Tag Archives: Common Cyber Sense

October 19, 2023 · 00:07

X to the power of sneaky

I was honestly a little surprised this morning when I saw the news pass by. The BBC (at https://www.bbc.co.uk/news/technology-67137773) gives us ‘Twitter glitch allows CIA informant channel to be hijacked’. To be honest, I have no idea why they would take this road, but part of me gets it. Perhaps in the stream of all those messages, a few messages might never be noticed. The best way to hide a needly is to drop it in a haystack. Yet the article gives us “But Kevin McSheehan was able to redirect potential CIA contacts to his own Telegram channel” giving us a very different setting to the next course of a meal they cannot afford. So when we are given “At some point after 27 September, the CIA had added to its X profile page a link – https://t.me/securelycontactingcia – to its Telegram channel containing information about contacting the organisation on the dark net and through other secretive means”, most of us will overlook the very setting that we see here and it took me hours to trip over myself and take a walk on the previous street to reconsider this. So when we are given “a flaw in how X displays some links meant the full web address had been truncated to https://t.me/securelycont – an unused Telegram username” the danger becomes a lot more visible. And my first thought was that a civilian named McSheehan saw this and the NSA did not? How come the NSA missed this? I think that checking its own intelligence systems is a number one is stopping foreign powers to succeed there and that was either not done, or the failing is a lot bigger then just Twitter. So even as the article ends with “The CIA did not reply to a BBC News request for comment – but within an hour of the request, the mistake had been corrected” we should see the beginning not the end of something. So, it was a set of bungles that starts with the CIA IT department, that goes straight into the NSA servers, Defence Cyber command and optionally the FBI cyber routines as well. You see, the origin I grasp at is “Installation of your defences against enemy retaliation” and it is not new, It goes back to Julius Caesar around 52BC (yes, more then two millennia ago). If I remember it correctly he wrote about it in Commentarii de Bello Gallico. Make sure your defences are secure before you lash out is a more up to date setting and here American intelligence seemingly failed. 

Now, we get it mistakes will be made, that happens. But for the IT department of several intelligence departments to miss it and for a civilian in Maine to pick it up is a bit drastic an error and that needs to be said. This is not some Common Cyber Sense setting, this is a simple mistake, one that any joker could make, I get that. My issue is that the larger collection of intelligence departments missed it too and now we have a new clambake. 

Yes, the CIA can spin this however they want, but the quote “within an hour of the request, the mistake had been corrected” implies that they had not seen this and optionally have made marked targets of whomever has linked their allegiance to the CIA. That is not a good thing and it is a setting where (according to Sun Tzu) dead spies are created. Yet they are now no longer in service of America, but they are optionally in service of the enemies of the USA and I cannot recall a setting where that ever was a good thing. You see, there was a stage that resembles this. In 942 the Germans instigated Englandspiel. A setting where “the Abwehr (German military intelligence) from 1942 to 1944 during World War II. German forces captured Allied resistance agents operating in the Netherlands and used the agents’ codes to dupe the United Kingdom’s clandestine organisation, the Special Operations Executive (SOE), into continuing to infiltrate agents, weapons, and supplies into the Netherlands. The Germans captured nearly all the agents and weapons sent by the United Kingdom” For two years the Germans had the upper hand, for two years the SOE got the short end of that stick and this might not be the same, but there is a setting where this could end up being the same and I cannot see that being a good thing for anyone (except the enemies of America). Now, I will not speculate on the possible damage and I cannot speculate on the danger optional new informants face or the value of their intelligence. Yet at this point I think that America needs to take a hard look at the setting that they played debutante too. I get it, it is not clear water, with any intelligence operation it never is. Yet having a long conversation with the other cyber units is not the worst idea to have. You see, there is a chance someone copied the CIA idea and did EXACTLY the same thing somewhere else. As such how much danger is the intelligence apparatus in? Come to think of it, if Palantir systems monitor certain server actions, how did they miss it too? This is not an accusation, it is not up to Palantir to patrol the CIA, but these systems are used to monitor social media and no one picked up on this?

Just a thought to have on the middle of this week.

Leave a comment

Filed under IT, Military

Tagged as , , , , , , , , , , , , , , , ,

September 19, 2023 · 03:04

The joy of a sleepless night

It all started a few hours ago. The neanderthal hate mail came in regards to the previous article. I was delusional, this never happens. If you receive hate mail, you probably have heard it before. I do not care, but I think it is nice to tell their mommies just how stupid Junior is, as such here goes.

The military have been stupid, very stupid. We see this shown Reuters (the New York Times is behind a paywall). The story (at https://www.reuters.com/world/us/man-suspected-leaking-secret-us-documents-appear-court-2023-04-14/) gives us ‘Airman suspected of leaking secret US documents hit with federal charges’ where we see “Jack Douglas Teixeira of North Dighton, Massachusetts, the U.S. Air National Guard accused of leaking top secret military intelligence records online was charged on Friday with unlawfully copying and transmitting classified material.” In addition to this, The BC gives more, gives links to gamers and a service named Discord, which has 150,000,000 active users. As such the military link is proven. What is unknown is what other stupid things he has been doing. For that we need to await the full investigation of the FBI. Although it is increasingly likely that the NSA will wield the national security flag. I would totally get that. 

