I am trying to remember something. Yesterday I came up with short story number three, I dreamt the story and the big lines were done, but now I forgot the dream, only fragments remain. A stage where it is about one thing leading to another, I see the ending but I can no longer see the beginning. It is a shared setting that eludes me, and every time I my mind moves back to the story, it is overwhelmed with other facts. It takes me back to yesterday as I was writing the Kaseya story. The BBC is giving us “Researchers from the Dutch Institute for Vulnerability Disclosure found the problem and were helping Kaseya plug the hole long before the hackers found it”, yet if we are to believe ‘long before the hackers found it’ I wonder why Kaseya was continuing on the path they were. More important, if that was really true, why was Kaseya not monitoring the situation 24:7? In my case the story is not completed, I am creating it (almost) on the go. Kaseya is seemingly in a stage where they are in denial. First a few, then up to a 1,000 and now, after other sources give us a stage that sets the premise to up to 100,000, some sources give us ‘Between 800 and 1,500 companies potentially affected by Kaseya ransomware attack’, I get it, it is optional a seesaw that is balancing between optionally managing bad news and the speculative media on the other end of the seesaw. Neither side is overly reliable in my personal view. Yet the BBC gives us “the way the cyber-security world has pulled together to reduce the impact of the attack has been incredible”, you see, I have been involved in IT work since 1982, I have never seen competitors pull together, so the story of ‘the cyber-security world has pulled together’ remains debatable. They are all scared, they wanted solutions faster, automated and cheaper, it is like the house where you can choose 2 out of three, now the choice is nil, because the underlying factors are haywire. In this setting, and yes, this is all speculative. We have a solution that is faster/slower, automated/manual and cheap/expensive. They wanted it fast, but that requires matching hardware and software. This is where ‘plugging the hole’ is a problem, as such there was never a cheap solution. Then there was the automated setting, that is the one that they could pull off, but in a stage where there is too little security, and if ‘long before the hackers found it’ is to be believed, I speculate that the need was manual when the wrong parties opted for automated. And in the third we have cheap and expensive. They needed a solution that was cheap, but they needed a lot more expensive elements. This is ALL speculation, but the setting where we see system after system fail, in my personal opinion is all a setting towards shortcuts and that led to the weakness we now see exploited. I personally believe that players like Kaseya are too plenty and when we see ‘the cyber-security world has pulled together’, we see a stage where they all have a seemingly fat meal, they all get to set a field of limitations for all others and that will have long term repercussions. Microsoft, Solarwinds, Kaseya are examples that how us that the hackers are gaining more and more advantage and that is the larger stage. In this setup hell will get one happy resident and it is not the ruler of hell, I will let you consider who I am talking about and it is not a player that is mentioned in this article, neither is REvil, they seemingly found a gap that they exploited hoping to bank $70,000,000 but the stage is out there and the snippet “were helping Kaseya plug the hole long before the hackers found it” is merely a factor, so how long did the plugging take and why was it not successful? The words ‘long before’ should be an indication. So why are we (clearly) seeing several facts and the hack was still successful? The article is (at https://www.bbc.com/news/technology-57719820) merely one factor, the amount of MSP’s are another and the lack of alarms is a third part. A dangerous setting of cheap, seemingly fast and proclaimed automated systems in a stage where no one was the wiser. Consider a fast automated system without proper alarms and without logs, and that is merely one player using (or claiming to have) cloud solutions. A stage that is no solution (ask COOP in Sweden if you doubt me) and one that hands over cash to organised crime. How much risk are you willing to take with your business?
