Tag Archives: Common Cyber Sense

Hammering Facebook

The Guardian has another story, which was updated a mere 6 hours ago. To be honest, I am a little ticked off. I get that the Guardian is giving us this and it makes perfect sense, it is news. Yet when I see ‘Fake news inquiry: Facebook questioned by MPs from around the world – as it happened‘ (at https://www.theguardian.com/technology/live/2018/nov/27/fake-news-inquiry-facebook-to-face-mps-from-around-the-world-mark-zuckerberg-live-updates), whilst in the same setting we see newspapers ‘hiding’ behind ‘from an unnamed source’, when we get blasted by well over 64 million results in Google Search on the death of a journalist that close to nobody gives a hoot about, the entire ‘fake news‘ seems to be nothing more than a targeted sham to me. Not the element of fake news, I get that, but some of the players are a little too hypocrite to my liking.

So let’s take a look at a few of these issues we see (at https://www.theguardian.com/technology/2018/nov/27/facebook-fake-news-inquiry-the-countries-demanding-answers).

Ireland: “The Irish government is reviewing proposed legislation to promote online safety amid an outcry that tech companies are unable or unwilling to tackle harmful content. The move jars with Dublin’s normally effusive support for tech companies with an Irish base. Facebook has its European headquarters in Dublin and falls under the remit of Irish data protection authorities“. The first thing to do is look at the definition. The European commission gives us: “Harmful content, is authorized material subject to distribution restrictions (adults only, for example) or material which some users may find offensive even if, on the grounds of freedom of speech, there are no restrictions on publication.” First of all, the Pornhub site is freely available to every man, woman and child. In addition there is a porn version of YouTube that is also freely available, from that we can see that Ireland has a lot of other worries and these two are not available through Facebook. When we look at Ireland we see a nation that given in to big business through tax laws at the drop of any hat and they have harmful content issues? In addition the Times gave us on November 6th: “Google and Facebook will call on the government today to define exactly what kind of content a proposed digital safety commissioner would have the power to remove online.” It becomes a lot more entertaining when we see in Fine Gael last week: “Fine Gael TD Hildegarde Naughton will travel to Westminster next Tuesday (November 27th) for a meeting of the International Grand Committee on Communications”, as well as ““Social media companies cannot hide from the genuine concerns of national parliaments from around the globe, it is imperative they engage with us in a meaningful way. “This document sets out a blueprint for how that can be done.” It is entertaining as she seemingly has a document whilst this entire setting has been going on for years (even before Cambridge Analytics). That entire meeting is in my personal opinion as hollow as it sounds. All trying to look important, yet where is that so called document from Hildegarde Naughton? It does not seem to be on the HN site (at http://www.hildegarde.ie), so where is it? When we are told: ‘This document builds upon the work done by the Oireachtas Communications Committee‘, we should be able to read and scrutinise it. You see, the Irish Law Reform Commission has a 2016 document (at https://www.lawreform.ie/_fileupload/Reports/Full%20Colour%20Cover%20Report%20on%20Harmful%20Communications%20and%20Digital%20Safety.pdf), it is merely that or a continuance of that? And this document is important, especially on page 165 where we see: “The definition of “communication” implements the recommendation in paragraph 2.53 that the proposed legislation on harmful communications should apply to all forms of communication, whether offline or online, analogue or digital, and therefore the definition includes communication by speech, by letter, by camera, by telephone (including SMS text message), by smart phone, by any digital or online communication (including the internet, a search engine, a social media platform, a social media site or the world wide web), or by any other telecommunications system.

This now implies that art is now no longer merely in the eyes of the beholder, basically if any art is regarded as harmful content, is comes under scrutiny (read: censoring) A massive part from Facebook is relying on art to propagate via digital medium, digital art is still in its infancy and it seems that this offends Ireland in the broader view it has, it is in that view that my message to Hildegarde Naughton is seen (at https://www.independent.ie/irish-news/courts/priest-who-sexually-assaulted-girl-6-during-first-confession-avoids-jail-due-to-old-age-and-health-problems-36840577.html). When we contemplate that when you have health issues and you are old, it seems fine to rape a six year old. It is all in the nuance, is it not? So, what will you do when you consider this Grigor Malinov painting to be harmful content? Add a Jade Swim bikini with a brush and a fashionable colour? In light of what certain people get away with, the entire harmful content is not a joke, yet hammer Facebook with it, whilst there are other players openly in the field is too weird as I personally see it.

Then we get a Turkish advertisement variant with ‘MPs do not intend to publish Six4Three documents today, Collins says‘, either you have the documents and you inform the public, or you go home and polish your silverware! You scream fake news and leave the audience in innuendo and what I personally perceive as intentional miscommunication, and haven’t we seen enough of that?

Blame Canada

I can’t resist, whenever I see a Canadian flag, a Canuck or anything Canadian I think of that South Park song. It’s nothing negative, I think that Canada is awesome in hockey, it seems to have great people (several attended UTS with me) and it seems to have a healthy life. I’d take a job in Canada any day if possible (as well as the opportunity to watch Hockey almost every night), I might even be good enough to be a goalie for one of their NHL teams, even though I am nowhere near Martin Jones as a goalie (I merely wish I was). So Canada gives us: ‘Facebook inflated video viewing times for two years‘, I actually see an issue here, the Guardian gives us “only counting views lasting more than 3 seconds, the time a video must be seen to count as a view“, yet with YouTube the skip moment is 5 seconds an now as some people get 100% more ads with many of them not with the option to be skipped we see a shifted trend. This might be YouTube, yet there is no chance that this does not affect Facebook, giving rise that Canada has as optional a valid issue. Richard Allan (Facebook) gives us: ““it depends on the problem we’re trying to solve”“, something that might be valid, yet in the question by Charlie Angus we see: “Facebook has inflated video metrics, overstated for two years. “I would consider that corporate fraud, on a massive scale,” he says, “and the best fix is anti-trust. The simplest form of regulation would be to break facebook up, or treat it as a utility, so that we can all be sure that we’re counting metrics that are accurate or true.” I see his failure as a setting as there is a large intertwined part of Facebook, Vines, YouTube and a few other medium adding fuel to the video metrics, no matter if all hosted on Facebook. You would have to set the stage for all and to merely have Facebook here is a faulty stage, we get pushed into an assumption pool of no facts and biased metrics making matters merely worse. I feel certain that Charlie Angus should have and probably did know this making the issue a tainted one on more than one level.

Finally, let’s go out with a bang and add Latvia to the stage. When we get Latvia’s Inese Lībiņa-Egnere, we get the question: “how Facebook can help countries like Latvia, that face specific threats from Russia“. It took me around three minutes to stop laughing, I should be serious, but I cannot hold my straight face. You see, that is not the job of Facebook. I will go one step further, by stating: “Dear Inese, have you considered adding digital responsibility to both the Drošības policija and the Militārās izlūkošanas un drošības dienests?” There is an unconfirmed rumour that one of your routers is still set to ‘Passw0rd‘ and another one to ‘Cisco123‘, can you please confirm that? In light of the fact that ‘https://www.zs.mil.lv/lv/kontakti‘ directly links to Facebook pages, one might see how the Latvian military (as well as Latvian intelligence) could get phished in several ways, especially when there is the chance that some alleged under dressed biker chick would have been looking for ‘adventurous officers’. It gets to be even more fun when that alleged woman look a lot like a vogue model. You should introduce them to: (https://heimdalsecurity.com/blog/fake-facebook-scams/), to have Common Cyber Sense is a government’s responsibility. Getting Facebook to do free consultancy via a hearing is just not Cricket.

I will end this with Brazil, I really liked his question: ‘He asks what Facebook is doing to prevent improper manipulation of its algorithms to prevent illegal manipulation of elections‘. It is a good and important question. I think the newspapers, especially the tech columns should spend space on this and let Facebook show them what is being done, what the impact is, how those metrics were generated and how its validity was checked. I think that the problem is a lot larger than we imagine. I would set a line towards American soft money. It has never been regulated and it still is not. We talk about fake news and political influence, whilst soft money is doing that in the US from the day after a president is elected all the way up to the next presidential election (or the senate, or congress). It is basically shouting at one, whilst the other element is ignored. The difference is that digital campaigns give anyone all the soft money they need, taking the rich out of the equation, the fact that I have not seen anything towards these lines gives a larger implied weight on all media. All those newspapers with ‘from an unnamed source‘ and that is where the blockage begins. There is a setting that it is not the ability or Russia, but the failing of others not correctly countering digital media that is the problem and that was never a Facebook problem, it merely shows the incompetence of others and in an age of advanced nepotism it is a much harder pill to swallow.

In all this, I never claimed that Facebook is innocent, merely that there is a lack of the proper questions making it to the table and even as a few nations were addressed, the issue is a lot larger and needs addressing, preferably before the 5G tap opens which allows the digital media providers to deliver 500% more than it is delivering now.

