Tag Archives: Chelsea Manning

Finger in a dike

We have all heard the story of the boy who stopped a flood by putting his finger in a dike; Robin Williams made a reference to it and women in comfortable shoes in the past (whatever that means). The story is known, the act sounds just too ridiculous, because any flood that can be stopped with a finger is one that will not amount to much flooding. Yet the story behind it is very different. You see, the story is about the dangerous Muskrats, who dig themselves boroughs in dikes. These boroughs have canals that can go for hundreds of feet and as the Muskrat population grows, the dikes and dams they are in could be damaged beyond normal repair and that is when the dangers start, because dikes are important in the Netherlands. A large part of it is vastly below sea level, meaning that such a loss could have impacted safe living in that place. Muskrats are also fierce fighters and feeders, meaning that as their population grows, the other animals become extinct. Even as that rat has a usual lifespan for a year, in that year it can reap damage that only people can match. So as we consider the damage a year brings, we need to now consider todays story in the Guardian (at https://www.theguardian.com/politics/2017/may/14/freedom-of-information-act-document-leaks-could-become-criminal), where we see: “criminalise passing on information discoverable under FOI requests“, so basically any news given, even when it can be obtained by an FOI request can become an issue that follows prosecution and even conviction? How is anyone allowed to pass this as law allowed in office, especially as he lives by the motto that was a Herman Brood hit (read: I’ll never be clever). There is a weighting here. I for one have spoken out against the non-accountability of the press. The one time they got scared (read: The Leveson enquiry), they started to scream foul and promise bettering themselves. A promise some of the press broke even before the ink of that promised dried. Yet there is in equal measure a need to keep the people correctly and decently informed. There is a need to get cybersecurity on a decent level and there is a need to hunt down hackers. In this places like Sony are feeling the brunt of hackers and until the authorities are willing to execute the parents (or children) of these hackers, depending of the age of the hacker in front of their eyes, they will not ever see the light and these issues will happen. In this, the entire whistle-blower thing is another hot potato and some politicians seem to think that the one will stop the other, which is even more delusional than my idea of executions to make a point. There is another side to all this that is linked. You see, in the military there is a strict need of secrecy. In that this Bradley Manning person is just a traitor who did not realise just how stupid he really was. The fact that he did not spend life in prison until death is another failing which has been covered by too many for too long and too often. Julian Assange is another matter. Basically he was a mere facilitator, we might seem to consider him a traitor but in the end he did not break any laws and the US knows this, they just have another need to address the ego of certain people. I see Snowden as a traitor, plain and simple. As we were misrepresented with a movie, a book and all kinds of stories, there is still the issue that things did not add up. The never did and never will. In this light a whistle-blower seems to be a very different needed person (I will get to that later).

The three names mentioned all have their own role to play in all this. In case of Manning, it is treason plain and simple, whomever got him off lightly did a stellar Law job, but in the end, he committed treason under war time conditions. Bloomberg (at https://www.bloomberg.com/view/articles/2013-08-02/bradley-manning-s-crime-is-smaller-than-treason) gives us the view of John Yoo, a legal expert, whose view I share: “His actions knowingly placed the lives of American soldiers, agents, and allies at grave risk. In the world of instant, world-wide communications and non-state terrorist groups, Manning committed the crime of aiding the enemy, and he is lucky to escape the death penalty“. As an operator, Manning had access to do his job and he abused the access he had endangering the lives of his ‘fellow’ soldiers. In this the less diplomatic view would be that he was more entitled to death by hanging than some of those executed at Nuremberg. So as we realise that Manning soon could have more rights than an optional member of the press is just a little too insane in my book. In all this, as we see that part in a little biased light, we need to realise that the press has a need to expose certain elements. Yet they too are biased and they are biased towards advertisers and stakeholders, which is why certain military documents are placed in a juicy sexy light, yet the issues of Microsoft, Sony and a few others that clearly food for thought for a generation of consumers seems to be misplaced. So how should we see the less responsible acts of the press in that light?

The second part is Snowden, again, as I see it a traitor, here the issue is severe on all sides, the Intelligence community failed miserably on several sides as one person has seemingly access to systems that should have been monitoring access on a few sides. I saw within two hours at least 3 issues for consideration of prosecution of certain heads of intelligence for mere gross negligence. The issues found with NSA contractor Harold Thomas Martin III just adds to the issues in Alphabet soup land. In this there would have been the need of a very different whistle blower, one that could have walked into the US supreme court stating that his nation is in serious danger giving evidence free from prosecution where an ‘uncle’ of the NSA walks into the office of Admiral Rogers (current director, not the director at that time) asking what the f**k he thinks he is doing on the farm. In a system that is about subterfuge and misdirection, those making errors are often chastised in unbalanced ways. As they are about deadlines and being flawless (which is a delusion all by itself) finding ways to clear issues, solve issues and give support in a place that is relying just a little too much on contractors is an essential need. In this the US is the most visible, but we can agree that the UK has its own demons, the most visible ones were in the 70’s, yet the cloud is now a dangerous place and in addition, I foresee that the near future will bring us more, because if a place like Sony cannot keep a lid on its data, do you actually believe that the cloud is secure? It is not, because some people were pushing too fast for a technology that has issues on several levels. As the cloud grows the customer is no longest charged per Gigabyte, but per Terabyte, so as the cost seems to be 0.1% of what was, they are all seeing the financial benefit and they are clearly ignoring the need to comprehends data sizes and what to put where. As the sales teams are giving nice presentations on security and no loss of data, they seem to be a little more silent on amount of data replicated somewhere else. Which in case of Intelligence is a bit of an issue under the best conditions. By the way that switch from GB to TB happened in the last 5 years alone, so this market is accelerated but in ways that seems to be a little too uncomfortable and I love tech and I embrace it whenever possible, so others should be a lot more mindful and worried than I am at present.