Then the second setting the gaming part. For that we go to Kaspersky. They give us (at https://usa.kaspersky.com/resource-center/threats/coronavirus-gaming-scams) a rather nasty part with warnings. The important ones are:

  1. Only use official websites for any purchases related to the game.
  2. Use a strong password for the game login.
  3. Never click on any links asking you to reconfirm your password.

There is a lot more, but if a gamer (especially one in the military) has ignored 2 of these, the damage is likely done. There will be one stupid person in any airbase (the US does not get to be that lucky) as such there are phishing and data capturing dangers in most of the 59 of them. The Army has over 300 of them. You still think I was kidding? As I see it Teixeira is merely the tip of that iceberg. I have no idea what the danger is with the Marines, but it is likely very low, not as low as the navy, but it is still better than the other two. That is the realistic danger that the US faces and if Russians were watching Discord the US has a massive problem. You see, it is not only what the US (or NATO) knew, it is what they didn’t know that will become the achilles heel. That is two of the settings right out here in the open and the Teixeira might seem new, but the New York Times implied that this had been going on for a lot longer, as such the damage is real. 

As far as I am concerned when Teixeira is thrown in prison, they can cover the door with concrete and forget about him. The idea to put classified materials online to look cool is even more stupid to fall for a Russian 17 year old honey trap. With the honey trap we get it, hormones take over, but to look cool? I am at a loss what that man ever did in a uniform and even less why it took so long to find the link. 

But it wasn’t merely about the person Teixeira, it was about the setting for a movie or TV episode. You see, phishing has been going on for decades and the lack of Common Cyber Sense (especially in the military) was covered by me over the last few years. I have articles that go back to at least April 2022. So this is more than a loaded canon, this is the making of more (in what direction remains open and not discussed). It has all the makings of the nightmare scenario. You see you want your data to be safe whilst not using a password, or perhaps one of the routers at the pentagon which had been implied (by an anonymous source) to have been Cisco123 for the longest of times. So how is that security going? It is a sliding scale from non existent to a revolving door for anyone that wanted to read some. It might be my point of view, but the released facts seem to fit the profiles I set.

In addition, for some weird reason, I seem to dream up all kinds of advertisements. One was for AA, where I used the phrase (with a nice animated bottle) “It is fine to have a drink. Make sure the drink does not consume you” I also got a girl to pose partially undressed, dancing is a slutty outfit, in a hospital bed and one more. You do not see her ‘details’ as I used a very interesting way to filter the view. The bottle has a label “Cemetery premium 45%”

The second add was about healthcare, I will spare you the details, they are not important. The weird part is that my mind designed both of them in mere minutes. I still need some things (like software) to get it done, but it is a weird setting. Especially as I never had any real intent to go into filming. Ah well, another mess to overlook I reckon.

And how do these two relate? They do not, but consider all the gaming ads you see on mobiles and tablets. Do you know the sources? Do you know what is collected? You see the FBI gives us that in 2022 $10,300,000,000 was lost due to scams and I reckon that number is low. Too many are ashamed to admit that they have been made the fool. As such all elements I mentioned yesterday were covered and anyone who had read up on the subject would know this. 

So enjoy Monday and consider how safe your data and details are. 

Leave a comment

Filed under Finance, IT, Media, Military, Science

Tagged as , , , , , , , , , , , , , ,

May 20, 2023 · 10:22

Traitor’s Gateway

There is a gate through which traitors pass, it weirdly looks like the one in the Tower of London. It does not offer boating service. The traitors walk through the slime and the muck with their bare feet. This gateway is not in London, it is the entrance of the ninth level of hell, a place reserved for traitors. A gate reserved for people like Jack Teixeira, and he is most welcome to that entrance. Lucifer Morningstar has confirmed his reservation. He stated to me that the demons in that level had been doing too little. Too many demons, not enough traitors. So Jack will be getting the undivided attention of dozens of demons for millennia to come and as a second here equals a year there, eternity becomes a whole new context. And it seems that there is place for more if we can believe the CNN article (at https://www.cnn.com/2023/05/19/politics/jack-teixeira-leak-intelligence-unit-warnings/index.html). There we read ‘Defense personnel alarmed after memos reveal Air Force leadership warned about accused Pentagon leaker but let him continue working’, so what was that again about the devils playground? Especially when I saw “Air Force leadership repeatedly warned Airman 1st Class Jack Teixeira about inappropriately accessing classified intelligence have left former and current defense personnel baffled at how he retained his security clearance and was able to continue sharing classified information for months.” I would not say that they are baffled. This level of inaction is just staggering. Some people in this day and age were not willing to put in the paperwork, some were hindered by indecision (a failing many managers tend to have) and then there is “had received a direct order from his superiors to stop taking notes on intelligence, which they found he was ignoring just a month later”. So if I read this right. We see all the huff and puff against Huawei and now TikTok and you keep a clown like that around? Give me a break, China doesn’t need to create elaborate intelligence gathering loopholes (if there are any, no evidence was ever presented.), China can just softly push an intelligence gamer and he will spout whatever they need. ‘Do you want the US invasion plans for Russia?’ Just mention ‘You could never invade Russia’ during a game of Fortnite and some clown will produce the PDF file with (if we may believe the CNN text) personal annotations and notes from the traitor themselves. That US service is just amazing. An Airman with intelligence clearings can deliver faster than an F-35 with overburner heat, hopefully only in America. 