I wonder how many players have considered the impact of that game changer.

 

Advertisements

Leave a comment

Filed under IT, Media, Military, Politics, Science

Game of Pawns

Most people have heard of the Game of Thrones, George R.R. Martin’s masterpiece filmed and shown by HBO. Its final season will come in 2019 and the air is filled with teasers, speculated spoilers and optional fan made false trailers. Yet have you heard of the game of pawns? This goes directly towards the entire Australian Encryption Bill. I spoke about it 2 days ago in ‘Clueless to the end‘, where we are introduced to the misrepresented views of Peter Dutton. On how he plays the system on getting the FAANG group to help him a little, which is exactly what the FAANG group is unwilling to do. In addition to what I wrote there is the voice of Paul Brookes, chair of Internet Australia. He gave us: “it is important for law enforcement to find ways to improve their capabilities for intercepting criminal activities through the communications sectors, “they must not do so via hastily enacted legislation which fails to consider the legitimate concerns and advice of global technology experts, and carries the very clear risk of creating more problems than it solves”“, in this Paul is right and the issue is growing on other settings too. In the last three days we have been made privy to: ‘Hackers stole millions of Facebook users’ highly sensitive data — and the FBI has asked it not to say who might be behind it‘. Optionally because they cannot unsubstantiated blame Russia again, yet in the much larger setting it seems that they do not have a clue. In addition, we see evolving today: ‘PS4 Users Are Claiming That Malicious Messages Are Breaking Their Consoles‘. The last one seemingly has a solution as reported by Kotaku: “It does seem that the exploit is purely text-based, so changing your PlayStation messenger privacy settings should prevent it from happening. You can do that by going to Account Management in your console Settings, heading to the Privacy Settings submenu, and changing Messaging settings to “Friends Only” or “No One,” meaning that only your pre-selected friends or no one at all can message you“. Two attacks, the second one without knowing the extent of the attack in a setting that could not have been prevented by the encryption bill, the fact that the authorities have been grasping in the dark gives a very clear view on how short the authorities are on the ability to stop these events. All the BS short-sighted attempts to access data whilst the entire communication system is flawed beyond belief shows just how clueless the governmental players have become.

So as this week is likely to be about: “It appears to be the worst hack in Facebook’s 14-year history“, many will all go into the blame game against Cambridge Analytical, ye the foundation is that the internet was always flawed, and again we see a setting where the failing of non-repudiation is at the core of certain events. A setting where ““access tokens” – essentially digital keys that give them full access to compromised users’ accounts“, done through hacks into vulnerabilities into a setting of ‘authentication’, where the optional ‘non-repudiation’ might have optionally prevented it. That basic flaw has been around for over a decade and the tech companies are unwilling to fix it, because it makes them accountable in several additional ways.

Non-Repudiation

In a setting where you and you alone could have done certain things, is stage against the setting of someone with the claimed authority has staged the deletion of all you created. That is the stage we are in and the damage is increasing. As more and more vulnerabilities are brought to light, the lack of actions are beyond belief.

The NPR reported something interesting that the initial sources did not give me. They give us: “the hack exploited three separate bugs in Facebook’s code. No passwords were compromised, but the hackers were able to gain “access tokens” that let them use accounts as though they were logged in as another person“, as far as I can speculate, non-Repudiation might not have allowed that, making non-repudiation a much larger priority for social media than ever before. The fact that the data captures are getting larger makes the change also a lot more important. If the value of Facebook is data, keeping that secure should be their first priority, the Encryption bill would also be a void part if non-repudiation becomes an actual part of our lives. The dire need of Common Cyber Sense is seen everywhere and we need to give less consideration to people who cannot keep their Common Cyber Sense.

You see, the issue is becoming a lot more important. The fact that these accounts are now sold on the dark web, with the by-line: “If sold individually at these prices, the value of the stolen data on the black market would be somewhere between $150m and $600m“, we are certain that this will get a lot worse before there is any improvement. It is my personal view that actively seeking a non-repudiation setting will hasten that process of making your data more secure.

It is in addition the setting that the Dream Market offers, which by the way is useless. The Chinese vendor offering the data, could in the end merely be an expelled student from any US university living in Dublin, there is at present no way to tell who Chernobyl 2550 actually is.

Finding and exploiting three bugs in Facebook gets you optionally half a billion, the governments are that far behind and there is no indication that they will catch up any day soon. When going back to the Facebook setting, we also saw “Facebook said third-party apps and Facebook apps like WhatsApp and Instagram were unaffected by the breach“, yet another source gives us: ‘WhatsApp Bug Allowed Hackers To Hack Your Account With Just A Video Call’ (at https://www.valuewalk.com/2018/10/whatsapp-bug-video-call-fixed/) implying that Facebook users are in a lot more peril then shown from the different media. We are given: “A security researcher at Google’s Project Zero discovered a strange bug in WhatsApp that allowed hackers to take control of the app if they just knew your phone number. All they had to do was placing you a video call and getting you to answer it. Though the WhatsApp bug was disclosed only on Tuesday, Google researcher Natalie Silvanovich had discovered and reported it to the Facebook-owned company back in August“. So even as it seems that Facebook is not giving us ‘faulty’ information; the mere fact on the existence of the flaw as seen with: “She disclosed the WhatsApp bug to the public only after the company fixed it via a software update. Silvanovich wrote in a bug report that heap corruption could occur when the WhatsApp app “receives a malformed RTP packet.” The bug affects only the Android and iOS versions of WhatsApp because they use the Real-time Transport Protocol (RTP) for video calling” is showing a dangerous setting where a number of failings within this year alone gives rise to the flaws in security and proper testing of apps and the stage of security is failing faster than we should be comfortable with.

So even as CBS News was all about hacking elections last week, giving us: “These cyber-attackers are driven by a variety of motivations, says Andrea Little Limbago, the chief social scientist at data security firm Endgame. “As long as attackers find it in their best interests or find the motivation to want to have some sort of effect … they’re going to think about what they could do with that access,” she says. “Especially China, Russia, and Iran.”“, the failing we see that there is a flaw in the system, it is not merely on pointing at the wrong players, it is about the flawed setting that some systems were breached in the first place. The larger setting is not the hack, it is access and the need for non-repudiation is growing at an alarming rate, in a setting where none of the players are ready to accept non-repudiation, we see a faulty authentication approach and that is the cost of doing business. So when you consider it a sign of the times, consider that I personally witnessed a bug that Whatsapp showed over 27 years ago, when a financial package on DEC VAX/VMS has something called Ross Systems. An intentional illegal action would crash your terminal program and leave any user in the VAX/VMS system with supervisor rights, with total access to every file on the server and every drive. Would it be nice if certain lessons were learned over a quarter of a century?

That is the issue sand the opposition of those who want to push out new features as soon as possible and that danger will only increase in a 5G setting, so when your mobile becomes your personal data server and someone does get access to all your credit card and health data, you only have yourself to blame, good luck trying to sue the technology companies on that. Actually that is exactly what Google is facing with class actions against both the Pixel and Pixel 2 at present. Should they lose these, then the ante goes up, because any case involving flawed data security, when flagged as inappropriately dealt with could cost Google a lot more than they are bargaining for, and it is not just Google, Apple, and Facebook will be in equal settings of discomfort.

If only they had properly looked at the issues, instead of seeking the limelight with a new fab. In the end, are we mere pawns to them, to be exploited and under secured for their short terms needs of clicks and sales pitches? What happens when it falls? They will still get their golden handshakes and a life without complications for decades, what are we left with when our value in data is sold on?

We are merely pawns in a game and no one wants the throne, they merely want to be the second fiddle and walk away overly rich (or own the Iron Bank), we enabled this, and we get to live with the fallout that comes next, all because non-repudiation was too hard for these players.

 

Leave a comment

Filed under IT, Media, Politics, Science

The Red Flags

Today is a day where we are overloaded with actions on parties, yet there is little evidence shown, actual evidence that gives light to the danger. So first we see Russia, the old red with hammer and sickle. First we see ‘Expulsions of Russians are pushback against Putin’s hybrid warfare‘ (at https://www.theguardian.com/world/2018/mar/26/expulsions-of-russians-are-pushback-against-putins-hybrid-warfare), as well as ‘More than 130 people could have been exposed to novichok, PM says‘ (at https://www.theguardian.com/uk-news/2018/mar/26/130-people-feared-exposed-to-novichok-in-spy-attack-says-pm). These two matters are shown to us giving two lights. The first is “The expulsions of Russian diplomats on Monday reflect how widely Vladimir Putin has attempted to wage his brand of hybrid warfare and how many leaders and their intelligence agencies he has angered in the process. Even before the Salisbury poisoning, many governments had lost patience with Vladimir Putin’s grey war for domestic reasons of their own. Their response is not just an act of solidarity with the UK but a collective pushback“, I am not denying any of this. There are indicators that Putin has been waging ‘war’ for some time. There is also the larger indication that he is moving on several fronts and he is gaining field in economic options in the Middle East, whilst America has lost footing. The US needs to appease Saudi Arabia to the maximum degree to avoid the dangers of losing even more footing in the Middle East.

