Tag Archives: cyber security

The Bully’s henchman

Yes, we saw it before and again we see a new ploy into the bashing by a bully. The Guardian (at https://www.theguardian.com/technology/2020/jan/29/uk-chance-relook-huawei-5g-decision-mike-pompeo) gave us “Britain has a chance to “relook” at its decision to allow Huawei into its 5G phone network in the future, the US secretary of state, Mike Pompeo, declared as he flew to London for a two-day visit to the UK“, the fact that the number one US bully (as some see him) sends out Mike Pompeo warrants more scrutiny. Lets not forget that on a global scale the US has not actually produced ANY evidence that Huawei is a security concern. We see merely that the US firms will lose their data drops on a global scale as Huawei makes a larger impact, and that is a much larger fear for the US than anything else. Even as we see news with senators with privacy concerns, we see an absolute lack of actions towards Google and Facebook to amend its protocols and data capture activities, all set in some loophole, flaws which are still legal and legally set in stone (of a sort mind you). Yet the undocumented claimed fear of Huawei and the Chinese government has still not been shown to actual cyber specialists and to actual independent hardware experts. 

So as senior (read: ancient) advisors of the Trump administration give: “insisted that sensitive American information should travel only through “trusted networks”” we see a lack of evidence by them. We also see that the US is changing its tune, the claim “But our view is that we should have western systems with western rules, and American information only should pass through trusted networks, and we’ll make sure we do that,” is it the changing claim of the bully that has changed evidence for ‘we should have western systems with western rules‘ is evidence of that. In addition to that its weak and waning “The secretary of state emphasised that work was being done between the two countries “to make sure that there are true competitors to Huawei” so that “we can deliver true commercial outcomes across real secure networks that aren’t subject to the Chinese Communist party’s control”“, where we need to valuate ‘work was being done between the two countries “to make sure that there are true competitors to Huawei”‘ reads more like a flaccid 90’s software sales agent with a concept to sell than an actual commitment. This situation merely exists because governments stopped seeing infrastructure as a priority and as US commercial people saw ‘gains’ elsewhere (read: cheaper/easier way to make commission), hardware needs lagged and the US is almost 3 years behind in the 5G circuit. Like in the BBC article yesterday, we see “The US says Huawei could be used by China for spying, via its 5G equipment” hiding behind the word ‘could‘ whilst not producing any evidence. All whilst presurring on “Mr Ren’s military background and Huawei’s role in comms networks to argue it represents a security risk” that is all slanted on a time when Mr Ren actually looked young and served for 9 years, he left the army in 1983, which was when Mike Pompeo was in High School optionally hoping to fondle a local cheerleaders boobies (we can presume), oh and by the way this was all 37 years ago, as such the lack of evidence on the equipment apart from an almost 10 year old case that was settled, the evidence presently seen is a joke.

This is all about the US losing its data collecting position and it is willing to sell anyother nation down the drain, all becasue the US became lacks, stupid and flaccid. Is that the legacy that the EU and the UK have to look forward to? Lets not forget that no matter how happy Nokia and Ericsson become, they are a little over 5 years in the running and well over 3 years too later to adapt to the high-tech that Huawei is currently releasing, that is the price of iterative technology.

The fact that my personal IP surpasses the US tech stream is further evidence still, in 1992 I was really behind the curve, it makes for the difference of innovative thinking and as the world relied on the US, its flaccid actions are now a real issue. 

In addition to all this, Wednesday also gave us “A group of anti-Huawei Tories want an assurance that the government will work towards reducing the Chinese company’s influence in UK infrastructure to zero, ultimately stripping it out of the 4G network as well” which is linked to “any provider deemed high-risk by the intelligence services should be phased out of the supply chain” and the problem here is not that Huawei is a claimed spy tool for the Chinese government, it is the fact that (as Alex Younger) stated that no infrastructure should be in the hands of non-UK corporations, which is acceptable. Yet they will hand the hardware over to EU and the US government, which is slicing the meat on the other side and almost as pointless. Let’s be clear, Alex (big boss MI6) gave a clear and understandable point of view. UK infrastructure needs to be in UK hands and as such we can accept that. Yet British Telecom is nowhere near this situation and as such we see a failing of policy on more than one shore.

So as we get to “Unhappy MPs held a series of meetings in Westminster, although they are keen to operate behind the scenes to push for a concession, several senior Tories believe they have a chance of getting the 45 rebels needed for a successful backbench revolt on legislation relating to regulation of Huawei” which would boil down to a conservative mutiny on a few fronts, the question that I am currently posing is: “If I investigate these 45 ‘proclaimed rebel’ members, how many will reveal a carefully denied personal link and gain from a non Chinese Telecom market?” Is that not an interesting side either?