Last we get to Julian Assange, he is either loved or hated. I tried to remain in the balance of it as he basically broke no laws, but to shed the dirty laundry in the way he did was a little stupid. We read all the things on how certain stuff was removed and so on, but there is an issue. In all this we heard all the military stuff, yet when the mention and threats of bank presentations came, he went quiet and dark less than 48 hours later, so it seems that some issues are just not given to the people, especially certain facts that should have been brought out. Here we see another side of the whistle-blower. I get that certain events should not be allowed out, yet when I read: “We would expand the Freedom of Information act to stop ministers and departments from being able to block the publication of information they see as politically inconvenient“, which we get from Tom Brake, Liberal Democrat Foreign Affairs spokesperson. We see another part of the conversation, one that needs scrutiny on a few levels. The entire issue that a conviction is possible for releasing information that is readily available under the FOI is dodgy to say the least. There is a side in my that there should be a certain level of control on whistle-blowers, yet in that same light as we see too often that corporate whistle-blowers are refused the light of day by the press calls for questions marks on the earliest given Mondays of any week.

If the dike is to stop the people from drowning we need to make sure that the muskrat is stopped for various reasons, yet when that dike is also the road that facilitates for the shipment of toxic waste, we need to wonder what the basic need of that specific dike is. And that is before we see that the road facilitates for ‘Big Pharma’ to ship its medication, whilst the 1000’s of tonnes of pharmaceutical waste is left ignored, which is ignored by the media when Dr Who (read: World Health Organisation) is telling people that there is now a direct danger to newborns, with in India alone an estimated 56,000 deaths of newborns dying from resistant infections. So as we see very little of that in the news, what are those opposing the whistleblowing actions crying about? They themselves have become filters on what the people are allowed to learn about. Doesn’t that sound slightly too sanctimonious to you?

The issue that goes on is that these events are less and less an issue of rarity. The Times (at https://www.thetimes.co.uk/edition/news/600-tonnes-of-waste-dumped-under-road-dmttlzrkh), gives us, when you are subscripted, a view that “Up to 600 tonnes of household rubbish have been dumped under the A40 in Buckinghamshire, in one of Britain’s worst incidents of fly-tipping”, this is not some issue that is done with a simple truck, this took time and staff. This was deliberate and orchestrated. In this the whistle-blower would have been essential in dealing with such a crime, as it stands now, it made someone an easy £90,000 and the damage could end up being considerable larger and more expensive. It is anyone’s guess if the CPS will ever secure an arrest and conviction. So as we see the toxicity of the changes the UK and others could face. When we consider the final part “Thomas Hughes, the executive director of Article 19, said: “The Law Commission’s proposals would move the clock backwards, undoing improvements in the UK’s 1989 Official Secrets Acts, and setting a dangerous example of eroding freedom of expression protections, which may be copied by oppressive regimes globally”, we must ask what the devils own sugar did the Law Commission have in mind when these changes were proposed. By the way, the moment it gets adopted, there is every chance that any person with direct links to Wall Street will see other sides. This is what we get from the NY Post, “The Financial CHOICE Act 2.0, which passed the House Financial Services Committee last week, has provisions to keep corporate whistle-blowers involved in any wrongdoing from collecting awards. The act would also require the whistle-blower to try to stop violations from happening within their company — a stipulation that advocates fear would force employees to choose between being fired or not reporting anything at all”, we see this at http://nypost.com/2017/05/14/whistleblower-bill-sparks-fear-among-advocates/, so you tell me who this is all supposed to benefit. As I see it, we see a shift where those who have not are stronger and stronger segregated from those who have and those who continuously want to have. A mere adaption from the battle strategy segregation, isolation and assassination? Assassination needs not resolve in death, today we see how economic and financial death could at times be much worse than anything permanently offered, although the mothers in India might disagree on that. The question becomes where does the press truly stand, with informing the people or with the advertisers they rely on nowadays?

 

Leave a comment

Filed under Finance, IT, Law, Media, Military, Politics

Where are my lenses?

For a moment I was contemplating the Guardian article ‘National borders are becoming irrelevant, says John McDonnell‘, which could be seen as a load of labour by the Bollocks party, or is that a load of bollocks by the Labour party? Anyway, the article was so shaky that it did not deserve the paper to explain the load of bollocks in there. What is however an interesting article, is the article in the National Security section of the Washington Post. The article “‘Eyewash’: How the CIA deceives its own workforce about operations” is worthy of digging into for a few reasons (at https://www.washingtonpost.com/world/national-security/eyewash-how-the-cia-deceives-its-own-workforce-about-operations/2016/01/31/c00f5a78-c53d-11e5-9693-933a4d31bcc8_story.html).

Initially, the very first thought I had was regarding Lao Tsu, who gave us the quote: ‘Those who know do not speak. Those who speak do not know‘, which is a truth in all this.

Apart from the title, the first quote to look at is: “Senior CIA officials have for years intentionally deceived parts of the agency workforce by transmitting internal memos that contain false information about operations and sources overseas“, there are a number of issues here, but let’s focus on one thread for now.

You see the second quote “Agency veterans described the tactic as an infrequent but important security measure, a means of protecting vital secrets by inserting fake communications into routine cable traffic while using separate channels to convey accurate information to cleared recipients” is at the very core of this.