It is with “In Lithuania, the government found Russian spyware on its computers. As far back as 2007, Estonia suffered a three-week wave of cyber-attacks” we do get a first issue, as well as with “US and EU expel scores of Russian diplomats over Skripal attack“. You see when governments start to react with “in a show of solidarity” you should all be aware that there is a lot more going on. This is not some form of ‘conspiracy theory’, this is merely facts that you can check. How much solidarity was shown when we all got screwed over by the meltdowns of 2004 and 2008? The economic impact was shown in several countries. Of course not as massive outside of the US, but we all felt the pinch, millions of us. So how much solidarity was shown AGAINST Wall Street? Please show me the evidence, because for the most, these people might have lost their jobs, but left so wealthy that these men could go into brothels for the rest of their lives, shopping for virgins. So when it comes to solidarity, i have merely seen that as a government sham over the last 10 years. In addition, even if we acknowledge that the Novichok is of Russian making, there is evidence that it was not uniquely in Russian hands. In addition, there are clear questions regarding Vil Mirzayanov as well as some of his statements as I showed in the earlier presented blog ‘Something for the Silver Screen?‘ (at https://lawlordtobe.com/2018/03/17/something-for-the-silver-screen/) where I gave the readers “Regarding new toxic chemicals not listed in the Annex on Chemicals but which may nevertheless pose a risk to the Convention, the SAB makes reference to “Novichoks”. The name “Novichok” is used in a publication of a former Soviet scientist who reported investigating a new class of nerve agents suitable for use as binary chemical weapons. The SAB states that it has insufficient information to comment on the existence or properties of “Novichoks””. Now we need to consider that both the OPCW and the SAB are incompetent beyond belief, or that we are now getting a collection of Fish Stories. They presented the statements in 2013. Now TASS (I know, not the greatest source of non-biased journalism) gives us “As far back as 1998, we looked though a regular edition of the spectral database released by the US National Bureau of Standards, which has spectral data on about 300,000 compounds and is regularly updated, to find an agent that caught our attention as it was an organophosphorate chemical. We understood that it must have a lethal effect. Now it has turned out that, judging by the name of that agent, it was Novichok A234. It has surfaced,” Igor Rybalchenko, chief of the ministry’s chemical laboratory, said in an interview with the Voskresny Vecher news roundup on the Rossiya-1 television channel“. You see, this is something that could have been checked. Is TASS lying? If not than we get the additional of what some might regard as ‘fuck ups‘ by both MI5 and GCHQ. In that regard, the less stated involving MI6 at present the better. Now, that part could be easily verified, yet the US and the UK have not given any clear evidence, whilst several sources have clearly shown that Novichoks were out there. If any of the sources, that I mentioned on Novichoks (like Leonard Rink), are shown to be true than there is a larger issue in play. The issue is that some governments are in denial over the evidence and facts and that is a bad thing. Let’s be clear, that does not absolve the USSR (I love the old names) on many of their actions, it merely shows that painting everything with a single brush shows other levels of incompetence on several fields. Even if that was the Intelligence branch intervening for whatever reason, they went about it really bad and the wrong people end up getting scorched. It is the Guardian that gets credits here for asking the hard questions. With ‘UK’s claims questioned: doubts voiced about source of Salisbury novichok‘ (at https://www.theguardian.com/uk-news/2018/mar/15/uks-claims-questioned-doubts-emerge-about-source-of-salisburys-novichok) it asks the harder questions and in there we see the conflicts that Craig Murray brings. With ““There is no evidence it was Russia. I am not ruling out that it could be Russia, though I don’t see the motive. I want to see where the evidence lies,” Murray said. “Anyone who expresses scepticism is seen as an enemy of the state.”“. I am pretty much on his side on this matter. I found issues that gave rise to the blanket accusation within 30 minutes, perhaps better stated it took an hour because the OPCW documents read as smooth as sandpaper, more boring materials and meetings will seldom be read. Besides the questions from the Guardian, not one of the newspapers dug into the overkill matter. The entire exercise too overly complicated. I could have mugged, executed the two making it look like a robbery in mere minutes (excluding preparation time), it would be done in no time and no chemical risks at all, to no one. So as we saw PM Theresa May give us “More than 130 people could have been exposed to the deadly nerve agent novichok during the Russian spy attack in Salisbury, Theresa May said on Monday“, yet no one raises that it could be a mere individual or even the Russian Mafia. Two likely considerations in all this, and not one has raised that part. No matter how we see the opposing players in Special Forces or Intelligence. To set the stage of 130 bystanders getting in the crossfires is a realistic thing in places like Syria and Yemen, where there is open warfare, in places like Chantilly, Cheltenham, St Petersburg, or Lille is not where one goes playing like that. You see killing a target, a valid target is one thing, doing it whilst setting the stage for getting +100 plus knowingly in the crossfires requires an entirely different type of psychopath and governments tend to not hire those types in the first place.

That alone merely emphasizes the part that my view has been correct all the time. In addition to that, we still have seen no clear stated evidence on how it was done. The Scotsman (at https://www.scotsman.com/news/uk/sergei-skripal-exposed-to-nerve-agent-through-car-vents-reports-1-4707852) stated “may have been exposed to a deadly nerve agent through his car’s ventilation system“, which they got from the US. You see, when we get ‘may have been‘ and ‘possibly‘, we need to realise that we are either kept in the dark, or they actually just do not know at present, which makes a case for blaming the Russian government a weird choice at best. And with every delay in this it merely shows that the entire mess is a lot larger, yet the media ignores that. I call that an actual problem.

I mentioned Lithuania earlier. Now, the following speculation does not absolve Russia, but when you realise that people like the Russian Mafia might oblige the Russian government at times, they are still in it for money, for simple profit and coin. So when we see: “In March 2016, Vladislav Reznik, a Deputy of the State Duma, has been put on the international wanted list and officially charged with membership in Tambovsko-Malyshevskie organized criminal group and money laundering in Spain. Reznik’s villa has been searched. According to the indictment, Reznik was among those controlling the gang operations and a member of Gennady Petrov’s business circle” as well as “€16 million have been received from the British Virgin Islands, Panama, Lithuania, Switzerland, Great Britain, and Russia. On the other hand, monetary funds amounting to some $8.5 million have been transferred from his accounts to Russia, Panama, Cayman Islands, and U.S.“, we see that Lithuania has larger players in the fold. If it is a vessel for transferring funds, having their cyber infrastructure under attack seems to be an effective way to keep the eyes peeled in different direction (extremely speculative), yet in support there is also “In July, Russian hackers were blamed for a similar assault on Lithuanian government Web sites. In Security Fix’s account of that attack, I posted a copy of a congratulatory letter sent to nationalist Russian hackers by Nikolai Kuryanovich, a former member of the Russian Duma. The missive is dated March 2006, and addresses the hacker group Slavic Union after the group had just completed a series of successful attacks against Israeli Web sites“, which is a first link from a ‘gov.ge‘ site. Cyberwar – Georgia

In addition there is “The wave of attacks came after a row erupted over the removal of the Bronze Soldier Soviet war memorial in Tallinn, the Estonian capital. The websites of government departments, political parties, banks and newspapers were all targeted. Analysts have immediately accused the Russian Business Network (RBN), a network of criminal hackers with close links to the Russian mafia and government, of the Georgian attacks“, now remember that Tallinn is in Estonia, not Lithuania. Yet the methods that the Russian Mafia uses are quite often duplicated (an Amway solution) and that part is not so far stretched. It is another cog that is showing us on the acts of the Russian Mafia. The Russian government is not absolved in all this, yet Theresa May did not tell us: ‘we have strong indications that a member or Russian organised crime with links to the Russian governments are behind this‘. No! She went straight for the Russian government and offered no clear evidence, that whilst the clear evidence could be largely dismissed in most courts with merely the use of the documents of the SAB, the OPCW and the testimony of Vil Mirzayanov who seemed to be interested in upping the sold copies of his 2008 publication.

There are sides to my story as well, parts I am not happy about, parts that should be scrutinised, yet in all this, the current facts and statements seem to take down the UK case at present. More importantly it shows us that the US is also playing the fear game, it is now more afraid than ever that it loses more and more turf in the Middle East, whilst Russia is moving forward. That scares them more than anything, even more than any Novichooks (yup intentional typo) in play, especially when we consider the danger that these weapons are and additional could be down the line, is that not odd either?