The text also gives us ““This is negligence on the part of the chain of command,” said Jason Kikta, a former Marine Corps Officer and former member of US Cyber Command. “They had a clear pattern of behaviour,” adding he “should have been cut off at the second incident.”” You see, a clear answer and a straight directive, as one would expect from Marines (Airforce please take notes here). A simple application of Common Cyber Sense, like the Marines haircut, just cut it all off! Yes, that is how I believe it should be and what baffles me is how inactive the Airforce has become. You see, Common Cyber Sense is nothing new, it has been around 15 years. The repetition of warnings is nothing new either. All hetero sexual man wanted to look up the dress uniform of a youthful well shaped female Airman. I know it is wrong, but we were all 17 once and don’t we love admiring those forbidden fruits. This happens, it is wrong but it happens. Yet to push defence papers onto the gaming internet is a whole new level of wrong (stupid too) and inactions here that catered to it is setting the question. How much of an overhaul does the classification system need? Not merely that it happened once, but that a repeat offender was able to do it for so long requires a classification overhaul up to the highest rank in that location (and optionally other location to). Although the information at the end “Virginia Democratic Sen. Mark Warner, chairman of the Senate Intelligence Committee, told CNN on Thursday that the new information was “deeply troubling.”” I would say to Mark Warner that ‘Deeply Troubling’ was some time ago and when we see Senators up in arms on TikTok and Huawei issues, all ignoring Cisco matters and calling this ‘deeply troubling’ is making me howl with laughter. And with the added “A memo from September 2022 says Teixeira was “observed taking notes on classified intelligence information” in the unit’s sensitive compartmented information facility, or SCIF, and putting “the note into his pocket.” He was instructed “to no longer take notes in any form on classified intelligence information””. So not only was he doing this for a long time, there is no way to tell how long BEFORE September 2022 this was going on, because I feel fairly certain that he got away with it for some time before someone noticed.

So don’t feel sorely, traitors will brighten your Fortnite day when needed, enjoy your gaming weekend.

Leave a comment

Filed under Law, Media, Military, Politics

Tagged as , , , , , , , , , , ,

April 15, 2023 · 23:59

Happy Hour from Hacking Hooters

Yes, that is the setting today, especially after I saw some news that made me giggle to the Nth degree. Now, lets be clear and upfront about this. Even as I am using published facts, this piece is massively speculative and uses humour to make fn of certain speculative options. If you as an IT person cannot see that, the recruitment line of Uber is taking resume’s. So here goes.

I got news from BAE Systems (at https://www.baesystems.com/en/article/bae-systems-and-microsoft-join-forces-to-equip-defence-programmes-with-innovative-cloud-technology) where we see ‘BAE Systems and Microsoft join forces to equip defence programmes with innovative cloud technology’ which made me laugh into a state of black out. You see, the text “BAE Systems and Microsoft have signed a strategic agreement aiming to support faster and easier development, deployment and management of digital defence capabilities in an increasingly data centric world. The collaboration brings together BAE Systems’ knowledge of building complex digital systems for militaries and governments with Microsoft’s approach to developing applications using its Azure Cloud platform” wasn’t much help. To see this we need to take a few sidesteps.

Step one
This is seen in the article (at https://thehackernews.com/2023/01/microsoft-azure-services-flaws-couldve.html) where we are given ‘Microsoft Azure Services Flaws Could’ve Exposed Cloud Resources to Unauthorised Access’ and this is not the first mention of unauthorised access, there have been a few. So when we see “Two of the vulnerabilities affecting Azure Functions and Azure Digital Twins could be abused without requiring any authentication, enabling a threat actor to seize control of a server without even having an Azure account in the first place” and yes, I acknowledge the added “The security issues, which were discovered by Orca between October 8, 2022 and December 2, 2022 in Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digital Twins, have since been addressed by Microsoft.” Yet the important part is that there is no mention of how long this flaw was ‘available’ in the first place. And the reader is also give “To mitigate such threats, organisations are recommended to validate all input, ensure that servers are configured to only allow necessary inbound and outbound traffic, avoid misconfigurations, and adhere to the principle of least privilege (PoLP).” In my personal belief having this all connected to an organisation (Defence department) where the application of Common Cyber Sense is a joke, making them connected to validate all input is like asking a barber to count the hairs he (or she) is cutting. Good luck with that idea.

Step two
This is a slightly speculative sidestep. There are all kinds of Microsoft users (valid ones) and the article (at https://www.theverge.com/2023/3/30/23661426/microsoft-azure-bing-office365-security-exploit-search-results) gives us ‘Huge Microsoft exploit allowed users to manipulate Bing search results and access Outlook email accounts’ where we also see “Researchers discovered a vulnerability in Microsoft’s Azure platform that allowed users to access private data from Office 365 applications like Outlook, Teams, and OneDrive” it is a sidestep, but it allows people to specifically target (phishing) members of a team, this in a never ending age of people being worked too hard, will imply that someone will click too quickly and that in the phishing industry has never worked well, so whilst the victim cries loudly ‘I am a codfish’ the hacker can leisurely walk all over the place.

