about ‘Russian hackers‘ with links to the Russian government, I am not denying that this could be a fact, but is it more likely that a Russian hacker is working for the FSB or for organised crime? Consider the ‘opportunity‘ certain shortages bring. Is it not interesting on how the lack of evidence, no matter who failed to produce it, seems to be accepted because it comes with an FBI stamp. How fake is our news? With CNN we see: “Because it was started based on fabricated news, being wedged and being inserted in our national news agency which was hacked and proved by the FBI.” So why not a clear communications on what actually was happening why is that not picked up by news everywhere? No, we get massive re-quotes from Reuters and other outlets and nobody bothered showing any evidence. Perhaps you remember this from the past, the need to show levels of guilt from those perpetrating the events. I believe that ‘confirmed by FBI‘ just does not hack it anymore. A weird situation, is it not? The issue that has been an issue for the longest time is “who have long objected to Qatar’s foreign policy“, there is a large following of that issue. I cannot confirm that the hack story is fake, but I think that the papers need to give a lot more evidence besides the two paragraphs before they go towards other issues like how many Saudi’s were in 9/11, or switch to the optional food shortages in Qatar. The news is as flaky as it can get on any story. The issue seems to be devoid of information, especially as the aftermath of the elections would have had plenty of options to dig into that small issue called ‘evidence‘.

So what do we make of all this, why did the FBI even bother planting the ‘a fake news‘ issue stamp on Qatar? In light of everything that is currently in play, perhaps the French news that just now brings us “fresh signs the world’s largest economy is not in peak condition“, an issue for a country that has a debt well over 20 trillion. So when President Trump claims that the US economy is tremendous, is that fake news or is that merely a typo from the autocomplete (read: terrible).

There are several questions we need to raise, the actions from the FBI (going all the way back to the Sony hack) is giving us a collection of issues that makes us wonder what is actually going on and who the real perpetrators are. When you Google for ‘Qatar Hackers‘ you get a massive group of people shouting for or against the fact that it is fake news, but none of them are showing any evidence. I am asking questions because we see no concrete evidence not from any side. There is in equal measure no report on news sites and news channels showing us the fake news, when it was published and what the actual Qatar position is. In 5 minute I came up with 3 possible solutions on how the world stage could have been defused, that whilst I know that there are plenty of people working in that industry those are more intelligent than I am. So what failures are happening and what are they trying to not tell the audience?

The entire issue takes another turn when we consider the news (at http://www.news.com.au/world/donald-trump-blasts-exfbi-director-james-comey-on-twitter-as-uk-media-report-he-has-cancelled-state-visit/news-story/70199076e7f849888efac550b4e06d49), where we see ‘Donald Trump blasts ex-FBI director James Comey on Twitter as UK media report he has cancelled state visit‘, in here we see: “Fellow Republicans are pressing President Donald Trump to come clean about whether he has tapes of private conversations with the former FBI director. And if he does, they want the President to hand them over to Congress or else possibly face a subpoena.” Now we see another side to it all, we see a situation where the US is having an internal issue growing and it is about to hit the world. My reasoning is not just the clarity that James Comey showed. The degrees he has, the fact that he is the former US deputy attorney general and that he has been on several board of directors, including Lockheed Martin and HSBC. This is not someone who plays some fast and loose game. He is no typo twitter user and the world pretty much realises this. The article does not go into the fact on the title, the ‘cancelled state visit’ is actually merely delayed, yet consider the importance that an ally like the UK is, what prevents the so called leader of the free world to bolster his defences in the White House? This is where the FBI seems to flaw and not intentionally. The events of the last 6 weeks give rise to an actual investigation of the White House and that is not something the FBI was ever equipped to do, in addition, there will be issues with the Secret Service as well. With the Huffington Post reporting that “Donald Trump, his daughter Ivanka Trump and her husband Jared Kushner all repeatedly sought financing for various investments in recent years from leading figures in Qatar“, we now have a new issue. The FBI is now on the pace and in the moment of having to investigate its own president in links to terrorism. The quote “President Trump on Friday characterized Qatar as “historically” a “funder of terrorism at a high level,” an accusation that came just an hour after his Secretary of State Rex Tillerson appealed for “no further escalation” in the Gulf Cooperation Council squabble“, so if Qatar is a strong partner in combating terrorist financing, how are we supposed to see the implied links as seen by the FBI? You see, even if we accept the words of Ambassador Dana Smith there is now a clear level of miscommunication between the ambassador, the state department, the White House, the Department of Justice and the Intelligence branches (CIA, NSA). So now we get the FBI having to sort out what is what and that is after someone in the White House thought it was a good idea to sack the previous director of the FBI, all this over a term of a mere 4 weeks. The question becomes ‘what is going on?‘ is not just the smallest issue in play. We could speculate that there are internal forces within Qatar who approach different parties, in this the President of the United States has been used as a cheap tool and his ability to typo twitter adds to the laughter of the US Democratic Party, whilst the FBI should be in tears and not in a good way. I wonder if any of these investigative agents ever signed up for this mess, an internal mess that is far above their own pay grade, and it is only Tuesday.

