Tag Archives: Common Cyber Sense

Return of Common Cyber Sense

So, is it the return of CCS, is it Son of CCS? With all the 60’s movie references it can go either way, like Son of Blob, Return of the Predator, the Swamp Man strikes again, take your pick. We can go in any direction. And it all starts with the NOS (Dutch News) article of ‘Hackers stole 3 gigabytes of data from Spanish Prime Minister’s phone’ (at https://nos.nl/l/2427306). There we get exposed to “The hackers who used Pegasus spyware to access the phone of Spanish Prime Minister Pedro Sánchez last year were able to extract 3 gigabytes of information from the device. They also managed to penetrate the telephone of the Minister of Defense, although less data was stolen from it. The hack of the Spanish Prime Minister’s phone came to light by chance during a routine check, it turned out today. The government was informed this weekend. The telephones of all cabinet members are now being searched for the espionage software.” As such we now have two settings, the first one is linked to ‘State of what?’ (at https://lawlordtobe.com/2022/04/24/state-of-what/) where some attacked the NSO on Catalan settings. Now we see that two Spanish governmental targets were out in the open, and its Prime Minister was not too intelligent and lacking Common Cyber Sense. 

So in what universe is it a good idea to put 3GB of data on your mobile? I have (by choice) 224MB of data on my phone (over 6 years) and well over 80% are ASCII files (a collection of articles I have written). 

A mobile phone is a transmitter at rest, no matter how much you run, as such it is a trove of information for any hacker with anti-Spanish sentiments. So in what universe should we see “Spanish opposition parties speak of “a very big coincidence” that the burglary into government telephones is just now becoming known. Others speak of a smoke screen. Already two weeks ago it became clear that 63 Catalan politicians and activists had Pegasus on their phones. Among them were members of the European Parliament, Catalan regional presidents, lawyers and political organisations”? Well the answer is none. You see the setting that we are a witness of shows a massive lack of Common Cyber Sense. And in this consider “Pegasus is sent via apps, a WhatsApp message from friends or acquaintances or an email. When the recipient clicks on such a message, the spy program settles in the phone. Secret services have access to all possible data such as passwords, telephone conversations, location or photos” You see, this is a side that might be on me. People like that have a work phone and a private phone. The work phone has no need for WhatsApp, Facebook, or a whole range of other social apps. Having them on your work phone is folly, extremely stupid and massively shortsighted. When you are a governmental tool (of any kind) you need to adhere to Common Cyber Sense. It applies to any Prime Minister, Defense minister, minister and that list goes on for a while. The only exception might be the cultural minister, but then that person tends to not have any classified data, or classified data of a limited stretch. So when we see “The organisation Citizen Lab, which previously revealed that the 63 Catalans were targeted, is drawing no conclusions about who is responsible for the covert operations against the Catalans. “But the circumstances indicate involvement of the Spanish government,” the authors of the report believe.” OK, that is fair, we are all seemingly nodding towards the Spanish team, but it is assumption. And when we have that stage, the lack of Cyber Sense is making it all into a farce. So whoever hacked the Spanish, might through that have gotten access to two teams for the price of $100,000 per phone. A good deal if any. 

So at what time will governmental teams (on a global setting) decide to embrace Common Cyber Sense, with the added realisation that apps like WhatsApp and several other have no business being on your work mobile? 

In this, my message to these politicians is as follows: You are (for the most) not an A-lister, a movie star or a social media revelation. For the most, you are all governmental tools and you need to take responsibility for the stupidity you employ. Keep personal stuff OFF your work phone, give the hackers a challenge, not a trip to easy street, Common Cyber Sense has reason, take it seriously.

Leave a comment

Filed under Law, Politics, Science

Bring out your CV

The CBC had two articles last night, the first one I dealt with in the previous tory. This one can be found (at https://www.cbc.ca/news/politics/cse-candidates-hiring-cyber-1.6426275) ‘Ottawa needs more codebreakers — but spy agency says finding them isn’t easy’ and that is not even half the story. It is not a Canadian issue, it is a global issue. So when we see “Canada’s electronic spy agency, the Communications Security Establishment, is set to receive a large influx of funding to launch cyber operations and ward off attacks on government servers, power grids and hospitals.” It’s always nice to receive funding. But the reality is a little harder. I spoke about part of this in ‘Red flags’ (at https://lawlordtobe.com/2022/02/24/red-flags/) there were too many red flags and they are eager to charge a fair penny. Summits, courses and in some cases you do not even need an IT education, but a bachelor education is expected. It is a Wild Wild Cyber West out there and the problem is that there are too few stages where we can separate the good from the shallow. So when we see “CSE, which gathers and decodes signals intelligence and is also in charge of technology security for the government, says it receives 10,000 to 15,000 job applications per year. But only about one or two candidates out of 100 applicants go on to be hired after the skills testing and background security checks.” We see part of the problem. Have you seen it? It is seen in “about one or two candidates out of 100 applicants go on to be hired after the skills testing and background security checks”, the funnel needs inverting. Instead of seeking in the same place, seek somewhere else. Seek in the military and governmental technical support places. Seek in the places you overlook and hire these people. It is nice to hire that one bright light. We all want that, but who considered hiring the 20-50 that can overcome the ‘background security checks’ then start TEACHING them. Out of the 50 you educate whilst they are employed in several places you end up with 10-25 people ready to take the challenge instead of relying on the 1-2 candidates. When you need 1500 of them, my approach makes sense. Yes, you can try to get to the techies from the University of Toronto, but so is commercial land and they pay a lot better, so you need to hope to get the few with a calling, or you open the stage to a larger group and set them in all kinds of governmental fields, where there is a large shortage too. All sides that needs attending too and not all will end with the CSE, GCHQ or whatever Australia and New Zealand have, but all these governments have large shortages including their Cyber police and a few other places. It is time to change the way hiring is done all over the Commonwealth field because they are all coming up short and having different divisions that have shortages, so why are they not taking a hard look at what else is possible? If not these places will all end up in a bidding war like they saw in the 90’s and they will come up short again. Oh and whilst Amazon is desperately seeking 250,000 people and where do you think they will look next? The second plan (my crazy wild idea) gives the people a long term plan, long term employment and a larger setting of choice with one application instead of 5-15 applications. 

But this is only possible when some people take a long hard look at what they used to do and see what COULD be done. 750 application runs, or 60 application runs, what makes more sense? I will let you decide.

Leave a comment

Filed under IT, Law, Military, Science

Paranoia helps

This is a case, you might be paranoid, that does not mean that people are not out to hack your life. We seem to forget that, and the second part we forget is that big corporations do not care, it is the cost of doing business and that is what insurance is for. But the stage is growing and with full national 5G insurance companies will not take that stance, they would want assurances and that is when the consumer gets to pay for it all. One small slip up, one error and the consumer pays. That is where we are heading. 

This all started when I saw ‘Walmart ships fraudulent order to hacker’s address then leaves customer to recoup cost’ (at https://www.cbc.ca/news/business/walmart-fraudulent-order-online-account-hacked-1.6353016). The story gives us all kinds of information and in some cases the consumer made the easy choice, the ‘this is so much easier’ path and hackers tend to rely on that. But it is not all bad news (well mostly it is), so let’s start.

Item one ‘fraudsters were using it and his credit card on file’. This is with the consumer. Yes it is easy and most e-commerce sites use the same good encryption. Yet as I see it there are two issues. It is easy to order when the credit card is on file, so DO NOT DO THIS! Consider what you are doing every time you use your credit card. More important, when it is on file anything can happen as this consumer found out. I have two instances where a credit card is on file. One is a monthly payment of less than $10 a month, the other is even less. I enter my credit card information with every purchase. Commerce like people with credit cards on file, it is easier to make them buy, but consider that your budget is limiting and when you still have a week to go at the end of your credit card, life gets worse really fast.

Item two are two items, and they are on WalMart. We see ‘Walmart had cancelled the first three orders on its own, but Tomlinson noticed the last one for an Apple TV had just been shipped.’ In the first part why did three stop and one did not? If they are based on the same data, there is a flaw in the system, there is close to no other option. In addition we are given ‘he was not able to access the address and Walmart wouldn’t provide details’, this is clearly on Walmart. In addition, it should be in these systems that there is a permanent record of the last 10 addresses that are not linked to the credit card that paid for it, 10 is an arbitrary number, but it happens that a family member pays for another members item, or something like that. 