Ready Player Two

And that is not the whole story. You see in all this the other red flag has a star and a crescent moon. Yes it’s everyone’s favourite humanitarian setting (or was that lack off?), it is Turkey. So when we are again treated to the marketing of ‘Turkey needs Europe, Europe needs Turkey‘, the people in Europe need to run to the Brexit, or any EU-Exit they can find. I stated it in a previous blog with ‘This relates directly to Turkey, because it shows the desperate EU trying to open a many doors as possible‘. I did that in ‘A changing language‘ (at https://lawlordtobe.com/2018/02/15/a-changing-language/) well over a month ago. Now we see “Turkey is not doing very well economically, it needs outlets” said Lamberts, “and it is very clear that bad relations with Europe are harmful to Turkey, so somewhere on the economic level Erdogan needs Europe and Europe in fairness needs Turkey“, which Euro news gave us yesterday. So we see how Philippe Lamberts, a Belgian Green MEP is willing to throw values overboard, the economy does not allow for any humanitarian values. So when I see any journalists hiding behind ‘constant attacks on transgressions of human rights‘, whilst attacking governments making any kind of economy based deals. Can they just kindly go fuck themselves? When we see the Turkish joke evolving on the EU field, no journalist gets to use the ‘Human Rights‘ card for a long time to come. If you want to do that, go visit Turkey and protest in front of those prisons that have journalists locked up for life. Until you can make that change there, do not come crying on other shores. If you need actual Human rights issues, then perhaps turn to Canada where we got “A French waiter who was fired for his “aggressive, rude and disrespectful” manner has claimed compensation, insisting that his behaviour is not unusual, but that he is simply French“, that is the story of Guillame Rey from Vancouver Canada. that is where the Human Rights have gotten us and that is a real win for the ‘15 children that were killed in an airstrike as they hid in the basement of a school in the town of Arbin‘, yes a real humanitarian win in this. So even as the financial Times reported less than 2 hours ago “The EU said it failed to win a pledge from Turkey to free journalists it has jailed and improve other rights for its citizens but that it will maintain talks with President Recep Tayyip Erdogan after their first meeting in almost year“, we see no place stating that turkey will not become a member of the EU. It is another side where the gross negligence of evidence is taking the toll of our humanity. So as the President of the European Council Donald Tusk gives us “Only progress on these issues will allow us to improve EU-Turkey relations, including the accession process” (at https://www.ft.com/content/dbefa9e6-313d-11e8-b5bf-23cb17fd1498), so I am proven correct yet again, they merely need to push the EU deeper in debt, which according to Bloomberg is coming for certain through “Draghi’s call for patience and persistence in delivering stimulus, suggesting bond-buying will be extended beyond September” or set the stage where the so called Humanitarian principles are ignored, which has been the case for close to a year. It has only strengthened my view that the UK is a lot better off outside the EU, because this entire EU mess will collapse onto itself and woe to those who are left behind paying for it all. It could set back the economic markers for close to two generations in Europe, which should scare anyone in the EU.

The last red flag is North Korea (it has blue too)

I mentioned it some time ago. The entire Sony mess and blaming North Korea was never really resolved. So when I got the news from ABC stating “Secret intelligence documents and photos unilaterally collected by the U.S. military were among the stolen cache of South Korea’s classified documents by North Korean hackers, but the totality of what was stolen remains unknown“, we should be starting to get careful. you see it implies one side, but to my view it gives an entirely different issue. It implies that North Korea is a capable cyber operator. Now, we know that one can do plenty of damage with a laptop (like in the movies). Yet when you see these pics you wonder what on earth is going on, because we now get the speculated but believable view that ‘the US gave documents to an ally that does not have its basic cyber protections in place‘, that is a very different kind of cheddar, isn’t it? Now, I have seen a few pics where the computers look a little more advanced, but nothing that an actual gamer would still be using two years ago. And that is the foundation of their hacking? Let’s be clear, there are situation where you can hack with a 10 year old laptop, but you need skills, you need access to documentation and the ability to get past the firewalls and past sniffers and network monitors. They do exist, yet that requires an equal incompetency on the South Korean side, a part that we are also ignoring, the use of Common Cyber Sense.

You see, when you get “Malware contamination of the intranet server of the cyber command that occurred in September last year was confirmed by the South Korea’s Defense Ministry in May but this is the first glimpse of the scope of the damage“, there is another layer in place, one that does make sense. Some of the European, Russian and optional US hackers are selling their stuff to North Korea. That is a very possible scenario, but in that case both the FBI (if the US was involved), as well as the CIA failed in their tasks. Perhaps better stated, the CIA seems to be unable to thwart North Korea from purchasing cyber hacking software from making it to North Korea, which is equally a failure on several levels. It is unfair to blame merely the CIA. It is fair enough to add the earlier avoided MI6 to the mix as they should have been watching that danger, because if these hackers can get to South Korea, they could in theory hit the UK in equal measure, the evidence is there. Even as we agree that North Korea does not have the skills (my personal belief) to create something like Wannacry. I already went there to some degree in ‘In light of the evidence‘ (at https://lawlordtobe.com/2017/05/28/in-light-of-the-evidence/), the evidence given was compelling that was given by ICIT. In addition we had ‘when IBM cannot give view of any mail that propagated the worm’, which also takes North Korea out of the loop, yet they could have acquired the software. So even as the largest cyber player like IBM remains in the dark, there is still evidence that it was North Korea? That view was only enforced when a Dutch media team went to North Korea a few years back. In some places their cameras were locked up because no photographs were allowed. Yet most had them anyway, because the North Korean officers had no idea what a smartphone was and that it was able to take pictures. The Dutch NOS showed it on Television, so that is the place that hacked into South Korea, the birthplace of Samsung? It is not impossible and was never denied by me, but it was so extremely unlikely that unless clearly proven with evidence considering it was utterly impossible to the common sense mind. Yet as the source is not in North Korea, hunting that source down is more important, because the next time it will not be some version like Wannacry 2.0, it could be Stuxnet 7.1 and as the UK has 15 reactors and the US has 99 reactors in 30 states, it seems to me that waking up both MI6 and the CIA to actually get to the bottom of these North Korean ‘praised’ cyber skills and find out where those skills actually were (read: came from), because not doing so is a much larger issue. I hope that the South Korean bungle of their network security constitutes as at least some level of evidence.

Three red flags, none of them are innocent, I never implied that, but as we are changing the play, the marketing vibe and the need of what is real we need to carefully weigh what the media gives us and what those giving the media are actually after. I have seen enough evidence thrown about and have been able to ask questions to the extent that gives rise to many question marks and whilst some media are playing the emotional waves, some are seeking clarity and that clarity gives us additional options and views that we did not consider before. People all over the world are told to jump to the left, whilst there is no evidence that anything form the right was going to hit us in the first place, which makes us wonder why they did not want us on the right side to begin with.

These red flags are important, because even if we had any faith on the Russians trying to attack us, we need to consider that Cambridge Analytica is an English firm and even as Fortune now reports “A non-partisan watchdog group has filed complaints with the Department of Justice and the Federal Election Commission alleging that the data firm Cambridge Analytica violated U.S. election law by having foreign nationals involved in the decisions of political committees“, we see that it was a British firm who scored that job.

So it is possible that the people in Moscow will be treated to a comedy in 22 hours, it will go something like “TASS Is Authorized to Declare that the accusations against the Russian government and its people were propagated by an English Firm“, in this I used part of the 1984 Soviet spy miniseries directed by Vladimir Fokin, because even with my weird sense of humour it seemed important to give it an Orwellian sling. Perhaps you should check out his new book. It apparently deals with life in the US after a presidential election.

 

3 Comments

Filed under Finance, IT, Media, Military, Politics, Science

Lawyers on a weakly basis

It is the Lawyers Weekly that gets the attention at present. The article (at https://www.lawyersweekly.com.au/biglaw/22159-lawyers-don-t-need-to-become-accomplices-to-white-collar-crime) gives us the nice title with ‘Lawyers ‘don’t need to become accomplices’ to white-collar crime‘, yet is that statement anywhere near the truth or the applicable situation that many face in today’s industry? Monty Raphael QC talks the talk and does so very nicely as the experienced QC he is, yet there were a few points in all this that are an issue to me and it should be an issue to a much larger community. For me it starts with the quote ““Cyber space has not created any new crimes, as such, really, of any significance,” Mr Raphael said.” This is of course a correct statement, because until the laws are adjusted, plenty of issues are not covered as crimes. We merely need to look at the defence cloak that ‘facilitation’ gives to see that plenty is not covered. The case D Tamiz v Google Inc is merely one example and as technology renews and evolves, more and newer issues will rise, not merely in cases of defamation breaking on the defence of mere facilitation.