Tag Archives: Cyber
In this age when we have 8,000,000,000 people walking around, should we show mercy on stupid people? I am not talking about people with some mental disorder, I am not talking about people with a speech impediment or people with a physical disorder. No, I am talking about people with a greed disorder, a mental stage of everything is for free. Should we allow them to be alive? It is a serious question. You see, the BBC gives us ‘How hackers are using gamers to become crypto-rich’ (at https://www.bbc.com/news/technology-57601631) and the BBC adds to the stupidity to put a picture of a nice girl there, although these transgressions are most likely done by well over 90% males. The list “Versions of Grand Theft Auto V, NBA 2K19, and Pro Evolution Soccer 2018 are being given away free in forums” implies that. You see NOTHING is for free, and nowadays, the sun might be (for now) the only thing that comes for free, but air is close to no longer free. In the last decades we wasted air quality to such a degree that more and more need oxygen and that stuff is not free and not cheap. So when I see “hidden inside the code of these games is a piece of crypto-mining malware called Crackonosh, which secretly generates digital money once the game has been downloaded. Criminals have made more than $2m (£1.4m) with the scam, researchers say.” I reckon that this goes far beyond the UK borders and as such the revenue will be a lot higher, in addition, the stupid person thinking that they are getting a free game are using electricity like there is no tomorrow. So any gamer having anything from a 750W Corsair to a 1200W Asus Thor will be donating $0.50 – $0.75 a day per PC to that criminal group. And that is the best news theory, if they leave the computer on and unattended the price could go up by 200%-400% a day, which means that this free game is costing you a lot more, optionally buying that game in the story will cost you $48 at Amazon, implying that you will pay for the game more than once after 15 days, if you are lucky after 20 days. So how free was that game? You might not pay for the electricity yourself but it will reflect in the bill and mom and dad will hold your PC up for ransom if you do not pay the electricity bill.
So far two places out of a lot more gives us:
United States: 11,856 victims
United Kingdom: 8,946 victims
As such the $2m is delusionally optimistic, the damage is more than likely a lot higher, especially when we see
When Crackonosh is installed, it takes actions to protect itself including:
disabling Windows Updates
uninstalling all security software
And that was merely the better news, when you consider elements like
computer slowing down
wearing out components through overuse
You end up with the short end of the stick, and you better believe that it is a lot shorter than you hope it is. So should I feel mercy when a stupid act degrades a persons PC, sets the cost of living a lot higher per week, but that does not matter, does it? You got a free game out of it!
There is one side that bothers me, it is the quote “Tracking the hackers’ digital wallets has revealed the scam has yielded over $2m in the cryptocurrency Monero, Avast says”, it is the part ‘hackers’ digital wallets’, wallets is plural, as such there is every chance not everything has been found and there is even a much larger chance that they will find one group and have several groups walk away, because they were never spotted, and they were optionally a little more clever than the other players. The damage I a lot worse, yet when it comes to stupid people, I do not mind, more game time, more original game time for me. And this is merely the first setting, you see, I took notice because it flushes the one element out into the open. I touched on this with “I believe that it is a first step in the overly effective phishing attacks we face, Facebook might not be part to that, but I reckon the phishing industry got access to data that is not normally collected and I personally believe that Facebook is part of that problem, I also believe that this will turn from bad to worse with all the ‘via browser gaming apps’ we are currently being offered. I believe that these dedicated non console gaming ‘solutions’ will make things worse, it might be about money for players like Epic (Fortnite), but the data collected in this will cater to a much larger and optionally fairly darker player in this, I just haven’t found any direct evidence proving this, in my defence, I had no way of seeing the weakness that SolarWinds introduced. It does not surprise me, because there is always someone smarter and any firm that has a revenue and a cost issue will find a cheaper way, opening the door for all the nefarious characters surfing the life of IoT, there was never any doubt in this.” I wrote it in ‘Not for minors’ in December 2020 (at https://lawlordtobe.com/2020/12/18/not-for-minors/) and anyone (read: Epic) with claims that they will stop this, would be lying to you. Criminals are massively intelligent and their opponents (police and FBI) are not equipped to deal with this, that is beside the manpower shortage they would face. So when you get to slide between stupid kids and greed driven short sighted IT solutions, the people are about to lose a bundle, for the tech criminals it will be Christmas for them 340 days a year (with 25 very well paid holidays).