Now we get to the rather nasty stuff, we are given “In 2021, e-commerce retailers surveyed said they prevented about 4,860 attacks, but failed to stop about 4,800 others. The survey also suggests online and mobile fraud attacks on retailers appear to be rising since the pandemic started, up 45 per cent in Canada from 2020 to 2021.” In a full 5G network this number can go up by a 600% to 19500%, consider that 93,600 fraud cases are not stopped under 5G, do you really think that the insurances are going to sit back and let the numbers rise from 4,800 to 93,600? You have got to be kidding me and those who do will do so at horrendous premiums and the consumer gets passed on that bill. A setting I have foretold for years and people are still not waking up to Common Cyber Sense. Not all of it is the consumer. Yet look in your own home, how many use passwords like ‘QWERTY’, or something that simple? I thought I was clever in the 80’s when my password was ‘password’ and I learned quickly that there is more to safety and security. Then there are those who use the SAME password in all places and those people also have all their passwords on file. How long until deeper machine learning can make the jump from where we are, to what we are and how lazy we are? The algorithm is already out there, with 5G it gets the speed to really rake in the dollars. So whilst some might ry for big business when they give us “While Walmart says Tomlinson’s problem was caused by compromised credentials — not a cyber attack — Sutherland says companies across the board are dealing with such attacks on a regular basis.” And when we hear the sob story of covid made it worse, we need to consider that I saw issues like this in 2015, a massive overhaul of the e-commerce system is becoming essential and most of them do not want the cost, but the issue of fraud is happily passed on to the consumer. We need to accept that this is not merely Walmart, it hits e-commerce in Europe, US, and Asia. This is a much larger problem and a better system is required. Consider that we blame the NSO group for many hacks, but the basic issue is not merely the NSO group, they merely ‘Exploit Security Flaws in Phones’ Operating Systems’, so when this gets to e-commerce in the same way, we get a flaw exploiting a flaw and our goose is cooked. Hundreds of hackers hope to find that ‘Zero-Click’ flaw that makes the hacker rich whilst the hacker is sleeping and in a 5G world that will happen more often. It is not paranoia when they are all out to get your money, and there are many who want to do just that.

Leave a comment

Filed under Finance, IT

Thanks for the support

We all have to say thanks, I in this case to the BBC, they were just able to give support to two issues that I put out in the open over a year ago (too tired to find these articles, they are at least a year old and it is 33 degrees Celsius at present (at 21:30), The first is the lacking approach to Common Cyber Sense within the US Administration, I found that failing in the Pentagon in 2018, I found Cisco routers still carrying the password Cisco123 in at least two sensitive areas and there was the use and abuse of non secured USB sticks in more than two sensitive places and on top of all that, the US ends up with an idiot in the White House relying on a password like MAGA2020, how bad do things need to get? I agree that the man Victor Gevers did everything right, including alerting the proper players, but this is a much larger problem. So when we see “The president’s account, which has 89 million followers, is now secure. But Twitter has refused to answer direct questions from BBC News, including whether the account had extra security or logs that would have shown an unknown login”, the quote forgets to give a larger part, you see, this was all on the user, when the user is thick as molasses and equally stupid, can we blame Twitter? And this now also reflects back to ‘6 simple questions’, which I released on February 3rd 2020, there we see the simple setting that the Daily Mail, the Daily Mail of all sources that there was a way to infect accounts yet no way to establish by who or how. It gets us back to the original question ‘Where is the evidence that Saudi Arabia infected ANY phones?’, a question that FTI Consulting and the United Nation essay writers can not inform us. It shows a much larger lack of cyber security and proper cyber defences, all whilst these so called investigators are happy to accuse whomever is a political and not a true target, is that too much?

I ended that article with question 6 ‘Why on earth is the UN involved in an alleged Criminal investigation where so much information is missing?’, now we see a new page turned, can any criminal investigation hold any water when the users are that thick? MAGA2020, really?

So when we consider “Mr Gevers also claimed he and other security researchers had logged in to Mr Trump’s Twitter account in 2016 using a password – “yourefired” – linked to another of his social-network accounts in a previous data breach”, in all this the need to employ Common Cyber Sense is a situation that becomes more and more essential and we need to catch on quicker than we are, because it is people like that who will claim things against Russia and China, whilst letting their security services in at their leisure because they cannot be bothered with Common Cyber Sense. 

As I see it, President Trump will optionally get two additional Christmas cards this year, one from 76B Khoroshevskoe Highway, the other from 14 Dongchangan Avenue, Dongcheng District, Beijing. Both will be stating “Thanks for the support”, what a lovely way to end a presidency and probably the first time that a US President gets a Christmas card from both locations.

Leave a comment

Filed under IT, Science

Two unrelated issues

OK, today is not the day to piss off Alexander Bortnikov, I wanted to do that just to celebrate his 11th anniversary of him being the Director of the FSB, as such my sense of humour demands that I would put a whoopi cushion on his car seat, alas, I could not get close, someone decided to try a novel approach to the concept of Suicide by Cop (at https://www.theguardian.com/world/2019/dec/19/moscow-shooting-russia-people-shot-dead-intelligence-agency), instead of pushing the buttons of a militia officer, we see the apparant acts of a looney tunes person who decided to fire on the reception of Federal Security Service, that is an act that will get you killed and he did. Now, let’s be clear, there is a reason to bring this up. You see there is one building in Moscow (basically in the entire CCCP), where the most vile, the most feared and the most despicable member of any Russian criminal organisation takes a detour, it is the Lubyanka building, the headquarters of the FSB in Moscow. Consider some Bratva captain, 120 Kg of muscles, fearless and life ignoring person ends up shaking and like a little girl that is crying, the cause would be one building in Russia that does that. So when a person comes around shooting at its reception, I tend to call that a novel way to invite Suicide by Cop and I cannot fathom the desperation from life that a person has to pull that off (there are 999 other ways to go with 99.99999% certainty and most of them are 100% less painful and scary), optionaly as distractions go, it is perhaps the worst one yet. 

Oh, and there is not some special required form of data intelligence required, we could argue that the fear for that building is handed to any Russian citizen when they start school, so for the life of me I can not figure out why someone would be this stupid, it is like grabbing a bucket of water from the Volga in Saratov and personally dumping the bucket in he Caspian Sea, not only meaningless, but you end up being alive at the end of that journey, attacking the FSB building with anything less than an entire army and your chances to survive become a whole lot less certain. Yet in all that, the fact that the attack made several newsgroups is important, you see, the news never sleeps, yet they do get to filter what we hear. 

From the Israeli news desk

The Guardian (at https://www.theguardian.com/world/2019/dec/19/israeli-spyware-allegedly-used-to-target-pakistani-officials-phones) (as well as Israeli Newspapers, give us ‘Israeli spyware allegedly used to target Pakistani officials’ phones‘, with the byline ‘NSO Group malware may have been used to access WhatsApp messages for ‘state-on-state’ espionage’, news that made a lot less newspapers on a global scale, is that not weird? Now, I am not stating whether there is validity, I am not stating on behalf of the NSO Group that it is false, yet this private firm founded by Niv Carmi, Omri Lavie and Shalev Hulio is showing to be an expert company in acquiring information. The papers need to guard their words and I get that, yet when we see anonymous sources and “those who could have been compromised” I feel like I am in a play that I have seen before. The more important part is “All the suspected intrusions exploited a vulnerability in WhatsApp software that potentially allowed the users of the malware to access messages and data on the targets’ phones“, yet it seems that there is not really that much taste for the weakness of the makers, is there?