No matter how you slice and dice it, the CIA has had a number of issues since 2002. The first is that after two planes got the wrong end of a vertical runway, the game changed, suddenly there was a massive overhaul and suddenly it had to deal with the United States Department of Homeland Security. In 2002 the DHS combined 22 different federal departments and agencies into a unified, integrated cabinet agency. More important, the DHS was working within and outside of American borders.

Now, the blissfully ignorant (including a host of politicians) seemed to live with the notion that under one flag and united, these people would start playing nice. Now, apart from that being a shaped a joke of titanic proportions, hilarious and all, the reality is far from that. You see, both the FBI and the CIA (not to mention the NSA) suddenly had to worry about 240,000 people, 240,000 security screenings. What do you think was going to happen? The issue of ‘false information about operations and sources overseas‘ is not an issue until you try to exploit that information, which means that you are doing something ILLEGAL (to the extent of being worthy of a shot through the back of the head). ‘Eyewash’ is only one cog in a vast machine of smokescreens that counterintelligence has to see how certain tracks of misinformation makes it outside the walls of intelligent wailing. You must have heard the story of the Senator/Governor who has a ‘friend’ in the CIA, not all those ‘friends’ are working valid paths. The intelligence community is a closed one for a reason. There is a clear chain of command, which means that the CIA has a chain of command and if a Senator or a Governor wants information, there is a clear path that he/she walks, from that point a politician gets informed if that person is allowed or has a valid reason for knowing. If anyone needs to move outside that path, you better believe that it is for political or personal reasons!

Now we get the quote that matters “officials said there is no clear mechanism for labelling eyewash cables or distinguishing them from legitimate records being examined by the CIA’s inspector general, turned over to Congress or declassified for historians“, I am not sure that this is correct. The question becomes what paths and what changes were pushed through in the last 2 administrations? I am willing to contemplate that errors have popped up since the Bush Government, yet in all this the parties seem to forget that the DHS was a political solution pushed through by politicians within a year. I know at least three companies that seriously screwed up a reorganisation of no more than 1,500 people over the period of 2 years, so what did you think would happen when 240,000 people get pushed all over the place? In addition, when a massive chunk of the intelligence section went private to get an income that was 400% better than there previous income (same place, same job), additional issues became their own level of a problem within the DHS, CIA, FBI (and again the non-mentioned NSA).

There were all levels of iterative issues in DATAINT, SIGINT, IT and Tradecraft. Names like Bradley/Chelsea Manning and Edward Snowden might be the most visible ones, but I feel 99.99993422% certain (roughly), that there were more. Eyewash is one of the methods essential to keep others off balance and in the dark what actually was going on, because it was not their business or place to know this. This gets us to the following quotes “But a second set of instructions sent to a smaller circle of recipients told them to disregard the other message and that the mission could proceed” and ““The people in the outer levels who didn’t have insider access were being lied to,” said a U.S. official familiar with the report. “They were being intentionally deceived.”“, now consider this quote from another source “Having DOOMED SPIES, doing certain things openly for purposes of deception, and allowing our spies to know of them and report them to the enemy“, which comes from chapter 13 of Sun Tzu’s ‘The Art of War‘, a book that is almost 2,500 years old, and the tactic remains a valid one. Should you consider that to be hollow, than consider the little hiccup that the British Empire faced (I just love the old titles). Perhaps you remember the names:  Kim Philby, Donald Duart Maclean, Guy Burgess and Anthony Blunt. They made a massive mess of British Intelligence, it took them years to clean up the mess those four had left behind, now consider adding 245,000 names, for the most none of them had passed CIA and/or FBI clearances. So what options did the CIA have? In addition, as we saw more and more evidence of the events linking to Edward Snowden, additional questions on the clearing process should be asked in equal measure, which leads to: ‘What options did the CIA have?’

In that light, the quote “Federal law makes it a criminal offense when a government employee “conceals, covers up, falsifies or makes a false entry” in an official record. Legal experts said they knew of no special exemption for the CIA, nor any attempt to prosecute agency officials for alleged violations” becomes little more than a joke, for the mere reason that not making the intelligence community exempt from this would be a very dangerous issue indeed. You see, today the CIA has a larger issue than just small players like North Korea, it has to deal with business conglomerates all over the world and they have become close to sovereign financial entities in their own right. What happens when a Senator chooses to take a book filled with intelligence anecdotes, just because it is an American Corporation? What happens when he gets the multi-billion dollar deal and he only has to ‘sweeten’ the deal a little? This is entering a grey area that most regard to be a grey area no one wants to touch, but what if it is not a high ranking official? What if it is just a mid-level controller, or a mere IT member looking for a retirement fund? Suddenly, this scenario became a whole lot more realistic, didn’t it?

Eyewash is just one cog in a machine of cogs, it drives a certain amount of cogs of the machine and as certain levels of Intel makes it outside of the walls, counterintelligence has a path to trot on, the article only lightly (too lightly) treads on those elements (yet they are mentioned), but the overall issue of internal dangers that the CIA (et al) faces are almost trivialised, in addition, the entire issue of the DHS and the linked dangers of intelligence access remains untouched. That is perhaps the only issue the article has. Well, from my point it has a few more, like under valuating the need for counter intelligence and the fact that this tactic had been around for around 2,500 years, but let’s not squabble on minor details.

The only additional minor detail I would like to add is that in all this is the missing component of the chain of command towards the Director of National Intelligence (which at present is James Clapper), in opposition, there is no denying that there is an issue that the internal mechanisms for managing eyewash cables were largely informal, which is an issue, even if there would be a clear document, likely higher than Top Secret within the CIA on how to identify and/or classify eyewash cables. Which now only leaves us with the Eyewash cables by No Such Agency like the CIA, but that is something for another day.