And that was just the beginning, how long until these easy virtue characters offer games with even more powerful ways to mine? A version of some merge 3 game but now utilising 95% of your processor 100% of the time? It will not interfere with receiving calls, it will not interfere with laptop, tablet and other device, but you become the pawn in a need to mine and it will cost you a lot more than you think. How long until someone combines screensavers and locked screens with the old SETI program and let devices mine the truckloads out of massive data files and we all contribute for every downtime minute every day? That was the danger that greed driven Epic contributed to (as I personally see it), that is the danger that we all face, and it gets worse. You see Yahoo told us ‘Epic is deliberately keeping ‘Fortnite’ off Microsoft’s Xbox Cloud Game service’, isn’t that interesting? The cloud is their competitor, so they want to open up all the markets for THEM, but they are not that eager to hand their game to a streamer where they cannot collect as much. As I personally see it, it is about their margins, it always was and as such I personally consider their case to be a bogus one, but they opened a door, a door criminals will be eager to use, so how long until they offer Fortnite cheats, Fortnite chests with weekly prices, hardware and skins? It will be the gateway to more systems and the law is not ready and the makers of games will find out too late that the floodgates had been opened. That is how these events usually go, but in the end it will not cost them anything, because they will cover all third party solutions and it will be up to the gamer (and their parents) to pay that price.
We all see them, we all face them and even as there is no overwhelming story out there, I think it was time to set up a look at the small bits, the parts I have already given view to and now I am adding to them.
The first part is ‘Huawei row: Trump chief of staff to meet Dominic Cummings‘, here we see another media driven attempt to ban Huawei from the UK, the UK is now as much a bitch as the Australian government. So far the US has not given any evidence that the Huawei hardware can be used to spy on people by the Chinese government, so far the US is not even sending that person with a really bad haircut, so that he could compare barbers with Boris Johnson, no he is sending his acting White House chief of staff, Mick Mulvaney. Even after Richard Grenell gives us “to make clear that any nation who chooses to use an untrustworthy 5G vendor will jeopardize our ability to share intelligence and information at the highest level“, in my response ‘what intelligence?’ at present the CIA is regarded as one of the least trustworthy intelligence providers, we could argue that Facebook has better intelligence than the CIA does (hurts doesn’t it?)
Now, if the US had provided intelligence on Huawei several Cyber experts would nitpick that intel, yet the setting is out there, there is no evidence whatsoever, the US is fearing for its life and its economy. The backdraft is also there, any nation will get an advantage over whatever paperback spinal cord is supporting the US without evidence. All because the US cannot control its national corporations, we all must pay.
We can treat “A group of backbench Conservatives also wants Johnson to commit to remove all Huawei kit from British phone networks over time” with optional disgust as well, even as there is no stage set on ‘over time‘, as I personally see it these acts are profit driven, not national security driven, even as some will make a claim in that direction.