When get the optional state where we see “The lawsuit claimed intended targets included “attorneys, journalists, human rights activists, political dissidents, diplomats, and other senior foreign government officials”” and in that state I would make the demand ‘can we see those names please?‘ Yet it is a personal demand that will not be answered, there is too much doubt on the who did what and who wanted to know. I have a little more faith in “NSO has said it will vigorously contest the claim and has insisted that its technology is only used by law enforcement agencies around the world to snare criminals, terrorists and paedophiles“, you see that is a business approach to intelligence that brings money on the table and Yes, there is a chance that someone wanted to know more about certain Pakistani, yet that list given by Facebook is just a little too weird, yet the names might brighten up the need for it, and as we are treated to “The alleged targeting of Pakistani officials gives a first insight into how NSO’s signature “Pegasus” spyware could have been used for “state-on-state” espionage“, it is the difference of stance, the state of ‘alleged‘ that brings the doubt. In the article I do not disagree with “This kind of spyware is marketed as designed for criminal investigations. But the open secret is that it also winds up being used for political surveillance and government-on-government spying” for that we need to say that John Scott-Railton is seemingly completely correct, yet in all this, we see and identify a timeline and it becomes more and more apparent that not only did other interest groups (CIA, FBI, MI-5, MI-6, DGSE, et al) need this weakness, we see a longer timeline and we wonder what WhatsApp and Facebook have done about it so far. More important, why would any official use something like WhatsApp? I mean for private use, yes, yet for their business phone? It is the application of Common Cyber Sense that is lacking here and to give all that data to Facebook (WhatsApp) is calling some parts into question. CBS News gave the people in 2018 ‘WhatsApp co-founder: “I sold my users’ privacy” to Facebook‘, I get it! Cambridge Analytica changed a lot, but so it would have changed a lot for state players, as such the act of pushing for WhatsApp in government and secure conversations, it does not make sense. CBS also gave us in 2018 “U.S. intelligence agencies have said that Russian actors used Facebook and Instagram to wage a campaign of disinformation in the election” and if WhatsApp and Facebook are owned by the same person we see the even larger lack of Common Cyber Sense. WhatsApp has been the name in Scandals in 2017 and 2018 as well, so when the needed question ‘Why is a state player using WhatsApp in the age of Common Cyber Sense?‘ comes out, we see that the bulk of people, hacktivists and journalists have not asked this question, just like the weird part where we all look at the attack on Lubyanka, and no one looks beyond a certain point. 

This view does not exonorte the NSO group, yet it is asking larger questions that take the group out of the field of vision and looks at the larger issues. More important the claim “While it is not clear who wanted to target Pakistani government officials, the details are likely to fuel speculation that India could have been using NSO technology for domestic and international surveillance“, you see pointing at their natural enemy is fun, however the fact that most European intelligence groups want to know about scores of Pakistani is also left off the table, in light of Pakistan and its Middle East connections, so are Israel and America, especially as America is losing foothold in the Middle East, finding any Russsian link to any Pakistani would be worth a lot to them, they lack all plenty of resources there.

You see, there is all the need for action when we see “The government of the Indian prime minister, Narendra Modi, is facing questions from human rights activists about whether it has bought NSO technology after it emerged that 121 WhatsApp users in India were allegedly targeted earlier this year” however everyone is overlooking ‘121‘ as a number. There are 400 million WhatsApp users in India, nobody would get to the 121 users in such a short time, the absence of ‘alleged‘ and optionally ‘so far 121 alleged users have been found‘ is a much larger issue that anyone realises. The fact that there are more questions popping up regarding the alleged NSO software is also overlooked. There is a much larger play in the field and it seems that certain people do not look towards certain players and the absence of Common Cyber Sense is just overwhelmingly staggering. It is almost like you are tired of life and decide to attack FSB headquarters with a gun. 

Yet in all this, the amount of users in Pakistan is also the part we need to look at, you cannot merely check in seconds, this is a not an on the fly solution, so there are all kinds of questions, especially with 1.5 billion users of that app, we see a lack of thoughts, questions and especially software engineers treating the software weakness and this has been going on for quite some time. the fact that the larger collection of media is not getting to this question is just allegedly largely insane. 

So as we consider “users in India were allegedly targeted earlier this year” we need to ask, how long until this glitch is fixed? The fact that certain glitches have been there since 2017 is a much larger concern, but the media does not stop at this point, does it? I reckon they are taking their time looking at the one suicidal person pointlessly attacking Lubyanka.

Two issues that might seem unrelated (and they are not), yet it tells a lot more about the media and state players than you should be comfortable with, feel free to WhatsApp that question to others, the state players will get to it eventually.

 

Leave a comment

Filed under IT, Media, Military, Politics, Science

Finally!

Yup, there is a new fashion in town and it will force the companies to fix the one element in IT that most corporations have ignored fixing for the longest of times. The issue that needed fixing for the longest time was non-repudiation, the issue has been clearly around for almost 10 years, 15 if you want to set a time table, but today on LinkedIn ‘Netflix and don’t share‘ shows that the industry will start doing something about it. The problem is what drives the masses to think that a paid service could ever be free. And even as we see: “Market leader Netflix has already declared it is examining how to curtail password sharing among family and friends. But streamers are treading carefully in teaming up “against the grifters,” aware of the backlash record labels previously generated in the Napster era” we need to be aware of the setting that it is a Netflix world and if you don’t pay, that is fair enough, but it also means that you can’t have Netflix. This issue is not limited to Netflix, it has a setting in video games, a setting in programs and in the past it had a setting in music. The problem is how to go about it. For places like Netflix, there is the non-repudiation solution, so in your network there are a few devices that could be set to receive, in the home environment the router tends to be the most culpable solution, yet in equal measure the home devices are also solutions that give rise to the patch of hardware that will allow one person to be connected, as such, Netflix was nice enough to allow 4 devices to be linked. Yet what to use as a system of non-repudation?

Well, email is certainly one way of doing it, but that only helps to some extent, the nice part about e-mails are that it allows Netflix (and like-minded people) to communicate with the owner on hardware, so as long as the email address is not hacked, this is decently safe.

Non-Repudiation

The term Non-Repudiation is not new, It refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated. So you and only you could have instigated the connection, bio-metrics are only one part of it, so is a password, non-repudiation is more, an autograph have the elements to complete non-repudiation, but in automated traffic, a copy of a autograph is becoming exceedingly simple, so we need to set the state where two tiered enabling is the way to go. Even if the origin of the two tiers was done in separate ways, combining them in any stream would be a decent level of assurance to convict a jury of peers (and Netflix) that only you could have instigated the stream. And Netflix is not the only one seeking for a solution. Bank solutions, use a pin and a bank pass, it is close but in in the end it is not real non-repudiation. Netflix needs to find a solution and whatever they find will push authentication technology.

And the system needs to be simple, not just for customers sake, the setting of complexity in these matters was best described by Scotty the Chief Engineer in Star Trek 3 whilst sabotaging the Excelsior: “The more they over-think the plumbing, the easier it is to stop up the drain“, it does apply to authentication and non-repudiation systems, especially when distance is an issue. So whatever we have at point X requesting for an authentication that tends to be the soft spot in the track.

It has to be simple, it needs to always work and it needs to set 2-3 alternatives at the spot. The problem with such a system is that it is not really non-repudiation at that point.

For example

A programmable dongle can be hacked; the hacked account can be copied. And these dongles will come from somewhere, so criminals will end up having access to the stuff they need.

As such the best you can hope for is a system that will take out 80% from accessing such a solution, add proper cyber solutions in the form of law and you have a solution that a company can live with, as it deals with 10% of the outstanding 20%. It is not pretty at times, but at least it works. So these solutions could stop 90% from using stated systems in a non-paying capacity.

We can go in all directions from there, but the world needs a solution where non-repudiation will stop 96% dead in its track, and only up to 1% would be able to find a workaround. Making the non-repudiation system a 98.9999% working solution. I reckon that this is as good a solution as we are going to get and the solution is needed faster as 5G will require correct non-repudiation solutions to be up and running. With 5G out and about, the criminals get a 500% chance to get to more systems to infect more and more devices as such the need for Common Cyber Sense is becoming a pressing matter and from there we can move onto non-repudiation. Consider that the current situation allowed cyber criminals to lay their fingers on $120 billion dollars and with 5G out and about criminals will have access to well over half a trillion dollars, one could argue that it is a great day to be a cyber-criminal, or we can do something about it, because the one thing I do know is that the banks will only take hits for as long as they cannot make a case for ‘negligent care, the person did not take care of the item like a father would take care of its child‘, that is not some rant, the art world is already working with terms like that. How long will it be until banks and payment systems will take the same steps? At that point, the hardship will fall on the owner of the hit bank account, not the bank, unless a clear established path of evidence is presented that the bank itself was the intended target.

Oh, and when banks are no longer held accountable how much attention do you think that the FBI has for little you? Common Cyber Sense will be the immediate requirement.

Non-repudiation will be the big next thing soon enough and whoever gets a system like that up and running will make an absolute fortune, it would change my 5G IP systems into small change, nothing more. It is the next thing and we are in dire need for such an inventor soon enough, not just Netflix.