Yet for this matter, what is more a visible situation is the case of Tesco a how PwC seems to not be under the scrutiny it should be, it should have been so from day 1. So when we read: “Mr Raphael insisted that lawyers have an ethical obligation to ensure they do not support or enable white-collar crime” we are introduced to a statement that is for the most seemingly empty. I state it in this way, because the options of scaling the legal walls while not breaking any of the laws that were bended to the will of the needy is an increasingly more challenging task. If the legal walls were better than PwC would clearly be in the dock 2 years ago, or would they? In addition, they are not alone, merely slightly (read: loads) more visible as the profit before tax for Tesco ended up being minus 6.3 billion in 2015.

Monty makes a good case, yet the underlying issue is not the lawyer, it for the most never was. It is the law itself. This is why I object to the title, it is nice but is it true? PwC shows that even as we oppose their actions, the fact that they are not in the dock is because when we see Reuters (at https://uk.reuters.com/article/uk-britain-tesco-fraud/former-tesco-executives-pressured-staff-to-cook-books-court-told-idUKKCN1C41TK) we see “Tesco’s auditors PwC were “misled and lied to,” Wass added“. Is this true? Let’s consider the evidence, can it be shown and proven that they were lied to?

It might never be proven because the people in the dock have had years to get their story right (read: synchronised). What I stated at the very beginning of the events of Tesco remains true and it remains the issue. The fact is that PwC made that year £13 million from this one customer. Much of it in a project and auditors for the rest and they did not spot the fact that the books were ‘cooked’, will remain an issue with me for some time to come. It is the Tesco case that also underlies the issue here. It is about the weak lawyer, not because he is weak, but the lack of proper laws protecting all victims of white collar entrepreneurs is stopping them from aiding potential victims. In addition as the law is struggling to merely remain four passes behind it all, it becomes less and less useful, not to mention a lot less effective. As the next generation of economic tools are being rolled out (block chain being a first), we will see new iteration of issues for the law, for both the CPS and DPP as it cannot progress forward in light of the legal parties not comprehending the technology in front of them, so showing wrongdoing will become an increasingly hard task for lawyer to work with. The biggest issue is that as it is all virtual, the issue of non-repudiation goes out of the window. Not only will it become close to impossible to work with the premise of ‘beyond all reasonable doubt‘, there is the fact that ‘proof on a balance of probabilities‘ is becoming equally a stretch. The fact of non-repudiation is only one of several factors. So as we have seen that successful criminals tend to hide on the edge of technology, the chance to stop them is becoming increasingly less likely.

This now gets us to the statement “In the wake of the Panama Papers revelation from law firm Mossack Fonseca, Mr Raphael cautioned that clients’ criminal activities can come back to haunt their law firms“, the fact that both former prime ministers involved in the Panama paper scandals, Bjarni Benediktsson and Sigmundur Davíð Gunnlaugsson, have been re-elected to the Icelandic parliament (Source: IceNews), so it seems that the Panama papers are a little less of a haunt. In addition there will be a long debate of what constitutes the difference between Tax Avoidance and Tax Evasion, because only one of those two is illegal. In addition certain questions on how 2.6TB was leaked and no alarms went off is also an issue, because the time required to get a hold of such a large amount of documents would take a monumental amount of time and with every option to shorten the path, alarms should have been ringing. When we consider the basic IT issues, we get partial answers but not the answers that clearly address the issues, as they did not. The time it had required to do all this should have placed it on the IT radar and that never happened. So as we see on how patches and security risks are now being pushed for as a reason, we need to wonder if Mossack Fonseca could have been the wealthy party it claimed to have been. When we consider the expression ‘a fool and his money are soon parted‘ the lowest level of IT transgressions that have been seemingly overlooked gives rise to a total lack of Common Cyber Sense, staff that should have been regarded as incompetent and an infrastructure that was lacking to a much larger degree. You see, even before we get to the topic of  ‘illegally obtained data‘ which was used for investigations that have convicted people of crimes, the larger issue that could be in play  on the foundation of that data alone, a few prison sentences could be regarded as invalid, or might get overturned soon enough. There were cases where the story gives clear indications of what was done and here we see the consideration of what is admissible evidence. In this, the one step back is the IT part. The hardware would have regarded as little as $100K to upgrade to better security standards and hiring a better level of University Student in his or her final year might have given a much safer IT environment, perhaps even at half the current cost.

All issues worthy of debate, yet none of it hitting the lawyers; it more hits the infrastructure of it all. Yet these two issues that might now be seen as real hindrances for lawyers, in a place of laws that are now seemingly too weak, the law, not the lawyer. So as we recollect the Toronto Star in January 2017 where we see “Canada is a good place to create tax planning structures to minimize taxes like interest, dividends, capital gains, retirement income and rental income,” when we see the added “the Canadian government has made it easier than ever for criminals and tax cheats to move money in and out by signing tax agreements with 115 countries” we see growing evidence that the law is getting hindered by eager politicians making their mark for large corporations through the signing of tax agreements, and what they think would be long term benefits for their economy, whilst in actuality the opposite becomes the case. So every clever Tom, Dick and Mossack Fonseca can set up valid and legal shapes of international corporations all paying slightly less than a farthing for all their taxations. Legal paths, enabled by politicians and as the laws are not adjusted we can all idly stand by how nothing illegal is going on. So as we admire the weakly lawyers, we get to realise that the law and the politicians adjusting it weakened their impact.

In all this at no point would the Lawyer have been an accomplice. The data lies with IT, the setting of these off shore accounts were largely valid and legally sound and in that, there could always be a bad apple, yet that does not make the Lawyer an accomplice. That brings us to the final part which we see with “Money laundering has been in the spotlight recently, with the Commonwealth Bank facing punishment for failing to report suspicious deposits in its ATMs“. It needs to be seen against “Mr Raphael insisted that lawyers have an ethical obligation to ensure they do not support or enable white-collar crime” in this the banks are already faltering. We seek the dark light events of PwC and Mossack Fonseca, yet the basics are already getting ignored. I believe that the article is missing a part, I feel certain that it has at least been on the mind of my jurisprudential peer. You see, the legal councils will need to evolve. Not only will they need to do what they are already doing, the path where they (or more likely their interns) start to teach IT and other divisions a legal introduction on what is white collar crimes. The fact on how ‘suspicious deposits‘ could be a white collar crime is becoming more and more visible. I see that the education of IP legality in IT is now growing and growing. The intertwining can no longer be avoided. Now, we can agree that an IT person does not need a law degree, but the essential need to comprehend certain parts, in the growing mountains of data is more and more a given.

In all this there is one clear part that I oppose with Mr Raphael, it is the statement ‘There’s nothing cultural about greed‘, you see, as I personally see it that is no longer true, the corporate culture that is globally embraced made it so!

 

Leave a comment

Filed under Finance, IT, Law, Military, Politics, Science

Dangers of Android?

Today I got confronted with a danger that Android poses. Yet, is this truly an Android issue? An Apple user will of course nod yes in a very rapid way. My Huawei is not the only one hindered by this. At Android central the following was found: “Are the apps definitely being removed from the App Drawer, or is it just that the shortcut is disappearing from your home screen?

This is of course a fair question, it still is not OK, but the difference between an app and a shortcut is quite the difference.

It turns out that the apps are on my phone, but they no longer run, they are now called ‘com.spyfox.tripletown‘. The apps seem to have gotten themselves damaged. The question no becomes why. At this point I also notice a program called ‘Li emotion’. The kanji next to it gives it away. My question now becomes ‘what is this and what does it do? This is because it is a separate app, I never installed it (as far as I can tell) and the rights it does have are massive. Yet there is no indication what it is, why it is on my phone and why it is allowed to do many things without my permission. It does not take too long that this is part of the Huawei Emui, so there is no real issue as the operating system needs to be able to do all this. Comprehension was the mere element that resolved everything.

This does not solve my app issue (which actually fixed itself) and gets us to the Guardian video (at http://www.theguardian.com/silent-circle-partner-zone/video/2015/aug/17/smartphone-users-read-their-app-permissions-out-loud-video). So yes, when we see the rights and speak them out loud, they sound very disconcerting. But why is it such an issue? ‘Modify calendar events and send e-mails without my knowledge‘ sounds extremely offensive, but now realise that you set up a meeting, you change the meeting and all parties are automatically updated through messages. Did you know that they got another mail stating that the meeting had changed? There you go, mystery solved. Apps ‘reading your text message‘ sounds like a worry, but is that program actually comprehending the information, or does ‘reading’ mean ‘parsing’, processing the text in all this? Computer lingo for the layman is not the easiest task.