You know the man, the intelligent man with the really long forehead (read: bald), was hacked, it happened in 2018 and the media keeps on blaming the Crown Prince of Saudi Arabia, yet there is no evidence. In light of all that had happened, the idea that any Crown Prince is THAT hands on with an issue is overlooked on several levels. The FTI report reads like a joke and personally, if Mr. Bezos pays THAT much for what I personally see as trash, than I have optionally 4 IP stages, one unfinished book and over a 1000 articles for same for the mere price of $50,000,000 post taxation (50% for the IP and the rest is a gimmick), you see at least I am willing to say that upfront. In addition, his own paper gives us on January 28th “Indeed, in October 2018, Michael Sanchez and AMI entered into a nondisclosure agreement “concerning certain information, photographs and text messages documenting an affair between Jeff Bezos and Lauren Sanchez,” according to three people who have reviewed the agreement. The existence of the contract was first reported by the New York Times. One of those people also confirmed a Wall Street Journal report that federal prosecutors who are investigating whether the Enquirer tried to extort Bezos have reviewed the text messages that Lauren Sanchez allegedly gave to her brother and that he then provided to the tabloid.” as I personally see it several parties owe Crown Prince Mohammad bin Salman bin Abdulaziz Al Saud a few apologies and all kinds of Saudi catering hoping that it will appease his royal highness. On a personal note, I reckon he will be jealous of my yacht by the CRN ship wharves, so as we see the wealth of Jeff Bezos, he might just want to say ‘Sorry!’ to his royal highness and spend 0.5% of his wealth to appease that rather rich party with a yacht (so that mine will remain optionally safe, when it is completed). And no matter how it all get spinned, the UN report needs to be nitpicked and rather quickly, too many questions remain and even as we see that a person with knowledge of the investigation who was not authorized to speak publicly about its progress, or as the Washington Post is skating around the trandsetting term ‘anonymous source‘, which would place them on the same scale as the Enquirer, they give us “It’s possible that the Saudis hacked Bezos’s phone and Michael Sanchez independently got the photos from his sister and some people were trying to get paid and some people were trying to get Bezos,” all whilst there is no actual evidence that the hacker was Saudi, I did away with that quite nicely in ‘6 Simple questions‘ (at https://lawlordtobe.com/2020/02/03/6-simple-questions/), whilst the 6th question ‘Why on earth is the UN involved in an alleged Criminal investigation where so much information is missing?‘ was never answered by any media EVER! (OK, as far as I know).
Yet there is a reason why we bring this all, it is seen (at https://www.inc.com/jason-aten/facebook-says-apple-is-to-blame-for-hacking-of-jeff-bezos-phone.html) where we get introduced to ‘Facebook Says Apple Is to Blame for the Hacking of Jeff Bezos’s Phone‘, with the optional part “Nick Clegg, said that the hacking of Jeff Bezos’s phone wasn’t the fault of WhatsApp, pointing instead to the Apple iOS that powers the iPhone X Bezos was using. Or, at least, that’s presumably what he was trying to say, though his answer when asked by the BBC was largely incomprehensible“, as well as “he argued, “It sounds like something on the, you know, what they call the operate, operated on the phone itself.” To be clear, he didn’t specifically mention Apple by name, however it had been previously known that Bezos was using an iPhone X at the time he was hacked“, I find it debatable, but it takes the court away from the Saudi Crown Prince and a few others, if that hack is not one that NSO Group’s Pegasus or Hacking Team’s Galileo uses, then we have a much larger issue, one that is not identified and even as it takes the Saudi players off the board, it does not take the issue away. The NSO group has loudly denied the entire issue and this gives them the option to do that, so far the FTI report is too shabby, it does not seem to warrant or deny the optional allegations. So as we see: “someone actually took advantage of a vulnerability that WhatsApp itself has already acknowledged was an issue and issued a fix. It’s even more confusing that he attempted to pass the blame to Apple“, I personally feel in agreement with the writer, the entire WhatsApp feels like to comfortable solution, yet that vulnerability was out in the open and there is still no evidence that it was done by Saudi hands, even now, the list of perpetrators is growing, pushing the optionally (and alleged) Saudi players to the bottom of that list. I would advise Brainy Smurf Jeff Bezos that he pays up as fast as possible (and sizeable) before it becomes a behemoth of an issue that a mere sorry and a box of chocolates will not solve.
