Tag Archives: Common Cyber Sense

Two unrelated issues

OK, today is not the day to piss off Alexander Bortnikov, I wanted to do that just to celebrate his 11th anniversary of him being the Director of the FSB, as such my sense of humour demands that I would put a whoopi cushion on his car seat, alas, I could not get close, someone decided to try a novel approach to the concept of Suicide by Cop (at https://www.theguardian.com/world/2019/dec/19/moscow-shooting-russia-people-shot-dead-intelligence-agency), instead of pushing the buttons of a militia officer, we see the apparant acts of a looney tunes person who decided to fire on the reception of Federal Security Service, that is an act that will get you killed and he did. Now, let’s be clear, there is a reason to bring this up. You see there is one building in Moscow (basically in the entire CCCP), where the most vile, the most feared and the most despicable member of any Russian criminal organisation takes a detour, it is the Lubyanka building, the headquarters of the FSB in Moscow. Consider some Bratva captain, 120 Kg of muscles, fearless and life ignoring person ends up shaking and like a little girl that is crying, the cause would be one building in Russia that does that. So when a person comes around shooting at its reception, I tend to call that a novel way to invite Suicide by Cop and I cannot fathom the desperation from life that a person has to pull that off (there are 999 other ways to go with 99.99999% certainty and most of them are 100% less painful and scary), optionaly as distractions go, it is perhaps the worst one yet. 

Oh, and there is not some special required form of data intelligence required, we could argue that the fear for that building is handed to any Russian citizen when they start school, so for the life of me I can not figure out why someone would be this stupid, it is like grabbing a bucket of water from the Volga in Saratov and personally dumping the bucket in he Caspian Sea, not only meaningless, but you end up being alive at the end of that journey, attacking the FSB building with anything less than an entire army and your chances to survive become a whole lot less certain. Yet in all that, the fact that the attack made several newsgroups is important, you see, the news never sleeps, yet they do get to filter what we hear. 

From the Israeli news desk

The Guardian (at https://www.theguardian.com/world/2019/dec/19/israeli-spyware-allegedly-used-to-target-pakistani-officials-phones) (as well as Israeli Newspapers, give us ‘Israeli spyware allegedly used to target Pakistani officials’ phones‘, with the byline ‘NSO Group malware may have been used to access WhatsApp messages for ‘state-on-state’ espionage’, news that made a lot less newspapers on a global scale, is that not weird? Now, I am not stating whether there is validity, I am not stating on behalf of the NSO Group that it is false, yet this private firm founded by Niv Carmi, Omri Lavie and Shalev Hulio is showing to be an expert company in acquiring information. The papers need to guard their words and I get that, yet when we see anonymous sources and “those who could have been compromised” I feel like I am in a play that I have seen before. The more important part is “All the suspected intrusions exploited a vulnerability in WhatsApp software that potentially allowed the users of the malware to access messages and data on the targets’ phones“, yet it seems that there is not really that much taste for the weakness of the makers, is there?

When get the optional state where we see “The lawsuit claimed intended targets included “attorneys, journalists, human rights activists, political dissidents, diplomats, and other senior foreign government officials”” and in that state I would make the demand ‘can we see those names please?‘ Yet it is a personal demand that will not be answered, there is too much doubt on the who did what and who wanted to know. I have a little more faith in “NSO has said it will vigorously contest the claim and has insisted that its technology is only used by law enforcement agencies around the world to snare criminals, terrorists and paedophiles“, you see that is a business approach to intelligence that brings money on the table and Yes, there is a chance that someone wanted to know more about certain Pakistani, yet that list given by Facebook is just a little too weird, yet the names might brighten up the need for it, and as we are treated to “The alleged targeting of Pakistani officials gives a first insight into how NSO’s signature “Pegasus” spyware could have been used for “state-on-state” espionage“, it is the difference of stance, the state of ‘alleged‘ that brings the doubt. In the article I do not disagree with “This kind of spyware is marketed as designed for criminal investigations. But the open secret is that it also winds up being used for political surveillance and government-on-government spying” for that we need to say that John Scott-Railton is seemingly completely correct, yet in all this, we see and identify a timeline and it becomes more and more apparent that not only did other interest groups (CIA, FBI, MI-5, MI-6, DGSE, et al) need this weakness, we see a longer timeline and we wonder what WhatsApp and Facebook have done about it so far. More important, why would any official use something like WhatsApp? I mean for private use, yes, yet for their business phone? It is the application of Common Cyber Sense that is lacking here and to give all that data to Facebook (WhatsApp) is calling some parts into question. CBS News gave the people in 2018 ‘WhatsApp co-founder: “I sold my users’ privacy” to Facebook‘, I get it! Cambridge Analytica changed a lot, but so it would have changed a lot for state players, as such the act of pushing for WhatsApp in government and secure conversations, it does not make sense. CBS also gave us in 2018 “U.S. intelligence agencies have said that Russian actors used Facebook and Instagram to wage a campaign of disinformation in the election” and if WhatsApp and Facebook are owned by the same person we see the even larger lack of Common Cyber Sense. WhatsApp has been the name in Scandals in 2017 and 2018 as well, so when the needed question ‘Why is a state player using WhatsApp in the age of Common Cyber Sense?‘ comes out, we see that the bulk of people, hacktivists and journalists have not asked this question, just like the weird part where we all look at the attack on Lubyanka, and no one looks beyond a certain point. 

This view does not exonorte the NSO group, yet it is asking larger questions that take the group out of the field of vision and looks at the larger issues. More important the claim “While it is not clear who wanted to target Pakistani government officials, the details are likely to fuel speculation that India could have been using NSO technology for domestic and international surveillance“, you see pointing at their natural enemy is fun, however the fact that most European intelligence groups want to know about scores of Pakistani is also left off the table, in light of Pakistan and its Middle East connections, so are Israel and America, especially as America is losing foothold in the Middle East, finding any Russsian link to any Pakistani would be worth a lot to them, they lack all plenty of resources there.

You see, there is all the need for action when we see “The government of the Indian prime minister, Narendra Modi, is facing questions from human rights activists about whether it has bought NSO technology after it emerged that 121 WhatsApp users in India were allegedly targeted earlier this year” however everyone is overlooking ‘121‘ as a number. There are 400 million WhatsApp users in India, nobody would get to the 121 users in such a short time, the absence of ‘alleged‘ and optionally ‘so far 121 alleged users have been found‘ is a much larger issue that anyone realises. The fact that there are more questions popping up regarding the alleged NSO software is also overlooked. There is a much larger play in the field and it seems that certain people do not look towards certain players and the absence of Common Cyber Sense is just overwhelmingly staggering. It is almost like you are tired of life and decide to attack FSB headquarters with a gun. 

Yet in all this, the amount of users in Pakistan is also the part we need to look at, you cannot merely check in seconds, this is a not an on the fly solution, so there are all kinds of questions, especially with 1.5 billion users of that app, we see a lack of thoughts, questions and especially software engineers treating the software weakness and this has been going on for quite some time. the fact that the larger collection of media is not getting to this question is just allegedly largely insane. 

So as we consider “users in India were allegedly targeted earlier this year” we need to ask, how long until this glitch is fixed? The fact that certain glitches have been there since 2017 is a much larger concern, but the media does not stop at this point, does it? I reckon they are taking their time looking at the one suicidal person pointlessly attacking Lubyanka.

Two issues that might seem unrelated (and they are not), yet it tells a lot more about the media and state players than you should be comfortable with, feel free to WhatsApp that question to others, the state players will get to it eventually.

 

Leave a comment

Filed under IT, Media, Military, Politics, Science

Finally!

Yup, there is a new fashion in town and it will force the companies to fix the one element in IT that most corporations have ignored fixing for the longest of times. The issue that needed fixing for the longest time was non-repudiation, the issue has been clearly around for almost 10 years, 15 if you want to set a time table, but today on LinkedIn ‘Netflix and don’t share‘ shows that the industry will start doing something about it. The problem is what drives the masses to think that a paid service could ever be free. And even as we see: “Market leader Netflix has already declared it is examining how to curtail password sharing among family and friends. But streamers are treading carefully in teaming up “against the grifters,” aware of the backlash record labels previously generated in the Napster era” we need to be aware of the setting that it is a Netflix world and if you don’t pay, that is fair enough, but it also means that you can’t have Netflix. This issue is not limited to Netflix, it has a setting in video games, a setting in programs and in the past it had a setting in music. The problem is how to go about it. For places like Netflix, there is the non-repudiation solution, so in your network there are a few devices that could be set to receive, in the home environment the router tends to be the most culpable solution, yet in equal measure the home devices are also solutions that give rise to the patch of hardware that will allow one person to be connected, as such, Netflix was nice enough to allow 4 devices to be linked. Yet what to use as a system of non-repudation?