In all this the one that stood out for me was ‘I give this app permission to automatically turn of airplane mode‘ if airplane mode was there for safety reasons (the airplane message no one ever believed that mobile phones interfered with airplane instruments), than the option to turn that off should not be allowed, but in all that, this could be as simple as the dialogue box ‘Would you like to deactivate airplane mode?‘ The video ends with ‘the biggest risk to you and your privacy is your smartphone‘, this is a decent claim to make. In all this, it is actually about users and consumers who do not understand (read comprehend) what they are agreeing to. They do not understand what they have consented to. That is always dangerous, because the things you do not realise are the issues that turn you into the greater fool. Here we can paraphrase the greater fool theory which states that “the price of an object is determined not by its intrinsic value, but rather by irrational beliefs and expectations of market participants” into “the security of your environment is determined not by the borders you mentally erect, but rather by naive believe that the applications on your smartphone will respect them“.

You see, I believe that people should be worried about privacy, and #Privacynow is a valid need, but what is your actual privacy? The way that they are getting there is a little bit of a worry, yet the path is not without valid reason. Consider the quote “It’s common for users to employ the same username and password across systems, so if someone compromises that particular password, the potential also exists for them to compromise additional user accounts“, this is a worry in one way, because is this about the safety of the phone and its apps or is this about Common Cyber Sense? Something I have been advocating for about 2 decades. So how is this a danger for Android? That is part of the issue. In my view the danger to IOS is not smaller and the danger is nor subsiding any day soon. One of the earliest sources is around 2008, in 2010 Computer world, CNet and other sources stated “About 20 percent of the 48,000 apps in the Android marketplace allow a third-party application access to sensitive or private information, according to a report released on Tuesday“, there are two sides here. In the first, is this like the earlier issues in the video and stated, ‘a form of feigned transgression?’ Or is this in the second ‘leaky security that leads to open access of information?’ There is however a third option, apps that were created that are intent on creating a backdoor that allows access to all data. It is the third that is a true danger, yet how realistic is this danger?

Computerworld stated this from a Google representative: “This report falsely suggests that Android users don’t have control over which apps access their data.  Not only must each Android app gets users’ Permission to access sensitive information, but developers must also go through billing background checks to confirm their real identities, and we will disable any apps that are found to be malicious“, this is not just clearly the case, there is supporting evidence on several levels that this is true. In addition, these parts are quotes from 2010 and since then both Apple and Google have upped the security game by a lot. Still, it is the news from last week (at http://www.wired.com/2015/10/iphone-malware-hitting-china-lets-not-next/) ‘iPhone Malware Is Hitting China. Let’s Not Be Next‘ is the issue today. The quote “Unlike previous spates of iOS-targeted malware, many of those victims hadn’t jailbroken their phones to install unauthorized apps. The two back-to-back attacks—one far more sophisticated than the other but both unprecedented in iOS’s history—suggest that complacent iPhone users around the world could be in for the same nasty shock“, the issue has now become the fact regarding ‘non jailbroken systems’, which implies that either a flaw has popped up in the Apple device, or overall a new level of access has become a worry. It is the quote that follows which now is centre in all this “Apple has said that only iOS 8.3 and earlier were left open to the attack. Later versions limited access to the APIs it exploited to plant its ads“, so we can accept that we all install the latest versions, yet what happens to those who have an older device (like the iPhone 4)? There are plenty of things people can do that prevent these issues, and in all this ‘Common Cyber Sense’ remains the big issue. So is China hindered by a massive lack of Common Cyber Sense?

Here we now see the evolution that is the danger. It is the assumption of the user. The laziness of their usage and the ignorance of the effects that they easily embrace. The quote “Don’t install strange apps that appear in pop-ups online and aren’t found in Apple’s App Store” is the big part we must adhere too (well Apple users anyway), for most people like you and me, we use the Google Play Store sources only! Both Google and Apple have their methods in place. Would a three pronged app remain the issue as implied in the article? That is hard to state, but what is clear is that 99% of the dangers can be averted by using the reliable source and that reliable source only. The application of ‘Common Cyber Sense’ can aid you in averting another 0.9999%, which means that if you install 10,000 apps, there is a one in 10,000 chance of you ending up having a chance of being in danger.

Yet in all this, we should never relax about the technology we use and the danger it could bring. It is that fear that is driving people in all kinds of corners they never need to be in. When you have sex, not the committed relationship one, but the quickie with that girl next door for some slap and tickle. In that case do you practice safe sex? When you live in the city, do you go to work leaving the front door to your apartment wide open? In that same sense, when you use any technology that has your personal information, you use more than the minimum safety. That last part requires Common Cyber Sense. To the previous generation it is a harder thing to do, but it can still be done, to my generation it is an additional side to my workflow. It is the next generation that is now the part that matters. Many are taking the casual approach their parents (or bigger siblings) have, whilst not realising that Common Cyber Sense will be at the foundation of their lives. So, any OS will come with its own perils. Be it Windows, LINUX, Android, IOS or any other OS. They will face a new area that is on the move with such high speed that there is no way to predict where they will be in 7 years’ time. The dangers of a complete rewrite in an iterative world. You see until 2000, both hardware and software remained highly innovative, it was after 2003 that the iterative world was set in high gear. First Hardware and now to a larger extent Software has been in iterative mode. Yet the world behind all this, the security part has made leaps and bounds and to some extent not in a good way. Here we can make a connection to an article by Tarleton Gillespie from 2014 called ‘Facebook’s algorithm — why our assumptions are wrong, and our concerns are right‘. The quote “I will say that social science has moved into uncharted waters in the last decade, from the embrace of computational social scientific techniques, to the use of social media as experimental data stations, to new kinds of collaborations between university researchers and the information technology industry“. In addition there is “Those who are upset about this research are, according to its defenders, just ignorant of the realities of Facebook and its algorithm. More and more of our culture is curated algorithmically“. This is not upsetting or ground breaking, but it is the next part that links to all this. It is a blog article called ‘Analytic Suspicions‘ (at https://analyticsuspicions.wordpress.com/2013/02/25/metric-failures-and-data-assumptions-4-myths-of-social-analytics/), he is looking at a few myths in social media, in all this (it is a nice read and well written), I personally see one point that is not a myth, it is a worry and it seems to me that many remain ignorant on that danger. You see, the myths whether all Social Media is analysed, that Social Media data is clean enough to Analyse, Influencers should be targeted and sentiments analyses works. In all this we forget the 5th issue (this being the non-myth). The interaction of apps and data. The dangers that we interact our apps and the data that is linked to all this that is now becoming the true issue. You see, even with all the common cyber sense no matter how safe our mobile is, the data is still somewhere and that data becomes available, more data than we agreed on. Yet in all this is the mobile OS Android/IOS the weak link?

That is the part that is not addressed by many speakers in this realm. Some get scared by places like ‘life hacker’ and some are ignoring the woeful text that passes us by, yet when places like Forbes report that ‘Report: 97% Of Mobile Malware Is On Android‘ (at http://www.forbes.com/sites/gordonkelly/2014/03/24/report-97-of-mobile-malware-is-on-android-this-is-the-easy-way-you-stay-safe/) people get worried (even though the article is more than a year old). Yet the article enlightens us in many ways. The most important quote here is “here’s the part Google’s rivals don’t want you to know: the figures are misleading“, which is one side of the foundation. The second on is the part I already discussed “stick to buying apps on the Play Store and every one in 1000 apps you buy may have had malware for a brief period“, the word ‘may’ is essential and ‘brief period’ is also essential, in the end, the chance of you getting the winning lottery ticket could be slightly higher, odds I’ll take any day.

Yet in all this, with all the protection these providers offer, the number one danger is you!

Common Cyber Sense is the essential step of reducing that danger to almost zero (like 0.0001% chance).

In the end the danger of Android is almost the same as the danger to IOS, both large players presenting into the margins, which is where the mobile phone user (you know that pesky consumer) does not tend to be. Which takes us to the final part in all this. It was my blog article from the 4th of October (at https://lawlordtobe.com/2015/10/04/cisa-and-privacy-are-not-opposites/) ‘CISA and Privacy are not opposites‘, we get confronted with Silent Circle and their Blackphone 2. I have no doubt that Phil Zimmermann and Mike Janke are men of knowledge, determination and possibly even innovation. Yet, these skills do in my humble opinion not match up to the killer skills of the Google engineers with their keyboards. So when we see the quote in the Guardian (see previous blog link) “Google didn’t support the initial software build, something that probably helped make the phone more popular, rather than less“, do you think that this was done in envy by Google, or because their build did not hold up to scrutiny? That last part is speculation because I have no data or any evidence going one way or another. The Blackphone is marketed by intelligent people with skills, no one will doubt that, and it is also clear that Silent Circle is now tapping into a direction that is gaining traction, which means the market will most definitely grow in this direction. Yet in all this, considering all the facts, in how much danger is your data?

Sit in a quiet corner and let that questions sink in for a minute. I have been in the data field since 1989, in all that time the biggest threat was ‘data at rest’ (data saved on a device), meaning that this implies that you have strong passwords on your hotspot and Bluetooth capabilities, or just switch these options to ‘off’, not data that is moving from point A to Point B. Today both areas are a ‘threat’ and the second one only since very recent.