 

Leave a comment

Filed under IT, Media, Military, Politics

Double standards, no resolve (part 2)

Part two is not about Greece or the Greeks, it is about what has been behind several parts for a long time now. Yet, the visibility of certain events is now forcing another large change to the surface. First let us look at the events as we see them in the Guardian (at http://www.theguardian.com/technology/2015/jan/25/wikileaks-google-staff-emails-us-government).

The title ‘WikiLeaks demands answers after Google hands staff emails to US government‘ calls for a few thoughts, but I think you should consider a few quotes and then reconsider how you feel. The first one is “Google revealed to WikiLeaks on Christmas Eve – a traditionally quiet news period – that it had responded to a Justice Department order to hand over a catch-all dragnet of digital data including all emails and IP addresses relating to the three staffers“. The second one is “Harrison, who also heads the Courage Foundation, told the Guardian she was distressed by the thought of government officials gaining access to her private emails” and then we get “The investigation followed WikiLeaks’ publication, initially in participation with international news organisations including the Guardian, of hundreds of thousands of US secrets that had been passed to the organisation by the army private Chelsea Manning“. So this was specific! Let us not forget that this person (Manning) should be regarded as guilty of treason! This is nothing less than an intelligence analyst going beyond rogue! Manning was a simple E-1 private with no comprehension of the complexity of wars, especially the war the US found itself in, a theatre that is hard to grasp for some of the brightest generals (you know these highly educated, passed their middle age point individuals with a few decades of military experience, in the US seen wearing stars on their shoulders). No, Manning decided on the safety of hundreds if not thousands of lives. In addition US diplomatic efforts were thrown out of the window, setting economic options back for up to a decade, if not longer.

So when we see the response by investigative editor Sarah Harrison “Knowing that the FBI read the words I wrote to console my mother over a death in the family makes me feel sick“, seems a little hollow. For one the FBI does not care about her mommy, two, what did you expect to happen when you access unauthorised data to the size, scope and extent as Manning had transmitted?

I think Harrison is overreacting, if we accept chapter 13 in the Art of war, both the spy and the receiver of information should have been put to death. Is it not a good thing that it was merely investigated by the FBI?

Yet, there is a side that many are ignoring; many do so in an unintentional way, mainly because it tends to not hit us in any way. For that we need to take a step back to Forbes 2013 (at http://www.forbes.com/sites/robertwood/2013/08/06/excuse-me-apple-google-starbucks-h-p-irs-wants-to-tax-stateless-income/), here we see the following parts: “U.S. companies are said to have more than $1.5 trillion sitting offshore. Most claim that they must keep the money there to avoid the taxes they would face by bringing it back to the U.S.“, “the money at stake is enormous. Plus, the companies involved have treasure troves of cash for many war chests. Big and protracted battles seem inevitable. Still, some big companies may be in for battles that are even larger than they think. They may even need to think different” and “The OECD plan claims that companies like Apple and Google avoid billions in taxes. The G20 is made up of 19 leading world economies plus the European Union. It too has voiced support for a fundamental reassessment of the rules on taxing multinationals“. These thoughts all sound nice, but there is an additional element to all this. You see, as I stated more than once, currency is slowly on the way out (loosely approached). The nations that are left with manageable debt are now slowly but surely diminishing to zero. Greece may be the first one, but at minus 18 trillion, the US is the clearest one to end up with nothing, especially as those large US firms have become stateless. You see, now we get to the good part, the new currency will be IP, but here is the kicker, most (including me) seemed to forget that IP is more than Patents and Trade Marks, it includes data! Now we get to the nice stuff, you see, Google adhered to a situation, Twitter and a few others did not, or at least in a delayed way, but the new currency will include massive amounts of data and many players are now catching on that data is at the core a stateless, virtual and duplicable currency. No matter how Sony called its hack attack, does it now look a little clearer that those having a copy of that data are preparing for more than just a data dump? This is what McKinsey & Company had to say in August 2014 “Indeed, the analytics performed by actuaries are critically important to an insurer’s continued existence and profitability“, as well as “While the impetus to invest in analytics has never been greater for insurance companies, the challenges of capturing business value should not be underestimated. Technology, as everyone knows, changes much faster than people. The key for insurers is to motivate their highly skilled experts to adopt the newest tools and use them with creativity, confidence, and consistency” and finally there is “The proliferation of third-party data sources is reducing insurers’ dependence on internal data. Digital “data exhaust” from social media and multimedia, smartphones, computers, and other consumer and industrial devices—used within privacy guidelines and assuring anonymity—has become a rich source for behavioural insights for insurance companies, as it has for virtually all businesses. Recently, the release of previously unavailable or inaccessible public-sector data has greatly expanded potential sources of third-party data“. Yes, it sounds nice that there is public-sector data, but the one part no mentioned is how the analytics is not driven by those, but ascertained through private-sector data fields. You see the data that Sony had on its employees and on the actions of 70 million customers is a lot more insightful when you link it to medical records. Consider how much profit a company gets if it could ascertain more precisely the risk 7 million of its own customers are. If the connection of medical (obesity) and the gamer data of one person results in a $12 per month surcharge, what happens when we see the US having an obesity rating of around 32%? Now we have 70 million accounts and their gaming behaviour. So if we do the following math 32% of 70 million (falsely assuming that they were all American gamers), then we now get the number of people confronted with a $144 a year additive. So in one swoop, this data set gives way to an additional $3.2 billion for insurance fees. Data is going to be that simply applied sooner than you think. With the cloud being forever virtual (as one would think), people forget that a personal space is linked to a real location (wherever that drive is), but what when the data set is beyond massively huge? What if it is spread over several locations? How do we think then? You see Stateless data is not a new concept, but until recently it was never a realistic concept. It is interesting how tax dodging makes engineers a lot more creative.