You might have heard of that place, apparently there are a few humanitarian issues playing and even as we now see ‘UN Condemns ‘Shocking’ and ‘Terrible’ US-Backed Saudi Coalition Bombing That Killed 31 Yemeni Civilians‘, we are given “Those who continue to sell arms to the warring parties must realize that by supplying weapons for this war, they contribute to making atrocities like today’s all too common“, yet the EU and the US are happy that this all continues. My evidence? Well consider that we see today ‘The EU has agreed to deploy warships to stop the flow of weapons into Libya‘, all whilst a similar action in Yemen would have diminished the dangers over two years ago, so how many ships had the EU to set up a blockade to stop weapons going into Yemen? As far as I can tell, there is an unwritten consensus to give as much freedom to Iran as possible. I gave that part in ‘Media, call it as it is!‘ (at https://lawlordtobe.com/2018/11/03/media-call-it-as-it-is/) almost 18 months ago, so why exactly is Yemen not an issue and Libya is? It is oil and everyone is dancing around the stage hoping for a barrel full of the substance. Yet the Yemeni don’t matter, if you doubt that you merely have to read the articles, all about complaints and condemning, not about action packed events, are they? And in all this Xavier Joubert, director of aid group Save the Children Yemen is equally to blame, does he give the stage in a proper setting? Does he give any information on the actions that Houthi forces have been eager to take forward (including those on children)? Nope! So when we see “after Houthi rebels claimed to have shot down a Saudi Tornado jet Friday in Al-Jawf province“, as well as ““possibility of collateral damage”—a common euphemism for civilian deaths“, yet how many enemy troops were there? that part is not given as it takes the power away from their own story, yet the story they give us is out of whack. So whilst people like Lise Grande come up with “it’s a tragedy and it’s unjustified“, all whilst for well over two years a blockade could have optionally limited the damage that could have occurred, yet no one is willing to skate that track, are they?
All whilst we see (at https://www.timesofisrael.com/pompeo-calls-for-action-against-iran-after-us-navy-seizes-weapons-sent-to-yemen/) ‘Pompeo calls for action against Iran after US Navy seizes weapons sent to Yemen‘, a stage that was set this week, we see the laughingly entertaining ‘World’s silence has emboldened Saudi-led war crimes in Yemen: Iran‘, all whilst we see Iranian Foreign Ministry spokesman Abbas Mousavi giving a speech on what he calls War Crimes, at the same stage where they send hundreds of missiles into Yemen, there is only so much hypocrisy I can stomach and Iran is handing us way too much. So whilst the Islamic Republic of Iran continues to defy the UN Security Council, we need to start being honest about the Yemen situation, the EU does not care about Yemen, it has nothing to offer, yet the US has on this occasion stopped one of several Iranian supply ships. I wonder how many were missed, the ongoing war clearly gives rise to the fact that this war will not be over soon and as such more civilians will die, it is the clear consequence of a war.
These are three of the small bits that I am adding today, there have been a whole range of issues I touched on in the last few days, yet these small bits are important parts to other information I gave out.
Have a great day, see you all tomorrow
I ignored the news initially, as I saw it, it was nothing more than some bash piece on Saudi Arabia. Yet something hot me, it was just a thought and it was: ‘What if I illuminate parts and let common sense people decide‘ (which takes out many journalists and mostly all politicians). As for me? The issue is that the media is all about bashing any royal part of Saudi Arabia, all whilst ignoring evidence (and debatable evidence to a much greater degree, their pursuit of circulation and agreeing to the beat of shareholders and stakeholders has gone to the heads of too many editors and I get a real rush to illuminate this part.
I have never ignored evidence, yet just like with Huawei, it is seemingly all about the big bully shouting, whilst the deciding world for the most ignores evidence and I think that it is a weird situation. Not merely in this blog, but on a few matters, we will get to hold them to account in a few years, at that point these people will make hastily formulated excuses whilst running to their mummies to get breastfeeding (I reckon).