And the intentional limitation of 35% would that be to keep American commerce happy, or is there an actual security setting here?

There is too much on the surface that we should investigate and it is not. Even as the article makes a reference to American diplomat Plus One, whose wife Anne Saccolas is accused of causing the death of 19-year-old motorcyclist Harry Dunn. They still insist on their bully tactics and they will refuse to make public any evidence of the Chinese government links to Huawei hardware, all whilst the massive bugs in the Cisco routers are ignored by all.

So whilst we all cry over non existent hacks on Huawei equipment, we are faced by Cisco insecurity, and whilst some will not get this, the fact that the bulk of all servers in the world rely on Cisco Switches. so when we get (source: Cisco) “2020 January 29. A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of requests sent to the web interface. An attacker could exploit this vulnerability by sending a malicious request to the web interface of an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.” Now apart from the local need to fix this, there is no real blame at Cisco, this happens and whilst we see

Vulnerable Products

  • 200 Series Smart Switches
  • 300 Series Managed Switches
  • 500 Series Stackable Managed Switches

So whilst everyone is crying over non proven proclaimed weaknesses, there are actual weaknesses in the hardware leading to the internet and that gets my goat up, the entire Hawei matter is about the US losing too much revenue and the US being out of the data loop, and we support that….why?

When we wonder how we care on who gets our data, we seem to forget that someone gets it, yet the US wants to be the only runner in this race, based on decades of feigned superiority and now that they are in the race and moving from first to 4th position we seem to grant them all the leeway they need, whilst on the other side we see no improvement on personal data intelligence security, why do we need to continue this situation?

That issue becomes larger when we see the Financial Times (at https://www.ft.com/content/96c79040-40ea-11ea-bdb5-169ba7be433d). Here we see “Wealthy individuals are scrambling to lock down their privacy in the wake of the alleged hack of Jeff Bezos’ iPhone, as personal cyber security experts warn that the rich and famous are increasingly becoming the target of sophisticated cyber criminals“, which makes sense and the supported ‘a report last week alleged that Amazon founder Mr Bezos was hacked by Saudi Crown Prince Mohammed bin Salman in 2018‘ in all this there are (at least) two sides

  1. We see a proven part where ‘sophisticated cyber criminals‘ are getting onto more and more mobiles (an issue that will continue faster and more intense in 5G. 
  2. The world is realising that corporations are not lucrative targets, the softer market and larger market of one million mobiles might be worth a lot more, and the collected information could lead to a switch in ‘criminal economies’, that part is optionally seen in “Rubica, a company that provides more affordable digital protection for families, added that had he received “lots of inbound” inquiries last week from clients about how to better protect themselves from adversaries“, and as we see “According to data compiled by RSA Security, 70 per cent of fraudulent transactions in 2019 originated on mobiles
  3. (Optional) The guilt of Saudi Crown Prince Mohammed bin Salman was never clearly established and is by some experts in the field regarded as a strange choice of actor to incriminate in the first place, as such it implies that there is a larger concern that the ‘vested’ parties cannot make clear statements on guilt and providing proof on who did it. Making the cyber setting a lot more dangerous, especially as insurers will try to seek more ways on options to not having to pay out (making more stringent contracts), this setting could hurt millions of people whilst the actual criminals go on without prosecution.

We see a shift in the market and this shift becomes a much larger issue in 5G, as such do you want your 5G infrastructure to be 3 years behind the latest technology? It will go faster and faster as I saw what the direction was and my IP would (hopefully) lessening the impact by almost 30% whilst 400 million starters (globally) will get a much larger slice of their marketing pie for their small businesses, whilst keeping more control of their information. All because some people forgot to look in one direction, that too is the effect of flaccid American innovation. I would never be a contender if they upped their game, so when my ship does come in, I will have to thank them for that.

Marc Rogers, vice-president of cyber security at Okta is right when we see “The cache of data on these devices is just growing, We’ve seen a massive escalation of theft [from] mobile devices because criminals are realising that people are storing immense amounts of personal and financial information,” is part of that crux and the US whilst bullying their Huawei part are basically not ready to deal with this, because they will claim that is up to you and your insurance. Which is an interesting ploy to give out in the near future as Cyber crime will spike and all whilst most global governments still do not have a clear and well documented Common Cyber Sense setting in play, many are hiding it in some HR document and using that to sack people when the damage becomes a little too pronounced, or the transgression becomes a ‘politically correct’ consideration. 