At the foundation of all this is not the Wikileaks part, that part just illuminates the nutty side of data. Consider the amounts you as the reader had shared in the last 72 hours via Facebook, LinkedIn, SnapChat, Instagram and such. You freely distributed that, you gave up your privacy rights for whatever you openly published. Now consider that whatever you shared got collected. Several people were on vacation (so someone knows that their house is empty and possible unguarded), some revealed that they were sick (health data) and some revealed other details like parties attended and such.

Now the empty house is the most direct one, but not the most important one. Consider the times you updated your status that you were at home with the flu, or something else. Under normal conditions you just had a sickie, or perhaps another way. Now consider that someone now automatically collects the times you were sick, how does that affect your premium? How will your health cycle be analysed if you are shown to have attended 15-30, or even 50-100 parties a year? How long until this shows as detrimental on your health chart? Weirdly enough not having that does not lower your premium, but there is every evidence that doing it will increase your premium.

Do you think that this is over the top?

Then see the following (at http://www.qbe.com.au/Personal/Home/Managing-Your-Risk/Insurance.html). Here we see “Importantly, reducing the likelihood of making a claim helps protect your No Claim Bonus, helping to keep the cost of your insurance premium down“, which has been a truth for a long time. Yet when we consider the mention ‘Don’t alert people you are going away (including on social networking sites)‘. How long until someone combines the two? At reputation.com we see the following “Life insurance companies are increasingly turning to the Internet to determine a potential customer’s risk“, so if you like extreme sports, you might pay for that passion in other ways too. In addition, the one most disturbing was “Donating to charitable causes is a noble gesture, but if you show too great an interest in any particular medical-focused cause, say breast cancer research or prostate cancer awareness, it might indicate to insurance companies that you’re at a higher risk for certain illnesses“, that gives a possible (implied, but not proven), connection that your social responsibility comes at an insurance price. Did you consider that? And this is not starting this year, or next year. Some of these events started no later than 2010.

This all was nothing but to pave the way for that what comes next. You see, there are several sides to Google and Facebook. They are all about bandwidth and several nations are now seeing that even though Facebook is too large, there is a clear path that data is currency, so how long until we see a growth of radicalisation through localisation? This is not radicalisation in the violent way, but in the opposite way. You should see radicalisation of data, attained by washing all the data markers in local server environments. You can’t wash all the markers, but you can make access to it a lot less available. This is the fear Google (possibly Facebook too) has had for some time. As these privacy acts, that data acts and data collection rights of the US grew in a need for compliance, people become falsely fearful of what is dangerous and what is not. The US government ascertaining whether you are a terrorist is not a danger. An insurance company upping your fees by $150 through collected data is a direct danger (to your cost of living). Now we see the link as it gets us to the first story that included Greece.

There will soon be a higher need for localised connected providers. Localised forms of Hushmail (www.hushmail.com), where the people get encrypted mail accounts that can be accessed online, through the web. How long until mobile users will select encrypted android apps, that do not connect to Google, but to local Hushmail providers. We still have the internet, but it will now go through national portals. The fact that Sony happened was only a matter of time. The fact that people now want that there data comes with actual privacy is a growing wave. The Wikileaks issue was the most visible and the most harmless one (for us citizens at least). The world is changing a lot faster than last year and many are now getting clued in that the things of value have not been guarded in the right way.

We will soon see new options on cheaper internet, cheaper mobiles and on package deals, this is what was skated around when this so called IP hearing was going on. Yet, when we look at an earlier statement by Mr Turnbull, in regards to IP, who said at the time. “It is very, very, very difficult if not impossible for someone that is just selling connectivity, just providing bandwidth to then be monitoring what people are doing“.

This is at the heart of the problem, they live of bandwidth, because bandwidth implies data, and the more used, the more data collected, which leads to the better their lives are. This is why they do not want monitoring. I am fairly certain that as their bandwidth falls away, as people move to localised solutions, which remain at the core local, these providers will ‘suddenly’ opt in a ‘possible’ solution. Only at the end of the tether will an industrial give in. Oddly enough, with fear of privacy and the dangers of insurance exploitation on the rise that tether will end up a sudden two inches shorter and now those providers will have to share that what they never had to share before.

Greece has changed the way they play the game; now perhaps we can change the game that is played and make a first monumental change for all!

2 Comments

Filed under Finance, IT, Law, Media, Military, Politics

Authentically Realistic

Whilst we see many sources talk about the need of blaming North Korea, we see an abundance of changes that are now not just changing the way we think, but these changes will also change the way we live and act. As we are soon to be lulled into more false sense of security, we must now content with the thought, what is real and what is not.

In IT these issues have existed on several layers for a long time, yet the overall lack of Common Cyber Sense has been absent for a massive amount of time. Bradley Edward Manning, now known as Chelsea Manning is only one of several parts of this puzzle. Wikileaks has added its own levels of damage and let us not forget the acts of Julian Assange and Edward Snowden. This is not on how things were done; it is about a lack of proper measures and controls. In the age of people screaming that they have a right to know, they will publish whatever they can for the need of ego and then scream on how the government is abusing their right to privacy.

These are all elements that link back to ‘Common Cyber Sense’.