Well, email is certainly one way of doing it, but that only helps to some extent, the nice part about e-mails are that it allows Netflix (and like-minded people) to communicate with the owner on hardware, so as long as the email address is not hacked, this is decently safe.

Non-Repudiation

The term Non-Repudiation is not new, It refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated. So you and only you could have instigated the connection, bio-metrics are only one part of it, so is a password, non-repudiation is more, an autograph have the elements to complete non-repudiation, but in automated traffic, a copy of a autograph is becoming exceedingly simple, so we need to set the state where two tiered enabling is the way to go. Even if the origin of the two tiers was done in separate ways, combining them in any stream would be a decent level of assurance to convict a jury of peers (and Netflix) that only you could have instigated the stream. And Netflix is not the only one seeking for a solution. Bank solutions, use a pin and a bank pass, it is close but in in the end it is not real non-repudiation. Netflix needs to find a solution and whatever they find will push authentication technology.

And the system needs to be simple, not just for customers sake, the setting of complexity in these matters was best described by Scotty the Chief Engineer in Star Trek 3 whilst sabotaging the Excelsior: “The more they over-think the plumbing, the easier it is to stop up the drain“, it does apply to authentication and non-repudiation systems, especially when distance is an issue. So whatever we have at point X requesting for an authentication that tends to be the soft spot in the track.

It has to be simple, it needs to always work and it needs to set 2-3 alternatives at the spot. The problem with such a system is that it is not really non-repudiation at that point.

For example

A programmable dongle can be hacked; the hacked account can be copied. And these dongles will come from somewhere, so criminals will end up having access to the stuff they need.

As such the best you can hope for is a system that will take out 80% from accessing such a solution, add proper cyber solutions in the form of law and you have a solution that a company can live with, as it deals with 10% of the outstanding 20%. It is not pretty at times, but at least it works. So these solutions could stop 90% from using stated systems in a non-paying capacity.

We can go in all directions from there, but the world needs a solution where non-repudiation will stop 96% dead in its track, and only up to 1% would be able to find a workaround. Making the non-repudiation system a 98.9999% working solution. I reckon that this is as good a solution as we are going to get and the solution is needed faster as 5G will require correct non-repudiation solutions to be up and running. With 5G out and about, the criminals get a 500% chance to get to more systems to infect more and more devices as such the need for Common Cyber Sense is becoming a pressing matter and from there we can move onto non-repudiation. Consider that the current situation allowed cyber criminals to lay their fingers on $120 billion dollars and with 5G out and about criminals will have access to well over half a trillion dollars, one could argue that it is a great day to be a cyber-criminal, or we can do something about it, because the one thing I do know is that the banks will only take hits for as long as they cannot make a case for ‘negligent care, the person did not take care of the item like a father would take care of its child‘, that is not some rant, the art world is already working with terms like that. How long will it be until banks and payment systems will take the same steps? At that point, the hardship will fall on the owner of the hit bank account, not the bank, unless a clear established path of evidence is presented that the bank itself was the intended target.

Oh, and when banks are no longer held accountable how much attention do you think that the FBI has for little you? Common Cyber Sense will be the immediate requirement.

Non-repudiation will be the big next thing soon enough and whoever gets a system like that up and running will make an absolute fortune, it would change my 5G IP systems into small change, nothing more. It is the next thing and we are in dire need for such an inventor soon enough, not just Netflix.

 

Leave a comment

Filed under Finance, IT, Law, Media, Military, Politics, Science

Hammering Facebook

The Guardian has another story, which was updated a mere 6 hours ago. To be honest, I am a little ticked off. I get that the Guardian is giving us this and it makes perfect sense, it is news. Yet when I see ‘Fake news inquiry: Facebook questioned by MPs from around the world – as it happened‘ (at https://www.theguardian.com/technology/live/2018/nov/27/fake-news-inquiry-facebook-to-face-mps-from-around-the-world-mark-zuckerberg-live-updates), whilst in the same setting we see newspapers ‘hiding’ behind ‘from an unnamed source’, when we get blasted by well over 64 million results in Google Search on the death of a journalist that close to nobody gives a hoot about, the entire ‘fake news‘ seems to be nothing more than a targeted sham to me. Not the element of fake news, I get that, but some of the players are a little too hypocrite to my liking.

So let’s take a look at a few of these issues we see (at https://www.theguardian.com/technology/2018/nov/27/facebook-fake-news-inquiry-the-countries-demanding-answers).

Ireland: “The Irish government is reviewing proposed legislation to promote online safety amid an outcry that tech companies are unable or unwilling to tackle harmful content. The move jars with Dublin’s normally effusive support for tech companies with an Irish base. Facebook has its European headquarters in Dublin and falls under the remit of Irish data protection authorities“. The first thing to do is look at the definition. The European commission gives us: “Harmful content, is authorized material subject to distribution restrictions (adults only, for example) or material which some users may find offensive even if, on the grounds of freedom of speech, there are no restrictions on publication.” First of all, the Pornhub site is freely available to every man, woman and child. In addition there is a porn version of YouTube that is also freely available, from that we can see that Ireland has a lot of other worries and these two are not available through Facebook. When we look at Ireland we see a nation that given in to big business through tax laws at the drop of any hat and they have harmful content issues? In addition the Times gave us on November 6th: “Google and Facebook will call on the government today to define exactly what kind of content a proposed digital safety commissioner would have the power to remove online.” It becomes a lot more entertaining when we see in Fine Gael last week: “Fine Gael TD Hildegarde Naughton will travel to Westminster next Tuesday (November 27th) for a meeting of the International Grand Committee on Communications”, as well as ““Social media companies cannot hide from the genuine concerns of national parliaments from around the globe, it is imperative they engage with us in a meaningful way. “This document sets out a blueprint for how that can be done.” It is entertaining as she seemingly has a document whilst this entire setting has been going on for years (even before Cambridge Analytics). That entire meeting is in my personal opinion as hollow as it sounds. All trying to look important, yet where is that so called document from Hildegarde Naughton? It does not seem to be on the HN site (at http://www.hildegarde.ie), so where is it? When we are told: ‘This document builds upon the work done by the Oireachtas Communications Committee‘, we should be able to read and scrutinise it. You see, the Irish Law Reform Commission has a 2016 document (at https://www.lawreform.ie/_fileupload/Reports/Full%20Colour%20Cover%20Report%20on%20Harmful%20Communications%20and%20Digital%20Safety.pdf), it is merely that or a continuance of that? And this document is important, especially on page 165 where we see: “The definition of “communication” implements the recommendation in paragraph 2.53 that the proposed legislation on harmful communications should apply to all forms of communication, whether offline or online, analogue or digital, and therefore the definition includes communication by speech, by letter, by camera, by telephone (including SMS text message), by smart phone, by any digital or online communication (including the internet, a search engine, a social media platform, a social media site or the world wide web), or by any other telecommunications system.

This now implies that art is now no longer merely in the eyes of the beholder, basically if any art is regarded as harmful content, is comes under scrutiny (read: censoring) A massive part from Facebook is relying on art to propagate via digital medium, digital art is still in its infancy and it seems that this offends Ireland in the broader view it has, it is in that view that my message to Hildegarde Naughton is seen (at https://www.independent.ie/irish-news/courts/priest-who-sexually-assaulted-girl-6-during-first-confession-avoids-jail-due-to-old-age-and-health-problems-36840577.html). When we contemplate that when you have health issues and you are old, it seems fine to rape a six year old. It is all in the nuance, is it not? So, what will you do when you consider this Grigor Malinov painting to be harmful content? Add a Jade Swim bikini with a brush and a fashionable colour? In light of what certain people get away with, the entire harmful content is not a joke, yet hammer Facebook with it, whilst there are other players openly in the field is too weird as I personally see it.