I see a much larger problem and the US is merely adding fuel to the fire and whomever they send will merely be the spokesboard of US data collection groups (as I personally see it) that need their data to maintain existence. 

So who is ready to play catch with the next henchman that the US sends?

 

 

Leave a comment

Filed under Finance, IT, Media, Politics

That’s the way the money flows

The Independent had an interesting article 2 hours ago. The article (at https://www.independent.co.uk/news/world/americas/china-drones-spy-us-dhs-security-data-alert-a8922706.html). The title leaves little to the imagination with: ‘Chinese drones may be stealing sensitive information, DHS warns‘, after the Trump google play, after his refusal to submit to subpoena’s, after the anti Huawei activities that so far has never yielded any active evidence (the 8 year old case was settled within months are done with). Now we see: “Chinese-made drones in America may be sending sensitive data to their manufacturers back home where it can be accessed by the government, the United States Department of Homeland Security (DHS) has warned“, which might be a nightmare if it was not so hilarious. You see the next quote: “CNN, which obtained the internal alert, reported that the DHS fears drones will offer Chinese intelligence unfettered access to American data“, it comes across like we have a case where a CNN reporter has been hit by a silly stick and never recovered. Consider the drones we see, there is no space to have a dedicated hack system on board. Yes some can be done with a mobile, and there is plenty of space in that device, now consider the ‘sensitive’ data that needs to be found, the data needs to be connected to (and with all these faulty Cisco routers that is relatively easy at present), then a selection needs to be downloaded and that is merely for one place, one device. All this stops when any person uses common cyber sense. It is the revelation that we see next, that is the one that matters. With: “Though the alert didn’t name specific companies, the vast majority of drones used in the US and Canada are made by the Shenzen based Company, DJI, CNN reported” we see the part that matters. As drone services are up on an almost exponential growth as we see the push that got there. The news from November 2016 gave us: “Domino’s Pizza Enterprises Limited (Domino’s) and drone delivery partner Flirtey delivered the first order, a Peri-Peri Chicken Pizza, and a Chicken and Cranberry Pizza“. Consider the option to avoid traffic in New York, Los Angeles, San Francisco, Boston, Chicago, Seattle, Pittsburgh, all places with massive congestion. Drones are the optionally the newest quick way to deliver food, Amazon needs, Walmart needs, all in growing need due to the events where retailers and shippers combine forces to avoid a few items, and with congestion set to zero, people will flock to that consideration. Now the operational part, it seems that DJI is ahead of the curve, another Chinese company decided to truly innovate and now that the push is there and America is bankrupt (as I personally see it) anything possible to avoid money going to China, America is taking a pot shot at that. So when we are also treated to: “A spokesman for DJI denied that any information was being transmitted to it from its drones, adding that the security of its technology has been independently verified by the US government.” I start wondering if DHS was able to do its job properly. Now let’s be clear, there is no doubt that ANY drone can be used for espionage, especially if it is quiet enough. Yet is that the issue for DJI, or is that an issue with the spy that utilises drone technology? Yet that is actually not the only side, on the other side we see mentioned: “Those concerns apply with equal force to certain Chinese-made (unmanned aircraft systems)-connected devices capable of collecting and transferring potentially revealing data about their operations and the individuals and entities operating them, as China imposes unusually stringent obligations on its citizens to support national intelligence activities,” Now, this part does make sense. It is the same as the Apple Fitbit, that due to its global nature started to hand out the jogging patterns of Special forces in the Middle East, so within 3 days several members of the two dozen operatives had a check on their calorie burning and health, whilst the mapping data showed the world where the CIA black site was (oh apologies, I meant to say a military specialist endeavouring location of an undetermined nature). The question becomes how was the ‘the security of its technology has been independently verified by the US government‘ achieved? Was that verification process competent, or perhaps slightly less so?

I am not stating my verdict in either direction; yet the entire Huawei mess, as well as the DJI setting implies that the growth industries are shunned from America, mainly because it is not an American industry. Yet in all this, the forget that places like the EU and India are large enough to go forward with both players and truly grow further, whilst the downturn and the economic lag that the US is creating will merely grow the loss of momentum and the recession it will fuel in other ways. I would consider that the setback that Google is trying to create will have larger repercussions down the road. As larger Data vendors will now optionally choose the Chinese side, they will grow market share. You see no matter how it is sliced, all this is data based and data can only grow if there is usage. So when people remain with Huawei as their phone keeps on working, we see that there is a larger concern soon enough. At some point people will stop trusting Samsung, Google and Apple phones, which works out nicely for several players (Microsoft actually more than most), what do you think happens when the larger share of 14.7% of a global market changes to player three and not use Google apps to some degree? Google momentum relies on non-stop data and usage, when a third of the 60% that these three cover stops, do you think that this has no impact for Google?