Since November 2012 I have had 2 phones, the second one I got this year because only now, my Android needs had grown beyond a 1 GB RAM phone. As far as I can tell I have only faced one issue and that was due to an ignorant third party developer and their dim witted approach to synchronisation. The simple use of Common Cyber Sense is all I needed. Basic steps that nearly anyone can adhere to. The threat of criminals and organised crime will not go away. Common Cyber Sense will keep them at bay and common sense should do the rest.

Which now takes us back to the title, you see, the dangers of Android are largely between your ears. The only dangers you face are the ones you open yourself up to! You should never stop asking questions on where things are and what you sign up to, that is common sense, but also feel free to question what certain things mean, it is in the comprehension that you find the answer. If there is one conundrum to leave you with then it is not android or IOS, consider the idea that a Facebook game wants you to give them access to your religious views, whatever for?

To pray for ammunition?

Well, so be it: ‘halleluiah’, now die you zombie master and give me my 10 points towards a high score!

 

Leave a comment

Filed under IT, Media, Science

A coin with more than two sides

Let us take a look at two of many more sides. The first side is given in this article: Google’s Vint Cerf warns of ‘digital Dark Age’ (at http://www.bbc.com/news/science-environment-31450389). The initial quote is “Vint Cerf, a ‘father of the internet’, says he is worried that all the images and documents we have been saving on computers will eventually be lost“. This sounds nice, but is that not the same as we have had forever? If we did not take care of our old photographs and our old negatives, than those pictures would be lost forever, so how is that different?

110mm_Agfa

See here, the picture of an Agfa Instamatic. It is almost identical to the camera I had in the late 70’s. So, how will you get those negatives developed? Where to buy film? Most will not care about it, many have bought new camera’s, but where to print the negatives you have? Nowadays with digital images, almost any printer will print it, almost every system will show them. How is that different? So are the words of Vint Cerf anything else but a sales pitch for some new ‘forever’ saved option, likely one that Google will offer and not unlikely in a way that gives Google shared ownership. Is that under the current feelings of ‘data collection’ such a sceptical view to have?

Now, I will state, that not unlike those old prints, the owner has the responsibility to keep the images safe, just like in the old days. Even if the originals (the digital negatives) are lost, as long as a print still exists, the image remains, just like the old photographs. Yet, his quote “But as technology moves on, they risk being lost in the wake of an accelerating digital revolution” holds truth, because that is not unlike the 110mm film issue. So as long as you have a data option that survives, like the 110mm negative holder, you can always get another print. So, CDROM’s in a writable version came in the late 90’s, so we only started to have a backup option for 20 years, yet affordable digital images would still need several more years. Yes, that market has grown exponential and now, we see the application of Common Cyber Sense in another way. Now, people will get confronted with the need to back things up. As the Digital disc evolved, so has the quality of these solutions. Now the discs last a lot longer, so backing up the old discs on new discs does make a whole lot of sense, so there is a side that makes perfect sense, but is that enough?

That part is shown in the following quote: “’I worry a great deal about that,’ Mr Cerf told me. ’You and I are experiencing things like this. Old formats of documents that we’ve created or presentations may not be readable by the latest version of the software because backwards compatibility is not always guaranteed’“. This is at the heart of what Vincent Serf is getting to, so he is definitely onto something. How many of you can still access all the WordPerfect files you created in 1992? Who can still access their FRED applications and their Ashton Tate’s Framework solutions? That list is slowly and surely getting close to zero. This is what Vincent is getting to and there list the crux, because this would have gone beyond mere images and what we currently still access. Consider the Digital VAX/VMS systems, the collected data that spans decades from 1982 onwards. The IBM series one (those 64Mb mainframes with 10 9” floppies), so Vincent is perfectly correct (as a man with his experience would be), but what solution to use? Yes, his idea is perfectly sound, but the issues that follows is the one that I have to some degree an issue with, you see, sometimes things get lost, which has happened throughout history, would our lives have been better if the Library of Alexandria survived? Would it be better, or would there be more and more incriminations? There is no way to know, but the issue can be explained in another way. This is a myth I heard in school a long time ago. The story is that a person could ask whatever he wanted for a created chess game. He asked for a grain in the first square, two in the second square and so on. By the time the board was half way through, the person paying for it would owe the person 2,147,483,648 grain seeds and that is just half way through. Now think of today’s world, where we collect everything. Like the chess board we collect every part and this just increased the junk we collect and that at a premium price. So what to keep? That is the hard part, it is interesting to keep on the side that sometimes we need to allow to lose things, but Vincent has a case. Now we look at one of the last quotes: “’Plainly not,’ Vint Cerf laughed. ‘But I think it is amusing to imagine that it is the year 3000 and you’ve done a Google search. The X-ray snapshot we are trying to capture should be transportable from one place to another. So, I should be able to move it from the Google cloud to some other cloud, or move it into a machine I have’“. Yes, there is the sales pitch. “Google search” and “move it from the Google cloud“, so there we have it, the Google cloud! Still, even though there is a sales pitch in here, does that make it a bad approach? Are we better because we save EVERYTHING? That is at the heart of this little conundrum. Now, those having their data on the old Cray might consider their data worthy, so do many who had their data on UNIX mini’s, but now consider every Novell edition, every desktop, now, it will be arbitrary if people decide to take these steps, yet what happens when all data can be baked up like this, what happens when some start ‘offering’ this for ‘free’? Who then co-owns that data, those solutions? Is that such a crazy thought to have?

Here is the last part: “And that’s the key issue here – how do I ensure in the distant future that the standards are still known, and I can still interpret this carefully constructed X-ray snapshot?” This is the part that is interesting; his concept of Digital Vellum is an interesting one. Yet, how should we move forward on that? What happens when these snapshots link up, when they connect, perhaps even interact? There is no way of knowing; perhaps this would be the beginning of a new evolution of data. Is that such a weird concept? Perhaps that is where we need to look at other sides too. Consider our insight, into our memories, our ‘wisdom’ and our ability to filter and extrapolate. Is this solution a primal step from near ‘artificial-intelligence’ to possible cyber/digital intelligence? The question becomes, if intelligence is grown from memories, what do we create when we give it everything we ever collected? I have seen the stories, the way some people think that the dangers of an artificial intelligence is so dangerous. We might consider the thoughts from the ‘Cyberdyne’ stories (Terminator series), but in the end, what if the digital intelligence is the beginning of our legacy? What if we learn to preserve ourselves, without leaving a carbon footprint, without being the deadly blight on nature? At some point we will stop to exist, we die; it is a simple consequence of nature, but what happened, if our wisdom is preserved? Many come with stories and nightmares of the loss of identity, but what happens if we can store intelligence? What happens if the next century Albert Einstein would be there to help us create progress, inspire innovation for all time? Is that such a bad thing? Some of these questions are beyond my ability to answer but there is a dangerous dark side too, what happens when this becomes commercial Intellectual Property? I am all for IP, yet, should cloned intelligence become the property of anyone? I feel that I might be alive long enough to actually see that question go to court. I hope that those making that decision are a lot wiser than I currently feel.

This now gets me to story two, which also came from the BBC (at http://www.bbc.com/news/technology-31440978), the story here is ‘Cybersecurity: Tech firms urged to share data with US‘, which gave me the initial scepticism regarding the Vint Cerf story. So, I am not linking them perse, they are separate stories. The initial quote is “Private tech firms should share more information with government and with each other to tackle cybercrime, according to US President Barack Obama“, I do not disagree with this thought, however, there is a side to this that is not addressed. The given quote is “Senior Google, Yahoo and Facebook executives turned down invitations to the summit, held at Stanford University“, so is this about not sharing, or about keeping the data non-sharable. There is part that we see when we look at the quote “Mr Obama is backing the creation of information sharing and analysis organisations (ISAOs) to help firms and government share material on potential threats“, yes, if we consider that Snowden fellow there could be issue, but is that a valid path? You see, consider how some do NOT want the cyber threat to reduce for the largest extent, consider how many software ‘solutions’ are out there, for viruses, phishing attacks, identity theft and several other parts. There are two dangers, at one part we have a possible solution to theoretically start solving and decently diminish the danger, the other side is on how all that data gets linked, that part in the wrong hands is a lot more dangerous than many could imagine.