Then we get a Turkish advertisement variant with ‘MPs do not intend to publish Six4Three documents today, Collins says‘, either you have the documents and you inform the public, or you go home and polish your silverware! You scream fake news and leave the audience in innuendo and what I personally perceive as intentional miscommunication, and haven’t we seen enough of that?

Blame Canada

I can’t resist, whenever I see a Canadian flag, a Canuck or anything Canadian I think of that South Park song. It’s nothing negative, I think that Canada is awesome in hockey, it seems to have great people (several attended UTS with me) and it seems to have a healthy life. I’d take a job in Canada any day if possible (as well as the opportunity to watch Hockey almost every night), I might even be good enough to be a goalie for one of their NHL teams, even though I am nowhere near Martin Jones as a goalie (I merely wish I was). So Canada gives us: ‘Facebook inflated video viewing times for two years‘, I actually see an issue here, the Guardian gives us “only counting views lasting more than 3 seconds, the time a video must be seen to count as a view“, yet with YouTube the skip moment is 5 seconds an now as some people get 100% more ads with many of them not with the option to be skipped we see a shifted trend. This might be YouTube, yet there is no chance that this does not affect Facebook, giving rise that Canada has as optional a valid issue. Richard Allan (Facebook) gives us: ““it depends on the problem we’re trying to solve”“, something that might be valid, yet in the question by Charlie Angus we see: “Facebook has inflated video metrics, overstated for two years. “I would consider that corporate fraud, on a massive scale,” he says, “and the best fix is anti-trust. The simplest form of regulation would be to break facebook up, or treat it as a utility, so that we can all be sure that we’re counting metrics that are accurate or true.” I see his failure as a setting as there is a large intertwined part of Facebook, Vines, YouTube and a few other medium adding fuel to the video metrics, no matter if all hosted on Facebook. You would have to set the stage for all and to merely have Facebook here is a faulty stage, we get pushed into an assumption pool of no facts and biased metrics making matters merely worse. I feel certain that Charlie Angus should have and probably did know this making the issue a tainted one on more than one level.

Finally, let’s go out with a bang and add Latvia to the stage. When we get Latvia’s Inese Lībiņa-Egnere, we get the question: “how Facebook can help countries like Latvia, that face specific threats from Russia“. It took me around three minutes to stop laughing, I should be serious, but I cannot hold my straight face. You see, that is not the job of Facebook. I will go one step further, by stating: “Dear Inese, have you considered adding digital responsibility to both the Drošības policija and the Militārās izlūkošanas un drošības dienests?” There is an unconfirmed rumour that one of your routers is still set to ‘Passw0rd‘ and another one to ‘Cisco123‘, can you please confirm that? In light of the fact that ‘https://www.zs.mil.lv/lv/kontakti‘ directly links to Facebook pages, one might see how the Latvian military (as well as Latvian intelligence) could get phished in several ways, especially when there is the chance that some alleged under dressed biker chick would have been looking for ‘adventurous officers’. It gets to be even more fun when that alleged woman look a lot like a vogue model. You should introduce them to: (https://heimdalsecurity.com/blog/fake-facebook-scams/), to have Common Cyber Sense is a government’s responsibility. Getting Facebook to do free consultancy via a hearing is just not Cricket.

I will end this with Brazil, I really liked his question: ‘He asks what Facebook is doing to prevent improper manipulation of its algorithms to prevent illegal manipulation of elections‘. It is a good and important question. I think the newspapers, especially the tech columns should spend space on this and let Facebook show them what is being done, what the impact is, how those metrics were generated and how its validity was checked. I think that the problem is a lot larger than we imagine. I would set a line towards American soft money. It has never been regulated and it still is not. We talk about fake news and political influence, whilst soft money is doing that in the US from the day after a president is elected all the way up to the next presidential election (or the senate, or congress). It is basically shouting at one, whilst the other element is ignored. The difference is that digital campaigns give anyone all the soft money they need, taking the rich out of the equation, the fact that I have not seen anything towards these lines gives a larger implied weight on all media. All those newspapers with ‘from an unnamed source‘ and that is where the blockage begins. There is a setting that it is not the ability or Russia, but the failing of others not correctly countering digital media that is the problem and that was never a Facebook problem, it merely shows the incompetence of others and in an age of advanced nepotism it is a much harder pill to swallow.

In all this, I never claimed that Facebook is innocent, merely that there is a lack of the proper questions making it to the table and even as a few nations were addressed, the issue is a lot larger and needs addressing, preferably before the 5G tap opens which allows the digital media providers to deliver 500% more than it is delivering now.

I wonder how many players have considered the impact of that game changer.

 

Leave a comment

Filed under IT, Media, Military, Politics, Science

Game of Pawns

Most people have heard of the Game of Thrones, George R.R. Martin’s masterpiece filmed and shown by HBO. Its final season will come in 2019 and the air is filled with teasers, speculated spoilers and optional fan made false trailers. Yet have you heard of the game of pawns? This goes directly towards the entire Australian Encryption Bill. I spoke about it 2 days ago in ‘Clueless to the end‘, where we are introduced to the misrepresented views of Peter Dutton. On how he plays the system on getting the FAANG group to help him a little, which is exactly what the FAANG group is unwilling to do. In addition to what I wrote there is the voice of Paul Brookes, chair of Internet Australia. He gave us: “it is important for law enforcement to find ways to improve their capabilities for intercepting criminal activities through the communications sectors, “they must not do so via hastily enacted legislation which fails to consider the legitimate concerns and advice of global technology experts, and carries the very clear risk of creating more problems than it solves”“, in this Paul is right and the issue is growing on other settings too. In the last three days we have been made privy to: ‘Hackers stole millions of Facebook users’ highly sensitive data — and the FBI has asked it not to say who might be behind it‘. Optionally because they cannot unsubstantiated blame Russia again, yet in the much larger setting it seems that they do not have a clue. In addition, we see evolving today: ‘PS4 Users Are Claiming That Malicious Messages Are Breaking Their Consoles‘. The last one seemingly has a solution as reported by Kotaku: “It does seem that the exploit is purely text-based, so changing your PlayStation messenger privacy settings should prevent it from happening. You can do that by going to Account Management in your console Settings, heading to the Privacy Settings submenu, and changing Messaging settings to “Friends Only” or “No One,” meaning that only your pre-selected friends or no one at all can message you“. Two attacks, the second one without knowing the extent of the attack in a setting that could not have been prevented by the encryption bill, the fact that the authorities have been grasping in the dark gives a very clear view on how short the authorities are on the ability to stop these events. All the BS short-sighted attempts to access data whilst the entire communication system is flawed beyond belief shows just how clueless the governmental players have become.

So as this week is likely to be about: “It appears to be the worst hack in Facebook’s 14-year history“, many will all go into the blame game against Cambridge Analytical, ye the foundation is that the internet was always flawed, and again we see a setting where the failing of non-repudiation is at the core of certain events. A setting where ““access tokens” – essentially digital keys that give them full access to compromised users’ accounts“, done through hacks into vulnerabilities into a setting of ‘authentication’, where the optional ‘non-repudiation’ might have optionally prevented it. That basic flaw has been around for over a decade and the tech companies are unwilling to fix it, because it makes them accountable in several additional ways.

Non-Repudiation

In a setting where you and you alone could have done certain things, is stage against the setting of someone with the claimed authority has staged the deletion of all you created. That is the stage we are in and the damage is increasing. As more and more vulnerabilities are brought to light, the lack of actions are beyond belief.

The NPR reported something interesting that the initial sources did not give me. They give us: “the hack exploited three separate bugs in Facebook’s code. No passwords were compromised, but the hackers were able to gain “access tokens” that let them use accounts as though they were logged in as another person“, as far as I can speculate, non-Repudiation might not have allowed that, making non-repudiation a much larger priority for social media than ever before. The fact that the data captures are getting larger makes the change also a lot more important. If the value of Facebook is data, keeping that secure should be their first priority, the Encryption bill would also be a void part if non-repudiation becomes an actual part of our lives. The dire need of Common Cyber Sense is seen everywhere and we need to give less consideration to people who cannot keep their Common Cyber Sense.