 

Leave a comment

Filed under Finance, IT, Law, Media, Military, Politics, Science

Hammering Facebook

The Guardian has another story, which was updated a mere 6 hours ago. To be honest, I am a little ticked off. I get that the Guardian is giving us this and it makes perfect sense, it is news. Yet when I see ‘Fake news inquiry: Facebook questioned by MPs from around the world – as it happened‘ (at https://www.theguardian.com/technology/live/2018/nov/27/fake-news-inquiry-facebook-to-face-mps-from-around-the-world-mark-zuckerberg-live-updates), whilst in the same setting we see newspapers ‘hiding’ behind ‘from an unnamed source’, when we get blasted by well over 64 million results in Google Search on the death of a journalist that close to nobody gives a hoot about, the entire ‘fake news‘ seems to be nothing more than a targeted sham to me. Not the element of fake news, I get that, but some of the players are a little too hypocrite to my liking.

So let’s take a look at a few of these issues we see (at https://www.theguardian.com/technology/2018/nov/27/facebook-fake-news-inquiry-the-countries-demanding-answers).

Ireland: “The Irish government is reviewing proposed legislation to promote online safety amid an outcry that tech companies are unable or unwilling to tackle harmful content. The move jars with Dublin’s normally effusive support for tech companies with an Irish base. Facebook has its European headquarters in Dublin and falls under the remit of Irish data protection authorities“. The first thing to do is look at the definition. The European commission gives us: “Harmful content, is authorized material subject to distribution restrictions (adults only, for example) or material which some users may find offensive even if, on the grounds of freedom of speech, there are no restrictions on publication.” First of all, the Pornhub site is freely available to every man, woman and child. In addition there is a porn version of YouTube that is also freely available, from that we can see that Ireland has a lot of other worries and these two are not available through Facebook. When we look at Ireland we see a nation that given in to big business through tax laws at the drop of any hat and they have harmful content issues? In addition the Times gave us on November 6th: “Google and Facebook will call on the government today to define exactly what kind of content a proposed digital safety commissioner would have the power to remove online.” It becomes a lot more entertaining when we see in Fine Gael last week: “Fine Gael TD Hildegarde Naughton will travel to Westminster next Tuesday (November 27th) for a meeting of the International Grand Committee on Communications”, as well as ““Social media companies cannot hide from the genuine concerns of national parliaments from around the globe, it is imperative they engage with us in a meaningful way. “This document sets out a blueprint for how that can be done.” It is entertaining as she seemingly has a document whilst this entire setting has been going on for years (even before Cambridge Analytics). That entire meeting is in my personal opinion as hollow as it sounds. All trying to look important, yet where is that so called document from Hildegarde Naughton? It does not seem to be on the HN site (at http://www.hildegarde.ie), so where is it? When we are told: ‘This document builds upon the work done by the Oireachtas Communications Committee‘, we should be able to read and scrutinise it. You see, the Irish Law Reform Commission has a 2016 document (at https://www.lawreform.ie/_fileupload/Reports/Full%20Colour%20Cover%20Report%20on%20Harmful%20Communications%20and%20Digital%20Safety.pdf), it is merely that or a continuance of that? And this document is important, especially on page 165 where we see: “The definition of “communication” implements the recommendation in paragraph 2.53 that the proposed legislation on harmful communications should apply to all forms of communication, whether offline or online, analogue or digital, and therefore the definition includes communication by speech, by letter, by camera, by telephone (including SMS text message), by smart phone, by any digital or online communication (including the internet, a search engine, a social media platform, a social media site or the world wide web), or by any other telecommunications system.

This now implies that art is now no longer merely in the eyes of the beholder, basically if any art is regarded as harmful content, is comes under scrutiny (read: censoring) A massive part from Facebook is relying on art to propagate via digital medium, digital art is still in its infancy and it seems that this offends Ireland in the broader view it has, it is in that view that my message to Hildegarde Naughton is seen (at https://www.independent.ie/irish-news/courts/priest-who-sexually-assaulted-girl-6-during-first-confession-avoids-jail-due-to-old-age-and-health-problems-36840577.html). When we contemplate that when you have health issues and you are old, it seems fine to rape a six year old. It is all in the nuance, is it not? So, what will you do when you consider this Grigor Malinov painting to be harmful content? Add a Jade Swim bikini with a brush and a fashionable colour? In light of what certain people get away with, the entire harmful content is not a joke, yet hammer Facebook with it, whilst there are other players openly in the field is too weird as I personally see it.

Then we get a Turkish advertisement variant with ‘MPs do not intend to publish Six4Three documents today, Collins says‘, either you have the documents and you inform the public, or you go home and polish your silverware! You scream fake news and leave the audience in innuendo and what I personally perceive as intentional miscommunication, and haven’t we seen enough of that?

Blame Canada

I can’t resist, whenever I see a Canadian flag, a Canuck or anything Canadian I think of that South Park song. It’s nothing negative, I think that Canada is awesome in hockey, it seems to have great people (several attended UTS with me) and it seems to have a healthy life. I’d take a job in Canada any day if possible (as well as the opportunity to watch Hockey almost every night), I might even be good enough to be a goalie for one of their NHL teams, even though I am nowhere near Martin Jones as a goalie (I merely wish I was). So Canada gives us: ‘Facebook inflated video viewing times for two years‘, I actually see an issue here, the Guardian gives us “only counting views lasting more than 3 seconds, the time a video must be seen to count as a view“, yet with YouTube the skip moment is 5 seconds an now as some people get 100% more ads with many of them not with the option to be skipped we see a shifted trend. This might be YouTube, yet there is no chance that this does not affect Facebook, giving rise that Canada has as optional a valid issue. Richard Allan (Facebook) gives us: ““it depends on the problem we’re trying to solve”“, something that might be valid, yet in the question by Charlie Angus we see: “Facebook has inflated video metrics, overstated for two years. “I would consider that corporate fraud, on a massive scale,” he says, “and the best fix is anti-trust. The simplest form of regulation would be to break facebook up, or treat it as a utility, so that we can all be sure that we’re counting metrics that are accurate or true.” I see his failure as a setting as there is a large intertwined part of Facebook, Vines, YouTube and a few other medium adding fuel to the video metrics, no matter if all hosted on Facebook. You would have to set the stage for all and to merely have Facebook here is a faulty stage, we get pushed into an assumption pool of no facts and biased metrics making matters merely worse. I feel certain that Charlie Angus should have and probably did know this making the issue a tainted one on more than one level.

Finally, let’s go out with a bang and add Latvia to the stage. When we get Latvia’s Inese Lībiņa-Egnere, we get the question: “how Facebook can help countries like Latvia, that face specific threats from Russia“. It took me around three minutes to stop laughing, I should be serious, but I cannot hold my straight face. You see, that is not the job of Facebook. I will go one step further, by stating: “Dear Inese, have you considered adding digital responsibility to both the Drošības policija and the Militārās izlūkošanas un drošības dienests?” There is an unconfirmed rumour that one of your routers is still set to ‘Passw0rd‘ and another one to ‘Cisco123‘, can you please confirm that? In light of the fact that ‘https://www.zs.mil.lv/lv/kontakti‘ directly links to Facebook pages, one might see how the Latvian military (as well as Latvian intelligence) could get phished in several ways, especially when there is the chance that some alleged under dressed biker chick would have been looking for ‘adventurous officers’. It gets to be even more fun when that alleged woman look a lot like a vogue model. You should introduce them to: (https://heimdalsecurity.com/blog/fake-facebook-scams/), to have Common Cyber Sense is a government’s responsibility. Getting Facebook to do free consultancy via a hearing is just not Cricket.

I will end this with Brazil, I really liked his question: ‘He asks what Facebook is doing to prevent improper manipulation of its algorithms to prevent illegal manipulation of elections‘. It is a good and important question. I think the newspapers, especially the tech columns should spend space on this and let Facebook show them what is being done, what the impact is, how those metrics were generated and how its validity was checked. I think that the problem is a lot larger than we imagine. I would set a line towards American soft money. It has never been regulated and it still is not. We talk about fake news and political influence, whilst soft money is doing that in the US from the day after a president is elected all the way up to the next presidential election (or the senate, or congress). It is basically shouting at one, whilst the other element is ignored. The difference is that digital campaigns give anyone all the soft money they need, taking the rich out of the equation, the fact that I have not seen anything towards these lines gives a larger implied weight on all media. All those newspapers with ‘from an unnamed source‘ and that is where the blockage begins. There is a setting that it is not the ability or Russia, but the failing of others not correctly countering digital media that is the problem and that was never a Facebook problem, it merely shows the incompetence of others and in an age of advanced nepotism it is a much harder pill to swallow.