So, lets begin. In the first we have ‘How the UN unearthed a possible Saudi Arabian link to Jeff Bezos hack‘ (the Guardian at https://www.theguardian.com/technology/2020/jan/22/how-the-un-unearthed-a-possible-saudi-arabian-link-to-jeff-bezos-hack) as well as ‘Did Saudi Arabia’s crown prince hack the Amazon king?’ (the Economist at https://www.economist.com/middle-east-and-africa/2020/01/25/did-saudi-arabias-crown-prince-hack-the-amazon-king), a nice side effect is that the Economist, is viewed and acted on on the 24th of January, whilst the article states that it is the Jan 25th 2020 edition, but enough about that. Let’s start with the Guardian who tells us “The UN’s demand for law enforcement authorities to conduct a proper investigation into the alleged hacking of Jeff Bezos’s mobile phone came after it reviewed the findings of a cybersecurity firm, FTI“, we might not see anything here, yet the UN, who is underfunded and strained has time for this? Is this another US Essay like the one by some French girl on the killing of Jamal Khashoggi? And what about ‘after it reviewed the findings of a cybersecurity firm, FTI‘? This implies that the United Nations called for the inspection, notified a cyber security firm (FTI) and investigated the phone of some so called billionaire (postage and shipping required). So why exactly is this not with the police or an official investigative body like the FBI Cyber division?
Following this we get the real beef with “concluded with “medium to high confidence” that it had been compromised because of actions attributable to a WhatsApp account used by the Saudi crown prince, Mohammed bin Salman“, first of all, if I want to investigate the corruption at an army base, I will not go in as the lawlordtobe, I would enter the situation as some poor schmuck who is from the city of Noonecares. It is almost like an assasination and the official in question uses his own service revolver instead of someone else’s. And what goes with ‘medium to high confidence‘, what evidence was uncovered? Then we get the part where is all falls to shambles. With “The UN was careful not to be definitive. Instead of pointing the finger, its statement said the apparent hack had been achieved using software “such as NSO Group’s Pegasus or, less likely, Hacking Team’s Galileo, that can hook into legitimate applications to bypass detection and obfuscate activity”“, just like the Khashoggi essay fiasco, the UN is all about being not definitive, as such we want to know how accusations can be made when you are not definitive. As such I would like to point the UN troll to a kids game called Clue, there in that games (for ages 8+) we are introduced to the concept of evidence, where you need to collect facts and state “I am accusing Colonel Mustard who killed Dr. Black (aka Mr. Boddy) in the Kitchen using the lead pipe” and then we look at the evidence and see if the claimant had his or her facts straight. None of that CIA BS where we see ‘medium to high confidence‘, I would offer that if the confidence is already medium, what was not looked at and what was discarded. The statement comes directly before “The NSO Group, an Israeli cyber-surveillance firm, strongly denied that its surveillance tools were responsible“, as such we are left with ‘less likely, Hacking Team’s Galileo‘. so there is a mountain of doubt on an article that throws the Crown Prince of Saudi Arabia in a bad light and there is seemingly an increasing lack of evidence. As we go on, we see the NSO giving the statement that offers direct opposition to some firm called FTI with “These types of abuses of surveillance systems blacken the eye of the cyber-intelligence community and put a strain on the ability to use legitimate tools to fight serious crime and terror. We expect that all actors in this arena put in place stringent procedures and technological controls, such as those that we have put in place, to assure that their systems are not used in an abusive manner“, as such there are larger questions not merely on the UN for setting the stage of something that is not on their plate, they apparently went to another small operation (who knows) and let them set up the stage of doubtful and debatable documentation, doubtful as we get one of the implied companies go directly into denial and setting a document based on evidence that is regarded as ‘medium to high confidence‘.
And then something beautiful happens. We see “The FTI report cited by the UN special rapporteurs, Agnes Callamard and David Kaye, noted that both NSO and Hacking Team, an Italian company, offered tools that could theoretically have performed the attack” where we are (again) introduced to that UN essay writer, the one that had given us the joke called some Khashoggi report (Agnes Callamard), as well hiding behind ‘tools that could theoretically have performed the attack‘, the idea that this joke from a building based at 760 United Nations Plaza, Manhattan, New York City, New York 10017 and hide behind the word ‘theoretically‘, as such pardon my French (oh, that was funny!) but how the fuck does she still have a job?