You see, the issue is becoming a lot more important. The fact that these accounts are now sold on the dark web, with the by-line: “If sold individually at these prices, the value of the stolen data on the black market would be somewhere between $150m and $600m“, we are certain that this will get a lot worse before there is any improvement. It is my personal view that actively seeking a non-repudiation setting will hasten that process of making your data more secure.

It is in addition the setting that the Dream Market offers, which by the way is useless. The Chinese vendor offering the data, could in the end merely be an expelled student from any US university living in Dublin, there is at present no way to tell who Chernobyl 2550 actually is.

Finding and exploiting three bugs in Facebook gets you optionally half a billion, the governments are that far behind and there is no indication that they will catch up any day soon. When going back to the Facebook setting, we also saw “Facebook said third-party apps and Facebook apps like WhatsApp and Instagram were unaffected by the breach“, yet another source gives us: ‘WhatsApp Bug Allowed Hackers To Hack Your Account With Just A Video Call’ (at https://www.valuewalk.com/2018/10/whatsapp-bug-video-call-fixed/) implying that Facebook users are in a lot more peril then shown from the different media. We are given: “A security researcher at Google’s Project Zero discovered a strange bug in WhatsApp that allowed hackers to take control of the app if they just knew your phone number. All they had to do was placing you a video call and getting you to answer it. Though the WhatsApp bug was disclosed only on Tuesday, Google researcher Natalie Silvanovich had discovered and reported it to the Facebook-owned company back in August“. So even as it seems that Facebook is not giving us ‘faulty’ information; the mere fact on the existence of the flaw as seen with: “She disclosed the WhatsApp bug to the public only after the company fixed it via a software update. Silvanovich wrote in a bug report that heap corruption could occur when the WhatsApp app “receives a malformed RTP packet.” The bug affects only the Android and iOS versions of WhatsApp because they use the Real-time Transport Protocol (RTP) for video calling” is showing a dangerous setting where a number of failings within this year alone gives rise to the flaws in security and proper testing of apps and the stage of security is failing faster than we should be comfortable with.

So even as CBS News was all about hacking elections last week, giving us: “These cyber-attackers are driven by a variety of motivations, says Andrea Little Limbago, the chief social scientist at data security firm Endgame. “As long as attackers find it in their best interests or find the motivation to want to have some sort of effect … they’re going to think about what they could do with that access,” she says. “Especially China, Russia, and Iran.”“, the failing we see that there is a flaw in the system, it is not merely on pointing at the wrong players, it is about the flawed setting that some systems were breached in the first place. The larger setting is not the hack, it is access and the need for non-repudiation is growing at an alarming rate, in a setting where none of the players are ready to accept non-repudiation, we see a faulty authentication approach and that is the cost of doing business. So when you consider it a sign of the times, consider that I personally witnessed a bug that Whatsapp showed over 27 years ago, when a financial package on DEC VAX/VMS has something called Ross Systems. An intentional illegal action would crash your terminal program and leave any user in the VAX/VMS system with supervisor rights, with total access to every file on the server and every drive. Would it be nice if certain lessons were learned over a quarter of a century?

That is the issue sand the opposition of those who want to push out new features as soon as possible and that danger will only increase in a 5G setting, so when your mobile becomes your personal data server and someone does get access to all your credit card and health data, you only have yourself to blame, good luck trying to sue the technology companies on that. Actually that is exactly what Google is facing with class actions against both the Pixel and Pixel 2 at present. Should they lose these, then the ante goes up, because any case involving flawed data security, when flagged as inappropriately dealt with could cost Google a lot more than they are bargaining for, and it is not just Google, Apple, and Facebook will be in equal settings of discomfort.

If only they had properly looked at the issues, instead of seeking the limelight with a new fab. In the end, are we mere pawns to them, to be exploited and under secured for their short terms needs of clicks and sales pitches? What happens when it falls? They will still get their golden handshakes and a life without complications for decades, what are we left with when our value in data is sold on?

We are merely pawns in a game and no one wants the throne, they merely want to be the second fiddle and walk away overly rich (or own the Iron Bank), we enabled this, and we get to live with the fallout that comes next, all because non-repudiation was too hard for these players.

 

Leave a comment

Filed under IT, Media, Politics, Science

The Red Flags

Today is a day where we are overloaded with actions on parties, yet there is little evidence shown, actual evidence that gives light to the danger. So first we see Russia, the old red with hammer and sickle. First we see ‘Expulsions of Russians are pushback against Putin’s hybrid warfare‘ (at https://www.theguardian.com/world/2018/mar/26/expulsions-of-russians-are-pushback-against-putins-hybrid-warfare), as well as ‘More than 130 people could have been exposed to novichok, PM says‘ (at https://www.theguardian.com/uk-news/2018/mar/26/130-people-feared-exposed-to-novichok-in-spy-attack-says-pm). These two matters are shown to us giving two lights. The first is “The expulsions of Russian diplomats on Monday reflect how widely Vladimir Putin has attempted to wage his brand of hybrid warfare and how many leaders and their intelligence agencies he has angered in the process. Even before the Salisbury poisoning, many governments had lost patience with Vladimir Putin’s grey war for domestic reasons of their own. Their response is not just an act of solidarity with the UK but a collective pushback“, I am not denying any of this. There are indicators that Putin has been waging ‘war’ for some time. There is also the larger indication that he is moving on several fronts and he is gaining field in economic options in the Middle East, whilst America has lost footing. The US needs to appease Saudi Arabia to the maximum degree to avoid the dangers of losing even more footing in the Middle East.

It is with “In Lithuania, the government found Russian spyware on its computers. As far back as 2007, Estonia suffered a three-week wave of cyber-attacks” we do get a first issue, as well as with “US and EU expel scores of Russian diplomats over Skripal attack“. You see when governments start to react with “in a show of solidarity” you should all be aware that there is a lot more going on. This is not some form of ‘conspiracy theory’, this is merely facts that you can check. How much solidarity was shown when we all got screwed over by the meltdowns of 2004 and 2008? The economic impact was shown in several countries. Of course not as massive outside of the US, but we all felt the pinch, millions of us. So how much solidarity was shown AGAINST Wall Street? Please show me the evidence, because for the most, these people might have lost their jobs, but left so wealthy that these men could go into brothels for the rest of their lives, shopping for virgins. So when it comes to solidarity, i have merely seen that as a government sham over the last 10 years. In addition, even if we acknowledge that the Novichok is of Russian making, there is evidence that it was not uniquely in Russian hands. In addition, there are clear questions regarding Vil Mirzayanov as well as some of his statements as I showed in the earlier presented blog ‘Something for the Silver Screen?‘ (at https://lawlordtobe.com/2018/03/17/something-for-the-silver-screen/) where I gave the readers “Regarding new toxic chemicals not listed in the Annex on Chemicals but which may nevertheless pose a risk to the Convention, the SAB makes reference to “Novichoks”. The name “Novichok” is used in a publication of a former Soviet scientist who reported investigating a new class of nerve agents suitable for use as binary chemical weapons. The SAB states that it has insufficient information to comment on the existence or properties of “Novichoks””. Now we need to consider that both the OPCW and the SAB are incompetent beyond belief, or that we are now getting a collection of Fish Stories. They presented the statements in 2013. Now TASS (I know, not the greatest source of non-biased journalism) gives us “As far back as 1998, we looked though a regular edition of the spectral database released by the US National Bureau of Standards, which has spectral data on about 300,000 compounds and is regularly updated, to find an agent that caught our attention as it was an organophosphorate chemical. We understood that it must have a lethal effect. Now it has turned out that, judging by the name of that agent, it was Novichok A234. It has surfaced,” Igor Rybalchenko, chief of the ministry’s chemical laboratory, said in an interview with the Voskresny Vecher news roundup on the Rossiya-1 television channel“. You see, this is something that could have been checked. Is TASS lying? If not than we get the additional of what some might regard as ‘fuck ups‘ by both MI5 and GCHQ. In that regard, the less stated involving MI6 at present the better. Now, that part could be easily verified, yet the US and the UK have not given any clear evidence, whilst several sources have clearly shown that Novichoks were out there. If any of the sources, that I mentioned on Novichoks (like Leonard Rink), are shown to be true than there is a larger issue in play. The issue is that some governments are in denial over the evidence and facts and that is a bad thing. Let’s be clear, that does not absolve the USSR (I love the old names) on many of their actions, it merely shows that painting everything with a single brush shows other levels of incompetence on several fields. Even if that was the Intelligence branch intervening for whatever reason, they went about it really bad and the wrong people end up getting scorched. It is the Guardian that gets credits here for asking the hard questions. With ‘UK’s claims questioned: doubts voiced about source of Salisbury novichok‘ (at https://www.theguardian.com/uk-news/2018/mar/15/uks-claims-questioned-doubts-emerge-about-source-of-salisburys-novichok) it asks the harder questions and in there we see the conflicts that Craig Murray brings. With ““There is no evidence it was Russia. I am not ruling out that it could be Russia, though I don’t see the motive. I want to see where the evidence lies,” Murray said. “Anyone who expresses scepticism is seen as an enemy of the state.”“. I am pretty much on his side on this matter. I found issues that gave rise to the blanket accusation within 30 minutes, perhaps better stated it took an hour because the OPCW documents read as smooth as sandpaper, more boring materials and meetings will seldom be read. Besides the questions from the Guardian, not one of the newspapers dug into the overkill matter. The entire exercise too overly complicated. I could have mugged, executed the two making it look like a robbery in mere minutes (excluding preparation time), it would be done in no time and no chemical risks at all, to no one. So as we saw PM Theresa May give us “More than 130 people could have been exposed to the deadly nerve agent novichok during the Russian spy attack in Salisbury, Theresa May said on Monday“, yet no one raises that it could be a mere individual or even the Russian Mafia. Two likely considerations in all this, and not one has raised that part. No matter how we see the opposing players in Special Forces or Intelligence. To set the stage of 130 bystanders getting in the crossfires is a realistic thing in places like Syria and Yemen, where there is open warfare, in places like Chantilly, Cheltenham, St Petersburg, or Lille is not where one goes playing like that. You see killing a target, a valid target is one thing, doing it whilst setting the stage for getting +100 plus knowingly in the crossfires requires an entirely different type of psychopath and governments tend to not hire those types in the first place.