Sidestep three

This is not an article, it is the heralded claim that Microsoft is implementing ChatGPT on nearly every level. 

So here comes the entertainment!

To the Ministry of State Security
attn: Chen Yixin
Xiyuan, Haidan, Beijing

Dear Sir,

I need to inform you on a weakness in the BAE systems that is of such laughingly large dimension that it is a Human Rights violation not to make mention of this. BAE systems is placing its trust in Microsoft and its Azure cloud that should have you blue with laughter in the next 5 minutes. The place that created moments of greatness with the Tornado GR4, rear fuselage to Lockheed Martin for the F-35, Eurofighter Typhoon, the Astute-class submarine, and the Queen Elizabeth-class aircraft carrier have decided to adhere to ‘Microsoft innovation’ (a comical statement all by itself), as such we need to inform you that the first flaw allowed us to inform you of the following

User:  SWigston (Air Chief Marshal Sir Mike Wigston)

Password: TeaWithABickie

This person has the highest clearance and as such you would have access to all relevant data as well as any relevant R&D data and its databases. 

This is actually merely the smallest of issues. The largest part is distributed hardware BIOS implementation giving you a level 2 access to all strategic hardware of the planes (and submarines) that are next generation. To this setting I would suggest including the following part into any hardware.

openai.api_key = thisdevice
\model_engine = “gpt-3.5-turbo”
response = openai.ChatCompletion.create(
    model=’gpt-3.5-turbo’,
    messages=[
        {“role”: “system”, “content”: “Verification not found.”},
        {“role”: “user”, “content”: “Navigation Online”},
    ])
message = response.choices[0][‘message’]
print(“{}: {}”.format(message[‘role’], message[‘content’]))
import rollbar
rollbar.init(‘your_rollbar_access_token’, ‘testenv’)
def ask_chatgpt(question):
    response = openai.ChatCompletion.create(
        model=’gpt-3.5-turbo’,
        n=1,
        messages=[
            {“role”: “system”, “content”: “Navigator requires verification from secondary device.”},
            {“role”: “user”, “content”: question},
        ])
    message = response.choices[0][‘message’]
    return message[‘content’]
try:
    print(ask_chatgpt(“Request for output”))
except Exception as e:
    # monitor exception using Rollbar
    rollbar.report_exc_info()
    print(“Secondary device silent”, e)

Now this is a solid bit of prank, but I hope that the information is clear. Get any navigational device to require verification from any other device implies mismatch and a delay of 3-4 seconds, which amount to a lifetime delay in most military systems, and as this is an Azure approach, the time for BAE systems to adjust to this would be months, if not longer (if detected at all). 

As such I wish you a wonderful day with a nice cup of tea.

Kind regards,

Anony Mouse Cheddar II
73 Sommerset Brie road
Colwick upon Avon calling
United Hackdom

This is a speculative yet real setting that BAE faces in the near future. With the mention that they are going for this solution will have any student hacker making attempts to get there and some will be successful, there is no doubt in my mind. The enormous amount of issues found will tailor to a larger stage of more and more people trying to find new ways to intrude and Microsoft seemingly does not have the resources to counter them all, or all approaches and by the time they are found the damage could be inserted into EVERY device relying on this solution. 

For the most I was all negative on Microsoft, but with this move they have become (as I personally see it) a clear and present danger to all defence systems they are connected to. I do understand that such a solution is becoming more and more of a need to have, yet with the failing rate of Azure, it is not a good idea to use any Microsoft solution, the second part is not on them, it is what some would call a level 8 failure (users). Until a much better level of Common Cyber Sense is adhered to any cloud solution tends to be adjusted to a too slippery slope. I might not care for Business Intelligence events, but for the Department of Defence it is not a good idea. But feel free to disagree and await what North Korea and Russia can come up with, they tend to be really creative according to the media. 

So have a great day and before I forget ‘Hoot Hoot’

Leave a comment

Filed under Finance, IT, Media, Military, Science

Tagged as , , , , , , , , , , , , , , , , ,

March 19, 2023 · 01:32

The quick fortune

Yes, that is how it starts, and there is one little snag. There is no such thing as a quick fortune, not for anyone. On the other hand, it gave me the idea for a new movie called ‘The cure is so much worse’ a nightmare of the most horrific kind, but more about that later. 

The BBC (at https://www.bbc.com/news/technology-64939146) gives us ‘Thousands may have lost out to crypto trading app’, and I wonder just how stupid people are. You see, when I am given “Trading in cryptocurrencies has become popular, with people often promised large rewards over short periods” I see a red flag, a really big ref flag. If I have something that makes me so called rich overnight. I do not share it, well perhaps I share it with the two best friends I have and only after I have gotten a nice payout, so that I know that I am not setting them up. It is that simple. Its like these house scammers In Sydney almost a decade ago. Housing was so short that people started advertising apartments for sake via Facebook and a few other sources. If I know of an apartment for sale, I send a quick message to my dearest friends and no one else. Because an opportunity like this, I either use myself, or hand it to a best friend who will owe me a solid. With digital currency it is different, I trust none of them and even if The Saudi government or a place like Kingdom Holdings pays me an initial ₿2000 (for my IP) the first thing I do is to go to a bank and transfer it to a dollar number in my bank account. Bitcoin might have some reputation, but I do not trust it, I trust no form of digital currency. Then we are given “She says she lost hundreds of euros when she invested in iEarn Bot. She asked not to have her identity revealed as she fears her professional reputation might be damaged. Customers buying the bots – like Roxana – were told their investment would be handled by the company’s artificial intelligence programme, guaranteeing high returns”, so we aren’t even buying an app, we are buying a bot, more red flags, the there is the AI reference, an issue that does not exist and that list goes on. Then we are given “In Romania, dozens of high-profile figures, including government officials and academics, were persuaded to invest via the app because it was sponsored by Gabriel Garais, a leading IT expert in the country.” This person Gabriel Garais was apparently duped as well, some IT person. 