CCS as I call it has in its foundations a few branches. The first is proper use and knowledge. Many still laugh and sneer at manuals and proper use of equipment, yet when other people started to ‘look’ through their webcams on laptops into their privacy, smiles disappeared quickly. We live in an age where everything is set around the fake image of comfort, it is fake because comfort at the expense of security is never comfort, it is just an added level of danger into your own life. At this point people forget that what is set into software, can usually be switched on and off at the leisure of a skilled ‘someone else’.

Buying what is cheap and what is right are worlds apart, that part is more and more a given fact. The bulk of people are lulled into ignoration when it comes to a simple easy tool that can be used everywhere, at which time they forget to ask ‘by everyone?’. Consider the HP laptop (one of many brands) has a build in webcam at the top of the screen, instead of relying on a software switch, these makers could have added a little slide that covers the lens, literally a low-tech solution making the lens see nothing, as far as I can tell, no one took that precaution for the safety and security of the consumer, is that not nice?

The second branch is access. If I got $.50 for every person that uses their name, ‘qwerty’ or ‘password’ or even ‘abc123’ for their login, I could buy a small Island like Hawaii or New Zealand, probably even both. Even though many websites and systems demand stronger passwords, there is always that bright person who uses the same password for every site. This is part of a larger problem, but let’s move on for now.

Third is the connection branch, places where we can ALWAYS connect! You think that not having passwords on your home Wi-Fi makes you safe? Wrong! You could add loads of problems on every device that connects to it by not properly setting things up. I wonder if those with an automotive router have considered the dangers of not setting it up properly and letting all the people they pass access to whatever is connected to it in the car.

The fourth branch is for the unknown. This might seem like a weird option, but consider how fast movable technology is growing, I am using ‘movable’ and not mobile, because this changing field includes phones, laptops, PDA’s, tablets and other not yet defined devices (like the apple watch, handheld game systems and consoles).

At the centre of all this is proper usage, but not just your hardware, it also includes your software, a fact many have remained oblivious to.

At this point, I will take a temporary sidestep and let you consider the following term ‘non-repudiation’.

Non-repudiation is about identity and authentication. Basically it states, ‘you and you alone‘ have sent this item (message, photo, financial transfer). In legal reasoning this will be the strong shift that will most likely hit many people in 2016 and onwards, it could hit you this year, but there are more than just a few issues with this situation for the immediate now. So when you lose your money and you state you were hacked, then you might soon have to prove it, which means that any evidence that you EVER gave your password or pin-code to a spouse, lover, boy/girl friend or sibling means that you nullified your rights. You get to pay for the consequences of THEIR acts at that point.

So when we see biometrics, we think fingerprint, we expect to be a lot safer. WRONG! Only last month did a group in Germany show how they recreated the finger print of the German Defence minister from simple digital photos, which means that this could have given them access to a whole collection of items, events and information they should not have gotten access to. So what to do? Well, that market is growing really fast. ‘Vein’ is the latest. It does not rely on fingerprint, but on the veins in a finger or hand, it is just as unique as a fingerprint, it is a 3d issue, making it even more secure and it requires an actual living hand. It also will lack the dangers of influence that a retinal scan has when a woman gets pregnant, or in case of a diabetes patient or alcohol levels. These all can shift retinal scans, with the added problem that this person stays outside the lock, becoming the valid person ‘no-more’. Yet, ‘Vein’ is still a new technology and not currently (or in the near future) available for movable devices, which gives us the issue on what devices are actually decently secure.

Let’s not forget, that even though this is not an immediate issue, the people will need to change their possible ‘lacking’ approach with more than just slow muffled interest, whilst they rely on the comfort of not having to comprehend the technology. That part is still not completely disregarded in several cases, the issue at Sony being likely the most visible one for some time to come. There is still a massive amount of actual intelligence missing. Most speculate, including me (yet I have been looking at these speculators and claimers of facts). Whilst Sony is visible, there are still unanswered issues regarding the NSA and how a place like that had the implied intrusion Edward Snowden claimed to have made.

Now let us take a step back to the four branches. I showed the webcam issue in the first branch, but the lack of consideration by the user is often a bigger problem. You see, many ‘lock’ their device, or just walk away and switch their screen off. Their computer remains connected and remains accessible to whoever is looking for a place to hack. I know that waiting 45 seconds is a bother at times, but learn to shut down your computer. A system that is switched off cannot get hacked, the same applies to your router (which actually has the added benefit of letting your adapter cool down, making the device last longer) and your overall electricity bill goes down too, all these benefits, all neglected for the fake comfort of accessing your social media the second you come home. Yet proper usage also includes software upgrades. Many do them, but more often than not, they tend to be made when the system reboots, when this is not done (or the software upgrades are not made) your system becomes increasingly at risk for intrusions of all kinds. Windows 7, which is a lot better than either Vista or Windows 8, still required 84 patches in 2014. With over half a dozen being either critical or important, you see why even in the best of times, under all conditions met, you still run some risk. And this is just Windows; in 2013 they had to fix 47 vulnerabilities regarding Outlook, explorer and the Windows kernel. There was a massive issue with remote execution, which means that your system was open to the outside without the need for a login (source: PCWorld). Now, to their defence, Windows and office are massive programs, but still, it seems that Microsoft (not just them) have taken a strong stride towards ‘comfort’ whilst ignoring ‘safety’ (to some extent).