Fat Bloated Information gives rise to the events that are playing, part is due to FBI decisions on a level that I do not comprehend as I have been able to punch holes in several issues in mere minutes and there are a few people much more knowledgeable in cyber issues than I am and they concur on my findings through their own published findings long after I stated my views. Part of it is now finding the limelight as they have to go into rounds of analytical refurbishing of disseminated information (yes I can talk BS too with the use of a dictionary). So as we are getting more and more questionable news, the FBI now has to go over the news given by the White House and seeing what needs to be qualifies as actual news and quantify the damage made over the last 8 weeks. I wonder if the FBI will be able to comment on how much they never signed up for that part.

The final part is seen in a news article by Fox News, the article titled ‘Qatar taps former US attorney general to help ease regional crisis‘ (at http://www.foxnews.com/world/2017/06/12/qatar-taps-former-us-attorney-general-to-help-ease-regional-crisis.html) gives us the final side in all this. The quote “Qatar has paid $2.5 million to the law firm of a former attorney general under U.S. President George W. Bush to audit its efforts at stopping terrorism funding, a matter at the heart of the Gulf diplomatic crisis that erupted last week“, the issue is not that it is happening, the issue is how it is set in motion. You see, if this was about getting results, I would have gone to the UK firm 25 Bedford Row, who has expertise in this. Not only as its QC Paul Hynes is a true expert and one of the voices behind “International Money Laundering and Terrorist Financing – a UK perspective“, Sweet & Maxwell, 2009 Paul Hynes QC, Richard Furlong & Nathaniel Rudolf.

The list of cases as given by 25 Bedford Row (at http://www.25bedfordrow.com/site/expertise/criminal-barristers/terrorism/) shows us levels of expertise that the firm of John Ashcroft has not shown at present, even more outspoken, I am not sure if they have this level of expertise at all:

  • R -v- Ciarán Maxwell – The “Marine who turned to terror”
  • R -v- Anjem Choudary and Another – A case concerning encouraging support for IS
  • R -v- Mohammed Alamgir and Others – A Luton Al-Muhajiroun cell infiltrated in an undercover operation
  • R -v- Feroz Khan and Others – Prison disorder said to be a Lee Rigby copycat incident
  • R -v- Humzah Ali and Another – An IS Syrian traveller and terrorist material dissemination case
  • R -v- Yousaf Syed and Others – The “Poppy Day Plot”
  • R -v- Roshonara Choudhry – The attempted murder of Steven Timms MP
  • R -v- Muktar Ibrahim and Others – The 21/7 London Bombings
  • R -v- Abdul Saleem – The Danish Cartoon Protest Case
  • R -v- Kanyare & Others – The “Fake Sheikh” red mercury case
  • R -v- Samina Malik – The “Lyrical Terrorist”
  • R -v- Zakariya Ashiq – The “Walter Mitty Muslim”
  • R -v- Kamel Bourgass and Others – The ricin conspiracy
  • R -v- Ahmad Ali and Others – The liquid bomb transatlantic flight plot
  • R -v- Dhiren Barot and Others – The “Dirty Bomb” conspiracy
  • R -v- Omar Khyam and Others – The “Fertilizer Bomb” operation
  • R -v- Abdul Raheem and Others – A West Midlands network connected to Parvais Khan
  • R -v- Sulayman Zain-Ul-Abidin – The first UK Islamic terrorist prosecution
  • R -v- Abu Hamza – Incitement to murder and possession of terrorist material
  • R -v- Babar Ahmed – A terrorism based US extradition

And that is just a selection of cases to choose from. So when we consider the need of Qatar, and how they addressed it by going to John Ashcroft, a former Attorney General, a decently renowned one mind you; yet in all this, they are merely appeasing some American view, or are they trying to achieve something else? There is no way that the FBI will not have to take a deeper look at this, especially as there are already levels of miscommunication between the White House and the State department that require investigation. So, in all this, did Qatar truly act in the best interests of Qatar?