In all this, I never claimed that Facebook is innocent, merely that there is a lack of the proper questions making it to the table and even as a few nations were addressed, the issue is a lot larger and needs addressing, preferably before the 5G tap opens which allows the digital media providers to deliver 500% more than it is delivering now.

I wonder how many players have considered the impact of that game changer.

 

Leave a comment

Filed under IT, Media, Military, Politics, Science

Game of Pawns

Most people have heard of the Game of Thrones, George R.R. Martin’s masterpiece filmed and shown by HBO. Its final season will come in 2019 and the air is filled with teasers, speculated spoilers and optional fan made false trailers. Yet have you heard of the game of pawns? This goes directly towards the entire Australian Encryption Bill. I spoke about it 2 days ago in ‘Clueless to the end‘, where we are introduced to the misrepresented views of Peter Dutton. On how he plays the system on getting the FAANG group to help him a little, which is exactly what the FAANG group is unwilling to do. In addition to what I wrote there is the voice of Paul Brookes, chair of Internet Australia. He gave us: “it is important for law enforcement to find ways to improve their capabilities for intercepting criminal activities through the communications sectors, “they must not do so via hastily enacted legislation which fails to consider the legitimate concerns and advice of global technology experts, and carries the very clear risk of creating more problems than it solves”“, in this Paul is right and the issue is growing on other settings too. In the last three days we have been made privy to: ‘Hackers stole millions of Facebook users’ highly sensitive data — and the FBI has asked it not to say who might be behind it‘. Optionally because they cannot unsubstantiated blame Russia again, yet in the much larger setting it seems that they do not have a clue. In addition, we see evolving today: ‘PS4 Users Are Claiming That Malicious Messages Are Breaking Their Consoles‘. The last one seemingly has a solution as reported by Kotaku: “It does seem that the exploit is purely text-based, so changing your PlayStation messenger privacy settings should prevent it from happening. You can do that by going to Account Management in your console Settings, heading to the Privacy Settings submenu, and changing Messaging settings to “Friends Only” or “No One,” meaning that only your pre-selected friends or no one at all can message you“. Two attacks, the second one without knowing the extent of the attack in a setting that could not have been prevented by the encryption bill, the fact that the authorities have been grasping in the dark gives a very clear view on how short the authorities are on the ability to stop these events. All the BS short-sighted attempts to access data whilst the entire communication system is flawed beyond belief shows just how clueless the governmental players have become.

So as this week is likely to be about: “It appears to be the worst hack in Facebook’s 14-year history“, many will all go into the blame game against Cambridge Analytical, ye the foundation is that the internet was always flawed, and again we see a setting where the failing of non-repudiation is at the core of certain events. A setting where ““access tokens” – essentially digital keys that give them full access to compromised users’ accounts“, done through hacks into vulnerabilities into a setting of ‘authentication’, where the optional ‘non-repudiation’ might have optionally prevented it. That basic flaw has been around for over a decade and the tech companies are unwilling to fix it, because it makes them accountable in several additional ways.

Non-Repudiation

In a setting where you and you alone could have done certain things, is stage against the setting of someone with the claimed authority has staged the deletion of all you created. That is the stage we are in and the damage is increasing. As more and more vulnerabilities are brought to light, the lack of actions are beyond belief.

The NPR reported something interesting that the initial sources did not give me. They give us: “the hack exploited three separate bugs in Facebook’s code. No passwords were compromised, but the hackers were able to gain “access tokens” that let them use accounts as though they were logged in as another person“, as far as I can speculate, non-Repudiation might not have allowed that, making non-repudiation a much larger priority for social media than ever before. The fact that the data captures are getting larger makes the change also a lot more important. If the value of Facebook is data, keeping that secure should be their first priority, the Encryption bill would also be a void part if non-repudiation becomes an actual part of our lives. The dire need of Common Cyber Sense is seen everywhere and we need to give less consideration to people who cannot keep their Common Cyber Sense.

You see, the issue is becoming a lot more important. The fact that these accounts are now sold on the dark web, with the by-line: “If sold individually at these prices, the value of the stolen data on the black market would be somewhere between $150m and $600m“, we are certain that this will get a lot worse before there is any improvement. It is my personal view that actively seeking a non-repudiation setting will hasten that process of making your data more secure.

It is in addition the setting that the Dream Market offers, which by the way is useless. The Chinese vendor offering the data, could in the end merely be an expelled student from any US university living in Dublin, there is at present no way to tell who Chernobyl 2550 actually is.

Finding and exploiting three bugs in Facebook gets you optionally half a billion, the governments are that far behind and there is no indication that they will catch up any day soon. When going back to the Facebook setting, we also saw “Facebook said third-party apps and Facebook apps like WhatsApp and Instagram were unaffected by the breach“, yet another source gives us: ‘WhatsApp Bug Allowed Hackers To Hack Your Account With Just A Video Call’ (at https://www.valuewalk.com/2018/10/whatsapp-bug-video-call-fixed/) implying that Facebook users are in a lot more peril then shown from the different media. We are given: “A security researcher at Google’s Project Zero discovered a strange bug in WhatsApp that allowed hackers to take control of the app if they just knew your phone number. All they had to do was placing you a video call and getting you to answer it. Though the WhatsApp bug was disclosed only on Tuesday, Google researcher Natalie Silvanovich had discovered and reported it to the Facebook-owned company back in August“. So even as it seems that Facebook is not giving us ‘faulty’ information; the mere fact on the existence of the flaw as seen with: “She disclosed the WhatsApp bug to the public only after the company fixed it via a software update. Silvanovich wrote in a bug report that heap corruption could occur when the WhatsApp app “receives a malformed RTP packet.” The bug affects only the Android and iOS versions of WhatsApp because they use the Real-time Transport Protocol (RTP) for video calling” is showing a dangerous setting where a number of failings within this year alone gives rise to the flaws in security and proper testing of apps and the stage of security is failing faster than we should be comfortable with.

So even as CBS News was all about hacking elections last week, giving us: “These cyber-attackers are driven by a variety of motivations, says Andrea Little Limbago, the chief social scientist at data security firm Endgame. “As long as attackers find it in their best interests or find the motivation to want to have some sort of effect … they’re going to think about what they could do with that access,” she says. “Especially China, Russia, and Iran.”“, the failing we see that there is a flaw in the system, it is not merely on pointing at the wrong players, it is about the flawed setting that some systems were breached in the first place. The larger setting is not the hack, it is access and the need for non-repudiation is growing at an alarming rate, in a setting where none of the players are ready to accept non-repudiation, we see a faulty authentication approach and that is the cost of doing business. So when you consider it a sign of the times, consider that I personally witnessed a bug that Whatsapp showed over 27 years ago, when a financial package on DEC VAX/VMS has something called Ross Systems. An intentional illegal action would crash your terminal program and leave any user in the VAX/VMS system with supervisor rights, with total access to every file on the server and every drive. Would it be nice if certain lessons were learned over a quarter of a century?

That is the issue sand the opposition of those who want to push out new features as soon as possible and that danger will only increase in a 5G setting, so when your mobile becomes your personal data server and someone does get access to all your credit card and health data, you only have yourself to blame, good luck trying to sue the technology companies on that. Actually that is exactly what Google is facing with class actions against both the Pixel and Pixel 2 at present. Should they lose these, then the ante goes up, because any case involving flawed data security, when flagged as inappropriately dealt with could cost Google a lot more than they are bargaining for, and it is not just Google, Apple, and Facebook will be in equal settings of discomfort.

If only they had properly looked at the issues, instead of seeking the limelight with a new fab. In the end, are we mere pawns to them, to be exploited and under secured for their short terms needs of clicks and sales pitches? What happens when it falls? They will still get their golden handshakes and a life without complications for decades, what are we left with when our value in data is sold on?

We are merely pawns in a game and no one wants the throne, they merely want to be the second fiddle and walk away overly rich (or own the Iron Bank), we enabled this, and we get to live with the fallout that comes next, all because non-repudiation was too hard for these players.