Branch two is usually the biggest flaw. Even though many websites will require a decent level of strength (usage of small and capital letters, numbers and a special character), but that list is still way too small. The amount of people that I have met that use the lamest of simple words (like ‘abc123’) and these people cry the loudest when their money is gone. You see, it is easier to just hack your computer or device and use that system to order online via other means then it is to hack into your bank account. Yes, it is a bother (at times) to remember every password, yet in that regard you could be clever about it too. There is nothing stopping you from creating variations on a password whilst making sure it is a completely different one. I learned that someone had used her dictionary app to use a version of word of the day, she changed ‘adscititious’ into something like ‘Adsc1t!tious’. Good luck figuring that one out! (I had to look up the word in all honesty), the options become even more interesting if you speak additional languages. So, branch two is something that you the user largely control.

Branch three is actually the growing danger. It is not just when we connect, but when things connect automatically that becomes an issue (and where from). Insurance companies are more and more about your visibility, even though no official moves have been made, the day that junior uploads that catch of the day to his Facebook with dad in the background. That is the option for the members from the ‘institute of discrete entry and removal operations’ to help you with your old stuff (the missing items when you get home). The information you ‘give’ when you connect (especially on free Wi-Fi places), you see, when you connect to free Wi-Fi, more than one danger exists that others can connect to you, yes, you could learn that free Wi-Fi was the most expensive part of your vacation soon thereafter. It however moves more and more to your area of usage. As we get more connections and as we can connect from more places (like the automotive router), we will receive additional responsibilities in setting devices up properly for our safety and the safety of our children.

Now, to take a second sidestep. This is not about scaring you (a nice benefit for sure), some of these things can be prevented from point zero. Knowing what you switch off, switching off when not used are first easy and elemental steps. You see, a hacker looks for a place to get into, when your computer and router are switched off, the hacker will not spot these devices at all and move on. Hackers do not like to waste time, so when you use proper passwords, that same hacker will lose a lot of time getting access to your devices, time he could be having ‘fun’, so these two elements are already diminishing the chance of you getting transgressed upon. But in the end, there is another side. Makers of hardware and software need to become increasingly aware that their ‘toys’ have malicious usage. It was Geek.com that had the article ‘Yes, Xbox One Kinect can see you through your clothes‘ (at http://www.geek.com/games/yes-xbox-one-kinect-can-see-you-through-your-clothes-1576752/), which gives an interesting demo (without showing off anything indecent) how defined and articulate the scan system worked and it is a hackable solution, even there we see the mention that a lens cover would not have been a bad idea.

Yet we have digressed away from the heart of the matter. All these are linked, but the crown in the hardware is an increasing need for non-repudiation, showing that you and only you acted. A lack of this evidence could also go a long way in proving that you were innocent and that you were the victim. It is easy to claim that the makers are at fault and to some degree they are, but there is a growing need to have the right solution, and so far having any clean solution remains absent, whomever comes up with that could own the cornerstone of the global technology sector, an area that represents a massive amount of long term revenue.

 

Leave a comment

Filed under IT, Law

For our spies only!

It’s out in the open, apparently Australia will get its first feel of a ‘cold war’, which according to Attorney General Brandis, will be a lot worse, will it?

Let us take a look.

The first source is the Guardian (at http://www.theguardian.com/world/2014/sep/26/spy-agencies-to-get-stronger-powers-but-what-exactly-will-they-be), as I am all about a certain level of consistency, let us add a few quotes. “Crossbench senators and many stakeholders raised their concern that, in the absence of a clear definition of a computer network, a single warrant could be used to access a wide range of computers, given the internet is a network of networks” as well as the response to the greens who wanted to add a limit of 20. “Brandis said such an amendment “would impose an arbitrary, artificial and wholly unworkable limitation that would frustrate the ability of Asio to perform its statutory functions“.

These are both fair points, in regards to the sunset clause the response was “No. Brandis rejected a call to put a 10-year expiry date on the new law related to special intelligence operations, despite agreeing to similar sorts of sunset clauses in the yet-to-be-debated foreign fighters bill“.

And the fourth quote, which we need later on is ““Freedom is not a given,” the attorney general said. “A free society is not the usual experience of mankind. Freedom must be secured, and particularly at a time when those who would destroy our freedoms are active, blatant and among us”“.

So, this sounds fine and it all sounds viable, but what about the dangers here (are there even dangers)?

For those with some insight in law, here is the bill as it currently stands (at http://parlinfo.aph.gov.au/parlInfo/download/legislation/bills/s969_first-senate/toc_pdf/1417820.pdf), which for the most is an amendment to the Australian Security Intelligence Organisation Act 1979 (at http://www.comlaw.gov.au/series/c2004a02123).

Initially, it seemed that there was an issue on page 76, yet, when we look at the final product, the change makes perfect sense. The first change here is the approach to information; basically, we will not have a weaky leaky speaky person. So we will (hopefully) not have an issue with some person dreaming to be on team Manning, Snowden and Moronic. It was so nice of the NSA to get into ‘hot’ water, so that we can prevent it. However, not all is well; this is seen (at http://www.theguardian.com/world/video/2014/sep/26/internet-threat-existence-video). Whether it was just bad form, or over generalisation, Senator Glenn Lazarus stated “The internet is a serious threat because it can be used to orchestrate and undertake criminal behaviour across the world“. He then continues how ASIO and ASIS are there to increase security. It is this slight casual quote that seems to voice the dangers, as these powers are needed to combat security threats of several shapes. Yet the senator states “orchestrate and undertake criminal behaviour“, which is a lot broader then initially implied. This does not mean that this will be used as such, and quite honestly, if it stops shady financial advisors, then I am all fine with that, but it goes further than that as it was voiced (not stating the reality will be as such). Another part of the Guardian showed the ‘grilling’ of Attorney General Brandis by Senator Scott Ludlam, yet it seems that there the kettle is off the boil too. The Senator knew that Brandis would not answer or resort to speculation. He stated “I am not going to indulge Senator Ludlam by answering hypothetical cases or cases of historical interest“, which is fair enough. The Senator should know that, when he did a similar thing on October 4th 2013.