The following quote adds to the worry: “Government cannot do this alone. But the fact is that the private sector can’t do it alone either because its government that often has the latest information on new threats” My issue is that this should not in the hands of any private part, it could be seen as the execution of the premise ‘absolute power corrupts absolutely’, those who face that lesson will not have an option. I would see a solution if there was collaboration between NSA, GCHQ, DGSE and a select few more. Reasoning? Cybercrimes have a distinct impact on national income and also national tax donations. They have all the drive to get it resolved. I have less faith in private companies, their allegiance is to profit, their board of directors and more profit. This is the issue as they will do what they need, someone falls on a sword and many get extremely wealthy, the data goes everywhere and many become exploitable, classifiable and re-sellable. I have been in data for decades, I think that governments can do what needs to be done, and it is time to change the cycle of re-iterated profit. Governments have made themselves the bitch of the private industries, the three mentioned initially is not enough, consider the quote down the line “Facebook, Yahoo, Google and Microsoft have all sent less senior executives to the conference“, so why was Microsoft not mentioned earlier? What is going on? The interesting part is that Bloomberg mentions Microsoft several times, the BBC article just twice. It is clear that something needs to be done on several levels, but it takes a different scope and a different approach, I feel decently certain that keeping the private touch out of this will be essential, for the reason that private companies have a mere commercial scope. I feel uncertain that this approach will work, it has not worked for a long time; I have seen ego and political play and personal reasoning interfere with results, in more than one nation. Whatever is done, it needs to be done, it needs to be done a lot faster than many consider and even though taking the politician out of a government seems to be impossible, we need to make sure that an approach is considered that does not allow for political exploitation, but how to get that done is another matter entirely.

 

1 Comment

Filed under IT, Law, Military, Politics

The next cyber wave

The news is almost two weeks old. There was no real reason to not look at it, I just missed the initial article. It happens! This is also at the heart of the issue on more than one level. Consider the quotes “The first 13-week programme for Cyber London (CyLon) will kick off in April, with a group of startups drawn from industries including defence, retail, telecoms and health services” and “On the one hand, the government is keen to invest in cyber-security startups: witness chancellor George Osborne’s announcement that GCHQ is investing “£3bn over nine years into developing the next stage of national cyber intelligence”“. So is this just about getting your fingers on a slice of this yummy slice of income? You see, this issue skates on problem that I (many others too) saw that Common Cyber Sense existed, but the bulk of companies treated it as an overhyped requirement. Yes, those managers were always so nervous when they got introduced to ‘costs’. I reckon that the Sony hack will remain the driving force for some time, in addition several business units are more and more in need for some better up to data encryption, so this cyber wave is getting some decent visibility. So as we look at the title ‘Cyber London aims to make the UK a launchpad for cyber-security startups‘ (at http://www.theguardian.com/technology/2015/jan/28/cyber-london-accelerator-cyber-security-startups).

There is no denying that the call of 9,000 million is a strong one, especially in this economy. More important, as more companies are gripped by a decent amount of fear regarding their own future, this event will be at the foundation of several longer running projects and corporations. There is of course question on what is real. That question becomes an issue when we see that even now, rumours still emerge on what happened in regards to who did the works on Sony and how it was done, especially in light that the article in Business Insider claims that the hackers still have access. The latter part will be speculated on by me later in this article.

For the most, the next cyber wave is a good thing, especially when thousands of data holders realise that their corporate future depends on keeping these systems decently safe. I use the term decently safe, because ‘complete’ safety is not something that is achievable, not on budget levels that many depend upon. Yes, security can be better and a lot of companies will invest, they will raise the threshold of many companies, yet will they raise it enough? That is at the foundation of what is about to come.

I predict that these startups are all about consultancy and some will offer products, some on safety and some on encryption. Encryption will be the next big thing, the question becomes how will encryption be properly managed? There are plenty of people who enthusiastically encrypt files and after that forget the password. So what then, all data lost? So, you see that clever solutions are needed, which will bring forth a new wave of solutions, new barriers and new bottlenecks. I wonder if these new startup firms have considered a trainings division, not one that is all about ‘their’ solutions and ‘their’ products, but all about raising proper awareness for Common Cyber Sense.

Training that is meant to give long term knowledge to people working at a firm as well as setting a proper initiation of knowledge with these companies, so that a wave of change will not start a rollercoaster of people jumping from firm to firm, a risk many companies will predict to hit them.

Now it is time for some speculation. I have been thinking on how Sony was hit. I came up with a possible idea on New Year’s Eve. When I wrote this part: “In my view of Occam’s razor, the insider part is much more apt”, my mind started to wander on how it was done.

Speculation on the Sony Hack

The inside story is on the hack of Sony, yes, there was a hack at some point, but, in my view, that is not what actually happened. a destruction was started, but that is not what started it, that is how it all ended. When I did my CCNA (2011), I had the initial idea. You see, hacking is about data at rest, so what happens when the hack is done when data is in motion? That part is often not considered, because it seemingly unmanageable, but is it? You see, when you buy the Cisco books on CCNA you get all the wisdom you need, Cisco is truly very thorough. It shows how packages are build, how frames are made and all in great detail. That wisdom can be bought with a mere $110 for two books.  Now we get to the good stuff, how hard is it to reengineer the frames into packages and after that into the actual data? Nearly all details are in these CCNA books. Now, managing hardware is different, you need some decent skills, more than I have, but the foundation of what is needed is all in the Cisco IOS. The hack would need to achieve two things.

  1. The frame that is send needed to be duplicated and ‘stored’.
  2. The ‘stored’ data needs to be transmitted without causing reason to look into spikes.

I think that ‘hackers’ have created a new level (as I mentioned before). I think that Cisco IOS was invisibly patched, patched, so that every package would be stored on the memory card in the router, in addition, the system would be set to move 2% during the day to an alternative location, at night, that percentage would be higher, like 3-5%. So overnight, most of the data would arrive at its secondary location. Normally CCNP technologists with years of experience will look into these matters, now look and investigate how many companies ACTUALLY employ CCNP or CCSI certified people. To do this, you would need one insider, someone in IT, one person to switch the compact flash card, stating 64Mb (if they still have any in existence) and put the sticker on a 512Gb Compact Flash card. Easy peasy! More important, who would ACTUALLY check the memory card for what was on it? The Cisco people will look at the startup file and only that one. The rest is easily hidden, over time the data is transferred, in the worst case, the culprit would only need to restart the routers and all activity would be completely hidden, until the coast is clear, afterwards the memory cards would be switched (if needed) and no trace of what happened would ever be there. What gave me the idea? Well I wondered about something similar, but most importantly, when I did my CCNA, the routers had 64Mb cards, I was amazed, because these suckers are no longer made, go to any shop and I would be surprised if you can even find any compact flash card smaller than 16Gb. Consider a place where Gb’s of data could be hidden under the eyes of everyone, especially as Cisco IOS has never been about file systems.

When the job was finished, the virus could be released damaging whatever they can, when cleanup starts, every aspect would be reset and wiped, whatever the culprit might have forgotten, the cleaning team might wipe.

So this is my speculation on how it was done, more importantly, it gives credibility to the claims that the hacks are still going on and the fact that no one has a clue how data was transferred, consider that this event was brokered over weeks, not in one instance, who else is getting their data syphoned? More importantly have these people involved in this next cyber wave considered this speculated path of transgression? If not, how safe would these systems end up being?

Let’s not forget that this was no easy feat. The system had to be re-programmed to some extent, no matter how enabling Cisco IOS is, this required top notch patches, which means that it required a CCSI or higher to get it done, more important would be the syphoning of the data in such a way that there would be no visible spike waking any eager beaver to prove themselves. That would require spiffy programming. Remember! This is all speculation; there is no evidence that this is what happened.

Yes, it is speculation and it might not be true, but at least I am not pointing the finger at a military force that still does artillery calculations with an abacus (another assumption on my side).

There are a few issues that remain, I think upping corporate awareness of Common Cyber Sense makes all the sense in the world, I reckon that the entire Cyber Security event in London is essential and it is good to have it in the Commonwealth. This industry will be at the foundation of growth when the economy picks up, having the UK play a centre role is good strategy and if it does evolve in the strongest way, a global financial node with improved cyber protection will lead to more business and possible even better business opportunities. This event also gives weight and view to my writing on January 29th and a few other occasions “As small innovators are given space to proceed and as larger players are denied blocking patents to force amalgamation of the true visionary into their moulding process that is the moment when economies will truly move forward. That is how you get forward momentum!“, this is something I have stated on several occasions and I truly believe that this will be the starting pulse to a stronger economy. It seems that the event creators Alex van Someren of Amadeus Capital Partners, Grace Cassy and Jonathan Luff of Epsilon Advisory Partners, and advisors Jon Bradford of startup accelerator TechStars and Eileen Burbridge of venture capital firm Passion Capital are on such a path. No matter how it is started, they are likely to get a first leg up as these startups will truly move forward. As the event stated: ‘No equity taken’, but it seems to me that on the receiving end of implementing working solutions, finder’s fees and linked contracts could be very very profitable and let’s face it, any surfer will tell you that being at the beginning of the wave gives you the best ride of all.

Let’s see what 2015 brings us, startups tend to be not too boring. Not unlike startups, so will be more waves of speculations on how Sony was hacked, the US government will likely continue on how North Korea was involved and at the centre of it all.

 

2 Comments

Filed under IT, Media, Politics, Science