 

Leave a comment

Filed under IT, Media, Politics, Science

The Red Flags

Today is a day where we are overloaded with actions on parties, yet there is little evidence shown, actual evidence that gives light to the danger. So first we see Russia, the old red with hammer and sickle. First we see ‘Expulsions of Russians are pushback against Putin’s hybrid warfare‘ (at https://www.theguardian.com/world/2018/mar/26/expulsions-of-russians-are-pushback-against-putins-hybrid-warfare), as well as ‘More than 130 people could have been exposed to novichok, PM says‘ (at https://www.theguardian.com/uk-news/2018/mar/26/130-people-feared-exposed-to-novichok-in-spy-attack-says-pm). These two matters are shown to us giving two lights. The first is “The expulsions of Russian diplomats on Monday reflect how widely Vladimir Putin has attempted to wage his brand of hybrid warfare and how many leaders and their intelligence agencies he has angered in the process. Even before the Salisbury poisoning, many governments had lost patience with Vladimir Putin’s grey war for domestic reasons of their own. Their response is not just an act of solidarity with the UK but a collective pushback“, I am not denying any of this. There are indicators that Putin has been waging ‘war’ for some time. There is also the larger indication that he is moving on several fronts and he is gaining field in economic options in the Middle East, whilst America has lost footing. The US needs to appease Saudi Arabia to the maximum degree to avoid the dangers of losing even more footing in the Middle East.

It is with “In Lithuania, the government found Russian spyware on its computers. As far back as 2007, Estonia suffered a three-week wave of cyber-attacks” we do get a first issue, as well as with “US and EU expel scores of Russian diplomats over Skripal attack“. You see when governments start to react with “in a show of solidarity” you should all be aware that there is a lot more going on. This is not some form of ‘conspiracy theory’, this is merely facts that you can check. How much solidarity was shown when we all got screwed over by the meltdowns of 2004 and 2008? The economic impact was shown in several countries. Of course not as massive outside of the US, but we all felt the pinch, millions of us. So how much solidarity was shown AGAINST Wall Street? Please show me the evidence, because for the most, these people might have lost their jobs, but left so wealthy that these men could go into brothels for the rest of their lives, shopping for virgins. So when it comes to solidarity, i have merely seen that as a government sham over the last 10 years. In addition, even if we acknowledge that the Novichok is of Russian making, there is evidence that it was not uniquely in Russian hands. In addition, there are clear questions regarding Vil Mirzayanov as well as some of his statements as I showed in the earlier presented blog ‘Something for the Silver Screen?‘ (at https://lawlordtobe.com/2018/03/17/something-for-the-silver-screen/) where I gave the readers “Regarding new toxic chemicals not listed in the Annex on Chemicals but which may nevertheless pose a risk to the Convention, the SAB makes reference to “Novichoks”. The name “Novichok” is used in a publication of a former Soviet scientist who reported investigating a new class of nerve agents suitable for use as binary chemical weapons. The SAB states that it has insufficient information to comment on the existence or properties of “Novichoks””. Now we need to consider that both the OPCW and the SAB are incompetent beyond belief, or that we are now getting a collection of Fish Stories. They presented the statements in 2013. Now TASS (I know, not the greatest source of non-biased journalism) gives us “As far back as 1998, we looked though a regular edition of the spectral database released by the US National Bureau of Standards, which has spectral data on about 300,000 compounds and is regularly updated, to find an agent that caught our attention as it was an organophosphorate chemical. We understood that it must have a lethal effect. Now it has turned out that, judging by the name of that agent, it was Novichok A234. It has surfaced,” Igor Rybalchenko, chief of the ministry’s chemical laboratory, said in an interview with the Voskresny Vecher news roundup on the Rossiya-1 television channel“. You see, this is something that could have been checked. Is TASS lying? If not than we get the additional of what some might regard as ‘fuck ups‘ by both MI5 and GCHQ. In that regard, the less stated involving MI6 at present the better. Now, that part could be easily verified, yet the US and the UK have not given any clear evidence, whilst several sources have clearly shown that Novichoks were out there. If any of the sources, that I mentioned on Novichoks (like Leonard Rink), are shown to be true than there is a larger issue in play. The issue is that some governments are in denial over the evidence and facts and that is a bad thing. Let’s be clear, that does not absolve the USSR (I love the old names) on many of their actions, it merely shows that painting everything with a single brush shows other levels of incompetence on several fields. Even if that was the Intelligence branch intervening for whatever reason, they went about it really bad and the wrong people end up getting scorched. It is the Guardian that gets credits here for asking the hard questions. With ‘UK’s claims questioned: doubts voiced about source of Salisbury novichok‘ (at https://www.theguardian.com/uk-news/2018/mar/15/uks-claims-questioned-doubts-emerge-about-source-of-salisburys-novichok) it asks the harder questions and in there we see the conflicts that Craig Murray brings. With ““There is no evidence it was Russia. I am not ruling out that it could be Russia, though I don’t see the motive. I want to see where the evidence lies,” Murray said. “Anyone who expresses scepticism is seen as an enemy of the state.”“. I am pretty much on his side on this matter. I found issues that gave rise to the blanket accusation within 30 minutes, perhaps better stated it took an hour because the OPCW documents read as smooth as sandpaper, more boring materials and meetings will seldom be read. Besides the questions from the Guardian, not one of the newspapers dug into the overkill matter. The entire exercise too overly complicated. I could have mugged, executed the two making it look like a robbery in mere minutes (excluding preparation time), it would be done in no time and no chemical risks at all, to no one. So as we saw PM Theresa May give us “More than 130 people could have been exposed to the deadly nerve agent novichok during the Russian spy attack in Salisbury, Theresa May said on Monday“, yet no one raises that it could be a mere individual or even the Russian Mafia. Two likely considerations in all this, and not one has raised that part. No matter how we see the opposing players in Special Forces or Intelligence. To set the stage of 130 bystanders getting in the crossfires is a realistic thing in places like Syria and Yemen, where there is open warfare, in places like Chantilly, Cheltenham, St Petersburg, or Lille is not where one goes playing like that. You see killing a target, a valid target is one thing, doing it whilst setting the stage for getting +100 plus knowingly in the crossfires requires an entirely different type of psychopath and governments tend to not hire those types in the first place.

That alone merely emphasizes the part that my view has been correct all the time. In addition to that, we still have seen no clear stated evidence on how it was done. The Scotsman (at https://www.scotsman.com/news/uk/sergei-skripal-exposed-to-nerve-agent-through-car-vents-reports-1-4707852) stated “may have been exposed to a deadly nerve agent through his car’s ventilation system“, which they got from the US. You see, when we get ‘may have been‘ and ‘possibly‘, we need to realise that we are either kept in the dark, or they actually just do not know at present, which makes a case for blaming the Russian government a weird choice at best. And with every delay in this it merely shows that the entire mess is a lot larger, yet the media ignores that. I call that an actual problem.

I mentioned Lithuania earlier. Now, the following speculation does not absolve Russia, but when you realise that people like the Russian Mafia might oblige the Russian government at times, they are still in it for money, for simple profit and coin. So when we see: “In March 2016, Vladislav Reznik, a Deputy of the State Duma, has been put on the international wanted list and officially charged with membership in Tambovsko-Malyshevskie organized criminal group and money laundering in Spain. Reznik’s villa has been searched. According to the indictment, Reznik was among those controlling the gang operations and a member of Gennady Petrov’s business circle” as well as “€16 million have been received from the British Virgin Islands, Panama, Lithuania, Switzerland, Great Britain, and Russia. On the other hand, monetary funds amounting to some $8.5 million have been transferred from his accounts to Russia, Panama, Cayman Islands, and U.S.“, we see that Lithuania has larger players in the fold. If it is a vessel for transferring funds, having their cyber infrastructure under attack seems to be an effective way to keep the eyes peeled in different direction (extremely speculative), yet in support there is also “In July, Russian hackers were blamed for a similar assault on Lithuanian government Web sites. In Security Fix’s account of that attack, I posted a copy of a congratulatory letter sent to nationalist Russian hackers by Nikolai Kuryanovich, a former member of the Russian Duma. The missive is dated March 2006, and addresses the hacker group Slavic Union after the group had just completed a series of successful attacks against Israeli Web sites“, which is a first link from a ‘gov.ge‘ site. Cyberwar – Georgia

In addition there is “The wave of attacks came after a row erupted over the removal of the Bronze Soldier Soviet war memorial in Tallinn, the Estonian capital. The websites of government departments, political parties, banks and newspapers were all targeted. Analysts have immediately accused the Russian Business Network (RBN), a network of criminal hackers with close links to the Russian mafia and government, of the Georgian attacks“, now remember that Tallinn is in Estonia, not Lithuania. Yet the methods that the Russian Mafia uses are quite often duplicated (an Amway solution) and that part is not so far stretched. It is another cog that is showing us on the acts of the Russian Mafia. The Russian government is not absolved in all this, yet Theresa May did not tell us: ‘we have strong indications that a member or Russian organised crime with links to the Russian governments are behind this‘. No! She went straight for the Russian government and offered no clear evidence, that whilst the clear evidence could be largely dismissed in most courts with merely the use of the documents of the SAB, the OPCW and the testimony of Vil Mirzayanov who seemed to be interested in upping the sold copies of his 2008 publication.