So where is the fire and is there a fire? You see, what is happening now, is what should have been done some time ago. I oppose Brendan Molloy from Pirate Bay (a fellow student), but his heart is in the right place (top right behind the rib cage, just like mine) and all these posters we see all over the place in regards to whatever, whenever, forever and prison. It is nice that we see all these posters on dangers and so on, yet some people seem to ignore the debilitating blows the US suffered at the hands of Manning and Snowden, not to mention Jullian Assange (which I will not go into at present). This will now change. At times those who don’t know speak those who know remain silent. It is when those who know speak out, that is when the casualties really go into many digits and Australia has its own brand of security issues. America has a little over 19,000 border miles on an area occupied by 320 million people. Australia seems larger, with a 22,000 border miles coastal line, yet overall Australia only has 22 million people, so with a population less than 10% we have to play the game another way. The security measures are one way, not the only way, but it will possibly stem several issues, which gives our intelligence branches a little more time to figure it out. Let us not forget that we have an intelligence structure and a form of Signal Intelligence, but if you think that they get a serious chunk of cash, then consider that the total Australian intelligence budget is a little under 1% of what America gets, and we get to look at a similar sized chunk of land to observe and a lot less people.

This got me to two issues that are now forming, yet the bill seems to not cover it as such. I am referring to the Telecommunications (Interception and access) Act 1979. Intelligence is essential, so is data collection and analyses. What happens when new solutions are needed? What happens when we face a change? The US had this when they needed more efficiency for the buck and a system called Palantir was used in the tests. Like Deployable Ground Station (DGS), the army ended up with a version known as DCGS-A. Now we get off to the races, the initially optional new system Palantir, its software was rated as easier to use (not unlike the analytical tool IBM Modeller), but did not have the flexibility and wide number of data sources of DCGS-A, which now gets us into hot water, or what the London Chef of Sketch might classify as: ‘from the frying pan into the fire’, these changes will also impact other systems and other people. In many cases the use of a NDA (Non-Disclosure Agreement) is used (or in many cases Positive Vetting). The entire mess (slight exaggeration), will take on new forms as we see how the changes might also have a flaw (as I see it), what happens when there is a sudden spike of collected data. Scripts, automation, production jobs and moreover the gathering, sifting and storing of data will soon take an entirely new dimension. The current intelligence framework is in my humble opinion not even close to ready for a growth in excess of 400% (800% is more realistic). You see, if we are to set up a path that gives us a possible trace of events, then we need several snapshots, now, they will not snapshot the entire nation, but the amount of data that needs to be stored so that the people who need to know can follow the trace will be a massive one. I for one, am absolutely not in the mood to allow a ‘3rd party’ (read IBM, Oracle and a few others) to set up shop, as that data could even end up in America. Even though I have no issue with my data, feel free to check my Diablo 3 save file guys! The issue is when a grey field allows other uses. For this I recall the article ‘NSA linked to corporate dangers?‘, which I wrote on September 22nd 2013 (Yes, a year ago!), where I quoted the NSA site (the open source unclassified part), “The Information Assurance Business Affairs Office (BAO) is the focal point for IA partnerships with industry. It also provides guidance to vendors and the NSA workforce in establishing IA business relationships and cultivates partnerships with commercial industry through demonstrations and technical exchanges“.

So when we see such an escalation, how long until we see an ‘evolution’ of our intelligence data to create a business space? Let’s be honest upfront, the NSA has a different charter and as such has a massive amount of additional tasks, yet in the current form, is such an evolution that far-fetched? How dishonest is the advantage when a firm like Telstra or iiNet gets their greedy little marketing claws on data so verbose that they can target 10%-20% more ‘efficient’? So we have 2 sides and as far as I see it an element that might need tweaking because of it (reference to the: Telecommunications (Interception and access) Act 1979). The entire Data mining issue is also on the table as I have not met an abundance of miners who have my levels of skill when it comes to massive data sets. When the pressure is on and they need to create a creative alternative to a missing values data set, the race will be pretty much over. Then what? Get external experts?

Now we go back to the initial fourth statement ““Freedom is not a given,” the attorney general said. “A free society is not the usual experience of mankind. Freedom must be secured, and particularly at a time when those who would destroy our freedoms are active, blatant and among us”“. I do not oppose the statement perse, yet in my view the statement is “Freedom is a given in Australia, to keep the Australian values, in a time and under conditions that were designed to remove the tranquillity of our lives, steps must be taken to safeguard the freedom we hold dear. As such we need to act according to new paths for the sole purpose of stopping these elements amongst us, who are driven to remove freedoms, we and all those who came here to enjoy our way of life“.

Freedom remains a given, we will just add a few new solutions to stop those intent on destroying our lives and our freedoms!

In the end, both the Attorney General and myself decided to make Pappas Bravas, he said potato, I said tomato, yet I remain at present cautious on who else is eating from our plate, without the balance of the whistle blower, that person might remain undetected, in that regard, I would have preferred that a clear location would be there to alert someone, even if it was a special appointed judge (who would be added in subsection “(4) The persons to whom information may be communicated under subsection (3) are the following:

Was that such a stretch?

 

Leave a comment

Filed under Law, Military, Politics