For several reasons I will not use the Economist (as I am not a subscriber), but the quotes in their magazine “which was soon used to steal large amounts of data—though the un did not say exactly what, or how it was used” as well as “It called for an “immediate investigation”. The Saudi embassy in Washington, dc, said the accusations were “absurd”.“
As I see it, the UN is nothing more than an advertising paper tiger, adhering to the commands of some stakeholder (identity unknown), if this was a direct action by the UN, those people need to be investigated immediately, I feel decently certain I will get both China and Russia to sign off on this, as this has the distinct smell that comes from neither region, so they would score a win, in addition to that, the UN would have to submit data as to what exactly was taken and how it could be identified, which is also an issue that is unclear and optionally unclear to the UN people involved.
The Verge had a lot more, they had (at https://www.theverge.com/2020/1/23/21078828/report-saudi-arabia-hack-jeff-bezos-phone-fti-consulting) the actual report, and there we see on page one we see the person we need to hackle for information, it is Anthony J. Ferrante who needs to give us the names of who this so called ‘Confidential Report’ was given to, because it seems that it was leaked. And there we see the originator (vice.com) giving us “The report, obtained by Motherboard, indicates that investigators set up a secure lab to examine the phone and its artifacts and spent two days poring over the device but were unable to find any malware on it. Instead, they only found a suspicious video file sent to Bezos on May 1, 2018 that “appears to be an Arabic language promotional film about telecommunications.”“, however, this is not the end. They also give us “Investigators determined the video or downloader were suspicious only because Bezos’ phone subsequently began transmitting large amounts of data. “[W]ithin hours of the encrypted downloader being received, a massive and unauthorized exfiltration of data from Bezos’ phone began, continuing and escalating for months thereafter,” the report states“. In this I state OK, let’s take an actual look.
And they do give us more, quotes like “The digital forensic results, combined with a larger investigation, interviews, research, and expert intelligence information, led the investigators “to assess Bezos’ phone was compromised via tools procured by Saud al Qahtani,” the report states“, as well as “A mobile forensic expert told Motherboard that the investigation as depicted in the report is significantly incomplete and would only have provided the investigators with about 50 percent of what they needed, especially if this is a nation-state attack“, ““They would need to use a tool like Graykey or Cellebrite Premium or do a jailbreak to get a look at the full file system. That’s where that state-sponsored malware is going to be found. Good state-sponsored malware should never show up in a backup,” said Sarah Edwards, an author and teacher of mobile forensics for the SANS Institute“, and “The investigators do note on the last page of their report that they need to jailbreak Bezos’s phone to examine the root file system. Edwards said this would indeed get them everything they would need to search for persistent spyware like the kind created and sold by the NSO Group. But the report doesn’t indicate if that did get done.“, which is as I personally see it the shallow political BS that some people go for. As such we see in the report “The following investigative steps are currently pending“, and more profound, on page 4 we see: “On May 1st, 2018, Bezos received a text from the WhatsApp account used by MBS“, my issue here is that this might have been the infected one, yet if I did that, I would use an originator that was real. And there we have it, the Dailymail gave us ‘New bug allows hackers to send fake messages pretending to be you – and there’s nothing you can do to stop them‘ (at https://www.dailymail.co.uk/sciencetech/article-6039533/WhatsApp-users-beware-Hackers-send-fake-messages-pretending-you.html) with the additional text: “First discovered by Israeli cybersecurity group CheckPoint Research, the flaw is incredibly complex and involves a gap within the app’s encryption algorithms. Writing on their website, the team said the vulnerability could make it possible for a hacker ‘to intercept and manipulate messages sent by those in a group or private conversation’ as well as ‘create and spread misinformation’. Hackers could use the bug to alter the text sent in someone else’s reply to a group chat, essentially ‘putting words in their mouth’, the group said.“
It took me 5 minutes and Google search to find this. I am not stating that this is true and that the Daily Mail is the source to use (they often are not), yet this is a larger failing, I expected this from the very beginning, the origins of the setting was not properly investigated. Then Vice.com gave us “the report is significantly incomplete and would only have provided the investigators with about 50 percent of what they needed“, which is what I expected before I read one word of the accusation, and with US Essay writer Callamard involved (yes again it is her) we see what this is, another mindless attack on a nation and one person. They did not even bother getting him properly smeared, and no one is asking questions, I reckon that the involved stakeholders are likely to go for the, if we create enough barbeques, someone will shout fire: ‘I ran’ for office! Anyone?