There are sides to my story as well, parts I am not happy about, parts that should be scrutinised, yet in all this, the current facts and statements seem to take down the UK case at present. More importantly it shows us that the US is also playing the fear game, it is now more afraid than ever that it loses more and more turf in the Middle East, whilst Russia is moving forward. That scares them more than anything, even more than any Novichooks (yup intentional typo) in play, especially when we consider the danger that these weapons are and additional could be down the line, is that not odd either?

Ready Player Two

And that is not the whole story. You see in all this the other red flag has a star and a crescent moon. Yes it’s everyone’s favourite humanitarian setting (or was that lack off?), it is Turkey. So when we are again treated to the marketing of ‘Turkey needs Europe, Europe needs Turkey‘, the people in Europe need to run to the Brexit, or any EU-Exit they can find. I stated it in a previous blog with ‘This relates directly to Turkey, because it shows the desperate EU trying to open a many doors as possible‘. I did that in ‘A changing language‘ (at https://lawlordtobe.com/2018/02/15/a-changing-language/) well over a month ago. Now we see “Turkey is not doing very well economically, it needs outlets” said Lamberts, “and it is very clear that bad relations with Europe are harmful to Turkey, so somewhere on the economic level Erdogan needs Europe and Europe in fairness needs Turkey“, which Euro news gave us yesterday. So we see how Philippe Lamberts, a Belgian Green MEP is willing to throw values overboard, the economy does not allow for any humanitarian values. So when I see any journalists hiding behind ‘constant attacks on transgressions of human rights‘, whilst attacking governments making any kind of economy based deals. Can they just kindly go fuck themselves? When we see the Turkish joke evolving on the EU field, no journalist gets to use the ‘Human Rights‘ card for a long time to come. If you want to do that, go visit Turkey and protest in front of those prisons that have journalists locked up for life. Until you can make that change there, do not come crying on other shores. If you need actual Human rights issues, then perhaps turn to Canada where we got “A French waiter who was fired for his “aggressive, rude and disrespectful” manner has claimed compensation, insisting that his behaviour is not unusual, but that he is simply French“, that is the story of Guillame Rey from Vancouver Canada. that is where the Human Rights have gotten us and that is a real win for the ‘15 children that were killed in an airstrike as they hid in the basement of a school in the town of Arbin‘, yes a real humanitarian win in this. So even as the financial Times reported less than 2 hours ago “The EU said it failed to win a pledge from Turkey to free journalists it has jailed and improve other rights for its citizens but that it will maintain talks with President Recep Tayyip Erdogan after their first meeting in almost year“, we see no place stating that turkey will not become a member of the EU. It is another side where the gross negligence of evidence is taking the toll of our humanity. So as the President of the European Council Donald Tusk gives us “Only progress on these issues will allow us to improve EU-Turkey relations, including the accession process” (at https://www.ft.com/content/dbefa9e6-313d-11e8-b5bf-23cb17fd1498), so I am proven correct yet again, they merely need to push the EU deeper in debt, which according to Bloomberg is coming for certain through “Draghi’s call for patience and persistence in delivering stimulus, suggesting bond-buying will be extended beyond September” or set the stage where the so called Humanitarian principles are ignored, which has been the case for close to a year. It has only strengthened my view that the UK is a lot better off outside the EU, because this entire EU mess will collapse onto itself and woe to those who are left behind paying for it all. It could set back the economic markers for close to two generations in Europe, which should scare anyone in the EU.

The last red flag is North Korea (it has blue too)

I mentioned it some time ago. The entire Sony mess and blaming North Korea was never really resolved. So when I got the news from ABC stating “Secret intelligence documents and photos unilaterally collected by the U.S. military were among the stolen cache of South Korea’s classified documents by North Korean hackers, but the totality of what was stolen remains unknown“, we should be starting to get careful. you see it implies one side, but to my view it gives an entirely different issue. It implies that North Korea is a capable cyber operator. Now, we know that one can do plenty of damage with a laptop (like in the movies). Yet when you see these pics you wonder what on earth is going on, because we now get the speculated but believable view that ‘the US gave documents to an ally that does not have its basic cyber protections in place‘, that is a very different kind of cheddar, isn’t it? Now, I have seen a few pics where the computers look a little more advanced, but nothing that an actual gamer would still be using two years ago. And that is the foundation of their hacking? Let’s be clear, there are situation where you can hack with a 10 year old laptop, but you need skills, you need access to documentation and the ability to get past the firewalls and past sniffers and network monitors. They do exist, yet that requires an equal incompetency on the South Korean side, a part that we are also ignoring, the use of Common Cyber Sense.

You see, when you get “Malware contamination of the intranet server of the cyber command that occurred in September last year was confirmed by the South Korea’s Defense Ministry in May but this is the first glimpse of the scope of the damage“, there is another layer in place, one that does make sense. Some of the European, Russian and optional US hackers are selling their stuff to North Korea. That is a very possible scenario, but in that case both the FBI (if the US was involved), as well as the CIA failed in their tasks. Perhaps better stated, the CIA seems to be unable to thwart North Korea from purchasing cyber hacking software from making it to North Korea, which is equally a failure on several levels. It is unfair to blame merely the CIA. It is fair enough to add the earlier avoided MI6 to the mix as they should have been watching that danger, because if these hackers can get to South Korea, they could in theory hit the UK in equal measure, the evidence is there. Even as we agree that North Korea does not have the skills (my personal belief) to create something like Wannacry. I already went there to some degree in ‘In light of the evidence‘ (at https://lawlordtobe.com/2017/05/28/in-light-of-the-evidence/), the evidence given was compelling that was given by ICIT. In addition we had ‘when IBM cannot give view of any mail that propagated the worm’, which also takes North Korea out of the loop, yet they could have acquired the software. So even as the largest cyber player like IBM remains in the dark, there is still evidence that it was North Korea? That view was only enforced when a Dutch media team went to North Korea a few years back. In some places their cameras were locked up because no photographs were allowed. Yet most had them anyway, because the North Korean officers had no idea what a smartphone was and that it was able to take pictures. The Dutch NOS showed it on Television, so that is the place that hacked into South Korea, the birthplace of Samsung? It is not impossible and was never denied by me, but it was so extremely unlikely that unless clearly proven with evidence considering it was utterly impossible to the common sense mind. Yet as the source is not in North Korea, hunting that source down is more important, because the next time it will not be some version like Wannacry 2.0, it could be Stuxnet 7.1 and as the UK has 15 reactors and the US has 99 reactors in 30 states, it seems to me that waking up both MI6 and the CIA to actually get to the bottom of these North Korean ‘praised’ cyber skills and find out where those skills actually were (read: came from), because not doing so is a much larger issue. I hope that the South Korean bungle of their network security constitutes as at least some level of evidence.

Three red flags, none of them are innocent, I never implied that, but as we are changing the play, the marketing vibe and the need of what is real we need to carefully weigh what the media gives us and what those giving the media are actually after. I have seen enough evidence thrown about and have been able to ask questions to the extent that gives rise to many question marks and whilst some media are playing the emotional waves, some are seeking clarity and that clarity gives us additional options and views that we did not consider before. People all over the world are told to jump to the left, whilst there is no evidence that anything form the right was going to hit us in the first place, which makes us wonder why they did not want us on the right side to begin with.

These red flags are important, because even if we had any faith on the Russians trying to attack us, we need to consider that Cambridge Analytica is an English firm and even as Fortune now reports “A non-partisan watchdog group has filed complaints with the Department of Justice and the Federal Election Commission alleging that the data firm Cambridge Analytica violated U.S. election law by having foreign nationals involved in the decisions of political committees“, we see that it was a British firm who scored that job.