The same applies to drones. You see intelligence makes the drone and as it grows its market share and the collected data of drone usage is set, the innovation of DJI grows faster. It is the difference between generation now and generation 2022, DJI will grow and can grow in several directions, yet the entire the setting of ‘data theft’ we see that there is a lack of ‘what’ data. What data is collected, the flight path? Well, I think we all need to know in 2023 what flight path was taken for the delivery of 342,450 pizza’s delivered per hour, is it not? It is not that Google Map has that data, and within a building in New York, is there truly a clear sign in the drone itself who exactly the merchandise was for, or was that on the box (instead of the drone). Now, there is no denying that some of that data would optionally be accessible to the Chinese government? Yet what data, what level of data? Do you think that they have time for the hundreds of drones and the data whilst they can monitor 20,000 times that data with a spy satellite (and an additional truckload of data that the drone never had in the first place?

It is when I see ‘unfettered access to American data‘ where the questions become pressing. It is like watching Colin Powell coming into a non-disclosed location with his silver briefcase and in the end the lack of WMD’s, are we going in that direction again? when I see ‘unfettered access to American data‘, it is at that moment I see the optional comparison (an extreme lose comparison mind you) with the innocent preachers daughter who did the naughty thing to 30% of the boys coming to Sunday sermon, having attempted things I cannot even rent on adult video. It is the CNN article (at https://edition.cnn.com/2019/05/20/politics/dhs-chinese-drone-warning/index.html) that gives additional rise to concerns. When you see: “Users are warned to “be cautious when purchasing” drones from China, and to take precautionary steps like turning off the device’s internet connection and removing secure digital cards. The alert also warns users to “understand how to properly operate and limit your device’s access to networks” to avoid “theft of information.”” It seems to me that there are dozens of ways to get this data, a drone seems like an expensive long way round-trip to get to that data, whilst more can be accessed in several other ways and it is the speculation through ‘device’s internet connection‘, so when we see one of these devices (at https://www.dji.com/au/phantom-4-pro-v2/info#specs), we are treated to: “The new Phantom 4 Pro V2.0 features an OcuSync HD transmission system, which supports automatic dual-frequency band switching and connects to DJI Goggles wirelessly“, where did the internet come in? Yes there is an app, to get a live view from the drone, so what ‘unfettered access to American data‘ could there be that Google Maps at present does not have in more detail?

It is the next part that is the actual ace. When we see: “DJI, which reported $2.7 billion in revenue in 2017, is best known for its popular Phantom drone. Introduced in 2013, the drone is the top-selling commercial drone on the market“, information the Independent did not give us, that is the actual stage as I personally see it. It was $2.7 billion in 2017, there is no doubt that when drone delivery truly takes off, at that point revenue that sits between $15 and $27 billion is not unrealistic, the dire need to avoid congestion on a global scale will drive it and that is before you realise the non-US benefits in London, Amsterdam, Paris, Berlin, Munich, Madrid, Barcelona, Rome, Athens, Moscow. At that point you will see stronger growth and I haven’t even looked at the opportunities in a place like Mumbai, Tokyo, Delhi, Bangkok, Rio, Buenos Aires and Sydney yet. Everything leaves me with the impression that this is not about security, it is about money. That fact can be proven when you realise that everyone remains silent on the 29 new vulnerabilities that Cisco reported merely a month ago. How many Cisco router stories have come from that non-technologically refined White House, where they are currently optionally limited by “Cisco routers, including ones that can be found in malls, large companies or government institutions, are flawed in a way that allows hackers to steal all of the data flowing through them“, the cybersecurity company Red Baron handed out that issue to the media last week, so who picked up on that danger to ‘unfettered access to American data‘? And when you consider ‘it allows potential malicious actors to bypass the router’s security feature, Trust Anchor. This feature has been standard in Cisco’s routers since 2013‘, when we realise that Cisco is a household name on a global scale (especially when connected to the internet), the entire Cisco matter seems to be at least 15,000 times worse than any DJI drone ever could be, and the fact that DHS remains silent on that gives (again, as I personally see it) is added proof that this is merely about the money and the fact that US companies are losing markets on a global scale.