That alone merely emphasizes the part that my view has been correct all the time. In addition to that, we still have seen no clear stated evidence on how it was done. The Scotsman (at https://www.scotsman.com/news/uk/sergei-skripal-exposed-to-nerve-agent-through-car-vents-reports-1-4707852) stated “may have been exposed to a deadly nerve agent through his car’s ventilation system“, which they got from the US. You see, when we get ‘may have been‘ and ‘possibly‘, we need to realise that we are either kept in the dark, or they actually just do not know at present, which makes a case for blaming the Russian government a weird choice at best. And with every delay in this it merely shows that the entire mess is a lot larger, yet the media ignores that. I call that an actual problem.

I mentioned Lithuania earlier. Now, the following speculation does not absolve Russia, but when you realise that people like the Russian Mafia might oblige the Russian government at times, they are still in it for money, for simple profit and coin. So when we see: “In March 2016, Vladislav Reznik, a Deputy of the State Duma, has been put on the international wanted list and officially charged with membership in Tambovsko-Malyshevskie organized criminal group and money laundering in Spain. Reznik’s villa has been searched. According to the indictment, Reznik was among those controlling the gang operations and a member of Gennady Petrov’s business circle” as well as “€16 million have been received from the British Virgin Islands, Panama, Lithuania, Switzerland, Great Britain, and Russia. On the other hand, monetary funds amounting to some $8.5 million have been transferred from his accounts to Russia, Panama, Cayman Islands, and U.S.“, we see that Lithuania has larger players in the fold. If it is a vessel for transferring funds, having their cyber infrastructure under attack seems to be an effective way to keep the eyes peeled in different direction (extremely speculative), yet in support there is also “In July, Russian hackers were blamed for a similar assault on Lithuanian government Web sites. In Security Fix’s account of that attack, I posted a copy of a congratulatory letter sent to nationalist Russian hackers by Nikolai Kuryanovich, a former member of the Russian Duma. The missive is dated March 2006, and addresses the hacker group Slavic Union after the group had just completed a series of successful attacks against Israeli Web sites“, which is a first link from a ‘gov.ge‘ site. Cyberwar – Georgia

In addition there is “The wave of attacks came after a row erupted over the removal of the Bronze Soldier Soviet war memorial in Tallinn, the Estonian capital. The websites of government departments, political parties, banks and newspapers were all targeted. Analysts have immediately accused the Russian Business Network (RBN), a network of criminal hackers with close links to the Russian mafia and government, of the Georgian attacks“, now remember that Tallinn is in Estonia, not Lithuania. Yet the methods that the Russian Mafia uses are quite often duplicated (an Amway solution) and that part is not so far stretched. It is another cog that is showing us on the acts of the Russian Mafia. The Russian government is not absolved in all this, yet Theresa May did not tell us: ‘we have strong indications that a member or Russian organised crime with links to the Russian governments are behind this‘. No! She went straight for the Russian government and offered no clear evidence, that whilst the clear evidence could be largely dismissed in most courts with merely the use of the documents of the SAB, the OPCW and the testimony of Vil Mirzayanov who seemed to be interested in upping the sold copies of his 2008 publication.

There are sides to my story as well, parts I am not happy about, parts that should be scrutinised, yet in all this, the current facts and statements seem to take down the UK case at present. More importantly it shows us that the US is also playing the fear game, it is now more afraid than ever that it loses more and more turf in the Middle East, whilst Russia is moving forward. That scares them more than anything, even more than any Novichooks (yup intentional typo) in play, especially when we consider the danger that these weapons are and additional could be down the line, is that not odd either?

Ready Player Two

And that is not the whole story. You see in all this the other red flag has a star and a crescent moon. Yes it’s everyone’s favourite humanitarian setting (or was that lack off?), it is Turkey. So when we are again treated to the marketing of ‘Turkey needs Europe, Europe needs Turkey‘, the people in Europe need to run to the Brexit, or any EU-Exit they can find. I stated it in a previous blog with ‘This relates directly to Turkey, because it shows the desperate EU trying to open a many doors as possible‘. I did that in ‘A changing language‘ (at https://lawlordtobe.com/2018/02/15/a-changing-language/) well over a month ago. Now we see “Turkey is not doing very well economically, it needs outlets” said Lamberts, “and it is very clear that bad relations with Europe are harmful to Turkey, so somewhere on the economic level Erdogan needs Europe and Europe in fairness needs Turkey“, which Euro news gave us yesterday. So we see how Philippe Lamberts, a Belgian Green MEP is willing to throw values overboard, the economy does not allow for any humanitarian values. So when I see any journalists hiding behind ‘constant attacks on transgressions of human rights‘, whilst attacking governments making any kind of economy based deals. Can they just kindly go fuck themselves? When we see the Turkish joke evolving on the EU field, no journalist gets to use the ‘Human Rights‘ card for a long time to come. If you want to do that, go visit Turkey and protest in front of those prisons that have journalists locked up for life. Until you can make that change there, do not come crying on other shores. If you need actual Human rights issues, then perhaps turn to Canada where we got “A French waiter who was fired for his “aggressive, rude and disrespectful” manner has claimed compensation, insisting that his behaviour is not unusual, but that he is simply French“, that is the story of Guillame Rey from Vancouver Canada. that is where the Human Rights have gotten us and that is a real win for the ‘15 children that were killed in an airstrike as they hid in the basement of a school in the town of Arbin‘, yes a real humanitarian win in this. So even as the financial Times reported less than 2 hours ago “The EU said it failed to win a pledge from Turkey to free journalists it has jailed and improve other rights for its citizens but that it will maintain talks with President Recep Tayyip Erdogan after their first meeting in almost year“, we see no place stating that turkey will not become a member of the EU. It is another side where the gross negligence of evidence is taking the toll of our humanity. So as the President of the European Council Donald Tusk gives us “Only progress on these issues will allow us to improve EU-Turkey relations, including the accession process” (at https://www.ft.com/content/dbefa9e6-313d-11e8-b5bf-23cb17fd1498), so I am proven correct yet again, they merely need to push the EU deeper in debt, which according to Bloomberg is coming for certain through “Draghi’s call for patience and persistence in delivering stimulus, suggesting bond-buying will be extended beyond September” or set the stage where the so called Humanitarian principles are ignored, which has been the case for close to a year. It has only strengthened my view that the UK is a lot better off outside the EU, because this entire EU mess will collapse onto itself and woe to those who are left behind paying for it all. It could set back the economic markers for close to two generations in Europe, which should scare anyone in the EU.