And then the curtain falls with “iEarn Bot presents itself as a US-based company with excellent credentials, but when the BBC fact-checked some information on its website, it raised some red flags. The man whom the site names as the company’s founder told us he had never heard of them. He said he has made a complaint to the police. The Massachusetts Institute of Technology, alongside companies such as Huawei and Qualcomm, are all named as “strategic partners” of iEarn Bot, but they too said they have no knowledge of the company and they are not working with it.” This also holds the third red flag. You see iEarn implies an Apple product, so why was Apple not all over this from days one? There might be a solid reason, but this gets me back to Gabriel Garais, as an IT person he should have known. 

This reeks like a Ponzi scheme menu and the setting and the spread implies organised crime of a new kind. Whether it is Russian, Korean, Chinese, or even American does not matter. When you can spread to this degree things get noticed and when people are getting scammed the lights go on nearly everywhere, as such the mention of 800,000 people in Indonesia and no one raises a brow? It does not add up. But the BBC went further. This is seen when we see “On the website, the company does not provide any contact information. When the BBC checked the history of its Facebook page, we learned that until the end of 2021, the account was advertising weight-loss products. It is managed from Vietnam and Cambodia”, OK, that might be true, but these pages can change hands like a snap from a finger and no contact information is the largest red flag. 

I get it, there are vulnerable people and they are seeing that pensions are coming up short, they see the promise of quick cash and I get it, some are falling for the trap, but the stage of Common Cyber Sense should have been on the forefront of their minds. And finally we get to “With the help of an analyst, the BBC managed to identify one main crypto wallet that received payments from about 13,000 potential victims, for a profit of almost $1.3m (£1m) in less than one year”, so 13,000 people gave someone over a million dollars in one year. When we consider what Indonesia is setup for, this seems like a low estimate and the news goes from bad to worse. You see this is now, when the national 5G networks go live, this amount gos up buy a lot and it will be achieved in under a week. I said in 2020 that the law was not ready and it is still not ready, moreover national police forces do not have the resources or the manpower to stop this and this is what organised crime is waiting for, it would help if the law was ready, but it is not and this is going to get worse. 

Getting back to the idea, it is still evolving, I need. Prologue to make the start, but the setting is nearly done, and to get this in the open I would need an actor, nothing like Ryan Reynolds (or Hugh Jackman). This is deep dark, people will step into a dark room to see a light (compared to my setting) as such I need a proper dark actor. Perhaps even a woman like Eihi Shiina. She scared the hell out of me in Audition (1999), I was even surprised myself that I could have such dark thoughts. A movie that literally scares members of organised crime into their own basements and commit suicide? Yup, that might be a new Netflix (or Apple) hit.

Have fun and please do not fall for these kinds of scams.

Leave a comment

Filed under Finance, Media, Science

Tagged as , , , , , , , , , , , , , ,

October 28, 2022 · 03:36

Two linked events showing trouble

Yes, that I how it started for me today. It all links back to the Optus failures and a few other matters, but cybersecurity is at the heart of it. Initially I saw the second article, but I will get back to that later. First we look at ‘Sydney teenager accused of using Optus data breach to blackmail indicates guilty plea in court’ (at https://www.abc.net.au/news/2022-10-27/teenager-accused-of-using-optus-data-breach-to-blackmail-court/101584078), a simple deception. Yet one with a few sides. The first part “Australian Federal Police (AFP) charged Dennis Su with two offences earlier this month, claiming he sent text messages to 93 Optus customers demanding they transfer $2,000 to a bank account” sets the guilty party up, but in more ways when we consider part two “The charges were laid after a bank account belonging to a juvenile, which Mr Su allegedly used, was identified”, so he used a third parties account and wholly Moses, it is apparently of a minor. How the bough breaks! Well it actually doesn’t break. It seems that there was a serious amount of thoughts and planning here. Well, for some it is not a serious amount, but he had to know what was planned and he got a minor to be the front to some parts. It all refers not to the second article that as the first on my eye sight. It was ‘Medibank and Optus hacks spark warning over identity theft risks from former victims’ (at https://www.abc.net.au/news/2022-10-27/identity-theft-warning-after-optus-medibank-hack/101576992). Here we get “The first thing the victim knew about her identity being hacked was when a man turned up on her parents’ doorstep asking for the sexual services he’d paid for online.” It is the start of a new steeple chase. When we consider “Former identity theft victims have shared how their details were used to steal luxury vehicles, take out personal loans in their name and hock fake goods online, because criminals got hold of the kinds of information millions of Australians are believed to have had compromised in the latest Medibank and Optus hacks” and this is not nearly the end of this. When we see “While living in Melbourne, she sent a photo of her licence to a real estate agent applying for a lease, and that image was somehow then uploaded into a gallery of property photos featured on that agent’s website” especially in the Australian housing market, can we please remove this bozo’s character from the housing market? How can anyone be stupid enough to ‘upload’ identity details? There is an unacceptable lack of common cyber sense in Australia. It goes from the big banks to the most stupid of housing players. They have no idea what they are doing and the excuse ‘we made a boo-boo’ just doesn’t play here. First Optus, then Medibank and that list keeps on growing. That is accelerated by alleged cowboy institutes that make money offering cyber degrees. Australia has a serious problem and it needs to be dealt with starting with a lot better protection regarding ID’s and identity documents.  