I could set the stage by singing ‘All ‘Bout the money‘ by Meja and ‘That’s the way the money goes‘ by M, but then, I realise that people would most likely pay me serious money not to sing (my voice is actually that bad).

That’s the way the money flows, specifically at present in a direction that the US is for the foreseeable future most displeased about.

 

1 Comment

Filed under Finance, IT, Media, Military, Science

Fraud, deception or Ignorance in IT Safety?

Fraud, deception or Ignorance in IT Safety?
Again it was the Dutch NOS last night that gave me the idea of reflection on today’s blog. Their newscast and articles on NOS.nl is all about cybercrime. The news was that last year (October 2012), cyber criminals using the botnet Citadel was able to acquire over 750 GB of data. The data is coming from computers involving the Energy industry, Media corporations, Hospitals, Universities and airlines. The data seems to have gone to eastern European cyber criminals. Over 150.000 computers infected in the Netherlands alone.
Watching it, you could see login details, passwords, network layouts, detailed notes from a doctor and the medication prescribed. The amount of information was staggering! I looked a little further into this botnet. Its name is Citadel. It seems to be an ingenious piece of work. This is something the NSA, GCHQ or the FSB and several other Boy Scout units of a governmental type. When looking at the info, there was an implied strength that it could go passed and ignores many anti-virus systems. When looking at my own provider, there was an interesting lack of information regarding this botnet.
So we are looking at a three edged sword.
Are anti-viral protectors committing fraud? When looking at a Norton protection plan, and I see the green ‘Secure’ sign. Am I really secured? Tracy Kitten from Bankinfo security wrote: “Segura notes that hackers claim PCs relying on anti-virus solutions from Microsoft Security Essentials, McAfee, and Norton were infected. ‘That’s kind of worrisome,’ he says. ” So, am I paying for security I am not receiving?
It seems that this secure statement is also a case of deception. My Norton anti-virus states a secure setting, yet, citadel was initially designed to collect bank information for cyber criminals. From the two facts earlier, I must also conclude that the banks have been insincere to me on more than one occasion (big surprise I know). They claim safety and security, whilst 150.000 computers in the Netherlands seem to prove the opposite. Especially considering that banks have been trimming down on staff because much more goes on-line, yet there is no clear information that the cyber divisions of the financial industry is making any kind of strong progress. The BBC stated on Oct 10, 2012, that GBP 341 million was acquired through card fraud in 2011. The events involving Citadel imply that the losses in 2011 are not likely to go down any day soon.
Last is about Ignorance. That would be you the reader and me. These anti-viral dealers leave us with a false sense of security while we are charged $70-$100 a year, whilst it lowers intrusions, but not remove the threat. I must confess that we are all likely a lot safer with then without anti-viral protection. So stopping anti-virus protection is the worst of ideas.
I feel slightly safer as I have always refused any kind of on-line banking option. From the 90’s I knew that their X-25 protocols had several weak spots, which is now getting me to the last part of this.
If Windows is so weak, volatile and easily transgressed upon, then the dozens of security updates seem little more than a smoke screen. I reckon a lot of us should seriously consider moving to another system like Linux. Linux has proven to be a very secure system. We used to consider Apple to be very secure as it was a Unix based system, which has all matters of security or a much higher level than Windows ever had. However, that it is now an INTEL based system with Microsoft attachments makes me wonder if it remained that secure.
What is my issue with this all is that Yesterday’s news on Citadel was known with the Dutch cyber security for months, and little was done, the newscast even mentioned that many had not been alerted to this danger. I reckon that IF there is truth on transgression on ‘secured’ systems, we need to consider the dangers of connected networks. This likely endangered the infrastructure, and it definitely endangered personal information of millions. With that state of mind, how should we see the security of corporate and personal systems in the UK, US and Australia?
Consider that the implied ignoring of Cyber security is mentioned (but unproven as far as the validity of sources go). Yet, when I seek places like Norton, I get no answer (connection was reset). If we can believe people like Tracy Kitten then the financial sector that relies on massive internet presence, we are in serious trouble. On the other side is the opinion showing on the NOS site by Professor Michel van Eeten from the TU Delft. It is not really created to a directed attack. He compared it to a buck shot into the internet. It was designed to acquire login, passwords and bank details.
My issue is the fact that 150.000 systems were infected! The one flaw in the NOS newscast is the absence of the cyber safety factor. Whether Common Cyber Security was used by those infected. If so, then why are these questions not openly directed at the makers of Norton Anti-Virus, McAfee, Kaspersky and a league of other Cyber Safety providers?

2 Comments

Filed under IT