So it is possible that the people in Moscow will be treated to a comedy in 22 hours, it will go something like “TASS Is Authorized to Declare that the accusations against the Russian government and its people were propagated by an English Firm“, in this I used part of the 1984 Soviet spy miniseries directed by Vladimir Fokin, because even with my weird sense of humour it seemed important to give it an Orwellian sling. Perhaps you should check out his new book. It apparently deals with life in the US after a presidential election.

 

3 Comments

Filed under Finance, IT, Media, Military, Politics, Science

Lawyers on a weakly basis

It is the Lawyers Weekly that gets the attention at present. The article (at https://www.lawyersweekly.com.au/biglaw/22159-lawyers-don-t-need-to-become-accomplices-to-white-collar-crime) gives us the nice title with ‘Lawyers ‘don’t need to become accomplices’ to white-collar crime‘, yet is that statement anywhere near the truth or the applicable situation that many face in today’s industry? Monty Raphael QC talks the talk and does so very nicely as the experienced QC he is, yet there were a few points in all this that are an issue to me and it should be an issue to a much larger community. For me it starts with the quote ““Cyber space has not created any new crimes, as such, really, of any significance,” Mr Raphael said.” This is of course a correct statement, because until the laws are adjusted, plenty of issues are not covered as crimes. We merely need to look at the defence cloak that ‘facilitation’ gives to see that plenty is not covered. The case D Tamiz v Google Inc is merely one example and as technology renews and evolves, more and newer issues will rise, not merely in cases of defamation breaking on the defence of mere facilitation.

Yet for this matter, what is more a visible situation is the case of Tesco a how PwC seems to not be under the scrutiny it should be, it should have been so from day 1. So when we read: “Mr Raphael insisted that lawyers have an ethical obligation to ensure they do not support or enable white-collar crime” we are introduced to a statement that is for the most seemingly empty. I state it in this way, because the options of scaling the legal walls while not breaking any of the laws that were bended to the will of the needy is an increasingly more challenging task. If the legal walls were better than PwC would clearly be in the dock 2 years ago, or would they? In addition, they are not alone, merely slightly (read: loads) more visible as the profit before tax for Tesco ended up being minus 6.3 billion in 2015.

Monty makes a good case, yet the underlying issue is not the lawyer, it for the most never was. It is the law itself. This is why I object to the title, it is nice but is it true? PwC shows that even as we oppose their actions, the fact that they are not in the dock is because when we see Reuters (at https://uk.reuters.com/article/uk-britain-tesco-fraud/former-tesco-executives-pressured-staff-to-cook-books-court-told-idUKKCN1C41TK) we see “Tesco’s auditors PwC were “misled and lied to,” Wass added“. Is this true? Let’s consider the evidence, can it be shown and proven that they were lied to?

It might never be proven because the people in the dock have had years to get their story right (read: synchronised). What I stated at the very beginning of the events of Tesco remains true and it remains the issue. The fact is that PwC made that year £13 million from this one customer. Much of it in a project and auditors for the rest and they did not spot the fact that the books were ‘cooked’, will remain an issue with me for some time to come. It is the Tesco case that also underlies the issue here. It is about the weak lawyer, not because he is weak, but the lack of proper laws protecting all victims of white collar entrepreneurs is stopping them from aiding potential victims. In addition as the law is struggling to merely remain four passes behind it all, it becomes less and less useful, not to mention a lot less effective. As the next generation of economic tools are being rolled out (block chain being a first), we will see new iteration of issues for the law, for both the CPS and DPP as it cannot progress forward in light of the legal parties not comprehending the technology in front of them, so showing wrongdoing will become an increasingly hard task for lawyer to work with. The biggest issue is that as it is all virtual, the issue of non-repudiation goes out of the window. Not only will it become close to impossible to work with the premise of ‘beyond all reasonable doubt‘, there is the fact that ‘proof on a balance of probabilities‘ is becoming equally a stretch. The fact of non-repudiation is only one of several factors. So as we have seen that successful criminals tend to hide on the edge of technology, the chance to stop them is becoming increasingly less likely.

This now gets us to the statement “In the wake of the Panama Papers revelation from law firm Mossack Fonseca, Mr Raphael cautioned that clients’ criminal activities can come back to haunt their law firms“, the fact that both former prime ministers involved in the Panama paper scandals, Bjarni Benediktsson and Sigmundur Davíð Gunnlaugsson, have been re-elected to the Icelandic parliament (Source: IceNews), so it seems that the Panama papers are a little less of a haunt. In addition there will be a long debate of what constitutes the difference between Tax Avoidance and Tax Evasion, because only one of those two is illegal. In addition certain questions on how 2.6TB was leaked and no alarms went off is also an issue, because the time required to get a hold of such a large amount of documents would take a monumental amount of time and with every option to shorten the path, alarms should have been ringing. When we consider the basic IT issues, we get partial answers but not the answers that clearly address the issues, as they did not. The time it had required to do all this should have placed it on the IT radar and that never happened. So as we see on how patches and security risks are now being pushed for as a reason, we need to wonder if Mossack Fonseca could have been the wealthy party it claimed to have been. When we consider the expression ‘a fool and his money are soon parted‘ the lowest level of IT transgressions that have been seemingly overlooked gives rise to a total lack of Common Cyber Sense, staff that should have been regarded as incompetent and an infrastructure that was lacking to a much larger degree. You see, even before we get to the topic of  ‘illegally obtained data‘ which was used for investigations that have convicted people of crimes, the larger issue that could be in play  on the foundation of that data alone, a few prison sentences could be regarded as invalid, or might get overturned soon enough. There were cases where the story gives clear indications of what was done and here we see the consideration of what is admissible evidence. In this, the one step back is the IT part. The hardware would have regarded as little as $100K to upgrade to better security standards and hiring a better level of University Student in his or her final year might have given a much safer IT environment, perhaps even at half the current cost.

All issues worthy of debate, yet none of it hitting the lawyers; it more hits the infrastructure of it all. Yet these two issues that might now be seen as real hindrances for lawyers, in a place of laws that are now seemingly too weak, the law, not the lawyer. So as we recollect the Toronto Star in January 2017 where we see “Canada is a good place to create tax planning structures to minimize taxes like interest, dividends, capital gains, retirement income and rental income,” when we see the added “the Canadian government has made it easier than ever for criminals and tax cheats to move money in and out by signing tax agreements with 115 countries” we see growing evidence that the law is getting hindered by eager politicians making their mark for large corporations through the signing of tax agreements, and what they think would be long term benefits for their economy, whilst in actuality the opposite becomes the case. So every clever Tom, Dick and Mossack Fonseca can set up valid and legal shapes of international corporations all paying slightly less than a farthing for all their taxations. Legal paths, enabled by politicians and as the laws are not adjusted we can all idly stand by how nothing illegal is going on. So as we admire the weakly lawyers, we get to realise that the law and the politicians adjusting it weakened their impact.

In all this at no point would the Lawyer have been an accomplice. The data lies with IT, the setting of these off shore accounts were largely valid and legally sound and in that, there could always be a bad apple, yet that does not make the Lawyer an accomplice. That brings us to the final part which we see with “Money laundering has been in the spotlight recently, with the Commonwealth Bank facing punishment for failing to report suspicious deposits in its ATMs“. It needs to be seen against “Mr Raphael insisted that lawyers have an ethical obligation to ensure they do not support or enable white-collar crime” in this the banks are already faltering. We seek the dark light events of PwC and Mossack Fonseca, yet the basics are already getting ignored. I believe that the article is missing a part, I feel certain that it has at least been on the mind of my jurisprudential peer. You see, the legal councils will need to evolve. Not only will they need to do what they are already doing, the path where they (or more likely their interns) start to teach IT and other divisions a legal introduction on what is white collar crimes. The fact on how ‘suspicious deposits‘ could be a white collar crime is becoming more and more visible. I see that the education of IP legality in IT is now growing and growing. The intertwining can no longer be avoided. Now, we can agree that an IT person does not need a law degree, but the essential need to comprehend certain parts, in the growing mountains of data is more and more a given.

In all this there is one clear part that I oppose with Mr Raphael, it is the statement ‘There’s nothing cultural about greed‘, you see, as I personally see it that is no longer true, the corporate culture that is globally embraced made it so!

 

Leave a comment

Filed under Finance, IT, Law, Military, Politics, Science