The last red flag is North Korea (it has blue too)

I mentioned it some time ago. The entire Sony mess and blaming North Korea was never really resolved. So when I got the news from ABC stating “Secret intelligence documents and photos unilaterally collected by the U.S. military were among the stolen cache of South Korea’s classified documents by North Korean hackers, but the totality of what was stolen remains unknown“, we should be starting to get careful. you see it implies one side, but to my view it gives an entirely different issue. It implies that North Korea is a capable cyber operator. Now, we know that one can do plenty of damage with a laptop (like in the movies). Yet when you see these pics you wonder what on earth is going on, because we now get the speculated but believable view that ‘the US gave documents to an ally that does not have its basic cyber protections in place‘, that is a very different kind of cheddar, isn’t it? Now, I have seen a few pics where the computers look a little more advanced, but nothing that an actual gamer would still be using two years ago. And that is the foundation of their hacking? Let’s be clear, there are situation where you can hack with a 10 year old laptop, but you need skills, you need access to documentation and the ability to get past the firewalls and past sniffers and network monitors. They do exist, yet that requires an equal incompetency on the South Korean side, a part that we are also ignoring, the use of Common Cyber Sense.

You see, when you get “Malware contamination of the intranet server of the cyber command that occurred in September last year was confirmed by the South Korea’s Defense Ministry in May but this is the first glimpse of the scope of the damage“, there is another layer in place, one that does make sense. Some of the European, Russian and optional US hackers are selling their stuff to North Korea. That is a very possible scenario, but in that case both the FBI (if the US was involved), as well as the CIA failed in their tasks. Perhaps better stated, the CIA seems to be unable to thwart North Korea from purchasing cyber hacking software from making it to North Korea, which is equally a failure on several levels. It is unfair to blame merely the CIA. It is fair enough to add the earlier avoided MI6 to the mix as they should have been watching that danger, because if these hackers can get to South Korea, they could in theory hit the UK in equal measure, the evidence is there. Even as we agree that North Korea does not have the skills (my personal belief) to create something like Wannacry. I already went there to some degree in ‘In light of the evidence‘ (at https://lawlordtobe.com/2017/05/28/in-light-of-the-evidence/), the evidence given was compelling that was given by ICIT. In addition we had ‘when IBM cannot give view of any mail that propagated the worm’, which also takes North Korea out of the loop, yet they could have acquired the software. So even as the largest cyber player like IBM remains in the dark, there is still evidence that it was North Korea? That view was only enforced when a Dutch media team went to North Korea a few years back. In some places their cameras were locked up because no photographs were allowed. Yet most had them anyway, because the North Korean officers had no idea what a smartphone was and that it was able to take pictures. The Dutch NOS showed it on Television, so that is the place that hacked into South Korea, the birthplace of Samsung? It is not impossible and was never denied by me, but it was so extremely unlikely that unless clearly proven with evidence considering it was utterly impossible to the common sense mind. Yet as the source is not in North Korea, hunting that source down is more important, because the next time it will not be some version like Wannacry 2.0, it could be Stuxnet 7.1 and as the UK has 15 reactors and the US has 99 reactors in 30 states, it seems to me that waking up both MI6 and the CIA to actually get to the bottom of these North Korean ‘praised’ cyber skills and find out where those skills actually were (read: came from), because not doing so is a much larger issue. I hope that the South Korean bungle of their network security constitutes as at least some level of evidence.

Three red flags, none of them are innocent, I never implied that, but as we are changing the play, the marketing vibe and the need of what is real we need to carefully weigh what the media gives us and what those giving the media are actually after. I have seen enough evidence thrown about and have been able to ask questions to the extent that gives rise to many question marks and whilst some media are playing the emotional waves, some are seeking clarity and that clarity gives us additional options and views that we did not consider before. People all over the world are told to jump to the left, whilst there is no evidence that anything form the right was going to hit us in the first place, which makes us wonder why they did not want us on the right side to begin with.

These red flags are important, because even if we had any faith on the Russians trying to attack us, we need to consider that Cambridge Analytica is an English firm and even as Fortune now reports “A non-partisan watchdog group has filed complaints with the Department of Justice and the Federal Election Commission alleging that the data firm Cambridge Analytica violated U.S. election law by having foreign nationals involved in the decisions of political committees“, we see that it was a British firm who scored that job.

So it is possible that the people in Moscow will be treated to a comedy in 22 hours, it will go something like “TASS Is Authorized to Declare that the accusations against the Russian government and its people were propagated by an English Firm“, in this I used part of the 1984 Soviet spy miniseries directed by Vladimir Fokin, because even with my weird sense of humour it seemed important to give it an Orwellian sling. Perhaps you should check out his new book. It apparently deals with life in the US after a presidential election.

 

3 Comments

Filed under Finance, IT, Media, Military, Politics, Science

Lawyers on a weakly basis

It is the Lawyers Weekly that gets the attention at present. The article (at https://www.lawyersweekly.com.au/biglaw/22159-lawyers-don-t-need-to-become-accomplices-to-white-collar-crime) gives us the nice title with ‘Lawyers ‘don’t need to become accomplices’ to white-collar crime‘, yet is that statement anywhere near the truth or the applicable situation that many face in today’s industry? Monty Raphael QC talks the talk and does so very nicely as the experienced QC he is, yet there were a few points in all this that are an issue to me and it should be an issue to a much larger community. For me it starts with the quote ““Cyber space has not created any new crimes, as such, really, of any significance,” Mr Raphael said.” This is of course a correct statement, because until the laws are adjusted, plenty of issues are not covered as crimes. We merely need to look at the defence cloak that ‘facilitation’ gives to see that plenty is not covered. The case D Tamiz v Google Inc is merely one example and as technology renews and evolves, more and newer issues will rise, not merely in cases of defamation breaking on the defence of mere facilitation.

Yet for this matter, what is more a visible situation is the case of Tesco a how PwC seems to not be under the scrutiny it should be, it should have been so from day 1. So when we read: “Mr Raphael insisted that lawyers have an ethical obligation to ensure they do not support or enable white-collar crime” we are introduced to a statement that is for the most seemingly empty. I state it in this way, because the options of scaling the legal walls while not breaking any of the laws that were bended to the will of the needy is an increasingly more challenging task. If the legal walls were better than PwC would clearly be in the dock 2 years ago, or would they? In addition, they are not alone, merely slightly (read: loads) more visible as the profit before tax for Tesco ended up being minus 6.3 billion in 2015.

Monty makes a good case, yet the underlying issue is not the lawyer, it for the most never was. It is the law itself. This is why I object to the title, it is nice but is it true? PwC shows that even as we oppose their actions, the fact that they are not in the dock is because when we see Reuters (at https://uk.reuters.com/article/uk-britain-tesco-fraud/former-tesco-executives-pressured-staff-to-cook-books-court-told-idUKKCN1C41TK) we see “Tesco’s auditors PwC were “misled and lied to,” Wass added“. Is this true? Let’s consider the evidence, can it be shown and proven that they were lied to?

It might never be proven because the people in the dock have had years to get their story right (read: synchronised). What I stated at the very beginning of the events of Tesco remains true and it remains the issue. The fact is that PwC made that year £13 million from this one customer. Much of it in a project and auditors for the rest and they did not spot the fact that the books were ‘cooked’, will remain an issue with me for some time to come. It is the Tesco case that also underlies the issue here. It is about the weak lawyer, not because he is weak, but the lack of proper laws protecting all victims of white collar entrepreneurs is stopping them from aiding potential victims. In addition as the law is struggling to merely remain four passes behind it all, it becomes less and less useful, not to mention a lot less effective. As the next generation of economic tools are being rolled out (block chain being a first), we will see new iteration of issues for the law, for both the CPS and DPP as it cannot progress forward in light of the legal parties not comprehending the technology in front of them, so showing wrongdoing will become an increasingly hard task for lawyer to work with. The biggest issue is that as it is all virtual, the issue of non-repudiation goes out of the window. Not only will it become close to impossible to work with the premise of ‘beyond all reasonable doubt‘, there is the fact that ‘proof on a balance of probabilities‘ is becoming equally a stretch. The fact of non-repudiation is only one of several factors. So as we have seen that successful criminals tend to hide on the edge of technology, the chance to stop them is becoming increasingly less likely.