And we do not blame Google here, but “Probably the most shocking and stressful part was just seeing my licence there on Google for anyone to use” should be seen as evidence that a much larger issue is in play. When we see newspapers give us “The federal government has promised to dedicate millions of dollars to “investigate and respond” to the massive cyber attack which rocked Optus” which according to some amounts to $6,000,000 over two years. I reckon that in two years the problem will be a lot larger and two years to investigate what I in part did in 5 minutes is a joke. Something needs to be done NOW and lets start by holding corporations accountable to cyber security and lets make sure that a certain housing agent is an Uber driver in 48 hours and not a housing agent any more. Yes, I agree that I am overreacting, but uploading ID details? To a photo gallery? I think we hit rock bottom on the village idiot scale and that needs to be addressed well within 2 years, within 48 hours be more likely. I think that my optional IP move to Canada might be a good thing. It is not out of the question that these players will set my IP on a server with a connected router that still has the password ‘Cisco123’, that could be how my luck goes and I have seen enough bad luck to last me a lifetime. 

As I see it Australia has a lot of problems, not in the least the larger absence of Common Cyber Sense, I raised that in ‘The Bully’s henchman’ (at https://lawlordtobe.com/2020/01/31/the-bullys-henchman/) which I wrote on January 31st 2020, almost 3 years ago, it is that much of a failure and if I raised it then, it was already an issue. As such we see a failure that surpasses 3 years and now they want to debate it for two more years? These people are out of their flipping minds!

Leave a comment

Filed under IT, Law, Media, Politics, Science

Tagged as , , , , , , , , , , ,

May 3, 2022 · 04:12

Return of Common Cyber Sense

So, is it the return of CCS, is it Son of CCS? With all the 60’s movie references it can go either way, like Son of Blob, Return of the Predator, the Swamp Man strikes again, take your pick. We can go in any direction. And it all starts with the NOS (Dutch News) article of ‘Hackers stole 3 gigabytes of data from Spanish Prime Minister’s phone’ (at https://nos.nl/l/2427306). There we get exposed to “The hackers who used Pegasus spyware to access the phone of Spanish Prime Minister Pedro Sánchez last year were able to extract 3 gigabytes of information from the device. They also managed to penetrate the telephone of the Minister of Defense, although less data was stolen from it. The hack of the Spanish Prime Minister’s phone came to light by chance during a routine check, it turned out today. The government was informed this weekend. The telephones of all cabinet members are now being searched for the espionage software.” As such we now have two settings, the first one is linked to ‘State of what?’ (at https://lawlordtobe.com/2022/04/24/state-of-what/) where some attacked the NSO on Catalan settings. Now we see that two Spanish governmental targets were out in the open, and its Prime Minister was not too intelligent and lacking Common Cyber Sense. 

So in what universe is it a good idea to put 3GB of data on your mobile? I have (by choice) 224MB of data on my phone (over 6 years) and well over 80% are ASCII files (a collection of articles I have written). 

A mobile phone is a transmitter at rest, no matter how much you run, as such it is a trove of information for any hacker with anti-Spanish sentiments. So in what universe should we see “Spanish opposition parties speak of “a very big coincidence” that the burglary into government telephones is just now becoming known. Others speak of a smoke screen. Already two weeks ago it became clear that 63 Catalan politicians and activists had Pegasus on their phones. Among them were members of the European Parliament, Catalan regional presidents, lawyers and political organisations”? Well the answer is none. You see the setting that we are a witness of shows a massive lack of Common Cyber Sense. And in this consider “Pegasus is sent via apps, a WhatsApp message from friends or acquaintances or an email. When the recipient clicks on such a message, the spy program settles in the phone. Secret services have access to all possible data such as passwords, telephone conversations, location or photos” You see, this is a side that might be on me. People like that have a work phone and a private phone. The work phone has no need for WhatsApp, Facebook, or a whole range of other social apps. Having them on your work phone is folly, extremely stupid and massively shortsighted. When you are a governmental tool (of any kind) you need to adhere to Common Cyber Sense. It applies to any Prime Minister, Defense minister, minister and that list goes on for a while. The only exception might be the cultural minister, but then that person tends to not have any classified data, or classified data of a limited stretch. So when we see “The organisation Citizen Lab, which previously revealed that the 63 Catalans were targeted, is drawing no conclusions about who is responsible for the covert operations against the Catalans. “But the circumstances indicate involvement of the Spanish government,” the authors of the report believe.” OK, that is fair, we are all seemingly nodding towards the Spanish team, but it is assumption. And when we have that stage, the lack of Cyber Sense is making it all into a farce. So whoever hacked the Spanish, might through that have gotten access to two teams for the price of $100,000 per phone. A good deal if any. 