I will let you decide the issues in play, just consider that it took less than an hour to find more holes in all this and additional choices which from my personal point of view would have been much better from the start. So am I giving you ‘Fat Bloated Information’, or are the players using imaged projections of representation to make the waters a lot murkier than they were a mere two months ago. I am not the expert to give you the rulings on what is false and what is fake news, I am merely showing you levels of information that should be regarded as dubious and questionable, which is something the FBI is bound to look into. So if you think it is going to be a dull week, think again.

I am however not too sure if it will a nice week for some.



Leave a comment

Filed under IT, Law, Media, Military, Politics

The line of privacy

I have a decent grasp on privacy. I tend to give it to others as much as possible, moreover as I on average do not really care about their private lives. This sounds harsh, but consider the facts. When the person isn’t family, or directly connected to you, how much do you actually care? Some people do care to know everything, but that is another matter entirely. So when ZDNET and a few others published ‘61 agencies after warrantless access to Australian telecommunications metadata‘, I was initially in that mood of, ‘oh yea, whatever!’ You see, when I see names like ‘Australian Financial Security Authority’, I reckon financial planners will get jumpy, but is that about possible ‘dubious’ choices, or their need for privacy? You see, one implies the element of a transgression, as such it becomes debatable whether those actions are to be lauded with non-access.

With a player like Clean Energy Regulator we see an industrial access need, and I very much doubt whether they are interested in individuals. But what happens when we see that groups like Bankstown City Council, Racing Queensland, Office of the Racing Integrity Commissioner (VIC) and the National Measurement Institute, I start having questions (especially regarding levels of sanity).

Let’s consider the access: “warrantless access two years’ worth of customers’ call records, location information, IP addresses, billing information, and other data stored by Telco’s“.

Now, I will be the last one to questions access by ‘valid’ organisations and even looking that the ‘alphabetical’ list the locations of the redacted names does not seem to include ASIO and ASIS, who have a clear need for that access, but can anyone explain why Bankstown City Council needs that access? In that same line we can add both Racing Queensland and the Office of the Racing Integrity Commissioner (VIC). If there is an investigation, it should go via the police of the correct channels. I see zero, I say again, zero reason to give those three access. Before we know it, we see Waverly City Council and perhaps even Chatswood City Council. How long then until all that data becomes available ‘for a special price’?

There are a few others on that list that require scrutiny. Do you really think that industrial transgressors wanted by the Department of the Environment will use their own phones? How much wasted man-years will we face as those untrained individuals try to make sense of 23,644 burner phones, which is just Sydney. In all this it seems to me that those requiring access will after that have an issue with processing data, which means more software, more failed levels of security and even more data transgressions. This must be the heaven that Rupert Murdoch dreams of. Data all accessible behind a server guarded with the admin password ‘qwerty’ or perhaps even ‘password’.

Yes, there is a massive issue here and the magazines including ZDNET (at http://www.zdnet.com/article/61-agencies-after-warrantless-access-to-australian-telecommunications-metadata/) mention the names (minus the redacted ones), we see the additional quote “Of the agencies and departments given access to existing information or documents to enforce a criminal law over the 12-month period, and not included on either list released by AGD, or known to be an enforcement agency already“, we now see names like RSPCA Tasmania and The Hills Shire Council, when we look at one of the websites (http://www.rspcatas.org.au/ for example).

We see in the about section: “The RSPCA (The Royal Society for the Prevention of Cruelty to Animals) is the voice for the animals of Australia. We defend their dignity and fight to stop cruelty. We offer shelter, education, medical attention and love. We are animal protectors, carers and guardians. We bring solace to abandoned, surrendered and injured. We prosecute those who would harm them. And we fight for the humane treatment of all living things. Our job does not stop at animals. We believe behind every animal is a human being who is in need of guidance, encouragement and help“, which is a nice fluffy and caring text. Nothing wrong there. So explain to me, how a place like that has a decent level of cyber security, with in their office pool an IT person with CCSP certification or higher and a few other skills. You see, when these skills are absent your data will be up for grabs. Perhaps that is outsourced, meaning that additional people have access to all that data, have those places been properly vetted? So on an island of 515,000 we see this level of personal data access requirements? My initial follow up questions would than become, of all those funds required from the donations, how much ends up going to animals?

In the case of the Hills Shire Council we can have a lot more fun, their community profile (at http://profile.id.com.au/the-hills/population) gives us “The Census population of The Hills Shire in 2011 was 169,873, living in 57,205 dwellings“, why for the love of whatever is holy (or named Cthulhu) would THEY need that level of access to data?