This now gets us to the statement “In the wake of the Panama Papers revelation from law firm Mossack Fonseca, Mr Raphael cautioned that clients’ criminal activities can come back to haunt their law firms“, the fact that both former prime ministers involved in the Panama paper scandals, Bjarni Benediktsson and Sigmundur Davíð Gunnlaugsson, have been re-elected to the Icelandic parliament (Source: IceNews), so it seems that the Panama papers are a little less of a haunt. In addition there will be a long debate of what constitutes the difference between Tax Avoidance and Tax Evasion, because only one of those two is illegal. In addition certain questions on how 2.6TB was leaked and no alarms went off is also an issue, because the time required to get a hold of such a large amount of documents would take a monumental amount of time and with every option to shorten the path, alarms should have been ringing. When we consider the basic IT issues, we get partial answers but not the answers that clearly address the issues, as they did not. The time it had required to do all this should have placed it on the IT radar and that never happened. So as we see on how patches and security risks are now being pushed for as a reason, we need to wonder if Mossack Fonseca could have been the wealthy party it claimed to have been. When we consider the expression ‘a fool and his money are soon parted‘ the lowest level of IT transgressions that have been seemingly overlooked gives rise to a total lack of Common Cyber Sense, staff that should have been regarded as incompetent and an infrastructure that was lacking to a much larger degree. You see, even before we get to the topic of  ‘illegally obtained data‘ which was used for investigations that have convicted people of crimes, the larger issue that could be in play  on the foundation of that data alone, a few prison sentences could be regarded as invalid, or might get overturned soon enough. There were cases where the story gives clear indications of what was done and here we see the consideration of what is admissible evidence. In this, the one step back is the IT part. The hardware would have regarded as little as $100K to upgrade to better security standards and hiring a better level of University Student in his or her final year might have given a much safer IT environment, perhaps even at half the current cost.

All issues worthy of debate, yet none of it hitting the lawyers; it more hits the infrastructure of it all. Yet these two issues that might now be seen as real hindrances for lawyers, in a place of laws that are now seemingly too weak, the law, not the lawyer. So as we recollect the Toronto Star in January 2017 where we see “Canada is a good place to create tax planning structures to minimize taxes like interest, dividends, capital gains, retirement income and rental income,” when we see the added “the Canadian government has made it easier than ever for criminals and tax cheats to move money in and out by signing tax agreements with 115 countries” we see growing evidence that the law is getting hindered by eager politicians making their mark for large corporations through the signing of tax agreements, and what they think would be long term benefits for their economy, whilst in actuality the opposite becomes the case. So every clever Tom, Dick and Mossack Fonseca can set up valid and legal shapes of international corporations all paying slightly less than a farthing for all their taxations. Legal paths, enabled by politicians and as the laws are not adjusted we can all idly stand by how nothing illegal is going on. So as we admire the weakly lawyers, we get to realise that the law and the politicians adjusting it weakened their impact.

In all this at no point would the Lawyer have been an accomplice. The data lies with IT, the setting of these off shore accounts were largely valid and legally sound and in that, there could always be a bad apple, yet that does not make the Lawyer an accomplice. That brings us to the final part which we see with “Money laundering has been in the spotlight recently, with the Commonwealth Bank facing punishment for failing to report suspicious deposits in its ATMs“. It needs to be seen against “Mr Raphael insisted that lawyers have an ethical obligation to ensure they do not support or enable white-collar crime” in this the banks are already faltering. We seek the dark light events of PwC and Mossack Fonseca, yet the basics are already getting ignored. I believe that the article is missing a part, I feel certain that it has at least been on the mind of my jurisprudential peer. You see, the legal councils will need to evolve. Not only will they need to do what they are already doing, the path where they (or more likely their interns) start to teach IT and other divisions a legal introduction on what is white collar crimes. The fact on how ‘suspicious deposits‘ could be a white collar crime is becoming more and more visible. I see that the education of IP legality in IT is now growing and growing. The intertwining can no longer be avoided. Now, we can agree that an IT person does not need a law degree, but the essential need to comprehend certain parts, in the growing mountains of data is more and more a given.

In all this there is one clear part that I oppose with Mr Raphael, it is the statement ‘There’s nothing cultural about greed‘, you see, as I personally see it that is no longer true, the corporate culture that is globally embraced made it so!

 

Leave a comment

Filed under Finance, IT, Law, Military, Politics, Science

Dangers of Android?

Today I got confronted with a danger that Android poses. Yet, is this truly an Android issue? An Apple user will of course nod yes in a very rapid way. My Huawei is not the only one hindered by this. At Android central the following was found: “Are the apps definitely being removed from the App Drawer, or is it just that the shortcut is disappearing from your home screen?

This is of course a fair question, it still is not OK, but the difference between an app and a shortcut is quite the difference.

It turns out that the apps are on my phone, but they no longer run, they are now called ‘com.spyfox.tripletown‘. The apps seem to have gotten themselves damaged. The question no becomes why. At this point I also notice a program called ‘Li emotion’. The kanji next to it gives it away. My question now becomes ‘what is this and what does it do? This is because it is a separate app, I never installed it (as far as I can tell) and the rights it does have are massive. Yet there is no indication what it is, why it is on my phone and why it is allowed to do many things without my permission. It does not take too long that this is part of the Huawei Emui, so there is no real issue as the operating system needs to be able to do all this. Comprehension was the mere element that resolved everything.

This does not solve my app issue (which actually fixed itself) and gets us to the Guardian video (at http://www.theguardian.com/silent-circle-partner-zone/video/2015/aug/17/smartphone-users-read-their-app-permissions-out-loud-video). So yes, when we see the rights and speak them out loud, they sound very disconcerting. But why is it such an issue? ‘Modify calendar events and send e-mails without my knowledge‘ sounds extremely offensive, but now realise that you set up a meeting, you change the meeting and all parties are automatically updated through messages. Did you know that they got another mail stating that the meeting had changed? There you go, mystery solved. Apps ‘reading your text message‘ sounds like a worry, but is that program actually comprehending the information, or does ‘reading’ mean ‘parsing’, processing the text in all this? Computer lingo for the layman is not the easiest task.

In all this the one that stood out for me was ‘I give this app permission to automatically turn of airplane mode‘ if airplane mode was there for safety reasons (the airplane message no one ever believed that mobile phones interfered with airplane instruments), than the option to turn that off should not be allowed, but in all that, this could be as simple as the dialogue box ‘Would you like to deactivate airplane mode?‘ The video ends with ‘the biggest risk to you and your privacy is your smartphone‘, this is a decent claim to make. In all this, it is actually about users and consumers who do not understand (read comprehend) what they are agreeing to. They do not understand what they have consented to. That is always dangerous, because the things you do not realise are the issues that turn you into the greater fool. Here we can paraphrase the greater fool theory which states that “the price of an object is determined not by its intrinsic value, but rather by irrational beliefs and expectations of market participants” into “the security of your environment is determined not by the borders you mentally erect, but rather by naive believe that the applications on your smartphone will respect them“.

You see, I believe that people should be worried about privacy, and #Privacynow is a valid need, but what is your actual privacy? The way that they are getting there is a little bit of a worry, yet the path is not without valid reason. Consider the quote “It’s common for users to employ the same username and password across systems, so if someone compromises that particular password, the potential also exists for them to compromise additional user accounts“, this is a worry in one way, because is this about the safety of the phone and its apps or is this about Common Cyber Sense? Something I have been advocating for about 2 decades. So how is this a danger for Android? That is part of the issue. In my view the danger to IOS is not smaller and the danger is nor subsiding any day soon. One of the earliest sources is around 2008, in 2010 Computer world, CNet and other sources stated “About 20 percent of the 48,000 apps in the Android marketplace allow a third-party application access to sensitive or private information, according to a report released on Tuesday“, there are two sides here. In the first, is this like the earlier issues in the video and stated, ‘a form of feigned transgression?’ Or is this in the second ‘leaky security that leads to open access of information?’ There is however a third option, apps that were created that are intent on creating a backdoor that allows access to all data. It is the third that is a true danger, yet how realistic is this danger?