what is the most irritating part is that the UN is again used as the cheap tool that they are. In this there is also the involvement of the FTI and more interesting that a Cyber Security firm did not look past the simplest trappings, as as we consider the optional involvement of Anthony J. Ferrante we need to consider sending quota to all 49 of the Global 100 companies that are FTI clients. Even if it was merely to make a few people sweat. When a non Cyber adapt like me can see through this part they have a clear problem and whether Anony Mouse Bezos was part of this or not will not matter. There is one other part in the report that should be considered. On page 2 we see “More significantly. al Qahtani is known to have played a key and senior role in the killing of Washington Post columnist Jamal Khashoggi.” In the first, he was acquitted (in a Saudi trial) and there has been no other trials, as such the statement should be read as false, no clear evidence was ever presented. In the second, as this is part of the executive summary, it seems that this was a way to blatantly strike out against one individual and the evidence is not corroborating any of this, too many questions are left unanswered and the media is not asking them either, as such I wonder what is to be believed, especially in light of the Daily Mail ‘revelation’ last August, which implies long in advance of this report. The fact that this (optional) fact is ignored gives out a much larger issue, the work in incomplete, debatable and political, not factual, as such sending serious cyber letters to the 49 of the Global 100 companies that are FTI clients, as I personally see it, these players are all about facts and when their provider and be painted as open for considerations, we should entertain all kinds of questions.
I would also look at the footnotes and take a larger look at that descriptive part, I wonder what is left once I have had the chance to take a red pencil through this report. Now, I am not stating that Crown Prince of Saudi Arabia Mohammad Bin Salman Al Saud is innocent, I am merely considering that his evidence is so shallow, that I would never accuse him of anything, not before a lot more work was done (and a lot more footnotes were properly weighed), in this consider on page 3 footnote 8. When we go there, we see that the article is Lorenzo Franceschi-Bicchierai a member of Motherboard (so why is there no Motherboard article that is the source), we see “An investor from Saudi Arabia is apparently behind a company that bought a stake in the controversial spyware vendor” where ‘apparently‘ is the operative word. It is also where we see: “Hacking Team was thoroughly owned, with its once-secret list of customers, internal emails, and spyware source code leaked online for anyone to see“, were all these customers on a secret list investigated? There is also ‘spyware source code leaked online for anyone to see‘, a small fact that is apparently not investigated, additional players all optionally ready to give someone called Bezos the time of his on-line life. Then we get “this apparent recovery is in part thanks to the new investor, who appears to be from Saudi Arabia“, a line ruled by, you guessed it ‘apparent‘ and ‘who appears‘, so much filtering and doubt, and in this FTI used that as a footnote source? A program co-owned for 80% by none other then David Vincenzetti. That does NOT make HIM a guilty party and neither is there any convincing evidence of any kind towards the Crown Prince of Saudi Arabia Mohammad Bin Salman Al Saud.
When I see all this I wonder if the UN (or FTI) has any clue how much we should regard them as tools. I cannot tell at present what kind of tools they are, but my personal view is that if this is the debatable level of evidence that some employ, we all are in so much more trouble then we ever thought.