In my view we should start asking a few questions regarding the mental health of whomever gave that level of access. I am guessing that this was Attorney General, George Brandis, which basically gets confirmed in the Guardian Article (at http://www.theguardian.com/world/2016/jan/18/dozens-of-agencies-want-warrantless-access-to-australians-metadata-again). As we see the quote “the government narrowed the definition of an “enforcement agency” that was eligible to access telecommunications data to a shortlist of law enforcement agencies, including the Australian federal police and state and territory police forces“, my initial thought was ‘that makes perfect sense’, yet in that light, how the flipping Divine Comedies did RSPCA Tasmania make that list?

The Guardian in light of all this ends with a comical quote “This method was taken to allow the Australian Border Force to gain access to telecommunications data without needing to gain approval from the Attorney General’s Department or the intelligence committee“, which is interesting as this implies that the Australian Border Force has less access than RSPCA Tasmania, which would make perfect sense if you are a golden retriever.

So apart of the access and the lack of insight here, has anyone considered how that data is to be read, analysed and processed? In addition, when we consider the access level of applications, the support and very likely (read: extremely likely) the levels of consultancy needed, what else is missing what will this cost the taxpayers in the end? I can tell you now that such solutions are not cheap, not easily implemented and did I mention the security needed for keeping that data safe? Even if this all goes through clouds and remote access, how long until a volunteer looking after cats will leave that password accidently out in the open, or even worse leave that system logged in and unattended?

As stated, I would never object to the actual law-enforcement agencies to get that access, but it seems to me that too large a group on that list is nowhere near that level and even (read: especially) when we consider groups like Greyhound Racing Victoria, why are they not going through police channels?

I see both articles and no one seems to be asking the questions that need to be asked. Questions that had to be asked extremely loud and very nearby after a mere 30 seconds of reading those articles. By the way, when reading the ZDNET article, it is the article that follows that is cause for even more questions.

One of the quotes is ‘the Many Layers and Tools of Digital Collaboration Today‘, which is nice when it is a mere graph of generic data. In that we might not care, but in the issue of ‘call records, location information, IP addresses, billing information, and other data stored by Telco’s‘, which includes all your personal data. Consider the following quotes “employees and departments are helping themselves to the tools they believe they really need. At the same time, companies are steadily dealing with what is now too many categories of communication and collaboration software to adequately manage and govern, much less individual apps” and “The issue itself is perhaps best demonstrated by the rapid rise of Slack, the current darling of team chat and wildly popular with its users. In many of my recent conversations with IT managers, I find that Slack is invading the workplace on many fronts, regardless whether it’s sanctioned or not” and finally “The top categories of apps today include VOIP, Web conferencing, e-mail, unified communications, IM/chat, file shares, file sync, CMS/DMS, intranets, discussion forums, enterprise social networks, relationship management platforms (including customer-facing CRM), and last but not least, online community“.

Now remember, the second article (on the same page) is not connected to the first, but consider the cloud and the explosive growth of so called ‘tool apps’ and the utter lack of in-depth security and access checking, how many back doors are organisations creating through such tools, with access to your data? Weirdly, I would never hold a bad thought for a volunteer organisations like the RSPCA, which is exactly why they should have never ever been given access to data like that. For the mere reason that cyber security cannot viably be maintained.

Whomever boasts on the security of places like Slack is in my view decently nuts. When we see interested players like Accel, Andreessen Horowitz, Index Ventures, KPCB, Spark, and Social+Capital, the first thing we will see fail is a pressure to release a new version and there will be the need of security patches (which is a reality), this also means that data would have been unprotected. The mere intense need for Common Cyber Sense is that boss who wants that new version, because the presentation looks cooler. Even when we ignore the issue of Slack, we still see an exponential growing app base, with access all over the place, which means danger to the data. Even when remotely accessed, even if that connection is secure, too many places get access to data they should not have access to.

When we hear people state that servers have access limitations and more of the mumbling, here is a simple word of caution, something I personally witnessed. There was a financial software program. It was a good and legitimate program. The small issue was that when the program accidently crashed, that person remained on the data server with rights of an administrator. It took them 2 weeks to figure out it was happening and another 3 weeks to repair their system. Consider something like that happening today and with the ‘upgrades’ Microsoft requires on a too regular a basis, can we even risk this level of access to the expanded group that has too limited a grasp (as I see it) on what constitutes Common Cyber Sense?

I wonder how long until we get a carefully phrased apology from certain high ranking IT elements, who will offer their resignation and walk away with a 7 figure handshake.




Leave a comment

Filed under Finance, IT, Law, Media, Politics