So at what time will governmental teams (on a global setting) decide to embrace Common Cyber Sense, with the added realisation that apps like WhatsApp and several other have no business being on your work mobile? 

In this, my message to these politicians is as follows: You are (for the most) not an A-lister, a movie star or a social media revelation. For the most, you are all governmental tools and you need to take responsibility for the stupidity you employ. Keep personal stuff OFF your work phone, give the hackers a challenge, not a trip to easy street, Common Cyber Sense has reason, take it seriously.

Leave a comment

Filed under Law, Politics, Science

Tagged as , , , , , , ,

April 26, 2022 · 20:14

Bring out your CV

The CBC had two articles last night, the first one I dealt with in the previous tory. This one can be found (at https://www.cbc.ca/news/politics/cse-candidates-hiring-cyber-1.6426275) ‘Ottawa needs more codebreakers — but spy agency says finding them isn’t easy’ and that is not even half the story. It is not a Canadian issue, it is a global issue. So when we see “Canada’s electronic spy agency, the Communications Security Establishment, is set to receive a large influx of funding to launch cyber operations and ward off attacks on government servers, power grids and hospitals.” It’s always nice to receive funding. But the reality is a little harder. I spoke about part of this in ‘Red flags’ (at https://lawlordtobe.com/2022/02/24/red-flags/) there were too many red flags and they are eager to charge a fair penny. Summits, courses and in some cases you do not even need an IT education, but a bachelor education is expected. It is a Wild Wild Cyber West out there and the problem is that there are too few stages where we can separate the good from the shallow. So when we see “CSE, which gathers and decodes signals intelligence and is also in charge of technology security for the government, says it receives 10,000 to 15,000 job applications per year. But only about one or two candidates out of 100 applicants go on to be hired after the skills testing and background security checks.” We see part of the problem. Have you seen it? It is seen in “about one or two candidates out of 100 applicants go on to be hired after the skills testing and background security checks”, the funnel needs inverting. Instead of seeking in the same place, seek somewhere else. Seek in the military and governmental technical support places. Seek in the places you overlook and hire these people. It is nice to hire that one bright light. We all want that, but who considered hiring the 20-50 that can overcome the ‘background security checks’ then start TEACHING them. Out of the 50 you educate whilst they are employed in several places you end up with 10-25 people ready to take the challenge instead of relying on the 1-2 candidates. When you need 1500 of them, my approach makes sense. Yes, you can try to get to the techies from the University of Toronto, but so is commercial land and they pay a lot better, so you need to hope to get the few with a calling, or you open the stage to a larger group and set them in all kinds of governmental fields, where there is a large shortage too. All sides that needs attending too and not all will end with the CSE, GCHQ or whatever Australia and New Zealand have, but all these governments have large shortages including their Cyber police and a few other places. It is time to change the way hiring is done all over the Commonwealth field because they are all coming up short and having different divisions that have shortages, so why are they not taking a hard look at what else is possible? If not these places will all end up in a bidding war like they saw in the 90’s and they will come up short again. Oh and whilst Amazon is desperately seeking 250,000 people and where do you think they will look next? The second plan (my crazy wild idea) gives the people a long term plan, long term employment and a larger setting of choice with one application instead of 5-15 applications. 

But this is only possible when some people take a long hard look at what they used to do and see what COULD be done. 750 application runs, or 60 application runs, what makes more sense? I will let you decide.

Leave a comment

Filed under IT, Law, Military, Science

Tagged as , , , , , , , , , , , , , ,

February 22, 2022 · 02:20

Paranoia helps

This is a case, you might be paranoid, that does not mean that people are not out to hack your life. We seem to forget that, and the second part we forget is that big corporations do not care, it is the cost of doing business and that is what insurance is for. But the stage is growing and with full national 5G insurance companies will not take that stance, they would want assurances and that is when the consumer gets to pay for it all. One small slip up, one error and the consumer pays. That is where we are heading. 

This all started when I saw ‘Walmart ships fraudulent order to hacker’s address then leaves customer to recoup cost’ (at https://www.cbc.ca/news/business/walmart-fraudulent-order-online-account-hacked-1.6353016). The story gives us all kinds of information and in some cases the consumer made the easy choice, the ‘this is so much easier’ path and hackers tend to rely on that. But it is not all bad news (well mostly it is), so let’s start.

Item one ‘fraudsters were using it and his credit card on file’. This is with the consumer. Yes it is easy and most e-commerce sites use the same good encryption. Yet as I see it there are two issues. It is easy to order when the credit card is on file, so DO NOT DO THIS! Consider what you are doing every time you use your credit card. More important, when it is on file anything can happen as this consumer found out. I have two instances where a credit card is on file. One is a monthly payment of less than $10 a month, the other is even less. I enter my credit card information with every purchase. Commerce like people with credit cards on file, it is easier to make them buy, but consider that your budget is limiting and when you still have a week to go at the end of your credit card, life gets worse really fast.