Computerworld stated this from a Google representative: “This report falsely suggests that Android users don’t have control over which apps access their data.  Not only must each Android app gets users’ Permission to access sensitive information, but developers must also go through billing background checks to confirm their real identities, and we will disable any apps that are found to be malicious“, this is not just clearly the case, there is supporting evidence on several levels that this is true. In addition, these parts are quotes from 2010 and since then both Apple and Google have upped the security game by a lot. Still, it is the news from last week (at http://www.wired.com/2015/10/iphone-malware-hitting-china-lets-not-next/) ‘iPhone Malware Is Hitting China. Let’s Not Be Next‘ is the issue today. The quote “Unlike previous spates of iOS-targeted malware, many of those victims hadn’t jailbroken their phones to install unauthorized apps. The two back-to-back attacks—one far more sophisticated than the other but both unprecedented in iOS’s history—suggest that complacent iPhone users around the world could be in for the same nasty shock“, the issue has now become the fact regarding ‘non jailbroken systems’, which implies that either a flaw has popped up in the Apple device, or overall a new level of access has become a worry. It is the quote that follows which now is centre in all this “Apple has said that only iOS 8.3 and earlier were left open to the attack. Later versions limited access to the APIs it exploited to plant its ads“, so we can accept that we all install the latest versions, yet what happens to those who have an older device (like the iPhone 4)? There are plenty of things people can do that prevent these issues, and in all this ‘Common Cyber Sense’ remains the big issue. So is China hindered by a massive lack of Common Cyber Sense?

Here we now see the evolution that is the danger. It is the assumption of the user. The laziness of their usage and the ignorance of the effects that they easily embrace. The quote “Don’t install strange apps that appear in pop-ups online and aren’t found in Apple’s App Store” is the big part we must adhere too (well Apple users anyway), for most people like you and me, we use the Google Play Store sources only! Both Google and Apple have their methods in place. Would a three pronged app remain the issue as implied in the article? That is hard to state, but what is clear is that 99% of the dangers can be averted by using the reliable source and that reliable source only. The application of ‘Common Cyber Sense’ can aid you in averting another 0.9999%, which means that if you install 10,000 apps, there is a one in 10,000 chance of you ending up having a chance of being in danger.

Yet in all this, we should never relax about the technology we use and the danger it could bring. It is that fear that is driving people in all kinds of corners they never need to be in. When you have sex, not the committed relationship one, but the quickie with that girl next door for some slap and tickle. In that case do you practice safe sex? When you live in the city, do you go to work leaving the front door to your apartment wide open? In that same sense, when you use any technology that has your personal information, you use more than the minimum safety. That last part requires Common Cyber Sense. To the previous generation it is a harder thing to do, but it can still be done, to my generation it is an additional side to my workflow. It is the next generation that is now the part that matters. Many are taking the casual approach their parents (or bigger siblings) have, whilst not realising that Common Cyber Sense will be at the foundation of their lives. So, any OS will come with its own perils. Be it Windows, LINUX, Android, IOS or any other OS. They will face a new area that is on the move with such high speed that there is no way to predict where they will be in 7 years’ time. The dangers of a complete rewrite in an iterative world. You see until 2000, both hardware and software remained highly innovative, it was after 2003 that the iterative world was set in high gear. First Hardware and now to a larger extent Software has been in iterative mode. Yet the world behind all this, the security part has made leaps and bounds and to some extent not in a good way. Here we can make a connection to an article by Tarleton Gillespie from 2014 called ‘Facebook’s algorithm — why our assumptions are wrong, and our concerns are right‘. The quote “I will say that social science has moved into uncharted waters in the last decade, from the embrace of computational social scientific techniques, to the use of social media as experimental data stations, to new kinds of collaborations between university researchers and the information technology industry“. In addition there is “Those who are upset about this research are, according to its defenders, just ignorant of the realities of Facebook and its algorithm. More and more of our culture is curated algorithmically“. This is not upsetting or ground breaking, but it is the next part that links to all this. It is a blog article called ‘Analytic Suspicions‘ (at https://analyticsuspicions.wordpress.com/2013/02/25/metric-failures-and-data-assumptions-4-myths-of-social-analytics/), he is looking at a few myths in social media, in all this (it is a nice read and well written), I personally see one point that is not a myth, it is a worry and it seems to me that many remain ignorant on that danger. You see, the myths whether all Social Media is analysed, that Social Media data is clean enough to Analyse, Influencers should be targeted and sentiments analyses works. In all this we forget the 5th issue (this being the non-myth). The interaction of apps and data. The dangers that we interact our apps and the data that is linked to all this that is now becoming the true issue. You see, even with all the common cyber sense no matter how safe our mobile is, the data is still somewhere and that data becomes available, more data than we agreed on. Yet in all this is the mobile OS Android/IOS the weak link?

That is the part that is not addressed by many speakers in this realm. Some get scared by places like ‘life hacker’ and some are ignoring the woeful text that passes us by, yet when places like Forbes report that ‘Report: 97% Of Mobile Malware Is On Android‘ (at http://www.forbes.com/sites/gordonkelly/2014/03/24/report-97-of-mobile-malware-is-on-android-this-is-the-easy-way-you-stay-safe/) people get worried (even though the article is more than a year old). Yet the article enlightens us in many ways. The most important quote here is “here’s the part Google’s rivals don’t want you to know: the figures are misleading“, which is one side of the foundation. The second on is the part I already discussed “stick to buying apps on the Play Store and every one in 1000 apps you buy may have had malware for a brief period“, the word ‘may’ is essential and ‘brief period’ is also essential, in the end, the chance of you getting the winning lottery ticket could be slightly higher, odds I’ll take any day.

Yet in all this, with all the protection these providers offer, the number one danger is you!

Common Cyber Sense is the essential step of reducing that danger to almost zero (like 0.0001% chance).

In the end the danger of Android is almost the same as the danger to IOS, both large players presenting into the margins, which is where the mobile phone user (you know that pesky consumer) does not tend to be. Which takes us to the final part in all this. It was my blog article from the 4th of October (at https://lawlordtobe.com/2015/10/04/cisa-and-privacy-are-not-opposites/) ‘CISA and Privacy are not opposites‘, we get confronted with Silent Circle and their Blackphone 2. I have no doubt that Phil Zimmermann and Mike Janke are men of knowledge, determination and possibly even innovation. Yet, these skills do in my humble opinion not match up to the killer skills of the Google engineers with their keyboards. So when we see the quote in the Guardian (see previous blog link) “Google didn’t support the initial software build, something that probably helped make the phone more popular, rather than less“, do you think that this was done in envy by Google, or because their build did not hold up to scrutiny? That last part is speculation because I have no data or any evidence going one way or another. The Blackphone is marketed by intelligent people with skills, no one will doubt that, and it is also clear that Silent Circle is now tapping into a direction that is gaining traction, which means the market will most definitely grow in this direction. Yet in all this, considering all the facts, in how much danger is your data?

Sit in a quiet corner and let that questions sink in for a minute. I have been in the data field since 1989, in all that time the biggest threat was ‘data at rest’ (data saved on a device), meaning that this implies that you have strong passwords on your hotspot and Bluetooth capabilities, or just switch these options to ‘off’, not data that is moving from point A to Point B. Today both areas are a ‘threat’ and the second one only since very recent.

Since November 2012 I have had 2 phones, the second one I got this year because only now, my Android needs had grown beyond a 1 GB RAM phone. As far as I can tell I have only faced one issue and that was due to an ignorant third party developer and their dim witted approach to synchronisation. The simple use of Common Cyber Sense is all I needed. Basic steps that nearly anyone can adhere to. The threat of criminals and organised crime will not go away. Common Cyber Sense will keep them at bay and common sense should do the rest.

Which now takes us back to the title, you see, the dangers of Android are largely between your ears. The only dangers you face are the ones you open yourself up to! You should never stop asking questions on where things are and what you sign up to, that is common sense, but also feel free to question what certain things mean, it is in the comprehension that you find the answer. If there is one conundrum to leave you with then it is not android or IOS, consider the idea that a Facebook game wants you to give them access to your religious views, whatever for?

To pray for ammunition?

Well, so be it: ‘halleluiah’, now die you zombie master and give me my 10 points towards a high score!

 

Leave a comment

Filed under IT, Media, Science