Item two are two items, and they are on WalMart. We see ‘Walmart had cancelled the first three orders on its own, but Tomlinson noticed the last one for an Apple TV had just been shipped.’ In the first part why did three stop and one did not? If they are based on the same data, there is a flaw in the system, there is close to no other option. In addition we are given ‘he was not able to access the address and Walmart wouldn’t provide details’, this is clearly on Walmart. In addition, it should be in these systems that there is a permanent record of the last 10 addresses that are not linked to the credit card that paid for it, 10 is an arbitrary number, but it happens that a family member pays for another members item, or something like that. 

Now we get to the rather nasty stuff, we are given “In 2021, e-commerce retailers surveyed said they prevented about 4,860 attacks, but failed to stop about 4,800 others. The survey also suggests online and mobile fraud attacks on retailers appear to be rising since the pandemic started, up 45 per cent in Canada from 2020 to 2021.” In a full 5G network this number can go up by a 600% to 19500%, consider that 93,600 fraud cases are not stopped under 5G, do you really think that the insurances are going to sit back and let the numbers rise from 4,800 to 93,600? You have got to be kidding me and those who do will do so at horrendous premiums and the consumer gets passed on that bill. A setting I have foretold for years and people are still not waking up to Common Cyber Sense. Not all of it is the consumer. Yet look in your own home, how many use passwords like ‘QWERTY’, or something that simple? I thought I was clever in the 80’s when my password was ‘password’ and I learned quickly that there is more to safety and security. Then there are those who use the SAME password in all places and those people also have all their passwords on file. How long until deeper machine learning can make the jump from where we are, to what we are and how lazy we are? The algorithm is already out there, with 5G it gets the speed to really rake in the dollars. So whilst some might ry for big business when they give us “While Walmart says Tomlinson’s problem was caused by compromised credentials — not a cyber attack — Sutherland says companies across the board are dealing with such attacks on a regular basis.” And when we hear the sob story of covid made it worse, we need to consider that I saw issues like this in 2015, a massive overhaul of the e-commerce system is becoming essential and most of them do not want the cost, but the issue of fraud is happily passed on to the consumer. We need to accept that this is not merely Walmart, it hits e-commerce in Europe, US, and Asia. This is a much larger problem and a better system is required. Consider that we blame the NSO group for many hacks, but the basic issue is not merely the NSO group, they merely ‘Exploit Security Flaws in Phones’ Operating Systems’, so when this gets to e-commerce in the same way, we get a flaw exploiting a flaw and our goose is cooked. Hundreds of hackers hope to find that ‘Zero-Click’ flaw that makes the hacker rich whilst the hacker is sleeping and in a 5G world that will happen more often. It is not paranoia when they are all out to get your money, and there are many who want to do just that.

Leave a comment

Filed under Finance, IT

Tagged as , , , , , , ,

December 17, 2020 · 21:51

Thanks for the support

We all have to say thanks, I in this case to the BBC, they were just able to give support to two issues that I put out in the open over a year ago (too tired to find these articles, they are at least a year old and it is 33 degrees Celsius at present (at 21:30), The first is the lacking approach to Common Cyber Sense within the US Administration, I found that failing in the Pentagon in 2018, I found Cisco routers still carrying the password Cisco123 in at least two sensitive areas and there was the use and abuse of non secured USB sticks in more than two sensitive places and on top of all that, the US ends up with an idiot in the White House relying on a password like MAGA2020, how bad do things need to get? I agree that the man Victor Gevers did everything right, including alerting the proper players, but this is a much larger problem. So when we see “The president’s account, which has 89 million followers, is now secure. But Twitter has refused to answer direct questions from BBC News, including whether the account had extra security or logs that would have shown an unknown login”, the quote forgets to give a larger part, you see, this was all on the user, when the user is thick as molasses and equally stupid, can we blame Twitter? And this now also reflects back to ‘6 simple questions’, which I released on February 3rd 2020, there we see the simple setting that the Daily Mail, the Daily Mail of all sources that there was a way to infect accounts yet no way to establish by who or how. It gets us back to the original question ‘Where is the evidence that Saudi Arabia infected ANY phones?’, a question that FTI Consulting and the United Nation essay writers can not inform us. It shows a much larger lack of cyber security and proper cyber defences, all whilst these so called investigators are happy to accuse whomever is a political and not a true target, is that too much?

I ended that article with question 6 ‘Why on earth is the UN involved in an alleged Criminal investigation where so much information is missing?’, now we see a new page turned, can any criminal investigation hold any water when the users are that thick? MAGA2020, really?

So when we consider “Mr Gevers also claimed he and other security researchers had logged in to Mr Trump’s Twitter account in 2016 using a password – “yourefired” – linked to another of his social-network accounts in a previous data breach”, in all this the need to employ Common Cyber Sense is a situation that becomes more and more essential and we need to catch on quicker than we are, because it is people like that who will claim things against Russia and China, whilst letting their security services in at their leisure because they cannot be bothered with Common Cyber Sense. 

As I see it, President Trump will optionally get two additional Christmas cards this year, one from 76B Khoroshevskoe Highway, the other from 14 Dongchangan Avenue, Dongcheng District, Beijing. Both will be stating “Thanks for the support”, what a lovely way to end a presidency and probably the first time that a US President gets a Christmas card from both locations.

Leave a comment

Filed under IT, Science

Tagged as , , , , , , , , , , , , , ,